Opening the device worked fine. I used the exploit #179 and gained root.
I installed robimarko's branch and was surprised that 2.5GB WAN is working with 1GB and also 2.5GB. Also wifi comes up. 
1 Like
Just to clarify - all four wifi are up? (IoT, 2.4Ghz, 5Ghz & 5.8GHz)?
Also ... do you mind sharing memory usage after a few hours of typical use - is memory a problem after a few hours? (Infamous memory leak)
The QCN card isnt working, thats for sure
Yepp, QCN is missing. Was a bit too optimistic. As soon as I have more results, I will share.
1 Like
Has anyone tested this patch for ath11k specifically for the ax9000? Seems it possibly could also be applicable for the ax3600 etc? https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg60006.html
I honestly have no idea what is that supposed to do at all.
Whoever sent it probably had no idea as well
Did you read what's in the patch?
It's just one of the ath11k optimization patch from QCA and they removed it.
Does it change anything that now we have kernel 5.15 backported?
Yeah, it helps a lot.
I can tell you that I am working on it, but its gonna take time and testing as I cant get the card to load the FW despite backporting QRTR changes to start the channels which worked before 5.15
Thanks for your time and for your contribution!
You are our hero on a quest to liberate this hardware 
Take your time and let us know if we could help in any way ...
Have I missed a fix for the 2.5 Gbit LAN/WAN or backported 5.15 kernel helped with this as well?
5.15 is only for wireless, everything else is on 5.10 but the 2.5G port decided to magically work on its own again
LOL
That's good it decided magically to work
But I have to say my work related experience is the opposite - usually things magically break down and never fix themselves
Well, I thought it will be the case here as well, but somehow it magically fixed itself
Hi! Just a question, should the standard 2.4 and 5GHz radio work? I understood the QCN would not work ATM.
I get this error:
Sun Nov 14 00:06:01 2021 daemon.notice netifd: Interface 'clients' is now up
Sun Nov 14 00:06:01 2021 daemon.notice hostapd: Frequency 5180 (primary) not allowed for AP mode, flags: 0x851
Sun Nov 14 00:06:01 2021 daemon.err hostapd: Primary frequency not allowed
Sun Nov 14 00:06:01 2021 daemon.warn hostapd: wap-knet1: IEEE 802.11 Configured channel (36) or frequency (5180) (secondary_channel=1) not found from the channel list of the current mode (2) IEEE 802.11a
Sun Nov 14 00:06:01 2021 daemon.warn hostapd: wap-knet1: IEEE 802.11 Hardware does not support configured channel
Sun Nov 14 00:06:01 2021 daemon.err hostapd: Could not select hw_mode and channel. (-3)
Sun Nov 14 00:06:01 2021 daemon.notice hostapd: wap-knet1: interface state COUNTRY_UPDATE->DISABLED
My radio settings:
config wifi-device 'radio1'
option band '5g'
option type 'mac80211'
option disabled '0'
option country 'CN'
option channel '36'
option log_level '1'
option htmode 'HE80'
option path 'platform/soc/c000000.wifi'
Why that ? Shouldn't it work?
BTW, I used the hack with the javascript tools. I 've set CN when I was asked for a country code while patching.
Yeah, they do work.
However, run iw reg set CN and then iw reg get cause I bet that the broken ath11k regulatory setting will not allow that channel in HE80 or at all
Good hint, will try!
Hm, even with HT20 it doesn't come up. Same error.
Again, just check the rules you get with iw reg get and iw phy
iw phy will give you the list of channels along with power allowed after everything is accounted
BTW, If you are not from China why use it as the regulatory domain?
I just used it as a fallback, thought at least this one should work. If I use DE, I get this kernel error:
[ 21.098242] WARNING: CPU: 1 PID: 2091 at ath11k_reg_update_chan_list+0x210/0x240 [ath11k]
[ 21.101877] Modules linked in: iptable_nat ath11k_ahb ath11k ath10k_pci ath10k_core ath xt_state xt_nat xt_conntrack xt_REDIRECT xt_MASQUERADE xt_CT nf_nat nf_conntrack mac80211 iptable_mangle iptable_filter ipt_REJECT ip_tables cfg80211 xt_time xt_tcpudp xt_multiport xt_mark xg
[ 21.151774] CPU: 1 PID: 2091 Comm: hostapd Not tainted 5.10.78 #0
[ 21.174005] Hardware name: Xiaomi AX9000 (DT)
[ 21.180255] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[ 21.184607] pc : ath11k_reg_update_chan_list+0x210/0x240 [ath11k]
[ 21.190681] lr : ath11k_wmi_wow_enable+0x25e0/0x4104 [ath11k]
[ 21.196661] sp : ffffffc0141a39c0
[ 21.202385] x29: ffffffc0141a39c0 x28: ffffff80074d6000
[ 21.205689] x27: 0000000000000000 x26: 0000000000001003
[ 21.211070] x25: 0000000000000000 x24: ffffff800737a7c0
[ 21.216365] x23: ffffff800737c3e8 x22: ffffff8007378c40
[ 21.221661] x21: ffffff8007378c18 x20: 0000000000000000
[ 21.226956] x19: ffffff800737a7c0 x18: 0000000000000014
[ 21.232252] x17: 0000000000000004 x16: ffffff800737b408
[ 21.237546] x15: 000000000000000d x14: ffffff8006328354
[ 21.242843] x13: 0000000000000067 x12: ffffff80063283a0
[ 21.248137] x11: 0000000000000018 x10: 0000000000000066
[ 21.253433] x9 : 0000000000000007 x8 : 0000000000000004
[ 21.258727] x7 : ffffff800737b428 x6 : 00000000ffffffff
[ 21.264022] x5 : 000000000000000c x4 : 0000000000000040
[ 21.269316] x3 : ffffff8007378c40 x2 : ffffff80040a76cc
[ 21.274613] x1 : 0000000000000031 x0 : 0000000000000000
[ 21.279908] Call trace:
[ 21.285205] ath11k_reg_update_chan_list+0x210/0x240 [ath11k]
[ 21.287377] ath11k_wmi_wow_enable+0x25e0/0x4104 [ath11k]
[ 21.293304] drv_start+0x38/0x60 [mac80211]
[ 21.298670] ieee80211_do_open+0x264/0x86c [mac80211]
[ 21.302666] ieee80211_do_open+0x820/0x86c [mac80211]
[ 21.307868] __dev_open+0xf4/0x180
[ 21.312893] __dev_change_flags+0x140/0x194
[ 21.316192] dev_change_flags+0x28/0x6c
[ 21.320275] devinet_ioctl+0x63c/0x6d0
[ 21.324091] inet_ioctl+0x304/0x370
[ 21.327910] sock_do_ioctl+0x48/0x2e4
[ 21.331295] sock_ioctl+0x274/0x54c
[ 21.335115] __arm64_sys_ioctl+0xbc/0xdc
[ 21.338417] el0_svc_common.constprop.0+0x88/0x190
[ 21.342583] do_el0_svc+0x70/0x90
[ 21.347183] el0_svc+0x14/0x20
[ 21.350565] el0_sync_handler+0x1a8/0x1b0
[ 21.353518] el0_sync+0x184/0x1c0
[ 21.357596] ---[ end trace c25ef27aa07d255a ]---
reg:
global
country DE: DFS-ETSI
(2400 - 2483 @ 40), (N/A, 20), (N/A)
(5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5470 - 5725 @ 160), (N/A, 26), (0 ms), DFS
(5725 - 5875 @ 80), (N/A, 13), (N/A)
(5945 - 6425 @ 160), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
phy#2 (self-managed)
country DE: DFS-ETSI
(2402 - 2472 @ 40), (N/A, 30), (N/A)
(5170 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5330 @ 80), (N/A, 23), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5490 - 5590 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
(5590 - 5650 @ 40), (N/A, 24), (600000 ms), DFS, AUTO-BW
(5650 - 5710 @ 40), (N/A, 24), (0 ms), DFS, AUTO-BW
phy#1 (self-managed)
country DE: DFS-ETSI
(2402 - 2472 @ 40), (N/A, 30), (N/A)
(5170 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5330 @ 80), (N/A, 23), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5490 - 5590 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
(5590 - 5650 @ 40), (N/A, 24), (600000 ms), DFS, AUTO-BW
(5650 - 5710 @ 40), (N/A, 24), (0 ms), DFS, AUTO-BW
I do not see a cause why It should work regarding the reg domain.
iw info:
Wiphy phy1
Frequencies:
* 5180 MHz [36] (disabled)
* 5200 MHz [40] (disabled)
* 5220 MHz [44] (disabled)
* 5240 MHz [48] (disabled)
* 5260 MHz [52] (disabled)
* 5280 MHz [56] (disabled)
* 5300 MHz [60] (disabled)
* 5320 MHz [64] (disabled)
* 5500 MHz [100] (disabled)
* 5520 MHz [104] (disabled)
* 5540 MHz [108] (disabled)
* 5560 MHz [112] (disabled)
* 5580 MHz [116] (disabled)
* 5600 MHz [120] (disabled)
* 5620 MHz [124] (disabled)
* 5640 MHz [128] (disabled)
* 5660 MHz [132] (disabled)
* 5680 MHz [136] (disabled)
* 5700 MHz [140] (disabled)
* 5720 MHz [144] (disabled)
* 5745 MHz [149] (disabled)
* 5765 MHz [153] (disabled)
* 5785 MHz [157] (disabled)
* 5805 MHz [161] (disabled)
* 5825 MHz [165] (disabled)
* 5845 MHz [169] (disabled)
* 5865 MHz [173] (disabled)
But if you invoke iw reg set DE manually?
If you want a regulatory domain that really imposes loose restrictions then just use US as any ETSI country will disable all of the limited channels that the built-in 5GHz radio can do as almost all of the 5GHz channels are done via the QCN9074 card