Lock is missed while accessing idr_pool of tx_ring which
causes Use after free crash in dp_free path when unloading
the module.
Fix this by adding tx_idr_lock when accessing idr_pool
of tx_ring.
Signed-off-by: Aishwarya R <quic_aisr@quicinc.com>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
While freeing skb in tx completion path for status reinject, inspect
or vdevid mismatch, dev_kfree_skb_any() is used but when a function
is using functions from mac80211 to free an skb then it should do
it consistently and not switch to the generic dev_kfree_skb_any.
Otherwise, mac80211 will not be aware of the freed skb and thus
not clean up related information in its internal data structures.
Hence fix the issue by properly using ieee80211_free_txskb().
Signed-off-by: Sarika Sharma <quic_sarishar@quicinc.com>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This is mostly a cosmetic change for users running NSS firmware 11.4
with mesh setups. Rather than fill up kernel logs with warnings, move log
warnings to debug.
The stats are still captured in '/sys/kernel/debug/qca-nss-drv/stats/*'
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This warning can trigger if there is a mismatch between frames that were
sent with the sta pointer set vs tx status frames reported for the sta address.
This can happen due to race conditions on re-creating stations, or even
in the case of .sta_add/remove being used instead of .sta_state, which can cause
frames to be sent to a station that has not been uploaded yet.
If there is an actual underflow issue, it should show up in the device airtime
warning below, so it is better to remove this one.
Signed-off-by: Felix Fietkau <nbd@xxxxxxxx>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
On platforms using ath10k with mac80211 'nss_redirect' enabled,
a warning `ieee80211_sta_update_pending_airtime` is observered
whenever traffic load is high (iperf3).
Don't offload if pending queue > 1000
Signed-off-by: Sean Khan <datapronix@protonmail.com>
In ath11k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and bool
is_continuation is part of rxcb.
Currently, after freeing the skb, the rxcb->is_continuation accessed
again which is wrong since the memory is already freed.
Hence fix the issue by locally defining bool is_continuation from rxcb,
so that after freeing skb also we can use is_continuation.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
The performance of Qualcomm Crypto Engine is 10x slower than kernel
based encryption via ARMv8 crypto extensions. Rather than building it
into the kernel allow users to select it as module which can be tested with
other HW based crypto APIs via cryptodev-linux.
QSDK NSS builds utilize skbuff recycling for better handling of memory.
On a Dynalink DL-WRX36 (pbuf script should be set to 'auto') a significant drop in
memory usage was observed as well consistent sustained RX/TX speeds.
BEFORE:
echo 3 >! /proc/sys/vm/drop_caches
free -m
total used free shared buff/cache available
Mem: 867 338 547 90 101 528
Swap: 0 0 0
AFTER:
total used free shared buff/cache available
Mem: 867 242 594 1 81 624
Swap: 0 0 0
NOTE:
For 512MB platforms, users need to test with the following scenarios,
as the patch `999-233-ath11k-Disable-rx_header-tlv-for-2K-SKB.patch` is
really only testable on platforms with 512M or less RAM.
1.) Explicitly setting 'ATH11K_MEM_PROFILE_512M' on and see if system
crashes on boot.
2.) Explicitly setting 'ATH11K_MEM_PROFILE_1G'
3.) Remove patches
999-233-ath11k-Disable-rx_header-tlv-for-2K-SKB.patch
999-311-ath11k-configure-nss-thread-priority-during-pdev_ini.patch
And re-test with #1 and #2
It was incorrectly assumed that setting a 512M for 1G platforms would save
memory, instead it needs to be explicitly set to know proper memory
regions, otherwise it would cause fw crash.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
ath11k_nss: fix build for 256/1G mem, and ath10k
ath11k_nss: bump release version '8'
mac80211: refactor NSS patches
Since NSS requires patches to subsys, and ath*k directories. Move
patches into a subset of nss for better tracking against QSDK,
and modularization.
ath11k_nss: rename patches
ath11k_nss: clean up optional patches
To reduce bug tracking headaches, I've remove the following patches, as
they are not required for NSS offload and have been around the last 2-3
years without ever being upstreamed.
