v1.1.0: Complete kernel modules, fix WebUI bugs
Kernel modules fully implemented for kernel 6.6/Tensor G5: - rc_wifi_mon: kprobes kallsyms, bcmdhd iovar monitor/promisc/allmulti, sysfs status at /sys/kernel/rc_wifi_mon/, clean unpatch on unload - rc_shannon_cmd: ioctl interface (AT_CMD, GET_URC, SET_TIMEOUT, GET_STATUS, FLUSH), URC ring buffer (64 entries), modem probe on init - rc_diag_bridge: HDLC decode with CRC-16 validation, FTM ioctl, EFS read/write/stat/unlink, version query, subsystem dispatch - rc_ioctl.h: shared userspace header for all ioctl definitions - All modules handle class_create() API change in kernel 6.4+ WebUI fixes: - Fix malformed WiFi firmware JSON output - Add vonr/vt/apn/nradv to carrier config read endpoint - Fix carrier toggle state loading in frontend - Fix redundant replace in kmod toggle logic Makefile: single-module build (MOD=), make package target uninstall.sh: unload kernel modules before cleanup
This commit is contained in:
sssnake
@@ -3,11 +3,13 @@
|
||||
Out-of-tree kernel modules for enabling hardware features that are
|
||||
compiled out of production Android kernels.
|
||||
|
||||
Target: Pixel 10 Pro Fold (rango), Tensor G5, kernel 6.6.102
|
||||
|
||||
## Build Requirements
|
||||
|
||||
- Matching kernel headers for target device
|
||||
- Matching kernel headers for target device (kernel 6.6.x)
|
||||
- ARM64 cross-compiler (aarch64-linux-gnu-gcc)
|
||||
- Device-specific kernel config
|
||||
- Device-specific kernel config (CONFIG_KPROBES=y, CONFIG_MODULES=y)
|
||||
|
||||
## Modules
|
||||
|
||||
@@ -16,22 +18,55 @@ Patches the WiFi driver's nl80211 ops table at runtime to allow
|
||||
monitor mode and packet injection on chipsets that have the capability
|
||||
but disable it in their cfg80211 change_virtual_intf handler.
|
||||
|
||||
Supports:
|
||||
- Samsung SCSC/SLSI (slsi_set_monitor_mode — re-enables compiled-out path)
|
||||
- Broadcom bcmdhd (patches cfg80211_ops to allow NL80211_IFTYPE_MONITOR)
|
||||
- Qualcomm ath11k/ath12k/cnss (typically already supports monitor, but
|
||||
this bypasses vendor restrictions)
|
||||
Features:
|
||||
- Uses kprobes-based kallsyms lookup (works on kernel 5.7+)
|
||||
- Patches wiphy->interface_modes bitmask for monitor + OCB
|
||||
- Driver-specific firmware iovars for BCM4390 (monitor, promisc, allmulti)
|
||||
- SCSC/SLSI MIB patching for Maxwell firmware monitor enable
|
||||
- sysfs status at /sys/kernel/rc_wifi_mon/status
|
||||
- Clean restore on module unload
|
||||
|
||||
### rc_diag_bridge.ko
|
||||
Creates /dev/rc_diag — a simplified userspace interface to the Qualcomm
|
||||
DIAG subsystem that bypasses the standard diag driver's filtering.
|
||||
Allows reading/writing NV items and sending FTM commands from userspace.
|
||||
Supports:
|
||||
- Broadcom bcmdhd4390 (BCM4390, primary target)
|
||||
- Samsung SCSC/SLSI (Exynos WiFi)
|
||||
- Qualcomm ath11k/ath12k/cnss
|
||||
|
||||
### rc_shannon_cmd.ko
|
||||
Creates /dev/rc_shannon — direct command interface to Samsung Shannon
|
||||
modem bypassing RIL. Allows raw AT command passthrough and IPC message
|
||||
injection for band locking, NR mode control, and diagnostic readout.
|
||||
|
||||
Features:
|
||||
- Auto-detects modem path (umts_atc0, nr_atc0, umts_router)
|
||||
- URC (unsolicited result code) buffering with ring buffer (64 entries)
|
||||
- Structured ioctl interface (RC_SHANNON_AT_CMD) with configurable timeout
|
||||
- Simple read/write interface for basic use
|
||||
- Statistics tracking (cmds sent, bytes tx/rx)
|
||||
- Modem connectivity test on load
|
||||
- Kernel 6.4+ class_create compatibility
|
||||
|
||||
### rc_diag_bridge.ko
|
||||
Creates /dev/rc_diag — a simplified userspace interface to the Qualcomm
|
||||
DIAG subsystem. Handles HDLC framing internally.
|
||||
|
||||
Features:
|
||||
- NV item read/write (DIAG_NV_READ_F / DIAG_NV_WRITE_F)
|
||||
- FTM commands (Factory Test Mode) via subsystem dispatch
|
||||
- EFS2 file operations (open, read, write, stat, unlink)
|
||||
- Full HDLC encode/decode with CRC-16 CCITT validation
|
||||
- Modem version query
|
||||
- Raw DIAG passthrough for advanced use
|
||||
- Graceful inactive mode when no Qualcomm modem present
|
||||
|
||||
Note: This module is for Qualcomm-baseband devices. On Tensor G5 with
|
||||
Shannon 5400, use rc_shannon_cmd instead. rc_diag_bridge will load but
|
||||
remain inactive.
|
||||
|
||||
## Shared Header
|
||||
|
||||
`rc_ioctl.h` contains all ioctl definitions for both modules. Include
|
||||
this from userspace C code to use the structured command interfaces.
|
||||
|
||||
## Building
|
||||
|
||||
```bash
|
||||
@@ -41,14 +76,23 @@ export CROSS_COMPILE=aarch64-linux-gnu-
|
||||
export KERNEL_DIR=/path/to/kernel/source
|
||||
|
||||
# Build all modules
|
||||
make -C $KERNEL_DIR M=$(pwd) modules
|
||||
make
|
||||
|
||||
# Or build individually
|
||||
make -C $KERNEL_DIR M=$(pwd) CONFIG_RC_WIFI_MON=m modules
|
||||
# Build a single module
|
||||
make MOD=rc_wifi_mon
|
||||
|
||||
# Package .ko files for the module zip
|
||||
make package
|
||||
|
||||
# Clean
|
||||
make clean
|
||||
```
|
||||
|
||||
## Runtime Loading
|
||||
|
||||
Modules are loaded by the RadioControl service.sh based on detected chipset.
|
||||
KernelSU module overlay places them in /vendor/lib/modules/ or loads
|
||||
directly via insmod.
|
||||
Modules are loaded by RadioControl's service.sh based on detected chipset.
|
||||
The service automatically:
|
||||
1. Detects SoC type (Tensor/Exynos/Qualcomm)
|
||||
2. Loads the appropriate modules (rc_wifi_mon + rc_shannon_cmd for Tensor)
|
||||
3. Skips rc_diag_bridge on non-Qualcomm devices
|
||||
4. Verifies module load via /proc/modules
|
||||
|
||||
Reference in New Issue
Block a user