Currently, when the driver receives a channel switch count WMI event from the firmware with a count greater than 1, it calls ieee80211_beacon_update_cntdwn(). If the beacon transmission fails, the event will be received again with the previous count value. In this scenario, the host decrements the mac80211 counter again, causing it to move ahead of the firmware counter. Ultimately, when the firmware count reaches 1, the mac80211 counter will reach zero, triggering a WARN_ON_ONCE(). Therefore, there is a need to check the count value in the event. Hence to fix this, maintain the current ongoing counter in arvif. If the count in the event does not match the expected value, silently discard the event. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Signed-off-by: Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx> --- drivers/net/wireless/ath/ath12k/core.h | 2 ++ drivers/net/wireless/ath/ath12k/wmi.c | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index b789b375b891c87a4c00374ba81ea12ef0f994f9..61f07d378aaa9676385bcb0b597170ad20febbe3 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -298,6 +298,8 @@ struct ath12k_link_vif { u8 link_id; struct ath12k_vif *ahvif; struct ath12k_rekey_data rekey_data; + + u8 current_cntdown_counter; }; struct ath12k_vif { diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index 99f6dc2fbbe3d0aa71ab96e500cfaa8e4bf9930f..d0f328fc9f379cacd1c3beeaeb64a025f2fcef06 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -1934,6 +1934,7 @@ int ath12k_wmi_bcn_tmpl(struct ath12k_link_vif *arvif, cmd->ext_csa_switch_count_offset = cpu_to_le32(offs->cntdwn_counter_offs[1]); cmd->csa_event_bitmap = cpu_to_le32(0xFFFFFFFF); + arvif->current_cntdown_counter = bcn->data[offs->cntdwn_counter_offs[0]]; } cmd->buf_len = cpu_to_le32(bcn->len); @@ -6912,10 +6913,22 @@ ath12k_wmi_process_csa_switch_count_event(struct ath12k_base *ab, continue; /* Finish CSA when counter reaches zero */ - if (!current_switch_count) + if (!current_switch_count) { ieee80211_csa_finish(ahvif->vif, arvif->link_id); - else if (current_switch_count > 1) - ieee80211_beacon_update_cntdwn(ahvif->vif, arvif->link_id); + arvif->current_cntdown_counter = 0; + } else if (current_switch_count > 1) { + /* If the count in event is not what we expect, don't update the + * mac80211 count. Since during beacon Tx failure, count in the + * firmware will not decrement and this event will come with the + * previous count value again + */ + if (current_switch_count != arvif->current_cntdown_counter) + continue; + + arvif->current_cntdown_counter = + ieee80211_beacon_update_cntdwn(ahvif->vif, + arvif->link_id); + } } rcu_read_unlock(); } -- 2.34.1