nss/ath11k/235-001-ath11k-Add-support-for-beacon-tx-mode.patch
nss/ath11k/237-002-ath11k-Add-provision-to-configure-rx-hashmap.patch
nss/ath11k/902-020-ath11k-add-btcoex-config.patch
nss/ath11k/902-022-ath11k-add-ap-ps-support.patch
nss/ath11k/907-068-ath11k-add-rx-histogram-stats.patch
nss/ath11k/907-108-ath11k-enable-ul-ofdma-ru-allocation-in-peer-stats.patch
nss/ath11k/911-373-ath11k-Add-retry-mechanism-for-update_rx_qu.patch
nss/ath11k/913-353-ath11k-ignore-frags-from-uninitialized-peer-in-dp.patch
nss/ath11k/913-356-ath11k-invalid-desc-sanity-check.patch
nss/ath11k/913-374-ath11k-Check-skb_headroom-before-using-skb_push.patch
nss/ath11k/913-830-ath11k-Avoiding-memset-of-ppdu-info-for-next-skb.patch
nss/subsys/235-002-mac80211-Add-support-for-beacon-tx-mode.patch
nss/subsys/913-726-mac80211-fix-crash-when-accessing-null-pointer.patch
ath11k_nss: Remove superfluous patches
Remove patches unrelated to NSS offloading to minimize bloat and better
track NSS related issues.
ath11k_nss: Refactor patches to use upstream names
Reworked patches to use upstream QSDK names. Allows for better tracking
ath11k_nss: align wifi offload with qca-nss-drv
The option in qca-nss-drv is actually 'NSS_DRV_WIFIOFFLOAD_ENABLE' use
the same syntax.
ath10k-ct: fix compile with NSS wifi
ath11k_nss: Merge every NSS related feature + more
* Added macro to disable NSS mesh offload
* Added menuconfig option "ATH11K_NSS_MESH_SUPPORT" to selectivley build mesh support,
as well it's depenacndy on nss-drv-wifimeshmgr.
* Added option to disable HTT Stats, and STA stats (stations).
* Reducing footprint by ~210KB. Debugfs minimal is still enabled.
* Reworked a TON of patches, some my own, hopefully there should be a far less amount of WOA2/WPA3 connection issues.
* Updated the /etc/init.d/pbuf script to be more robust. (handles tweaking ath11k and NSS settings better)
NOTES: Although mesh package builds (nss-drv-wifimeshmgr), ath11k doesn't seem to support it yet.
Not sure if NSS requires 3 radios to work, I'm at a dead end currently with that route.
ATTENTION:
the ptch `37-006-ath11k-Allow-fast-rx-by-bypassing-stats-update.patch`
works well on nss with frame_mode=2.
And on `ath11k frame_mode=1 nss_offload=0`
And on `ath11k frame_mode=2 nss_offload=1`
if you set nss_offload=off and frame_mode=2, it will CRASH
if you set nss_offload=on and frame_mode=2, it will RUN
if you set nss_offload=off and frame_mode=1, it will RUN
ath11k_nss: fix n2h high_water_core0/wifi_pool_buf
These were commented out, but looks like they are needed to prevent lock
ups with heavy usage apps (users report in torrenting)
ath11k_nss: Renumber ath11k patches in the range
commit 3c7cc4b725ea406f19b736427034e3bdb436aedc
Author: Yuvasree Sivasankaran <quic_ysivasan@quicinc.com>
AuthorDate: Thu Jan 4 11:25:56 2024 +0530
Commit: Yuvasree Sivasankaran <quic_ysivasan@quicinc.com>
CommitDate: Wed Jan 3 22:53:51 2024 -0800
wifi: ath11k: Renumber ath11k patches in the range
In ath11k, patches are not maintained in the range and not sequential.
Renumber the patches sequential and in the range.
Change-Id: I77c51c0f5bf9f94863db4ef364b156e14465a60c
Signed-off-by: Yuvasree Sivasankaran <quic_ysivasan@quicinc.com>
ath11k_nss: Add mac hw flag to avoid tx queue in mac80211
commit 4e9b5f7f0d1ed40dbf3208f7ed4448e49b4a4ac1
Author: Yuvasree Sivasankaran <quic_ysivasan@quicinc.com>
AuthorDate: Wed Dec 6 12:20:59 2023 +0530
Commit: Yuvasree Sivasankaran <quic_ysivasan@quicinc.com>
CommitDate: Mon Dec 18 12:52:33 2023 +0530
wifi: mac80211: Add mac hw flag to avoid tx queue in mac80211
Queue SKB in mac80211 become mandatory from latest 6.1 kernel. Because of
this queuing, there will be performance degradation. Add hw flag option
to enable tx queue in Driver/Hardware.
