* Re: [patch 23/38] alpha: Select ARCH_HAS_RANDOM_ENTROPY
From: Magnus Lindholm @ 2026-04-12 13:22 UTC (permalink / raw)
To: Thomas Gleixner
Cc: LKML, Richard Henderson, linux-alpha, Arnd Bergmann, x86,
Lu Baolu, iommu, Michael Grzeschik, netdev, linux-wireless,
Herbert Xu, linux-crypto, Vlastimil Babka, linux-mm,
David Woodhouse, Bernie Thompson, linux-fbdev, Theodore Tso,
linux-ext4, Andrew Morton, Uladzislau Rezki, Marco Elver,
Dmitry Vyukov, kasan-dev, Andrey Ryabinin, Thomas Sailer,
linux-hams, Jason A. Donenfeld, Russell King, linux-arm-kernel,
Catalin Marinas, Huacai Chen, loongarch, Geert Uytterhoeven,
linux-m68k, Dinh Nguyen, Jonas Bonn, linux-openrisc, Helge Deller,
linux-parisc, Michael Ellerman, linuxppc-dev, Paul Walmsley,
linux-riscv, Heiko Carstens, linux-s390, David S. Miller,
sparclinux
In-Reply-To: <20260410120319.131582521@kernel.org>
On Fri, Apr 10, 2026 at 2:36 PM Thomas Gleixner <tglx@kernel.org> wrote:
>
> The only remaining usage of get_cycles() is to provide
> random_get_entropy().
>
> Switch alpha over to the new scheme of selecting ARCH_HAS_RANDOM_ENTROPY
> and providing random_get_entropy() in asm/random.h.
>
> Remove asm/timex.h as it has no functionality anymore.
>
> Signed-off-by: Thomas Gleixner <tglx@kernel.org>
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Cc: linux-alpha@vger.kernel.org
> ---
> arch/alpha/Kconfig | 1 +
> arch/alpha/include/asm/random.h | 14 ++++++++++++++
> arch/alpha/include/asm/timex.h | 26 --------------------------
> 3 files changed, 15 insertions(+), 26 deletions(-)
Hi,
The Alpha side looks fine to me.
I've applied this patch on top of v7.0-rc7, built a kernel successfully,
boot-tested it on an Alpha UP2000+ (SMP) without issues.
Acked-by: Magnus Lindholm <linmag7@gmail.com>
Tested-by: Magnus Lindholm <linmag7@gmail.com>
^ permalink raw reply
* [PATCH wireless-next] wifi: radiotap: add definitions for the new UHR TLVs
From: Miri Korenblit @ 2026-04-12 12:26 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
Add the necessary definitions to create radiotap UHR TLVs
for UHR sniffers.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
include/net/ieee80211_radiotap.h | 190 +++++++++++++++++++++++++++++++
1 file changed, 190 insertions(+)
diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h
index c60867e7e43c..6c2210a253cd 100644
--- a/include/net/ieee80211_radiotap.h
+++ b/include/net/ieee80211_radiotap.h
@@ -95,6 +95,8 @@ enum ieee80211_radiotap_presence {
IEEE80211_RADIOTAP_EXT = 31,
IEEE80211_RADIOTAP_EHT_USIG = 33,
IEEE80211_RADIOTAP_EHT = 34,
+ IEEE80211_RADIOTAP_UHR_ELR = 37,
+ IEEE80211_RADIOTAP_UHR = 38,
};
/* for IEEE80211_RADIOTAP_FLAGS */
@@ -602,6 +604,194 @@ enum ieee80211_radiotap_eht_usig_tb {
IEEE80211_RADIOTAP_EHT_USIG2_TB_B20_B25_TAIL = 0xfc000000,
};
+/*
+ * ieee80211_radiotap_uhr_elr - content of UHR-ELR TLV (type 35)
+ * see https://www.radiotap.org/fields/UHR-ELR for details
+ */
+struct ieee80211_radiotap_uhr_elr {
+ __le32 known;
+ __le32 sig1, sig2, mark;
+} __packed;
+
+enum ieee80211_radiotap_uhr_elr_known {
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_VERSION_ID = 0x00000001,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_UL_DL = 0x00000002,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_MCS = 0x00000004,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_CODING = 0x00000008,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_LENGTH = 0x00000010,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_LDPC_EXTRA_OFDM_SYM = 0x00000020,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_1_CRC = 0x00000040,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_1_TAIL = 0x00000080,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_STA_ID = 0x00000100,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_DISREGARD = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_2_CRC = 0x00000400,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_2_TAIL = 0x00000800,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_1_CRC_CHECKED = 0x00001000,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_SIG_2_CRC_CHECKED = 0x00002000,
+ IEEE80211_RADIOTAP_UHR_ELR_KNOWN_MARK_BSS_COLOR = 0x00010000,
+};
+
+enum ieee80211_radiotap_uhr_elr_sig1 {
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_VERSION_ID = 0x00000001,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_UL_DL = 0x00000002,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_MCS = 0x00000004,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_CODING = 0x00000008,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_LENGTH = 0x00001FF0,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_LDPC_EXTRA_OFDM_SYM = 0x00002000,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_CRC = 0x0003C000,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_TAIL = 0x00FC0000,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG1_CRC_VALID = 0x80000000,
+};
+
+enum ieee80211_radiotap_uhr_elr_sig2 {
+ IEEE80211_RADIOTAP_UHR_ELR_SIG2_STA_ID = 0x000007FF,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG2_DISREGARD = 0x00003800,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG2_CRC = 0x0003C000,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG2_TAIL = 0x00FC0000,
+ IEEE80211_RADIOTAP_UHR_ELR_SIG2_CRC_VALID = 0x80000000,
+};
+
+enum ieee80211_radiotap_uhr_elr_mark {
+ IEEE80211_RADIOTAP_UHR_ELR_MARK_BSS_COLOR = 0x0000003F,
+};
+
+/*
+ * ieee80211_radiotap_uhr - content of UHR TLV (type 36)
+ * see https://www.radiotap.org/fields/UHR for details
+ */
+struct ieee80211_radiotap_uhr {
+ __le32 known;
+ __le32 data[9];
+ struct {
+ __le32 known, info;
+ } user[];
+} __packed;
+
+enum ieee80211_radiotap_uhr_known {
+ IEEE80211_RADIOTAP_UHR_KNOWN_SPATIAL_REUSE = 0x00000001,
+ IEEE80211_RADIOTAP_UHR_KNOWN_GI_LTF_SIZE = 0x00000002,
+ IEEE80211_RADIOTAP_UHR_KNOWN_NUMBER_OF_UHR_LTF_SYMBOLS = 0x00000004,
+ IEEE80211_RADIOTAP_UHR_KNOWN_LDPC_EXTRA_SYMBOL_SEGMENT = 0x00000008,
+ IEEE80211_RADIOTAP_UHR_KNOWN_PRE_FEC_PADDING_FACTOR = 0x00000010,
+ IEEE80211_RADIOTAP_UHR_KNOWN_PE_DISAMBIGUITY = 0x00000020,
+ IEEE80211_RADIOTAP_UHR_KNOWN_DISREGARD_OFDMA = 0x00000040,
+ IEEE80211_RADIOTAP_UHR_KNOWN_CRC1 = 0x00000080,
+ IEEE80211_RADIOTAP_UHR_KNOWN_TAIL1 = 0x00000100,
+ IEEE80211_RADIOTAP_UHR_KNOWN_CRC2 = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_KNOWN_TAIL2 = 0x00000400,
+ IEEE80211_RADIOTAP_UHR_KNOWN_INTERFERENCE_MITIGATION = 0x00000800,
+ IEEE80211_RADIOTAP_UHR_KNOWN_DISREGARD_NON_OFDMA = 0x00001000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_NUMBER_OF_NON_OFDMA_USERS = 0x00002000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_COMMON_ENCODING_BLOCK_CRC = 0x00004000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_COMMON_ENCODING_BLOCK_TAIL = 0x00008000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_RU_MRU_DRU_SIZE = 0x00010000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_RU_MRU_INDEX = 0x00020000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_DRU_RRU_ALLOC_TB_FMT = 0x00040000,
+ IEEE80211_RADIOTAP_UHR_KNOWN_PRI80_CHAN_POS = 0x00080000,
+};
+
+enum ieee80211_radiotap_uhr_data {
+ /* data[0] */
+ IEEE80211_RADIOTAP_UHR_DATA0_SPATIAL_REUSE = 0x0000000F,
+ IEEE80211_RADIOTAP_UHR_DATA0_GI_LTF_SIZE = 0x00000030,
+ IEEE80211_RADIOTAP_UHR_DATA0_NUMBER_OF_LTF_SYMBOLS = 0x00000700,
+ IEEE80211_RADIOTAP_UHR_DATA0_LDPC_EXTRA_SYMBOL_SEGMENT = 0x00000800,
+ IEEE80211_RADIOTAP_UHR_DATA0_PRE_FEC_PADDING_FACTOR = 0x00003000,
+ IEEE80211_RADIOTAP_UHR_DATA0_PE_DISAMBIGUITY = 0x00004000,
+ IEEE80211_RADIOTAP_UHR_DATA0_DISREGARD_OFDMA = 0x00078000,
+ IEEE80211_RADIOTAP_UHR_DATA0_CRC1 = 0x00780000,
+ IEEE80211_RADIOTAP_UHR_DATA0_TAIL1 = 0x1f800000,
+ /* data[1] */
+ IEEE80211_RADIOTAP_UHR_DATA1_RU_MRU_DRU_SIZE = 0x0000001f,
+ IEEE80211_RADIOTAP_UHR_DATA1_RU_MRU_INDEX = 0x00001fe0,
+ IEEE80211_RADIOTAP_UHR_DATA1_RU_ALLOC_CC_1_1_1 = 0x003fe000,
+ IEEE80211_RADIOTAP_UHR_DATA1_RU_ALLOC_CC_1_1_1_KNOWN = 0x00400000,
+ IEEE80211_RADIOTAP_UHR_DATA1_PRI80_CHAN_POS = 0xc0000000,
+ /* data[2] */
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_2_1_1 = 0x000001ff,
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_2_1_1_KNOWN = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_1_1_2 = 0x0007fc00,
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_1_1_2_KNOWN = 0x00080000,
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_2_1_2 = 0x1ff00000,
+ IEEE80211_RADIOTAP_UHR_DATA2_RU_ALLOC_CC_2_1_2_KNOWN = 0x20000000,
+ /* data[3] */
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_1_2_1 = 0x000001ff,
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_1_2_1_KNOWN = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_2_2_1 = 0x0007fc00,
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_2_2_1_KNOWN = 0x00080000,
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_1_2_2 = 0x1ff00000,
+ IEEE80211_RADIOTAP_UHR_DATA3_RU_ALLOC_CC_1_2_2_KNOWN = 0x20000000,
+ /* data[4] */
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_2_2_2 = 0x000001ff,
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_2_2_2_KNOWN = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_1_2_3 = 0x0007fc00,
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_1_2_3_KNOWN = 0x00080000,
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_2_2_3 = 0x1ff00000,
+ IEEE80211_RADIOTAP_UHR_DATA4_RU_ALLOC_CC_2_2_3_KNOWN = 0x20000000,
+ /* data[5] */
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_1_2_4 = 0x000001ff,
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_1_2_4_KNOWN = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_2_2_4 = 0x0007fc00,
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_2_2_4_KNOWN = 0x00080000,
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_1_2_5 = 0x1ff00000,
+ IEEE80211_RADIOTAP_UHR_DATA5_RU_ALLOC_CC_1_2_5_KNOWN = 0x20000000,
+ /* data[6] */
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_2_2_5 = 0x000001ff,
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_2_2_5_KNOWN = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_1_2_6 = 0x0007fc00,
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_1_2_6_KNOWN = 0x00080000,
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_2_2_6 = 0x1ff00000,
+ IEEE80211_RADIOTAP_UHR_DATA6_RU_ALLOC_CC_2_2_6_KNOWN = 0x20000000,
+ /* data[7] */
+ IEEE80211_RADIOTAP_UHR_DATA7_CRC2 = 0x0000000f,
+ IEEE80211_RADIOTAP_UHR_DATA7_TAIL2 = 0x000003f0,
+ IEEE80211_RADIOTAP_UHR_DATA7_INTERFERENCE_MITIGATION = 0x00000400,
+ IEEE80211_RADIOTAP_UHR_DATA7_DISREGARD_NON_OFDMA = 0x00001800,
+ IEEE80211_RADIOTAP_UHR_DATA7_NUMBER_OF_NON_OFDMA_USERS = 0x0000e000,
+ IEEE80211_RADIOTAP_UHR_DATA7_COMMON_ENCODING_BLOCK_CRC = 0x000f0000,
+ IEEE80211_RADIOTAP_UHR_DATA7_COMMON_ENCODING_BLOCK_TAIL = 0x03f00000,
+ /* data[8] */
+ IEEE80211_RADIOTAP_UHR_DATA8_DRU_RRU_ALLOC_TB_FMT_PS_160= 0x00000001,
+ IEEE80211_RADIOTAP_UHR_DATA8_DRU_RRU_ALLOC_TB_FMT_B0 = 0x00000002,
+ IEEE80211_RADIOTAP_UHR_DATA8_DRU_RRU_ALLOC_TB_FMT_B7_B1 = 0x000001fc,
+ IEEE80211_RADIOTAP_UHR_DATA8_DRU_RRU_INDICATION = 0x00000200,
+};
+
+enum ieee80211_radiotap_uhr_user_known {
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_STA_ID = 0x00000001,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_MCS = 0x00000002,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_NSS = 0x00000004,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_UEQM = 0x00000008,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_BF = 0x00000010,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_CODING = 0x00000020,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_UEQM_PATTERN = 0x00000040,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_2X_LDPC = 0x00000080,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_SPATIAL_CONFIG = 0x00000100,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_DISREGARD = 0x00000200,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_BSS_COLOR_INDICATION = 0x00000400,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_USR_ENC_BLK_CRC = 0x00000800,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_USR_ENC_BLK_TAIL = 0x00001000,
+ /* really 'known' but actual data */
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_DATA_USR_ENC_BLK_CRC = 0x000f0000,
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_DATA_USR_ENC_BLK_TAIL = 0x03f00000,
+ /* indicates this user was captured */
+ IEEE80211_RADIOTAP_UHR_USER_KNOWN_USER_CAPTURED = 0x80000000,
+};
+
+enum ieee80211_radiotap_uhr_user_info {
+ IEEE80211_RADIOTAP_UHR_USER_INFO_STA_ID = 0x000007ff,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_MCS = 0x0000f800,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_NSS = 0x00070000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_SPATIAL_CONFIG = 0x000f0000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_UEQM = 0x00100000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_DISREGARD = 0x00100000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_BF = 0x00200000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_BSS_COLOR_INDICATION = 0x00200000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_UEQM_PATTERN = 0x00c00000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_CODING = 0x01000000,
+ IEEE80211_RADIOTAP_UHR_USER_INFO_2X_LDPC = 0x02000000,
+};
+
/**
* ieee80211_get_radiotap_len - get radiotap header length
* @data: pointer to the header
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 15/15] wifi: mac80211_hwsim: switch to use TXQs
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
Simply immediately TX all available packets on the corresponding queue.
This removes the HWSIM_TM_CMD_STOP_QUEUES/HWSIM_TM_CMD_RESUME_QUEUES
feature for now. It should be reasonably simple to add it back if it is
needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../wireless/virtual/mac80211_hwsim_main.c | 20 ++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
index c6d1f841c04d..e510357c1411 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -2198,6 +2198,17 @@ static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
ieee80211_tx_status_irqsafe(hw, skb);
}
+static void ieee80211_hwsim_wake_tx_queue(struct ieee80211_hw *hw,
+ struct ieee80211_txq *txq)
+{
+ struct ieee80211_tx_control control = {
+ .sta = txq->sta,
+ };
+ struct sk_buff *skb;
+
+ while ((skb = ieee80211_tx_dequeue(hw, txq)))
+ mac80211_hwsim_tx(hw, &control, skb);
+}
static int mac80211_hwsim_start(struct ieee80211_hw *hw)
{
@@ -2943,11 +2954,7 @@ static int mac80211_hwsim_testmode_cmd(struct ieee80211_hw *hw,
goto nla_put_failure;
return cfg80211_testmode_reply(skb);
case HWSIM_TM_CMD_STOP_QUEUES:
- ieee80211_stop_queues(hw);
- return 0;
case HWSIM_TM_CMD_WAKE_QUEUES:
- ieee80211_wake_queues(hw);
- return 0;
default:
return -EOPNOTSUPP;
}
@@ -4051,7 +4058,7 @@ static int mac80211_hwsim_set_radar_background(struct ieee80211_hw *hw,
#define HWSIM_COMMON_OPS \
.tx = mac80211_hwsim_tx, \
- .wake_tx_queue = ieee80211_handle_wake_tx_queue, \
+ .wake_tx_queue = ieee80211_hwsim_wake_tx_queue, \
.start = mac80211_hwsim_start, \
.stop = mac80211_hwsim_stop, \
.add_interface = mac80211_hwsim_add_interface, \
@@ -5530,6 +5537,8 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
ieee80211_hw_set(hw, TDLS_WIDER_BW);
ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
ieee80211_hw_set(hw, STRICT);
+ ieee80211_hw_set(hw, BUFF_MMPDU_TXQ);
+ ieee80211_hw_set(hw, STA_MMPDU_TXQ);
if (param->mlo) {
hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_MLO;
@@ -5588,6 +5597,7 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
hw->vif_data_size = sizeof(struct hwsim_vif_priv);
hw->sta_data_size = sizeof(struct hwsim_sta_priv);
hw->chanctx_data_size = sizeof(struct hwsim_chanctx_priv);
+ hw->txq_data_size = 0;
memcpy(data->channels_2ghz, hwsim_channels_2ghz,
sizeof(hwsim_channels_2ghz));
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 14/15] wifi: mac80211_hwsim: refactor NAN timer handling
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
Refactor the NAN timer to more closely track the where in the NAN
schedule the device currently is. Do this by having an hrtimer that
fires at the start of every slot.
