X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=package%2Fmac80211%2Fpatches%2F300-pending_work.patch;h=f718e266ee967a6b3ab8ec6ea46a77c8026cb855;hb=cfb5f108fcb1cff1309532b96c1340ccfe2b3d08;hp=d47c6261efc82e6b4b39abd2f30721531f81fe1e;hpb=28240cc8d2d2d5d345a9459497dfc3c72379b994;p=openwrt.git diff --git a/package/mac80211/patches/300-pending_work.patch b/package/mac80211/patches/300-pending_work.patch index d47c6261ef..f718e266ee 100644 --- a/package/mac80211/patches/300-pending_work.patch +++ b/package/mac80211/patches/300-pending_work.patch @@ -8,7 +8,59 @@ struct ath_buf_state bf_state; }; -@@ -658,11 +659,10 @@ enum sc_op_flags { +@@ -250,9 +251,9 @@ struct ath_atx_tid { + int tidno; + int baw_head; /* first un-acked tx buffer */ + int baw_tail; /* next unused tx buffer slot */ +- int sched; +- int paused; +- u8 state; ++ bool sched; ++ bool paused; ++ bool active; + }; + + struct ath_node { +@@ -273,10 +274,6 @@ struct ath_node { + #endif + }; + +-#define AGGR_CLEANUP BIT(1) +-#define AGGR_ADDBA_COMPLETE BIT(2) +-#define AGGR_ADDBA_PROGRESS BIT(3) +- + struct ath_tx_control { + struct ath_txq *txq; + struct ath_node *an; +@@ -299,6 +296,7 @@ struct ath_tx { + struct ath_txq txq[ATH9K_NUM_TX_QUEUES]; + struct ath_descdma txdma; + struct ath_txq *txq_map[IEEE80211_NUM_ACS]; ++ struct ath_txq *uapsdq; + u32 txq_max_pending[IEEE80211_NUM_ACS]; + u16 max_aggr_framelen[IEEE80211_NUM_ACS][4][32]; + }; +@@ -356,6 +354,11 @@ void ath_tx_aggr_resume(struct ath_softc + void ath_tx_aggr_wakeup(struct ath_softc *sc, struct ath_node *an); + void ath_tx_aggr_sleep(struct ieee80211_sta *sta, struct ath_softc *sc, + struct ath_node *an); ++void ath9k_release_buffered_frames(struct ieee80211_hw *hw, ++ struct ieee80211_sta *sta, ++ u16 tids, int nframes, ++ enum ieee80211_frame_release_type reason, ++ bool more_data); + + /********/ + /* VIFs */ +@@ -410,6 +413,7 @@ struct ath_beacon { + struct ath_descdma bdma; + struct ath_txq *cabq; + struct list_head bbuf; ++ int cabq_dur; + + bool tx_processed; + bool tx_last; +@@ -658,11 +662,10 @@ enum sc_op_flags { struct ath_rate_table; struct ath9k_vif_iter_data { @@ -25,7 +77,91 @@ int nstations; /* number of station vifs */ --- a/drivers/net/wireless/ath/ath9k/hw.c +++ b/drivers/net/wireless/ath/ath9k/hw.c -@@ -1698,12 +1698,11 @@ static void ath9k_hw_reset_opmode(struct +@@ -1171,6 +1171,7 @@ u32 ath9k_regd_get_ctl(struct ath_regula + static inline void ath9k_hw_set_dma(struct ath_hw *ah) + { + struct ath_common *common = ath9k_hw_common(ah); ++ int txbuf_size; + + ENABLE_REGWRITE_BUFFER(ah); + +@@ -1224,13 +1225,17 @@ static inline void ath9k_hw_set_dma(stru + * So set the usable tx buf size also to half to + * avoid data/delimiter underruns + */ +- REG_WRITE(ah, AR_PCU_TXBUF_CTRL, +- AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE); +- } else if (!AR_SREV_9271(ah)) { +- REG_WRITE(ah, AR_PCU_TXBUF_CTRL, +- AR_PCU_TXBUF_CTRL_USABLE_SIZE); ++ txbuf_size = AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE; ++ } else if (AR_SREV_9340_13_OR_LATER(ah)) { ++ /* Uses fewer entries for AR934x v1.3+ to prevent rx overruns */ ++ txbuf_size = AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE; ++ } else { ++ txbuf_size = AR_PCU_TXBUF_CTRL_USABLE_SIZE; + } + ++ if (!AR_SREV_9271(ah)) ++ REG_WRITE(ah, AR_PCU_TXBUF_CTRL, txbuf_size); ++ + REGWRITE_BUFFER_FLUSH(ah); + + if (AR_SREV_9300_20_OR_LATER(ah)) +@@ -1305,9 +1310,13 @@ static bool ath9k_hw_set_reset(struct at + AR_RTC_RC_COLD_RESET | AR_RTC_RC_WARM_RESET; + } else { + tmpReg = REG_READ(ah, AR_INTR_SYNC_CAUSE); +- if (tmpReg & +- (AR_INTR_SYNC_LOCAL_TIMEOUT | +- AR_INTR_SYNC_RADM_CPL_TIMEOUT)) { ++ if (AR_SREV_9340(ah)) ++ tmpReg &= AR9340_INTR_SYNC_LOCAL_TIMEOUT; ++ else ++ tmpReg &= AR_INTR_SYNC_LOCAL_TIMEOUT | ++ AR_INTR_SYNC_RADM_CPL_TIMEOUT; ++ ++ if (tmpReg) { + u32 val; + REG_WRITE(ah, AR_INTR_SYNC_ENABLE, 0); + +@@ -1366,7 +1375,10 @@ static bool ath9k_hw_set_reset(struct at + + REGWRITE_BUFFER_FLUSH(ah); + +- udelay(50); ++ if (AR_SREV_9100(ah)) ++ mdelay(10); ++ else ++ udelay(50); + + REG_WRITE(ah, AR_RTC_RC, 0); + if (!ath9k_hw_wait(ah, AR_RTC_RC, AR_RTC_RC_M, 0, AH_WAIT_TIMEOUT)) { +@@ -1377,8 +1389,12 @@ static bool ath9k_hw_set_reset(struct at + if (!AR_SREV_9100(ah)) + REG_WRITE(ah, AR_RC, 0); + +- if (AR_SREV_9100(ah)) ++ if (AR_SREV_9100(ah) && type != ATH9K_RESET_WARM) { ++ if (ah->external_reset) ++ ah->external_reset(); ++ + udelay(50); ++ } + + return true; + } +@@ -1464,7 +1480,8 @@ static bool ath9k_hw_chip_reset(struct a + reset_type = ATH9K_RESET_POWER_ON; + else + reset_type = ATH9K_RESET_COLD; +- } else if (ah->chip_fullsleep || REG_READ(ah, AR_Q_TXE) || ++ } else if (ah->chip_fullsleep || ++ REG_READ(ah, AR_Q_TXE) || + (REG_READ(ah, AR_CR) & AR_CR_RXE)) + reset_type = ATH9K_RESET_COLD; + +@@ -1698,12 +1715,11 @@ static void ath9k_hw_reset_opmode(struct ENABLE_REGWRITE_BUFFER(ah); @@ -76,9 +212,100 @@ } /* Called with sc->mutex held. */ +@@ -1327,6 +1332,7 @@ static int ath9k_sta_add(struct ieee8021 + struct ath_common *common = ath9k_hw_common(sc->sc_ah); + struct ath_node *an = (struct ath_node *) sta->drv_priv; + struct ieee80211_key_conf ps_key = { }; ++ int key; + + ath_node_attach(sc, sta, vif); + +@@ -1334,7 +1340,9 @@ static int ath9k_sta_add(struct ieee8021 + vif->type != NL80211_IFTYPE_AP_VLAN) + return 0; + +- an->ps_key = ath_key_config(common, vif, sta, &ps_key); ++ key = ath_key_config(common, vif, sta, &ps_key); ++ if (key > 0) ++ an->ps_key = key; + + return 0; + } +@@ -1351,6 +1359,7 @@ static void ath9k_del_ps_key(struct ath_ + return; + + ath_key_delete(common, &ps_key); ++ an->ps_key = 0; + } + + static int ath9k_sta_remove(struct ieee80211_hw *hw, +@@ -1678,6 +1687,7 @@ static int ath9k_ampdu_action(struct iee + u16 tid, u16 *ssn, u8 buf_size) + { + struct ath_softc *sc = hw->priv; ++ bool flush = false; + int ret = 0; + + local_bh_disable(); +@@ -1694,12 +1704,14 @@ static int ath9k_ampdu_action(struct iee + ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid); + ath9k_ps_restore(sc); + break; +- case IEEE80211_AMPDU_TX_STOP_CONT: + case IEEE80211_AMPDU_TX_STOP_FLUSH: + case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT: ++ flush = true; ++ case IEEE80211_AMPDU_TX_STOP_CONT: + ath9k_ps_wakeup(sc); + ath_tx_aggr_stop(sc, sta, tid); +- ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); ++ if (!flush) ++ ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); + ath9k_ps_restore(sc); + break; + case IEEE80211_AMPDU_TX_OPERATIONAL: +@@ -2366,6 +2378,7 @@ struct ieee80211_ops ath9k_ops = { + .flush = ath9k_flush, + .tx_frames_pending = ath9k_tx_frames_pending, + .tx_last_beacon = ath9k_tx_last_beacon, ++ .release_buffered_frames = ath9k_release_buffered_frames, + .get_stats = ath9k_get_stats, + .set_antenna = ath9k_set_antenna, + .get_antenna = ath9k_get_antenna, --- a/drivers/net/wireless/ath/ath9k/reg.h +++ b/drivers/net/wireless/ath/ath9k/reg.h -@@ -1493,9 +1493,6 @@ enum { +@@ -798,6 +798,10 @@ + #define AR_SREV_REVISION_9485_10 0 + #define AR_SREV_REVISION_9485_11 1 + #define AR_SREV_VERSION_9340 0x300 ++#define AR_SREV_REVISION_9340_10 0 ++#define AR_SREV_REVISION_9340_11 1 ++#define AR_SREV_REVISION_9340_12 2 ++#define AR_SREV_REVISION_9340_13 3 + #define AR_SREV_VERSION_9580 0x1C0 + #define AR_SREV_REVISION_9580_10 4 /* AR9580 1.0 */ + #define AR_SREV_VERSION_9462 0x280 +@@ -897,6 +901,10 @@ + #define AR_SREV_9340(_ah) \ + (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9340)) + ++#define AR_SREV_9340_13_OR_LATER(_ah) \ ++ (AR_SREV_9340((_ah)) && \ ++ ((_ah)->hw_version.macRev >= AR_SREV_REVISION_9340_13)) ++ + #define AR_SREV_9285E_20(_ah) \ + (AR_SREV_9285_12_OR_LATER(_ah) && \ + ((REG_READ(_ah, AR_AN_SYNTH9) & 0x7) == 0x1)) +@@ -1007,6 +1015,8 @@ enum { + AR_INTR_SYNC_LOCAL_TIMEOUT | + AR_INTR_SYNC_MAC_SLEEP_ACCESS), + ++ AR9340_INTR_SYNC_LOCAL_TIMEOUT = 0x00000010, ++ + AR_INTR_SYNC_SPURIOUS = 0xFFFFFFFF, + + }; +@@ -1493,9 +1503,6 @@ enum { #define AR9271_RADIO_RF_RST 0x20 #define AR9271_GATE_MAC_CTL 0x4000 @@ -88,6 +315,14 @@ #define AR_STA_ID1_STA_AP 0x00010000 #define AR_STA_ID1_ADHOC 0x00020000 #define AR_STA_ID1_PWR_SAV 0x00040000 +@@ -1884,6 +1891,7 @@ enum { + #define AR_PCU_TXBUF_CTRL_SIZE_MASK 0x7FF + #define AR_PCU_TXBUF_CTRL_USABLE_SIZE 0x700 + #define AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE 0x380 ++#define AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE 0x500 + + #define AR_PCU_MISC_MODE2 0x8344 + #define AR_PCU_MISC_MODE2_MGMT_CRYPTO_ENABLE 0x00000002 --- a/drivers/net/wireless/ath/hw.c +++ b/drivers/net/wireless/ath/hw.c @@ -118,6 +118,12 @@ @@ -541,7 +776,15 @@ struct rate_info txrate; struct rate_info rxrate; u32 rx_packets; -@@ -4027,6 +4041,17 @@ bool cfg80211_reg_can_beacon(struct wiph +@@ -954,6 +968,7 @@ enum monitor_flags { + MONITOR_FLAG_CONTROL = 1<local; + + if (ieee80211_sdata_running(sdata)) { ++ u32 mask = MONITOR_FLAG_COOK_FRAMES | ++ MONITOR_FLAG_ACTIVE; ++ + /* +- * Prohibit MONITOR_FLAG_COOK_FRAMES to be +- * changed while the interface is up. ++ * Prohibit MONITOR_FLAG_COOK_FRAMES and ++ * MONITOR_FLAG_ACTIVE to be changed while the ++ * interface is up. + * Else we would need to add a lot of cruft + * to update everything: + * cooked_mntrs, monitor and all fif_* counters + * reconfigure hardware + */ +- if ((*flags & MONITOR_FLAG_COOK_FRAMES) != +- (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)) ++ if ((*flags & mask) != (sdata->u.mntr_flags & mask)) + return -EBUSY; + + ieee80211_adjust_monitor_flags(sdata, -1); +@@ -444,7 +447,7 @@ static void sta_set_sinfo(struct sta_inf struct ieee80211_local *local = sdata->local; struct timespec uptime; u64 packets = 0; @@ -834,7 +1118,7 @@ sinfo->generation = sdata->local->sta_generation; -@@ -488,6 +488,17 @@ static void sta_set_sinfo(struct sta_inf +@@ -488,6 +491,17 @@ static void sta_set_sinfo(struct sta_inf sinfo->signal = (s8)sta->last_signal; sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal); } @@ -852,7 +1136,7 @@ sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate); sta_set_rate_info_rx(sta, &sinfo->rxrate); -@@ -1052,6 +1063,7 @@ static int ieee80211_stop_ap(struct wiph +@@ -1052,6 +1066,7 @@ static int ieee80211_stop_ap(struct wiph ieee80211_free_keys(sdata); sdata->vif.bss_conf.enable_beacon = false; @@ -860,7 +1144,7 @@ clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); -@@ -2416,9 +2428,22 @@ static int ieee80211_set_bitrate_mask(st +@@ -2416,9 +2431,22 @@ static int ieee80211_set_bitrate_mask(st } for (i = 0; i < IEEE80211_NUM_BANDS; i++) { @@ -1097,7 +1381,51 @@ u32 ieee80211_mandatory_rates(struct ieee80211_local *local, --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -450,7 +450,6 @@ int ieee80211_do_open(struct wireless_de +@@ -159,7 +159,8 @@ static int ieee80211_change_mtu(struct n + return 0; + } + +-static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr) ++static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr, ++ bool check_dup) + { + struct ieee80211_sub_if_data *sdata; + u64 new, mask, tmp; +@@ -179,10 +180,13 @@ static int ieee80211_verify_mac(struct i + ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) | + ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8); + ++ if (!check_dup) ++ return ret; + + mutex_lock(&local->iflist_mtx); + list_for_each_entry(sdata, &local->interfaces, list) { +- if (sdata->vif.type == NL80211_IFTYPE_MONITOR) ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) + continue; + + m = sdata->vif.addr; +@@ -204,12 +208,17 @@ static int ieee80211_change_mac(struct n + { + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); + struct sockaddr *sa = addr; ++ bool check_dup = true; + int ret; + + if (ieee80211_sdata_running(sdata)) + return -EBUSY; + +- ret = ieee80211_verify_mac(sdata->local, sa->sa_data); ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ check_dup = false; ++ ++ ret = ieee80211_verify_mac(sdata->local, sa->sa_data, check_dup); + if (ret) + return ret; + +@@ -450,7 +459,6 @@ int ieee80211_do_open(struct wireless_de struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); struct net_device *dev = wdev->netdev; struct ieee80211_local *local = sdata->local; @@ -1105,7 +1433,30 @@ u32 changed = 0; int res; u32 hw_reconf_flags = 0; -@@ -609,30 +608,8 @@ int ieee80211_do_open(struct wireless_de +@@ -474,6 +482,9 @@ int ieee80211_do_open(struct wireless_de + master->control_port_protocol; + sdata->control_port_no_encrypt = + master->control_port_no_encrypt; ++ sdata->vif.cab_queue = master->vif.cab_queue; ++ memcpy(sdata->vif.hw_queue, master->vif.hw_queue, ++ sizeof(sdata->vif.hw_queue)); + break; + } + case NL80211_IFTYPE_AP: +@@ -538,7 +549,11 @@ int ieee80211_do_open(struct wireless_de + break; + } + +- if (local->monitors == 0 && local->open_count == 0) { ++ if (sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE) { ++ res = drv_add_interface(local, sdata); ++ if (res) ++ goto err_stop; ++ } else if (local->monitors == 0 && local->open_count == 0) { + res = ieee80211_add_virtual_monitor(local); + if (res) + goto err_stop; +@@ -609,30 +624,8 @@ int ieee80211_do_open(struct wireless_de set_bit(SDATA_STATE_RUNNING, &sdata->state); @@ -1137,7 +1488,42 @@ /* * set_multicast_list will be invoked by the networking core -@@ -1092,6 +1069,74 @@ static void ieee80211_if_setup(struct ne +@@ -653,7 +646,11 @@ int ieee80211_do_open(struct wireless_de + + ieee80211_recalc_ps(local, -1); + +- if (dev) { ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR || ++ sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { ++ /* XXX: for AP_VLAN, actually track AP queues */ ++ netif_tx_start_all_queues(dev); ++ } else if (dev) { + unsigned long flags; + int n_acs = IEEE80211_NUM_ACS; + int ac; +@@ -916,7 +913,11 @@ static void ieee80211_do_stop(struct iee + mutex_lock(&local->mtx); + ieee80211_recalc_idle(local); + mutex_unlock(&local->mtx); +- break; ++ ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ break; ++ ++ /* fall through */ + default: + if (going_down) + drv_remove_interface(local, sdata); +@@ -1075,7 +1076,7 @@ static const struct net_device_ops ieee8 + .ndo_start_xmit = ieee80211_monitor_start_xmit, + .ndo_set_rx_mode = ieee80211_set_multicast_list, + .ndo_change_mtu = ieee80211_change_mtu, +- .ndo_set_mac_address = eth_mac_addr, ++ .ndo_set_mac_address = ieee80211_change_mac, + .ndo_select_queue = ieee80211_monitor_select_queue, + }; + +@@ -1092,6 +1093,74 @@ static void ieee80211_if_setup(struct ne dev->destructor = free_netdev; } @@ -1212,7 +1598,7 @@ static void ieee80211_iface_work(struct work_struct *work) { struct ieee80211_sub_if_data *sdata = -@@ -1196,6 +1241,9 @@ static void ieee80211_iface_work(struct +@@ -1196,6 +1265,9 @@ static void ieee80211_iface_work(struct break; ieee80211_mesh_rx_queued_mgmt(sdata, skb); break; @@ -1222,6 +1608,22 @@ default: WARN(1, "frame for unexpected interface type"); break; +@@ -1718,6 +1790,15 @@ void ieee80211_remove_interfaces(struct + + ASSERT_RTNL(); + ++ /* ++ * Close all AP_VLAN interfaces first, as otherwise they ++ * might be closed while the AP interface they belong to ++ * is closed, causing unregister_netdevice_many() to crash. ++ */ ++ list_for_each_entry(sdata, &local->interfaces, list) ++ if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) ++ dev_close(sdata->dev); ++ + mutex_lock(&local->iflist_mtx); + list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { + list_del(&sdata->list); --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -674,6 +674,7 @@ int ieee80211_register_hw(struct ieee802 @@ -1415,7 +1817,7 @@ if (!local->ops->channel_switch) { /* call "hw_config" only if doing sw channel switch */ -@@ -1054,56 +1013,193 @@ static void ieee80211_chswitch_timer(uns +@@ -1054,56 +1013,208 @@ static void ieee80211_chswitch_timer(uns ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); } @@ -1424,7 +1826,8 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, - const struct ieee80211_channel_sw_ie *sw_elem, - struct ieee80211_bss *bss, u64 timestamp) -+ u64 timestamp, struct ieee802_11_elems *elems) ++ u64 timestamp, struct ieee802_11_elems *elems, ++ bool beacon) { - struct cfg80211_bss *cbss = - container_of((void *)bss, struct cfg80211_bss, priv); @@ -1446,36 +1849,38 @@ + struct cfg80211_chan_def new_vht_chandef = {}; + const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; + const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; ++ const struct ieee80211_ht_operation *ht_oper; + int secondary_channel_offset = -1; ASSERT_MGD_MTX(ifmgd); - if (!ifmgd->associated) + if (!cbss) ++ return; ++ ++ if (local->scanning) return; - if (sdata->local->scanning) -+ if (local->scanning) ++ /* disregard subsequent announcements if we are already processing */ ++ if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) return; - /* Disregard subsequent beacons if we are already running a timer - processing a CSA */ -- -+ /* disregard subsequent announcements if we are already processing */ - if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) - return; - -- new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); -- if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { + sec_chan_offs = elems->sec_chan_offs; + wide_bw_chansw_ie = elems->wide_bw_chansw_ie; ++ ht_oper = elems->ht_operation; + + if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | + IEEE80211_STA_DISABLE_40MHZ)) { + sec_chan_offs = NULL; + wide_bw_chansw_ie = NULL; ++ /* only used for bandwidth here */ ++ ht_oper = NULL; + } -+ + +- if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) + if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) + wide_bw_chansw_ie = NULL; + @@ -1499,11 +1904,13 @@ + mode = elems->ch_switch_ie->mode; + } else { + /* nothing here we understand */ -+ return; + return; + } + + bss = (void *)cbss->priv; -+ + +- new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); +- if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { + new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); + new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); + if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { @@ -1516,10 +1923,20 @@ + return; + } + -+ if (sec_chan_offs) { ++ if (!beacon && sec_chan_offs) { + secondary_channel_offset = sec_chan_offs->sec_chan_offs; ++ } else if (beacon && ht_oper) { ++ secondary_channel_offset = ++ ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; + } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { -+ /* if HT is enabled and the IE not present, it's still HT */ ++ /* ++ * If it's not a beacon, HT is enabled and the IE not present, ++ * it's 20 MHz, 802.11-2012 8.5.2.6: ++ * This element [the Secondary Channel Offset Element] is ++ * present when switching to a 40 MHz channel. It may be ++ * present when switching to a 20 MHz channel (in which ++ * case the secondary channel offset is set to SCN). ++ */ + secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; + } + @@ -1629,7 +2046,7 @@ return; } chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), -@@ -1111,40 +1207,39 @@ ieee80211_sta_process_chanswitch(struct +@@ -1111,40 +1222,39 @@ ieee80211_sta_process_chanswitch(struct if (chanctx->refcount > 1) { sdata_info(sdata, "channel switch with multiple interfaces on the same channel, disconnecting\n"); @@ -1684,7 +2101,7 @@ } static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, -@@ -2120,7 +2215,6 @@ void ieee80211_beacon_loss(struct ieee80 +@@ -2120,7 +2230,6 @@ void ieee80211_beacon_loss(struct ieee80 trace_api_beacon_loss(sdata); @@ -1692,7 +2109,7 @@ sdata->u.mgd.connection_loss = false; ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); } -@@ -2170,7 +2264,7 @@ static void ieee80211_auth_challenge(str +@@ -2170,7 +2279,7 @@ static void ieee80211_auth_challenge(str u32 tx_flags = 0; pos = mgmt->u.auth.variable; @@ -1701,7 +2118,7 @@ if (!elems.challenge) return; auth_data->expected_transaction = 4; -@@ -2435,7 +2529,7 @@ static bool ieee80211_assoc_success(stru +@@ -2435,7 +2544,7 @@ static bool ieee80211_assoc_success(stru } pos = mgmt->u.assoc_resp.variable; @@ -1710,7 +2127,7 @@ if (!elems.supp_rates) { sdata_info(sdata, "no SuppRates element in AssocResp\n"); -@@ -2604,7 +2698,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee +@@ -2604,7 +2713,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); pos = mgmt->u.assoc_resp.variable; @@ -1719,7 +2136,7 @@ if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && elems.timeout_int && -@@ -2659,6 +2753,8 @@ static void ieee80211_rx_bss_info(struct +@@ -2659,6 +2768,8 @@ static void ieee80211_rx_bss_info(struct struct ieee80211_channel *channel; bool need_ps = false; @@ -1728,7 +2145,7 @@ if ((sdata->u.mgd.associated && ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || (sdata->u.mgd.assoc_data && -@@ -2689,7 +2785,8 @@ static void ieee80211_rx_bss_info(struct +@@ -2689,7 +2800,8 @@ static void ieee80211_rx_bss_info(struct if (bss) ieee80211_rx_bss_put(local, bss); @@ -1738,7 +2155,7 @@ return; if (need_ps) { -@@ -2698,10 +2795,8 @@ static void ieee80211_rx_bss_info(struct +@@ -2698,10 +2810,9 @@ static void ieee80211_rx_bss_info(struct mutex_unlock(&local->iflist_mtx); } @@ -1746,12 +2163,13 @@ - memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) - ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie, - bss, rx_status->mactime); -+ ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, elems); ++ ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, ++ elems, true); + } -@@ -2726,7 +2821,7 @@ static void ieee80211_rx_mgmt_probe_resp +@@ -2726,7 +2837,7 @@ static void ieee80211_rx_mgmt_probe_resp return; ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, @@ -1760,7 +2178,7 @@ ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); -@@ -2809,7 +2904,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 +@@ -2809,7 +2920,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { ieee802_11_parse_elems(mgmt->u.beacon.variable, @@ -1769,7 +2187,7 @@ ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); ifmgd->assoc_data->have_beacon = true; -@@ -2919,7 +3014,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 +@@ -2919,7 +3030,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, @@ -1778,7 +2196,7 @@ care_about_ies, ncrc); if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { -@@ -3066,6 +3161,8 @@ void ieee80211_sta_rx_queued_mgmt(struct +@@ -3066,6 +3177,8 @@ void ieee80211_sta_rx_queued_mgmt(struct enum rx_mgmt_action rma = RX_MGMT_NONE; u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; u16 fc; @@ -1787,7 +2205,7 @@ rx_status = (struct ieee80211_rx_status *) skb->cb; mgmt = (struct ieee80211_mgmt *) skb->data; -@@ -3095,14 +3192,48 @@ void ieee80211_sta_rx_queued_mgmt(struct +@@ -3095,14 +3208,48 @@ void ieee80211_sta_rx_queued_mgmt(struct rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); break; case IEEE80211_STYPE_ACTION: @@ -1814,7 +2232,7 @@ - rx_status->mactime); - break; + rx_status->mactime, -+ &elems); ++ &elems, false); + } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { + ies_len = skb->len - + offsetof(struct ieee80211_mgmt, @@ -1836,12 +2254,45 @@ + + ieee80211_sta_process_chanswitch(sdata, + rx_status->mactime, -+ &elems); ++ &elems, false); } + break; } mutex_unlock(&ifmgd->mtx); +@@ -4197,7 +4344,7 @@ int ieee80211_mgd_deauth(struct ieee8021 + struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; + u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; + bool tx = !req->local_state_change; +- bool sent_frame = false; ++ bool report_frame = false; + + mutex_lock(&ifmgd->mtx); + +@@ -4214,7 +4361,7 @@ int ieee80211_mgd_deauth(struct ieee8021 + ieee80211_destroy_auth_data(sdata, false); + mutex_unlock(&ifmgd->mtx); + +- sent_frame = tx; ++ report_frame = true; + goto out; + } + +@@ -4222,12 +4369,12 @@ int ieee80211_mgd_deauth(struct ieee8021 + ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { + ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, + req->reason_code, tx, frame_buf); +- sent_frame = tx; ++ report_frame = true; + } + mutex_unlock(&ifmgd->mtx); + + out: +- if (sent_frame) ++ if (report_frame) + __cfg80211_send_deauth(sdata->dev, frame_buf, + IEEE80211_DEAUTH_FRAME_LEN); + --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -38,8 +38,8 @@ int __ieee80211_suspend(struct ieee80211 @@ -2143,7 +2594,7 @@ + if (rates[i].idx < 0) + break; + -+ rate_idx_match_mask(&rates[i], sband, mask, chan_width, ++ rate_idx_match_mask(&rates[i], sband, chan_width, mask, + mcs_mask); + } +} @@ -2993,7 +3444,17 @@ break; case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): -@@ -3031,10 +3060,16 @@ static int prepare_for_handlers(struct i +@@ -3023,6 +3052,9 @@ static int prepare_for_handlers(struct i + * and location updates. Note that mac80211 + * itself never looks at these frames. + */ ++ if (!multicast && ++ !ether_addr_equal(sdata->vif.addr, hdr->addr1)) ++ return 0; + if (ieee80211_is_public_action(hdr, skb->len)) + return 1; + if (!ieee80211_is_beacon(hdr->frame_control)) +@@ -3031,10 +3063,16 @@ static int prepare_for_handlers(struct i } break; case NL80211_IFTYPE_WDS: @@ -3311,7 +3772,27 @@ spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); return ret; } -@@ -660,7 +661,7 @@ void ieee80211_queue_delayed_work(struct +@@ -559,6 +560,9 @@ void ieee80211_iterate_active_interfaces + list_for_each_entry(sdata, &local->interfaces, list) { + switch (sdata->vif.type) { + case NL80211_IFTYPE_MONITOR: ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ continue; ++ break; + case NL80211_IFTYPE_AP_VLAN: + continue; + default: +@@ -597,6 +601,9 @@ void ieee80211_iterate_active_interfaces + list_for_each_entry_rcu(sdata, &local->interfaces, list) { + switch (sdata->vif.type) { + case NL80211_IFTYPE_MONITOR: ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ continue; ++ break; + case NL80211_IFTYPE_AP_VLAN: + continue; + default: +@@ -660,7 +667,7 @@ void ieee80211_queue_delayed_work(struct } EXPORT_SYMBOL(ieee80211_queue_delayed_work); @@ -3320,7 +3801,7 @@ struct ieee802_11_elems *elems, u64 filter, u32 crc) { -@@ -668,6 +669,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start +@@ -668,6 +675,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start u8 *pos = start; bool calc_crc = filter != 0; DECLARE_BITMAP(seen_elems, 256); @@ -3328,7 +3809,7 @@ bitmap_zero(seen_elems, 256); memset(elems, 0, sizeof(*elems)); -@@ -715,6 +717,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start +@@ -715,6 +723,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start case WLAN_EID_COUNTRY: case WLAN_EID_PWR_CONSTRAINT: case WLAN_EID_TIMEOUT_INTERVAL: @@ -3341,7 +3822,7 @@ if (test_bit(id, seen_elems)) { elems->parse_error = true; left -= elen; -@@ -862,6 +870,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start +@@ -862,6 +876,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start } elems->ch_switch_ie = (void *)pos; break; @@ -3452,6 +3933,31 @@ /* keep last */ __NL80211_STA_INFO_AFTER_LAST, +@@ -2395,6 +2401,8 @@ enum nl80211_survey_info { + * @NL80211_MNTR_FLAG_OTHER_BSS: disable BSSID filtering + * @NL80211_MNTR_FLAG_COOK_FRAMES: report frames after processing. + * overrides all other flags. ++ * @NL80211_MNTR_FLAG_ACTIVE: use the configured MAC address ++ * and ACK incoming unicast packets. + * + * @__NL80211_MNTR_FLAG_AFTER_LAST: internal use + * @NL80211_MNTR_FLAG_MAX: highest possible monitor flag +@@ -2406,6 +2414,7 @@ enum nl80211_mntr_flags { + NL80211_MNTR_FLAG_CONTROL, + NL80211_MNTR_FLAG_OTHER_BSS, + NL80211_MNTR_FLAG_COOK_FRAMES, ++ NL80211_MNTR_FLAG_ACTIVE, + + /* keep last */ + __NL80211_MNTR_FLAG_AFTER_LAST, +@@ -3557,6 +3566,7 @@ enum nl80211_feature_flags { + NL80211_FEATURE_ADVERTISE_CHAN_LIMITS = 1 << 14, + NL80211_FEATURE_FULL_AP_CLIENT_STATE = 1 << 15, + NL80211_FEATURE_USERSPACE_MPM = 1 << 16, ++ NL80211_FEATURE_ACTIVE_MONITOR = 1 << 17, + }; + + /** --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -358,6 +358,8 @@ struct sta_info *sta_info_alloc(struct i @@ -3463,9 +3969,58 @@ if (sta_prepare_rate_control(local, sta, gfp)) { kfree(sta); +@@ -1130,6 +1132,7 @@ static void ieee80211_send_null_response + * ends the poll/service period. + */ + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER | ++ IEEE80211_TX_CTL_PS_RESPONSE | + IEEE80211_TX_STATUS_EOSP | + IEEE80211_TX_CTL_REQ_TX_STATUS; + +@@ -1267,7 +1270,8 @@ ieee80211_sta_ps_deliver_response(struct + * STA may still remain is PS mode after this frame + * exchange. + */ +- info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; ++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER | ++ IEEE80211_TX_CTL_PS_RESPONSE; + + /* + * Use MoreData flag to indicate whether there are --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c -@@ -3367,6 +3367,32 @@ static bool nl80211_put_sta_rate(struct +@@ -2270,6 +2270,7 @@ static const struct nla_policy mntr_flag + [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, + [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, + [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, ++ [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, + }; + + static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) +@@ -2381,6 +2382,10 @@ static int nl80211_set_interface(struct + change = true; + } + ++ if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) && ++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) ++ return -EOPNOTSUPP; ++ + if (change) + err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); + else +@@ -2438,6 +2443,11 @@ static int nl80211_new_interface(struct + err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? + info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, + &flags); ++ ++ if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) && ++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) ++ return -EOPNOTSUPP; ++ + wdev = rdev_add_virtual_intf(rdev, + nla_data(info->attrs[NL80211_ATTR_IFNAME]), + type, err ? NULL : &flags, ¶ms); +@@ -3367,6 +3377,32 @@ static bool nl80211_put_sta_rate(struct return true; } @@ -3498,7 +4053,16 @@ static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, int flags, struct cfg80211_registered_device *rdev, -@@ -3438,6 +3464,18 @@ static int nl80211_send_station(struct s +@@ -3402,7 +3438,7 @@ static int nl80211_send_station(struct s + (u32)sinfo->rx_bytes)) + goto nla_put_failure; + if ((sinfo->filled & (STATION_INFO_TX_BYTES | +- NL80211_STA_INFO_TX_BYTES64)) && ++ STATION_INFO_TX_BYTES64)) && + nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, + (u32)sinfo->tx_bytes)) + goto nla_put_failure; +@@ -3438,6 +3474,18 @@ static int nl80211_send_station(struct s default: break; } @@ -3519,7 +4083,16 @@ NL80211_STA_INFO_TX_BITRATE)) --- a/drivers/net/wireless/ath/ath9k/init.c +++ b/drivers/net/wireless/ath/ath9k/init.c -@@ -768,7 +768,8 @@ void ath9k_set_hw_capab(struct ath_softc +@@ -433,6 +433,8 @@ static int ath9k_init_queues(struct ath_ + sc->config.cabqReadytime = ATH_CABQ_READY_TIME; + ath_cabq_update(sc); + ++ sc->tx.uapsdq = ath_txq_setup(sc, ATH9K_TX_QUEUE_UAPSD, 0); ++ + for (i = 0; i < IEEE80211_NUM_ACS; i++) { + sc->tx.txq_map[i] = ath_txq_setup(sc, ATH9K_TX_QUEUE_DATA, i); + sc->tx.txq_map[i]->mac80211_qnum = i; +@@ -768,7 +770,8 @@ void ath9k_set_hw_capab(struct ath_softc IEEE80211_HW_SUPPORTS_PS | IEEE80211_HW_PS_NULLFUNC_STACK | IEEE80211_HW_SPECTRUM_MGMT | @@ -3529,9 +4102,43 @@ if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION; +@@ -776,6 +779,8 @@ void ath9k_set_hw_capab(struct ath_softc + if (AR_SREV_9160_10_OR_LATER(sc->sc_ah) || ath9k_modparam_nohwcrypt) + hw->flags |= IEEE80211_HW_MFP_CAPABLE; + ++ hw->wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR; ++ + hw->wiphy->interface_modes = + BIT(NL80211_IFTYPE_P2P_GO) | + BIT(NL80211_IFTYPE_P2P_CLIENT) | --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c -@@ -157,6 +157,13 @@ static void ath_send_bar(struct ath_atx_ +@@ -125,24 +125,6 @@ static void ath_tx_queue_tid(struct ath_ + list_add_tail(&ac->list, &txq->axq_acq); + } + +-static void ath_tx_resume_tid(struct ath_softc *sc, struct ath_atx_tid *tid) +-{ +- struct ath_txq *txq = tid->ac->txq; +- +- WARN_ON(!tid->paused); +- +- ath_txq_lock(sc, txq); +- tid->paused = false; +- +- if (skb_queue_empty(&tid->buf_q)) +- goto unlock; +- +- ath_tx_queue_tid(txq, tid); +- ath_txq_schedule(sc, txq); +-unlock: +- ath_txq_unlock_complete(sc, txq); +-} +- + static struct ath_frame_info *get_frame_info(struct sk_buff *skb) + { + struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); +@@ -157,6 +139,13 @@ static void ath_send_bar(struct ath_atx_ seqno << IEEE80211_SEQ_SEQ_SHIFT); } @@ -3545,7 +4152,7 @@ static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid) { struct ath_txq *txq = tid->ac->txq; -@@ -189,6 +196,7 @@ static void ath_tx_flush_tid(struct ath_ +@@ -189,15 +178,11 @@ static void ath_tx_flush_tid(struct ath_ ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); sendbar = true; } else { @@ -3553,7 +4160,27 @@ ath_tx_send_normal(sc, txq, NULL, skb); } } -@@ -407,7 +415,7 @@ static void ath_tx_complete_aggr(struct + +- if (tid->baw_head == tid->baw_tail) { +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_CLEANUP; +- } +- + if (sendbar) { + ath_txq_unlock(sc, txq); + ath_send_bar(tid, tid->seq_start); +@@ -269,9 +254,7 @@ static void ath_tid_drain(struct ath_sof + + list_add_tail(&bf->list, &bf_head); + +- if (fi->retries) +- ath_tx_update_baw(sc, tid, bf->bf_state.seqno); +- ++ ath_tx_update_baw(sc, tid, bf->bf_state.seqno); + ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); + } + +@@ -407,7 +390,7 @@ static void ath_tx_complete_aggr(struct tx_info = IEEE80211_SKB_CB(skb); @@ -3562,7 +4189,95 @@ retries = ts->ts_longretry + 1; for (i = 0; i < ts->ts_rateindex; i++) -@@ -736,8 +744,6 @@ static int ath_compute_num_delims(struct +@@ -483,19 +466,19 @@ static void ath_tx_complete_aggr(struct + tx_info = IEEE80211_SKB_CB(skb); + fi = get_frame_info(skb); + +- if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) { ++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) { ++ /* ++ * Outside of the current BlockAck window, ++ * maybe part of a previous session ++ */ ++ txfail = 1; ++ } else if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) { + /* transmit completion, subframe is + * acked by block ack */ + acked_cnt++; + } else if (!isaggr && txok) { + /* transmit completion */ + acked_cnt++; +- } else if (tid->state & AGGR_CLEANUP) { +- /* +- * cleanup in progress, just fail +- * the un-acked sub-frames +- */ +- txfail = 1; + } else if (flush) { + txpending = 1; + } else if (fi->retries < ATH_MAX_SW_RETRIES) { +@@ -519,7 +502,7 @@ static void ath_tx_complete_aggr(struct + if (bf_next != NULL || !bf_last->bf_stale) + list_move_tail(&bf->list, &bf_head); + +- if (!txpending || (tid->state & AGGR_CLEANUP)) { ++ if (!txpending) { + /* + * complete the acked-ones/xretried ones; update + * block-ack window +@@ -535,6 +518,10 @@ static void ath_tx_complete_aggr(struct + ath_tx_complete_buf(sc, bf, txq, &bf_head, ts, + !txfail); + } else { ++ if (tx_info->flags & IEEE80211_TX_STATUS_EOSP) { ++ tx_info->flags &= ~IEEE80211_TX_STATUS_EOSP; ++ ieee80211_sta_eosp(sta); ++ } + /* retry the un-acked ones */ + if (bf->bf_next == NULL && bf_last->bf_stale) { + struct ath_buf *tbf; +@@ -593,9 +580,6 @@ static void ath_tx_complete_aggr(struct + ath_txq_lock(sc, txq); + } + +- if (tid->state & AGGR_CLEANUP) +- ath_tx_flush_tid(sc, tid); +- + rcu_read_unlock(); + + if (needreset) +@@ -612,6 +596,7 @@ static void ath_tx_process_buffer(struct + struct ath_tx_status *ts, struct ath_buf *bf, + struct list_head *bf_head) + { ++ struct ieee80211_tx_info *info; + bool txok, flush; + + txok = !(ts->ts_status & ATH9K_TXERR_MASK); +@@ -623,8 +608,12 @@ static void ath_tx_process_buffer(struct + txq->axq_ampdu_depth--; + + if (!bf_isampdu(bf)) { +- if (!flush) ++ if (!flush) { ++ info = IEEE80211_SKB_CB(bf->bf_mpdu); ++ memcpy(info->control.rates, bf->rates, ++ sizeof(info->control.rates)); + ath_tx_rc_status(sc, bf, ts, 1, txok ? 0 : 1, txok); ++ } + ath_tx_complete_buf(sc, bf, txq, bf_head, ts, txok); + } else + ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok); +@@ -668,7 +657,7 @@ static u32 ath_lookup_rate(struct ath_so + + skb = bf->bf_mpdu; + tx_info = IEEE80211_SKB_CB(skb); +- rates = tx_info->control.rates; ++ rates = bf->rates; + + /* + * Find the lowest frame length among the rate series that will have a +@@ -736,8 +725,6 @@ static int ath_compute_num_delims(struct bool first_subfrm) { #define FIRST_DESC_NDELIMS 60 @@ -3571,7 +4286,7 @@ u32 nsymbits, nsymbols; u16 minlen; u8 flags, rix; -@@ -778,8 +784,8 @@ static int ath_compute_num_delims(struct +@@ -778,8 +765,8 @@ static int ath_compute_num_delims(struct if (tid->an->mpdudensity == 0) return ndelim; @@ -3582,7 +4297,91 @@ width = (flags & IEEE80211_TX_RC_40_MHZ_WIDTH) ? 1 : 0; half_gi = (flags & IEEE80211_TX_RC_SHORT_GI) ? 1 : 0; -@@ -858,6 +864,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_ +@@ -803,25 +790,20 @@ static int ath_compute_num_delims(struct + return ndelim; + } + +-static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, +- struct ath_txq *txq, +- struct ath_atx_tid *tid, +- struct list_head *bf_q, +- int *aggr_len) ++static struct ath_buf * ++ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq, ++ struct ath_atx_tid *tid) + { +-#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4) +- struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL; +- int rl = 0, nframes = 0, ndelim, prev_al = 0; +- u16 aggr_limit = 0, al = 0, bpad = 0, +- al_delta, h_baw = tid->baw_size / 2; +- enum ATH_AGGR_STATUS status = ATH_AGGR_DONE; +- struct ieee80211_tx_info *tx_info; + struct ath_frame_info *fi; + struct sk_buff *skb; ++ struct ath_buf *bf; + u16 seqno; + +- do { ++ while (1) { + skb = skb_peek(&tid->buf_q); ++ if (!skb) ++ break; ++ + fi = get_frame_info(skb); + bf = fi->bf; + if (!fi->bf) +@@ -837,10 +819,8 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + seqno = bf->bf_state.seqno; + + /* do not step over block-ack window */ +- if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) { +- status = ATH_AGGR_BAW_CLOSED; ++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) + break; +- } + + if (tid->bar_index > ATH_BA_INDEX(tid->seq_start, seqno)) { + struct ath_tx_status ts = {}; +@@ -854,10 +834,45 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + continue; + } + ++ bf->bf_next = NULL; ++ bf->bf_lastbf = bf; ++ return bf; ++ } ++ ++ return NULL; ++} ++ ++static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, ++ struct ath_txq *txq, ++ struct ath_atx_tid *tid, ++ struct list_head *bf_q, ++ int *aggr_len) ++{ ++#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4) ++ struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL; ++ int rl = 0, nframes = 0, ndelim, prev_al = 0; ++ u16 aggr_limit = 0, al = 0, bpad = 0, ++ al_delta, h_baw = tid->baw_size / 2; ++ enum ATH_AGGR_STATUS status = ATH_AGGR_DONE; ++ struct ieee80211_tx_info *tx_info; ++ struct ath_frame_info *fi; ++ struct sk_buff *skb; ++ ++ do { ++ bf = ath_tx_get_tid_subframe(sc, txq, tid); ++ if (!bf) { ++ status = ATH_AGGR_BAW_CLOSED; ++ break; ++ } ++ ++ skb = bf->bf_mpdu; ++ fi = get_frame_info(skb); ++ + if (!bf_first) bf_first = bf; if (!rl) { @@ -3590,7 +4389,16 @@ aggr_limit = ath_lookup_rate(sc, bf, tid); rl = 1; } -@@ -998,14 +1005,14 @@ static void ath_buf_set_rate(struct ath_ +@@ -898,7 +913,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + + /* link buffers of this frame to the aggregate */ + if (!fi->retries) +- ath_tx_addto_baw(sc, tid, seqno); ++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); + bf->bf_state.ndelim = ndelim; + + __skb_unlink(skb, &tid->buf_q); +@@ -998,14 +1013,14 @@ static void ath_buf_set_rate(struct ath_ skb = bf->bf_mpdu; tx_info = IEEE80211_SKB_CB(skb); @@ -3607,7 +4415,279 @@ bool is_40, is_sgi, is_sp; int phy; -@@ -1743,6 +1750,7 @@ static void ath_tx_send_ampdu(struct ath +@@ -1106,10 +1121,8 @@ static void ath_tx_fill_desc(struct ath_ + struct ath_txq *txq, int len) + { + struct ath_hw *ah = sc->sc_ah; +- struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); +- struct ath_buf *bf_first = bf; ++ struct ath_buf *bf_first = NULL; + struct ath_tx_info info; +- bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR); + + memset(&info, 0, sizeof(info)); + info.is_first = true; +@@ -1117,24 +1130,14 @@ static void ath_tx_fill_desc(struct ath_ + info.txpower = MAX_RATE_POWER; + info.qcu = txq->axq_qnum; + +- info.flags = ATH9K_TXDESC_INTREQ; +- if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK) +- info.flags |= ATH9K_TXDESC_NOACK; +- if (tx_info->flags & IEEE80211_TX_CTL_LDPC) +- info.flags |= ATH9K_TXDESC_LDPC; +- +- ath_buf_set_rate(sc, bf, &info, len); +- +- if (tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) +- info.flags |= ATH9K_TXDESC_CLRDMASK; +- + if (bf->bf_state.bfs_paprd) + info.flags |= (u32) bf->bf_state.bfs_paprd << ATH9K_TXDESC_PAPRD_S; + +- + while (bf) { + struct sk_buff *skb = bf->bf_mpdu; ++ struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); + struct ath_frame_info *fi = get_frame_info(skb); ++ bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR); + + info.type = get_hw_packet_type(skb); + if (bf->bf_next) +@@ -1142,6 +1145,25 @@ static void ath_tx_fill_desc(struct ath_ + else + info.link = 0; + ++ if (!bf_first) { ++ bf_first = bf; ++ ++ info.flags = ATH9K_TXDESC_INTREQ; ++ if ((tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) || ++ txq == sc->tx.uapsdq) ++ info.flags |= ATH9K_TXDESC_CLRDMASK; ++ ++ if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK) ++ info.flags |= ATH9K_TXDESC_NOACK; ++ if (tx_info->flags & IEEE80211_TX_CTL_LDPC) ++ info.flags |= ATH9K_TXDESC_LDPC; ++ ++ ath_buf_set_rate(sc, bf, &info, len); ++ ++ if (txq == sc->beacon.cabq) ++ sc->beacon.cabq_dur += info.rates[0].PktDuration; ++ } ++ + info.buf_addr[0] = bf->bf_buf_addr; + info.buf_len[0] = skb->len; + info.pkt_len = fi->framelen; +@@ -1151,7 +1173,7 @@ static void ath_tx_fill_desc(struct ath_ + if (aggr) { + if (bf == bf_first) + info.aggr = AGGR_BUF_FIRST; +- else if (!bf->bf_next) ++ else if (bf == bf_first->bf_lastbf) + info.aggr = AGGR_BUF_LAST; + else + info.aggr = AGGR_BUF_MIDDLE; +@@ -1160,6 +1182,9 @@ static void ath_tx_fill_desc(struct ath_ + info.aggr_len = len; + } + ++ if (bf == bf_first->bf_lastbf) ++ bf_first = NULL; ++ + ath9k_hw_set_txdesc(ah, bf->bf_desc, &info); + bf = bf->bf_next; + } +@@ -1224,9 +1249,6 @@ int ath_tx_aggr_start(struct ath_softc * + an = (struct ath_node *)sta->drv_priv; + txtid = ATH_AN_2_TID(an, tid); + +- if (txtid->state & (AGGR_CLEANUP | AGGR_ADDBA_COMPLETE)) +- return -EAGAIN; +- + /* update ampdu factor/density, they may have changed. This may happen + * in HT IBSS when a beacon with HT-info is received after the station + * has already been added. +@@ -1238,7 +1260,7 @@ int ath_tx_aggr_start(struct ath_softc * + an->mpdudensity = density; + } + +- txtid->state |= AGGR_ADDBA_PROGRESS; ++ txtid->active = true; + txtid->paused = true; + *ssn = txtid->seq_start = txtid->seq_next; + txtid->bar_index = -1; +@@ -1255,28 +1277,9 @@ void ath_tx_aggr_stop(struct ath_softc * + struct ath_atx_tid *txtid = ATH_AN_2_TID(an, tid); + struct ath_txq *txq = txtid->ac->txq; + +- if (txtid->state & AGGR_CLEANUP) +- return; +- +- if (!(txtid->state & AGGR_ADDBA_COMPLETE)) { +- txtid->state &= ~AGGR_ADDBA_PROGRESS; +- return; +- } +- + ath_txq_lock(sc, txq); ++ txtid->active = false; + txtid->paused = true; +- +- /* +- * If frames are still being transmitted for this TID, they will be +- * cleaned up during tx completion. To prevent race conditions, this +- * TID can only be reused after all in-progress subframes have been +- * completed. +- */ +- if (txtid->baw_head != txtid->baw_tail) +- txtid->state |= AGGR_CLEANUP; +- else +- txtid->state &= ~AGGR_ADDBA_COMPLETE; +- + ath_tx_flush_tid(sc, txtid); + ath_txq_unlock_complete(sc, txq); + } +@@ -1342,18 +1345,92 @@ void ath_tx_aggr_wakeup(struct ath_softc + } + } + +-void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid) ++void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, ++ u16 tidno) + { +- struct ath_atx_tid *txtid; ++ struct ath_atx_tid *tid; + struct ath_node *an; ++ struct ath_txq *txq; + + an = (struct ath_node *)sta->drv_priv; ++ tid = ATH_AN_2_TID(an, tidno); ++ txq = tid->ac->txq; + +- txtid = ATH_AN_2_TID(an, tid); +- txtid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor; +- txtid->state |= AGGR_ADDBA_COMPLETE; +- txtid->state &= ~AGGR_ADDBA_PROGRESS; +- ath_tx_resume_tid(sc, txtid); ++ ath_txq_lock(sc, txq); ++ ++ tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor; ++ tid->paused = false; ++ ++ if (!skb_queue_empty(&tid->buf_q)) { ++ ath_tx_queue_tid(txq, tid); ++ ath_txq_schedule(sc, txq); ++ } ++ ++ ath_txq_unlock_complete(sc, txq); ++} ++ ++void ath9k_release_buffered_frames(struct ieee80211_hw *hw, ++ struct ieee80211_sta *sta, ++ u16 tids, int nframes, ++ enum ieee80211_frame_release_type reason, ++ bool more_data) ++{ ++ struct ath_softc *sc = hw->priv; ++ struct ath_node *an = (struct ath_node *)sta->drv_priv; ++ struct ath_txq *txq = sc->tx.uapsdq; ++ struct ieee80211_tx_info *info; ++ struct list_head bf_q; ++ struct ath_buf *bf_tail = NULL, *bf; ++ int sent = 0; ++ int i; ++ ++ INIT_LIST_HEAD(&bf_q); ++ for (i = 0; tids && nframes; i++, tids >>= 1) { ++ struct ath_atx_tid *tid; ++ ++ if (!(tids & 1)) ++ continue; ++ ++ tid = ATH_AN_2_TID(an, i); ++ if (tid->paused) ++ continue; ++ ++ ath_txq_lock(sc, tid->ac->txq); ++ while (!skb_queue_empty(&tid->buf_q) && nframes > 0) { ++ bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid); ++ if (!bf) ++ break; ++ ++ __skb_unlink(bf->bf_mpdu, &tid->buf_q); ++ list_add_tail(&bf->list, &bf_q); ++ ath_set_rates(tid->an->vif, tid->an->sta, bf); ++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); ++ bf->bf_state.bf_type &= ~BUF_AGGR; ++ if (bf_tail) ++ bf_tail->bf_next = bf; ++ ++ bf_tail = bf; ++ nframes--; ++ sent++; ++ TX_STAT_INC(txq->axq_qnum, a_queued_hw); ++ ++ if (skb_queue_empty(&tid->buf_q)) ++ ieee80211_sta_set_buffered(an->sta, i, false); ++ } ++ ath_txq_unlock_complete(sc, tid->ac->txq); ++ } ++ ++ if (list_empty(&bf_q)) ++ return; ++ ++ info = IEEE80211_SKB_CB(bf_tail->bf_mpdu); ++ info->flags |= IEEE80211_TX_STATUS_EOSP; ++ ++ bf = list_first_entry(&bf_q, struct ath_buf, list); ++ ath_txq_lock(sc, txq); ++ ath_tx_fill_desc(sc, bf, txq, 0); ++ ath_tx_txqaddbuf(sc, txq, &bf_q, false); ++ ath_txq_unlock(sc, txq); + } + + /********************/ +@@ -1709,8 +1786,9 @@ static void ath_tx_txqaddbuf(struct ath_ + } + } + +-static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid, +- struct sk_buff *skb, struct ath_tx_control *txctl) ++static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq, ++ struct ath_atx_tid *tid, struct sk_buff *skb, ++ struct ath_tx_control *txctl) + { + struct ath_frame_info *fi = get_frame_info(skb); + struct list_head bf_head; +@@ -1723,26 +1801,28 @@ static void ath_tx_send_ampdu(struct ath + * - seqno is not within block-ack window + * - h/w queue depth exceeds low water mark + */ +- if (!skb_queue_empty(&tid->buf_q) || tid->paused || +- !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) || +- txctl->txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) { ++ if ((!skb_queue_empty(&tid->buf_q) || tid->paused || ++ !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) || ++ txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) && ++ txq != sc->tx.uapsdq) { + /* + * Add this frame to software queue for scheduling later + * for aggregation. + */ +- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_sw); ++ TX_STAT_INC(txq->axq_qnum, a_queued_sw); + __skb_queue_tail(&tid->buf_q, skb); + if (!txctl->an || !txctl->an->sleeping) +- ath_tx_queue_tid(txctl->txq, tid); ++ ath_tx_queue_tid(txq, tid); + return; + } + +- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb); + if (!bf) { + ieee80211_free_txskb(sc->hw, skb); return; } @@ -3615,7 +4695,21 @@ bf->bf_state.bf_type = BUF_AMPDU; INIT_LIST_HEAD(&bf_head); list_add(&bf->list, &bf_head); -@@ -1892,49 +1900,6 @@ static struct ath_buf *ath_tx_setup_buff +@@ -1751,10 +1831,10 @@ static void ath_tx_send_ampdu(struct ath + ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); + + /* Queue to h/w without aggregation */ +- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_hw); ++ TX_STAT_INC(txq->axq_qnum, a_queued_hw); + bf->bf_lastbf = bf; +- ath_tx_fill_desc(sc, bf, txctl->txq, fi->framelen); +- ath_tx_txqaddbuf(sc, txctl->txq, &bf_head, false); ++ ath_tx_fill_desc(sc, bf, txq, fi->framelen); ++ ath_tx_txqaddbuf(sc, txq, &bf_head, false); + } + + static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq, +@@ -1892,49 +1972,6 @@ static struct ath_buf *ath_tx_setup_buff return bf; } @@ -3665,7 +4759,7 @@ /* Upon failure caller should free skb */ int ath_tx_start(struct ieee80211_hw *hw, struct sk_buff *skb, struct ath_tx_control *txctl) -@@ -1945,8 +1910,11 @@ int ath_tx_start(struct ieee80211_hw *hw +@@ -1945,8 +1982,11 @@ int ath_tx_start(struct ieee80211_hw *hw struct ieee80211_vif *vif = info->control.vif; struct ath_softc *sc = hw->priv; struct ath_txq *txq = txctl->txq; @@ -3677,11 +4771,17 @@ int q; /* NOTE: sta can be NULL according to net/mac80211.h */ -@@ -2002,8 +1970,41 @@ int ath_tx_start(struct ieee80211_hw *hw +@@ -2002,8 +2042,47 @@ int ath_tx_start(struct ieee80211_hw *hw txq->stopped = true; } - ath_tx_start_dma(sc, skb, txctl); ++ if (info->flags & IEEE80211_TX_CTL_PS_RESPONSE) { ++ ath_txq_unlock(sc, txq); ++ txq = sc->tx.uapsdq; ++ ath_txq_lock(sc, txq); ++ } + + if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) { + tidno = ieee80211_get_qos_ctl(hdr)[0] & + IEEE80211_QOS_CTL_TID_MASK; @@ -3695,11 +4795,11 @@ + * Try aggregation if it's a unicast data frame + * and the destination is HT capable. + */ -+ ath_tx_send_ampdu(sc, tid, skb, txctl); ++ ath_tx_send_ampdu(sc, txq, tid, skb, txctl); + goto out; + } + -+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb); + if (!bf) { + if (txctl->paprd) + dev_kfree_skb_any(skb); @@ -3714,12 +4814,60 @@ + bf->bf_state.bfs_paprd_timestamp = jiffies; + + ath_set_rates(vif, sta, bf); -+ ath_tx_send_normal(sc, txctl->txq, tid, skb); - ++ ath_tx_send_normal(sc, txq, tid, skb); ++ +out: ath_txq_unlock(sc, txq); return 0; +@@ -2054,7 +2133,12 @@ static void ath_tx_complete(struct ath_s + } + spin_unlock_irqrestore(&sc->sc_pm_lock, flags); + ++ __skb_queue_tail(&txq->complete_q, skb); ++ + q = skb_get_queue_mapping(skb); ++ if (txq == sc->tx.uapsdq) ++ txq = sc->tx.txq_map[q]; ++ + if (txq == sc->tx.txq_map[q]) { + if (WARN_ON(--txq->pending_frames < 0)) + txq->pending_frames = 0; +@@ -2065,8 +2149,6 @@ static void ath_tx_complete(struct ath_s + txq->stopped = false; + } + } +- +- __skb_queue_tail(&txq->complete_q, skb); + } + + static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf, +@@ -2408,12 +2490,10 @@ void ath_tx_node_init(struct ath_softc * + tid->baw_head = tid->baw_tail = 0; + tid->sched = false; + tid->paused = false; +- tid->state &= ~AGGR_CLEANUP; ++ tid->active = false; + __skb_queue_head_init(&tid->buf_q); + acno = TID_TO_WME_AC(tidno); + tid->ac = &an->ac[acno]; +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_ADDBA_PROGRESS; + } + + for (acno = 0, ac = &an->ac[acno]; +@@ -2450,9 +2530,9 @@ void ath_tx_node_cleanup(struct ath_soft + } + + ath_tid_drain(sc, txq, tid); +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_CLEANUP; ++ tid->active = false; + + ath_txq_unlock(sc, txq); + } + } ++ --- a/drivers/net/wireless/ath/ath9k/recv.c +++ b/drivers/net/wireless/ath/ath9k/recv.c @@ -124,7 +124,7 @@ static bool ath_rx_edma_buf_link(struct @@ -3757,3 +4905,162 @@ skb_put(skb, rs.rs_datalen + ah->caps.rx_status_len); if (ah->caps.rx_status_len) skb_pull(skb, ah->caps.rx_status_len); +--- a/net/wireless/core.c ++++ b/net/wireless/core.c +@@ -885,7 +885,6 @@ void cfg80211_leave(struct cfg80211_regi + #endif + __cfg80211_disconnect(rdev, dev, + WLAN_REASON_DEAUTH_LEAVING, true); +- cfg80211_mlme_down(rdev, dev); + wdev_unlock(wdev); + break; + case NL80211_IFTYPE_MESH_POINT: +--- a/net/wireless/sme.c ++++ b/net/wireless/sme.c +@@ -961,7 +961,7 @@ int __cfg80211_disconnect(struct cfg8021 + /* was it connected by userspace SME? */ + if (!wdev->conn) { + cfg80211_mlme_down(rdev, dev); +- return 0; ++ goto disconnect; + } + + if (wdev->sme_state == CFG80211_SME_CONNECTING && +@@ -987,6 +987,7 @@ int __cfg80211_disconnect(struct cfg8021 + return err; + } + ++ disconnect: + if (wdev->sme_state == CFG80211_SME_CONNECTED) + __cfg80211_disconnected(dev, NULL, 0, 0, false); + else if (wdev->sme_state == CFG80211_SME_CONNECTING) +--- a/drivers/net/wireless/ath/ath9k/rc.c ++++ b/drivers/net/wireless/ath/ath9k/rc.c +@@ -1227,10 +1227,7 @@ static bool ath_tx_aggr_check(struct ath + return false; + + txtid = ATH_AN_2_TID(an, tidno); +- +- if (!(txtid->state & (AGGR_ADDBA_COMPLETE | AGGR_ADDBA_PROGRESS))) +- return true; +- return false; ++ return !txtid->active; + } + + +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +@@ -334,7 +334,8 @@ static void ar9003_hw_spur_ofdm(struct a + REG_RMW_FIELD(ah, AR_PHY_SPUR_REG, + AR_PHY_SPUR_REG_EN_VIT_SPUR_RSSI, 1); + +- if (REG_READ_FIELD(ah, AR_PHY_MODE, ++ if (!AR_SREV_9340(ah) && ++ REG_READ_FIELD(ah, AR_PHY_MODE, + AR_PHY_MODE_DYNAMIC) == 0x1) + REG_RMW_FIELD(ah, AR_PHY_SPUR_REG, + AR_PHY_SPUR_REG_ENABLE_NF_RSSI_SPUR_MIT, 1); +--- a/drivers/net/wireless/ath/ath9k/mac.c ++++ b/drivers/net/wireless/ath/ath9k/mac.c +@@ -410,7 +410,7 @@ bool ath9k_hw_resettxqueue(struct ath_hw + + REG_WRITE(ah, AR_QMISC(q), AR_Q_MISC_DCU_EARLY_TERM_REQ); + +- if (AR_SREV_9340(ah)) ++ if (AR_SREV_9340(ah) && !AR_SREV_9340_13_OR_LATER(ah)) + REG_WRITE(ah, AR_DMISC(q), + AR_D_MISC_CW_BKOFF_EN | AR_D_MISC_FRAG_WAIT_EN | 0x1); + else +--- a/net/mac80211/driver-ops.h ++++ b/net/mac80211/driver-ops.h +@@ -146,7 +146,8 @@ static inline int drv_add_interface(stru + + if (WARN_ON(sdata->vif.type == NL80211_IFTYPE_AP_VLAN || + (sdata->vif.type == NL80211_IFTYPE_MONITOR && +- !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)))) ++ !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF) && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)))) + return -EINVAL; + + trace_drv_add_interface(local, sdata); +--- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c +@@ -454,6 +454,8 @@ static bool create_pa_curve(u32 *data_L, + if (accum_cnt <= thresh_accum_cnt) + continue; + ++ max_index++; ++ + /* sum(tx amplitude) */ + accum_tx = ((data_L[i] >> 16) & 0xffff) | + ((data_U[i] & 0x7ff) << 16); +@@ -468,20 +470,21 @@ static bool create_pa_curve(u32 *data_L, + + accum_tx <<= scale_factor; + accum_rx <<= scale_factor; +- x_est[i + 1] = (((accum_tx + accum_cnt) / accum_cnt) + 32) >> +- scale_factor; ++ x_est[max_index] = ++ (((accum_tx + accum_cnt) / accum_cnt) + 32) >> ++ scale_factor; + +- Y[i + 1] = ((((accum_rx + accum_cnt) / accum_cnt) + 32) >> ++ Y[max_index] = ++ ((((accum_rx + accum_cnt) / accum_cnt) + 32) >> + scale_factor) + +- (1 << scale_factor) * max_index + 16; ++ (1 << scale_factor) * i + 16; + + if (accum_ang >= (1 << 26)) + accum_ang -= 1 << 27; + +- theta[i + 1] = ((accum_ang * (1 << scale_factor)) + accum_cnt) / +- accum_cnt; +- +- max_index++; ++ theta[max_index] = ++ ((accum_ang * (1 << scale_factor)) + accum_cnt) / ++ accum_cnt; + } + + /* +--- a/drivers/net/wireless/ath/ath9k/beacon.c ++++ b/drivers/net/wireless/ath/ath9k/beacon.c +@@ -204,9 +204,15 @@ static struct ath_buf *ath9k_beacon_gene + } + + ath9k_beacon_setup(sc, vif, bf, info->control.rates[0].idx); ++ sc->beacon.cabq_dur = 0; + + while (skb) { + ath9k_tx_cabq(hw, skb); ++ ++ if (sc->beacon.cabq_dur / 1000 - 1 > ++ sc->cur_beacon_conf.beacon_interval / ATH_BCBUF) ++ break; ++ + skb = ieee80211_get_buffered_bc(hw, vif); + } + +--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h ++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h +@@ -68,13 +68,16 @@ + #define AR9300_BASE_ADDR 0x3ff + #define AR9300_BASE_ADDR_512 0x1ff + +-#define AR9300_OTP_BASE (AR_SREV_9340(ah) ? 0x30000 : 0x14000) +-#define AR9300_OTP_STATUS (AR_SREV_9340(ah) ? 0x30018 : 0x15f18) ++#define AR9300_OTP_BASE \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30000 : 0x14000) ++#define AR9300_OTP_STATUS \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30018 : 0x15f18) + #define AR9300_OTP_STATUS_TYPE 0x7 + #define AR9300_OTP_STATUS_VALID 0x4 + #define AR9300_OTP_STATUS_ACCESS_BUSY 0x2 + #define AR9300_OTP_STATUS_SM_BUSY 0x1 +-#define AR9300_OTP_READ_DATA (AR_SREV_9340(ah) ? 0x3001c : 0x15f1c) ++#define AR9300_OTP_READ_DATA \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x3001c : 0x15f1c) + + enum targetPowerHTRates { + HT_TARGET_RATE_0_8_16,