Driver/hardware can register for HAS_TX_QUEUE HW flag and avoid tx queuing
in mac80211.
Add same HW flag checks to avoid accessing skb queues which will be
NULL or invalid and also NULL checks for sta txqs for NULL or invalid
access.
ath11k_nss: add the HTC+ / iPhone fix
commit ccdca73cd65723c3cb63c17edc95c4c43318cb38
Author: John Crispin <john@phrozen.org>
AuthorDate: Sun Jul 9 17:12:34 2023 +0200
Commit: John Crispin <john@phrozen.org>
CommitDate: Thu Aug 31 16:08:34 2023 +0200
mac80211: add the HTC+ / iPhone fix
Signed-off-by: John Crispin <john@phrozen.org>
ath11k_nss: ath-next fix connection failure due to unexpected peer delete
Currently ath11k_mac_op_unassign_vif_chanctx() deletes peer but
ath11k_mac_op_assign_vif_chanctx() doesn't create it. This results in
connection failure if MAC80211 calls drv_unassign_vif_chanctx() and
drv_assign_vif_chanctx() during AUTH and ASSOC, see below log:
[ 102.372431] wlan0: authenticated
[ 102.372585] ath11k_pci 0000:01:00.0: wlan0: disabling HT/VHT/HE as WMM/QoS is not supported by the AP
[ 102.372593] ath11k_pci 0000:01:00.0: mac chanctx unassign ptr ffff895084638598 vdev_id 0
[ 102.372808] ath11k_pci 0000:01:00.0: WMI vdev stop id 0x0
[ 102.383114] ath11k_pci 0000:01:00.0: vdev stopped for vdev id 0
[ 102.384689] ath11k_pci 0000:01:00.0: WMI peer delete vdev_id 0 peer_addr 20:e5:2a:21:c4:51
[ 102.396676] ath11k_pci 0000:01:00.0: htt peer unmap vdev 0 peer 20:e5:2a:21:c4:51 id 3
[ 102.396711] ath11k_pci 0000:01:00.0: peer delete resp for vdev id 0 addr 20:e5:2a:21:c4:51
[ 102.396722] ath11k_pci 0000:01:00.0: mac removed peer 20:e5:2a:21:c4:51 vdev 0 after vdev stop
[ 102.396780] ath11k_pci 0000:01:00.0: mac chanctx assign ptr ffff895084639c18 vdev_id 0
[ 102.400628] wlan0: associate with 20:e5:2a:21:c4:51 (try 1/3)
[ 102.508864] wlan0: associate with 20:e5:2a:21:c4:51 (try 2/3)
[ 102.612815] wlan0: associate with 20:e5:2a:21:c4:51 (try 3/3)
[ 102.720846] wlan0: association with 20:e5:2a:21:c4:51 timed out
The peer delete logic in ath11k_mac_op_unassign_vif_chanctx() is
introduced by commit b4a0f54156ac ("ath11k: move peer delete after
vdev stop of station for QCA6390 and WCN6855") to fix firmware
crash issue caused by unexpected vdev stop/peer delete sequence.
Actually for a STA interface peer should be deleted in
ath11k_mac_op_sta_state() when STA's state changes from
IEEE80211_STA_NONE to IEEE80211_STA_NOTEXIST, which also coincides
with current peer creation design that peer is created during
IEEE80211_STA_NOTEXIST -> IEEE80211_STA_NONE transition. So move
peer delete back to ath11k_mac_op_sta_state(), also stop vdev before
deleting peer to fix the firmware crash issue mentioned there. In
this way the connection failure mentioned here is also fixed.
Also do some cleanups in patch "wifi: ath11k: remove invalid peer
create logic", and refactor in patches "wifi: ath11k: rename
ath11k_start_vdev_delay()" and "wifi: ath11k: avoid forward declaration
of ath11k_mac_start_vdev_delay()".
Tested this patch set using QCA6390 and WCN6855 on both STA and SAP
interfaces. Basic connection and ping work well.