For now continue to update the current channel at the start of the DW.
In the future, the correct channel according to the schedule should be
used everywhere.
This is in preparation to more accurately simulate more of the NAN
logic.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../net/wireless/virtual/mac80211_hwsim_i.h | 5 +
.../wireless/virtual/mac80211_hwsim_main.c | 22 +--
.../net/wireless/virtual/mac80211_hwsim_nan.c | 160 ++++++++++++------
.../net/wireless/virtual/mac80211_hwsim_nan.h | 8 +-
4 files changed, 133 insertions(+), 62 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_i.h b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
index d345595ca588..6b2a5dccb106 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_i.h
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
@@ -128,6 +128,11 @@ struct mac80211_hwsim_data {
extern spinlock_t hwsim_radio_lock;
extern struct list_head hwsim_radios;
+ktime_t mac80211_hwsim_tsf_to_boottime(struct mac80211_hwsim_data *data,
+ u64 tsf);
+u64 mac80211_hwsim_boottime_to_tsf(struct mac80211_hwsim_data *data,
+ ktime_t ts);
+
u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
struct ieee80211_vif *vif);
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
index ba2aa09b37cb..c6d1f841c04d 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -1216,12 +1216,18 @@ static inline u64 mac80211_hwsim_get_sim_tsf(void)
return ktime_to_us(ktime_get_boottime());
}
-static ktime_t mac80211_hwsim_tsf_to_boottime(struct mac80211_hwsim_data *data,
- u64 tsf)
+ktime_t mac80211_hwsim_tsf_to_boottime(struct mac80211_hwsim_data *data,
+ u64 tsf)
{
return us_to_ktime(tsf - data->tsf_offset);
}
+u64 mac80211_hwsim_boottime_to_tsf(struct mac80211_hwsim_data *data,
+ ktime_t ts)
+{
+ return ktime_to_us(ts + data->tsf_offset);
+}
+
u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
struct ieee80211_vif *vif)
{
@@ -2045,12 +2051,7 @@ static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
* on channel 6 or channel 149, unless a ROC is in progress (for
* USD use cases).
*/
- if (data->nan.curr_dw_band == NL80211_BAND_2GHZ)
- channel = ieee80211_get_channel(hw->wiphy, 2437);
- else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
- channel = ieee80211_get_channel(hw->wiphy, 5745);
- else
- channel = NULL;
+ channel = data->nan.channel;
if (WARN_ON(!channel)) {
ieee80211_free_txskb(hw, skb);
@@ -5451,8 +5452,9 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
NAN_DEV_CAPA_EXT_KEY_ID_SUPPORTED |
NAN_DEV_CAPA_NDPE_SUPPORTED;
- hrtimer_setup(&data->nan.timer, mac80211_hwsim_nan_dw_start,
- CLOCK_MONOTONIC, HRTIMER_MODE_ABS_SOFT);
+ hrtimer_setup(&data->nan.slot_timer,
+ mac80211_hwsim_nan_slot_timer,
+ CLOCK_BOOTTIME, HRTIMER_MODE_ABS_SOFT);
}
data->if_combination.radar_detect_widths =
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_nan.c b/drivers/net/wireless/virtual/mac80211_hwsim_nan.c
index 5d7c736d7972..f4191954ca9d 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_nan.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_nan.c
@@ -6,63 +6,132 @@
#include "mac80211_hwsim_i.h"
+/* Defined as the lower 23 bits being zero */
+#define DW0_TSF_MASK GENMASK(22, 0)
+
+/* DWs are repeated every 512 TUs */
+#define DWST_TU 512
+#define DWST_TSF_MASK (ieee80211_tu_to_usec(DWST_TU) - 1)
+
+#define SLOT_TU 16
+#define SLOT_TSF_MASK (ieee80211_tu_to_usec(DWST_TU) - 1)
+
+/* The 2.4 GHz DW is at the start, the 5 GHz is in slot 8 (after 128 TUs) */
+#define DW_5G_OFFSET_TU 128
+
+#define SLOT_24GHZ_DW 0
+#define SLOT_5GHZ_DW (DW_5G_OFFSET_TU / SLOT_TU)
+
+/* The special DW0 happens every 16 DWSTs (8192 TUs) */
+static_assert(16 * DWST_TU * 1024 == 8192 * 1024);
+static_assert(DW0_TSF_MASK + 1 == 8192 * 1024);
+
static u8 hwsim_nan_cluster_id[ETH_ALEN];
+static u64 hwsim_nan_get_timer_tsf(struct mac80211_hwsim_data *data)
+{
+ ktime_t expires = hrtimer_get_expires(&data->nan.slot_timer);
+
+ return mac80211_hwsim_boottime_to_tsf(data, expires);
+}
+
+static u8 hwsim_nan_slot_from_tsf(u64 tsf)
+{
+ return (tsf & DWST_TSF_MASK) / ieee80211_tu_to_usec(SLOT_TU);
+}
+
+static void
+mac80211_hwsim_nan_schedule_slot(struct mac80211_hwsim_data *data, u8 slot)
+{
+ u64 tsf = hwsim_nan_get_timer_tsf(data);
+
+ /* Only called by mac80211_hwsim_nan_dw_timer from softirq context */
+ lockdep_assert_in_softirq();
+
+ tsf &= ~DWST_TSF_MASK;
+ tsf += ieee80211_tu_to_usec(slot * SLOT_TU);
+
+ hrtimer_set_expires(&data->nan.slot_timer,
+ mac80211_hwsim_tsf_to_boottime(data, tsf));
+}
+
+static void
+mac80211_hwsim_nan_exec_state_transitions(struct mac80211_hwsim_data *data)
+{
+ /*
+ * Handle NAN role and state transitions at the end of the DW period
+ * in accordance to Wi-Fi Aware version 4.0 section 3.3.7 point 2, i.e.
+ * end of 5 GHz DW if enabled else at the end of the 2.4 GHz DW.
+ *
+ * TODO: Implement
+ */
+}
+
enum hrtimer_restart
-mac80211_hwsim_nan_dw_start(struct hrtimer *timer)
+mac80211_hwsim_nan_slot_timer(struct hrtimer *timer)
{
struct mac80211_hwsim_data *data =
container_of(timer, struct mac80211_hwsim_data,
- nan.timer);
+ nan.slot_timer);
struct ieee80211_hw *hw = data->hw;
- u64 orig_tsf = mac80211_hwsim_get_tsf(hw, NULL), tsf = orig_tsf;
- u32 dw_int = 512 * 1024;
- u64 until_dw;
+ struct ieee80211_channel *notify_dw_chan = NULL;
+ u64 tsf = hwsim_nan_get_timer_tsf(data);
+ u8 slot = hwsim_nan_slot_from_tsf(tsf);
+ bool dwst_of_dw0 = false;
+ bool dw_end = false;
if (!data->nan.device_vif)
return HRTIMER_NORESTART;
- if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
- if (data->nan.curr_dw_band == NL80211_BAND_2GHZ) {
- dw_int = 128 * 1024;
- data->nan.curr_dw_band = NL80211_BAND_5GHZ;
- } else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ) {
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
- }
- }
+ if ((tsf & DW0_TSF_MASK & ~DWST_TSF_MASK) == 0)
+ dwst_of_dw0 = true;
- until_dw = dw_int - do_div(tsf, dw_int);
- /* The timer might fire just before the actual DW, in which case
- * update the timeout to the actual next DW
- */
- if (until_dw < dw_int / 2)
- until_dw += dw_int;
+ switch (slot) {
+ case SLOT_24GHZ_DW:
+ wiphy_dbg(data->hw->wiphy, "Start of 2.4 GHz DW, is DW0=%d\n",
+ dwst_of_dw0);
+ data->nan.channel = ieee80211_get_channel(hw->wiphy, 2437);
+ break;
- /* The above do_div() call directly modifies the 'tsf' variable, thus,
- * use a copy so that the print below would show the original TSF.
- */
- wiphy_debug(hw->wiphy,
- "%s: tsf=%llx, curr_dw_band=%u, next_dw=%llu\n",
- __func__, orig_tsf, data->nan.curr_dw_band,
- until_dw);
+ case SLOT_24GHZ_DW + 1:
+ if (!(data->nan.bands & BIT(NL80211_BAND_5GHZ))) {
+ notify_dw_chan = ieee80211_get_channel(hw->wiphy, 2437);
+ dw_end = true;
+ } else {
+ notify_dw_chan = ieee80211_get_channel(hw->wiphy, 5745);
+ }
+ break;
- hrtimer_forward_now(&data->nan.timer,
- ns_to_ktime(until_dw * NSEC_PER_USEC));
+ case SLOT_5GHZ_DW:
+ if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
+ wiphy_dbg(data->hw->wiphy, "Start of 5 GHz DW\n");
+ data->nan.channel =
+ ieee80211_get_channel(hw->wiphy, 5745);
+ }
+ break;
+
+ case SLOT_5GHZ_DW + 1:
+ if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
+ notify_dw_chan =
+ ieee80211_get_channel(hw->wiphy, 2437);
+ dw_end = true;
+ }
+ break;
+ }
+
+ if (dw_end)
+ mac80211_hwsim_nan_exec_state_transitions(data);
- if (data->nan.notify_dw) {
- struct ieee80211_channel *ch;
+ if (data->nan.notify_dw && notify_dw_chan) {
struct wireless_dev *wdev =
ieee80211_vif_to_wdev(data->nan.device_vif);
- if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
- ch = ieee80211_get_channel(hw->wiphy, 5745);
- else
- ch = ieee80211_get_channel(hw->wiphy, 2437);
-
- cfg80211_next_nan_dw_notif(wdev, ch, GFP_ATOMIC);
+ cfg80211_next_nan_dw_notif(wdev, notify_dw_chan, GFP_ATOMIC);
}
+ mac80211_hwsim_nan_schedule_slot(data, slot + 1);
+
return HRTIMER_RESTART;
}
@@ -71,9 +140,6 @@ int mac80211_hwsim_nan_start(struct ieee80211_hw *hw,
struct cfg80211_nan_conf *conf)
{
struct mac80211_hwsim_data *data = hw->priv;
- u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);
- u32 dw_int = 512 * 1000;
- u64 until_dw = dw_int - do_div(tsf, dw_int);
struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
if (vif->type != NL80211_IFTYPE_NAN)
@@ -85,13 +151,11 @@ int mac80211_hwsim_nan_start(struct ieee80211_hw *hw,
/* set this before starting the timer, as preemption might occur */
data->nan.device_vif = vif;
data->nan.bands = conf->bands;
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
+ data->nan.channel = ieee80211_get_channel(hw->wiphy, 2437);
- wiphy_debug(hw->wiphy, "nan_started, next_dw=%llu\n",
- until_dw);
-
- hrtimer_start(&data->nan.timer,
- ns_to_ktime(until_dw * NSEC_PER_USEC),
+ /* Just run this "soon" and start in a random schedule position */
+ hrtimer_start(&data->nan.slot_timer,
+ ns_to_ktime(10 * NSEC_PER_USEC),
HRTIMER_MODE_REL_SOFT);
if (conf->cluster_id && !is_zero_ether_addr(conf->cluster_id) &&
@@ -125,7 +189,7 @@ int mac80211_hwsim_nan_stop(struct ieee80211_hw *hw,
data->nan.device_vif != vif)
return -EINVAL;
- hrtimer_cancel(&data->nan.timer);
+ hrtimer_cancel(&data->nan.slot_timer);
data->nan.device_vif = NULL;
spin_lock_bh(&hwsim_radio_lock);
@@ -159,10 +223,8 @@ int mac80211_hwsim_nan_change_config(struct ieee80211_hw *hw,
wiphy_debug(hw->wiphy, "nan_config_changed: changes=0x%x\n", changes);
/* Handle only the changes we care about for simulation purposes */
- if (changes & CFG80211_NAN_CONF_CHANGED_BANDS) {
+ if (changes & CFG80211_NAN_CONF_CHANGED_BANDS)
data->nan.bands = conf->bands;
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
- }
if (changes & CFG80211_NAN_CONF_CHANGED_CONFIG)
data->nan.notify_dw = conf->enable_dw_notification;
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_nan.h b/drivers/net/wireless/virtual/mac80211_hwsim_nan.h
index eac64ac37589..e86e7f9e9a3c 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_nan.h
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_nan.h
@@ -11,13 +11,15 @@ struct mac80211_hwsim_nan_data {
struct ieee80211_vif *device_vif;
u8 bands;
- enum nl80211_band curr_dw_band;
- struct hrtimer timer;
+ /* Current channel of the NAN device */
+ struct ieee80211_channel *channel;
+
+ struct hrtimer slot_timer;
bool notify_dw;
};
enum hrtimer_restart
-mac80211_hwsim_nan_dw_start(struct hrtimer *timer);
+mac80211_hwsim_nan_slot_timer(struct hrtimer *timer);
int mac80211_hwsim_nan_start(struct ieee80211_hw *hw,
struct ieee80211_vif *vif,
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 13/15] wifi: mac80211_hwsim: register beacon timer by calculating TBTT
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
It is easy to calculate the next target beacon transmission time (TBTT)
based on the current TSF and the beacon interval. Use this method to
calculate the time to the next beacon.
With this, the bcn_delta variable can be removed and drift over time due
to the timer firing late is fully avoided.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../net/wireless/virtual/mac80211_hwsim_i.h | 1 -
.../wireless/virtual/mac80211_hwsim_main.c | 39 ++++++++++++-------
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_i.h b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
index b4d0a3869619..d345595ca588 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_i.h
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
@@ -103,7 +103,6 @@ struct mac80211_hwsim_data {
/* difference between this hw's clock and the real clock, in usecs */
s64 tsf_offset;
- s64 bcn_delta;
/* Stats */
u64 tx_pkts;
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
index 5bf6541498ec..ba2aa09b37cb 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -1216,6 +1216,12 @@ static inline u64 mac80211_hwsim_get_sim_tsf(void)
return ktime_to_us(ktime_get_boottime());
}
+static ktime_t mac80211_hwsim_tsf_to_boottime(struct mac80211_hwsim_data *data,
+ u64 tsf)
+{
+ return us_to_ktime(tsf - data->tsf_offset);
+}
+
u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
struct ieee80211_vif *vif)
{
@@ -1237,8 +1243,6 @@ static void mac80211_hwsim_set_tsf(struct ieee80211_hw *hw,
{
struct mac80211_hwsim_data *data = hw->priv;
u64 now = mac80211_hwsim_get_tsf(hw, vif);
- /* MLD not supported here */
- u32 bcn_int = data->link_data[0].beacon_int;
u64 delta = abs(tsf - now);
struct ieee80211_bss_conf *conf;
@@ -1247,13 +1251,10 @@ static void mac80211_hwsim_set_tsf(struct ieee80211_hw *hw,
return;
/* adjust after beaconing with new timestamp at old TBTT */
- if (tsf > now) {
+ if (tsf > now)
data->tsf_offset += delta;
- data->bcn_delta = do_div(delta, bcn_int);
- } else {
+ else
data->tsf_offset -= delta;
- data->bcn_delta = -(s64)do_div(delta, bcn_int);
- }
}
static void mac80211_hwsim_monitor_rx(struct ieee80211_hw *hw,
@@ -2410,7 +2411,9 @@ mac80211_hwsim_beacon(struct hrtimer *timer)
container_of(link_data, struct mac80211_hwsim_data,
link_data[link_data->link_id]);
struct ieee80211_hw *hw = data->hw;
- u64 bcn_int = link_data->beacon_int;
+ u32 remainder;
+ u64 tsf_now;
+ u64 tbtt;
if (!data->started)
return HRTIMER_NORESTART;
@@ -2419,13 +2422,19 @@ mac80211_hwsim_beacon(struct hrtimer *timer)
hw, IEEE80211_IFACE_ITER_NORMAL,
mac80211_hwsim_beacon_tx, link_data);
- /* beacon at new TBTT + beacon interval */
- if (data->bcn_delta) {
- bcn_int -= data->bcn_delta;
- data->bcn_delta = 0;
- }
- hrtimer_forward_now(&link_data->beacon_timer,
- ns_to_ktime(bcn_int * NSEC_PER_USEC));
+ /* TSF is the same for all VIFs, parameter is unused */
+ tsf_now = mac80211_hwsim_get_tsf(hw, NULL);
+
+ /* Wrap value to be after the next TBTT */
+ tbtt = tsf_now + link_data->beacon_int;
+
+ /* Round TBTT down to the correct time */
+ div_u64_rem(tbtt, link_data->beacon_int, &remainder);
+ tbtt = tbtt - remainder;
+
+ hrtimer_set_expires(&link_data->beacon_timer,
+ mac80211_hwsim_tsf_to_boottime(data, tbtt));
+
return HRTIMER_RESTART;
}
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 12/15] wifi: mac80211_hwsim: move timestamp writing later in the datapath
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
By delegating writing the timestamp into beacons and probe responses, we
can remove the abs_bcn_ts from the global data and still avoid any time
offset issues. This also seems conceptually closer to "real" hardware
where the timestamp will be written late in the TX path.
