1 commit e2f141d67ad1e7fe10aaab61811e8a409dfb2442
2 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
3 Date: Fri Feb 7 10:29:55 2014 +0530
5 ath9k: Calculate IQ-CAL median
7 This patch adds a routine to calculate the median IQ correction
8 values for AR955x, which is used for outlier detection.
9 The normal method which is used for all other chips is
12 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
14 commit c52a6fce0820c8d0687443ab86058ae03b478c8f
15 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
16 Date: Fri Feb 7 10:29:54 2014 +0530
18 ath9k: Expand the IQ coefficient array
20 This will be used for storing data for mutiple
21 IQ calibration runs, for AR955x.
23 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
25 commit 034969ff5c2b6431d10e07c1938f0b916da85cc3
26 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
27 Date: Fri Feb 7 10:29:53 2014 +0530
29 ath9k: Modify IQ calibration for AR955x
31 IQ calibration post-processing for AR955x is different
32 from other chips - instead of just doing it as part
33 of AGC calibration once, it is triggered 3 times and
34 a median is determined. This patch adds initial support
35 for changing the calibration behavior for AR955x.
37 Also, to simplify things, a helper routine to issue/poll
38 AGC calibration is used.
40 For non-AR955x chips, the iqcal_idx (which will be used
41 in subsequent patches) is set to zero.
43 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
45 commit 9b1ed6454e6f3511f24266be99b4e403f243f6a8
46 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
47 Date: Fri Feb 7 10:29:52 2014 +0530
49 ath9k: Fix magnitude/phase calculation
51 Incorrect values are programmed in the registers
52 containing the IQ correction coefficients by the IQ-CAL
53 post-processing code. Fix this.
55 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
57 commit 36f93484f96f79171dcecb67c5ef0c3de22531a6
58 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
59 Date: Fri Feb 7 10:29:51 2014 +0530
61 ath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes
63 Use ar9003_hw_tx_iq_cal_outlier_detection instead.
65 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
67 commit 3af09a7f5d21dd5fd15b973ce6a91a575da30417
68 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
69 Date: Fri Feb 7 10:29:50 2014 +0530
71 ath9k: Check explicitly for IQ calibration
73 In chips like AR955x, the initvals contain the information
74 whether IQ calibration is to be done in the HW when an
75 AGC calibration is triggered. Check if IQ-CAL is enabled
76 in the initvals before flagging 'txiqcal_done' as true.
78 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
80 commit cb4969634b93c4643a32cc3fbd27d2b288b25771
81 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
82 Date: Fri Feb 7 10:29:49 2014 +0530
84 ath9k: Fix IQ cal post processing for SoC
86 Calibration data is not reused for SoC chips, so
87 call ar9003_hw_tx_iq_cal_post_proc() with the correct
88 argument. The 'is_reusable' flag is currently used
89 only for PC-OEM chips, but it makes things clearer to
92 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
94 commit e138e0ef9560c46ce93dbb22a728a57888e94d1c
95 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
96 Date: Mon Feb 3 13:31:37 2014 +0530
98 ath9k: Fix TX power calculation
100 The commit, "ath9k_hw: Fix incorrect Tx control power in AR9003 template"
101 fixed the incorrect values in the eeprom templates, but if
102 boards have already been calibrated with incorrect values,
103 they would still be using the wrong TX power. Fix this by assigning
104 a default value in such cases.
106 Cc: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
107 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
109 commit b9f268b5b01331c3c82179abca551429450e9417
110 Author: Michal Kazior <michal.kazior@tieto.com>
111 Date: Wed Jan 29 14:22:27 2014 +0100
113 cfg80211: consider existing DFS interfaces
115 It was possible to break interface combinations in
118 combo 1: iftype = AP, num_ifaces = 2, num_chans = 2,
119 combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20
121 With the above interface combinations it was
124 step 1. start AP on DFS channel by matching combo 2
125 step 2. start AP on non-DFS channel by matching combo 1
127 This was possible beacuse (step 2) did not consider
128 if other interfaces require radar detection.
130 The patch changes how cfg80211 tracks channels -
131 instead of channel itself now a complete chandef
134 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
135 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
137 commit bc9c62f5f511cc395c62dbf4cdd437f23db53b28
138 Author: Antonio Quartulli <antonio@open-mesh.com>
139 Date: Wed Jan 29 17:53:43 2014 +0100
141 cfg80211: fix channel configuration in IBSS join
143 When receiving an IBSS_JOINED event select the BSS object
144 based on the {bssid, channel} couple rather than the bssid
146 With the current approach if another cell having the same
147 BSSID (but using a different channel) exists then cfg80211
148 picks up the wrong BSS object.
149 The result is a mismatching channel configuration between
150 cfg80211 and the driver, that can lead to any sort of
153 The issue can be triggered by having an IBSS sitting on
154 given channel and then asking the driver to create a new
155 cell using the same BSSID but with a different frequency.
156 By passing the channel to cfg80211_get_bss() we can solve
157 this ambiguity and retrieve/create the correct BSS object.
158 All the users of cfg80211_ibss_joined() have been changed
161 Moreover WARN when cfg80211_ibss_joined() gets a NULL
162 channel as argument and remove a bogus call of the same
163 function in ath6kl (it does not make sense to call
164 cfg80211_ibss_joined() with a zero BSSID on ibss-leave).
166 Cc: Kalle Valo <kvalo@qca.qualcomm.com>
167 Cc: Arend van Spriel <arend@broadcom.com>
168 Cc: Bing Zhao <bzhao@marvell.com>
169 Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
170 Cc: libertas-dev@lists.infradead.org
171 Acked-by: Kalle Valo <kvalo@qca.qualcomm.com>
172 Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
173 [minor code cleanup in ath6kl]
174 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
176 commit 7e0c41cb41f215aba2c39b1c237bb4d42ec49a85
177 Author: Johannes Berg <johannes.berg@intel.com>
178 Date: Fri Jan 24 14:41:44 2014 +0100
180 mac80211: fix bufferable MMPDU RX handling
182 Action, disassoc and deauth frames are bufferable, and as such don't
183 have the PM bit in the frame control field reserved which means we
184 need to react to the bit when receiving in such a frame.
186 Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu()
187 and using it for the RX path that currently ignores the PM bit in
188 any non-data frames for doze->wake transitions, but listens to it in
189 all frames for wake->doze transitions, both of which are wrong.
191 Also use the new helper in the TX path to clean up the code.
193 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
195 commit fc0df6d2343636e3f48a069330d5b972e3d8659d
196 Author: Janusz Dziedzic <janusz.dziedzic@tieto.com>
197 Date: Fri Jan 24 14:29:21 2014 +0100
199 cfg80211: set preset_chandef after channel switch
201 Set preset_chandef in channel switch notification.
202 In other case we will have old preset_chandef.
204 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
205 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
207 commit cdec895e2344987ff171cece96e25d7407a3ebf6
208 Author: Simon Wunderlich <simon@open-mesh.com>
209 Date: Fri Jan 24 23:48:29 2014 +0100
211 mac80211: send ibss probe responses with noack flag
213 Responding to probe requests for scanning clients will often create
214 excessive retries, as it happens quite often that the scanning client
215 already left the channel. Therefore do it like hostapd and send probe
216 responses for wildcard SSID only once by using the noack flag.
218 Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
219 [fix typo & 'wildcard SSID' in commit log]
220 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
222 commit 0b865d1e6b9c05052adae9315df7cb195dc60c3b
223 Author: Luciano Coelho <luciano.coelho@intel.com>
224 Date: Tue Jan 28 17:09:08 2014 +0200
226 mac80211: ibss: remove unnecessary call to release channel
228 The ieee80211_vif_use_channel() function calls
229 ieee80211_vif_release_channel(), so there's no need to call it
230 explicitly in __ieee80211_sta_join_ibss().
232 Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
233 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
235 commit e1b6c17e971f0a51ff86c2dac2584c63cd999cd7
236 Author: Michal Kazior <michal.kazior@tieto.com>
237 Date: Wed Jan 29 07:56:21 2014 +0100
239 mac80211: add missing CSA locking
241 The patch adds a missing sdata lock and adds a few
242 lockdeps for easier maintenance.
244 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
245 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
247 commit ad17ba7d14d225b109b73c177cd446afb8050598
248 Author: Michal Kazior <michal.kazior@tieto.com>
249 Date: Wed Jan 29 07:56:20 2014 +0100
251 mac80211: fix sdata->radar_required locking
253 radar_required setting wasn't protected by
254 local->mtx in some places. This should prevent
255 from scanning/radar detection/roc colliding.
257 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
258 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
260 commit 5fcd5f1808813a3d9e502fd756e01bee8a79c85d
261 Author: Michal Kazior <michal.kazior@tieto.com>
262 Date: Wed Jan 29 07:56:19 2014 +0100
264 mac80211: move csa_active setting in STA CSA
266 The sdata->vif.csa_active could be left set after,
267 e.g. channel context constraints check fail in STA
268 mode leaving the interface in a strange state for
269 a brief period of time until it is disconnected.
270 This was harmless but ugly.
272 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
273 Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
274 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
276 commit e486da4b7eed71821c6b4c1bb9ac62ffd3ab13e9
277 Author: Michal Kazior <michal.kazior@tieto.com>
278 Date: Wed Jan 29 07:56:18 2014 +0100
280 mac80211: fix possible memory leak on AP CSA failure
282 If CSA for AP interface failed and the interface
283 was not stopped afterwards another CSA request
284 would leak sdata->u.ap.next_beacon.
286 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
287 Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
288 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
290 commit 3a77ba08940682bf3d52cf14f980337324af9d4a
291 Author: Johannes Berg <johannes.berg@intel.com>
292 Date: Sat Feb 1 00:33:29 2014 +0100
294 mac80211: fix fragmentation code, particularly for encryption
296 The "new" fragmentation code (since my rewrite almost 5 years ago)
297 erroneously sets skb->len rather than using skb_trim() to adjust
298 the length of the first fragment after copying out all the others.
299 This leaves the skb tail pointer pointing to after where the data
300 originally ended, and thus causes the encryption MIC to be written
301 at that point, rather than where it belongs: immediately after the
304 The impact of this is that if software encryption is done, then
305 a) encryption doesn't work for the first fragment, the connection
306 becomes unusable as the first fragment will never be properly
307 verified at the receiver, the MIC is practically guaranteed to
309 b) we leak up to 8 bytes of plaintext (!) of the packet out into
312 This is only mitigated by the fact that many devices are capable
313 of doing encryption in hardware, in which case this can't happen
314 as the tail pointer is irrelevant in that case. Additionally,
315 fragmentation is not used very frequently and would normally have
316 to be configured manually.
318 Fix this by using skb_trim() properly.
320 Cc: stable@vger.kernel.org
321 Fixes: 2de8e0d999b8 ("mac80211: rewrite fragmentation")
322 Reported-by: Jouni Malinen <j@w1.fi>
323 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
325 commit de5f242e0c10e841017e37eb8c38974a642dbca8
326 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
327 Date: Tue Jan 28 06:21:59 2014 +0530
329 ath9k: Fix build error on ARM
331 Use mdelay instead of udelay to fix this error:
333 ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined!
334 make[1]: *** [__modpost] Error 1
335 make: *** [modules] Error 2
337 Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
338 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
340 commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a
341 Author: Geert Uytterhoeven <geert@linux-m68k.org>
342 Date: Sun Jan 26 11:53:21 2014 +0100
344 ath9k: Fix uninitialized variable in ath9k_has_tx_pending()
346 drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’:
347 drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function
349 Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k:
350 optimize ath9k_flush").
352 Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
354 commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6
355 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
356 Date: Mon Jan 27 11:07:42 2014 +0200
358 mac80211: release the channel in error path in start_ap
360 When the driver cannot start the AP or when the assignement
361 of the beacon goes wrong, we need to unassign the vif.
363 Cc: stable@vger.kernel.org
364 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
365 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
367 commit dfb6889a75c601aedb7450b7e606668e77da6679
368 Author: Johannes Berg <johannes.berg@intel.com>
369 Date: Wed Jan 22 11:14:19 2014 +0200
371 cfg80211: send scan results from work queue
373 Due to the previous commit, when a scan finishes, it is in theory
374 possible to hit the following sequence:
375 1. interface starts being removed
376 2. scan is cancelled by driver and cfg80211 is notified
377 3. scan done work is scheduled
378 4. interface is removed completely, rdev->scan_req is freed,
379 event sent to userspace but scan done work remains pending
380 5. new scan is requested on another virtual interface
381 6. scan done work runs, freeing the still-running scan
383 To fix this situation, hang on to the scan done message and block
384 new scans while that is the case, and only send the message from
385 the work function, regardless of whether the scan_req is already
386 freed from interface removal. This makes step 5 above impossible
387 and changes step 6 to be
388 5. scan done work runs, sending the scan done message
390 As this can't work for wext, so we send the message immediately,
391 but this shouldn't be an issue since we still return -EBUSY.
393 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
395 commit 45b7ab41fc08627d9a8428cb413d5d84662a9707
396 Author: Johannes Berg <johannes.berg@intel.com>
397 Date: Wed Jan 22 11:14:18 2014 +0200
399 cfg80211: fix scan done race
401 When an interface/wdev is removed, any ongoing scan should be
402 cancelled by the driver. This will make it call cfg80211, which
403 only queues a work struct. If interface/wdev removal is quick
404 enough, this can leave the scan request pending and processed
405 only after the interface is gone, causing a use-after-free.
407 Fix this by making sure the scan request is not pending after
408 the interface is destroyed. We can't flush or cancel the work
409 item due to locking concerns, but when it'll run it shouldn't
410 find anything to do. This leaves a potential issue, if a new
411 scan gets requested before the work runs, it prematurely stops
412 the running scan, potentially causing another crash. I'll fix
413 that in the next patch.
415 This was particularly observed with P2P_DEVICE wdevs, likely
416 because freeing them is quicker than freeing netdevs.
418 Reported-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
419 Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans")
420 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
422 commit ae04fa489ab31b5a10d3cc8399f52761175d4321
423 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
424 Date: Thu Jan 23 14:28:16 2014 +0200
426 mac80211: avoid deadlock revealed by lockdep
428 sdata->u.ap.request_smps_work can’t be flushed synchronously
429 under wdev_lock(wdev) since ieee80211_request_smps_ap_work
430 itself locks the same lock.
431 While at it, reset the driver_smps_mode when the ap is
432 stopped to its default: OFF.
436 ======================================================
437 [ INFO: possible circular locking dependency detected ]
438 3.12.0-ipeer+ #2 Tainted: G O
439 -------------------------------------------------------
440 rmmod/2867 is trying to acquire lock:
441 ((&sdata->u.ap.request_smps_work)){+.+...}, at: [<c105b8d0>] flush_work+0x0/0x90
443 but task is already holding lock:
444 (&wdev->mtx){+.+.+.}, at: [<f9b32626>] cfg80211_stop_ap+0x26/0x230 [cfg80211]
446 which lock already depends on the new lock.
448 the existing dependency chain (in reverse order) is:
450 -> #1 (&wdev->mtx){+.+.+.}:
451 [<c10aefa9>] lock_acquire+0x79/0xe0
452 [<c1607a1a>] mutex_lock_nested+0x4a/0x360
453 [<fb06288b>] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211]
454 [<c105cdd8>] process_one_work+0x198/0x450
455 [<c105d469>] worker_thread+0xf9/0x320
456 [<c10669ff>] kthread+0x9f/0xb0
457 [<c1613397>] ret_from_kernel_thread+0x1b/0x28
459 -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}:
460 [<c10ae9df>] __lock_acquire+0x183f/0x1910
461 [<c10aefa9>] lock_acquire+0x79/0xe0
462 [<c105b917>] flush_work+0x47/0x90
463 [<c105d867>] __cancel_work_timer+0x67/0xe0
464 [<c105d90f>] cancel_work_sync+0xf/0x20
465 [<fb0765cc>] ieee80211_stop_ap+0x8c/0x340 [mac80211]
466 [<f9b3268c>] cfg80211_stop_ap+0x8c/0x230 [cfg80211]
467 [<f9b0d8f9>] cfg80211_leave+0x79/0x100 [cfg80211]
468 [<f9b0da72>] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211]
469 [<c160f2c9>] notifier_call_chain+0x59/0x130
470 [<c106c6de>] __raw_notifier_call_chain+0x1e/0x30
471 [<c106c70f>] raw_notifier_call_chain+0x1f/0x30
472 [<c14f8213>] call_netdevice_notifiers_info+0x33/0x70
473 [<c14f8263>] call_netdevice_notifiers+0x13/0x20
474 [<c14f82a4>] __dev_close_many+0x34/0xb0
475 [<c14f83fe>] dev_close_many+0x6e/0xc0
476 [<c14f9c77>] rollback_registered_many+0xa7/0x1f0
477 [<c14f9dd4>] unregister_netdevice_many+0x14/0x60
478 [<fb06f4d9>] ieee80211_remove_interfaces+0xe9/0x170 [mac80211]
479 [<fb055116>] ieee80211_unregister_hw+0x56/0x110 [mac80211]
480 [<fa3e9396>] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm]
481 [<f9b9d8ca>] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi]
482 [<f9b9d96f>] iwl_opmode_deregister+0x6f/0x90 [iwlwifi]
483 [<fa405179>] __exit_compat+0xd/0x19 [iwlmvm]
484 [<c10b8bf9>] SyS_delete_module+0x179/0x2b0
485 [<c1613421>] sysenter_do_call+0x12/0x32
487 Fixes: 687da132234f ("mac80211: implement SMPS for AP")
488 Cc: <stable@vger.kernel.org> [3.13]
489 Reported-by: Ilan Peer <ilan.peer@intel.com>
490 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
491 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
493 commit 178b205e96217164fd7c30113464250d0b6f5eca
494 Author: Johannes Berg <johannes.berg@intel.com>
495 Date: Thu Jan 23 16:32:29 2014 +0100
497 cfg80211: re-enable 5/10 MHz support
499 Unfortunately I forgot this during the merge window, but the
500 patch seems small enough to go in as a fix. The userspace API
501 bug that was the reason for disabling it has long been fixed.
503 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
505 commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61
506 Author: Pontus Fuchs <pontus.fuchs@gmail.com>
507 Date: Thu Jan 16 15:00:40 2014 +0100
509 nl80211: Reset split_start when netlink skb is exhausted
511 When the netlink skb is exhausted split_start is left set. In the
512 subsequent retry, with a larger buffer, the dump is continued from the
513 failing point instead of from the beginning.
515 This was causing my rt28xx based USB dongle to now show up when
516 running "iw list" with an old iw version without split dump support.
518 Cc: stable@vger.kernel.org
519 Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps")
520 Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
521 [avoid the entire workaround when state->split is set]
522 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
524 commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4
525 Author: Eliad Peller <eliad@wizery.com>
526 Date: Sun Jan 12 11:06:37 2014 +0200
528 mac80211: move roc cookie assignment earlier
530 ieee80211_start_roc_work() might add a new roc
531 to existing roc, and tell cfg80211 it has already
534 However, this might happen before the roc cookie
535 was set, resulting in REMAIN_ON_CHANNEL (started)
536 event with null cookie. Consequently, it can make
537 wpa_supplicant go out of sync.
539 Fix it by setting the roc cookie earlier.
541 Cc: stable@vger.kernel.org
542 Signed-off-by: Eliad Peller <eliad@wizery.com>
543 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
545 commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c
546 Author: Johannes Berg <johannes.berg@intel.com>
547 Date: Fri Jan 24 14:06:29 2014 +0100
549 nl80211: send event when AP operation is stopped
551 There are a few cases, e.g. suspend, where an AP interface is
552 stopped by the kernel rather than by userspace request, most
553 commonly when suspending. To let userspace know about this,
554 send the NL80211_CMD_STOP_AP command as an event every time
555 an AP interface is stopped. This also happens when userspace
556 did in fact request the AP stop, but that's not a problem.
558 For full-MAC drivers this may need to be extended to also
559 cover cases where the device stopped the AP operation for
560 some reason, this a bit more complicated because then all
561 cfg80211 state also needs to be reset; such API is not part
564 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
566 commit d5d567eda7704f190379ca852a8f9a4112e3eee3
567 Author: Johannes Berg <johannes.berg@intel.com>
568 Date: Thu Jan 23 16:20:29 2014 +0100
570 mac80211: add length check in ieee80211_is_robust_mgmt_frame()
572 A few places weren't checking that the frame passed to the
573 function actually has enough data even though the function
574 clearly documents it must have a payload byte. Make this
575 safer by changing the function to take an skb and checking
576 the length inside. The old version is preserved for now as
577 the rtl* drivers use it and don't have a correct skb.
579 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
581 commit f8f6d212a047fc65c7d3442dfc038f65517236fc
582 Author: Johannes Berg <johannes.berg@intel.com>
583 Date: Fri Jan 24 10:53:53 2014 +0100
585 nl80211: fix scheduled scan RSSI matchset attribute confusion
587 The scheduled scan matchsets were intended to be a list of filters,
588 with the found BSS having to pass at least one of them to be passed
589 to the host. When the RSSI attribute was added, however, this was
590 broken and currently wpa_supplicant adds that attribute in its own
591 matchset; however, it doesn't intend that to mean that anything
592 that passes the RSSI filter should be passed to the host, instead
593 it wants it to mean that everything needs to also have higher RSSI.
595 This is semantically problematic because we have a list of filters
596 like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which
597 one should be OR'ed and which one AND'ed.
599 To fix this, move the RSSI filter attribute into each matchset. As
600 we need to stay backward compatible, treat a matchset with only the
601 RSSI attribute as a "default RSSI filter" for all other matchsets,
602 but only if there are other matchsets (an RSSI-only matchset by
603 itself is still desirable.)
605 To make driver implementation easier, keep a global min_rssi_thold
606 for the entire request as well. The only affected driver is ath6kl.
608 I found this when I looked into the code after Raja Mani submitted
609 a patch fixing the n_match_sets calculation to disregard the RSSI,
610 but that patch didn't address the semantic issue.
612 Reported-by: Raja Mani <rmani@qti.qualcomm.com>
613 Acked-by: Luciano Coelho <luciano.coelho@intel.com>
614 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
616 commit de553e8545e65a6dc4e45f43df7e1443d4291922
617 Author: Johannes Berg <johannes.berg@intel.com>
618 Date: Fri Jan 24 10:17:47 2014 +0100
620 nl80211: check nla_parse() return values
622 If there's a policy, then nla_parse() return values must be
623 checked, otherwise the policy is useless and there's nothing
624 that ensures the attributes are actually what we expect them
627 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
629 commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1
630 Author: Karl Beldan <karl.beldan@rivierawaves.com>
631 Date: Thu Jan 23 20:06:34 2014 +0100
633 mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec
635 ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of
636 the BA parameters. In the discussion [1] about this patch, Johannes
637 recalled that it fixed some races with the DELBA and indeed this
638 behavior was introduced in [2].
639 While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on
640 their BA params TID AC violates the spec and is more a workaround for
641 some drivers. Helmut expressed some concerns wrt such drivers, in
642 particular DELBAs in rt2x00.
644 ATM, DELBAs are sent after a driver has called (hence "purposely")
645 ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some
646 details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_*
647 given to the driver ampdu_action supposed to call this function, which
648 could prove handy to people trying to do the right thing in faulty
649 drivers (if their fw/hw don't get in their way).
651 [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com
652 [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames")
654 Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
655 Cc: Helmut Schaa <helmut.schaa@googlemail.com>
656 Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
657 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
658 --- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
659 +++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
660 @@ -790,7 +790,7 @@ void ath6kl_cfg80211_connect_event(struc
661 if (nw_type & ADHOC_NETWORK) {
662 ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "ad-hoc %s selected\n",
663 nw_type & ADHOC_CREATOR ? "creator" : "joiner");
664 - cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
665 + cfg80211_ibss_joined(vif->ndev, bssid, chan, GFP_KERNEL);
666 cfg80211_put_bss(ar->wiphy, bss);
669 @@ -861,13 +861,9 @@ void ath6kl_cfg80211_disconnect_event(st
672 if (vif->nw_type & ADHOC_NETWORK) {
673 - if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) {
674 + if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC)
675 ath6kl_dbg(ATH6KL_DBG_WLAN_CFG,
676 "%s: ath6k not in ibss mode\n", __func__);
679 - memset(bssid, 0, ETH_ALEN);
680 - cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
684 @@ -3256,6 +3252,15 @@ static int ath6kl_cfg80211_sscan_start(s
685 struct ath6kl_vif *vif = netdev_priv(dev);
688 + int n_match_sets = request->n_match_sets;
691 + * If there's a matchset w/o an SSID, then assume it's just for
692 + * the RSSI (nothing else is currently supported) and ignore it.
693 + * The device only supports a global RSSI filter that we set below.
695 + if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len)
698 if (ar->state != ATH6KL_STATE_ON)
700 @@ -3268,11 +3273,11 @@ static int ath6kl_cfg80211_sscan_start(s
701 ret = ath6kl_set_probed_ssids(ar, vif, request->ssids,
704 - request->n_match_sets);
709 - if (!request->n_match_sets) {
710 + if (!n_match_sets) {
711 ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx,
714 @@ -3286,12 +3291,12 @@ static int ath6kl_cfg80211_sscan_start(s
716 if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD,
717 ar->fw_capabilities)) {
718 - if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
719 + if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
721 - else if (request->rssi_thold < -127)
722 + else if (request->min_rssi_thold < -127)
725 - rssi_thold = request->rssi_thold;
726 + rssi_thold = request->min_rssi_thold;
728 ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx,
730 --- a/drivers/net/wireless/ath/ath9k/hw.c
731 +++ b/drivers/net/wireless/ath/ath9k/hw.c
732 @@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at
733 if (AR_SREV_9300_20_OR_LATER(ah))
735 else if (AR_SREV_9100(ah))
741 @@ -2051,9 +2051,8 @@ static bool ath9k_hw_set_power_awake(str
743 REG_SET_BIT(ah, AR_RTC_FORCE_WAKE,
744 AR_RTC_FORCE_WAKE_EN);
746 if (AR_SREV_9100(ah))
752 --- a/drivers/net/wireless/ath/ath9k/main.c
753 +++ b/drivers/net/wireless/ath/ath9k/main.c
754 @@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str
756 static bool ath9k_has_tx_pending(struct ath_softc *sc)
761 for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
762 if (!ATH_TXQ_SETUP(sc, i))
763 --- a/drivers/net/wireless/iwlwifi/mvm/scan.c
764 +++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
765 @@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid(
768 for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) {
769 + /* skip empty SSID matchsets */
770 + if (!req->match_sets[i].ssid.ssid_len)
772 scan->direct_scan[i].id = WLAN_EID_SSID;
773 scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len;
774 memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid,
775 --- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
776 +++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
777 @@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80
778 /* During testing, hdr was NULL */
781 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
782 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
783 (ieee80211_has_protected(hdr->frame_control)))
784 rx_status->flag &= ~RX_FLAG_DECRYPTED;
786 --- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
787 +++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
788 @@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80
789 /* In testing, hdr was NULL here */
792 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
793 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
794 (ieee80211_has_protected(hdr->frame_control)))
795 rx_status->flag &= ~RX_FLAG_DECRYPTED;
797 --- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
798 +++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
799 @@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80
800 /* during testing, hdr was NULL here */
803 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
804 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
805 (ieee80211_has_protected(hdr->frame_control)))
806 rx_status->flag &= ~RX_FLAG_DECRYPTED;
808 --- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
809 +++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
810 @@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee
811 /* during testing, hdr could be NULL here */
814 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
815 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
816 (ieee80211_has_protected(hdr->frame_control)))
817 rx_status->flag &= ~RX_FLAG_DECRYPTED;
819 --- a/include/linux/ieee80211.h
820 +++ b/include/linux/ieee80211.h
821 @@ -597,6 +597,20 @@ static inline int ieee80211_is_qos_nullf
825 + * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
826 + * @fc: frame control field in little-endian byteorder
828 +static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc)
830 + /* IEEE 802.11-2012, definition of "bufferable management frame";
831 + * note that this ignores the IBSS special case. */
832 + return ieee80211_is_mgmt(fc) &&
833 + (ieee80211_is_action(fc) ||
834 + ieee80211_is_disassoc(fc) ||
835 + ieee80211_is_deauth(fc));
839 * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set
840 * @seq_ctrl: frame sequence control bytes in little-endian byteorder
842 @@ -2192,10 +2206,10 @@ static inline u8 *ieee80211_get_DA(struc
846 - * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
847 + * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
848 * @hdr: the frame (buffer must include at least the first octet of payload)
850 -static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
851 +static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
853 if (ieee80211_is_disassoc(hdr->frame_control) ||
854 ieee80211_is_deauth(hdr->frame_control))
855 @@ -2224,6 +2238,17 @@ static inline bool ieee80211_is_robust_m
859 + * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame
860 + * @skb: the skb containing the frame, length will be checked
862 +static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb)
866 + return _ieee80211_is_robust_mgmt_frame((void *)skb->data);
870 * ieee80211_is_public_action - check if frame is a public action frame
872 * @len: length of the frame
873 --- a/include/net/cfg80211.h
874 +++ b/include/net/cfg80211.h
875 @@ -1395,9 +1395,11 @@ struct cfg80211_scan_request {
876 * struct cfg80211_match_set - sets of attributes to match
878 * @ssid: SSID to be matched
879 + * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
881 struct cfg80211_match_set {
882 struct cfg80211_ssid ssid;
887 @@ -1420,7 +1422,8 @@ struct cfg80211_match_set {
888 * @dev: the interface
889 * @scan_start: start time of the scheduled scan
890 * @channels: channels to scan
891 - * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
892 + * @min_rssi_thold: for drivers only supporting a single threshold, this
893 + * contains the minimum over all matchsets
895 struct cfg80211_sched_scan_request {
896 struct cfg80211_ssid *ssids;
897 @@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request {
899 struct cfg80211_match_set *match_sets;
902 + s32 min_rssi_thold;
906 @@ -3130,8 +3133,8 @@ struct cfg80211_cached_keys;
907 * @identifier: (private) Identifier used in nl80211 to identify this
908 * wireless device if it has no netdev
909 * @current_bss: (private) Used by the internal configuration code
910 - * @channel: (private) Used by the internal configuration code to track
911 - * the user-set AP, monitor and WDS channel
912 + * @chandef: (private) Used by the internal configuration code to track
913 + * the user-set channel definition.
914 * @preset_chandef: (private) Used by the internal configuration code to
915 * track the channel to be used for AP later
916 * @bssid: (private) Used by the internal configuration code
917 @@ -3195,9 +3198,7 @@ struct wireless_dev {
919 struct cfg80211_internal_bss *current_bss; /* associated / joined */
920 struct cfg80211_chan_def preset_chandef;
922 - /* for AP and mesh channel tracking */
923 - struct ieee80211_channel *channel;
924 + struct cfg80211_chan_def chandef;
927 bool ibss_dfs_possible;
928 @@ -3879,6 +3880,7 @@ void cfg80211_michael_mic_failure(struct
930 * @dev: network device
931 * @bssid: the BSSID of the IBSS joined
932 + * @channel: the channel of the IBSS joined
933 * @gfp: allocation flags
935 * This function notifies cfg80211 that the device joined an IBSS or
936 @@ -3888,7 +3890,8 @@ void cfg80211_michael_mic_failure(struct
937 * with the locally generated beacon -- this guarantees that there is
938 * always a scan result for this IBSS. cfg80211 will handle the rest.
940 -void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp);
941 +void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
942 + struct ieee80211_channel *channel, gfp_t gfp);
945 * cfg80211_notify_new_candidate - notify cfg80211 of a new mesh peer candidate
946 --- a/include/uapi/linux/nl80211.h
947 +++ b/include/uapi/linux/nl80211.h
948 @@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr {
949 * enum nl80211_sched_scan_match_attr - scheduled scan match attributes
950 * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved
951 * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching,
952 - * only report BSS with matching SSID.
953 + * only report BSS with matching SSID.
954 * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a
955 - * BSS in scan results. Filtering is turned off if not specified.
956 + * BSS in scan results. Filtering is turned off if not specified. Note that
957 + * if this attribute is in a match set of its own, then it is treated as
958 + * the default value for all matchsets with an SSID, rather than being a
959 + * matchset of its own without an RSSI filter. This is due to problems with
960 + * how this API was implemented in the past. Also, due to the same problem,
961 + * the only way to create a matchset with only an RSSI filter (with this
962 + * attribute) is if there's only a single matchset with the RSSI attribute.
963 * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter
964 * attribute number currently defined
965 * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use
966 --- a/net/mac80211/agg-tx.c
967 +++ b/net/mac80211/agg-tx.c
968 @@ -107,7 +107,7 @@ static void ieee80211_send_addba_request
969 mgmt->u.action.u.addba_req.start_seq_num =
970 cpu_to_le16(start_seq_num << 4);
972 - ieee80211_tx_skb_tid(sdata, skb, tid);
973 + ieee80211_tx_skb(sdata, skb);
976 void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
977 --- a/net/mac80211/cfg.c
978 +++ b/net/mac80211/cfg.c
979 @@ -970,9 +970,9 @@ static int ieee80211_start_ap(struct wip
980 /* TODO: make hostapd tell us what it wants */
981 sdata->smps_mode = IEEE80211_SMPS_OFF;
982 sdata->needed_rx_chains = sdata->local->rx_chains;
983 - sdata->radar_required = params->radar_required;
985 mutex_lock(&local->mtx);
986 + sdata->radar_required = params->radar_required;
987 err = ieee80211_vif_use_channel(sdata, ¶ms->chandef,
988 IEEE80211_CHANCTX_SHARED);
989 mutex_unlock(&local->mtx);
990 @@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip
991 IEEE80211_P2P_OPPPS_ENABLE_BIT;
993 err = ieee80211_assign_beacon(sdata, ¶ms->beacon);
996 + ieee80211_vif_release_channel(sdata);
1001 err = drv_start_ap(sdata->local, sdata);
1002 @@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip
1004 kfree_rcu(old, rcu_head);
1005 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1006 + ieee80211_vif_release_channel(sdata);
1010 @@ -1053,6 +1056,7 @@ static int ieee80211_change_beacon(struc
1013 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1014 + sdata_assert_lock(sdata);
1016 /* don't allow changing the beacon while CSA is in place - offset
1017 * of channel switch counter may change
1018 @@ -1080,6 +1084,8 @@ static int ieee80211_stop_ap(struct wiph
1019 struct probe_resp *old_probe_resp;
1020 struct cfg80211_chan_def chandef;
1022 + sdata_assert_lock(sdata);
1024 old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata);
1027 @@ -1090,8 +1096,6 @@ static int ieee80211_stop_ap(struct wiph
1028 kfree(sdata->u.ap.next_beacon);
1029 sdata->u.ap.next_beacon = NULL;
1031 - cancel_work_sync(&sdata->u.ap.request_smps_work);
1033 /* turn off carrier for this interface and dependent VLANs */
1034 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1035 netif_carrier_off(vlan->dev);
1036 @@ -1103,6 +1107,7 @@ static int ieee80211_stop_ap(struct wiph
1037 kfree_rcu(old_beacon, rcu_head);
1039 kfree_rcu(old_probe_resp, rcu_head);
1040 + sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
1042 __sta_info_flush(sdata, true);
1043 ieee80211_free_keys(sdata, true);
1044 @@ -2638,6 +2643,24 @@ static int ieee80211_start_roc_work(stru
1045 INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
1046 INIT_LIST_HEAD(&roc->dependents);
1049 + * cookie is either the roc cookie (for normal roc)
1050 + * or the SKB (for mgmt TX)
1053 + /* local->mtx protects this */
1054 + local->roc_cookie_counter++;
1055 + roc->cookie = local->roc_cookie_counter;
1056 + /* wow, you wrapped 64 bits ... more likely a bug */
1057 + if (WARN_ON(roc->cookie == 0)) {
1059 + local->roc_cookie_counter++;
1061 + *cookie = roc->cookie;
1063 + *cookie = (unsigned long)txskb;
1066 /* if there's one pending or we're scanning, queue this one */
1067 if (!list_empty(&local->roc_list) ||
1068 local->scanning || local->radar_detect_enabled)
1069 @@ -2772,24 +2795,6 @@ static int ieee80211_start_roc_work(stru
1071 list_add_tail(&roc->list, &local->roc_list);
1074 - * cookie is either the roc cookie (for normal roc)
1075 - * or the SKB (for mgmt TX)
1078 - /* local->mtx protects this */
1079 - local->roc_cookie_counter++;
1080 - roc->cookie = local->roc_cookie_counter;
1081 - /* wow, you wrapped 64 bits ... more likely a bug */
1082 - if (WARN_ON(roc->cookie == 0)) {
1084 - local->roc_cookie_counter++;
1086 - *cookie = roc->cookie;
1088 - *cookie = (unsigned long)txskb;
1094 @@ -3004,8 +3009,10 @@ void ieee80211_csa_finalize_work(struct
1095 if (!ieee80211_sdata_running(sdata))
1098 - sdata->radar_required = sdata->csa_radar_required;
1099 + sdata_assert_lock(sdata);
1101 mutex_lock(&local->mtx);
1102 + sdata->radar_required = sdata->csa_radar_required;
1103 err = ieee80211_vif_change_channel(sdata, &changed);
1104 mutex_unlock(&local->mtx);
1105 if (WARN_ON(err < 0))
1106 @@ -3022,13 +3029,13 @@ void ieee80211_csa_finalize_work(struct
1107 switch (sdata->vif.type) {
1108 case NL80211_IFTYPE_AP:
1109 err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
1110 + kfree(sdata->u.ap.next_beacon);
1111 + sdata->u.ap.next_beacon = NULL;
1117 - kfree(sdata->u.ap.next_beacon);
1118 - sdata->u.ap.next_beacon = NULL;
1120 ieee80211_bss_info_change_notify(sdata, err);
1122 case NL80211_IFTYPE_ADHOC:
1123 @@ -3066,7 +3073,7 @@ int ieee80211_channel_switch(struct wiph
1124 struct ieee80211_if_mesh __maybe_unused *ifmsh;
1125 int err, num_chanctx;
1127 - lockdep_assert_held(&sdata->wdev.mtx);
1128 + sdata_assert_lock(sdata);
1130 if (!list_empty(&local->roc_list) || local->scanning)
1132 --- a/net/mac80211/ht.c
1133 +++ b/net/mac80211/ht.c
1134 @@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802
1135 mgmt->u.action.u.delba.params = cpu_to_le16(params);
1136 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
1138 - ieee80211_tx_skb_tid(sdata, skb, tid);
1139 + ieee80211_tx_skb(sdata, skb);
1142 void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
1143 @@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru
1144 u.ap.request_smps_work);
1147 - __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode);
1148 + if (sdata_dereference(sdata->u.ap.beacon, sdata))
1149 + __ieee80211_request_smps_ap(sdata,
1150 + sdata->u.ap.driver_smps_mode);
1151 sdata_unlock(sdata);
1154 --- a/net/mac80211/iface.c
1155 +++ b/net/mac80211/iface.c
1156 @@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee
1158 ieee80211_roc_purge(local, sdata);
1160 - if (sdata->vif.type == NL80211_IFTYPE_STATION)
1161 + switch (sdata->vif.type) {
1162 + case NL80211_IFTYPE_STATION:
1163 ieee80211_mgd_stop(sdata);
1165 - if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
1167 + case NL80211_IFTYPE_ADHOC:
1168 ieee80211_ibss_stop(sdata);
1171 + case NL80211_IFTYPE_AP:
1172 + cancel_work_sync(&sdata->u.ap.request_smps_work);
1179 * Remove all stations associated with this interface.
1180 @@ -827,7 +834,9 @@ static void ieee80211_do_stop(struct iee
1181 cancel_work_sync(&local->dynamic_ps_enable_work);
1183 cancel_work_sync(&sdata->recalc_smps);
1184 + sdata_lock(sdata);
1185 sdata->vif.csa_active = false;
1186 + sdata_unlock(sdata);
1187 cancel_work_sync(&sdata->csa_finalize_work);
1189 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
1190 --- a/net/mac80211/rx.c
1191 +++ b/net/mac80211/rx.c
1192 @@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m
1194 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1196 - if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
1197 + if (is_multicast_ether_addr(hdr->addr1))
1200 - return ieee80211_is_robust_mgmt_frame(hdr);
1201 + return ieee80211_is_robust_mgmt_frame(skb);
1205 @@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust
1207 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1209 - if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
1210 + if (!is_multicast_ether_addr(hdr->addr1))
1213 - return ieee80211_is_robust_mgmt_frame(hdr);
1214 + return ieee80211_is_robust_mgmt_frame(skb);
1218 @@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str
1219 if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
1222 - if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
1223 + if (!ieee80211_is_robust_mgmt_frame(skb))
1224 return -1; /* not a robust management frame */
1226 mmie = (struct ieee80211_mmie *)
1227 @@ -1311,18 +1311,15 @@ ieee80211_rx_h_sta_process(struct ieee80
1228 !ieee80211_has_morefrags(hdr->frame_control) &&
1229 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1230 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1231 - rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
1232 + rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1233 + /* PM bit is only checked in frames where it isn't reserved,
1234 + * in AP mode it's reserved in non-bufferable management frames
1235 + * (cf. IEEE 802.11-2012 8.2.4.1.7 Power Management field)
1237 + (!ieee80211_is_mgmt(hdr->frame_control) ||
1238 + ieee80211_is_bufferable_mmpdu(hdr->frame_control))) {
1239 if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
1241 - * Ignore doze->wake transitions that are
1242 - * indicated by non-data frames, the standard
1243 - * is unclear here, but for example going to
1244 - * PS mode and then scanning would cause a
1245 - * doze->wake transition for the probe request,
1246 - * and that is clearly undesirable.
1248 - if (ieee80211_is_data(hdr->frame_control) &&
1249 - !ieee80211_has_pm(hdr->frame_control))
1250 + if (!ieee80211_has_pm(hdr->frame_control))
1253 if (ieee80211_has_pm(hdr->frame_control))
1254 @@ -1845,8 +1842,7 @@ static int ieee80211_drop_unencrypted_mg
1255 * having configured keys.
1257 if (unlikely(ieee80211_is_action(fc) && !rx->key &&
1258 - ieee80211_is_robust_mgmt_frame(
1259 - (struct ieee80211_hdr *) rx->skb->data)))
1260 + ieee80211_is_robust_mgmt_frame(rx->skb)))
1264 --- a/net/mac80211/tx.c
1265 +++ b/net/mac80211/tx.c
1266 @@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc,
1267 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
1270 - if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
1272 + if (!ieee80211_is_robust_mgmt_frame(skb))
1276 @@ -525,9 +524,7 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t
1278 /* only deauth, disassoc and action are bufferable MMPDUs */
1279 if (ieee80211_is_mgmt(hdr->frame_control) &&
1280 - !ieee80211_is_deauth(hdr->frame_control) &&
1281 - !ieee80211_is_disassoc(hdr->frame_control) &&
1282 - !ieee80211_is_action(hdr->frame_control)) {
1283 + !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
1284 if (tx->flags & IEEE80211_TX_UNICAST)
1285 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
1287 @@ -567,7 +564,7 @@ ieee80211_tx_h_select_key(struct ieee802
1289 else if (ieee80211_is_mgmt(hdr->frame_control) &&
1290 is_multicast_ether_addr(hdr->addr1) &&
1291 - ieee80211_is_robust_mgmt_frame(hdr) &&
1292 + ieee80211_is_robust_mgmt_frame(tx->skb) &&
1293 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
1295 else if (is_multicast_ether_addr(hdr->addr1) &&
1296 @@ -582,12 +579,12 @@ ieee80211_tx_h_select_key(struct ieee802
1298 else if (tx->skb->protocol == tx->sdata->control_port_protocol)
1300 - else if (ieee80211_is_robust_mgmt_frame(hdr) &&
1301 + else if (ieee80211_is_robust_mgmt_frame(tx->skb) &&
1302 !(ieee80211_is_action(hdr->frame_control) &&
1303 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
1305 else if (ieee80211_is_mgmt(hdr->frame_control) &&
1306 - !ieee80211_is_robust_mgmt_frame(hdr))
1307 + !ieee80211_is_robust_mgmt_frame(tx->skb))
1310 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
1311 @@ -878,7 +875,7 @@ static int ieee80211_fragment(struct iee
1314 /* adjust first fragment's length */
1315 - skb->len = hdrlen + per_fragm;
1316 + skb_trim(skb, hdrlen + per_fragm);
1320 --- a/net/mac80211/wpa.c
1321 +++ b/net/mac80211/wpa.c
1322 @@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee
1323 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1325 if (!ieee80211_is_data(hdr->frame_control) &&
1326 - !ieee80211_is_robust_mgmt_frame(hdr))
1327 + !ieee80211_is_robust_mgmt_frame(skb))
1330 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
1331 --- a/net/wireless/ap.c
1332 +++ b/net/wireless/ap.c
1333 @@ -27,9 +27,10 @@ static int __cfg80211_stop_ap(struct cfg
1334 err = rdev_stop_ap(rdev, dev);
1336 wdev->beacon_interval = 0;
1337 - wdev->channel = NULL;
1338 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
1340 rdev_set_qos_map(rdev, dev, NULL);
1341 + nl80211_send_ap_stopped(wdev);
1345 --- a/net/wireless/core.c
1346 +++ b/net/wireless/core.c
1347 @@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg
1351 - WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
1352 - !rdev->scan_req->notified);
1353 + if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
1354 + if (WARN_ON(!rdev->scan_req->notified))
1355 + rdev->scan_req->aborted = true;
1356 + ___cfg80211_scan_done(rdev, false);
1360 static int cfg80211_rfkill_set_block(void *data, bool blocked)
1361 @@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy)
1363 u16 ifmodes = wiphy->interface_modes;
1365 - /* support for 5/10 MHz is broken due to nl80211 API mess - disable */
1366 - wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ;
1369 * There are major locking problems in nl80211/mac80211 for CSA,
1370 * disable for all drivers until this has been reworked.
1371 @@ -875,8 +875,11 @@ static int cfg80211_netdev_notifier_call
1374 cfg80211_update_iface_num(rdev, wdev->iftype, -1);
1375 - WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
1376 - !rdev->scan_req->notified);
1377 + if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
1378 + if (WARN_ON(!rdev->scan_req->notified))
1379 + rdev->scan_req->aborted = true;
1380 + ___cfg80211_scan_done(rdev, false);
1383 if (WARN_ON(rdev->sched_scan_req &&
1384 rdev->sched_scan_req->dev == wdev->netdev)) {
1385 --- a/net/wireless/core.h
1386 +++ b/net/wireless/core.h
1387 @@ -62,6 +62,7 @@ struct cfg80211_registered_device {
1388 struct rb_root bss_tree;
1390 struct cfg80211_scan_request *scan_req; /* protected by RTNL */
1391 + struct sk_buff *scan_msg;
1392 struct cfg80211_sched_scan_request *sched_scan_req;
1393 unsigned long suspend_at;
1394 struct work_struct scan_done_wk;
1395 @@ -210,6 +211,7 @@ struct cfg80211_event {
1399 + struct ieee80211_channel *channel;
1403 @@ -257,7 +259,8 @@ int __cfg80211_leave_ibss(struct cfg8021
1404 struct net_device *dev, bool nowext);
1405 int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
1406 struct net_device *dev, bool nowext);
1407 -void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid);
1408 +void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
1409 + struct ieee80211_channel *channel);
1410 int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
1411 struct wireless_dev *wdev);
1413 @@ -361,7 +364,8 @@ int cfg80211_validate_key_settings(struc
1414 struct key_params *params, int key_idx,
1415 bool pairwise, const u8 *mac_addr);
1416 void __cfg80211_scan_done(struct work_struct *wk);
1417 -void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev);
1418 +void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
1419 + bool send_message);
1420 void __cfg80211_sched_scan_results(struct work_struct *wk);
1421 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
1422 bool driver_initiated);
1423 @@ -441,7 +445,8 @@ static inline unsigned int elapsed_jiffi
1425 cfg80211_get_chan_state(struct wireless_dev *wdev,
1426 struct ieee80211_channel **chan,
1427 - enum cfg80211_chan_mode *chanmode);
1428 + enum cfg80211_chan_mode *chanmode,
1429 + u8 *radar_detect);
1431 int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
1432 struct cfg80211_chan_def *chandef);
1433 --- a/net/wireless/nl80211.c
1434 +++ b/net/wireless/nl80211.c
1435 @@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_
1436 * We can then retry with the larger buffer.
1438 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1440 + !skb->len && !state->split &&
1441 cb->min_dump_alloc < 4096) {
1442 cb->min_dump_alloc = 4096;
1443 + state->split_start = 0;
1447 @@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b
1448 nla_for_each_nested(nl_txq_params,
1449 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1451 - nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1452 - nla_data(nl_txq_params),
1453 - nla_len(nl_txq_params),
1454 - txq_params_policy);
1455 + result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1456 + nla_data(nl_txq_params),
1457 + nla_len(nl_txq_params),
1458 + txq_params_policy);
1461 result = parse_txq_params(tb, &txq_params);
1464 @@ -3289,7 +3292,7 @@ static int nl80211_start_ap(struct sk_bu
1466 wdev->preset_chandef = params.chandef;
1467 wdev->beacon_interval = params.beacon_interval;
1468 - wdev->channel = params.chandef.chan;
1469 + wdev->chandef = params.chandef;
1470 wdev->ssid_len = params.ssid_len;
1471 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
1473 @@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf
1475 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
1477 - nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
1478 - nla_data(nl_reg_rule), nla_len(nl_reg_rule),
1480 + r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
1481 + nla_data(nl_reg_rule), nla_len(nl_reg_rule),
1485 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
1488 @@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s
1489 if (!rdev->ops->scan)
1492 - if (rdev->scan_req) {
1493 + if (rdev->scan_req || rdev->scan_msg) {
1497 @@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru
1498 enum ieee80211_band band;
1500 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
1501 + s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
1503 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
1504 !rdev->ops->sched_scan_start)
1505 @@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru
1506 if (n_ssids > wiphy->max_sched_scan_ssids)
1509 - if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
1511 + * First, count the number of 'real' matchsets. Due to an issue with
1512 + * the old implementation, matchsets containing only the RSSI attribute
1513 + * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
1514 + * RSSI for all matchsets, rather than their own matchset for reporting
1515 + * all APs with a strong RSSI. This is needed to be compatible with
1516 + * older userspace that treated a matchset with only the RSSI as the
1517 + * global RSSI for all other matchsets - if there are other matchsets.
1519 + if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
1520 nla_for_each_nested(attr,
1521 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
1525 + struct nlattr *rssi;
1527 + err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
1528 + nla_data(attr), nla_len(attr),
1529 + nl80211_match_policy);
1532 + /* add other standalone attributes here */
1533 + if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
1537 + rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
1539 + default_match_rssi = nla_get_s32(rssi);
1543 + /* However, if there's no other matchset, add the RSSI one */
1544 + if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
1547 if (n_match_sets > wiphy->max_match_sets)
1549 @@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru
1551 struct nlattr *ssid, *rssi;
1553 - nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
1554 - nla_data(attr), nla_len(attr),
1555 - nl80211_match_policy);
1556 + err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
1557 + nla_data(attr), nla_len(attr),
1558 + nl80211_match_policy);
1561 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
1563 + if (WARN_ON(i >= n_match_sets)) {
1564 + /* this indicates a programming error,
1565 + * the loop above should have verified
1572 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
1575 @@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru
1576 nla_data(ssid), nla_len(ssid));
1577 request->match_sets[i].ssid.ssid_len =
1579 + /* special attribute - old implemenation w/a */
1580 + request->match_sets[i].rssi_thold =
1581 + default_match_rssi;
1582 + rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
1584 + request->match_sets[i].rssi_thold =
1585 + nla_get_s32(rssi);
1587 - rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
1589 - request->rssi_thold = nla_get_u32(rssi);
1591 - request->rssi_thold =
1592 - NL80211_SCAN_RSSI_THOLD_OFF;
1596 + /* there was no other matchset, so the RSSI one is alone */
1598 + request->match_sets[0].rssi_thold = default_match_rssi;
1600 + request->min_rssi_thold = INT_MAX;
1601 + for (i = 0; i < n_match_sets; i++)
1602 + request->min_rssi_thold =
1603 + min(request->match_sets[i].rssi_thold,
1604 + request->min_rssi_thold);
1606 + request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
1609 if (info->attrs[NL80211_ATTR_IE]) {
1610 @@ -5751,7 +5810,7 @@ static int nl80211_start_radar_detection
1612 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
1614 - wdev->channel = chandef.chan;
1615 + wdev->chandef = chandef;
1616 wdev->cac_started = true;
1617 wdev->cac_start_time = jiffies;
1619 @@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s
1620 * directly to the enum ieee80211_band values used in cfg80211.
1622 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
1623 - nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
1625 + nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
1626 enum ieee80211_band band = nla_type(tx_rates);
1629 if (band < 0 || band >= IEEE80211_NUM_BANDS)
1631 sband = rdev->wiphy.bands[band];
1634 - nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
1635 - nla_len(tx_rates), nl80211_txattr_policy);
1636 + err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
1637 + nla_len(tx_rates), nl80211_txattr_policy);
1640 if (tb[NL80211_TXRATE_LEGACY]) {
1641 mask.control[band].legacy = rateset_to_mask(
1643 @@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8
1644 NL80211_MCGRP_SCAN, GFP_KERNEL);
1647 -void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
1648 - struct wireless_dev *wdev)
1649 +struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
1650 + struct wireless_dev *wdev, bool aborted)
1652 struct sk_buff *msg;
1654 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1659 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
1660 - NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
1661 + aborted ? NL80211_CMD_SCAN_ABORTED :
1662 + NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
1668 - genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
1669 - NL80211_MCGRP_SCAN, GFP_KERNEL);
1673 -void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
1674 - struct wireless_dev *wdev)
1675 +void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
1676 + struct sk_buff *msg)
1678 - struct sk_buff *msg;
1680 - msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1684 - if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
1685 - NL80211_CMD_SCAN_ABORTED) < 0) {
1690 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
1691 NL80211_MCGRP_SCAN, GFP_KERNEL);
1693 @@ -11158,7 +11211,8 @@ void cfg80211_ch_switch_notify(struct ne
1694 wdev->iftype != NL80211_IFTYPE_MESH_POINT))
1697 - wdev->channel = chandef->chan;
1698 + wdev->chandef = *chandef;
1699 + wdev->preset_chandef = *chandef;
1700 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
1702 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
1703 @@ -11673,6 +11727,35 @@ void cfg80211_crit_proto_stopped(struct
1705 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
1707 +void nl80211_send_ap_stopped(struct wireless_dev *wdev)
1709 + struct wiphy *wiphy = wdev->wiphy;
1710 + struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
1711 + struct sk_buff *msg;
1714 + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1718 + hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
1722 + if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1723 + nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
1724 + nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
1727 + genlmsg_end(msg, hdr);
1729 + genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
1730 + NL80211_MCGRP_MLME, GFP_KERNEL);
1736 /* initialisation/exit functions */
1738 int nl80211_init(void)
1739 --- a/net/wireless/nl80211.h
1740 +++ b/net/wireless/nl80211.h
1741 @@ -8,10 +8,10 @@ void nl80211_exit(void);
1742 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
1743 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
1744 struct wireless_dev *wdev);
1745 -void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
1746 - struct wireless_dev *wdev);
1747 -void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
1748 - struct wireless_dev *wdev);
1749 +struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
1750 + struct wireless_dev *wdev, bool aborted);
1751 +void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
1752 + struct sk_buff *msg);
1753 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
1754 struct net_device *netdev, u32 cmd);
1755 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
1756 @@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg
1757 enum nl80211_radar_event event,
1758 struct net_device *netdev, gfp_t gfp);
1760 +void nl80211_send_ap_stopped(struct wireless_dev *wdev);
1762 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev);
1764 #endif /* __NET_WIRELESS_NL80211_H */
1765 --- a/net/wireless/scan.c
1766 +++ b/net/wireless/scan.c
1767 @@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct
1768 dev->bss_generation++;
1771 -void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev)
1772 +void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
1773 + bool send_message)
1775 struct cfg80211_scan_request *request;
1776 struct wireless_dev *wdev;
1777 + struct sk_buff *msg;
1778 #ifdef CPTCFG_CFG80211_WEXT
1779 union iwreq_data wrqu;
1784 - request = rdev->scan_req;
1785 + if (rdev->scan_msg) {
1786 + nl80211_send_scan_result(rdev, rdev->scan_msg);
1787 + rdev->scan_msg = NULL;
1791 + request = rdev->scan_req;
1795 @@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802
1797 cfg80211_sme_scan_done(wdev->netdev);
1799 - if (request->aborted) {
1800 - nl80211_send_scan_aborted(rdev, wdev);
1802 - if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
1803 - /* flush entries from previous scans */
1804 - spin_lock_bh(&rdev->bss_lock);
1805 - __cfg80211_bss_expire(rdev, request->scan_start);
1806 - spin_unlock_bh(&rdev->bss_lock);
1808 - nl80211_send_scan_done(rdev, wdev);
1809 + if (!request->aborted &&
1810 + request->flags & NL80211_SCAN_FLAG_FLUSH) {
1811 + /* flush entries from previous scans */
1812 + spin_lock_bh(&rdev->bss_lock);
1813 + __cfg80211_bss_expire(rdev, request->scan_start);
1814 + spin_unlock_bh(&rdev->bss_lock);
1817 + msg = nl80211_build_scan_msg(rdev, wdev, request->aborted);
1819 #ifdef CPTCFG_CFG80211_WEXT
1820 if (wdev->netdev && !request->aborted) {
1821 memset(&wrqu, 0, sizeof(wrqu));
1822 @@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802
1824 rdev->scan_req = NULL;
1827 + if (!send_message)
1828 + rdev->scan_msg = msg;
1830 + nl80211_send_scan_result(rdev, msg);
1833 void __cfg80211_scan_done(struct work_struct *wk)
1834 @@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st
1838 - ___cfg80211_scan_done(rdev);
1839 + ___cfg80211_scan_done(rdev, true);
1843 @@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev
1845 return PTR_ERR(rdev);
1847 - if (rdev->scan_req) {
1848 + if (rdev->scan_req || rdev->scan_msg) {
1852 @@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev
1854 return PTR_ERR(rdev);
1856 - if (rdev->scan_req)
1857 + if (rdev->scan_req || rdev->scan_msg)
1860 res = ieee80211_scan_results(rdev, info, extra, data->length);
1861 --- a/net/wireless/sme.c
1862 +++ b/net/wireless/sme.c
1863 @@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir
1864 ASSERT_RDEV_LOCK(rdev);
1865 ASSERT_WDEV_LOCK(wdev);
1867 - if (rdev->scan_req)
1868 + if (rdev->scan_req || rdev->scan_msg)
1871 if (wdev->conn->params.channel)
1872 --- a/net/mac80211/mlme.c
1873 +++ b/net/mac80211/mlme.c
1874 @@ -1001,7 +1001,6 @@ ieee80211_sta_process_chanswitch(struct
1877 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1878 - sdata->vif.csa_active = true;
1880 mutex_lock(&local->chanctx_mtx);
1881 if (local->use_chanctx) {
1882 @@ -1039,6 +1038,7 @@ ieee80211_sta_process_chanswitch(struct
1883 mutex_unlock(&local->chanctx_mtx);
1885 sdata->csa_chandef = csa_ie.chandef;
1886 + sdata->vif.csa_active = true;
1889 ieee80211_stop_queues_by_reason(&local->hw,
1890 --- a/net/mac80211/chan.c
1891 +++ b/net/mac80211/chan.c
1892 @@ -196,6 +196,8 @@ static bool ieee80211_is_radar_required(
1894 struct ieee80211_sub_if_data *sdata;
1896 + lockdep_assert_held(&local->mtx);
1899 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1900 if (sdata->radar_required) {
1901 --- a/net/mac80211/ibss.c
1902 +++ b/net/mac80211/ibss.c
1903 @@ -294,7 +294,6 @@ static void __ieee80211_sta_join_ibss(st
1906 mutex_lock(&local->mtx);
1907 - ieee80211_vif_release_channel(sdata);
1908 if (ieee80211_vif_use_channel(sdata, &chandef,
1909 ifibss->fixed_channel ?
1910 IEEE80211_CHANCTX_SHARED :
1911 @@ -303,6 +302,7 @@ static void __ieee80211_sta_join_ibss(st
1912 mutex_unlock(&local->mtx);
1915 + sdata->radar_required = radar_required;
1916 mutex_unlock(&local->mtx);
1918 memcpy(ifibss->bssid, bssid, ETH_ALEN);
1919 @@ -318,7 +318,6 @@ static void __ieee80211_sta_join_ibss(st
1920 rcu_assign_pointer(ifibss->presp, presp);
1921 mgmt = (void *)presp->head;
1923 - sdata->radar_required = radar_required;
1924 sdata->vif.bss_conf.enable_beacon = true;
1925 sdata->vif.bss_conf.beacon_int = beacon_int;
1926 sdata->vif.bss_conf.basic_rates = basic_rates;
1927 @@ -386,7 +385,7 @@ static void __ieee80211_sta_join_ibss(st
1928 presp->head_len, 0, GFP_KERNEL);
1929 cfg80211_put_bss(local->hw.wiphy, bss);
1930 netif_carrier_on(sdata->dev);
1931 - cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL);
1932 + cfg80211_ibss_joined(sdata->dev, ifibss->bssid, chan, GFP_KERNEL);
1935 static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
1936 @@ -802,6 +801,8 @@ ieee80211_ibss_process_chanswitch(struct
1940 + sdata_assert_lock(sdata);
1942 sta_flags = IEEE80211_STA_DISABLE_VHT;
1943 switch (ifibss->chandef.width) {
1944 case NL80211_CHAN_WIDTH_5:
1945 @@ -1471,6 +1472,11 @@ static void ieee80211_rx_mgmt_probe_req(
1946 memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN);
1947 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa);
1948 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1950 + /* avoid excessive retries for probe request to wildcard SSIDs */
1952 + IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_NO_ACK;
1954 ieee80211_tx_skb(sdata, skb);
1957 --- a/net/mac80211/mesh.c
1958 +++ b/net/mac80211/mesh.c
1959 @@ -872,6 +872,8 @@ ieee80211_mesh_process_chnswitch(struct
1960 if (!ifmsh->mesh_id)
1963 + sdata_assert_lock(sdata);
1965 sta_flags = IEEE80211_STA_DISABLE_VHT;
1966 switch (sdata->vif.bss_conf.chandef.width) {
1967 case NL80211_CHAN_WIDTH_20_NOHT:
1968 --- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
1969 +++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
1970 @@ -4658,6 +4658,7 @@ brcmf_notify_connect_status(struct brcmf
1971 struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
1972 struct net_device *ndev = ifp->ndev;
1973 struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1974 + struct ieee80211_channel *chan;
1977 if (ifp->vif->mode == WL_MODE_AP) {
1978 @@ -4665,9 +4666,10 @@ brcmf_notify_connect_status(struct brcmf
1979 } else if (brcmf_is_linkup(e)) {
1980 brcmf_dbg(CONN, "Linkup\n");
1981 if (brcmf_is_ibssmode(ifp->vif)) {
1982 + chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
1983 memcpy(profile->bssid, e->addr, ETH_ALEN);
1984 wl_inform_ibss(cfg, ndev, e->addr);
1985 - cfg80211_ibss_joined(ndev, e->addr, GFP_KERNEL);
1986 + cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
1987 clear_bit(BRCMF_VIF_STATUS_CONNECTING,
1988 &ifp->vif->sme_state);
1989 set_bit(BRCMF_VIF_STATUS_CONNECTED,
1990 --- a/drivers/net/wireless/libertas/cfg.c
1991 +++ b/drivers/net/wireless/libertas/cfg.c
1992 @@ -1766,7 +1766,8 @@ static void lbs_join_post(struct lbs_pri
1993 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len);
1994 priv->wdev->ssid_len = params->ssid_len;
1996 - cfg80211_ibss_joined(priv->dev, bssid, GFP_KERNEL);
1997 + cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
2000 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
2001 priv->connect_status = LBS_CONNECTED;
2002 --- a/drivers/net/wireless/mwifiex/cfg80211.c
2003 +++ b/drivers/net/wireless/mwifiex/cfg80211.c
2004 @@ -1881,7 +1881,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy
2008 - cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, GFP_KERNEL);
2009 + cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid,
2010 + params->chandef.chan, GFP_KERNEL);
2011 dev_dbg(priv->adapter->dev,
2012 "info: joined/created adhoc network with bssid"
2013 " %pM successfully\n", priv->cfg_bssid);
2014 --- a/drivers/net/wireless/rndis_wlan.c
2015 +++ b/drivers/net/wireless/rndis_wlan.c
2016 @@ -2835,7 +2835,9 @@ static void rndis_wlan_do_link_up_work(s
2017 bssid, req_ie, req_ie_len,
2018 resp_ie, resp_ie_len, GFP_KERNEL);
2019 } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
2020 - cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL);
2021 + cfg80211_ibss_joined(usbdev->net, bssid,
2022 + get_current_channel(usbdev, NULL),
2027 --- a/net/wireless/ibss.c
2028 +++ b/net/wireless/ibss.c
2030 #include "rdev-ops.h"
2033 -void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid)
2034 +void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
2035 + struct ieee80211_channel *channel)
2037 struct wireless_dev *wdev = dev->ieee80211_ptr;
2038 struct cfg80211_bss *bss;
2039 @@ -28,8 +29,7 @@ void __cfg80211_ibss_joined(struct net_d
2040 if (!wdev->ssid_len)
2043 - bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
2044 - wdev->ssid, wdev->ssid_len,
2045 + bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, NULL, 0,
2046 WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_IBSS);
2049 @@ -54,21 +54,26 @@ void __cfg80211_ibss_joined(struct net_d
2053 -void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp)
2054 +void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
2055 + struct ieee80211_channel *channel, gfp_t gfp)
2057 struct wireless_dev *wdev = dev->ieee80211_ptr;
2058 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
2059 struct cfg80211_event *ev;
2060 unsigned long flags;
2062 - trace_cfg80211_ibss_joined(dev, bssid);
2063 + trace_cfg80211_ibss_joined(dev, bssid, channel);
2065 + if (WARN_ON(!channel))
2068 ev = kzalloc(sizeof(*ev), gfp);
2072 ev->type = EVENT_IBSS_JOINED;
2073 - memcpy(ev->cr.bssid, bssid, ETH_ALEN);
2074 + memcpy(ev->ij.bssid, bssid, ETH_ALEN);
2075 + ev->ij.channel = channel;
2077 spin_lock_irqsave(&wdev->event_lock, flags);
2078 list_add_tail(&ev->list, &wdev->event_list);
2079 @@ -117,6 +122,7 @@ int __cfg80211_join_ibss(struct cfg80211
2081 wdev->ibss_fixed = params->channel_fixed;
2082 wdev->ibss_dfs_possible = params->userspace_handles_dfs;
2083 + wdev->chandef = params->chandef;
2084 #ifdef CPTCFG_CFG80211_WEXT
2085 wdev->wext.ibss.chandef = params->chandef;
2087 @@ -200,6 +206,7 @@ static void __cfg80211_clear_ibss(struct
2089 wdev->current_bss = NULL;
2091 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
2092 #ifdef CPTCFG_CFG80211_WEXT
2094 wdev->wext.ibss.ssid_len = 0;
2095 --- a/net/wireless/trace.h
2096 +++ b/net/wireless/trace.h
2097 @@ -2278,11 +2278,6 @@ DECLARE_EVENT_CLASS(cfg80211_rx_evt,
2098 TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT, NETDEV_PR_ARG, MAC_PR_ARG(addr))
2101 -DEFINE_EVENT(cfg80211_rx_evt, cfg80211_ibss_joined,
2102 - TP_PROTO(struct net_device *netdev, const u8 *addr),
2103 - TP_ARGS(netdev, addr)
2106 DEFINE_EVENT(cfg80211_rx_evt, cfg80211_rx_spurious_frame,
2107 TP_PROTO(struct net_device *netdev, const u8 *addr),
2108 TP_ARGS(netdev, addr)
2109 @@ -2293,6 +2288,24 @@ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_r
2110 TP_ARGS(netdev, addr)
2113 +TRACE_EVENT(cfg80211_ibss_joined,
2114 + TP_PROTO(struct net_device *netdev, const u8 *bssid,
2115 + struct ieee80211_channel *channel),
2116 + TP_ARGS(netdev, bssid, channel),
2124 + MAC_ASSIGN(bssid, bssid);
2125 + CHAN_ASSIGN(channel);
2127 + TP_printk(NETDEV_PR_FMT ", bssid: " MAC_PR_FMT ", " CHAN_PR_FMT,
2128 + NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG)
2131 TRACE_EVENT(cfg80211_probe_status,
2132 TP_PROTO(struct net_device *netdev, const u8 *addr, u64 cookie,
2134 --- a/net/wireless/util.c
2135 +++ b/net/wireless/util.c
2136 @@ -820,7 +820,8 @@ void cfg80211_process_wdev_events(struct
2137 ev->dc.reason, true);
2139 case EVENT_IBSS_JOINED:
2140 - __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid);
2141 + __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid,
2146 @@ -1356,7 +1357,7 @@ int cfg80211_can_use_iftype_chan(struct
2148 mutex_lock_nested(&wdev_iter->mtx, 1);
2149 __acquire(wdev_iter->mtx);
2150 - cfg80211_get_chan_state(wdev_iter, &ch, &chmode);
2151 + cfg80211_get_chan_state(wdev_iter, &ch, &chmode, &radar_detect);
2152 wdev_unlock(wdev_iter);
2155 --- a/net/wireless/chan.c
2156 +++ b/net/wireless/chan.c
2157 @@ -642,7 +642,8 @@ int cfg80211_set_monitor_channel(struct
2159 cfg80211_get_chan_state(struct wireless_dev *wdev,
2160 struct ieee80211_channel **chan,
2161 - enum cfg80211_chan_mode *chanmode)
2162 + enum cfg80211_chan_mode *chanmode,
2166 *chanmode = CHAN_MODE_UNDEFINED;
2167 @@ -660,6 +661,11 @@ cfg80211_get_chan_state(struct wireless_
2168 !wdev->ibss_dfs_possible)
2170 : CHAN_MODE_EXCLUSIVE;
2172 + /* consider worst-case - IBSS can try to return to the
2173 + * original user-specified channel as creator */
2174 + if (wdev->ibss_dfs_possible)
2175 + *radar_detect |= BIT(wdev->chandef.width);
2179 @@ -674,17 +680,26 @@ cfg80211_get_chan_state(struct wireless_
2180 case NL80211_IFTYPE_AP:
2181 case NL80211_IFTYPE_P2P_GO:
2182 if (wdev->cac_started) {
2183 - *chan = wdev->channel;
2184 + *chan = wdev->chandef.chan;
2185 *chanmode = CHAN_MODE_SHARED;
2186 + *radar_detect |= BIT(wdev->chandef.width);
2187 } else if (wdev->beacon_interval) {
2188 - *chan = wdev->channel;
2189 + *chan = wdev->chandef.chan;
2190 *chanmode = CHAN_MODE_SHARED;
2192 + if (cfg80211_chandef_dfs_required(wdev->wiphy,
2194 + *radar_detect |= BIT(wdev->chandef.width);
2197 case NL80211_IFTYPE_MESH_POINT:
2198 if (wdev->mesh_id_len) {
2199 - *chan = wdev->channel;
2200 + *chan = wdev->chandef.chan;
2201 *chanmode = CHAN_MODE_SHARED;
2203 + if (cfg80211_chandef_dfs_required(wdev->wiphy,
2205 + *radar_detect |= BIT(wdev->chandef.width);
2208 case NL80211_IFTYPE_MONITOR:
2209 --- a/net/wireless/mesh.c
2210 +++ b/net/wireless/mesh.c
2211 @@ -195,7 +195,7 @@ int __cfg80211_join_mesh(struct cfg80211
2213 memcpy(wdev->ssid, setup->mesh_id, setup->mesh_id_len);
2214 wdev->mesh_id_len = setup->mesh_id_len;
2215 - wdev->channel = setup->chandef.chan;
2216 + wdev->chandef = setup->chandef;
2220 @@ -244,7 +244,7 @@ int cfg80211_set_mesh_channel(struct cfg
2221 err = rdev_libertas_set_mesh_channel(rdev, wdev->netdev,
2224 - wdev->channel = chandef->chan;
2225 + wdev->chandef = *chandef;
2229 @@ -276,7 +276,7 @@ static int __cfg80211_leave_mesh(struct
2230 err = rdev_leave_mesh(rdev, dev);
2232 wdev->mesh_id_len = 0;
2233 - wdev->channel = NULL;
2234 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
2235 rdev_set_qos_map(rdev, dev, NULL);
2238 --- a/net/wireless/mlme.c
2239 +++ b/net/wireless/mlme.c
2240 @@ -772,7 +772,7 @@ void cfg80211_cac_event(struct net_devic
2241 if (WARN_ON(!wdev->cac_started))
2244 - if (WARN_ON(!wdev->channel))
2245 + if (WARN_ON(!wdev->chandef.chan))
2249 --- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
2250 +++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
2251 @@ -5065,6 +5065,10 @@ static u16 ar9003_hw_get_max_edge_power(
2256 + if (is2GHz && !twiceMaxEdgePower)
2257 + twiceMaxEdgePower = 60;
2259 return twiceMaxEdgePower;
2262 --- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c
2263 +++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c
2265 #define MAX_MEASUREMENT MAX_IQCAL_MEASUREMENT
2266 #define MAX_MAG_DELTA 11
2267 #define MAX_PHS_DELTA 10
2271 - int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
2272 - int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
2273 + int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
2274 + int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
2278 @@ -800,7 +801,7 @@ static bool ar9003_hw_calc_iq_corr(struc
2282 - iqc_coeff[0] = (q_q_coff * 128) + q_i_coff;
2283 + iqc_coeff[0] = (q_q_coff * 128) + (0x7f & q_i_coff);
2285 ath_dbg(common, CALIBRATE, "tx chain %d: iq corr coeff=%x\n",
2286 chain_idx, iqc_coeff[0]);
2287 @@ -831,7 +832,7 @@ static bool ar9003_hw_calc_iq_corr(struc
2291 - iqc_coeff[1] = (q_q_coff * 128) + q_i_coff;
2292 + iqc_coeff[1] = (q_q_coff * 128) + (0x7f & q_i_coff);
2294 ath_dbg(common, CALIBRATE, "rx chain %d: iq corr coeff=%x\n",
2295 chain_idx, iqc_coeff[1]);
2296 @@ -839,7 +840,8 @@ static bool ar9003_hw_calc_iq_corr(struc
2300 -static void ar9003_hw_detect_outlier(int *mp_coeff, int nmeasurement,
2301 +static void ar9003_hw_detect_outlier(int mp_coeff[][MAXIQCAL],
2305 int mp_max = -64, max_idx = 0;
2306 @@ -848,20 +850,20 @@ static void ar9003_hw_detect_outlier(int
2308 /* find min/max mismatch across all calibrated gains */
2309 for (i = 0; i < nmeasurement; i++) {
2310 - if (mp_coeff[i] > mp_max) {
2311 - mp_max = mp_coeff[i];
2312 + if (mp_coeff[i][0] > mp_max) {
2313 + mp_max = mp_coeff[i][0];
2315 - } else if (mp_coeff[i] < mp_min) {
2316 - mp_min = mp_coeff[i];
2317 + } else if (mp_coeff[i][0] < mp_min) {
2318 + mp_min = mp_coeff[i][0];
2323 /* find average (exclude max abs value) */
2324 for (i = 0; i < nmeasurement; i++) {
2325 - if ((abs(mp_coeff[i]) < abs(mp_max)) ||
2326 - (abs(mp_coeff[i]) < abs(mp_min))) {
2327 - mp_avg += mp_coeff[i];
2328 + if ((abs(mp_coeff[i][0]) < abs(mp_max)) ||
2329 + (abs(mp_coeff[i][0]) < abs(mp_min))) {
2330 + mp_avg += mp_coeff[i][0];
2334 @@ -873,7 +875,7 @@ static void ar9003_hw_detect_outlier(int
2338 - mp_avg = mp_coeff[nmeasurement - 1];
2339 + mp_avg = mp_coeff[nmeasurement - 1][0];
2341 /* detect outlier */
2342 if (abs(mp_max - mp_min) > max_delta) {
2343 @@ -882,15 +884,16 @@ static void ar9003_hw_detect_outlier(int
2345 outlier_idx = min_idx;
2347 - mp_coeff[outlier_idx] = mp_avg;
2348 + mp_coeff[outlier_idx][0] = mp_avg;
2352 -static void ar9003_hw_tx_iqcal_load_avg_2_passes(struct ath_hw *ah,
2353 - struct coeff *coeff,
2355 +static void ar9003_hw_tx_iq_cal_outlier_detection(struct ath_hw *ah,
2356 + struct coeff *coeff,
2359 int i, im, nmeasurement;
2360 + int magnitude, phase;
2361 u32 tx_corr_coeff[MAX_MEASUREMENT][AR9300_MAX_CHAINS];
2362 struct ath9k_hw_cal_data *caldata = ah->caldata;
2364 @@ -920,21 +923,30 @@ static void ar9003_hw_tx_iqcal_load_avg_
2365 if (nmeasurement > MAX_MEASUREMENT)
2366 nmeasurement = MAX_MEASUREMENT;
2368 - /* detect outlier only if nmeasurement > 1 */
2369 - if (nmeasurement > 1) {
2370 - /* Detect magnitude outlier */
2371 - ar9003_hw_detect_outlier(coeff->mag_coeff[i],
2372 - nmeasurement, MAX_MAG_DELTA);
2374 - /* Detect phase outlier */
2375 - ar9003_hw_detect_outlier(coeff->phs_coeff[i],
2376 - nmeasurement, MAX_PHS_DELTA);
2378 + * Skip normal outlier detection for AR9550.
2380 + if (!AR_SREV_9550(ah)) {
2381 + /* detect outlier only if nmeasurement > 1 */
2382 + if (nmeasurement > 1) {
2383 + /* Detect magnitude outlier */
2384 + ar9003_hw_detect_outlier(coeff->mag_coeff[i],
2388 + /* Detect phase outlier */
2389 + ar9003_hw_detect_outlier(coeff->phs_coeff[i],
2395 for (im = 0; im < nmeasurement; im++) {
2396 + magnitude = coeff->mag_coeff[i][im][0];
2397 + phase = coeff->phs_coeff[i][im][0];
2399 - coeff->iqc_coeff[0] = (coeff->mag_coeff[i][im] & 0x7f) |
2400 - ((coeff->phs_coeff[i][im] & 0x7f) << 7);
2401 + coeff->iqc_coeff[0] =
2402 + (phase & 0x7f) | ((magnitude & 0x7f) << 7);
2405 REG_RMW_FIELD(ah, tx_corr_coeff[im][i],
2406 @@ -991,7 +1003,63 @@ static bool ar9003_hw_tx_iq_cal_run(stru
2410 -static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah, bool is_reusable)
2411 +static void __ar955x_tx_iq_cal_sort(struct ath_hw *ah,
2412 + struct coeff *coeff,
2413 + int i, int nmeasurement)
2415 + struct ath_common *common = ath9k_hw_common(ah);
2416 + int im, ix, iy, temp;
2418 + for (im = 0; im < nmeasurement; im++) {
2419 + for (ix = 0; ix < MAXIQCAL - 1; ix++) {
2420 + for (iy = ix + 1; iy <= MAXIQCAL - 1; iy++) {
2421 + if (coeff->mag_coeff[i][im][iy] <
2422 + coeff->mag_coeff[i][im][ix]) {
2423 + temp = coeff->mag_coeff[i][im][ix];
2424 + coeff->mag_coeff[i][im][ix] =
2425 + coeff->mag_coeff[i][im][iy];
2426 + coeff->mag_coeff[i][im][iy] = temp;
2428 + if (coeff->phs_coeff[i][im][iy] <
2429 + coeff->phs_coeff[i][im][ix]) {
2430 + temp = coeff->phs_coeff[i][im][ix];
2431 + coeff->phs_coeff[i][im][ix] =
2432 + coeff->phs_coeff[i][im][iy];
2433 + coeff->phs_coeff[i][im][iy] = temp;
2437 + coeff->mag_coeff[i][im][0] = coeff->mag_coeff[i][im][MAXIQCAL / 2];
2438 + coeff->phs_coeff[i][im][0] = coeff->phs_coeff[i][im][MAXIQCAL / 2];
2440 + ath_dbg(common, CALIBRATE,
2441 + "IQCAL: Median [ch%d][gain%d]: mag = %d phase = %d\n",
2443 + coeff->mag_coeff[i][im][0],
2444 + coeff->phs_coeff[i][im][0]);
2448 +static bool ar955x_tx_iq_cal_median(struct ath_hw *ah,
2449 + struct coeff *coeff,
2455 + if ((iqcal_idx + 1) != MAXIQCAL)
2458 + for (i = 0; i < AR9300_MAX_CHAINS; i++) {
2459 + __ar955x_tx_iq_cal_sort(ah, coeff, i, nmeasurement);
2465 +static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah,
2469 struct ath_common *common = ath9k_hw_common(ah);
2470 const u32 txiqcal_status[AR9300_MAX_CHAINS] = {
2471 @@ -1004,10 +1072,11 @@ static void ar9003_hw_tx_iq_cal_post_pro
2472 AR_PHY_CHAN_INFO_TAB_1,
2473 AR_PHY_CHAN_INFO_TAB_2,
2475 - struct coeff coeff;
2476 + static struct coeff coeff;
2480 + int nmeasurement = 0;
2481 + bool outlier_detect = true;
2483 for (i = 0; i < AR9300_MAX_CHAINS; i++) {
2484 if (!(ah->txchainmask & (1 << i)))
2485 @@ -1065,17 +1134,23 @@ static void ar9003_hw_tx_iq_cal_post_pro
2489 - coeff.mag_coeff[i][im] = coeff.iqc_coeff[0] & 0x7f;
2490 - coeff.phs_coeff[i][im] =
2491 + coeff.phs_coeff[i][im][iqcal_idx] =
2492 + coeff.iqc_coeff[0] & 0x7f;
2493 + coeff.mag_coeff[i][im][iqcal_idx] =
2494 (coeff.iqc_coeff[0] >> 7) & 0x7f;
2496 - if (coeff.mag_coeff[i][im] > 63)
2497 - coeff.mag_coeff[i][im] -= 128;
2498 - if (coeff.phs_coeff[i][im] > 63)
2499 - coeff.phs_coeff[i][im] -= 128;
2500 + if (coeff.mag_coeff[i][im][iqcal_idx] > 63)
2501 + coeff.mag_coeff[i][im][iqcal_idx] -= 128;
2502 + if (coeff.phs_coeff[i][im][iqcal_idx] > 63)
2503 + coeff.phs_coeff[i][im][iqcal_idx] -= 128;
2506 - ar9003_hw_tx_iqcal_load_avg_2_passes(ah, &coeff, is_reusable);
2508 + if (AR_SREV_9550(ah))
2509 + outlier_detect = ar955x_tx_iq_cal_median(ah, &coeff,
2510 + iqcal_idx, nmeasurement);
2511 + if (outlier_detect)
2512 + ar9003_hw_tx_iq_cal_outlier_detection(ah, &coeff, is_reusable);
2516 @@ -1409,7 +1484,7 @@ skip_tx_iqcal:
2520 - ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
2521 + ar9003_hw_tx_iq_cal_post_proc(ah, 0, is_reusable);
2522 else if (caldata && test_bit(TXIQCAL_DONE, &caldata->cal_flags))
2523 ar9003_hw_tx_iq_cal_reload(ah);
2525 @@ -1455,14 +1530,38 @@ skip_tx_iqcal:
2529 +static bool do_ar9003_agc_cal(struct ath_hw *ah)
2531 + struct ath_common *common = ath9k_hw_common(ah);
2534 + REG_WRITE(ah, AR_PHY_AGC_CONTROL,
2535 + REG_READ(ah, AR_PHY_AGC_CONTROL) |
2536 + AR_PHY_AGC_CONTROL_CAL);
2538 + status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
2539 + AR_PHY_AGC_CONTROL_CAL,
2540 + 0, AH_WAIT_TIMEOUT);
2542 + ath_dbg(common, CALIBRATE,
2543 + "offset calibration failed to complete in %d ms,"
2544 + "noisy environment?\n",
2545 + AH_WAIT_TIMEOUT / 1000);
2552 static bool ar9003_hw_init_cal_soc(struct ath_hw *ah,
2553 struct ath9k_channel *chan)
2555 struct ath_common *common = ath9k_hw_common(ah);
2556 struct ath9k_hw_cal_data *caldata = ah->caldata;
2557 bool txiqcal_done = false;
2558 - bool is_reusable = true, status = true;
2559 + bool status = true;
2560 bool run_agc_cal = false, sep_iq_cal = false;
2563 /* Use chip chainmask only for calibration */
2564 ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask);
2565 @@ -1485,7 +1584,12 @@ static bool ar9003_hw_init_cal_soc(struc
2566 * AGC calibration. Specifically, AR9550 in SoC chips.
2568 if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) {
2569 - txiqcal_done = true;
2570 + if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0,
2571 + AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) {
2572 + txiqcal_done = true;
2574 + txiqcal_done = false;
2579 @@ -1512,27 +1616,37 @@ skip_tx_iqcal:
2580 if (AR_SREV_9330_11(ah))
2581 ar9003_hw_manual_peak_cal(ah, 0, IS_CHAN_2GHZ(chan));
2583 - /* Calibrate the AGC */
2584 - REG_WRITE(ah, AR_PHY_AGC_CONTROL,
2585 - REG_READ(ah, AR_PHY_AGC_CONTROL) |
2586 - AR_PHY_AGC_CONTROL_CAL);
2588 - /* Poll for offset calibration complete */
2589 - status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
2590 - AR_PHY_AGC_CONTROL_CAL,
2591 - 0, AH_WAIT_TIMEOUT);
2594 + * For non-AR9550 chips, we just trigger AGC calibration
2595 + * in the HW, poll for completion and then process
2598 + * For AR955x, we run it multiple times and use
2599 + * median IQ correction.
2601 + if (!AR_SREV_9550(ah)) {
2602 + status = do_ar9003_agc_cal(ah);
2607 - ath_dbg(common, CALIBRATE,
2608 - "offset calibration failed to complete in %d ms; noisy environment?\n",
2609 - AH_WAIT_TIMEOUT / 1000);
2612 + ar9003_hw_tx_iq_cal_post_proc(ah, 0, false);
2614 + if (!txiqcal_done) {
2615 + status = do_ar9003_agc_cal(ah);
2619 + for (i = 0; i < MAXIQCAL; i++) {
2620 + status = do_ar9003_agc_cal(ah);
2623 + ar9003_hw_tx_iq_cal_post_proc(ah, i, false);
2630 - ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
2632 /* Revert chainmask to runtime parameters */
2633 ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask);
projects / openwrt.git / blob