PKG_NAME:=mac80211
PKG_VERSION:=2017-01-31
-PKG_RELEASE:=9
+PKG_RELEASE:=10
PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
PKG_BACKPORT_VERSION:=
PKG_HASH:=75e6d39e34cf156212a2509172a4a62b673b69eb4a1d9aaa565f7fa719fa2317
--- /dev/null
+From 73f2c8e933b1dcf432ac8c6965a6e67af630077f Mon Sep 17 00:00:00 2001
+From: Kevin Cernekee <cernekee@chromium.org>
+Date: Sat, 16 Sep 2017 21:08:22 -0700
+Subject: [PATCH] brcmfmac: Avoid possible out-of-bounds read
+
+In brcmf_p2p_notify_rx_mgmt_p2p_probereq(), chanspec is assigned before
+the length of rxframe is validated. This could lead to uninitialized
+data being accessed (but not printed). Since we already have a
+perfectly good endian-swapped copy of rxframe->chanspec in ch.chspec,
+and ch.chspec is not modified by decchspec(), avoid the extra
+assignment and use ch.chspec in the debug print.
+
+Suggested-by: Mattias Nissler <mnissler@chromium.org>
+Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
+Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
+@@ -1853,7 +1853,6 @@ s32 brcmf_p2p_notify_rx_mgmt_p2p_probere
+ struct afx_hdl *afx_hdl = &p2p->afx_hdl;
+ struct brcmf_cfg80211_vif *vif = ifp->vif;
+ struct brcmf_rx_mgmt_data *rxframe = (struct brcmf_rx_mgmt_data *)data;
+- u16 chanspec = be16_to_cpu(rxframe->chanspec);
+ struct brcmu_chan ch;
+ u8 *mgmt_frame;
+ u32 mgmt_frame_len;
+@@ -1906,7 +1905,7 @@ s32 brcmf_p2p_notify_rx_mgmt_p2p_probere
+ cfg80211_rx_mgmt(&vif->wdev, freq, 0, mgmt_frame, mgmt_frame_len, 0);
+
+ brcmf_dbg(INFO, "mgmt_frame_len (%d) , e->datalen (%d), chanspec (%04x), freq (%d)\n",
+- mgmt_frame_len, e->datalen, chanspec, freq);
++ mgmt_frame_len, e->datalen, ch.chspec, freq);
+
+ return 0;
+ }
--- /dev/null
+From 2fd3877b5bb7d39782c3205a1dcda02023b8514a Mon Sep 17 00:00:00 2001
+From: Arend Van Spriel <arend.vanspriel@broadcom.com>
+Date: Wed, 8 Nov 2017 14:36:31 +0100
+Subject: [PATCH] brcmfmac: handle FWHALT mailbox indication
+
+The firmware uses a mailbox to communicate to the host what is going
+on. In the driver we validate the bit received. Various people seen
+the following message:
+
+ brcmfmac: brcmf_sdio_hostmail: Unknown mailbox data content: 0x40012
+
+Bit 4 is cause of this message, but this actually indicates the firmware
+has halted. Handle this bit by giving a more meaningful error message.
+
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+@@ -259,10 +259,11 @@ struct rte_console {
+ #define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */
+
+ /* tohostmailboxdata */
+-#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */
+-#define HMB_DATA_DEVREADY 2 /* talk to host after enable */
+-#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */
+-#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */
++#define HMB_DATA_NAKHANDLED 0x0001 /* retransmit NAK'd frame */
++#define HMB_DATA_DEVREADY 0x0002 /* talk to host after enable */
++#define HMB_DATA_FC 0x0004 /* per prio flowcontrol update flag */
++#define HMB_DATA_FWREADY 0x0008 /* fw ready for protocol activity */
++#define HMB_DATA_FWHALT 0x0010 /* firmware halted */
+
+ #define HMB_DATA_FCDATA_MASK 0xff000000
+ #define HMB_DATA_FCDATA_SHIFT 24
+@@ -1093,6 +1094,10 @@ static u32 brcmf_sdio_hostmail(struct br
+ offsetof(struct sdpcmd_regs, tosbmailbox));
+ bus->sdcnt.f1regdata += 2;
+
++ /* dongle indicates the firmware has halted/crashed */
++ if (hmb_data & HMB_DATA_FWHALT)
++ brcmf_err("mailbox indicates firmware halted\n");
++
+ /* Dongle recomposed rx frames, accept them again */
+ if (hmb_data & HMB_DATA_NAKHANDLED) {
+ brcmf_dbg(SDIO, "Dongle reports NAK handled, expect rtx of %d\n",
+@@ -1150,6 +1155,7 @@ static u32 brcmf_sdio_hostmail(struct br
+ HMB_DATA_NAKHANDLED |
+ HMB_DATA_FC |
+ HMB_DATA_FWREADY |
++ HMB_DATA_FWHALT |
+ HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK))
+ brcmf_err("Unknown mailbox data content: 0x%02x\n",
+ hmb_data);
+++ /dev/null
-From 1259055170287a350cad453e9eac139c81609860 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
-Date: Thu, 15 Mar 2018 08:29:09 +0100
-Subject: [PATCH] brcmfmac: drop Inter-Access Point Protocol packets by default
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Testing brcmfmac with more recent firmwares resulted in AP interfaces
-not working in some specific setups. Debugging resulted in discovering
-support for IAPP in Broadcom's firmwares.