Move sending the SKB to the monitor interface to happen later, so that
the frame timestamp has the value filled in by mac80211_hwsim.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../net/wireless/virtual/mac80211_hwsim_i.h | 2 -
.../wireless/virtual/mac80211_hwsim_main.c | 110 ++++++++----------
2 files changed, 49 insertions(+), 63 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_i.h b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
index 741eb08f8a85..b4d0a3869619 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_i.h
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
@@ -104,8 +104,6 @@ struct mac80211_hwsim_data {
/* difference between this hw's clock and the real clock, in usecs */
s64 tsf_offset;
s64 bcn_delta;
- /* absolute beacon transmission time. Used to cover up "tx" delay. */
- u64 abs_bcn_ts;
/* Stats */
u64 tx_pkts;
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
index 3bda5532ab62..5bf6541498ec 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -1523,6 +1523,43 @@ static inline u16 trans_tx_rate_flags_ieee2hwsim(struct ieee80211_tx_rate *rate)
return result;
}
+static void mac80211_hwsim_write_tsf(struct mac80211_hwsim_data *data,
+ struct sk_buff *skb, u64 sim_time)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+ struct ieee80211_rate *txrate;
+ /* TODO: get MCS */
+ int bitrate = 100;
+
+ txrate = ieee80211_get_tx_rate(data->hw, info);
+ if (txrate)
+ bitrate = txrate->bitrate;
+
+ if (skb->len >= offsetofend(typeof(*mgmt), u.probe_resp.timestamp) &&
+ ieee80211_is_probe_resp(hdr->frame_control)) {
+ mgmt->u.probe_resp.timestamp =
+ cpu_to_le64(sim_time + data->tsf_offset +
+ 24 * 8 * 10 / bitrate);
+ } else if (skb->len >= offsetofend(typeof(*mgmt), u.beacon.timestamp) &&
+ ieee80211_is_beacon(mgmt->frame_control)) {
+ mgmt->u.beacon.timestamp = cpu_to_le64(sim_time +
+ data->tsf_offset +
+ 24 * 8 * 10 /
+ bitrate);
+ } else if (skb->len >= offsetofend(struct ieee80211_ext,
+ u.s1g_beacon.timestamp) &&
+ ieee80211_is_s1g_beacon(mgmt->frame_control)) {
+ struct ieee80211_ext *ext = (void *)mgmt;
+
+ ext->u.s1g_beacon.timestamp = cpu_to_le32(sim_time +
+ data->tsf_offset +
+ 10 * 8 * 10 /
+ bitrate);
+ }
+}
+
static void mac80211_hwsim_tx_frame_nl(struct ieee80211_hw *hw,
struct sk_buff *my_skb,
int dst_portid,
@@ -1538,6 +1575,7 @@ static void mac80211_hwsim_tx_frame_nl(struct ieee80211_hw *hw,
struct hwsim_tx_rate tx_attempts[IEEE80211_TX_MAX_RATES];
struct hwsim_tx_rate_flag tx_attempts_flags[IEEE80211_TX_MAX_RATES];
uintptr_t cookie;
+ u64 sim_tsf;
if (data->ps != PS_DISABLED)
hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
@@ -1550,6 +1588,9 @@ static void mac80211_hwsim_tx_frame_nl(struct ieee80211_hw *hw,
}
}
+ sim_tsf = mac80211_hwsim_get_sim_tsf();
+ mac80211_hwsim_write_tsf(data, my_skb, sim_tsf);
+
skb = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_ATOMIC);
if (skb == NULL)
goto nla_put_failure;
@@ -1781,7 +1822,11 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_rx_status rx_status;
- u64 sim_tsf;
+ u64 sim_tsf = mac80211_hwsim_get_sim_tsf();
+
+ mac80211_hwsim_write_tsf(data, skb, sim_tsf);
+
+ mac80211_hwsim_monitor_rx(hw, skb, chan);
memset(&rx_status, 0, sizeof(rx_status));
rx_status.flag |= RX_FLAG_MACTIME_START;
@@ -1824,20 +1869,9 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
skb_ext_reset(skb);
nf_reset_ct(skb);
- /*
- * Get absolute mactime here so all HWs RX at the "same time", and
- * absolute TX time for beacon mactime so the timestamp matches.
- * Giving beacons a different mactime than non-beacons looks messy, but
- * it helps the Toffset be exact and a ~10us mactime discrepancy
- * probably doesn't really matter.
- */
if (ieee80211_is_beacon(hdr->frame_control) ||
- ieee80211_is_probe_resp(hdr->frame_control)) {
+ ieee80211_is_probe_resp(hdr->frame_control))
rx_status.boottime_ns = ktime_get_boottime_ns();
- sim_tsf = data->abs_bcn_ts;
- } else {
- sim_tsf = mac80211_hwsim_get_sim_tsf();
- }
/* Copy skb to all enabled radios that are on the current frequency */
spin_lock(&hwsim_radio_lock);
@@ -2137,27 +2171,6 @@ static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
return;
}
- if (skb->len >= 24 + 8 &&
- ieee80211_is_probe_resp(hdr->frame_control)) {
- /* fake header transmission time */
- struct ieee80211_mgmt *mgmt;
- struct ieee80211_rate *txrate;
- /* TODO: get MCS */
- int bitrate = 100;
- u64 ts;
-
- mgmt = (struct ieee80211_mgmt *)skb->data;
- txrate = ieee80211_get_tx_rate(hw, txi);
- if (txrate)
- bitrate = txrate->bitrate;
- ts = mac80211_hwsim_get_sim_tsf();
- mgmt->u.probe_resp.timestamp =
- cpu_to_le64(ts + data->tsf_offset +
- 24 * 8 * 10 / bitrate);
- }
-
- mac80211_hwsim_monitor_rx(hw, skb, channel);
-
/* wmediumd mode check */
_portid = READ_ONCE(data->wmediumd);
@@ -2291,8 +2304,6 @@ static void mac80211_hwsim_tx_frame(struct ieee80211_hw *hw,
ARRAY_SIZE(txi->control.rates));
}
- mac80211_hwsim_monitor_rx(hw, skb, chan);
-
if (_portid || hwsim_virtio_enabled)
return mac80211_hwsim_tx_frame_nl(hw, skb, _portid, chan);
@@ -2310,10 +2321,6 @@ static void __mac80211_hwsim_beacon_tx(struct ieee80211_bss_conf *link_conf,
{
struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
struct ieee80211_tx_info *info;
- struct ieee80211_rate *txrate;
- struct ieee80211_mgmt *mgmt;
- /* TODO: get MCS */
- int bitrate = 100;
if (vp->skip_beacons[link_conf->link_id]) {
vp->skip_beacons[link_conf->link_id]--;
@@ -2327,27 +2334,6 @@ static void __mac80211_hwsim_beacon_tx(struct ieee80211_bss_conf *link_conf,
info->control.rates,
ARRAY_SIZE(info->control.rates));
- txrate = ieee80211_get_tx_rate(hw, info);
- if (txrate)
- bitrate = txrate->bitrate;
-
- mgmt = (struct ieee80211_mgmt *) skb->data;
- /* fake header transmission time */
- data->abs_bcn_ts = mac80211_hwsim_get_sim_tsf();
- if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
- struct ieee80211_ext *ext = (void *) mgmt;
-
- ext->u.s1g_beacon.timestamp = cpu_to_le32(data->abs_bcn_ts +
- data->tsf_offset +
- 10 * 8 * 10 /
- bitrate);
- } else {
- mgmt->u.beacon.timestamp = cpu_to_le64(data->abs_bcn_ts +
- data->tsf_offset +
- 24 * 8 * 10 /
- bitrate);
- }
-
mac80211_hwsim_tx_frame(hw, skb,
rcu_dereference(link_conf->chanctx_conf)->def.chan);
}
@@ -6033,6 +6019,8 @@ static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2,
if (!found)
goto out;
+ mac80211_hwsim_monitor_rx(data2->hw, skb, data2->channel);
+
/* Tx info received because the frame was broadcasted on user space,
so we get all the necessary info: tx attempts and skb control buff */
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 11/15] wifi: mac80211_hwsim: rename and switch simulation time to boottime
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
The mac80211_hwsim base time for the simulation of the TSF was based on
the real time of the system. This clock is subject to unexpected
changes. Switch it to use boottime which is always monotonic and also
continues to run through times where the system is suspended.
Also change the function name from tsf_raw to sim_tsf to better
differentiate between the TSF of the mac and the TSF base of the
simulation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../wireless/virtual/mac80211_hwsim_main.c | 33 ++++++++++---------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
index 4ad2c6f38663..3bda5532ab62 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -1211,22 +1211,25 @@ static netdev_tx_t hwsim_mon_xmit(struct sk_buff *skb,
return NETDEV_TX_OK;
}
-static inline u64 mac80211_hwsim_get_tsf_raw(void)
+static inline u64 mac80211_hwsim_get_sim_tsf(void)
{
- return ktime_to_us(ktime_get_real());
-}
-
-static __le64 __mac80211_hwsim_get_tsf(struct mac80211_hwsim_data *data)
-{
- u64 now = mac80211_hwsim_get_tsf_raw();
- return cpu_to_le64(now + data->tsf_offset);
+ return ktime_to_us(ktime_get_boottime());
}
u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
struct ieee80211_vif *vif)
{
struct mac80211_hwsim_data *data = hw->priv;
- return le64_to_cpu(__mac80211_hwsim_get_tsf(data));
+ u64 sim_time = mac80211_hwsim_get_sim_tsf();
+
+ return sim_time + data->tsf_offset;
+}
+
+static __le64 __mac80211_hwsim_get_tsf(struct mac80211_hwsim_data *data)
+{
+ u64 sim_time = mac80211_hwsim_get_sim_tsf();
+
+ return cpu_to_le64(sim_time + data->tsf_offset);
}
static void mac80211_hwsim_set_tsf(struct ieee80211_hw *hw,
@@ -1778,7 +1781,7 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_rx_status rx_status;
- u64 now;
+ u64 sim_tsf;
memset(&rx_status, 0, sizeof(rx_status));
rx_status.flag |= RX_FLAG_MACTIME_START;
@@ -1831,9 +1834,9 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
if (ieee80211_is_beacon(hdr->frame_control) ||
ieee80211_is_probe_resp(hdr->frame_control)) {
rx_status.boottime_ns = ktime_get_boottime_ns();
- now = data->abs_bcn_ts;
+ sim_tsf = data->abs_bcn_ts;
} else {
- now = mac80211_hwsim_get_tsf_raw();
+ sim_tsf = mac80211_hwsim_get_sim_tsf();
}
/* Copy skb to all enabled radios that are on the current frequency */
@@ -1894,7 +1897,7 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
if (mac80211_hwsim_addr_match(data2, hdr->addr1))
ack = true;
- rx_status.mactime = now + data2->tsf_offset;
+ rx_status.mactime = sim_tsf + data2->tsf_offset;
mac80211_hwsim_rx(data2, &rx_status, nskb);
}
@@ -2147,7 +2150,7 @@ static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
txrate = ieee80211_get_tx_rate(hw, txi);
if (txrate)
bitrate = txrate->bitrate;
- ts = mac80211_hwsim_get_tsf_raw();
+ ts = mac80211_hwsim_get_sim_tsf();
mgmt->u.probe_resp.timestamp =
cpu_to_le64(ts + data->tsf_offset +
24 * 8 * 10 / bitrate);
@@ -2330,7 +2333,7 @@ static void __mac80211_hwsim_beacon_tx(struct ieee80211_bss_conf *link_conf,
mgmt = (struct ieee80211_mgmt *) skb->data;
/* fake header transmission time */
- data->abs_bcn_ts = mac80211_hwsim_get_tsf_raw();
+ data->abs_bcn_ts = mac80211_hwsim_get_sim_tsf();
if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
struct ieee80211_ext *ext = (void *) mgmt;
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 10/15] wifi: mac80211_hwsim: split NAN handling into separate file
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
Having everything in one file for mac80211_hwsim is starting to get a
lot and it will be even worse if we implement more parts of NAN. Split
the NAN implementation into separate files to improve the code
structuring.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
drivers/net/wireless/virtual/Makefile | 2 +
.../net/wireless/virtual/mac80211_hwsim_i.h | 137 ++++++++
...mac80211_hwsim.c => mac80211_hwsim_main.c} | 307 ++----------------
.../net/wireless/virtual/mac80211_hwsim_nan.c | 171 ++++++++++
.../net/wireless/virtual/mac80211_hwsim_nan.h | 34 ++
5 files changed, 364 insertions(+), 287 deletions(-)
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_i.h
rename drivers/net/wireless/virtual/{mac80211_hwsim.c => mac80211_hwsim_main.c} (96%)
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_nan.c
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_nan.h
diff --git a/drivers/net/wireless/virtual/Makefile b/drivers/net/wireless/virtual/Makefile
index 5773cc6d643e..6ad860dd7643 100644
--- a/drivers/net/wireless/virtual/Makefile
+++ b/drivers/net/wireless/virtual/Makefile
@@ -1,3 +1,5 @@
obj-$(CONFIG_MAC80211_HWSIM) += mac80211_hwsim.o
+mac80211_hwsim-objs += mac80211_hwsim_main.o
+mac80211_hwsim-objs += mac80211_hwsim_nan.o
obj-$(CONFIG_VIRT_WIFI) += virt_wifi.o
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_i.h b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
new file mode 100644
index 000000000000..741eb08f8a85
--- /dev/null
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_i.h
@@ -0,0 +1,137 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * mac80211_hwsim - software simulator of 802.11 radio(s) for mac80211
+ * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2011, Javier Lopez <jlopex@gmail.com>
+ * Copyright (c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright (C) 2018 - 2025 Intel Corporation
+ */
+
+#ifndef __MAC80211_HWSIM_I_H
+#define __MAC80211_HWSIM_I_H
+
+#include <net/mac80211.h>
+#include "mac80211_hwsim.h"
+#include "mac80211_hwsim_nan.h"
+
+struct mac80211_hwsim_link_data {
+ u32 link_id;
+ u64 beacon_int /* beacon interval in us */;
+ struct hrtimer beacon_timer;
+};
+
+#define HWSIM_NUM_CHANNELS_2GHZ 14
+#define HWSIM_NUM_CHANNELS_5GHZ 40
+#define HWSIM_NUM_CHANNELS_6GHZ 59
+#define HWSIM_NUM_S1G_CHANNELS_US 51
+#define HWSIM_NUM_RATES 12
+#define HWSIM_NUM_CIPHERS 11
+
+struct mac80211_hwsim_data {
+ struct list_head list;
+ struct rhash_head rht;
+ struct ieee80211_hw *hw;
+ struct device *dev;
+ struct ieee80211_supported_band bands[NUM_NL80211_BANDS];
+ struct ieee80211_channel channels_2ghz[HWSIM_NUM_CHANNELS_2GHZ];
+ struct ieee80211_channel channels_5ghz[HWSIM_NUM_CHANNELS_5GHZ];
+ struct ieee80211_channel channels_6ghz[HWSIM_NUM_CHANNELS_6GHZ];
+ struct ieee80211_channel channels_s1g[HWSIM_NUM_S1G_CHANNELS_US];
+ struct ieee80211_rate rates[HWSIM_NUM_RATES];
+ struct ieee80211_iface_combination if_combination;
+ struct ieee80211_iface_limit if_limits[4];
+ int n_if_limits;
+ /* Storage space for channels, etc. */
+ struct mac80211_hwsim_phy_data *phy_data;
+
+ struct ieee80211_iface_combination if_combination_radio;
+ struct wiphy_radio_freq_range radio_range[NUM_NL80211_BANDS];
+ struct wiphy_radio radio[NUM_NL80211_BANDS];
+
+ u32 ciphers[HWSIM_NUM_CIPHERS];
+
+ struct mac_address addresses[3];
+ int channels, idx;
+ bool use_chanctx;
+ bool destroy_on_close;
+ u32 portid;
+ char alpha2[2];
+ const struct ieee80211_regdomain *regd;
+
+ struct ieee80211_channel *tmp_chan;
+ struct ieee80211_channel *roc_chan;
+ u32 roc_duration;
+ struct delayed_work roc_start;
+ struct delayed_work roc_done;
+ struct delayed_work hw_scan;
+ struct cfg80211_scan_request *hw_scan_request;
+ struct ieee80211_vif *hw_scan_vif;
+ int scan_chan_idx;
+ u8 scan_addr[ETH_ALEN];
+ struct {
+ struct ieee80211_channel *channel;
+ unsigned long next_start, start, end;
+ } survey_data[HWSIM_NUM_CHANNELS_2GHZ +
+ HWSIM_NUM_CHANNELS_5GHZ +
+ HWSIM_NUM_CHANNELS_6GHZ];
+
+ struct ieee80211_channel *channel;
+ enum nl80211_chan_width bw;
+ unsigned int rx_filter;
+ bool started, idle, scanning;
+ struct mutex mutex;
+ enum ps_mode {
+ PS_DISABLED, PS_ENABLED, PS_AUTO_POLL, PS_MANUAL_POLL
+ } ps;
+ bool ps_poll_pending;
+ struct dentry *debugfs;
+ struct cfg80211_chan_def radar_background_chandef;
+
+ atomic_t pending_cookie;
+ struct sk_buff_head pending; /* packets pending */
+ /*
+ * Only radios in the same group can communicate together (the
+ * channel has to match too). Each bit represents a group. A
+ * radio can be in more than one group.
