* [PATCH wireless-next v5 0/4] wifi: nl80211: introduce PROBE_PEER for AP and STA
From: Priyansha Tiwari @ 2026-06-11 6:22 UTC (permalink / raw)
To: johannes; +Cc: veerendranath.jakkam, linux-wireless, quic_drohan
From: Priyansha Tiwari <priyansha.tiwari@oss.qualcomm.com>
This series introduces a unified mechanism to probe connected peers.
It generalizes the legacy AP-only PROBE_CLIENT functionality by adding
NL80211_CMD_PROBE_PEER and enabling (feature-gated) STA-side probing.
With this, AP/GO continues to probe associated stations as before, and
STA/P2P-client can probe the connected AP for faster link health checks.
For MLO connections, mac80211 supports per-link STA probing to obtain
link-specific ACK information.
Patch 1 renames NL80211_CMD_PROBE_CLIENT to NL80211_CMD_PROBE_PEER in
the UAPI enum (keeping PROBE_CLIENT as a compatibility alias) and renames
the .probe_client cfg80211_ops callback to .probe_peer. All in-tree users
(wil6210, mwifiex, mac80211) are updated so the tree builds after this
patch. This is a pure rename with no behaviour change; documentation is
intentionally left unchanged.
Patch 2 updates the @probe_peer documentation in cfg80211_ops to describe
the STA-mode semantics, adds NL80211_EXT_FEATURE_PROBE_AP to advertise
STA-side support, extends cfg80211_probe_status() to carry an optional
peer address and a link_id (-1 for non-MLO), and extends the nl80211
handler to accept STA/P2P-client interfaces when the driver advertises
the feature (MAC attribute must be omitted; the AP is implied by the
association). All callers of cfg80211_probe_status() are updated.
Patch 3 adds per-link PROBE_PEER support in mac80211 for STA/P2P-client
mode. For STA/P2P-client, it uses IEEE80211_LINK_UNSPECIFIED together
with the associated AP/GO address and lets the driver select the link.
For non-MLO connections, mac80211 still fills info->band from the
current chanctx so legacy transmissions continue to carry the correct
band information. The link_valid/link_id bitfields in
ieee80211_tx_info.status are set before transmitting and read back in
ieee80211_report_ack_skb() to report the actual link_id to userspace.
AP/GO behaviour is unchanged.
Patch 4 makes mac80211_hwsim populate link_valid/link_id in TX status
for both the direct TX status path and the wmediumd/netlink TX status
path.
---
Changes in v5:
- Patch 3:
* Renamed peer_addr to dst_addr for clarity.
* Reworked ieee80211_probe_peer() to share more logic between
AP and STA modes by using ieee80211_vif_type_p2p(),
overriding the STA peer to the associated AP/GO address,
and pulling the common sta lookup/qos handling out of the
switch.
* Kept the remaining AP/STA difference limited to the DS bits,
while preserving the existing MLO/non-MLO address and band
handling.
Changes in v4:
- Patch 3:
* Dropped guard(rcu)() from ieee80211_probe_peer() and used
wiphy_dereference() under the already held wiphy lock.
* Simplified STA/P2P-client probing to use
IEEE80211_LINK_UNSPECIFIED together with the associated
AP/GO address for both MLO and non-MLO cases.
* Kept the non-MLO band lookup via chanctx so legacy
transmissions still carry the correct band.
* Return -ENOLINK when the associated AP STA entry is missing,
instead of falling back to non-QoS probing.
Changes in v3:
- Restructured patch split:
* Patch 1: pure rename (probe_client -> probe_peer), no doc changes
* Patch 2: documentation update for STA-mode semantics +
nl80211 API logic change + cfg80211_probe_status update
* Patch 3: mac80211 implementation
- Removed unnecessary bitfield padding (no pad2:3)
- Moved MAC-omission check for STA mode into cfg80211/nl80211
(not mac80211).
- Used switch statement in both nl80211_probe_peer() and
ieee80211_probe_peer().
- Used guard(rcu)() instead of manual rcu_read_lock/unlock
- Return -ENOLINK (not -ENOTCONN) for unconnected STA, consistent
with cfg80211 conventions
Priyansha Tiwari (4):
wifi: nl80211/cfg80211: rename probe_client to probe_peer
wifi: cfg80211/nl80211: add STA-mode peer probing
wifi: mac80211: implement STA-mode peer probing
wifi: mac80211_hwsim: report TX status link_id
drivers/net/wireless/ath/wil6210/cfg80211.c | 10 +-
.../net/wireless/marvell/mwifiex/cfg80211.c | 8 +-
.../wireless/virtual/mac80211_hwsim_main.c | 43 ++++++-
include/net/cfg80211.h | 18 +--
include/net/mac80211.h | 2 +-
include/uapi/linux/nl80211.h | 23 ++--
net/mac80211/cfg.c | 117 +++++++++---------
net/mac80211/status.c | 5 +-
net/wireless/nl80211.c | 69 +++++++----
net/wireless/rdev-ops.h | 10 +-
net/wireless/trace.h | 2 +-
11 files changed, 187 insertions(+), 120 deletions(-)
--
2.34.1
^ permalink raw reply
* Re: [PATCH v2 6/7] arm64: dts: qcom: sm8350: modernize PCIe entries
From: Manivannan Sadhasivam @ 2026-06-11 6:13 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: Lorenzo Pieralisi, Krzysztof Wilczyński, Rob Herring,
Bjorn Helgaas, Konrad Dybcio, Qiang Yu, Jeff Johnson,
Liam Girdwood, Mark Brown, Krzysztof Kozlowski, Conor Dooley,
Bartosz Golaszewski, Marcel Holtmann, Luiz Augusto von Dentz,
Balakrishna Godavarthi, Rocky Liao, Bjorn Andersson,
Konrad Dybcio, linux-arm-msm, linux-pci, linux-kernel,
linux-wireless, ath11k, devicetree, Bartosz Golaszewski,
linux-bluetooth, Bartosz Golaszewski
In-Reply-To: <20260608-sm8350-wifi-v2-6-efb68f1ff04c@oss.qualcomm.com>
On Mon, Jun 08, 2026 at 09:59:24AM +0300, Dmitry Baryshkov wrote:
> The recent suggestion is to have PERST# / WAKE pins and PHYs in the PCIe
> port rather than RC device. The kernel recently started warning about
> the older style of DT. Modernize DT for SM8350 platform by moving the
> entries under the root port device node.
>
> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
- Mani
> ---
> arch/arm64/boot/dts/qcom/sm8350-hdk.dts | 18 +++++++++++-------
> arch/arm64/boot/dts/qcom/sm8350.dtsi | 12 ++++--------
> 2 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/arch/arm64/boot/dts/qcom/sm8350-hdk.dts b/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
> index 5f975d009465..4973a3eb11b5 100644
> --- a/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
> +++ b/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
> @@ -493,12 +493,14 @@ &pcie0 {
> pinctrl-names = "default";
> pinctrl-0 = <&pcie0_default_state>;
>
> - perst-gpios = <&tlmm 94 GPIO_ACTIVE_LOW>;
> - wake-gpios = <&tlmm 96 GPIO_ACTIVE_HIGH>;
> -
> status = "okay";
> };
>
> +&pcie0_port0 {
> + reset-gpios = <&tlmm 94 GPIO_ACTIVE_LOW>;
> + wake-gpios = <&tlmm 96 GPIO_ACTIVE_HIGH>;
> +};
> +
> &pcie0_phy {
> vdda-phy-supply = <&vreg_l5b_0p88>;
> vdda-pll-supply = <&vreg_l6b_1p2>;
> @@ -507,15 +509,17 @@ &pcie0_phy {
> };
>
> &pcie1 {
> - perst-gpios = <&tlmm 97 GPIO_ACTIVE_LOW>;
> - wake-gpios = <&tlmm 99 GPIO_ACTIVE_HIGH>;
> -
> - pinctrl-names = "default";
> pinctrl-0 = <&pcie1_default_state>;
> + pinctrl-names = "default";
>
> status = "okay";
> };
>
> +&pcie1_port0 {
> + reset-gpios = <&tlmm 97 GPIO_ACTIVE_LOW>;
> + wake-gpios = <&tlmm 99 GPIO_ACTIVE_HIGH>;
> +};
> +
> &pcie1_phy {
> status = "okay";
> vdda-phy-supply = <&vreg_l5b_0p88>;
> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi
> index eb2a795d8edb..136daa444865 100644
> --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi
> +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi
> @@ -1583,12 +1583,9 @@ pcie0: pcie@1c00000 {
>
> power-domains = <&gcc PCIE_0_GDSC>;
>
> - phys = <&pcie0_phy>;
> - phy-names = "pciephy";
> -
> status = "disabled";
>
> - pcie@0 {
> + pcie0_port0: pcie@0 {
> device_type = "pci";
> reg = <0x0 0x0 0x0 0x0 0x0>;
> bus-range = <0x01 0xff>;
> @@ -1596,6 +1593,7 @@ pcie@0 {
> #address-cells = <3>;
> #size-cells = <2>;
> ranges;
> + phys = <&pcie0_phy>;
> };
> };
>
> @@ -1692,12 +1690,9 @@ pcie1: pcie@1c08000 {
>
> power-domains = <&gcc PCIE_1_GDSC>;
>
> - phys = <&pcie1_phy>;
> - phy-names = "pciephy";
> -
> status = "disabled";
>
> - pcie@0 {
> + pcie1_port0: pcie@0 {
> device_type = "pci";
> reg = <0x0 0x0 0x0 0x0 0x0>;
> bus-range = <0x01 0xff>;
> @@ -1705,6 +1700,7 @@ pcie@0 {
> #address-cells = <3>;
> #size-cells = <2>;
> ranges;
> + phys = <&pcie1_phy>;
> };
> };
>
>
> --
> 2.47.3
>
--
மணிவண்ணன் சதாசிவம்
^ permalink raw reply
* Re: [PATCH v2 1/7] PCI: qcom: fix parsing of PERST# in the legacy case
From: Manivannan Sadhasivam @ 2026-06-11 6:12 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: Lorenzo Pieralisi, Krzysztof Wilczyński, Rob Herring,
Bjorn Helgaas, Konrad Dybcio, Qiang Yu, Jeff Johnson,
Liam Girdwood, Mark Brown, Krzysztof Kozlowski, Conor Dooley,
Bartosz Golaszewski, Marcel Holtmann, Luiz Augusto von Dentz,
Balakrishna Godavarthi, Rocky Liao, Bjorn Andersson,
Konrad Dybcio, linux-arm-msm, linux-pci, linux-kernel,
linux-wireless, ath11k, devicetree, Bartosz Golaszewski,
linux-bluetooth
In-Reply-To: <20260608-sm8350-wifi-v2-1-efb68f1ff04c@oss.qualcomm.com>
On Mon, Jun 08, 2026 at 09:59:19AM +0300, Dmitry Baryshkov wrote:
> Commit deed8aec62dc ("PCI: qcom: Handle mixed PERST#/PHY DT
> configuration") fixed support for the "mixed" platforms which declare
> PERST# pin the RC node and the PHY in the RP node, however it also broke
> support for a majority of existing platforms, which declare both PERST#
> and PHY in the RC node, because now PERST# is first acquired in
> qcom_pcie_parse_ports(), which then returns -ENODEV (as there are no
> PHYs in the RP nodes). Later qcom_pcie_parse_legacy_binding() tries to
> acquire the PERST# GPIO again and fails with -EBUSY (as the GPIO has
> already been requested).