Baochen Qiang (4):
wifi: ath11k: remove invalid peer create logic
wifi: ath11k: rename ath11k_start_vdev_delay()
wifi: ath11k: avoid forward declaration of
ath11k_mac_start_vdev_delay()
wifi: ath11k: fix connection failure due to unexpected peer delete
drivers/net/wireless/ath/ath11k/mac.c | 564 +++++++++++++-------------
1 file changed, 288 insertions(+), 276 deletions(-)
ath11k_nss: Revert support for beacon_tx_mode
ath11k_nss: Update release fix dependancies
ath11k_nss: mgmt and data ack rssi update
Data ACK RSSI :
Advertise NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT feature support
for accounting and notifying "last ack signal" and "avg ack signal" to
user space through NL interface.
Enabled data ack rssi support for ethernet mode.
Mgmt ACK RSSI:
Enabled support for Tx-ACK RSSI in HTT over Management packets.
ath11k_nss: add missing support to enable/disable bss color collision detection
ath11k_nss: FW Initiated Dynamic MU-EDCA
Implementing the updating of firmware initiated dynamic MU-EDCA
parameters in Beacon IE. Firmware routinely checks its clients and
updates its MU-EDCA values every 3 seconds. Firmware is tuning
MU-EDCA parameters to improve performance. As part of this process,
the firmware informs host about new MU-EDCA values utilizing
WMI_MUEDCA_PARAMS_CONFIG_EVENTID. FW expectation is that host will
update MU-EDCA parameters in the Beacon IE.
ath11k_nss: refresh patches + cleanup Makefile
ath11k_nss: Set correct pbufs for 1GB profile
ath11k_nss: Revert setting fw_mem_mode for IPQ807x
Leave it set to '0', as it will kernel panic with 2K skb patch. This
flag was incorrectly assumed to save memory on 1G platforms.
ath11k_nss: remove leftover max_tx_ring
it was not removed when applying patch to replace it with 'max_tx_ring =
DP_TCL_NUM_RING_MAX +1'
ath11k_nss: Import bugfix patches
ath11k_nss: Experimental build for IPQ6018
This will require setting the correct `ATH11K_MEM_PROFILE_XXX` for your
platform. Setting it to value lower/higher than physically available
will cause NULL virtual address kernel panics.
I believe this setting was not originally meant to reduce memory
footprint of 1G+ platforms, but to account for platforms that were
512M or less.
Will require tweaking to allow for the old behvaior on 1G+ IPQ807x,
while still saving memory for platforms <= 512M.
commit d2d5a0d1f9ce668f92a22eb45279c6c4c3bf7a4f
Author: Qosmio <datapronix@protonmail.com>
AuthorDate: Sat Mar 9 11:59:20 2024 -0500
Commit: Sean Khan <datapronix@protonmail.com>
CommitDate: Fri Oct 11 11:13:03 2024 -0400
ath11k_nss: fix typo in 512M memory profile
ath11k_nss: remove SFE patch 718-e-mac80211-Deliver-the-frame-to-driver-tx-ops-directly
It is not relevant to NSS builds and only meant for SFE.
ath11k_nss: remove unecessary patches
Color collision should be left on by default, as it's a primary feature
of 802.11AX.
ath11k_nss: fix spacing
ath11k_nss: Remove unnecessary TKIP bloat
Remove TKIP patches that are not being used as 99% of folks are running
modern encryption (AES-CCMP,SAE,etc).
ath11k_nss: parameterize DP_RXDMA_REFILL_RING_SIZE memory profile
ath11k_nss: Remove SFE related code
Cleanup SFE (shortcut fe) related code as we're not using it on NSS
ath11k_nss: idr, ampdu, and skb headroom check optimizations
ath11k_nss: get valid last_rate for rx_bitrate from cpu stats
ath11k_nss: Fix BCCA counter for EMA
Currently BCCA counter is updated to FW via csa counter offs and
beacon with new countdown is updated for every beacon tx completion event.
For EMA, all EMA beacons are updated in one shot, and counter update for
every tx event will mess up the actual sequence of countdown sent over the air.
Allow FW to update the countdown till 1 and finalize the color
change.
ath11k_nss: Fix compile for TRACE feature
ath11k_nss: set pbuf to 'auto'
Since SKB recycler was merged into main nss-wifi branch, it is not
necessary to manually tinker with pbuf script. Memory is now properly
managed between NSS driver allocating/deallocating SKBs. For optimal
wifi performance, especially upload, it is advised to leave the script
to 'auto'.