-
-Older firmwares were only generating 802.11f frames. Newer ones like:
-1) 10.10 (TOB) (r663589)
-2) 10.10.122.20 (r683106)
-for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames
-in the Tx path by performing a STA disassociation.
-
-This obsoleted standard and its implementation is something that:
-1) Most people don't need / want to use
-2) Can allow local DoS attacks
-3) Breaks AP interfaces in some specific bridge setups
-
-To solve issues it can cause this commit modifies brcmfmac to drop IAPP
-packets. If affects:
-1) Rx path: driver won't be sending these unwanted packets up.
-2) Tx path: driver will reject packets that would trigger STA
- disassociation perfromed by a firmware (possible local DoS attack).
-
-It appears there are some Broadcom's clients/users who care about this
-feature despite the drawbacks. They can switch it on using a new module
-param.
-
-This change results in only two more comparisons (check for module param
-and check for Ethernet packet length) for 99.9% of packets. Its overhead
-should be very minimal.
-
-Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
-Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++
- .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 +
- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++
- 3 files changed, 63 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
-@@ -73,6 +73,10 @@ static int brcmf_roamoff;
- module_param_named(roamoff, brcmf_roamoff, int, S_IRUSR);
- MODULE_PARM_DESC(roamoff, "Do not use internal roaming engine");
-
-+static int brcmf_iapp_enable;
-+module_param_named(iapp, brcmf_iapp_enable, int, 0);
-+MODULE_PARM_DESC(iapp, "Enable partial support for the obsoleted Inter-Access Point Protocol");
-+
- #ifdef DEBUG
- /* always succeed brcmf_bus_started() */
- static int brcmf_ignore_probe_fail;
-@@ -287,6 +291,7 @@ struct brcmf_mp_device *brcmf_get_module
- settings->feature_disable = brcmf_feature_disable;
- settings->fcmode = brcmf_fcmode;
- settings->roamoff = !!brcmf_roamoff;
-+ settings->iapp = !!brcmf_iapp_enable;
- #ifdef DEBUG
- settings->ignore_probe_fail = !!brcmf_ignore_probe_fail;
- #endif
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
-@@ -58,6 +58,7 @@ struct brcmf_mp_device {
- unsigned int feature_disable;
- int fcmode;
- bool roamoff;
-+ bool iapp;
- bool ignore_probe_fail;
- struct brcmfmac_pd_cc *country_codes;
- union {
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -192,6 +192,37 @@ static void brcmf_netdev_set_multicast_l
- schedule_work(&ifp->multicast_work);
- }
-
-+/**
-+ * brcmf_skb_is_iapp - checks if skb is an IAPP packet
-+ *
-+ * @skb: skb to check
-+ */
-+static bool brcmf_skb_is_iapp(struct sk_buff *skb)
-+{
-+ static const u8 iapp_l2_update_packet[6] __aligned(2) = {
-+ 0x00, 0x01, 0xaf, 0x81, 0x01, 0x00,
-+ };
-+ unsigned char *eth_data;
-+#if !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
-+ const u16 *a, *b;
-+#endif
-+
-+ if (skb->len - skb->mac_len != 6 ||
-+ !is_multicast_ether_addr(eth_hdr(skb)->h_dest))
-+ return false;
-+
-+ eth_data = skb_mac_header(skb) + ETH_HLEN;
-+#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
-+ return !(((*(const u32 *)eth_data) ^ (*(const u32 *)iapp_l2_update_packet)) |
-+ ((*(const u16 *)(eth_data + 4)) ^ (*(const u16 *)(iapp_l2_update_packet + 4))));
-+#else
-+ a = (const u16 *)eth_data;
-+ b = (const u16 *)iapp_l2_update_packet;
-+
-+ return !((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]));
-+#endif
-+}
-+
- static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
- struct net_device *ndev)
- {
-@@ -211,6 +242,23 @@ static netdev_tx_t brcmf_netdev_start_xm
- goto done;
- }
-
-+ /* Some recent Broadcom's firmwares disassociate STA when they receive
-+ * an 802.11f ADD frame. This behavior can lead to a local DoS security
-+ * issue. Attacker may trigger disassociation of any STA by sending a
-+ * proper Ethernet frame to the wireless interface.
