]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb10602)
wifi: brcmfmac: fix EXTSAE WPA3 connection failure due to AUTH TX failure
authorTing-Ying Li <tingying.li@cypress.com>
Wed, 23 Jul 2025 10:59:17 +0000 (16:29 +0530)
committerJohannes Berg <johannes.berg@intel.com>
Wed, 23 Jul 2025 12:11:16 +0000 (14:11 +0200)
For WPA3-SAE Connection in EXTSAE mode, the userspace daemon is allowed to
generate the SAE Auth frames. The driver uses the "mgmt_frame" FW IOVAR to
transmit this MGMT frame.

Before sending the IOVAR, the Driver is incorrectly treating the channel
number read from the FW as a frequency value and again attempts to convert
this into a channel number using ieee80211_frequency_to_channel().

This added an invalid channel number as part of the IOVAR request to the FW
And some FW which strictly expects a valid channel would return BAD_CHAN
error, while failing to transmit the driver requested SAE Auth MGMT frame.

Fix this in the CYW vendor specific MGMT TX cfg80211 ops handler, by not
treating the channel number read from the FW as frequency value and skip
the attempt to convert it again into a channel number.

Also fix this in the generic MGMT TX cfg80211 ops handler.

Fixes: c2ff8cad6423 ("brcm80211: make mgmt_tx in brcmfmac accept a NULL channel")
Fixes: 66f909308a7c ("wifi: brcmfmac: cyw: support external SAE authentication in station mode")
Signed-off-by: Ting-Ying Li <tingying.li@cypress.com>
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>>
Link: https://patch.msgid.link/20250723105918.5229-1-gokulkumar.sivakumar@infineon.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c patch | blob | blame | history
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c patch | blob | blame | history

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index b8fc387ac361d202191c092cd8eddd2eb1189fbc..e12389a2cb4777d990643cea86e0828d8bddddd9 100644 (file)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5544,8 +5544,7 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
        struct brcmf_fil_action_frame_le *action_frame;
        struct brcmf_fil_af_params_le *af_params;
        bool ack;
-       s32 chan_nr;
-       u32 freq;
+       __le32 hw_ch;
 
        brcmf_dbg(TRACE, "Enter\n");
 
@@ -5606,25 +5605,34 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
                /* Add the channel. Use the one specified as parameter if any or
                 * the current one (got from the firmware) otherwise
                 */
-               if (chan)
-                       freq = chan->center_freq;
-               else
-                       brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
-                                             &freq);
-               chan_nr = ieee80211_frequency_to_channel(freq);
-               af_params->channel = cpu_to_le32(chan_nr);
+               if (chan) {
+                       hw_ch = cpu_to_le32(chan->hw_value);
+               } else {
+                       err = brcmf_fil_cmd_data_get(vif->ifp,
+                                                    BRCMF_C_GET_CHANNEL,
+                                                    &hw_ch, sizeof(hw_ch));
+                       if (err) {
+                               bphy_err(drvr,
+                                        "unable to get current hw channel\n");
+                               goto free;
+                       }
+               }
+               af_params->channel = hw_ch;
+
                af_params->dwell_time = cpu_to_le32(params->wait);
                memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN],
                       le16_to_cpu(action_frame->len));
 
-               brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, freq=%d\n",
-                         *cookie, le16_to_cpu(action_frame->len), freq);
+               brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, channel=%d\n",
+                         *cookie, le16_to_cpu(action_frame->len),
+                         le32_to_cpu(af_params->channel));
 
                ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg),
                                                  af_params);
 
                cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
                                        GFP_KERNEL);
+free:
                kfree(af_params);
        } else {
                brcmf_dbg(TRACE, "Unhandled, fc=%04x!!\n", mgmt->frame_control);
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
index c9537fb597ce850842ca6cb8bd1f6856de04c3d3..4f0ea4347840b5133b5c30a98f122718c540f1b8 100644 (file)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
@@ -112,8 +112,7 @@ int brcmf_cyw_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
        struct brcmf_cfg80211_vif *vif;
        s32 err = 0;
        bool ack = false;
-       s32 chan_nr;
-       u32 freq;
+       __le16 hw_ch;
        struct brcmf_mf_params_le *mf_params;
        u32 mf_params_len;
        s32 ready;
@@ -143,13 +142,18 @@ int brcmf_cyw_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
        mf_params->len = cpu_to_le16(len - DOT11_MGMT_HDR_LEN);
        mf_params->frame_control = mgmt->frame_control;
 
-       if (chan)
-               freq = chan->center_freq;
-       else
-               brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
-                                     &freq);
-       chan_nr = ieee80211_frequency_to_channel(freq);
-       mf_params->channel = cpu_to_le16(chan_nr);
+       if (chan) {
+               hw_ch = cpu_to_le16(chan->hw_value);
+       } else {
+               err = brcmf_fil_cmd_data_get(vif->ifp, BRCMF_C_GET_CHANNEL,
+                                            &hw_ch, sizeof(hw_ch));
+               if (err) {
+                       bphy_err(drvr, "unable to get current hw channel\n");
+                       goto free;
+               }
+       }
+       mf_params->channel = hw_ch;
+
        memcpy(&mf_params->da[0], &mgmt->da[0], ETH_ALEN);
        memcpy(&mf_params->bssid[0], &mgmt->bssid[0], ETH_ALEN);
        mf_params->packet_id = cpu_to_le32(*cookie);
@@ -159,7 +163,8 @@ int brcmf_cyw_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
        brcmf_dbg(TRACE, "Auth frame, cookie=%d, fc=%04x, len=%d, channel=%d\n",
                  le32_to_cpu(mf_params->packet_id),
                  le16_to_cpu(mf_params->frame_control),
-                 le16_to_cpu(mf_params->len), chan_nr);
+                 le16_to_cpu(mf_params->len),
+                 le16_to_cpu(mf_params->channel));
 
        vif->mgmt_tx_id = le32_to_cpu(mf_params->packet_id);
        set_bit(BRCMF_MGMT_TX_SEND_FRAME, &vif->mgmt_tx_status);
@@ -185,6 +190,7 @@ int brcmf_cyw_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
 tx_status:
        cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
                                GFP_KERNEL);
+free:
        kfree(mf_params);
        return err;
 }
A mirror of Linus' kernel repository