Users who use sysupgrade should manually set the uci config
'/etc/config/pbuf' as it will not overwrite existing configuration.
ath11k_nss: refresh and fixup patches
bugfixes:
* Rreverted patch `105-ath11k-fix-monitor-crash-if-tx-offload-is-enabled.patch`.
Initial test show lower memory use. `ieee80211_tx_status_8023` was
also removed upstream for a reason as it wasn't being used, and the
logic behind it was flawed.
See https://patchwork.kernel.org/project/linux-wireless/patch/20230308174703.12270-2-quic_pradeepc@quicinc.com
* Mmemory profile for '256M' was missing logic that was in 512/1G.
Should build correctly now
* added more qsdk related patches to nss/offload
ath11k_nss: fix up patches
ath11k_nss: revert m3, fix coredump when rebooting
M3 SSR dump logic makes the router coredump. Just putting dummy case to
skip warning.
[12394.072384] Hardware name: Dynalink DL-WRX36 (DT)
[12394.079758] Call trace:
[12394.084354] dump_backtrace.part.0+0xbc/0xd0
[12394.086614] show_stack+0x18/0x30
[12394.091127] dump_stack_lvl+0x6c/0x88
[12394.094339] dump_stack+0x18/0x34
[12394.097985] bad_page+0xe0/0x110
[12394.101282] __free_pages_ok+0x33c/0x360
[12394.104582] __free_pages+0xbc/0xe0
[12394.108487] dma_direct_free+0xd0/0x140
[12394.111701] dma_free_attrs+0x90/0xb0
[12394.115519] ath11k_qmi_fwreset_from_cold_boot+0x9e0/0xa10 [ath11k]
[12394.119343] ath11k_qmi_deinit_service+0x64/0x21d0 [ath11k]
[12394.125419] ath11k_core_deinit+0xa4/0xc0 [ath11k]
[12394.130974] 0xffffffc000fb3600
[12394.135831] platform_shutdown+0x24/0x40
[12394.138871] device_shutdown+0x14c/0x240
[12394.143037] kernel_restart+0x40/0xb0
[12394.146944] __do_sys_reboot+0xcc/0x200
[12394.150502] __arm64_sys_reboot+0x24/0x30
[12394.154148] invoke_syscall.constprop.0+0x5c/0x110
[12394.158317] do_el0_svc+0x58/0x170
[12394.163001] el0_svc+0x18/0x60
[12394.166386] el0t_64_sync_handler+0x114/0x120
[12394.169426] el0t_64_sync+0x174/0x178
In case you want to specify the memory profile to use rather than
letting it autodetect. The following new uci option is introduced.
pbuf.
config general opt
option memory_profile ''
choices are 1gb, 512mb, 256mb. Delete option to let it autodetect.
NOTE: You must reboot after changing these settings, for it to
autoapply.
ath11k_nss: fix compilation and rename some patches
Memory allocations in the driver & mac80211 are logged
and populate those values to the user space via debugfs.
This stats will give the snapshot of the memory being
used by the driver at the time of dumping these
memory stats.
Command:
cat /sys/kernel/debug/ath11k/ipq8074\ hw2.0/memory_stats
Sample output of the stats
MEMORY STATS IN BYTES:
malloc size : 6287583
ce_ring_alloc size: 109308
dma_alloc size:: 10831860
htc_skb_alloc size: 3840
wmi alloc size: 0
per peer object: 4644
rx_post_buf size: 5091840
Total size: 22329075
User can disable/enable the memory stats accounting with
the below command.
echo N > /sys/kernel/debug/ath11k/ipq8074\ hw2.0/enable_memory_stats
where N = 0 to disable logging, 1 to enable the logging.
Note: This should be enabled/disabled only after wifi is down.
User shouldn't enable/disable when the wifi is up to avoid
accounting the negative values which cause incorrect values
in the memory stats.
Command:
cat /sys/kernel/debug/ieee80211/phyX/memory_stats
memory stats: malloc_size: 108
ath11k_nss: bugfix change start order
value 'dev.nss.n2hcfg.n2h_wifi_pool_buf' was not getting set, wait till
after qca-nss-drv is loaded.
ath11k_nss: finally fix n2hcfg values not being set
Attempt at getting NSS WiFi Offload working on kernel 6.1 (backport 6.5)
These patches are a mix of @ansuel branch for 5.15 (ipq807x-5.15-ecm-wifi)
3ecaee768e
And QUIC's upstream NSS patches on [NHSS.QSDK.12.4.5.r3](https://git.codelinaro.org/clo/qsdk/oss/system/feeds/wlan-open.git)
For the actual package setup (Makfiles,ath.mk) Qualcomm's branch is under 'wlan-open/NHSS.QSDK.12.4.5.r3'
Looks like they've swtiched to using backports 6.5-rc3, and figured to
use a mix of their patches on 'NHSS.QSDK.12.4.5.r3' (nss)
'wlan-open/NHSS.QSDK.12.4.5.r3' (syncing with openwrt main).
Booting with "nss_offload=1 frame_mode=2"
Logs show:
[ 16.606282] WARNING: CPU: 2 PID: 3524 at ath11k_nss_tx+0x1d4/0x1e0 [ath11k]
[ 16.611060] Modules linked in: ecm pppoe ppp_async nft_fib_inet nf_flow_table_inet ath11k_ahb ath11k pptp pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_objref nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_fullcone nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_compat nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack_netlink nf_conntrack mac80211 iptable_mangle iptable_filter ipt_REJECT ipt_ECN ip_tables cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_ecn xt_dscp xt_comment xt_TCPMSS xt_LOG xt_HL xt_DSCP xt_CLASSIFY x_tables wireguard slhc sch_cake qrtr_smd qrtr qmi_helpers nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv4 mhi libcrc32c libchacha20poly1305 compat sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred act_gact qca_nss_cfi_cryptoapi
[ 16.611215] qca_nss_crypto qca_nss_qdisc qca_nss_wifi_meshmgr qca_nss_gre ledtrig_usbport qca_mcs bonding ip6_gre ip_gre gre ifb nat46 nf_defrag_ipv6 sit qca_nss_drv ip6_tunnel tunnel6 tunnel4 nls_utf8 nls_iso8859_1 nls_cp437 vxlan seqiv michael_mic uas usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom qca_nss_dp qca_ssdk ramoops reed_solomon pstore gpio_button_hotplug ext4 mbcache jbd2 aquantia hwmon crc_ccitt crc32c_generic
[ 16.721723] CPU: 2 PID: 3524 Comm: hostapd Not tainted 6.1.68 #0
[ 16.743958] Hardware name: Dynalink DL-WRX36 (DT)
[ 16.750032] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 16.754635] pc : ath11k_nss_tx+0x1d4/0x1e0 [ath11k]
[ 16.761403] lr : ath11k_nss_tx+0x1bc/0x1e0 [ath11k]
[ 16.766264] sp : ffffffc00b1db790
[ 16.771122] x29: ffffffc00b1db790 x28: 0000000000000038 x27: 0000000000000000
[ 16.774602] x26: ffffff8006dd7430 x25: ffffff8007ea9dc8 x24: 0000000060000012
[ 16.781719] x23: ffffff8005c6a060 x22: ffffff8005c6a060 x21: ffffff80072f12d8
[ 16.788837] x20: ffffff8007ea9dc8 x19: ffffff8006082800 x18: 0000000000000005
[ 16.795957] x17: 6976312065707974 x16: 207061636e652062 x15: 6b73207874207373
[ 16.803075] x14: ffffffc00a0dd518 x13: 000000000000018b x12: 000000000000018b
[ 16.810192] x11: 00000000ffffffea x10: ffffffc00a135518 x9 : 0000000000000001
[ 16.817310] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : c0000000ffffefff
[ 16.824429] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
[ 16.831547] x2 : ffffff80072f1370 x1 : 0000000000000000 x0 : 0000000000000001
[ 16.838665] Call trace:
[ 16.845774] ath11k_nss_tx+0x1d4/0x1e0 [ath11k]
[ 16.848035] ath11k_mac_tx_mgmt_pending_free+0x3034/0x9600 [ath11k]
[ 16.852551] ieee80211_handle_wake_tx_queue+0x68/0xb10 [mac80211]
[ 16.858801] ieee80211_probereq_get+0xca4/0x11f0 [mac80211]
[ 16.865049] ieee80211_tx_prepare_skb+0x1dc/0x240 [mac80211]
[ 16.870432] ieee80211_xmit+0xcc/0x120 [mac80211]
[ 16.876333] __ieee80211_subif_start_xmit+0x2b8/0x380 [mac80211]
[ 16.880937] ieee80211_subif_start_xmit+0x40/0x3b0 [mac80211]
[ 16.887013] ieee80211_subif_start_xmit_8023+0xb8/0x430 [mac80211]
[ 16.892656] dev_hard_start_xmit+0x8c/0x110
[ 16.898728] __dev_queue_xmit+0x1f0/0xbc0
[ 16.902808] dev_queue_xmit+0x14/0x20
[ 16.906975] packet_sendmsg+0x768/0x1260
[ 16.910620] __sys_sendto+0xdc/0x140
[ 16.914613] __arm64_sys_sendto+0x28/0x40
[ 16.918174] invoke_syscall.constprop.0+0x5c/0x110
[ 16.922081] do_el0_svc+0x58/0x170
[ 16.926765] el0_svc+0x18/0x60
[ 16.930149] el0t_64_sync_handler+0x114/0x120
[ 16.933190] el0t_64_sync+0x174/0x178
[ 16.933197] ---[ end trace 0000000000000000 ]---
[ 16.933230] ath11k c000000.wifi: failed to transmit frame -22
[ 17.041495] ath11k c000000.wifi: encap mismatch in nss tx skb encap type 1vif encap type 2
[ 17.041578] ath11k c000000.wifi: failed to transmit frame -22
Which is confusing since the parameter is definitley set to '2'.
➤ cat /sys/module/ath11k/parameters/frame_mode
2
Booting with either "nss_offload=1 frame_mode=3" (RAW), or "nss_offload=1 frame_mode=1" (Native Wifi)
Results in:
[ 15.644742] ath11k c000000.wifi: peer not found for nss peer delete
[ 15.744742] ath11k c000000.wifi: peer not found for nss peer delete
[ 15.745742] ath11k c000000.wifi: peer not found for nss peer delete
[ 15.746682] ath11k c000000.wifi: peer not found for nss peer delete
Clients connect and then are immediately kicked off, stuck in a loop.
ath11k-nss: Wifi offloading working (unstable)
Wifi offloading seems to be working, however it is not stable. Logs will
initially show a lot of flooding.
```
[Sun Dec 17 02:43:25 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:28 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:30 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:32 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:34 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:40 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:41 2023] ath11k c000000.wifi: peer not found for nss peer delete
[Sun Dec 17 02:43:46 2023] ath11k c000000.wifi: peer not found for nss peer delete
```
But eventually ends up subsiding. Needs heavy testing...
ath11k_nss: Add mac address to debug `nss peer delete` warnings
also delete ath10k patch, and refresh.
ath11k_nss: FIX `nss peer delete` + encap errors
This should hopefullly fix the following errors:
```
[Sun Dec 24 22:03:21 2023] ath11k c000000.wifi: encap mismatch in nss tx skb encap type 1vif encap type 2
[Sun Dec 24 22:03:21 2023] ath11k c000000.wifi: failed to transmit frame -22
[Sun Dec 24 22:08:25 2023] ath11k c000000.wifi: encap mismatch in nss tx skb encap type 1vif encap type 2
[Sun Dec 24 22:08:25 2023] ath11k c000000.wifi: failed to transmit frame -22
```
Clients should also be able to switch between 2Ghz and 5Ghz AP, as well
as join using password (no longer required to boot with NSS off first,
connect the client to acquire PSK, and reboot back with nss wifi offload
enabled).
Uptime has been 5 hours and so far no issues.
ath11k_nss: Remove unecessary clang-tidy formatting
ath11k_nss: add 'debug_mode' flag quiet warnings
Will properly handle:
```
[Mon Dec 25 16:51:34 2023] ath11k c000000.wifi: encap mismatch in nss tx skb encap type 1 vif encap type 2
```
should take the path for native wifi encap
ath11k_nss: Rework depends, make `nss_redirect` optional
1.) Added a reworked `qca-nss-pbuf` init script from QSDK that will set sysctl
NSS `n2hcfg` wifi options based on board type and available
RAM.
2.) ath11k is fully capable of offloading wifi, it does not need
mac80211 to create any NSS vifs. This lowers overhead and has actually
shown considerable speed improvements for CPU programs on the router
side (i.e. SMB). I believe ax3600's IoT (ath10k) would require it
for offloading.
I've added 2 new makemenu options, `MAC80211_NSS_SUPPORT` which enables
NSS related features, and `MAC80211_NSS_REDIRECT` which provides the option to
autoload the module on boot with `nss_redirect=1`.
3.) Reverted the option that deafulted `ATH11K_MEM_PROFILE_512M` to
true. This was not required for platforms with 1GB or more memory
(which is most of them). The default is 1GB. Select for platforms
like Xiaomi AX3600.
ath11k_nss: remove requirement for '/sys/kernel/debug/ath11k'
ath11k_nss: set default values lower to avoid eating up memory
ath11k_nss: Add NSS VLAN support + improvements
1) tweaked qca-nss-pbuf script to better handle different board configs
2) added some QSDK NSS patches for dynamic vlan, WDS.
3) added QSDK fixes for beacon, and bt-coex
For devices that keep getting disconnected (mostly on 2G). It is
recommended to use the following settings for wifi. Change for your
country.
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/c000000.wifi'
option band '5g'
option txpower '24'
option country 'PA'
option channel '100'
option htmode 'HE160'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'SOME_PASSWORD'
option ssid 'EXAMPLE_5G'
option dtim_period '3'
option max_inactivity '86400'
option disassoc_low_ack '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/c000000.wifi+1'
option band '2g'
option htmode 'HT20'
option channel '1'
option txpower '36'
option country 'PA'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'EXAMPLE_2G'
option encryption 'psk2'
option key 'SOME_PASSWORD'
option max_inactivity '86400'
option dtim_period '3'
option disassoc_low_ack '0'
WPA3 should be disabled, and left as WPA2. Experimenting with max_inactivity, dtim_period, and disassoc_low_ack to hopefully resolve the deauth disconnects.
Signed-off-by: bitthief <bitthief@protonmail.ch>
qualcommax: dts: provide label for NSS reserved-memory
Provide a label for the NSS reserved-memory node so it can be easily passed
to the NSS DRV instead of having to global match by name which is fragile.
Signed-off-by: bitthief <bitthief@protonmail.ch>
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ce68f61cb67a4701a108f838f510e72ca63ed78e)
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 3a7467ffde413677de5465dde78a62dfa8d6774f)
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9454331b7fc896704a2c60b28767c282eb9ca0bd)
Specification:
* Mediatek MT7981BA
* 256 MB SPI-NAND
* 512 MB DDR4 RAM
* MT7976CN DBDC AX Wi-Fi
* MediaTek MT7531AE (3x LAN Gigabit ports) + Internal Gbe Phy (1x WAN Gigabit port)
* 4x LED (power, internet, fn, wifi)
* 3x buttons (wps, fn, reset)
* 1x USB 3.0 port
Serial Interface:
* 3 Pins GND, RX, TX
* Settings: 115200, 8N1
Notes:
* The device supports dual boot mode
* Fn led reassigned to wlan 2.4
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-mediatek-filogic-keenetic_kn-3811-squashfs-factory.bin"
to "KN-3811_recovery.bin" and place it in tftp server directory.
3. Connect PC with ethernet port, press the reset button, power up
the device and keep button pressed until status led start blinking.
4. Device will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17135
(cherry picked from commit d087a79b7b03fe93a221fd6246ce437c5c5325c3)
Link: https://github.com/openwrt/openwrt/pull/18055
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Specification:
- MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
- 512MB RAM
- 128MB SPI NAND
- 2 LEDs (green, orange)
- 3 buttons (fn, reset, wps)
- 2 2.5Gbit ethernet ports based on Airoha EN8811H phy
Serial Interface:
- 3 Pins GND, RX, TX
- Settings: 115200, 8N1
Notes:
- The device supports dual boot mode
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-mediatek-filogic-keenetic_kn-3911-squashfs-factory.bin"
to "KN-3911_recovery.bin" and place it in tftp server directory.
3. Connect PC with ethernet port, press the reset button, power up
the device and keep button pressed until status led start blinking.
4. Device will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16830
(cherry picked from commit 5a4eb56a7bc7d1d8028d103d50b0dba2ff7808c4)
Link: https://github.com/openwrt/openwrt/pull/18055
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76440076eeff3a0789d40acbb5363ecf)
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458f46745de95e88b6066620fbd02b190)