>
> Move parsing of RC's perst-gpios to qcom_pcie_probe(), making it obvious
> that it's shared for both cases and skip parsing it in both functions.
>
> Fixes: deed8aec62dc ("PCI: qcom: Handle mixed PERST#/PHY DT configuration")
> Closes: https://lore.kernel.org/r/gieaybsg2ckxpctvqj77nlwu7utama2yeyvebkonmexsxrra3v@v3fobqasxnmy/
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
This issue is fixed now. You can drop this patch in next revision.
- Mani
> ---
> drivers/pci/controller/dwc/pcie-qcom.c | 25 ++++++++++---------------
> 1 file changed, 10 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c
> index 11fc60489892..7664c7c28c0e 100644
> --- a/drivers/pci/controller/dwc/pcie-qcom.c
> +++ b/drivers/pci/controller/dwc/pcie-qcom.c
> @@ -1907,15 +1907,6 @@ static int qcom_pcie_parse_ports(struct qcom_pcie *pcie)
> struct device *dev = pcie->pci->dev;
> int ret = -ENODEV;
>
> - if (of_find_property(dev->of_node, "perst-gpios", NULL)) {
> - pcie->reset = devm_gpiod_get_optional(dev, "perst",
> - GPIOD_OUT_HIGH);
> - if (IS_ERR(pcie->reset))
> - return PTR_ERR(pcie->reset);
> -
> - dev_warn(dev, "Reusing PERST# from Root Complex node. DT needs to be fixed!\n");
> - }
> -
> for_each_available_child_of_node_scoped(dev->of_node, of_port) {
> if (!of_node_is_type(of_port, "pci"))
> continue;
> @@ -1942,7 +1933,6 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
> struct device *dev = pcie->pci->dev;
> struct qcom_pcie_perst *perst;
> struct qcom_pcie_port *port;
> - struct gpio_desc *reset;
> struct phy *phy;
> int ret;
>
> @@ -1950,10 +1940,6 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
> if (IS_ERR(phy))
> return PTR_ERR(phy);
>
> - reset = devm_gpiod_get_optional(dev, "perst", GPIOD_OUT_HIGH);
> - if (IS_ERR(reset))
> - return PTR_ERR(reset);
> -
> ret = phy_init(phy);
> if (ret)
> return ret;
> @@ -1970,7 +1956,7 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
> INIT_LIST_HEAD(&port->list);
> list_add_tail(&port->list, &pcie->ports);
>
> - perst->desc = reset;
> + perst->desc = pcie->reset;
> INIT_LIST_HEAD(&port->perst);
> INIT_LIST_HEAD(&perst->list);
> list_add_tail(&perst->list, &port->perst);
> @@ -2107,6 +2093,15 @@ static int qcom_pcie_probe(struct platform_device *pdev)
>
> pp->ops = &qcom_pcie_dw_ops;
>
> + if (of_find_property(dev->of_node, "perst-gpios", NULL)) {
> + pcie->reset = devm_gpiod_get_optional(dev, "perst",
> + GPIOD_OUT_HIGH);
> + if (IS_ERR(pcie->reset))
> + return PTR_ERR(pcie->reset);
> +
> + dev_warn(dev, "Reusing PERST# from Root Complex node. DT needs to be updated!\n");
> + }
> +
> ret = qcom_pcie_parse_ports(pcie);
> if (ret) {
> if (ret != -ENODEV) {
>
> --
> 2.47.3
>
--
மணிவண்ணன் சதாசிவம்
^ permalink raw reply
* [PATCH ath-next 3/3] wifi: ath12k: allocate HOST_DDR and BDF regions after Q6 RO region
From: Aaradhana Sahu @ 2026-06-11 3:33 UTC (permalink / raw)
To: ath12k; +Cc: linux-wireless, Aaradhana Sahu
In-Reply-To: <20260611033314.2330-1-aaradhana.sahu@oss.qualcomm.com>
Currently, the Q6 region contains a read-only firmware region along with
the BDF_MEM_REGION_TYPE and HOST_DDR_REGION_TYPE memory areas. The firmware
expects these writable memory regions to be assigned after the Q6 read-only
section.
However, the ath12k driver currently allocates the HOST_DDR_REGION_TYPE
starting from the base of the Q6 region, which includes the read-only
firmware area. As a result, the allocated memory regions overlap with the
read-only section, causing the firmware to assert during QMI memory
allocation. The Q6 memory region layout is as follows:
Q6 Reserved Memory
+--------------------------------------+
| |
| Read-only Firmware Region |
| (Q6 RO Region) |
| |
+--------------------------------------+ <--- bdf_addr_offset
| Writable Memory Region |
| (BDF + HOST_DDR allocations) |
| |
+--------------------------------------+
Fix this by allocating the required memory regions only after the end of
the read-only region in the Q6 address space. The bdf_addr_offset parameter
indicates where the writable region starts. Both HOST_DDR and BDF regions
are allocated sequentially after this offset, with each region placed
immediately after the previous one to avoid gaps and overlaps.
Tested-on: IPQ5332 hw1.0 AHB WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
Fixes: 6757079c5890 ("wifi: ath12k: add support for fixed QMI firmware memory")
Signed-off-by: Aaradhana Sahu <aaradhana.sahu@oss.qualcomm.com>
---
drivers/net/wireless/ath/ath12k/qmi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/qmi.c b/drivers/net/wireless/ath/ath12k/qmi.c
index 5bf045971c94..11f57b0755ea 100644
--- a/drivers/net/wireless/ath/ath12k/qmi.c
+++ b/drivers/net/wireless/ath/ath12k/qmi.c
@@ -2746,8 +2746,8 @@ static const char *ath12k_qmi_get_mem_reg_name(int mem_type)
static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
{
struct device_node *np = ab->dev->of_node;
+ size_t avail_rmem_size, offset = 0;
struct target_mem_chunk *chunk;
- size_t avail_rmem_size;
struct resource res;
const char *rname;
int i, idx, ret;
@@ -2781,9 +2781,12 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
goto out;
avail_rmem_size = resource_size(&res);
- if (chunk->type == BDF_MEM_REGION_TYPE) {
+ if (chunk->type == BDF_MEM_REGION_TYPE ||
+ chunk->type == HOST_DDR_REGION_TYPE) {
avail_rmem_size -= ab->hw_params->bdf_addr_offset;
- res.start += ab->hw_params->bdf_addr_offset;
+ avail_rmem_size -= offset;
+ res.start += ab->hw_params->bdf_addr_offset + offset;
+ offset += chunk->size;
}
if (avail_rmem_size < chunk->size) {
--
2.34.1
^ permalink raw reply related
* [PATCH ath-next 2/3] wifi: ath12k: refactor QMI memory assignment
From: Aaradhana Sahu @ 2026-06-11 3:33 UTC (permalink / raw)
To: ath12k; +Cc: linux-wireless, Aaradhana Sahu
In-Reply-To: <20260611033314.2330-1-aaradhana.sahu@oss.qualcomm.com>
ath12k_qmi_assign_target_mem_chunk() uses a large switch-case to handle
both memory region identification and allocation for each memory request
type, leading to redundant allocation logic.
Refactor this by introducing ath12k_qmi_get_mem_reg_name() to map memory
request types to their corresponding reserved memory region names.
Tested-on: IPQ5332 hw1.0 AHB WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
Signed-off-by: Aaradhana Sahu <aaradhana.sahu@oss.qualcomm.com>
---
drivers/net/wireless/ath/ath12k/qmi.c | 157 ++++++++++----------------
1 file changed, 61 insertions(+), 96 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/qmi.c b/drivers/net/wireless/ath/ath12k/qmi.c
index 0176d6a4bf8c..5bf045971c94 100644
--- a/drivers/net/wireless/ath/ath12k/qmi.c
+++ b/drivers/net/wireless/ath/ath12k/qmi.c
@@ -2726,120 +2726,85 @@ static int ath12k_qmi_alloc_target_mem_chunk(struct ath12k_base *ab)
return ret;
}
+static const char *ath12k_qmi_get_mem_reg_name(int mem_type)
+{
+ switch (mem_type) {
+ case HOST_DDR_REGION_TYPE:
+ case BDF_MEM_REGION_TYPE:
+ return "q6-region";
+ case M3_DUMP_REGION_TYPE:
+ return "m3-dump";
+ case CALDB_MEM_REGION_TYPE:
+ return "q6-caldb";
+ case MLO_GLOBAL_MEM_REGION_TYPE:
+ return "mlo-global-mem";
+ default:
+ return NULL;
+ }
+}
+
static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
{
struct device_node *np = ab->dev->of_node;
+ struct target_mem_chunk *chunk;
size_t avail_rmem_size;
struct resource res;
+ const char *rname;
int i, idx, ret;
for (i = 0, idx = 0; i < ab->qmi.mem_seg_count; i++) {
- switch (ab->qmi.target_mem[i].type) {
- case HOST_DDR_REGION_TYPE:
- ret = of_reserved_mem_region_to_resource_byname(np, "q6-region",
- &res);
- if (ret)
- goto out;
-
- avail_rmem_size = resource_size(&res);
- if (avail_rmem_size < ab->qmi.target_mem[i].size) {
- ath12k_dbg(ab, ATH12K_DBG_QMI,
- "failed to assign mem type %u req size %u avail size %zu\n",
- ab->qmi.target_mem[i].type,
- ab->qmi.target_mem[i].size,
- avail_rmem_size);
- ret = -EINVAL;
- goto out;
- }
-
- ab->qmi.target_mem[idx].paddr = res.start;
- ab->qmi.target_mem[idx].v.ioaddr =
- ioremap(ab->qmi.target_mem[idx].paddr,
- ab->qmi.target_mem[i].size);
- if (!ab->qmi.target_mem[idx].v.ioaddr) {
- ret = -EIO;
- goto out;
- }
- ab->qmi.target_mem[idx].size = ab->qmi.target_mem[i].size;
- ab->qmi.target_mem[idx].type = ab->qmi.target_mem[i].type;
- idx++;
- break;
- case BDF_MEM_REGION_TYPE:
- ret = of_reserved_mem_region_to_resource_byname(np, "q6-region",
- &res);
- if (ret)
- goto out;
-
- avail_rmem_size = resource_size(&res) -
- ab->hw_params->bdf_addr_offset;
- if (avail_rmem_size < ab->qmi.target_mem[i].size) {
- ath12k_dbg(ab, ATH12K_DBG_QMI,
- "failed to assign mem type %u req size %u avail size %zu\n",
- ab->qmi.target_mem[i].type,
- ab->qmi.target_mem[i].size,
- avail_rmem_size);
- ret = -EINVAL;
- goto out;
- }
- ab->qmi.target_mem[idx].paddr =
- res.start + ab->hw_params->bdf_addr_offset;
- ab->qmi.target_mem[idx].v.ioaddr =
- ioremap(ab->qmi.target_mem[idx].paddr,
- ab->qmi.target_mem[i].size);
- if (!ab->qmi.target_mem[idx].v.ioaddr) {
- ret = -EIO;
- goto out;
- }
- ab->qmi.target_mem[idx].size = ab->qmi.target_mem[i].size;
- ab->qmi.target_mem[idx].type = ab->qmi.target_mem[i].type;
- idx++;
- break;
- case CALDB_MEM_REGION_TYPE:
- /* Cold boot calibration is not enabled in Ath12k. Hence,
+ chunk = &ab->qmi.target_mem[i];
+ if (chunk->type == CALDB_MEM_REGION_TYPE) {
+ /*
+ * Cold boot calibration is not enabled in Ath12k. Hence,
* assign paddr = 0.