+ */
+ u64 group;
+
+ /* group shared by radios created in the same netns */
+ int netgroup;
+ /* wmediumd portid responsible for netgroup of this radio */
+ u32 wmediumd;
+
+ /* difference between this hw's clock and the real clock, in usecs */
+ s64 tsf_offset;
+ s64 bcn_delta;
+ /* absolute beacon transmission time. Used to cover up "tx" delay. */
+ u64 abs_bcn_ts;
+
+ /* Stats */
+ u64 tx_pkts;
+ u64 rx_pkts;
+ u64 tx_bytes;
+ u64 rx_bytes;
+ u64 tx_dropped;
+ u64 tx_failed;
+
+ /* RSSI in rx status of the receiver */
+ int rx_rssi;
+
+ /* only used when pmsr capability is supplied */
+ struct cfg80211_pmsr_capabilities pmsr_capa;
+ struct cfg80211_pmsr_request *pmsr_request;
+ struct wireless_dev *pmsr_request_wdev;
+
+ struct mac80211_hwsim_link_data link_data[IEEE80211_MLD_MAX_NUM_LINKS];
+
+ struct mac80211_hwsim_nan_data nan;
+};
+
+extern spinlock_t hwsim_radio_lock;
+extern struct list_head hwsim_radios;
+
+u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif);
+
+#endif /* __MAC80211_HWSIM_I_H */
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
similarity index 96%
rename from drivers/net/wireless/virtual/mac80211_hwsim.c
rename to drivers/net/wireless/virtual/mac80211_hwsim_main.c
index d5b9170f690c..4ad2c6f38663 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c
@@ -39,6 +39,7 @@
#include <linux/uaccess.h>
#include <linux/string.h>
#include "mac80211_hwsim.h"
+#include "mac80211_hwsim_i.h"
#define WARN_QUEUE 100
#define MAX_QUEUE 200
@@ -379,6 +380,8 @@ static const struct ieee80211_channel hwsim_channels_2ghz[] = {
CHAN2G(2472), /* Channel 13 */
CHAN2G(2484), /* Channel 14 */
};
+static_assert(HWSIM_NUM_CHANNELS_2GHZ == ARRAY_SIZE(hwsim_channels_2ghz),
+ "Inconsistent 2 GHz channel count");
static const struct ieee80211_channel hwsim_channels_5ghz[] = {
CHAN5G(5180), /* Channel 36 */
@@ -428,6 +431,8 @@ static const struct ieee80211_channel hwsim_channels_5ghz[] = {
CHAN5G(5920), /* Channel 184 */
CHAN5G(5925), /* Channel 185 */
};
+static_assert(HWSIM_NUM_CHANNELS_5GHZ == ARRAY_SIZE(hwsim_channels_5ghz),
+ "Inconsistent 5 GHz channel count");
static const struct ieee80211_channel hwsim_channels_6ghz[] = {
CHAN6G(5955), /* Channel 1 */
@@ -490,9 +495,10 @@ static const struct ieee80211_channel hwsim_channels_6ghz[] = {
CHAN6G(7095), /* Channel 229 */
CHAN6G(7115), /* Channel 233 */
};
+static_assert(HWSIM_NUM_CHANNELS_6GHZ == ARRAY_SIZE(hwsim_channels_6ghz),
+ "Inconsistent 6 GHz channel count");
-#define NUM_S1G_CHANS_US 51
-static struct ieee80211_channel hwsim_channels_s1g[NUM_S1G_CHANS_US];
+static struct ieee80211_channel hwsim_channels_s1g[HWSIM_NUM_S1G_CHANNELS_US];
static const struct ieee80211_sta_s1g_cap hwsim_s1g_cap = {
.s1g = true,
@@ -525,7 +531,7 @@ static void hwsim_init_s1g_channels(struct ieee80211_channel *chans)
{
int ch, freq;
- for (ch = 0; ch < NUM_S1G_CHANS_US; ch++) {
+ for (ch = 0; ch < ARRAY_SIZE(hwsim_channels_s1g); ch++) {
freq = 902000 + (ch + 1) * 500;
chans[ch].band = NL80211_BAND_S1GHZ;
chans[ch].center_freq = KHZ_TO_MHZ(freq);
@@ -548,6 +554,8 @@ static const struct ieee80211_rate hwsim_rates[] = {
{ .bitrate = 480 },
{ .bitrate = 540 }
};
+static_assert(HWSIM_NUM_RATES == ARRAY_SIZE(hwsim_rates),
+ "Inconsistent rates count");
#define DEFAULT_RX_RSSI -50
@@ -564,6 +572,8 @@ static const u32 hwsim_ciphers[] = {
WLAN_CIPHER_SUITE_BIP_GMAC_128,
WLAN_CIPHER_SUITE_BIP_GMAC_256,
};
+static_assert(HWSIM_NUM_CIPHERS == ARRAY_SIZE(hwsim_ciphers),
+ "Inconsistent cipher count");
#define OUI_QCA 0x001374
#define QCA_NL80211_SUBCMD_TEST 1
@@ -644,12 +654,11 @@ static const struct nl80211_vendor_cmd_info mac80211_hwsim_vendor_events[] = {
{ .vendor_id = OUI_QCA, .subcmd = 1 },
};
-static DEFINE_SPINLOCK(hwsim_radio_lock);
-static LIST_HEAD(hwsim_radios);
+DEFINE_SPINLOCK(hwsim_radio_lock);
+LIST_HEAD(hwsim_radios);
static struct rhashtable hwsim_radios_rht;
static int hwsim_radio_idx;
static int hwsim_radios_generation = 1;
-static u8 hwsim_nan_cluster_id[ETH_ALEN];
static struct platform_driver mac80211_hwsim_driver = {
.driver = {
@@ -657,120 +666,6 @@ static struct platform_driver mac80211_hwsim_driver = {
},
};
-struct mac80211_hwsim_link_data {
- u32 link_id;
- u64 beacon_int /* beacon interval in us */;
- struct hrtimer beacon_timer;
-};
-
-struct mac80211_hwsim_nan_data {
- struct ieee80211_vif *device_vif;
- u8 bands;
-
- enum nl80211_band curr_dw_band;
- struct hrtimer timer;
- bool notify_dw;
-};
-
-struct mac80211_hwsim_data {
- struct list_head list;
- struct rhash_head rht;
- struct ieee80211_hw *hw;
- struct device *dev;
- struct ieee80211_supported_band bands[NUM_NL80211_BANDS];
- struct ieee80211_channel channels_2ghz[ARRAY_SIZE(hwsim_channels_2ghz)];
- struct ieee80211_channel channels_5ghz[ARRAY_SIZE(hwsim_channels_5ghz)];
- struct ieee80211_channel channels_6ghz[ARRAY_SIZE(hwsim_channels_6ghz)];
- struct ieee80211_channel channels_s1g[ARRAY_SIZE(hwsim_channels_s1g)];
- struct ieee80211_rate rates[ARRAY_SIZE(hwsim_rates)];
- struct ieee80211_iface_combination if_combination;
- struct ieee80211_iface_limit if_limits[4];
- int n_if_limits;
-
- struct ieee80211_iface_combination if_combination_radio;
- struct wiphy_radio_freq_range radio_range[NUM_NL80211_BANDS];
- struct wiphy_radio radio[NUM_NL80211_BANDS];
-
- u32 ciphers[ARRAY_SIZE(hwsim_ciphers)];
-
- struct mac_address addresses[3];
- int channels, idx;
- bool use_chanctx;
- bool destroy_on_close;
- u32 portid;
- char alpha2[2];
- const struct ieee80211_regdomain *regd;
-
- struct ieee80211_channel *tmp_chan;
- struct ieee80211_channel *roc_chan;
- u32 roc_duration;
- struct delayed_work roc_start;
- struct delayed_work roc_done;
- struct delayed_work hw_scan;
- struct cfg80211_scan_request *hw_scan_request;
- struct ieee80211_vif *hw_scan_vif;
- int scan_chan_idx;
- u8 scan_addr[ETH_ALEN];
- struct {
- struct ieee80211_channel *channel;
- unsigned long next_start, start, end;
- } survey_data[ARRAY_SIZE(hwsim_channels_2ghz) +
- ARRAY_SIZE(hwsim_channels_5ghz) +
- ARRAY_SIZE(hwsim_channels_6ghz)];
-
- struct ieee80211_channel *channel;
- enum nl80211_chan_width bw;
- unsigned int rx_filter;
- bool started, idle, scanning;
- struct mutex mutex;
- enum ps_mode {
- PS_DISABLED, PS_ENABLED, PS_AUTO_POLL, PS_MANUAL_POLL
- } ps;
- bool ps_poll_pending;
- struct dentry *debugfs;
- struct cfg80211_chan_def radar_background_chandef;
-
- atomic_t pending_cookie;
- struct sk_buff_head pending; /* packets pending */
- /*
- * Only radios in the same group can communicate together (the
- * channel has to match too). Each bit represents a group. A
- * radio can be in more than one group.
- */
- u64 group;
-
- /* group shared by radios created in the same netns */
- int netgroup;
- /* wmediumd portid responsible for netgroup of this radio */
- u32 wmediumd;
-
- /* difference between this hw's clock and the real clock, in usecs */
- s64 tsf_offset;
- s64 bcn_delta;
- /* absolute beacon transmission time. Used to cover up "tx" delay. */
- u64 abs_bcn_ts;
-
- /* Stats */
- u64 tx_pkts;
- u64 rx_pkts;
- u64 tx_bytes;
- u64 rx_bytes;
- u64 tx_dropped;
- u64 tx_failed;
-
- /* RSSI in rx status of the receiver */
- int rx_rssi;
-
- /* only used when pmsr capability is supplied */
- struct cfg80211_pmsr_capabilities pmsr_capa;
- struct cfg80211_pmsr_request *pmsr_request;
- struct wireless_dev *pmsr_request_wdev;
-
- struct mac80211_hwsim_link_data link_data[IEEE80211_MLD_MAX_NUM_LINKS];
-
- struct mac80211_hwsim_nan_data nan;
-};
-
static const struct rhashtable_params hwsim_rht_params = {
.nelem_hint = 2,
.automatic_shrinking = true,
@@ -1327,8 +1222,8 @@ static __le64 __mac80211_hwsim_get_tsf(struct mac80211_hwsim_data *data)
return cpu_to_le64(now + data->tsf_offset);
}
-static u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif)
+u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif)
{
struct mac80211_hwsim_data *data = hw->priv;
return le64_to_cpu(__mac80211_hwsim_get_tsf(data));
@@ -4130,168 +4025,6 @@ static int hwsim_pmsr_report_nl(struct sk_buff *msg, struct genl_info *info)
return err;
}
-static enum hrtimer_restart
-mac80211_hwsim_nan_dw_start(struct hrtimer *timer)
-{
- struct mac80211_hwsim_data *data =
- container_of(timer, struct mac80211_hwsim_data,
- nan.timer);
- struct ieee80211_hw *hw = data->hw;
- u64 orig_tsf = mac80211_hwsim_get_tsf(hw, NULL), tsf = orig_tsf;
- u32 dw_int = 512 * 1024;
- u64 until_dw;
-
- if (!data->nan.device_vif)
- return HRTIMER_NORESTART;
-
- if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
- if (data->nan.curr_dw_band == NL80211_BAND_2GHZ) {
- dw_int = 128 * 1024;
- data->nan.curr_dw_band = NL80211_BAND_5GHZ;
- } else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ) {
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
- }
- }
-
- until_dw = dw_int - do_div(tsf, dw_int);
-
- /* The timer might fire just before the actual DW, in which case
- * update the timeout to the actual next DW
- */
- if (until_dw < dw_int / 2)
- until_dw += dw_int;
-
- /* The above do_div() call directly modifies the 'tsf' variable, thus,
- * use a copy so that the print below would show the original TSF.
