marfrit/besser
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd0f5a8b71b9add312f9ca2fc775bf41018cf2c2
besser/danctnix-besser-pkgbuild/kernel/0016-bes2600-Patch-E-skip-ps_state_lock-when-PSM-known-di.patch
T
claude-noether fd0f5a8b71 danctnix-besser: replace cumulative patch with per-series (pkgrel=4) 
Replace the single squashed 0001-bes2600-besser-cumulative-series.patch
with 20 individual per-commit patches matching the bes2600/besser-danctnix-v3
branch in marfrit/bes2600-dkms.  Also remove the duplicate 0003-arm64 entry
that was a bug in pkgrel=3.

Patch list:
  0001 c5.1   defer scan and soften WARN on firmware reject
  0002 c5.1.1 widen scan-defer backoff to 30s and decay reject_count
  0003 c5.2   recover wedged firmware via mmc_hw_reset on link break
  0004 c6.1   gate PM indication completion on pending request
  0005 c6.2   short-circuit wake handshake when chip confirmed ACTIVE
  0006 c7     self-detect when firmware does not honor PSM and skip
  0007 c5.2.1 handle multi-function SDIO cards in mmc_hw_reset
  0008 Patch A pre-empt AP-deauth-6 with reassoc on decrypt-fail storm
  0009 Patch B bus_reset on connection-loss storm
  0010 Patch F3 atomicize atomic_add() calls
  0011 Patch F2 fix missing destroy_workqueue() on error in init_common
  0012 Patch F1 fix concurrency UAF in bes2600_hw_scan / sched_scan
  0013 Patch C v3 drop sdio_rx_work relay, IRQ→bh-direct
  0014 Patch G restore SPDX identifiers + ST-Ericsson attribution
  0015 Patch D atomicize ba_lock counters, drop the spinlock
  0016 Patch E skip ps_state_lock when PSM-known-disabled
  0017 Patch C2 replace ieee80211_rx_irqsafe with ieee80211_rx_ni
  0018 Patch H bh.c hygiene cleanup (drop fossil blocks, dead stubs)
  0019 besser#18 pending_record_lock SOFTIRQ-safe fix
  0020 danctnix-flavor: export bus_reset helpers for bes2600_btuart

Build pending (pkgrel=4 makepkg in progress on boltzmann).

Signed-off-by: Claude (noether) <claude@reauktion.de>
2026-05-20 20:37:30 +02:00

84 lines
3.3 KiB
Diff
Raw Blame History

From dd01be0162846b61c6695887ce9e421b69e099d4 Mon Sep 17 00:00:00 2001
From: Markus Fritsche <fritsche.markus@gmail.com>
Date: Fri, 8 May 2026 00:22:14 +0200
Subject: [PATCH 16/20] =?UTF-8?q?bes2600:=20Patch=20E=20=E2=80=94=20skip?=
=?UTF-8?q?=20ps=5Fstate=5Flock=20when=20PSM-known-disabled?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Per the Opus structural critique (PR #8 §2.4) and Sonnet review item 5.
The per-RX-frame early-data path takes ps_state_lock to double-check
whether a link entry transitioned to BES2600_LINK_SOFT (AP-side
power-save state machine, soft-link transition).
When c7 has latched pm_unsupported = true (firmware does not honor
PSM, see feedback_bes2600_firmware_no_psm memory), the AP power-save
state machine is dead and link entries never transition to LINK_SOFT.
The per-frame spin_lock_bh + double-check is wasted work.
This patch gates the lock acquisition on !pm_unsupported. When the
latch is on (the steady state on the production-shipped bes2600
firmware), early_data RX frames bypass the spin_lock_bh and go
directly to ieee80211_rx_irqsafe.
If a future firmware drop fixes PSM, c7 self-clears pm_unsupported on
the first real PM_INDICATION and the locked path resumes.
Scope is narrower than Sonnet originally framed: only the per-RX-frame
hot path (txrx.c:1945-1951 in cleanups+G+D) is touched. Other
ps_state_lock sites in txrx.c (lines 657, 1256, 1420, 1528) are TX
submission / multicast-start / link-id paths, not per-frame RX, and
not on the Bug #5 hot path. Leave those alone.
Build verified: srcversion B5922B4933590F33207EE97 on ohm sandbox.
---
bes2600/txrx.c | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/bes2600/txrx.c b/drivers/staging/bes2600/txrx.c
index 536b198..cb718ad 100644
--- a/drivers/staging/bes2600/txrx.c
+++ b/drivers/staging/bes2600/txrx.c
@@ -1965,13 +1965,31 @@ void bes2600_rx_cb(struct bes2600_vif *priv,
if (unlikely(bes2600_itp_rxed(hw_priv, skb)))
consume_skb(skb);
else if (unlikely(early_data)) {
- spin_lock_bh(&priv->ps_state_lock);
- /* Double-check status with lock held */
- if (entry->status == BES2600_LINK_SOFT)
- skb_queue_tail(&entry->rx_queue, skb);
- else
+ /*
+ * Patch E: when c7 has latched pm_unsupported (firmware
+ * doesn't honour PSM, see feedback_bes2600_firmware_no_psm),
+ * AP-side power-save state machine is dead and link entries
+ * never transition to BES2600_LINK_SOFT. The double-check
+ * branch under ps_state_lock is unreachable in that case,
+ * so skip the per-frame lock acquisition entirely and
+ * deliver to mac80211 directly.
+ *
+ * On firmware that does honour PSM (the latch self-clears
+ * if a real PM_INDICATION ever arrives — see c7), this
+ * predicate flips back to false and the original locked
+ * path is taken.
+ */
+ if (hw_priv->bes_power.pm_unsupported) {
ieee80211_rx_irqsafe(priv->hw, skb);
- spin_unlock_bh(&priv->ps_state_lock);
+ } else {
+ spin_lock_bh(&priv->ps_state_lock);
+ /* Double-check status with lock held */
+ if (entry->status == BES2600_LINK_SOFT)
+ skb_queue_tail(&entry->rx_queue, skb);
+ else
+ ieee80211_rx_irqsafe(priv->hw, skb);
+ spin_unlock_bh(&priv->ps_state_lock);
+ }
} else {
ieee80211_rx_irqsafe(priv->hw, skb);
}
--
2.54.0
Reference in New Issue View Git Blame Copy Permalink