* Once cold boot calibration is enabled add support to
* assign reserved memory from DT.
*/
ab->qmi.target_mem[idx].paddr = 0;
ab->qmi.target_mem[idx].v.ioaddr = NULL;
- ab->qmi.target_mem[idx].size = ab->qmi.target_mem[i].size;
- ab->qmi.target_mem[idx].type = ab->qmi.target_mem[i].type;
+ ab->qmi.target_mem[idx].size = chunk->size;
+ ab->qmi.target_mem[idx].type = chunk->type;
idx++;
- break;
- case M3_DUMP_REGION_TYPE:
- ret = of_reserved_mem_region_to_resource_byname(np, "m3-dump",
- &res);
- if (ret)
- goto out;
-
- avail_rmem_size = resource_size(&res);
- if (avail_rmem_size < ab->qmi.target_mem[i].size) {
- ath12k_dbg(ab, ATH12K_DBG_QMI,
- "failed to assign mem type %u req size %u avail size %zu\n",
- ab->qmi.target_mem[i].type,
- ab->qmi.target_mem[i].size,
- avail_rmem_size);
- ret = -EINVAL;
- goto out;
- }
+ continue;
+ }
- ab->qmi.target_mem[idx].paddr = res.start;
- ab->qmi.target_mem[idx].v.ioaddr =
- ioremap(ab->qmi.target_mem[idx].paddr,
- ab->qmi.target_mem[i].size);
- if (!ab->qmi.target_mem[idx].v.ioaddr) {
- ret = -EIO;
- goto out;
- }
- ab->qmi.target_mem[idx].size = ab->qmi.target_mem[i].size;
- ab->qmi.target_mem[idx].type = ab->qmi.target_mem[i].type;
- idx++;
- break;
- default:
+ rname = ath12k_qmi_get_mem_reg_name(chunk->type);
+ if (!rname) {
ath12k_warn(ab, "qmi ignore invalid mem req type %u\n",
- ab->qmi.target_mem[i].type);
- break;
+ chunk->type);
+ continue;
+ }
+
+ ret = of_reserved_mem_region_to_resource_byname(np, rname, &res);
+ if (ret)
+ goto out;
+
+ avail_rmem_size = resource_size(&res);
+ if (chunk->type == BDF_MEM_REGION_TYPE) {
+ avail_rmem_size -= ab->hw_params->bdf_addr_offset;
+ res.start += ab->hw_params->bdf_addr_offset;
}
+
+ if (avail_rmem_size < chunk->size) {
+ ath12k_dbg(ab, ATH12K_DBG_QMI,
+ "failed to assign mem type %u req size %u avail size %zu\n",
+ chunk->type, chunk->size, avail_rmem_size);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ab->qmi.target_mem[idx].paddr = res.start;
+ ab->qmi.target_mem[idx].v.ioaddr = ioremap(ab->qmi.target_mem[idx].paddr,
+ chunk->size);
+ if (!ab->qmi.target_mem[idx].v.ioaddr) {
+ ret = -EIO;
+ goto out;
+ }
+
+ ab->qmi.target_mem[idx].size = chunk->size;
+ ab->qmi.target_mem[idx].type = chunk->type;
+ idx++;
}
ab->qmi.mem_seg_count = idx;
--
2.34.1
^ permalink raw reply related
* [PATCH ath-next 1/3] wifi: ath12k: switch to name-based reserved memory lookup
From: Aaradhana Sahu @ 2026-06-11 3:33 UTC (permalink / raw)
To: ath12k; +Cc: linux-wireless, Aaradhana Sahu
In-Reply-To: <20260611033314.2330-1-aaradhana.sahu@oss.qualcomm.com>
The driver currently retrieves reserved memory regions using index-based
lookup, which depends on the ordering of reserved-memory nodes in the
device tree. Since different platforms define these regions in varying
orders and combinations, this approach is not compatible and can result
in incorrect memory region access.
Switch to looking up memory regions by name instead of index so it does
not depend on node order.
Use names already defined in qcom,ipq5332-wifi.yaml, so there are no
backward compatibility issues.
Tested-on: IPQ5332 hw1.0 AHB WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
Signed-off-by: Aaradhana Sahu <aaradhana.sahu@oss.qualcomm.com>
---
drivers/net/wireless/ath/ath12k/ahb.c | 18 ++++++------
drivers/net/wireless/ath/ath12k/core.c | 25 -----------------
drivers/net/wireless/ath/ath12k/core.h | 2 --
drivers/net/wireless/ath/ath12k/qmi.c | 38 +++++++++++++-------------
4 files changed, 29 insertions(+), 54 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/ahb.c b/drivers/net/wireless/ath/ath12k/ahb.c
index 30733a244454..695b605a92fd 100644
--- a/drivers/net/wireless/ath/ath12k/ahb.c
+++ b/drivers/net/wireless/ath/ath12k/ahb.c
@@ -15,6 +15,7 @@
#include "ahb.h"
#include "debug.h"
#include "hif.h"
+#include <linux/of_reserved_mem.h>
#define ATH12K_IRQ_CE0_OFFSET 4
#define ATH12K_MAX_UPDS 1
@@ -338,24 +339,25 @@ static int ath12k_ahb_power_up(struct ath12k_base *ab)
char fw2_name[ATH12K_USERPD_FW_NAME_LEN];
struct device *dev = ab->dev;
const struct firmware *fw, *fw2;
- struct reserved_mem *rmem = NULL;
unsigned long time_left;
phys_addr_t mem_phys;
+ struct resource res;
void *mem_region;
size_t mem_size;
u32 pasid;
int ret;
- rmem = ath12k_core_get_reserved_mem(ab, 0);
- if (!rmem)
- return -ENODEV;
+ ret = of_reserved_mem_region_to_resource_byname(dev->of_node, "q6-region",
+ &res);
+ if (ret)
+ return ret;
- mem_phys = rmem->base;
- mem_size = rmem->size;
+ mem_phys = res.start;
+ mem_size = resource_size(&res);
mem_region = devm_memremap(dev, mem_phys, mem_size, MEMREMAP_WC);
if (IS_ERR(mem_region)) {
- ath12k_err(ab, "unable to map memory region: %pa+%pa\n",
- &rmem->base, &rmem->size);
+ ath12k_err(ab, "unable to map memory region: %pa+%zx\n",
+ &res.start, mem_size);
return PTR_ERR(mem_region);
}
diff --git a/drivers/net/wireless/ath/ath12k/core.c b/drivers/net/wireless/ath/ath12k/core.c
index 742d4fd1b598..617d039b9237 100644
--- a/drivers/net/wireless/ath/ath12k/core.c
+++ b/drivers/net/wireless/ath/ath12k/core.c
@@ -637,31 +637,6 @@ u32 ath12k_core_get_max_peers_per_radio(struct ath12k_base *ab)
}
EXPORT_SYMBOL(ath12k_core_get_max_peers_per_radio);
-struct reserved_mem *ath12k_core_get_reserved_mem(struct ath12k_base *ab,
- int index)
-{
- struct device *dev = ab->dev;
- struct reserved_mem *rmem;
- struct device_node *node;
-
- node = of_parse_phandle(dev->of_node, "memory-region", index);
- if (!node) {
- ath12k_dbg(ab, ATH12K_DBG_BOOT,
- "failed to parse memory-region for index %d\n", index);
- return NULL;
- }
-
- rmem = of_reserved_mem_lookup(node);
- of_node_put(node);
- if (!rmem) {
- ath12k_dbg(ab, ATH12K_DBG_BOOT,
- "unable to get memory-region for index %d\n", index);
- return NULL;
- }
-
- return rmem;
-}
-
static inline
void ath12k_core_to_group_ref_get(struct ath12k_base *ab)
{
diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h
index fc5127b5c1a3..ba2f617d8e5f 100644
--- a/drivers/net/wireless/ath/ath12k/core.h
+++ b/drivers/net/wireless/ath/ath12k/core.h
@@ -1294,8 +1294,6 @@ void ath12k_fw_stats_init(struct ath12k *ar);
void ath12k_fw_stats_bcn_free(struct list_head *head);
void ath12k_fw_stats_free(struct ath12k_fw_stats *stats);
void ath12k_fw_stats_reset(struct ath12k *ar);
-struct reserved_mem *ath12k_core_get_reserved_mem(struct ath12k_base *ab,
- int index);
enum ath12k_qmi_mem_mode ath12k_core_get_memory_mode(struct ath12k_base *ab);
static inline const char *ath12k_scan_state_str(enum ath12k_scan_state state)
diff --git a/drivers/net/wireless/ath/ath12k/qmi.c b/drivers/net/wireless/ath/ath12k/qmi.c
index fd762b5d7bb5..0176d6a4bf8c 100644
--- a/drivers/net/wireless/ath/ath12k/qmi.c
+++ b/drivers/net/wireless/ath/ath12k/qmi.c
@@ -13,6 +13,7 @@
#include <linux/firmware.h>
#include <linux/of_address.h>
#include <linux/ioport.h>
+#include <linux/of_reserved_mem.h>
#define SLEEP_CLOCK_SELECT_INTERNAL_BIT 0x02
#define HOST_CSTATE_BIT 0x04
@@ -2727,20 +2728,20 @@ static int ath12k_qmi_alloc_target_mem_chunk(struct ath12k_base *ab)
static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
{
- struct reserved_mem *rmem;
+ struct device_node *np = ab->dev->of_node;
size_t avail_rmem_size;
+ struct resource res;
int i, idx, ret;
for (i = 0, idx = 0; i < ab->qmi.mem_seg_count; i++) {
switch (ab->qmi.target_mem[i].type) {
case HOST_DDR_REGION_TYPE:
- rmem = ath12k_core_get_reserved_mem(ab, 0);
- if (!rmem) {
- ret = -ENODEV;
+ ret = of_reserved_mem_region_to_resource_byname(np, "q6-region",
+ &res);
+ if (ret)
goto out;
- }
- avail_rmem_size = rmem->size;
+ avail_rmem_size = resource_size(&res);
if (avail_rmem_size < ab->qmi.target_mem[i].size) {
ath12k_dbg(ab, ATH12K_DBG_QMI,
"failed to assign mem type %u req size %u avail size %zu\n",
@@ -2751,7 +2752,7 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
goto out;
}
- ab->qmi.target_mem[idx].paddr = rmem->base;
+ ab->qmi.target_mem[idx].paddr = res.start;
ab->qmi.target_mem[idx].v.ioaddr =
ioremap(ab->qmi.target_mem[idx].paddr,
ab->qmi.target_mem[i].size);
@@ -2764,13 +2765,13 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
idx++;
break;
case BDF_MEM_REGION_TYPE:
- rmem = ath12k_core_get_reserved_mem(ab, 0);
- if (!rmem) {
- ret = -ENODEV;
+ ret = of_reserved_mem_region_to_resource_byname(np, "q6-region",
+ &res);
+ if (ret)
goto out;
- }
- avail_rmem_size = rmem->size - ab->hw_params->bdf_addr_offset;
+ avail_rmem_size = resource_size(&res) -
+ ab->hw_params->bdf_addr_offset;
if (avail_rmem_size < ab->qmi.target_mem[i].size) {
ath12k_dbg(ab, ATH12K_DBG_QMI,
"failed to assign mem type %u req size %u avail size %zu\n",
@@ -2781,7 +2782,7 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
goto out;
}
ab->qmi.target_mem[idx].paddr =
- rmem->base + ab->hw_params->bdf_addr_offset;
+ res.start + ab->hw_params->bdf_addr_offset;
ab->qmi.target_mem[idx].v.ioaddr =
ioremap(ab->qmi.target_mem[idx].paddr,
ab->qmi.target_mem[i].size);
@@ -2806,13 +2807,12 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
idx++;
break;
case M3_DUMP_REGION_TYPE:
- rmem = ath12k_core_get_reserved_mem(ab, 1);
- if (!rmem) {
- ret = -EINVAL;
+ ret = of_reserved_mem_region_to_resource_byname(np, "m3-dump",
+ &res);
+ if (ret)
goto out;
- }
- avail_rmem_size = rmem->size;
+ avail_rmem_size = resource_size(&res);
if (avail_rmem_size < ab->qmi.target_mem[i].size) {
ath12k_dbg(ab, ATH12K_DBG_QMI,
"failed to assign mem type %u req size %u avail size %zu\n",
@@ -2823,7 +2823,7 @@ static int ath12k_qmi_assign_target_mem_chunk(struct ath12k_base *ab)
goto out;
}
- ab->qmi.target_mem[idx].paddr = rmem->base;
+ ab->qmi.target_mem[idx].paddr = res.start;
ab->qmi.target_mem[idx].v.ioaddr =
ioremap(ab->qmi.target_mem[idx].paddr,
ab->qmi.target_mem[i].size);
--
2.34.1
^ permalink raw reply related
* [PATCH ath-next 0/3] wifi: ath12k: Fix memory allocation and improve reserved memory handling
From: Aaradhana Sahu @ 2026-06-11 3:33 UTC (permalink / raw)
To: ath12k; +Cc: linux-wireless, Aaradhana Sahu
The current implementation relies on index-based device tree reserved
memory lookup. Different platform variants define reserved memory
regions in different orders and combinations, making the index-based
lookup fragile across platforms.
Currently, the driver allocates the HOST_DDR_REGION_TYPE
starting from the base of the Q6 region, which overlaps the Q6 read-only
firmware section. This causes firmware assertions during QMI memory
allocation, as the firmware expects writable regions to be placed after the
read-only section.
Address these issues by:
- switching to name-based reserved memory lookup to remove dependency on
device tree node ordering,
- refactoring QMI memory assignment logic to reduce code duplication and
improve maintainability,
- placing HOST_DDR and BDF regions after the Q6 read-only firmware section
using the bdf_addr_offset parameter.
This series ensure correct reserved memory handling across different
platform variants, prevent overlapping memory allocations, and maintain
backward compatibility by reusing existing reserved memory region names
defined in device tree bindings.
Overview:
- Patch [1/3] switches to name-based reserved memory lookup for platform
compatibility.
- Patch [2/3] refactors QMI memory assignment to eliminate code
duplication.
- Patch [3/3] fixes memory allocation to place HOST_DDR and BDF regions
after Q6 read-only section.
Aaradhana Sahu (3):
wifi: ath12k: switch to name-based reserved memory lookup
wifi: ath12k: refactor QMI memory assignment
wifi: ath12k: allocate HOST_DDR and BDF regions after Q6 RO region
drivers/net/wireless/ath/ath12k/ahb.c | 18 +--
drivers/net/wireless/ath/ath12k/core.c | 25 ----
drivers/net/wireless/ath/ath12k/core.h | 2 -
drivers/net/wireless/ath/ath12k/qmi.c | 168 ++++++++++---------------
4 files changed, 78 insertions(+), 135 deletions(-)
base-commit: 83f028be15fe071efbee8e27837538d6cca77e87
--
2.34.1
^ permalink raw reply
* [PATCH v2] wifi: ath6kl: fix invalid workqueue flags in ath6kl_usb_create()
From: wuyankun @ 2026-06-11 1:55 UTC (permalink / raw)
To: penguin-kernel
Cc: jeff.johnson, johan, kees, linux-kernel, linux-wireless,
sumanth.gavini, syzbot+f80c62f371ba6a1e7d79, syzkaller-bugs,
wuyankun
In-Reply-To: <075511fc-1136-4208-84d0-9214e761f8ba@I-love.SAKURA.ne.jp>
ath6kl_usb_create() currently creates ath6kl_wq with flags set to 0:
alloc_workqueue("ath6kl_wq", 0, 0)
This triggers a runtime warning in __alloc_workqueue() because the queue is
created with neither WQ_PERCPU nor WQ_UNBOUND set:
workqueue: ath6kl_wq is using neither WQ_PERCPU or WQ_UNBOUND.
Setting WQ_PERCPU.
Set WQ_PERCPU explicitly to match the actual execution model and remove the
warning during device probe. No functional change intended.
Fixes: 21c05ca88a54 ("workqueue: Add warnings and ensure one among WQ_PERCPU or WQ_UNBOUND is present")
Reported-by: syzbot+f80c62f371ba6a1e7d79@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/6a289c01.39669fcc.33b062.00aa.GAE@google.com/T/
Signed-off-by: wuyankun <wuyankun@uniontech.com>
---
drivers/net/wireless/ath/ath6kl/usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c
index 79c18f5ee02b..945984c3dbe6 100644
--- a/drivers/net/wireless/ath/ath6kl/usb.c
+++ b/drivers/net/wireless/ath/ath6kl/usb.c
@@ -636,7 +636,7 @@ static struct ath6kl_usb *ath6kl_usb_create(struct usb_interface *interface)
ar_usb = kzalloc_obj(struct ath6kl_usb);
if (ar_usb == NULL)
return NULL;
- ar_usb->wq = alloc_workqueue("ath6kl_wq", 0, 0);
+ ar_usb->wq = alloc_workqueue("ath6kl_wq", WQ_PERCPU, 0);
if (!ar_usb->wq) {
kfree(ar_usb);
return NULL;
--
2.20.1
^ permalink raw reply related
* RE: [PATCH rtw-next 2/2] wifi: rtw88: 8822b: Don't process RF path C in query_phy_status_page1
From: Ping-Ke Shih @ 2026-06-11 0:58 UTC (permalink / raw)
To: Bitterblue Smith, linux-wireless@vger.kernel.org
In-Reply-To: <9c4beb36-2954-4db0-844a-74ba5eacf21b@gmail.com>
Bitterblue Smith <rtl8821cerfe2@gmail.com> wrote:
> Replace <= with < in the loop in query_phy_status_page1(). It was
> processing data related to RF path C, which this chip doesn't have.
> The only bad effect seems to be that the phy_info file in debugfs was
> printing unexpected values for RF path C.
>
> Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
^ permalink raw reply
* RE: [PATCH rtw-next 1/2] wifi: rtw88: 8822c: Don't process RF path C in query_phy_status_page{0,1}
From: Ping-Ke Shih @ 2026-06-11 0:58 UTC (permalink / raw)
To: Bitterblue Smith, linux-wireless@vger.kernel.org
In-Reply-To: <ee30b95f-bc68-4711-9b15-cf5fd23c3c48@gmail.com>
Bitterblue Smith <rtl8821cerfe2@gmail.com> wrote:
> Replace <= with < in the loops in query_phy_status_page{0,1}(). They
> were processing data related to RF path C, which this chip doesn't have.
> The only bad effect seems to be that the phy_info file in debugfs was
> printing unexpected values for RF path C.
>
> Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
^ permalink raw reply
* Re: [stable request] mt7921e: backport two mt76 fixes to 6.12.y
From: Sasha Levin @ 2026-06-11 0:45 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, Felix Fietkau, Lorenzo Bianconi, Ryder Lee,
Shayne Chen, Sean Wang, linux-wireless, Ajrat Makhmutov
In-Reply-To: <20260610080943.17734-1-rauty@altlinux.org>
On Tue, Jun 10, 2026 at 11:09:43AM +0300, Ajrat Makhmutov wrote:
> Please backport to 6.12.y:
> 2425dc7beaad wifi: mt76: mt7921: avoid undesired changes of the preset regulatory domain
> 5ed54896b6bd wifi: mt76: mt7921: fix a potential scan no APs
I'm going to hold off on this one. The second commit, 5ed54896b6bd,
introduces a reachable dev->mutex self-deadlock on STA-remove-while-ROC;
the follow-up that cures it (d5059e52) isn't in any stable tree and was
never marked for stable (it's only in linux-next so far).
So taking these two alone would queue a deadlock. If d5059e52 lands
upstream (or you can confirm it's headed to stable), please resend the
request as all three together and I'll take them for 6.12.y.
--
Thanks,
Sasha
^ permalink raw reply
* Re: [PATCH 5.10] wifi: mac80211: check tdls flag in ieee80211_tdls_oper
From: Sasha Levin @ 2026-06-11 0:45 UTC (permalink / raw)
To: stable, Greg Kroah-Hartman
Cc: Sasha Levin, Alexey Panov, Johannes Berg, David S. Miller,
Jakub Kicinski, linux-wireless, netdev, linux-kernel, lvc-project,
syzbot+56b6a844a4ea74487b7b, Deepanshu Kartikey, Johannes Berg
In-Reply-To: <20260609181108.29138-1-apanov@astralinux.ru>
On Mon, Jun 09, 2026 at 09:11:08PM +0300, Alexey Panov wrote:
> [PATCH 5.10] wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Queued for 5.10, thanks.
--
Thanks,
Sasha
^ permalink raw reply
* [wireless-next:main] BUILD SUCCESS 21352612198c83a8441482abbf3bd45e4f128dd0
From: kernel test robot @ 2026-06-10 21:29 UTC (permalink / raw)
To: Johannes Berg; +Cc: linux-wireless
tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
branch HEAD: 21352612198c83a8441482abbf3bd45e4f128dd0 b43: add RF power offset for N-PHY r8 + radio 2057 r8
elapsed time: 760m
configs tested: 293
configs skipped: 106
The following configs have been built successfully.
More configs may be tested in the coming days.
tested configs:
alpha allnoconfig gcc-16.1.0
alpha allyesconfig gcc-16.1.0
alpha defconfig gcc-16.1.0
arc allmodconfig clang-23
arc allmodconfig gcc-16.1.0
arc allnoconfig gcc-16.1.0
arc allyesconfig clang-23
arc allyesconfig gcc-16.1.0
arc defconfig gcc-16.1.0
arc randconfig-001-20260610 gcc-8.5.0
arc randconfig-001-20260611 gcc-14.3.0
arc randconfig-002-20260610 gcc-8.5.0
arc randconfig-002-20260611 gcc-14.3.0
arm allnoconfig clang-23
arm allnoconfig gcc-16.1.0
arm allyesconfig clang-23
arm allyesconfig gcc-16.1.0
arm defconfig gcc-16.1.0
arm mvebu_v7_defconfig clang-23
arm randconfig-001-20260610 clang-23
arm randconfig-001-20260610 gcc-8.5.0
arm randconfig-001-20260611 gcc-14.3.0
arm randconfig-002-20260610 clang-20
arm randconfig-002-20260610 gcc-8.5.0
arm randconfig-002-20260611 gcc-14.3.0
arm randconfig-003-20260610 clang-23
arm randconfig-003-20260610 gcc-8.5.0
arm randconfig-003-20260611 gcc-14.3.0
arm randconfig-004-20260610 clang-23
arm randconfig-004-20260610 gcc-8.5.0
arm randconfig-004-20260611 gcc-14.3.0
arm64 allmodconfig clang-23
arm64 allnoconfig gcc-16.1.0
arm64 defconfig gcc-16.1.0
arm64 randconfig-001-20260610 gcc-11.5.0
arm64 randconfig-001-20260611 gcc-10.5.0
arm64 randconfig-001-20260611 gcc-14.3.0
arm64 randconfig-002-20260610 gcc-11.5.0
arm64 randconfig-002-20260611 clang-23
arm64 randconfig-002-20260611 gcc-14.3.0
arm64 randconfig-003-20260610 gcc-11.5.0
arm64 randconfig-003-20260611 gcc-10.5.0
arm64 randconfig-003-20260611 gcc-14.3.0
arm64 randconfig-004-20260610 gcc-11.5.0
arm64 randconfig-004-20260611 clang-22
arm64 randconfig-004-20260611 gcc-14.3.0
csky allmodconfig gcc-16.1.0
csky allnoconfig gcc-16.1.0
csky defconfig gcc-16.1.0
csky randconfig-001-20260610 gcc-11.5.0
csky randconfig-001-20260611 gcc-14.3.0
csky randconfig-002-20260610 gcc-11.5.0
csky randconfig-002-20260611 gcc-14.3.0
hexagon allmodconfig clang-23
hexagon allmodconfig gcc-16.1.0
hexagon allnoconfig clang-23
hexagon allnoconfig gcc-16.1.0
hexagon defconfig gcc-16.1.0
hexagon randconfig-001-20260611 clang-17
hexagon randconfig-002-20260611 clang-17
i386 allmodconfig clang-22
i386 allmodconfig gcc-14
i386 allnoconfig gcc-14
i386 allnoconfig gcc-16.1.0
i386 allyesconfig clang-22
i386 allyesconfig gcc-14
i386 buildonly-randconfig-001-20260610 gcc-14
i386 buildonly-randconfig-002-20260610 gcc-14
i386 buildonly-randconfig-003-20260610 gcc-14
i386 buildonly-randconfig-004-20260610 gcc-14
i386 buildonly-randconfig-005-20260610 gcc-14
i386 buildonly-randconfig-006-20260610 clang-22
i386 buildonly-randconfig-006-20260610 gcc-14
i386 defconfig gcc-16.1.0
i386 randconfig-001-20260610 gcc-14
i386 randconfig-001-20260611 gcc-14
i386 randconfig-002-20260610 gcc-14
i386 randconfig-002-20260611 gcc-14
i386 randconfig-003-20260610 clang-22
i386 randconfig-003-20260610 gcc-14
i386 randconfig-003-20260611 gcc-14
i386 randconfig-004-20260610 gcc-14
i386 randconfig-004-20260611 gcc-14
i386 randconfig-005-20260610 clang-22
i386 randconfig-005-20260610 gcc-14
i386 randconfig-005-20260611 gcc-14
i386 randconfig-006-20260610 gcc-14
i386 randconfig-006-20260611 gcc-14
i386 randconfig-007-20260610 gcc-14
i386 randconfig-007-20260611 gcc-14
i386 randconfig-011-20260610 clang-22
i386 randconfig-011-20260610 gcc-14
i386 randconfig-011-20260611 gcc-14
i386 randconfig-012-20260610 clang-22
i386 randconfig-012-20260610 gcc-14
i386 randconfig-012-20260611 gcc-14
i386 randconfig-013-20260610 clang-22
i386 randconfig-013-20260610 gcc-14
i386 randconfig-013-20260611 gcc-14
i386 randconfig-014-20260610 clang-22
i386 randconfig-014-20260610 gcc-14
i386 randconfig-014-20260611 gcc-14
i386 randconfig-015-20260610 clang-22
i386 randconfig-015-20260610 gcc-14
i386 randconfig-015-20260611 gcc-14
i386 randconfig-016-20260610 clang-22
i386 randconfig-016-20260610 gcc-14
i386 randconfig-016-20260611 gcc-14
i386 randconfig-017-20260610 gcc-14
i386 randconfig-017-20260611 gcc-14
loongarch allmodconfig clang-19
loongarch allmodconfig clang-23
loongarch allnoconfig clang-20
loongarch allnoconfig gcc-16.1.0
loongarch defconfig clang-23
loongarch randconfig-001-20260611 clang-17
loongarch randconfig-002-20260611 clang-17
m68k allmodconfig gcc-16.1.0
m68k allnoconfig gcc-16.1.0
m68k allyesconfig clang-23
m68k allyesconfig gcc-16.1.0
m68k apollo_defconfig gcc-16.1.0
m68k defconfig clang-23
m68k m5272c3_defconfig gcc-16.1.0
microblaze allnoconfig gcc-16.1.0
microblaze allyesconfig gcc-16.1.0
microblaze defconfig clang-23
mips allmodconfig gcc-16.1.0
mips allnoconfig gcc-16.1.0
mips allyesconfig gcc-16.1.0
nios2 allmodconfig clang-20
nios2 allmodconfig gcc-11.5.0
nios2 allnoconfig clang-23
nios2 allnoconfig gcc-11.5.0
nios2 defconfig clang-23
nios2 randconfig-001-20260611 clang-17
nios2 randconfig-002-20260611 clang-17
openrisc allmodconfig clang-20
openrisc allmodconfig gcc-16.1.0
openrisc allnoconfig clang-23
openrisc allnoconfig gcc-16.1.0
openrisc defconfig gcc-16.1.0
openrisc simple_smp_defconfig gcc-16.1.0
parisc allmodconfig gcc-16.1.0
parisc allnoconfig clang-23
parisc allnoconfig gcc-16.1.0
parisc allyesconfig clang-17
parisc allyesconfig gcc-16.1.0
parisc defconfig gcc-16.1.0
parisc randconfig-001-20260611 gcc-13.4.0
parisc randconfig-002-20260611 gcc-13.4.0
parisc64 defconfig clang-23
powerpc akebono_defconfig clang-23
powerpc allmodconfig gcc-16.1.0
powerpc allnoconfig clang-23
powerpc allnoconfig gcc-16.1.0
powerpc randconfig-001-20260611 gcc-13.4.0
powerpc randconfig-002-20260611 gcc-13.4.0
powerpc64 randconfig-001-20260611 gcc-13.4.0
powerpc64 randconfig-002-20260611 gcc-13.4.0
riscv allmodconfig clang-23
riscv allnoconfig clang-23
riscv allnoconfig gcc-16.1.0
riscv allyesconfig clang-23
riscv defconfig gcc-16.1.0
riscv randconfig-001-20260610 gcc-16.1.0
riscv randconfig-001-20260611 gcc-12.5.0
riscv randconfig-002-20260610 gcc-16.1.0
riscv randconfig-002-20260611 gcc-12.5.0
s390 allmodconfig clang-17
s390 allmodconfig clang-23
s390 allnoconfig clang-23
s390 allyesconfig gcc-16.1.0
s390 defconfig gcc-16.1.0
s390 randconfig-001-20260610 gcc-16.1.0
s390 randconfig-001-20260611 gcc-12.5.0
s390 randconfig-002-20260610 gcc-16.1.0
s390 randconfig-002-20260611 gcc-12.5.0
sh allmodconfig gcc-16.1.0
sh allnoconfig clang-23
sh allnoconfig gcc-16.1.0
sh allyesconfig clang-17
sh allyesconfig gcc-16.1.0
sh defconfig gcc-14
sh randconfig-001-20260610 gcc-16.1.0
sh randconfig-001-20260611 gcc-12.5.0
sh randconfig-002-20260610 gcc-16.1.0
sh randconfig-002-20260611 gcc-12.5.0
sparc allnoconfig clang-23
sparc allnoconfig gcc-16.1.0
sparc defconfig gcc-16.1.0
sparc randconfig-001-20260610 gcc-14.3.0
sparc randconfig-001-20260611 gcc-15.2.0
sparc randconfig-002-20260610 gcc-14.3.0
sparc randconfig-002-20260611 gcc-15.2.0
sparc64 allmodconfig clang-20
sparc64 defconfig gcc-14
sparc64 randconfig-001-20260610 gcc-14.3.0
sparc64 randconfig-001-20260611 gcc-15.2.0
sparc64 randconfig-002-20260610 gcc-14.3.0
sparc64 randconfig-002-20260611 gcc-15.2.0
um allmodconfig clang-17
um allmodconfig clang-23
um allnoconfig clang-16
um allnoconfig clang-23
um allyesconfig gcc-14
um allyesconfig gcc-16.1.0
um defconfig gcc-14
um i386_defconfig gcc-14
um randconfig-001-20260610 gcc-14.3.0
um randconfig-001-20260611 gcc-15.2.0
um randconfig-002-20260610 gcc-14.3.0
um randconfig-002-20260611 gcc-15.2.0
um x86_64_defconfig gcc-14
x86_64 allmodconfig clang-22
x86_64 allnoconfig clang-22
x86_64 allnoconfig clang-23
x86_64 allyesconfig clang-22
x86_64 buildonly-randconfig-001-20260610 clang-22
x86_64 buildonly-randconfig-001-20260610 gcc-14
x86_64 buildonly-randconfig-001-20260611 gcc-14
x86_64 buildonly-randconfig-002-20260610 gcc-14
x86_64 buildonly-randconfig-002-20260611 gcc-14
x86_64 buildonly-randconfig-003-20260610 clang-22
x86_64 buildonly-randconfig-003-20260610 gcc-14
x86_64 buildonly-randconfig-003-20260611 gcc-14
x86_64 buildonly-randconfig-004-20260610 clang-22
x86_64 buildonly-randconfig-004-20260610 gcc-14
x86_64 buildonly-randconfig-004-20260611 gcc-14
x86_64 buildonly-randconfig-005-20260610 gcc-14
x86_64 buildonly-randconfig-005-20260611 gcc-14
x86_64 buildonly-randconfig-006-20260610 gcc-14
x86_64 buildonly-randconfig-006-20260611 gcc-14
x86_64 defconfig gcc-14
x86_64 kexec clang-22
x86_64 randconfig-001-20260610 clang-22
x86_64 randconfig-001-20260610 gcc-13
x86_64 randconfig-001-20260611 gcc-14
x86_64 randconfig-002-20260610 clang-22
x86_64 randconfig-002-20260610 gcc-13
x86_64 randconfig-002-20260611 gcc-14
x86_64 randconfig-003-20260610 gcc-13
x86_64 randconfig-003-20260611 gcc-14
x86_64 randconfig-004-20260610 clang-22
x86_64 randconfig-004-20260610 gcc-13
x86_64 randconfig-004-20260611 gcc-14
x86_64 randconfig-005-20260610 clang-22
x86_64 randconfig-005-20260610 gcc-13
x86_64 randconfig-005-20260611 gcc-14
x86_64 randconfig-006-20260610 gcc-13
x86_64 randconfig-006-20260611 gcc-14
x86_64 randconfig-011-20260610 gcc-12
x86_64 randconfig-011-20260610 gcc-14
x86_64 randconfig-011-20260611 gcc-14
x86_64 randconfig-012-20260610 gcc-12
x86_64 randconfig-012-20260610 gcc-14
x86_64 randconfig-012-20260611 gcc-14
x86_64 randconfig-013-20260610 gcc-14
x86_64 randconfig-013-20260611 gcc-14
x86_64 randconfig-014-20260610 gcc-12
x86_64 randconfig-014-20260610 gcc-14
x86_64 randconfig-014-20260611 gcc-14
x86_64 randconfig-015-20260610 gcc-14
x86_64 randconfig-015-20260611 gcc-14
x86_64 randconfig-016-20260610 gcc-14
x86_64 randconfig-016-20260611 gcc-14
x86_64 randconfig-071-20260610 gcc-14
x86_64 randconfig-071-20260611 clang-22
x86_64 randconfig-072-20260610 gcc-14
x86_64 randconfig-072-20260611 clang-22
x86_64 randconfig-073-20260610 gcc-14
x86_64 randconfig-073-20260611 clang-22
x86_64 randconfig-074-20260610 gcc-14
x86_64 randconfig-074-20260611 clang-22
x86_64 randconfig-075-20260610 gcc-14
x86_64 randconfig-075-20260611 clang-22
x86_64 randconfig-076-20260610 gcc-14
x86_64 randconfig-076-20260611 clang-22
x86_64 rhel-9.4 clang-22
x86_64 rhel-9.4-bpf gcc-14
x86_64 rhel-9.4-func clang-22
x86_64 rhel-9.4-kselftests clang-22
x86_64 rhel-9.4-kunit gcc-14
x86_64 rhel-9.4-ltp gcc-14
x86_64 rhel-9.4-rust clang-22
xtensa allnoconfig clang-23
xtensa allnoconfig gcc-16.1.0
xtensa allyesconfig clang-20
xtensa allyesconfig gcc-16.1.0
xtensa randconfig-001-20260610 gcc-14.3.0
xtensa randconfig-001-20260611 gcc-15.2.0
xtensa randconfig-002-20260610 gcc-14.3.0
xtensa randconfig-002-20260611 gcc-15.2.0
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply
* Re: [PATCH v8 3/3] PCI: Disable broken bus reset on Qualcomm devices
From: Bjorn Helgaas @ 2026-06-10 19:40 UTC (permalink / raw)
To: Jose Ignacio Tornos Martinez
Cc: bhelgaas, alex, jjohnson, mani, linux-pci, linux-wireless, ath11k,
ath12k, mhi, linux-kernel
In-Reply-To: <20260609163649.319755-4-jtornosm@redhat.com>
On Tue, Jun 09, 2026 at 06:36:49PM +0200, Jose Ignacio Tornos Martinez wrote:
> Some Qualcomm PCIe devices (WCN6855/WCN7850 WiFi cards, SDX62/SDX65 modems)
> do not properly support Secondary Bus Reset (SBR).
>
> Testing confirms this is device-specific, not deployment-specific:
> MediaTek MT7925e successfully uses bus reset through the same passive
> M.2-to-PCIe adapters where Qualcomm devices fail, proving PERST# is
> properly wired through the adapters.
>
> This quirk acts as a safety net, preventing the broken bus reset from being
> attempted if users override reset methods (device_specific or d3cold when
> available) via sysfs.
>
> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Applied this patch (3/3 only) to pci/virtualization for v7.2, thanks!
It looks like the D3cold parts are still being ironed out.
> ---
> v8: code unchanged from v7
> v7: https://lore.kernel.org/all/20260603105853.326290-4-jtornosm@redhat.com/
>
> drivers/pci/quirks.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
> index 000000000000..111111111111 100644
> --- a/drivers/pci/quirks.c
> +++ b/drivers/pci/quirks.c
> @@ -3789,6 +3789,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0030, quirk_no_bus_reset);
> DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0032, quirk_no_bus_reset);
> DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x003c, quirk_no_bus_reset);
> DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0033, quirk_no_bus_reset);
> DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0034, quirk_no_bus_reset);
> DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x003e, quirk_no_bus_reset);
> +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_QCOM, 0x1103, quirk_no_bus_reset); /* WCN6855 */
> +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_QCOM, 0x1107, quirk_no_bus_reset); /* WCN7850 */
> +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_QCOM, 0x0308, quirk_no_bus_reset); /* SDX62/SDX65 */
>
> /*
> * Root port on some Cavium CN8xxx chips do not successfully complete a bus
> --
> 2.53.0
>
^ permalink raw reply
* Re: [PATCH v8 2/3] PCI: Add device-specific reset for Qualcomm devices
From: Alex Williamson @ 2026-06-10 19:15 UTC (permalink / raw)
To: Jose Ignacio Tornos Martinez
Cc: ath11k, ath12k, bhelgaas, jjohnson, linux-kernel, linux-pci,
linux-wireless, mani, mhi, alex
In-Reply-To: <20260610100059.19235-1-jtornosm@redhat.com>
On Wed, 10 Jun 2026 12:00:59 +0200
Jose Ignacio Tornos Martinez <jtornosm@redhat.com> wrote:
> Hi Alex,
>
> > My only complaint is that this is positioned a bit generically...
> Ok, I'll make the comment of the function more specific for these Qualcomm
> devices.
>
> > Has each of these devices been tested on a platform where D3cold is
> > actually achieved through this method?
> No, I don't have access to platforms with _PR3 support. All testing was on
> M.2 adapters (D3hot fallback only). Since D3hot works reliably and D3cold
> is a stronger reset mechanism, the approach should work - but I cannot
> confirm the D3cold path through testing.
This seems to suggest that the D3cold reset method is also untested...
I'd suggest dropping the D3cold throughout, unless you can get someone
to volunteer to test it. It seems like you really just want this quirk
to do a D3hot regardless of NoSoftRst+ with a select set of devices
where it appears to do more than nothing, where doing nothing is
effectively what's left after the other reset methods are being quirked
off for being worse than nothing. Thanks,
Alex
^ permalink raw reply
* Re: [PATCH v7 1/3] PCI: Add d3cold as general reset method
From: Bjorn Helgaas @ 2026-06-10 18:42 UTC (permalink / raw)
To: Jose Ignacio Tornos Martinez
Cc: bhelgaas, alex, jjohnson, mani, linux-pci, linux-wireless, ath11k,
ath12k, mhi, linux-kernel, linux-pm
In-Reply-To: <20260603105853.326290-2-jtornosm@redhat.com>
[+cc linux-pm]
On Wed, Jun 03, 2026 at 12:58:51PM +0200, Jose Ignacio Tornos Martinez wrote:
> Add D3cold power cycle as a general PCI reset method for single-function
> devices on platforms with ACPI _PR3 power resources. This provides true
> power cycle reset capability when the platform can physically cut power
> to the device.
>
> The implementation strictly requires _PR3 to be present - the platform
> must be able to control device power. This ensures d3cold only attempts
> true power cycling, not falling back to D3hot transitions.
>
> D3cold reset is placed at the end of the reset hierarchy since it requires
> specific platform support and should be tried after standard methods.
>
> Reset hierarchy with this change:
> 1. device_specific
> 2. acpi
> 3. flr
> 4. af_flr
> 5. pm (D3hot via config space, checks NoSoftRst)
> 6. bus (SBR)
> 7. cxl_bus
> 8. d3cold (NEW - true power cycle, requires _PR3)
>
> This benefits:
> - Platforms with _PR3 support
> - Single-function devices needing true power cycle
> - VFIO passthrough scenarios where FLR/PM unavailable
I assume you have some specific device(s) in mind here; can we mention
any examples so this is more than just theoretically useful?
> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
> ---
> v7: code unchanged from v6
> v6: https://lore.kernel.org/all/20260602160024.1171949-2-jtornosm@redhat.com/
>
> drivers/pci/pci.c | 50 +++++++++++++++++++++++++++++++++++++++++++++
> include/linux/pci.h | 2 +-
> 2 files changed, 51 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 8f7cfcc00090..096868f80cd4 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -4491,6 +4491,55 @@ static int pci_pm_reset(struct pci_dev *dev, bool probe)
> return ret;
> }
>
> +/**
> + * pci_d3cold_reset - Put device into D3cold and back to D0 for reset
> + * @dev: PCI device to reset
> + * @probe: if true, check if D3cold reset is supported; if false, perform reset
> + *
> + * Reset the device by transitioning through D3cold (actual power removal via
> + * platform power control) and back to D0. This requires ACPI _PR3 power
> + * resources to be present - the platform must be able to physically cut power
> + * to the device.
> + *
> + * Only available for single-function devices to avoid affecting other
> + * functions in multi-function devices.
> + *
> + * Returns 0 if device can be/was reset this way, -ENOTTY if not supported,
> + * or other negative error code on failure.
> + */
> +static int pci_d3cold_reset(struct pci_dev *dev, bool probe)
> +{
> + int ret;
> +
> + if (dev->multifunction)
> + return -ENOTTY;
> +
> + if (!pci_pr3_present(dev))
> + return -ENOTTY;
platform_pci_set_power_state() is currently only implemented for MID
and ACPI, but we're starting to see DT systems with power control for
devices, so I assume it may someday be extended to support them.
Checking pci_pr3_present() seems wrong to me because it assumes ACPI.
On ACPI systems, it seems like pci_set_power_state(PCI_D3cold) should
return an error if the necessary ACPI methods are not present, and we
wouldn't need this check. Is that not the case?
Or is this _PR3 check here just to support the "probe"? I don't know
if there's a generic interface to tell us whether we can control the
power to a device.
> + if (probe)
> + return 0;
> +
> + if (dev->current_state != PCI_D0)
> + return -EINVAL;
> +
> + ret = pci_dev_reset_iommu_prepare(dev);
> + if (ret) {
> + pci_err(dev, "failed to stop IOMMU for a PCI reset: %d\n", ret);
> + return ret;
> + }
> +
> + ret = pci_set_power_state(dev, PCI_D3cold);
> + if (ret)
> + goto done;
> +
> + ret = pci_set_power_state(dev, PCI_D0);
> +
> +done:
> + pci_dev_reset_iommu_done(dev);
> + return ret;
> +}
> +
> /**
> * pcie_wait_for_link_status - Wait for link status change
> * @pdev: Device whose link to wait for.
> @@ -5065,6 +5114,7 @@ const struct pci_reset_fn_method pci_reset_fn_methods[] = {
> { pci_pm_reset, .name = "pm" },
> { pci_reset_bus_function, .name = "bus" },
> { cxl_reset_bus_function, .name = "cxl_bus" },
> + { pci_d3cold_reset, .name = "d3cold" },
> };
>
> /**
> diff --git a/include/linux/pci.h b/include/linux/pci.h
> index 2c4454583c11..1ca7b880ead7 100644
> --- a/include/linux/pci.h
> +++ b/include/linux/pci.h
> @@ -51,7 +51,7 @@
> PCI_STATUS_PARITY)
>
> /* Number of reset methods used in pci_reset_fn_methods array in pci.c */
> -#define PCI_NUM_RESET_METHODS 8
> +#define PCI_NUM_RESET_METHODS 9
>
> #define PCI_RESET_PROBE true
> #define PCI_RESET_DO_RESET false
> --
> 2.54.0
>
^ permalink raw reply
* [PATCH] wifi: mac80211: validate S1G beacon length before RX
From: Zhao Li @ 2026-06-10 16:27 UTC (permalink / raw)
To: Johannes Berg
Cc: Thomas Pedersen, linux-wireless, linux-kernel, Zhao Li, stable
S1G beacons are extension frames, so ieee80211_hdrlen() only guarantees
the extension header before the generic RX path starts dispatching the
frame.
The RX path can then reach helpers and interface handling code that read
regular 802.11 header address fields, which are not present at those
offsets in an S1G beacon.
Pull the complete S1G beacon fixed header, including optional fixed
fields indicated by frame control, before generic RX dispatch.
Also make ieee80211_get_bssid() length-safe for S1G beacons and avoid
regular-header address reads for S1G frames in accept/interface/MLO
address handling. Skip extension frames in duplicate detection for the
same reason, since that path consumes the regular sequence-control field.
Fixes: 09a740ce352e ("mac80211: receive and process S1G beacons")
Cc: stable@vger.kernel.org
Signed-off-by: Zhao Li <enderaoelyther@gmail.com>
---
include/linux/ieee80211.h | 13 +++++++++++++
net/mac80211/rx.c | 33 ++++++++++++++++++++++++++++-----
net/mac80211/util.c | 3 +++
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 23f9df9be8372..baee81fbb4a79 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2855,6 +2855,19 @@ struct ieee80211_tbtt_info_ge_11 {
#include "ieee80211-p2p.h"
#include "ieee80211-nan.h"
+/**
+ * ieee80211_s1g_beacon_min_len - minimum length of an S1G beacon frame
+ * @fc: frame control bytes in little-endian byteorder
+ *
+ * Return: the minimum frame length containing the fixed S1G beacon fields and
+ * optional fixed fields indicated in the S1G beacon frame control.
+ */
+static inline size_t ieee80211_s1g_beacon_min_len(__le16 fc)
+{
+ return offsetof(struct ieee80211_ext, u.s1g_beacon.variable) +
+ ieee80211_s1g_optional_len(fc);
+}
+
/**
* ieee80211_check_tim - check if AID bit is set in TIM
* @tim: the TIM IE
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 3fb40449c6c5c..2e6d0ce8509e4 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1526,6 +1526,9 @@ ieee80211_rx_h_check_dup(struct ieee80211_rx_data *rx)
if (status->flag & RX_FLAG_DUP_VALIDATED)
return RX_CONTINUE;
+ if (ieee80211_is_ext(hdr->frame_control))
+ return RX_CONTINUE;
+
/*
* Drop duplicate 802.11 retransmissions
* (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery")
@@ -4487,12 +4490,17 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
struct ieee80211_hdr *hdr = (void *)skb->data;
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
- bool multicast = is_multicast_ether_addr(hdr->addr1) ||
- ieee80211_is_s1g_beacon(hdr->frame_control);
+ bool s1g = ieee80211_is_s1g_beacon(hdr->frame_control);
+ bool multicast;
static const u8 nan_network_id[ETH_ALEN] __aligned(2) = {
0x51, 0x6F, 0x9A, 0x01, 0x00, 0x00
};
+ if (s1g)
+ return sdata->vif.type == NL80211_IFTYPE_STATION && bssid;
+
+ multicast = is_multicast_ether_addr(hdr->addr1);
+
switch (sdata->vif.type) {
case NL80211_IFTYPE_STATION:
if (!bssid && !sdata->u.mgd.use_4addr)
@@ -5175,11 +5183,13 @@ static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
}
/* Store a copy of the pre-translated link addresses for SW crypto */
- if (unlikely(is_unicast_ether_addr(hdr->addr1) &&
+ if (unlikely(!ieee80211_is_s1g_beacon(hdr->frame_control) &&
+ is_unicast_ether_addr(hdr->addr1) &&
!ieee80211_is_data(hdr->frame_control)))
memcpy(rx->link_addrs, &hdr->addrs, 3 * ETH_ALEN);
if (unlikely(rx->sta && rx->sta->sta.mlo) &&
+ !ieee80211_is_s1g_beacon(hdr->frame_control) &&
is_unicast_ether_addr(hdr->addr1) &&
!ieee80211_is_probe_resp(hdr->frame_control) &&
!ieee80211_is_beacon(hdr->frame_control)) {
@@ -5260,23 +5270,30 @@ static bool ieee80211_rx_for_interface(struct ieee80211_rx_data *rx,
{
struct link_sta_info *link_sta;
struct ieee80211_hdr *hdr = (void *)skb->data;
+ u8 *sta_addr = hdr->addr2;
struct sta_info *sta;
int link_id = -1;
+ if (ieee80211_is_s1g_beacon(hdr->frame_control)) {
+ sta_addr = ieee80211_get_bssid(hdr, skb->len, rx->sdata->vif.type);
+ if (!sta_addr)
+ return false;
+ }
+
/*
* Look up link station first, in case there's a
* chance that they might have a link address that
* is identical to the MLD address, that way we'll
* have the link information if needed.
*/
- link_sta = link_sta_info_get_bss(rx->sdata, hdr->addr2);
+ link_sta = link_sta_info_get_bss(rx->sdata, sta_addr);
if (link_sta) {
sta = link_sta->sta;
link_id = link_sta->link_id;
} else {
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
- sta = sta_info_get_bss(rx->sdata, hdr->addr2);
+ sta = sta_info_get_bss(rx->sdata, sta_addr);
if (status->link_valid) {
link_id = status->link_id;
} else if (ieee80211_vif_is_mld(&rx->sdata->vif) &&
@@ -5347,6 +5364,12 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
return;
}
+ if (ieee80211_is_s1g_beacon(fc) &&
+ !pskb_may_pull(skb, ieee80211_s1g_beacon_min_len(fc))) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
hdr = (struct ieee80211_hdr *)skb->data;
ieee80211_parse_qos(&rx);
ieee80211_verify_alignment(&rx);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 2529b01e2cd55..5bc719222a87d 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -73,6 +73,9 @@ u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len,
if (ieee80211_is_s1g_beacon(fc)) {
struct ieee80211_ext *ext = (void *) hdr;
+ if (len < offsetofend(struct ieee80211_ext, u.s1g_beacon.sa))
+ return NULL;
+
return ext->u.s1g_beacon.sa;
}
--
2.50.1 (Apple Git-155)
^ permalink raw reply related
* Re: [PATCH v12 10/22] wifi: nxpwifi: implement cfg80211 ops for STA and AP modes
From: Rafael Beims @ 2026-06-10 16:10 UTC (permalink / raw)
To: Jeff Chen
Cc: linux-wireless, linux-kernel, briannorris, johannes, francesco,
wyatt.hsu, s.hauer, ulf.hansson
In-Reply-To: <20260605161335.2415583-11-jeff.chen_1@nxp.com>
After a quick check, it seems that this patch contains the same
problem being fixed here:
https://lore.kernel.org/all/20260610150021.1018611-1-rafael@beims.me/
Maybe it would be worth it to confirm and fix it before sending the pull request.
Rafael
^ permalink raw reply
* [PATCH] wifi: ieee80211: validate MLE common info length
From: Zhao Li @ 2026-06-10 15:43 UTC (permalink / raw)
To: Johannes Berg; +Cc: linux-wireless, linux-kernel, Zhao Li, stable
ieee80211_mle_size_ok() verifies that the advertised common information
length is large enough for the fixed fields that are present, but it does
not verify that the length also fits in the containing element.
Reconfiguration and Priority Access MLEs also carry a common information
length octet, but currently skip the common-length check. Reconfiguration
additionally fails to include the length octet in the minimum common size.
Validate the common information length for Reconfiguration and Priority
Access MLEs, account for the Reconfiguration length octet, and reject
common lengths that exceed the element body.
Fixes: 0f48b8b88aa9 ("wifi: ieee80211: add definitions for multi-link element")
Cc: stable@vger.kernel.org
Signed-off-by: Zhao Li <enderaoelyther@gmail.com>
---
include/linux/ieee80211-eht.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/ieee80211-eht.h b/include/linux/ieee80211-eht.h
index a97b1d01f3acf..d875045abf6cc 100644
--- a/include/linux/ieee80211-eht.h
+++ b/include/linux/ieee80211-eht.h
@@ -878,6 +878,8 @@ static inline bool ieee80211_mle_size_ok(const u8 *data, size_t len)
check_common_len = true;
break;
case IEEE80211_ML_CONTROL_TYPE_RECONF:
+ common += 1;
+ check_common_len = true;
if (control & IEEE80211_MLC_RECONF_PRES_MLD_MAC_ADDR)
common += ETH_ALEN;
if (control & IEEE80211_MLC_RECONF_PRES_EML_CAPA)
@@ -893,6 +895,7 @@ static inline bool ieee80211_mle_size_ok(const u8 *data, size_t len)
break;
case IEEE80211_ML_CONTROL_TYPE_PRIO_ACCESS:
common = ETH_ALEN + 1;
+ check_common_len = true;
break;
default:
/* we don't know this type */
@@ -906,7 +909,7 @@ static inline bool ieee80211_mle_size_ok(const u8 *data, size_t len)
return true;
/* if present, common length is the first octet there */
- return mle->variable[0] >= common;
+ return mle->variable[0] >= common && mle->variable[0] <= len - fixed;
}
/**
--
2.50.1 (Apple Git-155)
^ permalink raw reply related
* Re: [GIT PULL] wireless-next-2026-06-10
From: patchwork-bot+netdevbpf @ 2026-06-10 15:13 UTC (permalink / raw)
To: Johannes Berg; +Cc: netdev, linux-wireless
In-Reply-To: <20260610103637.179340-3-johannes@sipsolutions.net>
Hello:
This pull request was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Wed, 10 Jun 2026 12:35:39 +0200 you wrote:
> Hi,
>
> This should be the last PR. Quite a few more driver things came
> (see the tag message) but otherwise it feels fairly simple.
>
> Please pull and let us know if there's any problem.
>
> [...]
Here is the summary with links:
- [GIT,PULL] wireless-next-2026-06-10
https://git.kernel.org/netdev/net-next/c/972c4dd19cb9
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* [PATCH] wifi: mwifiex: fix roaming to different channel in host_mlme mode
From: Rafael Beims @ 2026-06-10 15:00 UTC (permalink / raw)
To: Brian Norris, Francesco Dolcini
Cc: Rafael Beims, linux-wireless, linux-kernel, Jeff Chen, stable
From: Rafael Beims <rafael.beims@toradex.com>
When host MLME is enabled, mwifiex_cfg80211_authenticate() transmits the
authentication frame on a remain-on-channel (ROC) reservation so that the
frame is sent on the target BSS's channel. The ROC is only configured
when priv->auth_flag is zero.
priv->auth_flag is set to HOST_MLME_AUTH_PENDING when the auth frame is
queued and advances to HOST_MLME_AUTH_DONE once authentication
completes. It is only cleared back to zero on a disconnect, deauth or
timeout path; nothing clears it when an association succeeds. It therefore
stays at HOST_MLME_AUTH_DONE for the whole connected session.
When the station later roams to a BSS on a different channel, the next
authentication finds auth_flag != 0, skips the ROC setup, and the auth
frame is transmitted on the currently-associated channel instead of the
target's channel. Authentication times out on the new AP and the device
stays connected to the original AP.
Gate the ROC setup on HOST_MLME_AUTH_PENDING instead of on auth_flag
being completely clear. This re-arms the remain-on-channel for every new
authentication attempt, while still suppressing a redundant ROC during
the multi-frame SAE exchange, where auth_flag stays PENDING between the
commit and confirm frames.
This change was tested in 3 different devices:
Verdin AM62 (IW412 SD-UART) - (16.92.21.p142)
Verdin iMX8MM (W8997 SD-SD) - (16.68.1.p197)
Verdin iMX8MP (W8997 SD-UART) - (16.92.21.p137)
There following loop tests were performed:
1) force roaming between two AP's, one 5GHz and one 2.4GHz, same
SSID. Use wpa_cli to trigger the roaming behavior, sleep 2s
between iterations.
2) force a disconnection to AP 1 and a connection to AP 2, test
scan. Use wpa_cli to trigger the connection changes, sleep 2s
between iterations.
Each test ran in each device for at least 3 hours.
Fixes: 36995892c271 ("wifi: mwifiex: add host mlme for client mode")
Cc: stable@vger.kernel.org
Assisted-by: Claude:claude-opus-4-7
Signed-off-by: Rafael Beims <rafael.beims@toradex.com>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index c9daf893472f..abc703441c5d 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4334,7 +4334,7 @@ mwifiex_cfg80211_authenticate(struct wiphy *wiphy,
return -EOPNOTSUPP;
}
- if (!priv->auth_flag) {
+ if (!(priv->auth_flag & HOST_MLME_AUTH_PENDING)) {
ret = mwifiex_remain_on_chan_cfg(priv, HostCmd_ACT_GEN_SET,
req->bss->channel,
AUTH_TX_DEFAULT_WAIT_TIME);
--
2.53.0
^ permalink raw reply related
* Re: [PATCH] wifi: mt76: mt7925: remove code guarded by nonexistent config option
From: Matthias Brugger @ 2026-06-10 14:35 UTC (permalink / raw)
To: Ethan Nelson-Moore, linux-wireless
Cc: Felix Fietkau, Lorenzo Bianconi, Ryder Lee, Shayne Chen,
Sean Wang, AngeloGioacchino Del Regno, Ming Yen Hsieh
In-Reply-To: <20260610042429.222717-1-enelsonmoore@gmail.com>
On 10/06/2026 06:24, Ethan Nelson-Moore wrote:
> A small piece of code in mt7925/regs.h depends on CONFIG_MT76_DEV, which
> has never been defined in the kernel. Remove this dead code.
>
> Discovered while searching for CONFIG_* symbols referenced in code but
> not defined in any Kconfig file.
>
> Signed-off-by: Ethan Nelson-Moore <enelsonmoore@gmail.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
> ---
> drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h
> index 24985bba1b90..ea04e477a67c 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h
> +++ b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h
> @@ -74,11 +74,7 @@
> #define MT_HIF_REMAP_BASE_L1 0x130000
>
> #define MT_HIF_REMAP_L2 0x0120
> -#if IS_ENABLED(CONFIG_MT76_DEV)
> -#define MT_HIF_REMAP_BASE_L2 (0x7c500000 - (0x7c000000 - 0x18000000))
> -#else
> #define MT_HIF_REMAP_BASE_L2 0x18500000
> -#endif
>
> #define MT_WFSYS_SW_RST_B 0x7c000140
>
^ permalink raw reply
* Re: [PATCH] wifi: mt76: mt7996: remove code guarded by nonexistent config option
From: Matthias Brugger @ 2026-06-10 14:35 UTC (permalink / raw)
To: Ethan Nelson-Moore, linux-wireless
Cc: Felix Fietkau, Lorenzo Bianconi, Ryder Lee, Shayne Chen,
Sean Wang, AngeloGioacchino Del Regno, Rex Lu
In-Reply-To: <20260610041050.206950-1-enelsonmoore@gmail.com>
On 10/06/2026 06:10, Ethan Nelson-Moore wrote:
> A small piece of code in mt7996.h depends on CONFIG_MTK_DEBUG, which
> has never been defined in the kernel. Remove this dead code.
>
> Discovered while searching for CONFIG_* symbols referenced in code but
> not defined in any Kconfig file.
>
> Signed-off-by: Ethan Nelson-Moore <enelsonmoore@gmail.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
> ---
> drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h b/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
> index bdcf72457954..39c525a40412 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
> +++ b/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
> @@ -921,10 +921,6 @@ int mt7996_mmio_wed_init(struct mt7996_dev *dev, void *pdev_ptr,
> bool hif2, int *irq);
> u32 mt7996_wed_init_buf(void *ptr, dma_addr_t phys, int token_id);
>
> -#ifdef CONFIG_MTK_DEBUG
> -int mt7996_mtk_init_debugfs(struct mt7996_phy *phy, struct dentry *dir);
> -#endif
> -
> int mt7996_dma_rro_init(struct mt7996_dev *dev);
> void mt7996_dma_rro_start(struct mt7996_dev *dev);
>
^ permalink raw reply
* [PATCH rtw-next 2/2] wifi: rtw88: 8822b: Don't process RF path C in query_phy_status_page1
From: Bitterblue Smith @ 2026-06-10 13:02 UTC (permalink / raw)
To: linux-wireless@vger.kernel.org; +Cc: Ping-Ke Shih
In-Reply-To: <ee30b95f-bc68-4711-9b15-cf5fd23c3c48@gmail.com>
Replace <= with < in the loop in query_phy_status_page1(). It was
processing data related to RF path C, which this chip doesn't have.
The only bad effect seems to be that the phy_info file in debugfs was
printing unexpected values for RF path C.
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
---
drivers/net/wireless/realtek/rtw88/rtw8822b.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw88/rtw8822b.c b/drivers/net/wireless/realtek/rtw88/rtw8822b.c
index e9e8a7f3f382..37b7a520fea0 100644
--- a/drivers/net/wireless/realtek/rtw88/rtw8822b.c
+++ b/drivers/net/wireless/realtek/rtw88/rtw8822b.c
@@ -896,7 +896,7 @@ static void query_phy_status_page1(struct rtw_dev *rtwdev, u8 *phy_status,
pkt_stat->cfo_tail[RF_PATH_A] = GET_PHY_STAT_P1_CFO_TAIL_A(phy_status);
pkt_stat->cfo_tail[RF_PATH_B] = GET_PHY_STAT_P1_CFO_TAIL_B(phy_status);
- for (path = 0; path <= rtwdev->hal.rf_path_num; path++) {
+ for (path = 0; path < rtwdev->hal.rf_path_num; path++) {
rssi = rtw_phy_rf_power_2_rssi(&pkt_stat->rx_power[path], 1);
dm_info->rssi[path] = rssi;
dm_info->rx_snr[path] = pkt_stat->rx_snr[path] >> 1;
--
2.54.0
^ permalink raw reply related
* [PATCH rtw-next 1/2] wifi: rtw88: 8822c: Don't process RF path C in query_phy_status_page{0,1}
From: Bitterblue Smith @ 2026-06-10 13:01 UTC (permalink / raw)
To: linux-wireless@vger.kernel.org; +Cc: Ping-Ke Shih
Replace <= with < in the loops in query_phy_status_page{0,1}(). They
were processing data related to RF path C, which this chip doesn't have.
The only bad effect seems to be that the phy_info file in debugfs was
printing unexpected values for RF path C.
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
---
drivers/net/wireless/realtek/rtw88/rtw8822c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/rtw8822c.c b/drivers/net/wireless/realtek/rtw88/rtw8822c.c
index 244c8026479c..80c9f0c11e5c 100644
--- a/drivers/net/wireless/realtek/rtw88/rtw8822c.c
+++ b/drivers/net/wireless/realtek/rtw88/rtw8822c.c
@@ -2584,7 +2584,7 @@ static void query_phy_status_page0(struct rtw_dev *rtwdev, u8 *phy_status,
pkt_stat->rx_power[RF_PATH_A] = rx_power[RF_PATH_A];
pkt_stat->rx_power[RF_PATH_B] = rx_power[RF_PATH_B];
- for (path = 0; path <= rtwdev->hal.rf_path_num; path++) {
+ for (path = 0; path < rtwdev->hal.rf_path_num; path++) {
rssi = rtw_phy_rf_power_2_rssi(&pkt_stat->rx_power[path], 1);
dm_info->rssi[path] = rssi;
}
@@ -2644,7 +2644,7 @@ static void query_phy_status_page1(struct rtw_dev *rtwdev, u8 *phy_status,
pkt_stat->cfo_tail[RF_PATH_A] = GET_PHY_STAT_P1_CFO_TAIL_A(phy_status);
pkt_stat->cfo_tail[RF_PATH_B] = GET_PHY_STAT_P1_CFO_TAIL_B(phy_status);
- for (path = 0; path <= rtwdev->hal.rf_path_num; path++) {
+ for (path = 0; path < rtwdev->hal.rf_path_num; path++) {
rssi = rtw_phy_rf_power_2_rssi(&pkt_stat->rx_power[path], 1);
dm_info->rssi[path] = rssi;
if (path == RF_PATH_A) {
--
2.54.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox