bes2600: thread struct device * through factory request_firmware() call

Follow-up to \"bes2600: use request_firmware() for factory.txt read\".
That patch switched the factory calibration read path from filp_open()
+ kernel_read() to request_firmware(), but passed dev=NULL to
request_firmware() because factory_section_read_file() did not have a
struct device * in scope. The resulting logs carry the
'(NULL device *):' prefix and do not propagate a udev association.

Add a module-local static struct device * used as the firmware-class
load context, plus a small exported setter:

    static struct device *bes2600_factory_dev;
    void bes2600_factory_set_dev(struct device *dev);

Wire bes2600_factory_set_dev(&func->dev) from bes2600_sdio_probe(),
right after bes2600_platform_data_init() so the platform layer has
already had a chance to use the same struct device for its own
initialization.

factory_section_read_file() now passes bes2600_factory_dev (instead
of NULL) to request_firmware(). When the factory read happens before
probe (not currently the case on PineTab2) the pointer is still NULL
and request_firmware() accepts that; no regression.

No API changes to bes2600_get_factory_cali_data() callers. The
char *path parameter remains (it is the firmware-class name fed
straight to request_firmware()).

Tested-on: PineTab2 (BES2600WM + RK3566) running linux-pinetab2
6.19.10-danctnix1-1. Driver probes, factory data is read, and any
post-c5 factory diagnostics now carry the SDIO device identity
instead of '(NULL device *)'.

Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>

bes2600/Makefile

@@ -65,8 +65,8 @@ BES2600_DRV_VERSION := bes2600_0.3.5_2024.0116
 
 ifeq ($(CONFIG_BES2600_CALIB_FROM_LINUX),y)
 FACTORY_CRC_CHECK                    ?= n
-STANDARD_FACTORY_EFUSE_FLAG          ?= y
-FACTORY_PATH                 ?= /lib/firmware/bes2600_factory.txt
+STANDARD_FACTORY_EFUSE_FLAG          ?= n
+FACTORY_PATH                 ?= bes2600/bes2600_factory.txt
 endif
 
 # basic function

bes2600/bes2600.h

@@ -596,11 +596,6 @@ struct bes2600_vif {
         unsigned long           rx_timestamp;
         u32                     cipherType;
 
-	/* Decrypt-storm fast-recover (Trigger B). See txrx.c. */
-	unsigned long			decrypt_storm_window_start;
-	unsigned int			decrypt_storm_count;
-	unsigned int			decrypt_storm_recoveries;
-	struct work_struct		decrypt_storm_recover_work;
 
 	/* AP powersave */
 	u32			link_id_map;
@@ -861,8 +856,4 @@ int bes2600_btusb_setup_pipes(struct sbus_priv *sbus_priv);
 void bes2600_btusb_uninit(struct usb_interface *interface);
 #endif
 
-/* Decrypt-storm fast-recover helpers — see txrx.c. */
-void bes2600_decrypt_storm_init(struct bes2600_vif *priv);
-void bes2600_decrypt_storm_account(struct bes2600_vif *priv);
-
 #endif /* BES2600_H */

bes2600/bes2600_factory.c

@@ -12,6 +12,7 @@
 #include <linux/module.h>
 #include <linux/sched.h>
 #include <linux/fs.h>
+#include <linux/firmware.h>
 #include <linux/slab.h>
 #include <linux/mutex.h>
 #include <linux/crc32.h>
@@ -30,6 +31,18 @@
 
 static DEFINE_MUTEX(factory_lock);
 
+/*
+ * struct device * for request_firmware() context. Set once at SDIO
+ * probe via bes2600_factory_set_dev(). NULL is tolerated (falls back
+ * to the udev-less firmware-class path) but loses per-device logging.
+ */
+static struct device *bes2600_factory_dev;
+
+void bes2600_factory_set_dev(struct device *dev)
+{
+	bes2600_factory_dev = dev;
+}
+
 /*
  * It is only used for temporary storage.
  * Every time get the factory, it will read from the
@@ -137,38 +150,32 @@ static int bes2600_factory_crc_check(struct factory_t *factory_data)
  */
 static int factory_section_read_file(char *path, void *buffer)
 {
-	int ret = 0;
-	struct file *fp;
+	const struct firmware *fw;
+	int ret;
 
 	if (!path || !buffer) {
 		bes_err("%s NULL pointer err\n", __func__);
 		return -1;
 	}
 
-	bes_devel("reading %s \n", path);
+	bes_devel("requesting firmware-class %s\n", path);
 