- */
- wiphy_debug(hw->wiphy,
- "%s: tsf=%llx, curr_dw_band=%u, next_dw=%llu\n",
- __func__, orig_tsf, data->nan.curr_dw_band,
- until_dw);
-
- hrtimer_forward_now(&data->nan.timer,
- ns_to_ktime(until_dw * NSEC_PER_USEC));
-
- if (data->nan.notify_dw) {
- struct ieee80211_channel *ch;
- struct wireless_dev *wdev =
- ieee80211_vif_to_wdev(data->nan.device_vif);
-
- if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
- ch = ieee80211_get_channel(hw->wiphy, 5745);
- else
- ch = ieee80211_get_channel(hw->wiphy, 2437);
-
- cfg80211_next_nan_dw_notif(wdev, ch, GFP_ATOMIC);
- }
-
- return HRTIMER_RESTART;
-}
-
-static int mac80211_hwsim_start_nan(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif,
- struct cfg80211_nan_conf *conf)
-{
- struct mac80211_hwsim_data *data = hw->priv;
- u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);
- u32 dw_int = 512 * 1000;
- u64 until_dw = dw_int - do_div(tsf, dw_int);
- struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
-
- if (vif->type != NL80211_IFTYPE_NAN)
- return -EINVAL;
-
- if (data->nan.device_vif)
- return -EALREADY;
-
- /* set this before starting the timer, as preemption might occur */
- data->nan.device_vif = vif;
- data->nan.bands = conf->bands;
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
-
- wiphy_debug(hw->wiphy, "nan_started, next_dw=%llu\n",
- until_dw);
-
- hrtimer_start(&data->nan.timer,
- ns_to_ktime(until_dw * NSEC_PER_USEC),
- HRTIMER_MODE_REL_SOFT);
-
- if (!is_zero_ether_addr(conf->cluster_id) &&
- is_zero_ether_addr(hwsim_nan_cluster_id)) {
- memcpy(hwsim_nan_cluster_id, conf->cluster_id, ETH_ALEN);
- } else if (is_zero_ether_addr(hwsim_nan_cluster_id)) {
- hwsim_nan_cluster_id[0] = 0x50;
- hwsim_nan_cluster_id[1] = 0x6f;
- hwsim_nan_cluster_id[2] = 0x9a;
- hwsim_nan_cluster_id[3] = 0x01;
- hwsim_nan_cluster_id[4] = get_random_u8();
- hwsim_nan_cluster_id[5] = get_random_u8();
- }
-
- data->nan.notify_dw = conf->enable_dw_notification;
-
- cfg80211_nan_cluster_joined(wdev, hwsim_nan_cluster_id, true,
- GFP_KERNEL);
-
- return 0;
-}
-
-static int mac80211_hwsim_stop_nan(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif)
-{
- struct mac80211_hwsim_data *data = hw->priv;
- struct mac80211_hwsim_data *data2;
- bool nan_cluster_running = false;
-
- if (vif->type != NL80211_IFTYPE_NAN || !data->nan.device_vif ||
- data->nan.device_vif != vif)
- return -EINVAL;
-
- hrtimer_cancel(&data->nan.timer);
- data->nan.device_vif = NULL;
-
- spin_lock_bh(&hwsim_radio_lock);
- list_for_each_entry(data2, &hwsim_radios, list) {
- if (data2->nan.device_vif) {
- nan_cluster_running = true;
- break;
- }
- }
- spin_unlock_bh(&hwsim_radio_lock);
-
- if (!nan_cluster_running)
- memset(hwsim_nan_cluster_id, 0, ETH_ALEN);
-
- return 0;
-}
-
-static int mac80211_hwsim_change_nan_config(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif,
- struct cfg80211_nan_conf *conf,
- u32 changes)
-{
- struct mac80211_hwsim_data *data = hw->priv;
-
- if (vif->type != NL80211_IFTYPE_NAN)
- return -EINVAL;
-
- if (!data->nan.device_vif)
- return -EINVAL;
-
- wiphy_debug(hw->wiphy, "nan_config_changed: changes=0x%x\n", changes);
-
- /* Handle only the changes we care about for simulation purposes */
- if (changes & CFG80211_NAN_CONF_CHANGED_BANDS) {
- data->nan.bands = conf->bands;
- data->nan.curr_dw_band = NL80211_BAND_2GHZ;
- }
-
- if (changes & CFG80211_NAN_CONF_CHANGED_CONFIG)
- data->nan.notify_dw = conf->enable_dw_notification;
-
- return 0;
-}
-
static int mac80211_hwsim_set_radar_background(struct ieee80211_hw *hw,
struct cfg80211_chan_def *chan)
{
@@ -4342,11 +4075,11 @@ static int mac80211_hwsim_set_radar_background(struct ieee80211_hw *hw,
.get_et_strings = mac80211_hwsim_get_et_strings, \
.start_pmsr = mac80211_hwsim_start_pmsr, \
.abort_pmsr = mac80211_hwsim_abort_pmsr, \
- .start_nan = mac80211_hwsim_start_nan, \
- .stop_nan = mac80211_hwsim_stop_nan, \
- .nan_change_conf = mac80211_hwsim_change_nan_config, \
.set_radar_background = mac80211_hwsim_set_radar_background, \
.set_key = mac80211_hwsim_set_key, \
+ .start_nan = mac80211_hwsim_nan_start, \
+ .stop_nan = mac80211_hwsim_nan_stop, \
+ .nan_change_conf = mac80211_hwsim_nan_change_config, \
HWSIM_DEBUGFS_OPS
#define HWSIM_NON_MLO_OPS \
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_nan.c b/drivers/net/wireless/virtual/mac80211_hwsim_nan.c
new file mode 100644
index 000000000000..5d7c736d7972
--- /dev/null
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_nan.c
@@ -0,0 +1,171 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * mac80211_hwsim_nan - NAN software simulation for mac80211_hwsim
+ * Copyright (C) 2025 Intel Corporation
+ */
+
+#include "mac80211_hwsim_i.h"
+
+static u8 hwsim_nan_cluster_id[ETH_ALEN];
+
+enum hrtimer_restart
+mac80211_hwsim_nan_dw_start(struct hrtimer *timer)
+{
+ struct mac80211_hwsim_data *data =
+ container_of(timer, struct mac80211_hwsim_data,
+ nan.timer);
+ struct ieee80211_hw *hw = data->hw;
+ u64 orig_tsf = mac80211_hwsim_get_tsf(hw, NULL), tsf = orig_tsf;
+ u32 dw_int = 512 * 1024;
+ u64 until_dw;
+
+ if (!data->nan.device_vif)
+ return HRTIMER_NORESTART;
+
+ if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
+ if (data->nan.curr_dw_band == NL80211_BAND_2GHZ) {
+ dw_int = 128 * 1024;
+ data->nan.curr_dw_band = NL80211_BAND_5GHZ;
+ } else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ) {
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
+ }
+ }
+
+ until_dw = dw_int - do_div(tsf, dw_int);
+
+ /* The timer might fire just before the actual DW, in which case
+ * update the timeout to the actual next DW
+ */
+ if (until_dw < dw_int / 2)
+ until_dw += dw_int;
+
+ /* The above do_div() call directly modifies the 'tsf' variable, thus,
+ * use a copy so that the print below would show the original TSF.
+ */
+ wiphy_debug(hw->wiphy,
+ "%s: tsf=%llx, curr_dw_band=%u, next_dw=%llu\n",
+ __func__, orig_tsf, data->nan.curr_dw_band,
+ until_dw);
+
+ hrtimer_forward_now(&data->nan.timer,
+ ns_to_ktime(until_dw * NSEC_PER_USEC));
+
+ if (data->nan.notify_dw) {
+ struct ieee80211_channel *ch;
+ struct wireless_dev *wdev =
+ ieee80211_vif_to_wdev(data->nan.device_vif);
+
+ if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
+ ch = ieee80211_get_channel(hw->wiphy, 5745);
+ else
+ ch = ieee80211_get_channel(hw->wiphy, 2437);
+
+ cfg80211_next_nan_dw_notif(wdev, ch, GFP_ATOMIC);
+ }
+
+ return HRTIMER_RESTART;
+}
+
+int mac80211_hwsim_nan_start(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct cfg80211_nan_conf *conf)
+{
+ struct mac80211_hwsim_data *data = hw->priv;
+ u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);
+ u32 dw_int = 512 * 1000;
+ u64 until_dw = dw_int - do_div(tsf, dw_int);
+ struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
+
+ if (vif->type != NL80211_IFTYPE_NAN)
+ return -EINVAL;
+
+ if (data->nan.device_vif)
+ return -EALREADY;
+
+ /* set this before starting the timer, as preemption might occur */
+ data->nan.device_vif = vif;
+ data->nan.bands = conf->bands;
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
+
+ wiphy_debug(hw->wiphy, "nan_started, next_dw=%llu\n",
+ until_dw);
+
+ hrtimer_start(&data->nan.timer,
+ ns_to_ktime(until_dw * NSEC_PER_USEC),
+ HRTIMER_MODE_REL_SOFT);
+
+ if (conf->cluster_id && !is_zero_ether_addr(conf->cluster_id) &&
+ is_zero_ether_addr(hwsim_nan_cluster_id)) {
+ memcpy(hwsim_nan_cluster_id, conf->cluster_id, ETH_ALEN);
+ } else if (is_zero_ether_addr(hwsim_nan_cluster_id)) {
+ hwsim_nan_cluster_id[0] = 0x50;
+ hwsim_nan_cluster_id[1] = 0x6f;
+ hwsim_nan_cluster_id[2] = 0x9a;
+ hwsim_nan_cluster_id[3] = 0x01;
+ hwsim_nan_cluster_id[4] = get_random_u8();
+ hwsim_nan_cluster_id[5] = get_random_u8();
+ }
+
+ data->nan.notify_dw = conf->enable_dw_notification;
+
+ cfg80211_nan_cluster_joined(wdev, hwsim_nan_cluster_id, true,
+ GFP_KERNEL);
+
+ return 0;
+}
+
+int mac80211_hwsim_nan_stop(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif)
+{
+ struct mac80211_hwsim_data *data = hw->priv;
+ struct mac80211_hwsim_data *data2;
+ bool nan_cluster_running = false;
+
+ if (vif->type != NL80211_IFTYPE_NAN || !data->nan.device_vif ||
+ data->nan.device_vif != vif)
+ return -EINVAL;
+
+ hrtimer_cancel(&data->nan.timer);
+ data->nan.device_vif = NULL;
+
+ spin_lock_bh(&hwsim_radio_lock);
+ list_for_each_entry(data2, &hwsim_radios, list) {
+ if (data2->nan.device_vif) {
+ nan_cluster_running = true;
+ break;
+ }
+ }
+ spin_unlock_bh(&hwsim_radio_lock);
+
+ if (!nan_cluster_running)
+ memset(hwsim_nan_cluster_id, 0, ETH_ALEN);
+
+ return 0;
+}
+
+int mac80211_hwsim_nan_change_config(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct cfg80211_nan_conf *conf,
+ u32 changes)
+{
+ struct mac80211_hwsim_data *data = hw->priv;
+
+ if (vif->type != NL80211_IFTYPE_NAN)
+ return -EINVAL;
+
+ if (!data->nan.device_vif)
+ return -EINVAL;
+
+ wiphy_debug(hw->wiphy, "nan_config_changed: changes=0x%x\n", changes);
+
+ /* Handle only the changes we care about for simulation purposes */
+ if (changes & CFG80211_NAN_CONF_CHANGED_BANDS) {
+ data->nan.bands = conf->bands;
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
+ }
+
+ if (changes & CFG80211_NAN_CONF_CHANGED_CONFIG)
+ data->nan.notify_dw = conf->enable_dw_notification;
+
+ return 0;
+}
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_nan.h b/drivers/net/wireless/virtual/mac80211_hwsim_nan.h
new file mode 100644
index 000000000000..eac64ac37589
--- /dev/null
+++ b/drivers/net/wireless/virtual/mac80211_hwsim_nan.h
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * mac80211_hwsim_nan - NAN software simulation for mac80211_hwsim
+ * Copyright (C) 2025 Intel Corporation
+ */
+
+#ifndef __MAC80211_HWSIM_NAN_H
+#define __MAC80211_HWSIM_NAN_H
+
+struct mac80211_hwsim_nan_data {
+ struct ieee80211_vif *device_vif;
+ u8 bands;
+
+ enum nl80211_band curr_dw_band;
+ struct hrtimer timer;
+ bool notify_dw;
+};
+
+enum hrtimer_restart
+mac80211_hwsim_nan_dw_start(struct hrtimer *timer);
+
+int mac80211_hwsim_nan_start(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct cfg80211_nan_conf *conf);
+
+int mac80211_hwsim_nan_stop(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif);
+
+int mac80211_hwsim_nan_change_config(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct cfg80211_nan_conf *conf,
+ u32 changes);
+
+#endif /* __MAC80211_HWSIM_NAN_H */
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 09/15] wifi: mac80211_hwsim: move NAN related variables into a struct
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
Move it all into a common struct to better segment the code.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
drivers/net/wireless/virtual/mac80211_hwsim.c | 76 ++++++++++---------
1 file changed, 40 insertions(+), 36 deletions(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim.c
index 7ab0765cb482..d5b9170f690c 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim.c
@@ -663,6 +663,15 @@ struct mac80211_hwsim_link_data {
struct hrtimer beacon_timer;
};
+struct mac80211_hwsim_nan_data {
+ struct ieee80211_vif *device_vif;
+ u8 bands;
+
+ enum nl80211_band curr_dw_band;
+ struct hrtimer timer;
+ bool notify_dw;
+};
+
struct mac80211_hwsim_data {
struct list_head list;
struct rhash_head rht;
@@ -759,12 +768,7 @@ struct mac80211_hwsim_data {
struct mac80211_hwsim_link_data link_data[IEEE80211_MLD_MAX_NUM_LINKS];
- struct ieee80211_vif *nan_device_vif;
- u8 nan_bands;
-
- enum nl80211_band nan_curr_dw_band;
- struct hrtimer nan_timer;
- bool notify_dw;
+ struct mac80211_hwsim_nan_data nan;
};
static const struct rhashtable_params hwsim_rht_params = {
@@ -2108,9 +2112,9 @@ static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
* on channel 6 or channel 149, unless a ROC is in progress (for
* USD use cases).
*/
- if (data->nan_curr_dw_band == NL80211_BAND_2GHZ)
+ if (data->nan.curr_dw_band == NL80211_BAND_2GHZ)
channel = ieee80211_get_channel(hw->wiphy, 2437);
- else if (data->nan_curr_dw_band == NL80211_BAND_5GHZ)
+ else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
channel = ieee80211_get_channel(hw->wiphy, 5745);
else
channel = NULL;
@@ -4131,21 +4135,21 @@ mac80211_hwsim_nan_dw_start(struct hrtimer *timer)
{
struct mac80211_hwsim_data *data =
container_of(timer, struct mac80211_hwsim_data,
- nan_timer);
+ nan.timer);
struct ieee80211_hw *hw = data->hw;
u64 orig_tsf = mac80211_hwsim_get_tsf(hw, NULL), tsf = orig_tsf;
u32 dw_int = 512 * 1024;
u64 until_dw;
- if (!data->nan_device_vif)
+ if (!data->nan.device_vif)
return HRTIMER_NORESTART;
- if (data->nan_bands & BIT(NL80211_BAND_5GHZ)) {
- if (data->nan_curr_dw_band == NL80211_BAND_2GHZ) {
+ if (data->nan.bands & BIT(NL80211_BAND_5GHZ)) {
+ if (data->nan.curr_dw_band == NL80211_BAND_2GHZ) {
dw_int = 128 * 1024;
- data->nan_curr_dw_band = NL80211_BAND_5GHZ;
- } else if (data->nan_curr_dw_band == NL80211_BAND_5GHZ) {
- data->nan_curr_dw_band = NL80211_BAND_2GHZ;
+ data->nan.curr_dw_band = NL80211_BAND_5GHZ;
+ } else if (data->nan.curr_dw_band == NL80211_BAND_5GHZ) {
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
}
}
@@ -4162,18 +4166,18 @@ mac80211_hwsim_nan_dw_start(struct hrtimer *timer)
*/
wiphy_debug(hw->wiphy,
"%s: tsf=%llx, curr_dw_band=%u, next_dw=%llu\n",
- __func__, orig_tsf, data->nan_curr_dw_band,
+ __func__, orig_tsf, data->nan.curr_dw_band,
until_dw);
- hrtimer_forward_now(&data->nan_timer,
+ hrtimer_forward_now(&data->nan.timer,
ns_to_ktime(until_dw * NSEC_PER_USEC));
- if (data->notify_dw) {
+ if (data->nan.notify_dw) {
struct ieee80211_channel *ch;
struct wireless_dev *wdev =
- ieee80211_vif_to_wdev(data->nan_device_vif);
+ ieee80211_vif_to_wdev(data->nan.device_vif);
- if (data->nan_curr_dw_band == NL80211_BAND_5GHZ)
+ if (data->nan.curr_dw_band == NL80211_BAND_5GHZ)
ch = ieee80211_get_channel(hw->wiphy, 5745);
else
ch = ieee80211_get_channel(hw->wiphy, 2437);
@@ -4197,18 +4201,18 @@ static int mac80211_hwsim_start_nan(struct ieee80211_hw *hw,
if (vif->type != NL80211_IFTYPE_NAN)
return -EINVAL;
- if (data->nan_device_vif)
+ if (data->nan.device_vif)
return -EALREADY;
/* set this before starting the timer, as preemption might occur */
- data->nan_device_vif = vif;
- data->nan_bands = conf->bands;
- data->nan_curr_dw_band = NL80211_BAND_2GHZ;
+ data->nan.device_vif = vif;
+ data->nan.bands = conf->bands;
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
wiphy_debug(hw->wiphy, "nan_started, next_dw=%llu\n",
until_dw);
- hrtimer_start(&data->nan_timer,
+ hrtimer_start(&data->nan.timer,
ns_to_ktime(until_dw * NSEC_PER_USEC),
HRTIMER_MODE_REL_SOFT);
@@ -4224,7 +4228,7 @@ static int mac80211_hwsim_start_nan(struct ieee80211_hw *hw,
hwsim_nan_cluster_id[5] = get_random_u8();
}
- data->notify_dw = conf->enable_dw_notification;
+ data->nan.notify_dw = conf->enable_dw_notification;
cfg80211_nan_cluster_joined(wdev, hwsim_nan_cluster_id, true,
GFP_KERNEL);
@@ -4239,16 +4243,16 @@ static int mac80211_hwsim_stop_nan(struct ieee80211_hw *hw,
struct mac80211_hwsim_data *data2;
bool nan_cluster_running = false;
- if (vif->type != NL80211_IFTYPE_NAN || !data->nan_device_vif ||
- data->nan_device_vif != vif)
+ if (vif->type != NL80211_IFTYPE_NAN || !data->nan.device_vif ||
+ data->nan.device_vif != vif)
return -EINVAL;
- hrtimer_cancel(&data->nan_timer);
- data->nan_device_vif = NULL;
+ hrtimer_cancel(&data->nan.timer);
+ data->nan.device_vif = NULL;
spin_lock_bh(&hwsim_radio_lock);
list_for_each_entry(data2, &hwsim_radios, list) {
- if (data2->nan_device_vif) {
+ if (data2->nan.device_vif) {
nan_cluster_running = true;
break;
}
@@ -4271,19 +4275,19 @@ static int mac80211_hwsim_change_nan_config(struct ieee80211_hw *hw,
if (vif->type != NL80211_IFTYPE_NAN)
return -EINVAL;
- if (!data->nan_device_vif)
+ if (!data->nan.device_vif)
return -EINVAL;
wiphy_debug(hw->wiphy, "nan_config_changed: changes=0x%x\n", changes);
/* Handle only the changes we care about for simulation purposes */
if (changes & CFG80211_NAN_CONF_CHANGED_BANDS) {
- data->nan_bands = conf->bands;
- data->nan_curr_dw_band = NL80211_BAND_2GHZ;
+ data->nan.bands = conf->bands;
+ data->nan.curr_dw_band = NL80211_BAND_2GHZ;
}
if (changes & CFG80211_NAN_CONF_CHANGED_CONFIG)
- data->notify_dw = conf->enable_dw_notification;
+ data->nan.notify_dw = conf->enable_dw_notification;
return 0;
}
@@ -5716,7 +5720,7 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
NAN_DEV_CAPA_EXT_KEY_ID_SUPPORTED |
NAN_DEV_CAPA_NDPE_SUPPORTED;
- hrtimer_setup(&data->nan_timer, mac80211_hwsim_nan_dw_start,
+ hrtimer_setup(&data->nan.timer, mac80211_hwsim_nan_dw_start,
CLOCK_MONOTONIC, HRTIMER_MODE_ABS_SOFT);
}
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 08/15] wifi: mac80211_hwsim: remove unused nan_vif struct member
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Benjamin Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Benjamin Berg <benjamin.berg@intel.com>
The struct also contains nan_device_vif and that is the member that is
being used.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
drivers/net/wireless/virtual/mac80211_hwsim.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim.c
index 1fcf5d0d2e13..7ab0765cb482 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim.c
@@ -765,7 +765,6 @@ struct mac80211_hwsim_data {
enum nl80211_band nan_curr_dw_band;
struct hrtimer nan_timer;
bool notify_dw;
- struct ieee80211_vif *nan_vif;
};
static const struct rhashtable_params hwsim_rht_params = {
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 07/15] wifi: mac80211: add NAN channel evacuation support
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
A NAN channel can be evacuated, i.e. detached from its chanctx, if all
chanctxs are used by NAN and a chanctx is needed for something else.
