[PATCH 5.4 64/71] mac80211: fix regression in SSN handling of addba tx

[Greg Kroah-Hartman]

From: Felix Fietkau <nbd@xxxxxxxx>

commit 73111efacd3c6d9e644acca1d132566932be8af0 upstream.

Some drivers that do their own sequence number allocation (e.g. ath9k) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 31d8bb4e07f8 ("mac80211: agg-tx: refactor sending addba")
Reported-by: Eneas U de Queiroz <cotequeiroz@xxxxxxxxx>
Signed-off-by: Felix Fietkau <nbd@xxxxxxxx>
Link: https://lore.kernel.org/r/20211124094024.43222-1-nbd@xxxxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/mac80211/agg-tx.c   |    4 ++--
 net/mac80211/sta_info.h |    1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -481,8 +481,7 @@ static void ieee80211_send_addba_with_ti
 
 	/* send AddBA request */
 	ieee80211_send_addba_request(sdata, sta->sta.addr, tid,
-				     tid_tx->dialog_token,
-				     sta->tid_seq[tid] >> 4,
+				     tid_tx->dialog_token, tid_tx->ssn,
 				     buf_size, tid_tx->timeout);
 }
 
@@ -522,6 +521,7 @@ void ieee80211_tx_ba_session_handle_star
 
 	params.ssn = sta->tid_seq[tid] >> 4;
 	ret = drv_ampdu_action(local, sdata, &params);
+	tid_tx->ssn = params.ssn;
 	if (ret) {
 		ht_dbg(sdata,
 		       "BA request denied - HW unavailable for %pM tid %d\n",
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -180,6 +180,7 @@ struct tid_ampdu_tx {
 	u8 stop_initiator;
 	bool tx_stop;
 	u16 buf_size;
+	u16 ssn;
 
 	u16 failed_bar_ssn;
 	bool bar_pending;