-	fp = filp_open(path, O_RDONLY, 0); //S_IRUSR
-	if (IS_ERR(fp)) {
-		bes_devel("BES2600 : can't open %s\n",path);
+	ret = request_firmware(&fw, path, bes2600_factory_dev);
+	if (ret) {
+		bes_devel("BES2600: request_firmware(%s) failed: %d\n", path, ret);
 		return -1;
 	}
 
-	if (fp->f_inode->i_size <= 0 || fp->f_inode->i_size > FACTORY_MAX_SIZE) {
-		bes_err(			"bes2600_factory.txt size check failed, read_size: %lld max_size: %d\n",
-			fp->f_inode->i_size, FACTORY_MAX_SIZE);
-		filp_close(fp, NULL);
+	if (fw->size == 0 || fw->size > FACTORY_MAX_SIZE) {
+		bes_err("bes2600_factory.txt size check failed, read_size: %zu max_size: %d\n",
+			fw->size, FACTORY_MAX_SIZE);
+		release_firmware(fw);
 		return -1;
 	}
 
-	ret = kernel_read(fp, buffer, fp->f_inode->i_size, &fp->f_pos);
-
-	filp_close(fp, NULL);
-
-	if (ret != fp->f_inode->i_size) {
-		bes_err("bes2600_factory.txt read fail\n");
-		ret = -1;
-	}
-
+	memcpy(buffer, fw->data, fw->size);
+	ret = (int)fw->size;
+	release_firmware(fw);
 	return ret;
 }
 

bes2600/bes2600_factory.h

@@ -199,6 +199,9 @@ enum factory_cali_status {
 /* just calibrate 11n, other protocols are automatically mapped */
 #define WIFI_RF_11N_MODE 0x15
 
+/* set the struct device * used for request_firmware() context */
+void bes2600_factory_set_dev(struct device *dev);
+
 /* read wifi & bt factory cali value*/
 u8* bes2600_get_factory_cali_data(u8 *file_buffer, u32 *data_len, char *path);
 void factory_little_endian_cvrt(u8 *data);

bes2600/bes2600_sdio.c

@@ -30,6 +30,7 @@
 #include "bes2600.h"
 #include "sbus.h"
 #include "bes2600_plat.h"
+#include "bes2600_factory.h"
 #include "hwio.h"
 #include "bes_chardev.h"
 #include "bes_log.h"
@@ -1834,6 +1835,9 @@ static int bes2600_sdio_probe(struct sdio_func *func,
 	if (ret)
 		goto err;
 
+	/* wire struct device into factory.c for request_firmware() context */
+	bes2600_factory_set_dev(dev);
+
 	self->pdata = bes2600_get_platform_data();
 	self->func = func;
 	self->dev = &func->dev;

bes2600/debug.c

@@ -542,8 +542,6 @@ static int bes2600_status_show_priv(struct seq_file *seq, void *v)
 		priv->listening ? " (listening)" : "");
 	seq_printf(seq, "Assoc:      %s\n",
 		bes2600_debug_join_status[priv->join_status]);
-	seq_printf(seq, "DecryptStormRecoveries: %u\n",
-		   priv->decrypt_storm_recoveries);
 	if (priv->rx_filter.promiscuous)
 		seq_puts(seq,   "Filter:     promisc\n");
 	else if (priv->rx_filter.fcs)

bes2600/sta.c

@@ -448,7 +448,6 @@ void bes2600_remove_interface(struct ieee80211_hw *dev,
 	cancel_delayed_work_sync(&priv->join_timeout);
 	cancel_delayed_work_sync(&priv->set_cts_work);
 	cancel_delayed_work_sync(&priv->pending_offchanneltx_work);
-	cancel_work_sync(&priv->decrypt_storm_recover_work);
 
 	del_timer_sync(&priv->mcast_timeout);
 	/* TODO:COMBO: May be reset of these variables "delayed_link_loss and
@@ -2620,7 +2619,6 @@ int bes2600_vif_setup(struct bes2600_vif *priv)
 
 	/* Setup per vif workitems and locks */
 	spin_lock_init(&priv->vif_lock);
-	bes2600_decrypt_storm_init(priv);
 	INIT_WORK(&priv->join_work, bes2600_join_work);
 	INIT_DELAYED_WORK(&priv->join_timeout, bes2600_join_timeout);
 	INIT_WORK(&priv->unjoin_work, bes2600_unjoin_work);

bes2600/txrx.c

@@ -25,78 +25,6 @@
 
 #define BES2600_INVALID_RATE_ID (0xFF)
 
-/*
- * Decrypt-storm fast-recover (Trigger B).
- *
- * When the BES2600 firmware reports WSM_STATUS_DECRYPTFAILURE for a
- * burst of received frames (typically because the host's PTK or GTK
- * has fallen out of sync with the AP), the AP eventually concludes that
- * the STA is not authenticated and emits an unprotected deauth-reason-6
- * ("Class 2 frame received from non-authenticated station"). On the
- * deployed pinetab2 + bes2600 stack this AP-initiated deauth has been
- * observed to leave the link blackholed for up to 109 s before
- * userspace finds a different SSID/channel to recover on. (Receipts at
- * https://git.reauktion.de/marfrit/besser, notes/phase5-2026-05-06.md.)
- *
- * Recovery here pre-empts the AP: when we see THRESHOLD decrypt
- * failures within WINDOW, we ask mac80211 for a clean reassoc via
- * ieee80211_connection_loss(), which causes immediate disassociation
- * and lets userspace auto-reconnect with fresh keys.
- *
- * mac80211 contract: ieee80211_connection_loss() may be called
- * regardless of IEEE80211_HW_CONNECTION_MONITOR; it causes immediate
- * disassociation without driver-side recovery attempts. See
- * include/net/mac80211.h for the canonical doc-comment.
- *
- * The threshold is set well above the steady-state per-vif
- * decrypt-fail rate observed in measurement (~1/min even under
- * sustained 1 MB/s load), so a true storm is required to trip it.
- */
-#define BES2600_DECRYPT_STORM_THRESHOLD	5
-#define BES2600_DECRYPT_STORM_WINDOW_MS	5000
-
-static void bes2600_decrypt_storm_recover_work(struct work_struct *work)
-{
-	struct bes2600_vif *priv = container_of(work, struct bes2600_vif,
-						decrypt_storm_recover_work);
-
-	if (!priv->vif)
-		return;
-
-	bes_warn("[bes2600] decrypt-storm fast-recover: forcing reassoc\n");
-	ieee80211_connection_loss(priv->vif);
-	priv->decrypt_storm_recoveries++;
-}
-
-void bes2600_decrypt_storm_init(struct bes2600_vif *priv)
-{
-	INIT_WORK(&priv->decrypt_storm_recover_work,
-		  bes2600_decrypt_storm_recover_work);
-	priv->decrypt_storm_window_start = 0;
-	priv->decrypt_storm_count = 0;
-	priv->decrypt_storm_recoveries = 0;
-}
-
-void bes2600_decrypt_storm_account(struct bes2600_vif *priv)
-{
-	unsigned long now = jiffies;
-	unsigned long window = msecs_to_jiffies(BES2600_DECRYPT_STORM_WINDOW_MS);
-
-	if (priv->decrypt_storm_window_start == 0 ||
-	    time_after(now, priv->decrypt_storm_window_start + window)) {
-		priv->decrypt_storm_window_start = now;
-		priv->decrypt_storm_count = 1;
-		return;
-	}
-
-	if (++priv->decrypt_storm_count >= BES2600_DECRYPT_STORM_THRESHOLD) {
-		priv->decrypt_storm_count = 0;
-		/* Skew the window so we don't re-fire on the same storm. */
-		priv->decrypt_storm_window_start = now + window;
-		schedule_work(&priv->decrypt_storm_recover_work);
-	}
-}
-
 #ifdef CONFIG_BES2600_TESTMODE
 #include "bes_nl80211_testmode_msg.h"
 #endif /* CONFIG_BES2600_TESTMODE */
@@ -1744,8 +1672,6 @@ void bes2600_rx_cb(struct bes2600_vif *priv,
 			goto drop;
 		} else {
 			bes_warn("[RX] Receive failure: %d.\n", arg->status);
-			if (arg->status == WSM_STATUS_DECRYPTFAILURE)
-				bes2600_decrypt_storm_account(priv);
 			goto drop;
 		}
 	}

bes2600/wsm.h

@@ -2236,7 +2236,5 @@ int wsm_cpu_usage_cmd(struct bes2600_common *hw_priv);
 
 int wsm_wifi_status_cmd(struct bes2600_common *hw_priv, uint32_t status);
 
-#if defined(STANDARD_FACTORY_EFUSE_FLAG)
 int wsm_save_factory_txt_to_mcu(struct bes2600_common *hw_priv, const u8 *data, int if_id, enum bes2600_rf_cmd_type cmd_type);
-#endif
 #endif /* BES2600_HWIO_H_INCLUDED */