-+ *
-+ * Moreover this feature may break AP interfaces in some specific
-+ * setups. This applies e.g. to the bridge with hairpin mode enabled and
-+ * IFLA_BRPORT_MCAST_TO_UCAST set. IAPP packet generated by a firmware
-+ * will get passed back to the wireless interface and cause immediate
-+ * disassociation of a just-connected STA.
-+ */
-+ if (!drvr->settings->iapp && brcmf_skb_is_iapp(skb)) {
-+ dev_kfree_skb(skb);
-+ ret = -EINVAL;
-+ goto done;
-+ }
-+
- /* Make sure there's enough writable headroom*/
- ret = skb_cow_head(skb, drvr->hdrlen);
- if (ret < 0) {
-@@ -288,6 +336,15 @@ void brcmf_txflowblock(struct device *de
-
- void brcmf_netif_rx(struct brcmf_if *ifp, struct sk_buff *skb)
- {
-+ /* Most of Broadcom's firmwares send 802.11f ADD frame every time a new
-+ * STA connects to the AP interface. This is an obsoleted standard most
-+ * users don't use, so don't pass these frames up unless requested.
-+ */
-+ if (!ifp->drvr->settings->iapp && brcmf_skb_is_iapp(skb)) {
-+ brcmu_pkt_buf_free_skb(skb);
-+ return;
-+ }
-+
- if (skb->pkt_type == PACKET_MULTICAST)
- ifp->stats.multicast++;
-
+++ /dev/null
-From: Dan Haab <dhaab@luxul.com>
-Date: Tue, 3 Apr 2018 10:21:56 +0200
-Subject: [PATCH] brcmfmac: add support for BCM4366E chipset
-
-BCM4366E is a wireless chipset with a BCM43664 ChipCommon. It's
-supported by the same firmware as 4366c0.
-
-Signed-off-by: Dan Haab <dan.haab@luxul.com>
-[arend: rebase patch and remove unnecessary definition]
-Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c | 1 +
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 1 +
- drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h | 1 +
- 3 files changed, 3 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
-@@ -689,6 +689,7 @@ static u32 brcmf_chip_tcm_rambase(struct
- case BRCM_CC_43525_CHIP_ID:
- case BRCM_CC_4365_CHIP_ID:
- case BRCM_CC_4366_CHIP_ID:
-+ case BRCM_CC_43664_CHIP_ID:
- return 0x200000;
- case CY_CC_4373_CHIP_ID:
- return 0x160000;
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
-@@ -75,6 +75,7 @@ static struct brcmf_firmware_mapping brc
- BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4365_CHIP_ID, 0xFFFFFFF0, 4365C),
- BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4366_CHIP_ID, 0x0000000F, 4366B),
- BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4366_CHIP_ID, 0xFFFFFFF0, 4366C),
-+ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_43664_CHIP_ID, 0xFFFFFFF0, 4366C),
- BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4371_CHIP_ID, 0xFFFFFFFF, 4371),
- };
-
---- a/drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h
-@@ -57,6 +57,7 @@
- #define BRCM_CC_43602_CHIP_ID 43602
- #define BRCM_CC_4365_CHIP_ID 0x4365
- #define BRCM_CC_4366_CHIP_ID 0x4366
-+#define BRCM_CC_43664_CHIP_ID 43664
- #define BRCM_CC_4371_CHIP_ID 0x4371
- #define CY_CC_4373_CHIP_ID 0x4373
-
--- /dev/null
+From 1259055170287a350cad453e9eac139c81609860 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Thu, 15 Mar 2018 08:29:09 +0100
+Subject: [PATCH] brcmfmac: drop Inter-Access Point Protocol packets by default
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Testing brcmfmac with more recent firmwares resulted in AP interfaces
+not working in some specific setups. Debugging resulted in discovering
+support for IAPP in Broadcom's firmwares.