For example if the STA interface needs to perform a channel switch.
Implement the evacuation: detach the NAN channel from its chanctx, remove
all the peer NAN channels that were using this chanctx, and update the
driver.
Internally, the NAN channel evacuation will be triggered in the scenario
described above, and API is provided for the driver to also trigger it.
The driver/device is assumed to publish a ULW to notify the peers about
the fact that we won't be present on this NAN channel anymore.
Also export this as an API for the drivers: if a driver has other
resources per channel, it might want to trigger channel evacuation in
order to free up such internal resources for other usages.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
include/net/mac80211.h | 15 +++++
net/mac80211/chan.c | 28 ++++++---
net/mac80211/nan.c | 126 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 162 insertions(+), 7 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 091c1922b3e5..da931a08a6a5 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -7903,6 +7903,21 @@ void ieee80211_nan_cluster_joined(struct ieee80211_vif *vif,
const u8 *cluster_id, bool new_cluster,
gfp_t gfp);
+/**
+ * ieee80211_nan_try_evacuate - try to evacuate a NAN channel
+ *
+ * This function tries to evacuate a NAN channel that is using the given
+ * channel context, to free up channel context resources.
+ *
+ * @hw: pointer as obtained from ieee80211_alloc_hw()
+ * @conf: the channel context configuration to try to evacuate. If %NULL,
+ * the NAN channel that has the fewest slots scheduled will be evacuated.
+ *
+ * Return: %true if a channel was evacuated, %false otherwise
+ */
+bool ieee80211_nan_try_evacuate(struct ieee80211_hw *hw,
+ struct ieee80211_chanctx_conf *conf);
+
/**
* ieee80211_calc_rx_airtime - calculate estimated transmission airtime for RX.
*
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index fda692316f08..e4e2e735123f 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -1875,16 +1875,21 @@ static int ieee80211_vif_use_reserved_switch(struct ieee80211_local *local)
}
if (n_assigned != n_reserved) {
- if (n_ready == n_reserved) {
- wiphy_info(local->hw.wiphy,
- "channel context reservation cannot be finalized because some interfaces aren't switching\n");
- err = -EBUSY;
- goto err;
- }
+ if (n_ready != n_reserved)
+ return -EAGAIN;
- return -EAGAIN;
+ if (n_assigned == n_reserved + 1 &&
+ ieee80211_nan_try_evacuate(&local->hw,
+ &ctx->replace_ctx->conf))
+ goto use_reserved;
+
+ wiphy_info(local->hw.wiphy,
+ "channel context reservation cannot be finalized because some interfaces aren't switching\n");
+ err = -EBUSY;
+ goto err;
}
+use_reserved:
ctx->conf.radar_enabled = false;
for_each_chanctx_user_reserved(local, ctx, &iter) {
if (ieee80211_link_has_in_place_reservation(iter.link) &&
@@ -2192,6 +2197,15 @@ int _ieee80211_link_use_channel(struct ieee80211_link_data *link,
ctx = ieee80211_find_or_create_chanctx(sdata, chanreq, mode,
assign_on_failure, &reused_ctx);
+ if (IS_ERR(ctx)) {
+ /* Try to evacuate a NAN channel to free up a chanctx */
+ if (ieee80211_nan_try_evacuate(&local->hw, NULL))
+ ctx = ieee80211_find_or_create_chanctx(sdata, chanreq,
+ mode,
+ assign_on_failure,
+ &reused_ctx);
+ }
+
if (IS_ERR(ctx)) {
ret = PTR_ERR(ctx);
goto out;
diff --git a/net/mac80211/nan.c b/net/mac80211/nan.c
index 4e262b624521..cea620aaee6a 100644
--- a/net/mac80211/nan.c
+++ b/net/mac80211/nan.c
@@ -334,7 +334,10 @@ int ieee80211_nan_set_local_sched(struct ieee80211_sub_if_data *sdata,
sched_idx_to_chan[i] = chan;
ieee80211_nan_init_channel(chan,
&sched->nan_channels[i]);
+ }
+ /* Also a pre-existing channel might have been ULWed, so no chanctx */
+ if (!chan->chanctx_conf) {
ret = ieee80211_nan_use_chanctx(sdata, chan, false);
if (ret) {
memset(chan, 0, sizeof(*chan));
@@ -708,3 +711,126 @@ int ieee80211_nan_set_peer_sched(struct ieee80211_sub_if_data *sdata,
ieee80211_nan_free_peer_sched(to_free);
return ret;
}
+
+static void
+ieee80211_nan_evacuate_channel(struct ieee80211_sub_if_data *sdata,
+ struct ieee80211_nan_channel *nan_channel)
+{
+ struct ieee80211_chanctx_conf *conf;
+ struct ieee80211_chanctx *ctx;
+
+ lockdep_assert_wiphy(sdata->local->hw.wiphy);
+
+ if (WARN_ON(!nan_channel || !nan_channel->chanreq.oper.chan))
+ return;
+
+ conf = nan_channel->chanctx_conf;
+ if (WARN_ON(!conf))
+ return;
+
+ nan_channel->chanctx_conf = NULL;
+
+ /* Update all peer channels that reference this chanctx */
+ ieee80211_nan_update_peer_channels(sdata, conf);
+
+ drv_vif_cfg_changed(sdata->local, sdata, BSS_CHANGED_NAN_LOCAL_SCHED);
+
+ cfg80211_nan_channel_evac(&sdata->wdev, &nan_channel->chanreq.oper,
+ GFP_KERNEL);
+
+ /* Update NDI carrier states */
+ ieee80211_nan_update_all_ndi_carriers(sdata->local);
+
+ /* Clean up the channel context if no longer used */
+ ctx = container_of(conf, struct ieee80211_chanctx, conf);
+
+ if (ieee80211_chanctx_num_assigned(sdata->local, ctx) > 0) {
+ ieee80211_recalc_chanctx_chantype(sdata->local, ctx);
+ ieee80211_recalc_smps_chanctx(sdata->local, ctx);
+ ieee80211_recalc_chanctx_min_def(sdata->local, ctx);
+ }
+
+ if (ieee80211_chanctx_refcount(sdata->local, ctx) == 0)
+ ieee80211_free_chanctx(sdata->local, ctx, false);
+}
+
+bool ieee80211_nan_try_evacuate(struct ieee80211_hw *hw,
+ struct ieee80211_chanctx_conf *conf)
+{
+ struct ieee80211_sub_if_data *sdata = NULL, *tmp;
+ struct ieee80211_local *local = hw_to_local(hw);
+ struct ieee80211_nan_channel *evac_chan = NULL;
+ struct ieee80211_nan_sched_cfg *sched_cfg;
+ struct ieee80211_chanctx *ctx = NULL;
+ int min_slot_count = INT_MAX;
+ int usable_channels = 0;
+
+ lockdep_assert_wiphy(local->hw.wiphy);
+
+ if (conf)
+ ctx = container_of(conf, struct ieee80211_chanctx, conf);
+
+ /* Find the NAN interface - there can only be one */
+ list_for_each_entry(tmp, &local->interfaces, list) {
+ if (ieee80211_sdata_running(tmp) &&
+ tmp->vif.type == NL80211_IFTYPE_NAN) {
+ sdata = tmp;
+ break;
+ }
+ }
+
+ if (!sdata)
+ return false;
+
+ sched_cfg = &sdata->vif.cfg.nan_sched;
+
+ /* Find the channel to evacuate and count usable channels */
+ for (int i = 0; i < IEEE80211_NAN_MAX_CHANNELS; i++) {
+ struct ieee80211_nan_channel *chan =
+ &sched_cfg->channels[i];
+ struct ieee80211_chanctx *chan_ctx;
+ int slot_count = 0;
+
+ if (!chan->chanreq.oper.chan || !chan->chanctx_conf)
+ continue;
+
+ usable_channels++;
+
+ chan_ctx = container_of(chan->chanctx_conf,
+ struct ieee80211_chanctx, conf);
+
+ /* If ctx specified, only consider that specific chanctx */
+ if (ctx) {
+ if (chan_ctx == ctx)
+ evac_chan = chan;
+ continue;
+ }
+
+ /* Can only evacuate channels whose chanctx is NAN-only */
+ if (ieee80211_chanctx_refcount(local, chan_ctx) > 1)
+ continue;
+
+ /* Count how many time slots use this channel */
+ for (int s = 0; s < CFG80211_NAN_SCHED_NUM_TIME_SLOTS; s++)
+ if (sched_cfg->schedule[s] == chan)
+ slot_count++;
+
+ if (slot_count < min_slot_count) {
+ min_slot_count = slot_count;
+ evac_chan = chan;
+ }
+ }
+
+ /* No suitable NAN channel found */
+ if (!evac_chan)
+ return false;
+
+ /* NAN needs at least one remaining usable channel after evacuation */
+ if (usable_channels < 2)
+ return false;
+
+ ieee80211_nan_evacuate_channel(sdata, evac_chan);
+
+ return true;
+}
+EXPORT_SYMBOL(ieee80211_nan_try_evacuate);
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 06/15] wifi: mac80211: avoid out-of-bounds access in monitor
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Ilan Peer, Johannes Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
In NAN, we don't know on what band the frame will be sent. Therefore we
set info->band to NUM_NL80211_BANDS. However, this leads to out-of-bound
access in ieee80211_add_tx_radiotap_header when we try to access the
sbands array.
Fix it by not accessing the array if the band is NUM_NL80211_BANDS.
This means that we will not report rate info for legacy rate in NAN.
But nobody really cares about it.
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
net/mac80211/status.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 4b38aa0e902a..8716eda8317d 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -5,7 +5,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2008-2010 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright 2021-2025 Intel Corporation
+ * Copyright 2021-2026 Intel Corporation
*/
#include <linux/export.h>
@@ -295,9 +295,10 @@ ieee80211_add_tx_radiotap_header(struct ieee80211_local *local,
RATE_INFO_FLAGS_VHT_MCS |
RATE_INFO_FLAGS_HE_MCS)))
legacy_rate = status_rate->rate_idx.legacy;
- } else if (info->status.rates[0].idx >= 0 &&
- !(info->status.rates[0].flags & (IEEE80211_TX_RC_MCS |
- IEEE80211_TX_RC_VHT_MCS))) {
+ } else if (info->band < NUM_NL80211_BANDS &&
+ info->status.rates[0].idx >= 0 &&
+ !(info->status.rates[0].flags & (IEEE80211_TX_RC_MCS |
+ IEEE80211_TX_RC_VHT_MCS))) {
struct ieee80211_supported_band *sband;
sband = local->hw.wiphy->bands[info->band];
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 05/15] wifi: mac80211: Fix a kernel panic in ieee80211_encrypt_tx_skb()
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Andrei Otcheretianski
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
skb->dev may be NULL for frames on non-netdev devices. For example, NAN
device frames after pairing. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
net/mac80211/tx.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 6ff36bd658e6..230826960721 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5355,7 +5355,7 @@ static int ieee80211_beacon_protect(struct sk_buff *skb,
int ieee80211_encrypt_tx_skb(struct sk_buff *skb)
{
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_sub_if_data *sdata;
+ struct ieee80211_sub_if_data *sdata = NULL;
struct sk_buff *check_skb;
struct ieee80211_tx_data tx;
ieee80211_tx_result res;
@@ -5370,7 +5370,14 @@ int ieee80211_encrypt_tx_skb(struct sk_buff *skb)
__skb_queue_head_init(&tx.skbs);
__skb_queue_tail(&tx.skbs, skb);
- sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
+ if (skb->dev)
+ sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
+ else if (info->control.vif)
+ sdata = vif_to_sdata(info->control.vif);
+
+ if (WARN_ON(!sdata))
+ return -EINVAL;
+
tx.sdata = sdata;
tx.local = sdata->local;
res = ieee80211_tx_h_encrypt(&tx);
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 04/15] wifi: mac80211: Allow setting MAC address on interface creation
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Ilan Peer, Johannes Berg
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Ilan Peer <ilan.peer@intel.com>
Allow setting the interface MAC address for NAN Device interfaces
and P2P Device interfaces on interface creation.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
net/mac80211/iface.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 95b779c4d627..683d8db4da14 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -2280,7 +2280,12 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
sdata->dev = NULL;
strscpy(sdata->name, name, IFNAMSIZ);
- ieee80211_assign_perm_addr(local, wdev->address, type);
+
+ if (is_valid_ether_addr(params->macaddr))
+ memcpy(wdev->address, params->macaddr, ETH_ALEN);
+ else
+ ieee80211_assign_perm_addr(local, wdev->address, type);
+
memcpy(sdata->vif.addr, wdev->address, ETH_ALEN);
ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 03/15] wifi: mac80211: accept protected frames for NAN device
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Avraham Stern
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Avraham Stern <avraham.stern@intel.com>
Some frames sent to the NAN device may be protected, such as
protected action frames (in particular protected dual of
public action).
Accept robust management frames except disassoc on the NAN
device, and clean up the code a little bit.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
net/mac80211/rx.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 82ea7404f3da..e1f376e0620c 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4624,16 +4624,24 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
ieee80211_has_fromds(hdr->frame_control))
return false;
- /* Accept only frames that are addressed to the NAN cluster
+ /*
+ * Accept only frames that are addressed to the NAN cluster
* (based on the Cluster ID). From these frames, accept only
- * action frames or authentication frames that are addressed to
- * the local NAN interface.
+ * - public action frames,
+ * - authentication frames to the local address, and
+ * - robust management frames except disassoc.
*/
- return memcmp(sdata->u.nan.conf.cluster_id,
- hdr->addr3, ETH_ALEN) == 0 &&
- (ieee80211_is_public_action(hdr, skb->len) ||
- (ieee80211_is_auth(hdr->frame_control) &&
- ether_addr_equal(sdata->vif.addr, hdr->addr1)));
+ if (!ether_addr_equal(sdata->u.nan.conf.cluster_id, hdr->addr3))
+ return false;
+ if (ieee80211_is_public_action(hdr, skb->len))
+ return true;
+ if (ieee80211_is_auth(hdr->frame_control) &&
+ ether_addr_equal(sdata->vif.addr, hdr->addr1))
+ return true;
+ if (!ieee80211_is_disassoc(hdr->frame_control) &&
+ ieee80211_is_robust_mgmt_frame(skb))
+ return true;
+ return false;
case NL80211_IFTYPE_NAN_DATA:
if (ieee80211_has_tods(hdr->frame_control) ||
ieee80211_has_fromds(hdr->frame_control))
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 02/15] wifi: mac80211: allow userspace TX/RX over NAN Data interfaces
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless; +Cc: Ilan Peer
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
From: Ilan Peer <ilan.peer@intel.com>
Allow TX/RX of action frames (for NAN action frames) over
NAN Data interfaces to support cases where there's a secure
NDP and NAFs may be exchanged over that.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
net/mac80211/main.c | 4 ++++
net/mac80211/offchannel.c | 9 +++++++--
net/mac80211/tx.c | 5 +++--
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index f47dd58770ad..8400792d67e2 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -750,6 +750,10 @@ ieee80211_default_mgmt_stypes[NUM_NL80211_IFTYPES] = {
.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
BIT(IEEE80211_STYPE_AUTH >> 4),
},
+ [NL80211_IFTYPE_NAN_DATA] = {
+ .tx = 0xffff,
+ .rx = BIT(IEEE80211_STYPE_ACTION >> 4),
+ },
};
static const struct ieee80211_ht_cap mac80211_ht_capa_mod_mask = {
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index f60f6a58948b..10c962d28037 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -8,7 +8,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
- * Copyright (C) 2019, 2022-2025 Intel Corporation
+ * Copyright (C) 2019, 2022-2026 Intel Corporation
*/
#include <linux/export.h>
#include <net/mac80211.h>
@@ -898,6 +898,10 @@ int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
break;
case NL80211_IFTYPE_NAN:
break;
+ case NL80211_IFTYPE_NAN_DATA:
+ if (is_multicast_ether_addr(mgmt->da))
+ return -EOPNOTSUPP;
+ break;
default:
return -EOPNOTSUPP;
}
@@ -911,7 +915,8 @@ int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
/* Check if the operating channel is the requested channel */
if (!params->chan && mlo_sta) {
need_offchan = false;
- } else if (sdata->vif.type == NL80211_IFTYPE_NAN) {
+ } else if (sdata->vif.type == NL80211_IFTYPE_NAN ||
+ sdata->vif.type == NL80211_IFTYPE_NAN_DATA) {
/* Frames can be sent during NAN schedule */
} else if (!need_offchan) {
struct ieee80211_chanctx_conf *chanctx_conf = NULL;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index af5421dbb4c0..6ff36bd658e6 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5,7 +5,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright (C) 2018-2025 Intel Corporation
+ * Copyright (C) 2018-2026 Intel Corporation
*
* Transmit and frame generation functions.
