2026-05-18 19:18:08 +00:00
3 changed files with 35 additions and 5 deletions
@@ -829,19 +829,19 @@ int bes2600_queue_get_skb(struct bes2600_queue *queue, u32 packetID,
 	bes2600_queue_parse_id(packetID, &queue_generation, &queue_id,
 				&item_generation, &item_id, &if_id, &link_id);

-	spin_lock(&queue->stats->hw_priv->tx_loop.pending_record_lock);
+	spin_lock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock);
 	if (!list_empty(&queue->stats->hw_priv->tx_loop.pending_record_list)) {
 		list_for_each_entry_safe(record_item, temp_record_item, &queue->stats->hw_priv->tx_loop.pending_record_list, head) {
 			if (record_item->packetID == packetID) {
 				list_del(&record_item->head);
 				dev_kfree_skb(record_item->skb);
 				kfree(record_item);
-				spin_unlock(&queue->stats->hw_priv->tx_loop.pending_record_lock);
+				spin_unlock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock);
 				return -EINVAL;
 			}
 		}
 	}
-	spin_unlock(&queue->stats->hw_priv->tx_loop.pending_record_lock);
+	spin_unlock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock);

 	item = &queue->pool[item_id];

@@ -238,6 +238,36 @@ int bes2600_hw_scan(struct ieee80211_hw *hw,
 	/* Scan when P2P_GO corrupt firmware MiniAP mode */
 	if (priv->join_status == BES2600_JOIN_STATUS_AP)
 		return -EOPNOTSUPP;
+
+	/*
+	 * Firmware refuses WSM start-scan for 5 GHz with status 2 ("rejected
+	 * by policy"); see besser issue #1.  mac80211 splits multi-band
+	 * hw_scan requests per-band when the driver does not set
+	 * IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS (we don't -- see
+	 * ieee80211_hw_set() calls in bes2600_main.c), so each per-band call
+	 * has req->channels[] from one band only (see ieee80211_prep_hw_scan
+	 * in net/mac80211/scan.c).  Refuse the 5 GHz iteration at the driver
+	 * boundary so userspace gets a clean aborted-scan for that portion
+	 * rather than waiting for the firmware reject to cascade up.
+	 *
+	 * Only the multi-channel case is refused (n_channels > 1): that's
+	 * the per-band-sweep pattern mac80211 issues internally and the
+	 * one that triggers the firmware storm at the per-band loop
+	 * boundary.  Single-channel 5 GHz scans (BSS verification, NM's
+	 * per-freq iteration when 802-11-wireless.band=a is set) pass
+	 * through to firmware, which generally accepts them since the
+	 * storm is the back-to-back per-band issue, not a blanket 5 GHz
+	 * reject.  This preserves 5 GHz association via the
+	 * "wpa_supplicant iterates freq_list per channel" path.
+	 *
+	 * Contract: per include/net/mac80211.h struct ieee80211_ops.hw_scan
+	 * documentation, a negative return aborts the scan without requiring
+	 * ieee80211_scan_completed().
+	 */
+	if (req->n_channels > 1 &&
+	    req->channels[0]->band == NL80211_BAND_5GHZ)
+		return -EOPNOTSUPP;
+
 #if 0
 	if (work_pending(&priv->offchannel_work) ||
 			(hw_priv->roc_if_id != -1)) {
@@ -109,9 +109,9 @@ void bes2600_tx_loop_set_enable(struct bes2600_common *hw_priv, bool need_warn)
                bes2600_queue_iterate_pending_packet(&hw_priv->tx_queue[i],
 				                bes2600_tx_loop_item_pending_item);
        }
-	spin_lock(&hw_priv->tx_loop.pending_record_lock);
+	spin_lock_bh(&hw_priv->tx_loop.pending_record_lock);
        bes2600_queue_iterate_record_pending_packet(hw_priv, bes2600_tx_loop_item_pending_item);
-	spin_unlock(&hw_priv->tx_loop.pending_record_lock);
+	spin_unlock_bh(&hw_priv->tx_loop.pending_record_lock);

        if (atomic_read(&hw_priv->bh_rx) > 0)
 		wake_up(&hw_priv->bh_wq);