+
+Older firmwares were only generating 802.11f frames. Newer ones like:
+1) 10.10 (TOB) (r663589)
+2) 10.10.122.20 (r683106)
+for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames
+in the Tx path by performing a STA disassociation.
+
+This obsoleted standard and its implementation is something that:
+1) Most people don't need / want to use
+2) Can allow local DoS attacks
+3) Breaks AP interfaces in some specific bridge setups
+
+To solve issues it can cause this commit modifies brcmfmac to drop IAPP
+packets. If affects:
+1) Rx path: driver won't be sending these unwanted packets up.
+2) Tx path: driver will reject packets that would trigger STA
+ disassociation perfromed by a firmware (possible local DoS attack).
+
+It appears there are some Broadcom's clients/users who care about this
+feature despite the drawbacks. They can switch it on using a new module
+param.
+
+This change results in only two more comparisons (check for module param
+and check for Ethernet packet length) for 99.9% of packets. Its overhead
+should be very minimal.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++
+ .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 +
+ .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++
+ 3 files changed, 63 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
+@@ -73,6 +73,10 @@ static int brcmf_roamoff;
+ module_param_named(roamoff, brcmf_roamoff, int, S_IRUSR);
+ MODULE_PARM_DESC(roamoff, "Do not use internal roaming engine");
+
++static int brcmf_iapp_enable;
++module_param_named(iapp, brcmf_iapp_enable, int, 0);
++MODULE_PARM_DESC(iapp, "Enable partial support for the obsoleted Inter-Access Point Protocol");
++
+ #ifdef DEBUG
+ /* always succeed brcmf_bus_started() */
+ static int brcmf_ignore_probe_fail;
+@@ -287,6 +291,7 @@ struct brcmf_mp_device *brcmf_get_module
+ settings->feature_disable = brcmf_feature_disable;
+ settings->fcmode = brcmf_fcmode;
+ settings->roamoff = !!brcmf_roamoff;
++ settings->iapp = !!brcmf_iapp_enable;
+ #ifdef DEBUG
+ settings->ignore_probe_fail = !!brcmf_ignore_probe_fail;
+ #endif
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
+@@ -58,6 +58,7 @@ struct brcmf_mp_device {
+ unsigned int feature_disable;
+ int fcmode;
+ bool roamoff;
++ bool iapp;
+ bool ignore_probe_fail;
+ struct brcmfmac_pd_cc *country_codes;
+ union {
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -192,6 +192,37 @@ static void brcmf_netdev_set_multicast_l
+ schedule_work(&ifp->multicast_work);
+ }
+
++/**
++ * brcmf_skb_is_iapp - checks if skb is an IAPP packet
++ *
++ * @skb: skb to check
++ */
++static bool brcmf_skb_is_iapp(struct sk_buff *skb)
++{
++ static const u8 iapp_l2_update_packet[6] __aligned(2) = {
++ 0x00, 0x01, 0xaf, 0x81, 0x01, 0x00,
++ };
++ unsigned char *eth_data;
++#if !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
++ const u16 *a, *b;
++#endif
++
++ if (skb->len - skb->mac_len != 6 ||
++ !is_multicast_ether_addr(eth_hdr(skb)->h_dest))
++ return false;
++
++ eth_data = skb_mac_header(skb) + ETH_HLEN;
++#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
++ return !(((*(const u32 *)eth_data) ^ (*(const u32 *)iapp_l2_update_packet)) |
++ ((*(const u16 *)(eth_data + 4)) ^ (*(const u16 *)(iapp_l2_update_packet + 4))));
++#else
++ a = (const u16 *)eth_data;
++ b = (const u16 *)iapp_l2_update_packet;
++
++ return !((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]));
++#endif
++}
++
+ static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
+ struct net_device *ndev)
+ {
+@@ -211,6 +242,23 @@ static netdev_tx_t brcmf_netdev_start_xm
+ goto done;
+ }
+
++ /* Some recent Broadcom's firmwares disassociate STA when they receive
++ * an 802.11f ADD frame. This behavior can lead to a local DoS security
++ * issue. Attacker may trigger disassociation of any STA by sending a
++ * proper Ethernet frame to the wireless interface.
++ *
++ * Moreover this feature may break AP interfaces in some specific
++ * setups. This applies e.g. to the bridge with hairpin mode enabled and
++ * IFLA_BRPORT_MCAST_TO_UCAST set. IAPP packet generated by a firmware
++ * will get passed back to the wireless interface and cause immediate
++ * disassociation of a just-connected STA.
++ */
++ if (!drvr->settings->iapp && brcmf_skb_is_iapp(skb)) {
++ dev_kfree_skb(skb);
++ ret = -EINVAL;
++ goto done;
++ }
++
+ /* Make sure there's enough writable headroom*/
+ ret = skb_cow_head(skb, drvr->hdrlen);
+ if (ret < 0) {
+@@ -288,6 +336,15 @@ void brcmf_txflowblock(struct device *de
+
+ void brcmf_netif_rx(struct brcmf_if *ifp, struct sk_buff *skb)
+ {
++ /* Most of Broadcom's firmwares send 802.11f ADD frame every time a new
++ * STA connects to the AP interface. This is an obsoleted standard most
++ * users don't use, so don't pass these frames up unless requested.
++ */
++ if (!ifp->drvr->settings->iapp && brcmf_skb_is_iapp(skb)) {
++ brcmu_pkt_buf_free_skb(skb);
++ return;
++ }
++
+ if (skb->pkt_type == PACKET_MULTICAST)
+ ifp->stats.multicast++;
+
--- /dev/null
+From: Dan Haab <dhaab@luxul.com>
+Date: Tue, 3 Apr 2018 10:21:56 +0200
+Subject: [PATCH] brcmfmac: add support for BCM4366E chipset
+
+BCM4366E is a wireless chipset with a BCM43664 ChipCommon. It's
+supported by the same firmware as 4366c0.
+
+Signed-off-by: Dan Haab <dan.haab@luxul.com>
+[arend: rebase patch and remove unnecessary definition]
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c | 1 +
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 1 +
+ drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h | 1 +
+ 3 files changed, 3 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
+@@ -689,6 +689,7 @@ static u32 brcmf_chip_tcm_rambase(struct
+ case BRCM_CC_43525_CHIP_ID:
+ case BRCM_CC_4365_CHIP_ID:
+ case BRCM_CC_4366_CHIP_ID:
++ case BRCM_CC_43664_CHIP_ID:
+ return 0x200000;
+ case CY_CC_4373_CHIP_ID:
+ return 0x160000;
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -75,6 +75,7 @@ static struct brcmf_firmware_mapping brc
+ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4365_CHIP_ID, 0xFFFFFFF0, 4365C),
+ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4366_CHIP_ID, 0x0000000F, 4366B),
+ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4366_CHIP_ID, 0xFFFFFFF0, 4366C),
++ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_43664_CHIP_ID, 0xFFFFFFF0, 4366C),
+ BRCMF_FW_NVRAM_ENTRY(BRCM_CC_4371_CHIP_ID, 0xFFFFFFFF, 4371),
+ };
+
+--- a/drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h
++++ b/drivers/net/wireless/broadcom/brcm80211/include/brcm_hw_ids.h
+@@ -57,6 +57,7 @@
+ #define BRCM_CC_43602_CHIP_ID 43602
+ #define BRCM_CC_4365_CHIP_ID 0x4365
+ #define BRCM_CC_4366_CHIP_ID 0x4366
++#define BRCM_CC_43664_CHIP_ID 43664
+ #define BRCM_CC_4371_CHIP_ID 0x4371
+ #define CY_CC_4373_CHIP_ID 0x4373
+
projects / oweals / openwrt.git / commitdiff