*/
@@ -6377,7 +6377,8 @@ void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
enum nl80211_band band;
rcu_read_lock();
- if (sdata->vif.type == NL80211_IFTYPE_NAN) {
+ if (sdata->vif.type == NL80211_IFTYPE_NAN ||
+ sdata->vif.type == NL80211_IFTYPE_NAN_DATA) {
band = NUM_NL80211_BANDS;
} else if (!ieee80211_vif_is_mld(&sdata->vif)) {
WARN_ON(link_id >= 0);
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 01/15] wifi: mac80211: track the id of the NAN cluster we joined
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless
In-Reply-To: <20260412121124.2246222-1-miriam.rachel.korenblit@intel.com>
Currently, we store in nan.conf the cluster id that was configured from
upper layer to be used when the device opens a cluster.
But after we joined a cluster, the configured cluster id is no longer
relevant. Particularly, in reconfig we will give the driver the
(possibly) wrong cluster id.
Add an API to be called by the driver when joined a cluster
in which the cluster id will be updated.
Use the locally stored cluster id instead of cfg80211's copy.
Ignore cluster id updates from cfg80211 if we already have one
configured.
Adjust the drivers that use the cfg80211 API
(cfg80211_nan_cluster_joined) directly, otherwise we break functionality
(i.e. accept frame check won't evaluate to true).
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
include/net/mac80211.h | 14 ++++++++++++++
net/mac80211/cfg.c | 19 +++++++++++++++++++
net/mac80211/rx.c | 4 ++--
net/mac80211/tx.c | 2 +-
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 40cb20d9309c..091c1922b3e5 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -7889,6 +7889,20 @@ void ieee80211_nan_func_match(struct ieee80211_vif *vif,
*/
void ieee80211_nan_sched_update_done(struct ieee80211_vif *vif);
+/**
+ * ieee80211_nan_cluster_joined - notify about NAN cluster join.
+ *
+ * This function is used to notify mac80211 about NAN cluster join.
+ *
+ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+ * @cluster_id: the cluster ID that was joined
+ * @new_cluster: true if this is a new cluster
+ * @gfp: allocation flags
+ */
+void ieee80211_nan_cluster_joined(struct ieee80211_vif *vif,
+ const u8 *cluster_id, bool new_cluster,
+ gfp_t gfp);
+
/**
* ieee80211_calc_rx_airtime - calculate estimated transmission airtime for RX.
*
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 7b77d57c9f96..c67a0bf62db4 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -5091,6 +5091,25 @@ void ieee80211_nan_func_match(struct ieee80211_vif *vif,
}
EXPORT_SYMBOL(ieee80211_nan_func_match);
+void ieee80211_nan_cluster_joined(struct ieee80211_vif *vif,
+ const u8 *cluster_id, bool new_cluster,
+ gfp_t gfp)
+{
+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
+
+ if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
+ return;
+
+ if (WARN_ON(!sdata->u.nan.started))
+ return;
+
+ ether_addr_copy(sdata->u.nan.conf.cluster_id, cluster_id);
+
+ cfg80211_nan_cluster_joined(ieee80211_vif_to_wdev(vif), cluster_id,
+ new_cluster, gfp);
+}
+EXPORT_SYMBOL(ieee80211_nan_cluster_joined);
+
static int ieee80211_set_multicast_to_unicast(struct wiphy *wiphy,
struct net_device *dev,
const bool enabled)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 3e5d1c47a5b0..82ea7404f3da 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4629,7 +4629,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
* action frames or authentication frames that are addressed to
* the local NAN interface.
*/
- return memcmp(sdata->wdev.u.nan.cluster_id,
+ return memcmp(sdata->u.nan.conf.cluster_id,
hdr->addr3, ETH_ALEN) == 0 &&
(ieee80211_is_public_action(hdr, skb->len) ||
(ieee80211_is_auth(hdr->frame_control) &&
@@ -4646,7 +4646,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
if (!nmi)
return false;
- if (!ether_addr_equal(nmi->wdev.u.nan.cluster_id,
+ if (!ether_addr_equal(nmi->u.nan.conf.cluster_id,
hdr->addr3))
return false;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index b487d2330f25..af5421dbb4c0 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2854,7 +2854,7 @@ static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
ret = -ENOTCONN;
goto free;
}
- memcpy(hdr.addr3, nmi->wdev.u.nan.cluster_id, ETH_ALEN);
+ memcpy(hdr.addr3, nmi->u.nan.conf.cluster_id, ETH_ALEN);
hdrlen = 24;
break;
}
--
2.34.1
^ permalink raw reply related
* [PATCH wireless-next 00/15] wifi: mac80211: more NAN patches
From: Miri Korenblit @ 2026-04-12 12:11 UTC (permalink / raw)
To: linux-wireless
Hi,
This series adds a few more NAN features to mac80211 and mainly hwsim
support.
Thanks,
Miri
---
Andrei Otcheretianski (1):
wifi: mac80211: Fix a kernel panic in ieee80211_encrypt_tx_skb()
Avraham Stern (1):
wifi: mac80211: accept protected frames for NAN device
Benjamin Berg (8):
wifi: mac80211_hwsim: remove unused nan_vif struct member
wifi: mac80211_hwsim: move NAN related variables into a struct
wifi: mac80211_hwsim: split NAN handling into separate file
wifi: mac80211_hwsim: rename and switch simulation time to boottime
wifi: mac80211_hwsim: move timestamp writing later in the datapath
wifi: mac80211_hwsim: register beacon timer by calculating TBTT
wifi: mac80211_hwsim: refactor NAN timer handling
wifi: mac80211_hwsim: switch to use TXQs
Ilan Peer (2):
wifi: mac80211: allow userspace TX/RX over NAN Data interfaces
wifi: mac80211: Allow setting MAC address on interface creation
Miri Korenblit (3):
wifi: mac80211: track the id of the NAN cluster we joined
wifi: mac80211: avoid out-of-bounds access in monitor
wifi: mac80211: add NAN channel evacuation support
drivers/net/wireless/virtual/Makefile | 2 +
.../net/wireless/virtual/mac80211_hwsim_i.h | 139 +++++
...mac80211_hwsim.c => mac80211_hwsim_main.c} | 508 +++++-------------
.../net/wireless/virtual/mac80211_hwsim_nan.c | 233 ++++++++
.../net/wireless/virtual/mac80211_hwsim_nan.h | 36 ++
include/net/mac80211.h | 29 +
net/mac80211/cfg.c | 19 +
net/mac80211/chan.c | 28 +-
net/mac80211/iface.c | 7 +-
net/mac80211/main.c | 4 +
net/mac80211/nan.c | 126 +++++
net/mac80211/offchannel.c | 9 +-
net/mac80211/rx.c | 26 +-
net/mac80211/status.c | 9 +-
net/mac80211/tx.c | 18 +-
15 files changed, 785 insertions(+), 408 deletions(-)
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_i.h
rename drivers/net/wireless/virtual/{mac80211_hwsim.c => mac80211_hwsim_main.c} (94%)
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_nan.c
create mode 100644 drivers/net/wireless/virtual/mac80211_hwsim_nan.h
--
2.34.1
^ permalink raw reply
* Re: [patch 30/38] openrisc: Select ARCH_HAS_RANDOM_ENTROPY
From: Stafford Horne @ 2026-04-12 8:56 UTC (permalink / raw)
To: Thomas Gleixner
Cc: LKML, Jonas Bonn, linux-openrisc, Arnd Bergmann, x86, Lu Baolu,
iommu, Michael Grzeschik, netdev, linux-wireless, Herbert Xu,
linux-crypto, Vlastimil Babka, linux-mm, David Woodhouse,
Bernie Thompson, linux-fbdev, Theodore Tso, linux-ext4,
Andrew Morton, Uladzislau Rezki, Marco Elver, Dmitry Vyukov,
kasan-dev, Andrey Ryabinin, Thomas Sailer, linux-hams,
Jason A. Donenfeld, Richard Henderson, linux-alpha, Russell King,
linux-arm-kernel, Catalin Marinas, Huacai Chen, loongarch,
Geert Uytterhoeven, linux-m68k, Dinh Nguyen, Helge Deller,
linux-parisc, Michael Ellerman, linuxppc-dev, Paul Walmsley,
linux-riscv, Heiko Carstens, linux-s390, David S. Miller,
sparclinux
In-Reply-To: <20260410120319.593798781@kernel.org>
On Fri, Apr 10, 2026 at 02:20:55PM +0200, Thomas Gleixner wrote:
> The only remaining non-architecture usage of get_cycles() is to provide
> random_get_entropy().
>
> Switch openrisc over to the new scheme of selecting ARCH_HAS_RANDOM_ENTROPY
> and providing random_get_entropy() in asm/random.h.
>
> Add 'asm/timex.h' includes to the relevant files, so the global include can
> be removed once all architectures are converted over.
>
> Signed-off-by: Thomas Gleixner <tglx@kernel.org>
> Cc: Jonas Bonn <jonas@southpole.se>
> Cc: linux-openrisc@vger.kernel.org
This looks good to me.
Acked-by: Stafford Horne <shorne@gmail.com>
> ---
> arch/openrisc/Kconfig | 1 +
> arch/openrisc/include/asm/random.h | 12 ++++++++++++
> arch/openrisc/include/asm/timex.h | 5 -----
> arch/openrisc/lib/delay.c | 1 +
> 4 files changed, 14 insertions(+), 5 deletions(-)
>
> --- a/arch/openrisc/Kconfig
> +++ b/arch/openrisc/Kconfig
> @@ -10,6 +10,7 @@ config OPENRISC
> select ARCH_HAS_DELAY_TIMER
> select ARCH_HAS_DMA_SET_UNCACHED
> select ARCH_HAS_DMA_CLEAR_UNCACHED
> + select ARCH_HAS_RANDOM_ENTROPY
> select ARCH_HAS_SYNC_DMA_FOR_DEVICE
> select GENERIC_BUILTIN_DTB
> select COMMON_CLK
> --- /dev/null
> +++ b/arch/openrisc/include/asm/random.h
> @@ -0,0 +1,12 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +#ifndef __ASM_OPENRISC_RANDOM_H
> +#define __ASM_OPENRISC_RANDOM_H
> +
> +#include <asm/timex.h>
> +
> +static inline unsigned long random_get_entropy(void)
> +{
> + return get_cycles();
> +}
> +
> +#endif
> --- a/arch/openrisc/include/asm/timex.h
> +++ b/arch/openrisc/include/asm/timex.h
> @@ -9,13 +9,9 @@
> * OpenRISC implementation:
> * Copyright (C) 2010-2011 Jonas Bonn <jonas@southpole.se>
> */
> -
> #ifndef __ASM_OPENRISC_TIMEX_H
> #define __ASM_OPENRISC_TIMEX_H
>
> -#define get_cycles get_cycles
> -
> -#include <asm-generic/timex.h>
> #include <asm/spr.h>
> #include <asm/spr_defs.h>
>
> @@ -23,6 +19,5 @@ static inline cycles_t get_cycles(void)
> {
> return mfspr(SPR_TTCR);
> }
> -#define get_cycles get_cycles
>
> #endif
> --- a/arch/openrisc/lib/delay.c
> +++ b/arch/openrisc/lib/delay.c
> @@ -18,6 +18,7 @@
> #include <linux/init.h>
>
> #include <asm/param.h>
> +#include <asm/timex.h>
> #include <asm/processor.h>
>
> bool delay_read_timer(unsigned long *timer_value)
>
>
^ permalink raw reply
* [PATCH 0/2] wifi: mt76: add missing skb length validation
From: Aviel Zohar @ 2026-04-12 6:55 UTC (permalink / raw)
To: linux-wireless
Cc: linux-mediatek, nbd@nbd.name, lorenzo, sean.wang@mediatek.com,
ryder.lee@mediatek.com
[-- Attachment #1.1: Type: text/plain, Size: 1508 bytes --]
This series addresses missing skb length validation in two mt76
drivers before memcpy operations on firmware MCU responses.
In both cases, the driver copies a fixed number of bytes from
skb->data without first checking that skb->len is large enough.
If the firmware returns a shorter-than-expected response (due to a
bug, partial DMA transfer, or in the case of mt7925, a malicious
USB device), the memcpy reads beyond the skb data buffer, causing
a heap buffer over-read. The over-read data is subsequently
returned to userspace.
Patch 1: mt7925 testmode - mt7925_tm_query() copies 512 bytes
(MT7925_EVT_RSP_LEN) from skb->data + 8 without verifying
skb->len >= 520. The leaked data is returned via nla_put()
through nl80211 testmode dump. Fix adds a length check before
the memcpy.
Patch 2: mt7915 txpower - mt7915_mcu_get_txpower_sku() copies
up to 322 bytes (MT7915_SKU_RATE_NUM * 2) from skb->data + 4
without verifying skb->len. The data surfaces through debugfs
(txpower_sku, txpower_path). Fix adds length checks for both
the TX_POWER_INFO_RATE and TX_POWER_INFO_PATH code paths.
Both fixes follow the same pattern: validate skb->len before
performing the memcpy, returning -EINVAL on insufficient data.
Tested by code inspection; I do not have the hardware to
run-test these changes. (Please let me know if you want me to git send-mail
them as well)
[PATCH 1/2] wifi: mt76: mt7925: validate skb length in testmode query
[PATCH 2/2] wifi: mt76: mt7915: validate skb length in txpower SKU query
[-- Attachment #1.2: Type: text/html, Size: 1647 bytes --]
[-- Attachment #2: 0002-wifi-mt76-mt7915-validate-skb-length-txpower.patch --]
[-- Type: text/x-diff, Size: 1479 bytes --]
From: Aviel Zohar <avielzohar123@gmail.com>
Date: Sat, 12 Apr 2026 00:00:00 +0000
Subject: [PATCH 2/2] wifi: mt76: mt7915: validate skb length in txpower SKU query
In mt7915_mcu_get_txpower_sku(), the response skb from
mt76_mcu_send_and_get_msg() is used in memcpy without validating
its length:
For TX_POWER_INFO_RATE:
memcpy(res, skb->data + 4, sizeof(res));
where sizeof(res) is MT7915_SKU_RATE_NUM * 2 = 322 bytes.
For TX_POWER_INFO_PATH:
memcpy(txpower, skb->data + 4, len);
In both cases, if the firmware returns a response shorter than
the expected size, the memcpy reads beyond the skb data buffer.
The data surfaces to userspace via debugfs (txpower_sku and
txpower_path).
Add length checks for both code paths before the memcpy.
Signed-off-by: Aviel Zohar <avielzohar123@gmail.com>
---
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -3532,10 +3532,18 @@
if (category == TX_POWER_INFO_RATE) {
s8 res[MT7915_SKU_RATE_NUM][2];
+ if (skb->len < sizeof(res) + 4) {
+ dev_kfree_skb(skb);
+ return -EINVAL;
+ }
memcpy(res, skb->data + 4, sizeof(res));
for (i = 0; i < len; i++)
txpower[i] = res[i][req.band_idx];
} else if (category == TX_POWER_INFO_PATH) {
+ if (skb->len < len + 4) {
+ dev_kfree_skb(skb);
+ return -EINVAL;
+ }
memcpy(txpower, skb->data + 4, len);
}
[-- Attachment #3: 0001-wifi-mt76-mt7925-validate-skb-length-testmode.patch --]
[-- Type: text/x-diff, Size: 1223 bytes --]
From: Aviel Zohar <avielzohar123@gmail.com>
Date: Sat, 12 Apr 2026 00:00:00 +0000
Subject: [PATCH 1/2] wifi: mt76: mt7925: validate skb length in testmode query
In mt7925_tm_query(), the response skb from mt76_mcu_send_and_get_msg()
is used in a memcpy without validating its length:
memcpy(evt_resp, skb->data + 8, MT7925_EVT_RSP_LEN);
where MT7925_EVT_RSP_LEN is 512. If the firmware returns a response
shorter than 520 bytes (8 + 512), this reads beyond the skb data
buffer. The over-read data is then returned to userspace via nla_put()
in mt7925_testmode_dump().
Add a length check before the memcpy to ensure the skb contains
sufficient data.
Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips")
Signed-off-by: Aviel Zohar <avielzohar123@gmail.com>
---
drivers/net/wireless/mediatek/mt76/mt7925/testmode.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/mediatek/mt76/mt7925/testmode.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/testmode.c
@@ -105,6 +105,11 @@
if (ret)
goto out;
+ if (skb->len < MT7925_EVT_RSP_LEN + 8) {
+ ret = -EINVAL;
+ goto out;
+ }
+
memcpy((char *)evt_resp, (char *)skb->data + 8, MT7925_EVT_RSP_LEN);
out:
^ permalink raw reply
* RE: [PATCH 2/3] wifi: iwlwifi: mld: fix TSO segmentation explosion when AMSDU is disabled
From: Korenblit, Miriam Rachel @ 2026-04-12 3:47 UTC (permalink / raw)
To: Cole Leavitt, linux-wireless@vger.kernel.org
Cc: greearb@candelatech.com, johannes@sipsolutions.net
In-Reply-To: <20260405054145.1064152-3-cole@unwrap.rs>
> -----Original Message-----
> From: Cole Leavitt <cole@unwrap.rs>
> Sent: Sunday, April 5, 2026 8:42 AM
> To: linux-wireless@vger.kernel.org
> Cc: greearb@candelatech.com; Korenblit, Miriam Rachel
> <miriam.rachel.korenblit@intel.com>; johannes@sipsolutions.net;
> cole@unwrap.rs
> Subject: [PATCH 2/3] wifi: iwlwifi: mld: fix TSO segmentation explosion when
> AMSDU is disabled
>
> When the TLC notification disables AMSDU for a TID, the MLD driver sets
> max_tid_amsdu_len to the sentinel value 1. The TSO segmentation path in
> iwl_mld_tx_tso_segment() checks for zero but not for this sentinel, allowing it to
> reach the num_subframes calculation:
>
> num_subframes = (max_tid_amsdu_len + pad) / (subf_len + pad)
> = (1 + 2) / (1534 + 2) = 0
>
> This zero propagates to iwl_tx_tso_segment() which sets:
>
> gso_size = num_subframes * mss = 0
>
> Calling skb_gso_segment() with gso_size=0 creates over 32000 tiny segments
> from a single GSO skb. This floods the TX ring with ~1024 micro-frames (the rest
> are purged), creating a massive burst of TX completion events that can lead to
> memory corruption and a subsequent use-after-free in TCP's retransmit queue
> (refcount underflow in tcp_shifted_skb, NULL deref in tcp_rack_detect_loss).
And why not fixing this issue?
>
> The MVM driver is immune because it checks mvmsta->amsdu_enabled before
> reaching the num_subframes calculation. The MLD driver has no equivalent
> bitmap check and relies solely on max_tid_amsdu_len, which does not catch the
> sentinel value.
>
> Fix this by detecting the sentinel value (max_tid_amsdu_len == 1) at the existing
> check and falling back to non-AMSDU TSO segmentation. Also add a
> WARN_ON_ONCE guard after the num_subframes division as defense-in-depth
> to catch any future code paths that produce zero through a different mechanism.
>
> Suggested-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
> Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver")
> Signed-off-by: Cole Leavitt <cole@unwrap.rs>
> ---
> drivers/net/wireless/intel/iwlwifi/mld/tx.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/mld/tx.c
> b/drivers/net/wireless/intel/iwlwifi/mld/tx.c
> index e341d12e5233..8af58aabcd68 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mld/tx.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mld/tx.c
> @@ -823,7 +823,7 @@ static int iwl_mld_tx_tso_segment(struct iwl_mld *mld,
> struct sk_buff *skb,
> return -EINVAL;
>
> max_tid_amsdu_len = sta->cur->max_tid_amsdu_len[tid];
> - if (!max_tid_amsdu_len)
> + if (!max_tid_amsdu_len || max_tid_amsdu_len == 1)
> return iwl_tx_tso_segment(skb, 1, netdev_flags, mpdus_skbs);
>
> /* Sub frame header + SNAP + IP header + TCP header + MSS */ @@ -
> 835,6 +835,9 @@ static int iwl_mld_tx_tso_segment(struct iwl_mld *mld, struct
> sk_buff *skb,
> */
> num_subframes = (max_tid_amsdu_len + pad) / (subf_len + pad);
>
> + if (WARN_ON_ONCE(!num_subframes))
> + return iwl_tx_tso_segment(skb, 1, netdev_flags, mpdus_skbs);
> +
> if (sta->max_amsdu_subframes &&
> num_subframes > sta->max_amsdu_subframes)
> num_subframes = sta->max_amsdu_subframes;
> --
> 2.52.0
^ permalink raw reply
* Re: [PATCH wireless v2] wifi: iwlwifi: mld: stop TX during firmware restart
From: Sheroz Juraev @ 2026-04-11 21:27 UTC (permalink / raw)
To: Miri Korenblit; +Cc: Johannes Berg, linux-wireless, stable
In-Reply-To: <20260315081221.2678478-1-goodmartiandev@gmail.com>
Gentle ping.
This v2 was posted on 2026-03-15 and hasn't received any review
feedback yet. I realized after sending that I dropped you from the
direct To: line in v2 (it only went to the list), so this ping is
mostly to make sure it didn't slip through the cracks.
Since we're currently in the 7.0-rc stabilization window, I wanted to
check whether this small bugfix could still be picked up for the
wireless tree, or if there's anything you'd like me to change.
Patchwork:
https://patchwork.kernel.org/project/linux-wireless/patch/20260315081221.2678478-1-goodmartiandev@gmail.com/
Thanks,
Sheroz
^ permalink raw reply
* Re: [PATCH rtw-next] wifi: rtw88: 8814a: add __packed to ensure efuse map size
From: Ping-Ke Shih @ 2026-04-11 7:29 UTC (permalink / raw)
To: Bitterblue Smith, linux-wireless@vger.kernel.org; +Cc: lkp@intel.com
In-Reply-To: <7c65e315-5a2e-455e-87ee-8fc6d60ed807@gmail.com>
Bitterblue Smith <rtl8821cerfe2@gmail.com> wrote:
> On 10/04/2026 16:13, Ping-Ke Shih wrote:
> > All nested sture/union used by efuse map should be packed. Otherwise, a
> > arm-linux-gnueabi-gcc compiler might throw errors due to size assertion.
> >
> > In file included from include/linux/bitfield.h:10,
> > from include/linux/fortify-string.h:5,
> > from include/linux/string.h:389,
> > from include/linux/uuid.h:11,
> > from include/linux/mod_devicetable.h:14,
> > from include/linux/usb.h:5,
> > from drivers/net/wireless/realtek/rtw88/rtw8814a.c:5:
> >>> include/linux/build_bug.h:78:41: error: static assertion failed: "sizeof(struct rtw8814a_efuse) == 512"
> > #define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
> > ^~~~~~~~~~~~~~
> >
> > Fixes: 1a7545784642 ("wifi: rtw88: Add rtw8814a.{c,h}")
> > Reported-by: kernel test robot <lkp@intel.com>
> > Closes: https://lore.kernel.org/oe-kbuild-all/202604101721.fsv5XmCX-lkp@intel.com/
> > Cc: Bitterblue Smith <rtl8821cerfe2@gmail.com>
> > Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
> > ---
> > drivers/net/wireless/realtek/rtw88/main.h | 2 +-
> > drivers/net/wireless/realtek/rtw88/rtw8814a.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
>
> Thank you for taking care of this. Actually, every chip's efuse struct
> has a union like this missing __packed, not just RTL8814A. Most of them
> don't have a static_assert.
>
Indeed. I added size assetion of efuse map entirely to rtw88 and rtw89 [1],
hoping we can find and address this kind of problem earlier.
[1] https://lore.kernel.org/linux-wireless/20260411072413.1556575-1-pkshih@realtek.com/T/#t
^ permalink raw reply
* [PATCH wireless-next] wifi: mac80211: add __packed to union members of struct ieee80211_rx_status
From: Ping-Ke Shih @ 2026-04-11 7:25 UTC (permalink / raw)
To: johannes, linux-wireless
The arm-linux-gnueabi-gcc compiler, align the field followed by union
members, causing size of struct ieee80211_rx_status over skb->cb
(48 bytes). By investigation, the union member starts at offset 32,
and the offset of next field rate_idx is 36 instead of expected 33, and
the total size is (unexpected) 52.
When compiling rtw88 driver, it throws:
In file included from /work/linux-src/linux-stable/include/linux/string.h:386,
from /work/linux-src/linux-stable/include/linux/bitmap.h:13,
from /work/linux-src/linux-stable/include/linux/cpumask.h:11,
from /work/linux-src/linux-stable/include/linux/smp.h:13,
from /work/linux-src/linux-stable/include/linux/lockdep.h:14,
from /work/linux-src/linux-stable/include/linux/mutex.h:17,
from /work/linux-src/linux-stable/include/linux/kernfs.h:11,
from /work/linux-src/linux-stable/include/linux/sysfs.h:16,
from /work/linux-src/linux-stable/include/linux/kobject.h:20,
from /work/linux-src/linux-stable/include/linux/dmi.h:6,
from pci.c:5:
In function 'fortify_memcpy_chk',
inlined from 'rtw_pci_rx_napi.constprop' at pci.c:1095:4:
/work/linux-src/linux-stable/include/linux/fortify-string.h:569:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
569 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After this patch, the size of struct ieee80211_rx_status is 48.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
---
Because of size assertion of rtw88's efuse map [1], I found
arm-linux-gnueabi-gcc compiler throws this warning, but x86 gcc is absolutely
silent and expected without this patch.
[1] https://lore.kernel.org/linux-wireless/7c65e315-5a2e-455e-87ee-8fc6d60ed807@gmail.com/T/#m43fdf8a1c2b8cff92c1ef50faab7993522647162
---
include/net/mac80211.h | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 40cb20d9309c..02318a4be0e1 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -1747,18 +1747,18 @@ struct ieee80211_rx_status {
u8 he_ru:3;
u8 he_gi:2;
u8 he_dcm:1;
- };
+ } __packed;
struct {
u8 ru:4;
u8 gi:2;
- } eht;
+ } __packed eht;
struct {
u8 ru:4;
u8 gi:2;
u8 elr:1;
u8 im:1;
- } uhr;
- };
+ } __packed uhr;
+ } __packed;
u8 rate_idx;
u8 nss;
u8 rx_flags;
@@ -1771,6 +1771,8 @@ struct ieee80211_rx_status {
u8 link_valid:1, link_id:4;
};
+static_assert(sizeof(struct ieee80211_rx_status) <= sizeof_field(struct sk_buff, cb));
+
static inline u32
ieee80211_rx_status_to_khz(struct ieee80211_rx_status *rx_status)
{
--
2.25.1
^ permalink raw reply related
* [PATCH rtw-next 2/2] wifi: rtw89: add __packed to efuse map and do assertion
From: Ping-Ke Shih @ 2026-04-11 7:24 UTC (permalink / raw)
To: linux-wireless; +Cc: rtl8821cerfe2
In-Reply-To: <20260411072413.1556575-1-pkshih@realtek.com>
As arm-linux-gnueabi-gcc compiler align struct field is not always like
gcc on x86 target, the efuse map layout might not be expected. Add __packed
and do assertion to ensure it is expected.
Complied test only with arm-linux-gnueabi-gcc and x86 gcc.
Cc: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
---
drivers/net/wireless/realtek/rtw89/rtw8851b.h | 8 +++++---
drivers/net/wireless/realtek/rtw89/rtw8852a.h | 8 +++++---
drivers/net/wireless/realtek/rtw89/rtw8852b_common.h | 8 +++++---
drivers/net/wireless/realtek/rtw89/rtw8852c.h | 8 +++++---
drivers/net/wireless/realtek/rtw89/rtw8922a.h | 2 ++
drivers/net/wireless/realtek/rtw89/rtw8922d.h | 2 ++
6 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8851b.h b/drivers/net/wireless/realtek/rtw89/rtw8851b.h
index 1a5c52654d8a..5c2e26c04cd9 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8851b.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8851b.h
@@ -13,11 +13,11 @@
struct rtw8851bu_efuse {
u8 rsvd[0x88];
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8851be_efuse {
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8851b_tssi_offset {
u8 cck_tssi[TSSI_CCK_CH_GROUP_NUM];
@@ -68,9 +68,11 @@ struct rtw8851b_efuse {
union {
struct rtw8851bu_efuse u;
struct rtw8851be_efuse e;
- };
+ } __packed;
} __packed;
+static_assert(sizeof(struct rtw8851b_efuse) == 0x48e);
+
extern const struct rtw89_chip_info rtw8851b_chip_info;
#endif
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852a.h b/drivers/net/wireless/realtek/rtw89/rtw8852a.h
index d6c1acd09238..0d381f6fd182 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8852a.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852a.h
@@ -19,11 +19,11 @@ enum rtw8852a_pmac_mode {
struct rtw8852au_efuse {
u8 rsvd[0x38];
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852ae_efuse {
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852a_tssi_offset {
u8 cck_tssi[TSSI_CCK_CH_GROUP_NUM];
@@ -78,9 +78,11 @@ struct rtw8852a_efuse {
union {
struct rtw8852au_efuse u;
struct rtw8852ae_efuse e;
- };
+ } __packed;
} __packed;
+static_assert(sizeof(struct rtw8852a_efuse) == 0x43e);
+
struct rtw8852a_bb_pmac_info {
u8 en_pmac_tx:1;
u8 is_cck:1;
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852b_common.h b/drivers/net/wireless/realtek/rtw89/rtw8852b_common.h
index 3dce5422f41e..89e936e4b211 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8852b_common.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852b_common.h
@@ -20,11 +20,11 @@ enum rtw8852bx_pmac_mode {
struct rtw8852bx_u_efuse {
u8 rsvd[0x88];
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852bx_e_efuse {
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852bx_tssi_offset {
u8 cck_tssi[TSSI_CCK_CH_GROUP_NUM];
@@ -89,9 +89,11 @@ struct rtw8852bx_efuse {
union {
struct rtw8852bx_u_efuse u;
struct rtw8852bx_e_efuse e;
- };
+ } __packed;
} __packed;
+static_assert(sizeof(struct rtw8852bx_efuse) == 0x48e);
+
struct rtw8852bx_bb_pmac_info {
u8 en_pmac_tx:1;
u8 is_cck:1;
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852c.h b/drivers/net/wireless/realtek/rtw89/rtw8852c.h
index 8585921ac6c4..49cb6b4b3b7c 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8852c.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852c.h
@@ -13,11 +13,11 @@
struct rtw8852c_u_efuse {
u8 rsvd[0x88];
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852c_e_efuse {
u8 mac_addr[ETH_ALEN];
-};
+} __packed;
struct rtw8852c_tssi_offset {
u8 cck_tssi[TSSI_CCK_CH_GROUP_NUM];
@@ -95,9 +95,11 @@ struct rtw8852c_efuse {
union {
struct rtw8852c_u_efuse u;
struct rtw8852c_e_efuse e;
- };
+ } __packed;
} __packed;
+static_assert(sizeof(struct rtw8852c_efuse) == 0x48e);
+
extern const struct rtw89_chip_info rtw8852c_chip_info;
#endif
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8922a.h b/drivers/net/wireless/realtek/rtw89/rtw8922a.h
index a29cfa5b4291..33c87bcc403c 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8922a.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8922a.h
@@ -68,6 +68,8 @@ struct rtw8922a_efuse {
struct rtw8922a_rx_gain_6g rx_gain_6g_b;
} __packed;
+static_assert(sizeof(struct rtw8922a_efuse) == 0x1b8);
+
extern const struct rtw89_chip_info rtw8922a_chip_info;
extern const struct rtw89_chip_variant rtw8922ae_vs_variant;
diff --git a/drivers/net/wireless/realtek/rtw89/rtw8922d.h b/drivers/net/wireless/realtek/rtw89/rtw8922d.h
index 22a7d1cc244f..6d0fb01c1216 100644
--- a/drivers/net/wireless/realtek/rtw89/rtw8922d.h
+++ b/drivers/net/wireless/realtek/rtw89/rtw8922d.h
@@ -77,6 +77,8 @@ struct rtw8922d_efuse {
struct rtw8922d_rx_gain_6g rx_gain_6g_b_2;
} __packed;
+static_assert(sizeof(struct rtw8922d_efuse) == 0x222);
+
extern const struct rtw89_chip_info rtw8922d_chip_info;
extern const struct rtw89_chip_variant rtw8922de_vs_variant;
--
2.25.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox