1 commit 31959d8df39319e32c6d5ba9c135727be90cfad7
2 Author: Michal Kazior <michal.kazior@tieto.com>
3 Date: Fri Mar 7 08:09:38 2014 +0100
5 mac80211: fix possible NULL dereference
7 If chanctx is missing on a given vif then the band
8 is assumed to be 2GHz. However if hw doesn't
9 support 2GHz band then mac80211 ended up with a
14 [ 4605.207223] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
15 [ 4605.210789] IP: [<ffffffffa07b5635>] ieee80211_parse_bitrates+0x65/0x110 [mac80211]
17 The splat was preceeded by WARN_ON(!chanctx_conf)
18 in ieee80211_get_sdata_band().
20 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
22 commit 6c5a3ffa0a2d22c091a2717f427259bacf77ac5e
23 Author: Michael Braun <michael-dev@fami-braun.de>
24 Date: Thu Mar 6 15:08:43 2014 +0100
26 mac80211: fix WPA with VLAN on AP side with ps-sta again
28 commit de74a1d9032f4d37ea453ad2a647e1aff4cd2591
29 "mac80211: fix WPA with VLAN on AP side with ps-sta"
30 fixed an issue where queued multicast packets would
31 be sent out encrypted with the key of an other bss.
33 commit "7cbf9d017dbb5e3276de7d527925d42d4c11e732"
34 "mac80211: fix oops on mesh PS broadcast forwarding"
35 essentially reverted it, because vif.type cannot be AP_VLAN
36 due to the check to vif.type in ieee80211_get_buffered_bc before.
38 As the later commit intended to fix the MESH case, fix it
39 by checking for IFTYPE_AP instead of IFTYPE_AP_VLAN.
42 Cc: <stable@vger.kernel.org> # 3.10.x
43 Cc: <stable@vger.kernel.org> # 3.11.x
44 Cc: <stable@vger.kernel.org> # 3.12.x
45 Cc: <stable@vger.kernel.org> # 3.13.x
46 Cc: <linux-wireless@vger.kernel.org>
47 Cc: <projekt-wlan@fem.tu-ilmenau.de>
48 Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
50 commit 9d6ab9bdb9b368a6cf9519f0f92509b5b2c297ec
51 Author: Johannes Berg <johannes.berg@intel.com>
52 Date: Mon Mar 3 14:19:08 2014 +0100
54 cfg80211: remove racy beacon_interval assignment
56 In case of AP mode, the beacon interval is already reset to
57 zero inside cfg80211_stop_ap(), and in the other modes it
58 isn't relevant. Remove the assignment to remove a potential
59 race since the assignment isn't properly locked.
61 Reported-by: Michal Kazior <michal.kazior@tieto.com>
62 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
64 commit 1abdeca3c6fb9cf1f84f85e78ed8d1c33bd69db0
65 Author: Felix Fietkau <nbd@openwrt.org>
66 Date: Fri Feb 28 18:52:56 2014 +0100
68 ath9k_hw: tweak noise immunity thresholds for older chipsets
70 Older chipsets are more sensitive to high PHY error counts, and the
71 current noise immunity thresholds were based on tests run at QCA with
74 This patch brings back the values from the old ANI implementation for
75 old chipsets, and it also disables weak signal detection on an earlier
76 noise immunity level, to improve overall radio stability on affected
79 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
81 commit 431e506da5953adc3b65af25f4b90873d528c115
82 Author: Felix Fietkau <nbd@openwrt.org>
83 Date: Fri Feb 28 18:44:13 2014 +0100
85 ath9k_hw: toggle weak signal detection in AP mode on older chipsets
87 The commit 80b4205b "ath9k: Fix OFDM weak signal detection for AP mode"
88 prevented weak signal detection changes from taking effect in AP mode on
89 all chipsets, claiming it is "not allowed".
91 The main reason for not disabling weak signal detection in AP mode is
92 that typically beacon RSSI is used to track whether it is needed to
93 boost range, and this is unavailable in AP mode for obvious reasons.
95 The problem with not disabling weak signal detection is that older
96 chipsets are very sensitive to high PHY error counts. When faced with
97 heavy noise, this can lead to an excessive amount of "Failed to stop
98 TX DMA" errors in the field.
100 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
102 commit 98d1a6c5b14688ed030e81b889f607be308e0df9
103 Author: Felix Fietkau <nbd@openwrt.org>
104 Date: Mon Feb 24 22:20:32 2014 +0100
106 ath9k: fix invalid descriptor discarding
108 Only set sc->rx.discard_next to rx_stats->rs_more when actually
109 discarding the current descriptor.
111 Also, fix a detection of broken descriptors:
112 First the code checks if the current descriptor is not done.
113 Then it checks if the next descriptor is done.
114 Add a check that afterwards checks the first descriptor again, because
115 it might have been completed in the mean time.
117 This fixes a regression introduced in
118 commit 723e711356b5a8a95728a890e254e8b0d47b55cf
119 "ath9k: fix handling of broken descriptors"
121 Cc: stable@vger.kernel.org
122 Reported-by: Marco André Dinis <marcoandredinis@gmail.com>
123 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
125 commit 52a46300e782fe6994466523eb2b0b59091ea59f
126 Author: Felix Fietkau <nbd@openwrt.org>
127 Date: Mon Feb 24 11:43:50 2014 +0100
129 ath9k: reduce baseband hang detection false positive rate
131 Check if the baseband state remains stable, and add a small delay
132 between register reads.
134 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
136 commit 118945bb12082e9d4edddc868d88143164e0f440
137 Author: Felix Fietkau <nbd@openwrt.org>
138 Date: Sat Feb 22 14:55:23 2014 +0100
140 ath5k: set SURVEY_INFO_IN_USE on get_survey
142 Only one channel is returned - the one currently being used.
144 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
146 commit ee41f72476e1ea44283dfe1cbf75b9543a1e15c8
147 Author: Felix Fietkau <nbd@openwrt.org>
148 Date: Sat Feb 22 14:44:52 2014 +0100
150 ath9k: make some hardware reset log messages debug-only
152 On some chips, baseband watchdog hangs are more common than others, and
153 the driver has support for handling them.
154 Interrupts even after a watchdog hang are also quite common, so there's
155 not much point in spamming the user's logfiles.
157 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
159 commit b14fbb554fc65a2e0b5c41a319269b0350f187e7
160 Author: Felix Fietkau <nbd@openwrt.org>
161 Date: Sat Feb 22 14:35:25 2014 +0100
163 ath9k: do not set half/quarter channel flags in AR_PHY_MODE
165 5/10 MHz channel bandwidth is configured via the PLL clock, instead of
166 the AR_PHY_MODE register. Using that register is AR93xx specific, and
167 makes the mode incompatible with earlier chipsets.
169 In some early versions, these flags were apparently applied at the wrong
170 point in time and thus did not cause connectivity issues, however now
171 they are causing problems, as pointed out in this OpenWrt ticket:
173 https://dev.openwrt.org/ticket/14916
175 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
177 commit 0f1cb7be2551b30b02cd54c897e0e29e483cfda5
178 Author: Felix Fietkau <nbd@openwrt.org>
179 Date: Sat Feb 22 13:43:29 2014 +0100
181 ath9k: fix ps-poll responses under a-mpdu sessions
183 When passing tx frames to the U-APSD queue for powersave poll responses,
184 the ath_atx_tid pointer needs to be passed to ath_tx_setup_buffer for
185 proper sequence number accounting.
187 This fixes high latency and connection stability issues with ath9k
188 running as AP and a few kinds of mobile phones as client, when PS-Poll
191 Cc: stable@vger.kernel.org
192 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
194 commit d5d87a37bbd6066b2c3c5d0bd0fe2a6e2ea45cc5
195 Author: Felix Fietkau <nbd@openwrt.org>
196 Date: Fri Feb 21 11:39:59 2014 +0100
198 ath9k: list more reset causes in debugfs
200 Number of MAC hangs and stuck beacons were missing
202 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
204 commit d84856012e0f10fe598a5ad3b7b869397a089e07
205 Author: Johannes Berg <johannes.berg@intel.com>
206 Date: Thu Feb 20 11:19:58 2014 +0100
208 mac80211: fix station wakeup powersave race
210 Consider the following (relatively unlikely) scenario:
211 1) station goes to sleep while frames are buffered in driver
212 2) driver blocks wakeup (until no more frames are buffered)
213 3) station wakes up again
214 4) driver unblocks wakeup
216 In this case, the current mac80211 code will do the following:
217 1) WLAN_STA_PS_STA set
218 2) WLAN_STA_PS_DRIVER set
220 4) WLAN_STA_PS_DRIVER cleared
222 As a result, no frames will be delivered to the client, even
223 though it is awake, until it sends another frame to us that
224 triggers ieee80211_sta_ps_deliver_wakeup() in sta_ps_end().
226 Since we now take the PS spinlock, we can fix this while at
227 the same time removing the complexity with the pending skb
228 queue function. This was broken since my commit 50a9432daeec
229 ("mac80211: fix powersaving clients races") due to removing
230 the clearing of WLAN_STA_PS_STA in the RX path.
232 While at it, fix a cleanup path issue when a station is
233 removed while the driver is still blocking its wakeup.
235 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
237 commit 798f2786602cbe93e6b928299614aa36ebf50692
238 Author: Johannes Berg <johannes.berg@intel.com>
239 Date: Mon Feb 17 20:49:03 2014 +0100
241 mac80211: insert stations before adding to driver
243 There's a race condition in mac80211 because we add stations
244 to the internal lists after adding them to the driver, which
245 means that (for example) the following can happen:
246 1. a station connects and is added
247 2. first, it is added to the driver
248 3. then, it is added to the mac80211 lists
250 If the station goes to sleep between steps 2 and 3, and the
251 firmware/hardware records it as being asleep, mac80211 will
252 never instruct the driver to wake it up again as it never
253 realized it went to sleep since the RX path discarded the
254 frame as a "spurious class 3 frame", no station entry was
257 Fix this by adding the station in software first, and only
258 then adding it to the driver. That way, any state that the
259 driver changes will be reflected properly in mac80211's
260 station state. The problematic part is the roll-back if the
261 driver fails to add the station, in that case a bit more is
262 needed. To not make that overly complex prevent starting BA
263 sessions in the meantime.
265 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
267 commit b9ba6a520cb07ab3aa7aaaf9ce4a0bc7a6bc06fe
268 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
269 Date: Thu Feb 20 09:22:11 2014 +0200
271 mac80211: fix AP powersave TX vs. wakeup race
273 There is a race between the TX path and the STA wakeup: while
274 a station is sleeping, mac80211 buffers frames until it wakes
275 up, then the frames are transmitted. However, the RX and TX
276 path are concurrent, so the packet indicating wakeup can be
277 processed while a packet is being transmitted.
279 This can lead to a situation where the buffered frames list
280 is emptied on the one side, while a frame is being added on
281 the other side, as the station is still seen as sleeping in
284 As a result, the newly added frame will not be send anytime
285 soon. It might be sent much later (and out of order) when the
286 station goes to sleep and wakes up the next time.
288 Additionally, it can lead to the crash below.
290 Fix all this by synchronising both paths with a new lock.
291 Both path are not fastpath since they handle PS situations.
293 In a later patch we'll remove the extra skb queue locks to
294 reduce locking overhead.
296 BUG: unable to handle kernel
297 NULL pointer dereference at 000000b0
298 IP: [<ff6f1791>] ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
300 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
301 EIP: 0060:[<ff6f1791>] EFLAGS: 00210282 CPU: 1
302 EIP is at ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
303 EAX: e5900da0 EBX: 00000000 ECX: 00000001 EDX: 00000000
304 ESI: e41d00c0 EDI: e5900da0 EBP: ebe458e4 ESP: ebe458b0
305 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
306 CR0: 8005003b CR2: 000000b0 CR3: 25a78000 CR4: 000407d0
307 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
308 DR6: ffff0ff0 DR7: 00000400
309 Process iperf (pid: 3934, ti=ebe44000 task=e757c0b0 task.ti=ebe44000)
310 iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command LQ_CMD (#4e), seq: 0x0903, 92 bytes at 3[3]:9
312 e403b32c ebe458c4 00200002 00200286 e403b338 ebe458cc c10960bb e5900da0
313 ff76a6ec ebe458d8 00000000 e41d00c0 e5900da0 ebe458f0 ff6f1b75 e403b210
314 ebe4598c ff723dc1 00000000 ff76a6ec e597c978 e403b758 00000002 00000002
316 [<ff6f1b75>] ieee80211_free_txskb+0x15/0x20 [mac80211]
317 [<ff723dc1>] invoke_tx_handlers+0x1661/0x1780 [mac80211]
318 [<ff7248a5>] ieee80211_tx+0x75/0x100 [mac80211]
319 [<ff7249bf>] ieee80211_xmit+0x8f/0xc0 [mac80211]
320 [<ff72550e>] ieee80211_subif_start_xmit+0x4fe/0xe20 [mac80211]
321 [<c149ef70>] dev_hard_start_xmit+0x450/0x950
322 [<c14b9aa9>] sch_direct_xmit+0xa9/0x250
323 [<c14b9c9b>] __qdisc_run+0x4b/0x150
324 [<c149f732>] dev_queue_xmit+0x2c2/0xca0
326 Cc: stable@vger.kernel.org
327 Reported-by: Yaara Rozenblum <yaara.rozenblum@intel.com>
328 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
329 Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
330 [reword commit log, use a separate lock]
331 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
333 commit 80e419de0dff38436b30d363311c625766193f86
334 Author: Inbal Hacohen <Inbal.Hacohen@intel.com>
335 Date: Wed Feb 12 09:32:27 2014 +0200
337 cfg80211: bugfix in regulatory user hint process
339 After processing hint_user, we would want to schedule the
340 timeout work only if we are actually waiting to CRDA. This happens
341 when the status is not "IGNORE" nor "ALREADY_SET".
343 Signed-off-by: Inbal Hacohen <Inbal.Hacohen@intel.com>
344 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
346 commit 6514c93afede55284e2cb63359aadedb85884c80
347 Author: Jouni Malinen <jouni@qca.qualcomm.com>
348 Date: Tue Feb 18 20:41:08 2014 +0200
350 ath9k: Enable U-APSD AP mode support
352 mac80211 handles the actual operations, so ath9k can just indicate
353 support for this. Based on initial tests, this combination seems to
356 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
358 commit a63caf0a357ad5c1f08d6b7827dc76c451445017
359 Author: Stanislaw Gruszka <sgruszka@redhat.com>
360 Date: Wed Feb 19 13:15:17 2014 +0100
362 ath9k: protect tid->sched check
364 We check tid->sched without a lock taken on ath_tx_aggr_sleep(). That
365 is race condition which can result of doing list_del(&tid->list) twice
366 (second time with poisoned list node) and cause crash like shown below:
368 [424271.637220] BUG: unable to handle kernel paging request at 00100104
369 [424271.637328] IP: [<f90fc072>] ath_tx_aggr_sleep+0x62/0xe0 [ath9k]
371 [424271.639953] Call Trace:
372 [424271.639998] [<f90f6900>] ? ath9k_get_survey+0x110/0x110 [ath9k]
373 [424271.640083] [<f90f6942>] ath9k_sta_notify+0x42/0x50 [ath9k]
374 [424271.640177] [<f809cfef>] sta_ps_start+0x8f/0x1c0 [mac80211]
375 [424271.640258] [<c10f730e>] ? free_compound_page+0x2e/0x40
376 [424271.640346] [<f809e915>] ieee80211_rx_handlers+0x9d5/0x2340 [mac80211]
377 [424271.640437] [<c112f048>] ? kmem_cache_free+0x1d8/0x1f0
378 [424271.640510] [<c1345a84>] ? kfree_skbmem+0x34/0x90
379 [424271.640578] [<c10fc23c>] ? put_page+0x2c/0x40
380 [424271.640640] [<c1345a84>] ? kfree_skbmem+0x34/0x90
381 [424271.640706] [<c1345a84>] ? kfree_skbmem+0x34/0x90
382 [424271.640787] [<f809dde3>] ? ieee80211_rx_handlers_result+0x73/0x1d0 [mac80211]
383 [424271.640897] [<f80a07a0>] ieee80211_prepare_and_rx_handle+0x520/0xad0 [mac80211]
384 [424271.641009] [<f809e22d>] ? ieee80211_rx_handlers+0x2ed/0x2340 [mac80211]
385 [424271.641104] [<c13846ce>] ? ip_output+0x7e/0xd0
386 [424271.641182] [<f80a1057>] ieee80211_rx+0x307/0x7c0 [mac80211]
387 [424271.641266] [<f90fa6ee>] ath_rx_tasklet+0x88e/0xf70 [ath9k]
388 [424271.641358] [<f80a0f2c>] ? ieee80211_rx+0x1dc/0x7c0 [mac80211]
389 [424271.641445] [<f90f82db>] ath9k_tasklet+0xcb/0x130 [ath9k]
392 https://bugzilla.kernel.org/show_bug.cgi?id=70551
394 Reported-and-tested-by: Max Sydorenko <maxim.stargazer@gmail.com>
395 Cc: stable@vger.kernel.org
396 Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
398 commit 82ed9e3ccc02797df2ffe4b78127c4cd5f799a41
399 Author: Felix Fietkau <nbd@openwrt.org>
400 Date: Tue Feb 11 15:54:13 2014 +0100
402 mac80211: send control port protocol frames to the VO queue
404 Improves reliability of wifi connections with WPA, since authentication
405 frames are prioritized over normal traffic and also typically exempt
408 Cc: stable@vger.kernel.org
409 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
411 commit d4426800f71e972feaa33e04c5801fc730627bdd
412 Author: Stanislaw Gruszka <stf_xl@wp.pl>
413 Date: Mon Feb 10 22:38:28 2014 +0100
415 rtl8187: fix regression on MIPS without coherent DMA
417 This patch fixes regression caused by commit a16dad77634 "MIPS: Fix
418 potencial corruption". That commit fixes one corruption scenario in
419 cost of adding another one, which actually start to cause crashes
420 on Yeeloong laptop when rtl8187 driver is used.
422 For correct DMA read operation on machines without DMA coherence, kernel
423 have to invalidate cache, such it will refill later with new data that
424 device wrote to memory, when that data is needed to process. We can only
425 invalidate full cache line. Hence when cache line includes both dma
426 buffer and some other data (written in cache, but not yet in main
427 memory), the other data can not hit memory due to invalidation. That
428 happen on rtl8187 where struct rtl8187_priv fields are located just
429 before and after small buffers that are passed to USB layer and DMA
430 is performed on them.
432 To fix the problem we align buffers and reserve space after them to make
433 them match cache line.
435 This patch does not resolve all possible MIPS problems entirely, for
436 that we have to assure that we always map cache aligned buffers for DMA,
437 what can be complex or even not possible. But patch fixes visible and
438 reproducible regression and seems other possible corruptions do not
439 happen in practice, since Yeeloong laptop works stable without rtl8187
443 https://bugzilla.kernel.org/show_bug.cgi?id=54391
445 Reported-by: Petr Pisar <petr.pisar@atlas.cz>
446 Bisected-by: Tom Li <biergaizi2009@gmail.com>
447 Reported-and-tested-by: Tom Li <biergaizi2009@gmail.com>
448 Cc: stable@vger.kernel.org
449 Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
451 commit e2f141d67ad1e7fe10aaab61811e8a409dfb2442
452 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
453 Date: Fri Feb 7 10:29:55 2014 +0530
455 ath9k: Calculate IQ-CAL median
457 This patch adds a routine to calculate the median IQ correction
458 values for AR955x, which is used for outlier detection.
459 The normal method which is used for all other chips is
462 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
464 commit c52a6fce0820c8d0687443ab86058ae03b478c8f
465 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
466 Date: Fri Feb 7 10:29:54 2014 +0530
468 ath9k: Expand the IQ coefficient array
470 This will be used for storing data for mutiple
471 IQ calibration runs, for AR955x.
473 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
475 commit 034969ff5c2b6431d10e07c1938f0b916da85cc3
476 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
477 Date: Fri Feb 7 10:29:53 2014 +0530
479 ath9k: Modify IQ calibration for AR955x
481 IQ calibration post-processing for AR955x is different
482 from other chips - instead of just doing it as part
483 of AGC calibration once, it is triggered 3 times and
484 a median is determined. This patch adds initial support
485 for changing the calibration behavior for AR955x.
487 Also, to simplify things, a helper routine to issue/poll
488 AGC calibration is used.
490 For non-AR955x chips, the iqcal_idx (which will be used
491 in subsequent patches) is set to zero.
493 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
495 commit 9b1ed6454e6f3511f24266be99b4e403f243f6a8
496 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
497 Date: Fri Feb 7 10:29:52 2014 +0530
499 ath9k: Fix magnitude/phase calculation
501 Incorrect values are programmed in the registers
502 containing the IQ correction coefficients by the IQ-CAL
503 post-processing code. Fix this.
505 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
507 commit 36f93484f96f79171dcecb67c5ef0c3de22531a6
508 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
509 Date: Fri Feb 7 10:29:51 2014 +0530
511 ath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes
513 Use ar9003_hw_tx_iq_cal_outlier_detection instead.
515 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
517 commit 3af09a7f5d21dd5fd15b973ce6a91a575da30417
518 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
519 Date: Fri Feb 7 10:29:50 2014 +0530
521 ath9k: Check explicitly for IQ calibration
523 In chips like AR955x, the initvals contain the information
524 whether IQ calibration is to be done in the HW when an
525 AGC calibration is triggered. Check if IQ-CAL is enabled
526 in the initvals before flagging 'txiqcal_done' as true.
528 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
530 commit cb4969634b93c4643a32cc3fbd27d2b288b25771
531 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
532 Date: Fri Feb 7 10:29:49 2014 +0530
534 ath9k: Fix IQ cal post processing for SoC
536 Calibration data is not reused for SoC chips, so
537 call ar9003_hw_tx_iq_cal_post_proc() with the correct
538 argument. The 'is_reusable' flag is currently used
539 only for PC-OEM chips, but it makes things clearer to
540 specify it explicity.
542 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
544 commit e138e0ef9560c46ce93dbb22a728a57888e94d1c
545 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
546 Date: Mon Feb 3 13:31:37 2014 +0530
548 ath9k: Fix TX power calculation
550 The commit, "ath9k_hw: Fix incorrect Tx control power in AR9003 template"
551 fixed the incorrect values in the eeprom templates, but if
552 boards have already been calibrated with incorrect values,
553 they would still be using the wrong TX power. Fix this by assigning
554 a default value in such cases.
556 Cc: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
557 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
559 commit b9f268b5b01331c3c82179abca551429450e9417
560 Author: Michal Kazior <michal.kazior@tieto.com>
561 Date: Wed Jan 29 14:22:27 2014 +0100
563 cfg80211: consider existing DFS interfaces
565 It was possible to break interface combinations in
568 combo 1: iftype = AP, num_ifaces = 2, num_chans = 2,
569 combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20
571 With the above interface combinations it was
574 step 1. start AP on DFS channel by matching combo 2
575 step 2. start AP on non-DFS channel by matching combo 1
577 This was possible beacuse (step 2) did not consider
578 if other interfaces require radar detection.
580 The patch changes how cfg80211 tracks channels -
581 instead of channel itself now a complete chandef
584 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
585 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
587 commit bc9c62f5f511cc395c62dbf4cdd437f23db53b28
588 Author: Antonio Quartulli <antonio@open-mesh.com>
589 Date: Wed Jan 29 17:53:43 2014 +0100
591 cfg80211: fix channel configuration in IBSS join
593 When receiving an IBSS_JOINED event select the BSS object
594 based on the {bssid, channel} couple rather than the bssid
596 With the current approach if another cell having the same
597 BSSID (but using a different channel) exists then cfg80211
598 picks up the wrong BSS object.
599 The result is a mismatching channel configuration between
600 cfg80211 and the driver, that can lead to any sort of
603 The issue can be triggered by having an IBSS sitting on
604 given channel and then asking the driver to create a new
605 cell using the same BSSID but with a different frequency.
606 By passing the channel to cfg80211_get_bss() we can solve
607 this ambiguity and retrieve/create the correct BSS object.
608 All the users of cfg80211_ibss_joined() have been changed
611 Moreover WARN when cfg80211_ibss_joined() gets a NULL
612 channel as argument and remove a bogus call of the same
613 function in ath6kl (it does not make sense to call
614 cfg80211_ibss_joined() with a zero BSSID on ibss-leave).
616 Cc: Kalle Valo <kvalo@qca.qualcomm.com>
617 Cc: Arend van Spriel <arend@broadcom.com>
618 Cc: Bing Zhao <bzhao@marvell.com>
619 Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
620 Cc: libertas-dev@lists.infradead.org
621 Acked-by: Kalle Valo <kvalo@qca.qualcomm.com>
622 Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
623 [minor code cleanup in ath6kl]
624 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
626 commit 7e0c41cb41f215aba2c39b1c237bb4d42ec49a85
627 Author: Johannes Berg <johannes.berg@intel.com>
628 Date: Fri Jan 24 14:41:44 2014 +0100
630 mac80211: fix bufferable MMPDU RX handling
632 Action, disassoc and deauth frames are bufferable, and as such don't
633 have the PM bit in the frame control field reserved which means we
634 need to react to the bit when receiving in such a frame.
636 Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu()
637 and using it for the RX path that currently ignores the PM bit in
638 any non-data frames for doze->wake transitions, but listens to it in
639 all frames for wake->doze transitions, both of which are wrong.
641 Also use the new helper in the TX path to clean up the code.
643 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
645 commit fc0df6d2343636e3f48a069330d5b972e3d8659d
646 Author: Janusz Dziedzic <janusz.dziedzic@tieto.com>
647 Date: Fri Jan 24 14:29:21 2014 +0100
649 cfg80211: set preset_chandef after channel switch
651 Set preset_chandef in channel switch notification.
652 In other case we will have old preset_chandef.
654 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
655 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
657 commit cdec895e2344987ff171cece96e25d7407a3ebf6
658 Author: Simon Wunderlich <simon@open-mesh.com>
659 Date: Fri Jan 24 23:48:29 2014 +0100
661 mac80211: send ibss probe responses with noack flag
663 Responding to probe requests for scanning clients will often create
664 excessive retries, as it happens quite often that the scanning client
665 already left the channel. Therefore do it like hostapd and send probe
666 responses for wildcard SSID only once by using the noack flag.
668 Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
669 [fix typo & 'wildcard SSID' in commit log]
670 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
672 commit 0b865d1e6b9c05052adae9315df7cb195dc60c3b
673 Author: Luciano Coelho <luciano.coelho@intel.com>
674 Date: Tue Jan 28 17:09:08 2014 +0200
676 mac80211: ibss: remove unnecessary call to release channel
678 The ieee80211_vif_use_channel() function calls
679 ieee80211_vif_release_channel(), so there's no need to call it
680 explicitly in __ieee80211_sta_join_ibss().
682 Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
683 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
685 commit e1b6c17e971f0a51ff86c2dac2584c63cd999cd7
686 Author: Michal Kazior <michal.kazior@tieto.com>
687 Date: Wed Jan 29 07:56:21 2014 +0100
689 mac80211: add missing CSA locking
691 The patch adds a missing sdata lock and adds a few
692 lockdeps for easier maintenance.
694 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
695 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
697 commit ad17ba7d14d225b109b73c177cd446afb8050598
698 Author: Michal Kazior <michal.kazior@tieto.com>
699 Date: Wed Jan 29 07:56:20 2014 +0100
701 mac80211: fix sdata->radar_required locking
703 radar_required setting wasn't protected by
704 local->mtx in some places. This should prevent
705 from scanning/radar detection/roc colliding.
707 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
708 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
710 commit 5fcd5f1808813a3d9e502fd756e01bee8a79c85d
711 Author: Michal Kazior <michal.kazior@tieto.com>
712 Date: Wed Jan 29 07:56:19 2014 +0100
714 mac80211: move csa_active setting in STA CSA
716 The sdata->vif.csa_active could be left set after,
717 e.g. channel context constraints check fail in STA
718 mode leaving the interface in a strange state for
719 a brief period of time until it is disconnected.
720 This was harmless but ugly.
722 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
723 Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
724 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
726 commit e486da4b7eed71821c6b4c1bb9ac62ffd3ab13e9
727 Author: Michal Kazior <michal.kazior@tieto.com>
728 Date: Wed Jan 29 07:56:18 2014 +0100
730 mac80211: fix possible memory leak on AP CSA failure
732 If CSA for AP interface failed and the interface
733 was not stopped afterwards another CSA request
734 would leak sdata->u.ap.next_beacon.
736 Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
737 Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
738 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
740 commit 3a77ba08940682bf3d52cf14f980337324af9d4a
741 Author: Johannes Berg <johannes.berg@intel.com>
742 Date: Sat Feb 1 00:33:29 2014 +0100
744 mac80211: fix fragmentation code, particularly for encryption
746 The "new" fragmentation code (since my rewrite almost 5 years ago)
747 erroneously sets skb->len rather than using skb_trim() to adjust
748 the length of the first fragment after copying out all the others.
749 This leaves the skb tail pointer pointing to after where the data
750 originally ended, and thus causes the encryption MIC to be written
751 at that point, rather than where it belongs: immediately after the
754 The impact of this is that if software encryption is done, then
755 a) encryption doesn't work for the first fragment, the connection
756 becomes unusable as the first fragment will never be properly
757 verified at the receiver, the MIC is practically guaranteed to
759 b) we leak up to 8 bytes of plaintext (!) of the packet out into
762 This is only mitigated by the fact that many devices are capable
763 of doing encryption in hardware, in which case this can't happen
764 as the tail pointer is irrelevant in that case. Additionally,
765 fragmentation is not used very frequently and would normally have
766 to be configured manually.
768 Fix this by using skb_trim() properly.
770 Cc: stable@vger.kernel.org
771 Fixes: 2de8e0d999b8 ("mac80211: rewrite fragmentation")
772 Reported-by: Jouni Malinen <j@w1.fi>
773 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
775 commit de5f242e0c10e841017e37eb8c38974a642dbca8
776 Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
777 Date: Tue Jan 28 06:21:59 2014 +0530
779 ath9k: Fix build error on ARM
781 Use mdelay instead of udelay to fix this error:
783 ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined!
784 make[1]: *** [__modpost] Error 1
785 make: *** [modules] Error 2
787 Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
788 Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
790 commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a
791 Author: Geert Uytterhoeven <geert@linux-m68k.org>
792 Date: Sun Jan 26 11:53:21 2014 +0100
794 ath9k: Fix uninitialized variable in ath9k_has_tx_pending()
796 drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’:
797 drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function
799 Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k:
800 optimize ath9k_flush").
802 Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
804 commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6
805 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
806 Date: Mon Jan 27 11:07:42 2014 +0200
808 mac80211: release the channel in error path in start_ap
810 When the driver cannot start the AP or when the assignement
811 of the beacon goes wrong, we need to unassign the vif.
813 Cc: stable@vger.kernel.org
814 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
815 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
817 commit dfb6889a75c601aedb7450b7e606668e77da6679
818 Author: Johannes Berg <johannes.berg@intel.com>
819 Date: Wed Jan 22 11:14:19 2014 +0200
821 cfg80211: send scan results from work queue
823 Due to the previous commit, when a scan finishes, it is in theory
824 possible to hit the following sequence:
825 1. interface starts being removed
826 2. scan is cancelled by driver and cfg80211 is notified
827 3. scan done work is scheduled
828 4. interface is removed completely, rdev->scan_req is freed,
829 event sent to userspace but scan done work remains pending
830 5. new scan is requested on another virtual interface
831 6. scan done work runs, freeing the still-running scan
833 To fix this situation, hang on to the scan done message and block
834 new scans while that is the case, and only send the message from
835 the work function, regardless of whether the scan_req is already
836 freed from interface removal. This makes step 5 above impossible
837 and changes step 6 to be
838 5. scan done work runs, sending the scan done message
840 As this can't work for wext, so we send the message immediately,
841 but this shouldn't be an issue since we still return -EBUSY.
843 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
845 commit 45b7ab41fc08627d9a8428cb413d5d84662a9707
846 Author: Johannes Berg <johannes.berg@intel.com>
847 Date: Wed Jan 22 11:14:18 2014 +0200
849 cfg80211: fix scan done race
851 When an interface/wdev is removed, any ongoing scan should be
852 cancelled by the driver. This will make it call cfg80211, which
853 only queues a work struct. If interface/wdev removal is quick
854 enough, this can leave the scan request pending and processed
855 only after the interface is gone, causing a use-after-free.
857 Fix this by making sure the scan request is not pending after
858 the interface is destroyed. We can't flush or cancel the work
859 item due to locking concerns, but when it'll run it shouldn't
860 find anything to do. This leaves a potential issue, if a new
861 scan gets requested before the work runs, it prematurely stops
862 the running scan, potentially causing another crash. I'll fix
863 that in the next patch.
865 This was particularly observed with P2P_DEVICE wdevs, likely
866 because freeing them is quicker than freeing netdevs.
868 Reported-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
869 Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans")
870 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
872 commit ae04fa489ab31b5a10d3cc8399f52761175d4321
873 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
874 Date: Thu Jan 23 14:28:16 2014 +0200
876 mac80211: avoid deadlock revealed by lockdep
878 sdata->u.ap.request_smps_work can’t be flushed synchronously
879 under wdev_lock(wdev) since ieee80211_request_smps_ap_work
880 itself locks the same lock.
881 While at it, reset the driver_smps_mode when the ap is
882 stopped to its default: OFF.
886 ======================================================
887 [ INFO: possible circular locking dependency detected ]
888 3.12.0-ipeer+ #2 Tainted: G O
889 -------------------------------------------------------
890 rmmod/2867 is trying to acquire lock:
891 ((&sdata->u.ap.request_smps_work)){+.+...}, at: [<c105b8d0>] flush_work+0x0/0x90
893 but task is already holding lock:
894 (&wdev->mtx){+.+.+.}, at: [<f9b32626>] cfg80211_stop_ap+0x26/0x230 [cfg80211]
896 which lock already depends on the new lock.
898 the existing dependency chain (in reverse order) is:
900 -> #1 (&wdev->mtx){+.+.+.}:
901 [<c10aefa9>] lock_acquire+0x79/0xe0
902 [<c1607a1a>] mutex_lock_nested+0x4a/0x360
903 [<fb06288b>] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211]
904 [<c105cdd8>] process_one_work+0x198/0x450
905 [<c105d469>] worker_thread+0xf9/0x320
906 [<c10669ff>] kthread+0x9f/0xb0
907 [<c1613397>] ret_from_kernel_thread+0x1b/0x28
909 -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}:
910 [<c10ae9df>] __lock_acquire+0x183f/0x1910
911 [<c10aefa9>] lock_acquire+0x79/0xe0
912 [<c105b917>] flush_work+0x47/0x90
913 [<c105d867>] __cancel_work_timer+0x67/0xe0
914 [<c105d90f>] cancel_work_sync+0xf/0x20
915 [<fb0765cc>] ieee80211_stop_ap+0x8c/0x340 [mac80211]
916 [<f9b3268c>] cfg80211_stop_ap+0x8c/0x230 [cfg80211]
917 [<f9b0d8f9>] cfg80211_leave+0x79/0x100 [cfg80211]
918 [<f9b0da72>] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211]
919 [<c160f2c9>] notifier_call_chain+0x59/0x130
920 [<c106c6de>] __raw_notifier_call_chain+0x1e/0x30
921 [<c106c70f>] raw_notifier_call_chain+0x1f/0x30
922 [<c14f8213>] call_netdevice_notifiers_info+0x33/0x70
923 [<c14f8263>] call_netdevice_notifiers+0x13/0x20
924 [<c14f82a4>] __dev_close_many+0x34/0xb0
925 [<c14f83fe>] dev_close_many+0x6e/0xc0
926 [<c14f9c77>] rollback_registered_many+0xa7/0x1f0
927 [<c14f9dd4>] unregister_netdevice_many+0x14/0x60
928 [<fb06f4d9>] ieee80211_remove_interfaces+0xe9/0x170 [mac80211]
929 [<fb055116>] ieee80211_unregister_hw+0x56/0x110 [mac80211]
930 [<fa3e9396>] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm]
931 [<f9b9d8ca>] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi]
932 [<f9b9d96f>] iwl_opmode_deregister+0x6f/0x90 [iwlwifi]
933 [<fa405179>] __exit_compat+0xd/0x19 [iwlmvm]
934 [<c10b8bf9>] SyS_delete_module+0x179/0x2b0
935 [<c1613421>] sysenter_do_call+0x12/0x32
937 Fixes: 687da132234f ("mac80211: implement SMPS for AP")
938 Cc: <stable@vger.kernel.org> [3.13]
939 Reported-by: Ilan Peer <ilan.peer@intel.com>
940 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
941 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
943 commit 178b205e96217164fd7c30113464250d0b6f5eca
944 Author: Johannes Berg <johannes.berg@intel.com>
945 Date: Thu Jan 23 16:32:29 2014 +0100
947 cfg80211: re-enable 5/10 MHz support
949 Unfortunately I forgot this during the merge window, but the
950 patch seems small enough to go in as a fix. The userspace API
951 bug that was the reason for disabling it has long been fixed.
953 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
955 commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61
956 Author: Pontus Fuchs <pontus.fuchs@gmail.com>
957 Date: Thu Jan 16 15:00:40 2014 +0100
959 nl80211: Reset split_start when netlink skb is exhausted
961 When the netlink skb is exhausted split_start is left set. In the
962 subsequent retry, with a larger buffer, the dump is continued from the
963 failing point instead of from the beginning.
965 This was causing my rt28xx based USB dongle to now show up when
966 running "iw list" with an old iw version without split dump support.
968 Cc: stable@vger.kernel.org
969 Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps")
970 Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
971 [avoid the entire workaround when state->split is set]
972 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
974 commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4
975 Author: Eliad Peller <eliad@wizery.com>
976 Date: Sun Jan 12 11:06:37 2014 +0200
978 mac80211: move roc cookie assignment earlier
980 ieee80211_start_roc_work() might add a new roc
981 to existing roc, and tell cfg80211 it has already
984 However, this might happen before the roc cookie
985 was set, resulting in REMAIN_ON_CHANNEL (started)
986 event with null cookie. Consequently, it can make
987 wpa_supplicant go out of sync.
989 Fix it by setting the roc cookie earlier.
991 Cc: stable@vger.kernel.org
992 Signed-off-by: Eliad Peller <eliad@wizery.com>
993 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
995 commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c
996 Author: Johannes Berg <johannes.berg@intel.com>
997 Date: Fri Jan 24 14:06:29 2014 +0100
999 nl80211: send event when AP operation is stopped
1001 There are a few cases, e.g. suspend, where an AP interface is
1002 stopped by the kernel rather than by userspace request, most
1003 commonly when suspending. To let userspace know about this,
1004 send the NL80211_CMD_STOP_AP command as an event every time
1005 an AP interface is stopped. This also happens when userspace
1006 did in fact request the AP stop, but that's not a problem.
1008 For full-MAC drivers this may need to be extended to also
1009 cover cases where the device stopped the AP operation for
1010 some reason, this a bit more complicated because then all
1011 cfg80211 state also needs to be reset; such API is not part
1014 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1016 commit d5d567eda7704f190379ca852a8f9a4112e3eee3
1017 Author: Johannes Berg <johannes.berg@intel.com>
1018 Date: Thu Jan 23 16:20:29 2014 +0100
1020 mac80211: add length check in ieee80211_is_robust_mgmt_frame()
1022 A few places weren't checking that the frame passed to the
1023 function actually has enough data even though the function
1024 clearly documents it must have a payload byte. Make this
1025 safer by changing the function to take an skb and checking
1026 the length inside. The old version is preserved for now as
1027 the rtl* drivers use it and don't have a correct skb.
1029 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1031 commit f8f6d212a047fc65c7d3442dfc038f65517236fc
1032 Author: Johannes Berg <johannes.berg@intel.com>
1033 Date: Fri Jan 24 10:53:53 2014 +0100
1035 nl80211: fix scheduled scan RSSI matchset attribute confusion
1037 The scheduled scan matchsets were intended to be a list of filters,
1038 with the found BSS having to pass at least one of them to be passed
1039 to the host. When the RSSI attribute was added, however, this was
1040 broken and currently wpa_supplicant adds that attribute in its own
1041 matchset; however, it doesn't intend that to mean that anything
1042 that passes the RSSI filter should be passed to the host, instead
1043 it wants it to mean that everything needs to also have higher RSSI.
1045 This is semantically problematic because we have a list of filters
1046 like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which
1047 one should be OR'ed and which one AND'ed.
1049 To fix this, move the RSSI filter attribute into each matchset. As
1050 we need to stay backward compatible, treat a matchset with only the
1051 RSSI attribute as a "default RSSI filter" for all other matchsets,
1052 but only if there are other matchsets (an RSSI-only matchset by
1053 itself is still desirable.)
1055 To make driver implementation easier, keep a global min_rssi_thold
1056 for the entire request as well. The only affected driver is ath6kl.
1058 I found this when I looked into the code after Raja Mani submitted
1059 a patch fixing the n_match_sets calculation to disregard the RSSI,
1060 but that patch didn't address the semantic issue.
1062 Reported-by: Raja Mani <rmani@qti.qualcomm.com>
1063 Acked-by: Luciano Coelho <luciano.coelho@intel.com>
1064 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1066 commit de553e8545e65a6dc4e45f43df7e1443d4291922
1067 Author: Johannes Berg <johannes.berg@intel.com>
1068 Date: Fri Jan 24 10:17:47 2014 +0100
1070 nl80211: check nla_parse() return values
1072 If there's a policy, then nla_parse() return values must be
1073 checked, otherwise the policy is useless and there's nothing
1074 that ensures the attributes are actually what we expect them
1077 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1079 commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1
1080 Author: Karl Beldan <karl.beldan@rivierawaves.com>
1081 Date: Thu Jan 23 20:06:34 2014 +0100
1083 mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec
1085 ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of
1086 the BA parameters. In the discussion [1] about this patch, Johannes
1087 recalled that it fixed some races with the DELBA and indeed this
1088 behavior was introduced in [2].
1089 While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on
1090 their BA params TID AC violates the spec and is more a workaround for
1091 some drivers. Helmut expressed some concerns wrt such drivers, in
1092 particular DELBAs in rt2x00.
1094 ATM, DELBAs are sent after a driver has called (hence "purposely")
1095 ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some
1096 details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_*
1097 given to the driver ampdu_action supposed to call this function, which
1098 could prove handy to people trying to do the right thing in faulty
1099 drivers (if their fw/hw don't get in their way).
1101 [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com
1102 [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames")
1104 Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
1105 Cc: Helmut Schaa <helmut.schaa@googlemail.com>
1106 Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
1107 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1108 --- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
1109 +++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
1110 @@ -790,7 +790,7 @@ void ath6kl_cfg80211_connect_event(struc
1111 if (nw_type & ADHOC_NETWORK) {
1112 ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "ad-hoc %s selected\n",
1113 nw_type & ADHOC_CREATOR ? "creator" : "joiner");
1114 - cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
1115 + cfg80211_ibss_joined(vif->ndev, bssid, chan, GFP_KERNEL);
1116 cfg80211_put_bss(ar->wiphy, bss);
1119 @@ -861,13 +861,9 @@ void ath6kl_cfg80211_disconnect_event(st
1122 if (vif->nw_type & ADHOC_NETWORK) {
1123 - if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) {
1124 + if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC)
1125 ath6kl_dbg(ATH6KL_DBG_WLAN_CFG,
1126 "%s: ath6k not in ibss mode\n", __func__);
1129 - memset(bssid, 0, ETH_ALEN);
1130 - cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
1134 @@ -3256,6 +3252,15 @@ static int ath6kl_cfg80211_sscan_start(s
1135 struct ath6kl_vif *vif = netdev_priv(dev);
1137 int ret, rssi_thold;
1138 + int n_match_sets = request->n_match_sets;
1141 + * If there's a matchset w/o an SSID, then assume it's just for
1142 + * the RSSI (nothing else is currently supported) and ignore it.
1143 + * The device only supports a global RSSI filter that we set below.
1145 + if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len)
1148 if (ar->state != ATH6KL_STATE_ON)
1150 @@ -3268,11 +3273,11 @@ static int ath6kl_cfg80211_sscan_start(s
1151 ret = ath6kl_set_probed_ssids(ar, vif, request->ssids,
1153 request->match_sets,
1154 - request->n_match_sets);
1159 - if (!request->n_match_sets) {
1160 + if (!n_match_sets) {
1161 ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx,
1164 @@ -3286,12 +3291,12 @@ static int ath6kl_cfg80211_sscan_start(s
1166 if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD,
1167 ar->fw_capabilities)) {
1168 - if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
1169 + if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
1171 - else if (request->rssi_thold < -127)
1172 + else if (request->min_rssi_thold < -127)
1175 - rssi_thold = request->rssi_thold;
1176 + rssi_thold = request->min_rssi_thold;
1178 ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx,
1180 --- a/drivers/net/wireless/ath/ath9k/hw.c
1181 +++ b/drivers/net/wireless/ath/ath9k/hw.c
1182 @@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at
1183 if (AR_SREV_9300_20_OR_LATER(ah))
1185 else if (AR_SREV_9100(ah))
1191 @@ -1534,7 +1534,7 @@ EXPORT_SYMBOL(ath9k_hw_check_nav);
1192 bool ath9k_hw_check_alive(struct ath_hw *ah)
1196 + u32 reg, last_val;
1198 if (AR_SREV_9300(ah))
1199 return !ath9k_hw_detect_mac_hang(ah);
1200 @@ -1542,9 +1542,13 @@ bool ath9k_hw_check_alive(struct ath_hw
1201 if (AR_SREV_9285_12_OR_LATER(ah))
1204 + last_val = REG_READ(ah, AR_OBS_BUS_1);
1206 reg = REG_READ(ah, AR_OBS_BUS_1);
1207 + if (reg != last_val)
1211 if ((reg & 0x7E7FFFEF) == 0x00702400)
1214 @@ -1556,6 +1560,8 @@ bool ath9k_hw_check_alive(struct ath_hw
1220 } while (count-- > 0);
1223 @@ -2051,9 +2057,8 @@ static bool ath9k_hw_set_power_awake(str
1225 REG_SET_BIT(ah, AR_RTC_FORCE_WAKE,
1226 AR_RTC_FORCE_WAKE_EN);
1228 if (AR_SREV_9100(ah))
1234 --- a/drivers/net/wireless/ath/ath9k/main.c
1235 +++ b/drivers/net/wireless/ath/ath9k/main.c
1236 @@ -451,7 +451,7 @@ void ath9k_tasklet(unsigned long data)
1237 * interrupts are enabled in the reset routine.
1239 atomic_inc(&ah->intr_ref_cnt);
1240 - ath_dbg(common, ANY, "FATAL: Skipping interrupts\n");
1241 + ath_dbg(common, RESET, "FATAL: Skipping interrupts\n");
1245 @@ -471,7 +471,7 @@ void ath9k_tasklet(unsigned long data)
1246 * interrupts are enabled in the reset routine.
1248 atomic_inc(&ah->intr_ref_cnt);
1249 - ath_dbg(common, ANY,
1250 + ath_dbg(common, RESET,
1251 "BB_WATCHDOG: Skipping interrupts\n");
1254 @@ -484,7 +484,7 @@ void ath9k_tasklet(unsigned long data)
1255 type = RESET_TYPE_TX_GTT;
1256 ath9k_queue_reset(sc, type);
1257 atomic_inc(&ah->intr_ref_cnt);
1258 - ath_dbg(common, ANY,
1259 + ath_dbg(common, RESET,
1260 "GTT: Skipping interrupts\n");
1263 @@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str
1265 static bool ath9k_has_tx_pending(struct ath_softc *sc)
1270 for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
1271 if (!ATH_TXQ_SETUP(sc, i))
1272 --- a/drivers/net/wireless/iwlwifi/mvm/scan.c
1273 +++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
1274 @@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid(
1275 * config match list.
1277 for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) {
1278 + /* skip empty SSID matchsets */
1279 + if (!req->match_sets[i].ssid.ssid_len)
1281 scan->direct_scan[i].id = WLAN_EID_SSID;
1282 scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len;
1283 memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid,
1284 --- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
1285 +++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
1286 @@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80
1287 /* During testing, hdr was NULL */
1290 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
1291 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
1292 (ieee80211_has_protected(hdr->frame_control)))
1293 rx_status->flag &= ~RX_FLAG_DECRYPTED;
1295 --- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
1296 +++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
1297 @@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80
1298 /* In testing, hdr was NULL here */
1301 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
1302 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
1303 (ieee80211_has_protected(hdr->frame_control)))
1304 rx_status->flag &= ~RX_FLAG_DECRYPTED;
1306 --- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
1307 +++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
1308 @@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80
1309 /* during testing, hdr was NULL here */
1312 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
1313 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
1314 (ieee80211_has_protected(hdr->frame_control)))
1315 rx_status->flag &= ~RX_FLAG_DECRYPTED;
1317 --- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
1318 +++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
1319 @@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee
1320 /* during testing, hdr could be NULL here */
1323 - if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
1324 + if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
1325 (ieee80211_has_protected(hdr->frame_control)))
1326 rx_status->flag &= ~RX_FLAG_DECRYPTED;
1328 --- a/include/linux/ieee80211.h
1329 +++ b/include/linux/ieee80211.h
1330 @@ -597,6 +597,20 @@ static inline int ieee80211_is_qos_nullf
1334 + * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
1335 + * @fc: frame control field in little-endian byteorder
1337 +static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc)
1339 + /* IEEE 802.11-2012, definition of "bufferable management frame";
1340 + * note that this ignores the IBSS special case. */
1341 + return ieee80211_is_mgmt(fc) &&
1342 + (ieee80211_is_action(fc) ||
1343 + ieee80211_is_disassoc(fc) ||
1344 + ieee80211_is_deauth(fc));
1348 * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set
1349 * @seq_ctrl: frame sequence control bytes in little-endian byteorder
1351 @@ -2192,10 +2206,10 @@ static inline u8 *ieee80211_get_DA(struc
1355 - * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
1356 + * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
1357 * @hdr: the frame (buffer must include at least the first octet of payload)
1359 -static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
1360 +static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
1362 if (ieee80211_is_disassoc(hdr->frame_control) ||
1363 ieee80211_is_deauth(hdr->frame_control))
1364 @@ -2224,6 +2238,17 @@ static inline bool ieee80211_is_robust_m
1368 + * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame
1369 + * @skb: the skb containing the frame, length will be checked
1371 +static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb)
1373 + if (skb->len < 25)
1375 + return _ieee80211_is_robust_mgmt_frame((void *)skb->data);
1379 * ieee80211_is_public_action - check if frame is a public action frame
1381 * @len: length of the frame
1382 --- a/include/net/cfg80211.h
1383 +++ b/include/net/cfg80211.h
1384 @@ -1395,9 +1395,11 @@ struct cfg80211_scan_request {
1385 * struct cfg80211_match_set - sets of attributes to match
1387 * @ssid: SSID to be matched
1388 + * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
1390 struct cfg80211_match_set {
1391 struct cfg80211_ssid ssid;
1396 @@ -1420,7 +1422,8 @@ struct cfg80211_match_set {
1397 * @dev: the interface
1398 * @scan_start: start time of the scheduled scan
1399 * @channels: channels to scan
1400 - * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
1401 + * @min_rssi_thold: for drivers only supporting a single threshold, this
1402 + * contains the minimum over all matchsets
1404 struct cfg80211_sched_scan_request {
1405 struct cfg80211_ssid *ssids;
1406 @@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request {
1408 struct cfg80211_match_set *match_sets;
1411 + s32 min_rssi_thold;
1414 struct wiphy *wiphy;
1415 @@ -3130,8 +3133,8 @@ struct cfg80211_cached_keys;
1416 * @identifier: (private) Identifier used in nl80211 to identify this
1417 * wireless device if it has no netdev
1418 * @current_bss: (private) Used by the internal configuration code
1419 - * @channel: (private) Used by the internal configuration code to track
1420 - * the user-set AP, monitor and WDS channel
1421 + * @chandef: (private) Used by the internal configuration code to track
1422 + * the user-set channel definition.
1423 * @preset_chandef: (private) Used by the internal configuration code to
1424 * track the channel to be used for AP later
1425 * @bssid: (private) Used by the internal configuration code
1426 @@ -3195,9 +3198,7 @@ struct wireless_dev {
1428 struct cfg80211_internal_bss *current_bss; /* associated / joined */
1429 struct cfg80211_chan_def preset_chandef;
1431 - /* for AP and mesh channel tracking */
1432 - struct ieee80211_channel *channel;
1433 + struct cfg80211_chan_def chandef;
1436 bool ibss_dfs_possible;
1437 @@ -3879,6 +3880,7 @@ void cfg80211_michael_mic_failure(struct
1439 * @dev: network device
1440 * @bssid: the BSSID of the IBSS joined
1441 + * @channel: the channel of the IBSS joined
1442 * @gfp: allocation flags
1444 * This function notifies cfg80211 that the device joined an IBSS or
1445 @@ -3888,7 +3890,8 @@ void cfg80211_michael_mic_failure(struct
1446 * with the locally generated beacon -- this guarantees that there is
1447 * always a scan result for this IBSS. cfg80211 will handle the rest.
1449 -void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp);
1450 +void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
1451 + struct ieee80211_channel *channel, gfp_t gfp);
1454 * cfg80211_notify_new_candidate - notify cfg80211 of a new mesh peer candidate
1455 --- a/include/uapi/linux/nl80211.h
1456 +++ b/include/uapi/linux/nl80211.h
1457 @@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr {
1458 * enum nl80211_sched_scan_match_attr - scheduled scan match attributes
1459 * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved
1460 * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching,
1461 - * only report BSS with matching SSID.
1462 + * only report BSS with matching SSID.
1463 * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a
1464 - * BSS in scan results. Filtering is turned off if not specified.
1465 + * BSS in scan results. Filtering is turned off if not specified. Note that
1466 + * if this attribute is in a match set of its own, then it is treated as
1467 + * the default value for all matchsets with an SSID, rather than being a
1468 + * matchset of its own without an RSSI filter. This is due to problems with
1469 + * how this API was implemented in the past. Also, due to the same problem,
1470 + * the only way to create a matchset with only an RSSI filter (with this
1471 + * attribute) is if there's only a single matchset with the RSSI attribute.
1472 * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter
1473 * attribute number currently defined
1474 * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use
1475 --- a/net/mac80211/agg-tx.c
1476 +++ b/net/mac80211/agg-tx.c
1477 @@ -107,7 +107,7 @@ static void ieee80211_send_addba_request
1478 mgmt->u.action.u.addba_req.start_seq_num =
1479 cpu_to_le16(start_seq_num << 4);
1481 - ieee80211_tx_skb_tid(sdata, skb, tid);
1482 + ieee80211_tx_skb(sdata, skb);
1485 void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
1486 --- a/net/mac80211/cfg.c
1487 +++ b/net/mac80211/cfg.c
1488 @@ -970,9 +970,9 @@ static int ieee80211_start_ap(struct wip
1489 /* TODO: make hostapd tell us what it wants */
1490 sdata->smps_mode = IEEE80211_SMPS_OFF;
1491 sdata->needed_rx_chains = sdata->local->rx_chains;
1492 - sdata->radar_required = params->radar_required;
1494 mutex_lock(&local->mtx);
1495 + sdata->radar_required = params->radar_required;
1496 err = ieee80211_vif_use_channel(sdata, ¶ms->chandef,
1497 IEEE80211_CHANCTX_SHARED);
1498 mutex_unlock(&local->mtx);
1499 @@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip
1500 IEEE80211_P2P_OPPPS_ENABLE_BIT;
1502 err = ieee80211_assign_beacon(sdata, ¶ms->beacon);
1505 + ieee80211_vif_release_channel(sdata);
1510 err = drv_start_ap(sdata->local, sdata);
1511 @@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip
1513 kfree_rcu(old, rcu_head);
1514 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1515 + ieee80211_vif_release_channel(sdata);
1519 @@ -1053,6 +1056,7 @@ static int ieee80211_change_beacon(struc
1522 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1523 + sdata_assert_lock(sdata);
1525 /* don't allow changing the beacon while CSA is in place - offset
1526 * of channel switch counter may change
1527 @@ -1080,6 +1084,8 @@ static int ieee80211_stop_ap(struct wiph
1528 struct probe_resp *old_probe_resp;
1529 struct cfg80211_chan_def chandef;
1531 + sdata_assert_lock(sdata);
1533 old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata);
1536 @@ -1090,8 +1096,6 @@ static int ieee80211_stop_ap(struct wiph
1537 kfree(sdata->u.ap.next_beacon);
1538 sdata->u.ap.next_beacon = NULL;
1540 - cancel_work_sync(&sdata->u.ap.request_smps_work);
1542 /* turn off carrier for this interface and dependent VLANs */
1543 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1544 netif_carrier_off(vlan->dev);
1545 @@ -1103,6 +1107,7 @@ static int ieee80211_stop_ap(struct wiph
1546 kfree_rcu(old_beacon, rcu_head);
1548 kfree_rcu(old_probe_resp, rcu_head);
1549 + sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
1551 __sta_info_flush(sdata, true);
1552 ieee80211_free_keys(sdata, true);
1553 @@ -1988,6 +1993,9 @@ static int ieee80211_change_bss(struct w
1555 band = ieee80211_get_sdata_band(sdata);
1557 + if (WARN_ON(!wiphy->bands[band]))
1560 if (params->use_cts_prot >= 0) {
1561 sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot;
1562 changed |= BSS_CHANGED_ERP_CTS_PROT;
1563 @@ -2638,6 +2646,24 @@ static int ieee80211_start_roc_work(stru
1564 INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
1565 INIT_LIST_HEAD(&roc->dependents);
1568 + * cookie is either the roc cookie (for normal roc)
1569 + * or the SKB (for mgmt TX)
1572 + /* local->mtx protects this */
1573 + local->roc_cookie_counter++;
1574 + roc->cookie = local->roc_cookie_counter;
1575 + /* wow, you wrapped 64 bits ... more likely a bug */
1576 + if (WARN_ON(roc->cookie == 0)) {
1578 + local->roc_cookie_counter++;
1580 + *cookie = roc->cookie;
1582 + *cookie = (unsigned long)txskb;
1585 /* if there's one pending or we're scanning, queue this one */
1586 if (!list_empty(&local->roc_list) ||
1587 local->scanning || local->radar_detect_enabled)
1588 @@ -2772,24 +2798,6 @@ static int ieee80211_start_roc_work(stru
1590 list_add_tail(&roc->list, &local->roc_list);
1593 - * cookie is either the roc cookie (for normal roc)
1594 - * or the SKB (for mgmt TX)
1597 - /* local->mtx protects this */
1598 - local->roc_cookie_counter++;
1599 - roc->cookie = local->roc_cookie_counter;
1600 - /* wow, you wrapped 64 bits ... more likely a bug */
1601 - if (WARN_ON(roc->cookie == 0)) {
1603 - local->roc_cookie_counter++;
1605 - *cookie = roc->cookie;
1607 - *cookie = (unsigned long)txskb;
1613 @@ -3004,8 +3012,10 @@ void ieee80211_csa_finalize_work(struct
1614 if (!ieee80211_sdata_running(sdata))
1617 - sdata->radar_required = sdata->csa_radar_required;
1618 + sdata_assert_lock(sdata);
1620 mutex_lock(&local->mtx);
1621 + sdata->radar_required = sdata->csa_radar_required;
1622 err = ieee80211_vif_change_channel(sdata, &changed);
1623 mutex_unlock(&local->mtx);
1624 if (WARN_ON(err < 0))
1625 @@ -3022,13 +3032,13 @@ void ieee80211_csa_finalize_work(struct
1626 switch (sdata->vif.type) {
1627 case NL80211_IFTYPE_AP:
1628 err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
1629 + kfree(sdata->u.ap.next_beacon);
1630 + sdata->u.ap.next_beacon = NULL;
1636 - kfree(sdata->u.ap.next_beacon);
1637 - sdata->u.ap.next_beacon = NULL;
1639 ieee80211_bss_info_change_notify(sdata, err);
1641 case NL80211_IFTYPE_ADHOC:
1642 @@ -3066,7 +3076,7 @@ int ieee80211_channel_switch(struct wiph
1643 struct ieee80211_if_mesh __maybe_unused *ifmsh;
1644 int err, num_chanctx;
1646 - lockdep_assert_held(&sdata->wdev.mtx);
1647 + sdata_assert_lock(sdata);
1649 if (!list_empty(&local->roc_list) || local->scanning)
1651 --- a/net/mac80211/ht.c
1652 +++ b/net/mac80211/ht.c
1653 @@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802
1654 mgmt->u.action.u.delba.params = cpu_to_le16(params);
1655 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
1657 - ieee80211_tx_skb_tid(sdata, skb, tid);
1658 + ieee80211_tx_skb(sdata, skb);
1661 void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
1662 @@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru
1663 u.ap.request_smps_work);
1666 - __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode);
1667 + if (sdata_dereference(sdata->u.ap.beacon, sdata))
1668 + __ieee80211_request_smps_ap(sdata,
1669 + sdata->u.ap.driver_smps_mode);
1670 sdata_unlock(sdata);
1673 --- a/net/mac80211/iface.c
1674 +++ b/net/mac80211/iface.c
1675 @@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee
1677 ieee80211_roc_purge(local, sdata);
1679 - if (sdata->vif.type == NL80211_IFTYPE_STATION)
1680 + switch (sdata->vif.type) {
1681 + case NL80211_IFTYPE_STATION:
1682 ieee80211_mgd_stop(sdata);
1684 - if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
1686 + case NL80211_IFTYPE_ADHOC:
1687 ieee80211_ibss_stop(sdata);
1690 + case NL80211_IFTYPE_AP:
1691 + cancel_work_sync(&sdata->u.ap.request_smps_work);
1698 * Remove all stations associated with this interface.
1699 @@ -827,7 +834,9 @@ static void ieee80211_do_stop(struct iee
1700 cancel_work_sync(&local->dynamic_ps_enable_work);
1702 cancel_work_sync(&sdata->recalc_smps);
1703 + sdata_lock(sdata);
1704 sdata->vif.csa_active = false;
1705 + sdata_unlock(sdata);
1706 cancel_work_sync(&sdata->csa_finalize_work);
1708 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
1709 --- a/net/mac80211/rx.c
1710 +++ b/net/mac80211/rx.c
1711 @@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m
1713 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1715 - if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
1716 + if (is_multicast_ether_addr(hdr->addr1))
1719 - return ieee80211_is_robust_mgmt_frame(hdr);
1720 + return ieee80211_is_robust_mgmt_frame(skb);
1724 @@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust
1726 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1728 - if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
1729 + if (!is_multicast_ether_addr(hdr->addr1))
1732 - return ieee80211_is_robust_mgmt_frame(hdr);
1733 + return ieee80211_is_robust_mgmt_frame(skb);
1737 @@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str
1738 if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
1741 - if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
1742 + if (!ieee80211_is_robust_mgmt_frame(skb))
1743 return -1; /* not a robust management frame */
1745 mmie = (struct ieee80211_mmie *)
1746 @@ -1128,6 +1128,13 @@ static void sta_ps_end(struct sta_info *
1747 sta->sta.addr, sta->sta.aid);
1749 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1751 + * Clear the flag only if the other one is still set
1752 + * so that the TX path won't start TX'ing new frames
1753 + * directly ... In the case that the driver flag isn't
1754 + * set ieee80211_sta_ps_deliver_wakeup() will clear it.
1756 + clear_sta_flag(sta, WLAN_STA_PS_STA);
1757 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n",
1758 sta->sta.addr, sta->sta.aid);
1760 @@ -1311,18 +1318,15 @@ ieee80211_rx_h_sta_process(struct ieee80
1761 !ieee80211_has_morefrags(hdr->frame_control) &&
1762 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1763 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1764 - rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
1765 + rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1766 + /* PM bit is only checked in frames where it isn't reserved,
1767 + * in AP mode it's reserved in non-bufferable management frames
1768 + * (cf. IEEE 802.11-2012 8.2.4.1.7 Power Management field)
1770 + (!ieee80211_is_mgmt(hdr->frame_control) ||
1771 + ieee80211_is_bufferable_mmpdu(hdr->frame_control))) {
1772 if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
1774 - * Ignore doze->wake transitions that are
1775 - * indicated by non-data frames, the standard
1776 - * is unclear here, but for example going to
1777 - * PS mode and then scanning would cause a
1778 - * doze->wake transition for the probe request,
1779 - * and that is clearly undesirable.
1781 - if (ieee80211_is_data(hdr->frame_control) &&
1782 - !ieee80211_has_pm(hdr->frame_control))
1783 + if (!ieee80211_has_pm(hdr->frame_control))
1786 if (ieee80211_has_pm(hdr->frame_control))
1787 @@ -1845,8 +1849,7 @@ static int ieee80211_drop_unencrypted_mg
1788 * having configured keys.
1790 if (unlikely(ieee80211_is_action(fc) && !rx->key &&
1791 - ieee80211_is_robust_mgmt_frame(
1792 - (struct ieee80211_hdr *) rx->skb->data)))
1793 + ieee80211_is_robust_mgmt_frame(rx->skb)))
1797 --- a/net/mac80211/tx.c
1798 +++ b/net/mac80211/tx.c
1799 @@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc,
1800 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
1803 - if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
1805 + if (!ieee80211_is_robust_mgmt_frame(skb))
1809 @@ -478,6 +477,20 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
1810 sta->sta.addr, sta->sta.aid, ac);
1811 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
1812 purge_old_ps_buffers(tx->local);
1814 + /* sync with ieee80211_sta_ps_deliver_wakeup */
1815 + spin_lock(&sta->ps_lock);
1817 + * STA woke up the meantime and all the frames on ps_tx_buf have
1818 + * been queued to pending queue. No reordering can happen, go
1819 + * ahead and Tx the packet.
1821 + if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
1822 + !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1823 + spin_unlock(&sta->ps_lock);
1824 + return TX_CONTINUE;
1827 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
1828 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
1830 @@ -492,6 +505,7 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
1831 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1832 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1833 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
1834 + spin_unlock(&sta->ps_lock);
1836 if (!timer_pending(&local->sta_cleanup))
1837 mod_timer(&local->sta_cleanup,
1838 @@ -525,9 +539,7 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t
1840 /* only deauth, disassoc and action are bufferable MMPDUs */
1841 if (ieee80211_is_mgmt(hdr->frame_control) &&
1842 - !ieee80211_is_deauth(hdr->frame_control) &&
1843 - !ieee80211_is_disassoc(hdr->frame_control) &&
1844 - !ieee80211_is_action(hdr->frame_control)) {
1845 + !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
1846 if (tx->flags & IEEE80211_TX_UNICAST)
1847 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
1849 @@ -567,7 +579,7 @@ ieee80211_tx_h_select_key(struct ieee802
1851 else if (ieee80211_is_mgmt(hdr->frame_control) &&
1852 is_multicast_ether_addr(hdr->addr1) &&
1853 - ieee80211_is_robust_mgmt_frame(hdr) &&
1854 + ieee80211_is_robust_mgmt_frame(tx->skb) &&
1855 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
1857 else if (is_multicast_ether_addr(hdr->addr1) &&
1858 @@ -582,12 +594,12 @@ ieee80211_tx_h_select_key(struct ieee802
1860 else if (tx->skb->protocol == tx->sdata->control_port_protocol)
1862 - else if (ieee80211_is_robust_mgmt_frame(hdr) &&
1863 + else if (ieee80211_is_robust_mgmt_frame(tx->skb) &&
1864 !(ieee80211_is_action(hdr->frame_control) &&
1865 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
1867 else if (ieee80211_is_mgmt(hdr->frame_control) &&
1868 - !ieee80211_is_robust_mgmt_frame(hdr))
1869 + !ieee80211_is_robust_mgmt_frame(tx->skb))
1872 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
1873 @@ -878,7 +890,7 @@ static int ieee80211_fragment(struct iee
1876 /* adjust first fragment's length */
1877 - skb->len = hdrlen + per_fragm;
1878 + skb_trim(skb, hdrlen + per_fragm);
1882 @@ -2900,7 +2912,7 @@ ieee80211_get_buffered_bc(struct ieee802
1883 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1886 - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1887 + if (sdata->vif.type == NL80211_IFTYPE_AP)
1888 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
1889 if (!ieee80211_tx_prepare(sdata, &tx, skb))
1891 --- a/net/mac80211/wpa.c
1892 +++ b/net/mac80211/wpa.c
1893 @@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee
1894 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1896 if (!ieee80211_is_data(hdr->frame_control) &&
1897 - !ieee80211_is_robust_mgmt_frame(hdr))
1898 + !ieee80211_is_robust_mgmt_frame(skb))
1901 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
1902 --- a/net/wireless/ap.c
1903 +++ b/net/wireless/ap.c
1904 @@ -27,9 +27,10 @@ static int __cfg80211_stop_ap(struct cfg
1905 err = rdev_stop_ap(rdev, dev);
1907 wdev->beacon_interval = 0;
1908 - wdev->channel = NULL;
1909 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
1911 rdev_set_qos_map(rdev, dev, NULL);
1912 + nl80211_send_ap_stopped(wdev);
1916 --- a/net/wireless/core.c
1917 +++ b/net/wireless/core.c
1918 @@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg
1922 - WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
1923 - !rdev->scan_req->notified);
1924 + if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
1925 + if (WARN_ON(!rdev->scan_req->notified))
1926 + rdev->scan_req->aborted = true;
1927 + ___cfg80211_scan_done(rdev, false);
1931 static int cfg80211_rfkill_set_block(void *data, bool blocked)
1932 @@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy)
1934 u16 ifmodes = wiphy->interface_modes;
1936 - /* support for 5/10 MHz is broken due to nl80211 API mess - disable */
1937 - wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ;
1940 * There are major locking problems in nl80211/mac80211 for CSA,
1941 * disable for all drivers until this has been reworked.
1942 @@ -795,8 +795,6 @@ void cfg80211_leave(struct cfg80211_regi
1947 - wdev->beacon_interval = 0;
1950 static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
1951 @@ -875,8 +873,11 @@ static int cfg80211_netdev_notifier_call
1954 cfg80211_update_iface_num(rdev, wdev->iftype, -1);
1955 - WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
1956 - !rdev->scan_req->notified);
1957 + if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
1958 + if (WARN_ON(!rdev->scan_req->notified))
1959 + rdev->scan_req->aborted = true;
1960 + ___cfg80211_scan_done(rdev, false);
1963 if (WARN_ON(rdev->sched_scan_req &&
1964 rdev->sched_scan_req->dev == wdev->netdev)) {
1965 --- a/net/wireless/core.h
1966 +++ b/net/wireless/core.h
1967 @@ -62,6 +62,7 @@ struct cfg80211_registered_device {
1968 struct rb_root bss_tree;
1970 struct cfg80211_scan_request *scan_req; /* protected by RTNL */
1971 + struct sk_buff *scan_msg;
1972 struct cfg80211_sched_scan_request *sched_scan_req;
1973 unsigned long suspend_at;
1974 struct work_struct scan_done_wk;
1975 @@ -210,6 +211,7 @@ struct cfg80211_event {
1979 + struct ieee80211_channel *channel;
1983 @@ -257,7 +259,8 @@ int __cfg80211_leave_ibss(struct cfg8021
1984 struct net_device *dev, bool nowext);
1985 int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
1986 struct net_device *dev, bool nowext);
1987 -void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid);
1988 +void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
1989 + struct ieee80211_channel *channel);
1990 int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
1991 struct wireless_dev *wdev);
1993 @@ -361,7 +364,8 @@ int cfg80211_validate_key_settings(struc
1994 struct key_params *params, int key_idx,
1995 bool pairwise, const u8 *mac_addr);
1996 void __cfg80211_scan_done(struct work_struct *wk);
1997 -void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev);
1998 +void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
1999 + bool send_message);
2000 void __cfg80211_sched_scan_results(struct work_struct *wk);
2001 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
2002 bool driver_initiated);
2003 @@ -441,7 +445,8 @@ static inline unsigned int elapsed_jiffi
2005 cfg80211_get_chan_state(struct wireless_dev *wdev,
2006 struct ieee80211_channel **chan,
2007 - enum cfg80211_chan_mode *chanmode);
2008 + enum cfg80211_chan_mode *chanmode,
2009 + u8 *radar_detect);
2011 int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
2012 struct cfg80211_chan_def *chandef);
2013 --- a/net/wireless/nl80211.c
2014 +++ b/net/wireless/nl80211.c
2015 @@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_
2016 * We can then retry with the larger buffer.
2018 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2020 + !skb->len && !state->split &&
2021 cb->min_dump_alloc < 4096) {
2022 cb->min_dump_alloc = 4096;
2023 + state->split_start = 0;
2027 @@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b
2028 nla_for_each_nested(nl_txq_params,
2029 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2031 - nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2032 - nla_data(nl_txq_params),
2033 - nla_len(nl_txq_params),
2034 - txq_params_policy);
2035 + result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2036 + nla_data(nl_txq_params),
2037 + nla_len(nl_txq_params),
2038 + txq_params_policy);
2041 result = parse_txq_params(tb, &txq_params);
2044 @@ -3289,7 +3292,7 @@ static int nl80211_start_ap(struct sk_bu
2046 wdev->preset_chandef = params.chandef;
2047 wdev->beacon_interval = params.beacon_interval;
2048 - wdev->channel = params.chandef.chan;
2049 + wdev->chandef = params.chandef;
2050 wdev->ssid_len = params.ssid_len;
2051 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
2053 @@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf
2055 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2057 - nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2058 - nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2060 + r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2061 + nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2065 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
2068 @@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s
2069 if (!rdev->ops->scan)
2072 - if (rdev->scan_req) {
2073 + if (rdev->scan_req || rdev->scan_msg) {
2077 @@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru
2078 enum ieee80211_band band;
2080 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
2081 + s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
2083 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
2084 !rdev->ops->sched_scan_start)
2085 @@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru
2086 if (n_ssids > wiphy->max_sched_scan_ssids)
2089 - if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
2091 + * First, count the number of 'real' matchsets. Due to an issue with
2092 + * the old implementation, matchsets containing only the RSSI attribute
2093 + * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
2094 + * RSSI for all matchsets, rather than their own matchset for reporting
2095 + * all APs with a strong RSSI. This is needed to be compatible with
2096 + * older userspace that treated a matchset with only the RSSI as the
2097 + * global RSSI for all other matchsets - if there are other matchsets.
2099 + if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
2100 nla_for_each_nested(attr,
2101 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
2105 + struct nlattr *rssi;
2107 + err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
2108 + nla_data(attr), nla_len(attr),
2109 + nl80211_match_policy);
2112 + /* add other standalone attributes here */
2113 + if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
2117 + rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
2119 + default_match_rssi = nla_get_s32(rssi);
2123 + /* However, if there's no other matchset, add the RSSI one */
2124 + if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
2127 if (n_match_sets > wiphy->max_match_sets)
2129 @@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru
2131 struct nlattr *ssid, *rssi;
2133 - nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
2134 - nla_data(attr), nla_len(attr),
2135 - nl80211_match_policy);
2136 + err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
2137 + nla_data(attr), nla_len(attr),
2138 + nl80211_match_policy);
2141 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
2143 + if (WARN_ON(i >= n_match_sets)) {
2144 + /* this indicates a programming error,
2145 + * the loop above should have verified
2152 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
2155 @@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru
2156 nla_data(ssid), nla_len(ssid));
2157 request->match_sets[i].ssid.ssid_len =
2159 + /* special attribute - old implemenation w/a */
2160 + request->match_sets[i].rssi_thold =
2161 + default_match_rssi;
2162 + rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
2164 + request->match_sets[i].rssi_thold =
2165 + nla_get_s32(rssi);
2167 - rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
2169 - request->rssi_thold = nla_get_u32(rssi);
2171 - request->rssi_thold =
2172 - NL80211_SCAN_RSSI_THOLD_OFF;
2176 + /* there was no other matchset, so the RSSI one is alone */
2178 + request->match_sets[0].rssi_thold = default_match_rssi;
2180 + request->min_rssi_thold = INT_MAX;
2181 + for (i = 0; i < n_match_sets; i++)
2182 + request->min_rssi_thold =
2183 + min(request->match_sets[i].rssi_thold,
2184 + request->min_rssi_thold);
2186 + request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
2189 if (info->attrs[NL80211_ATTR_IE]) {
2190 @@ -5751,7 +5810,7 @@ static int nl80211_start_radar_detection
2192 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
2194 - wdev->channel = chandef.chan;
2195 + wdev->chandef = chandef;
2196 wdev->cac_started = true;
2197 wdev->cac_start_time = jiffies;
2199 @@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s
2200 * directly to the enum ieee80211_band values used in cfg80211.
2202 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
2203 - nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
2205 + nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
2206 enum ieee80211_band band = nla_type(tx_rates);
2209 if (band < 0 || band >= IEEE80211_NUM_BANDS)
2211 sband = rdev->wiphy.bands[band];
2214 - nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
2215 - nla_len(tx_rates), nl80211_txattr_policy);
2216 + err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
2217 + nla_len(tx_rates), nl80211_txattr_policy);
2220 if (tb[NL80211_TXRATE_LEGACY]) {
2221 mask.control[band].legacy = rateset_to_mask(
2223 @@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8
2224 NL80211_MCGRP_SCAN, GFP_KERNEL);
2227 -void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
2228 - struct wireless_dev *wdev)
2229 +struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
2230 + struct wireless_dev *wdev, bool aborted)
2232 struct sk_buff *msg;
2234 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2239 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
2240 - NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
2241 + aborted ? NL80211_CMD_SCAN_ABORTED :
2242 + NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
2248 - genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
2249 - NL80211_MCGRP_SCAN, GFP_KERNEL);
2253 -void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
2254 - struct wireless_dev *wdev)
2255 +void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
2256 + struct sk_buff *msg)
2258 - struct sk_buff *msg;
2260 - msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2264 - if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
2265 - NL80211_CMD_SCAN_ABORTED) < 0) {
2270 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
2271 NL80211_MCGRP_SCAN, GFP_KERNEL);
2273 @@ -11158,7 +11211,8 @@ void cfg80211_ch_switch_notify(struct ne
2274 wdev->iftype != NL80211_IFTYPE_MESH_POINT))
2277 - wdev->channel = chandef->chan;
2278 + wdev->chandef = *chandef;
2279 + wdev->preset_chandef = *chandef;
2280 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
2282 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
2283 @@ -11673,6 +11727,35 @@ void cfg80211_crit_proto_stopped(struct
2285 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
2287 +void nl80211_send_ap_stopped(struct wireless_dev *wdev)
2289 + struct wiphy *wiphy = wdev->wiphy;
2290 + struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
2291 + struct sk_buff *msg;
2294 + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2298 + hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
2302 + if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2303 + nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
2304 + nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
2307 + genlmsg_end(msg, hdr);
2309 + genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
2310 + NL80211_MCGRP_MLME, GFP_KERNEL);
2316 /* initialisation/exit functions */
2318 int nl80211_init(void)
2319 --- a/net/wireless/nl80211.h
2320 +++ b/net/wireless/nl80211.h
2321 @@ -8,10 +8,10 @@ void nl80211_exit(void);
2322 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
2323 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
2324 struct wireless_dev *wdev);
2325 -void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
2326 - struct wireless_dev *wdev);
2327 -void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
2328 - struct wireless_dev *wdev);
2329 +struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
2330 + struct wireless_dev *wdev, bool aborted);
2331 +void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
2332 + struct sk_buff *msg);
2333 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
2334 struct net_device *netdev, u32 cmd);
2335 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
2336 @@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg
2337 enum nl80211_radar_event event,
2338 struct net_device *netdev, gfp_t gfp);
2340 +void nl80211_send_ap_stopped(struct wireless_dev *wdev);
2342 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev);
2344 #endif /* __NET_WIRELESS_NL80211_H */
2345 --- a/net/wireless/scan.c
2346 +++ b/net/wireless/scan.c
2347 @@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct
2348 dev->bss_generation++;
2351 -void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev)
2352 +void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
2353 + bool send_message)
2355 struct cfg80211_scan_request *request;
2356 struct wireless_dev *wdev;
2357 + struct sk_buff *msg;
2358 #ifdef CPTCFG_CFG80211_WEXT
2359 union iwreq_data wrqu;
2364 - request = rdev->scan_req;
2365 + if (rdev->scan_msg) {
2366 + nl80211_send_scan_result(rdev, rdev->scan_msg);
2367 + rdev->scan_msg = NULL;
2371 + request = rdev->scan_req;
2375 @@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802
2377 cfg80211_sme_scan_done(wdev->netdev);
2379 - if (request->aborted) {
2380 - nl80211_send_scan_aborted(rdev, wdev);
2382 - if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
2383 - /* flush entries from previous scans */
2384 - spin_lock_bh(&rdev->bss_lock);
2385 - __cfg80211_bss_expire(rdev, request->scan_start);
2386 - spin_unlock_bh(&rdev->bss_lock);
2388 - nl80211_send_scan_done(rdev, wdev);
2389 + if (!request->aborted &&
2390 + request->flags & NL80211_SCAN_FLAG_FLUSH) {
2391 + /* flush entries from previous scans */
2392 + spin_lock_bh(&rdev->bss_lock);
2393 + __cfg80211_bss_expire(rdev, request->scan_start);
2394 + spin_unlock_bh(&rdev->bss_lock);
2397 + msg = nl80211_build_scan_msg(rdev, wdev, request->aborted);
2399 #ifdef CPTCFG_CFG80211_WEXT
2400 if (wdev->netdev && !request->aborted) {
2401 memset(&wrqu, 0, sizeof(wrqu));
2402 @@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802
2404 rdev->scan_req = NULL;
2407 + if (!send_message)
2408 + rdev->scan_msg = msg;
2410 + nl80211_send_scan_result(rdev, msg);
2413 void __cfg80211_scan_done(struct work_struct *wk)
2414 @@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st
2418 - ___cfg80211_scan_done(rdev);
2419 + ___cfg80211_scan_done(rdev, true);
2423 @@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev
2425 return PTR_ERR(rdev);
2427 - if (rdev->scan_req) {
2428 + if (rdev->scan_req || rdev->scan_msg) {
2432 @@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev
2434 return PTR_ERR(rdev);
2436 - if (rdev->scan_req)
2437 + if (rdev->scan_req || rdev->scan_msg)
2440 res = ieee80211_scan_results(rdev, info, extra, data->length);
2441 --- a/net/wireless/sme.c
2442 +++ b/net/wireless/sme.c
2443 @@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir
2444 ASSERT_RDEV_LOCK(rdev);
2445 ASSERT_WDEV_LOCK(wdev);
2447 - if (rdev->scan_req)
2448 + if (rdev->scan_req || rdev->scan_msg)
2451 if (wdev->conn->params.channel)
2452 --- a/net/mac80211/mlme.c
2453 +++ b/net/mac80211/mlme.c
2454 @@ -1001,7 +1001,6 @@ ieee80211_sta_process_chanswitch(struct
2457 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
2458 - sdata->vif.csa_active = true;
2460 mutex_lock(&local->chanctx_mtx);
2461 if (local->use_chanctx) {
2462 @@ -1039,6 +1038,7 @@ ieee80211_sta_process_chanswitch(struct
2463 mutex_unlock(&local->chanctx_mtx);
2465 sdata->csa_chandef = csa_ie.chandef;
2466 + sdata->vif.csa_active = true;
2469 ieee80211_stop_queues_by_reason(&local->hw,
2470 --- a/net/mac80211/chan.c
2471 +++ b/net/mac80211/chan.c
2472 @@ -196,6 +196,8 @@ static bool ieee80211_is_radar_required(
2474 struct ieee80211_sub_if_data *sdata;
2476 + lockdep_assert_held(&local->mtx);
2479 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2480 if (sdata->radar_required) {
2481 --- a/net/mac80211/ibss.c
2482 +++ b/net/mac80211/ibss.c
2483 @@ -294,7 +294,6 @@ static void __ieee80211_sta_join_ibss(st
2486 mutex_lock(&local->mtx);
2487 - ieee80211_vif_release_channel(sdata);
2488 if (ieee80211_vif_use_channel(sdata, &chandef,
2489 ifibss->fixed_channel ?
2490 IEEE80211_CHANCTX_SHARED :
2491 @@ -303,6 +302,7 @@ static void __ieee80211_sta_join_ibss(st
2492 mutex_unlock(&local->mtx);
2495 + sdata->radar_required = radar_required;
2496 mutex_unlock(&local->mtx);
2498 memcpy(ifibss->bssid, bssid, ETH_ALEN);
2499 @@ -318,7 +318,6 @@ static void __ieee80211_sta_join_ibss(st
2500 rcu_assign_pointer(ifibss->presp, presp);
2501 mgmt = (void *)presp->head;
2503 - sdata->radar_required = radar_required;
2504 sdata->vif.bss_conf.enable_beacon = true;
2505 sdata->vif.bss_conf.beacon_int = beacon_int;
2506 sdata->vif.bss_conf.basic_rates = basic_rates;
2507 @@ -386,7 +385,7 @@ static void __ieee80211_sta_join_ibss(st
2508 presp->head_len, 0, GFP_KERNEL);
2509 cfg80211_put_bss(local->hw.wiphy, bss);
2510 netif_carrier_on(sdata->dev);
2511 - cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL);
2512 + cfg80211_ibss_joined(sdata->dev, ifibss->bssid, chan, GFP_KERNEL);
2515 static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
2516 @@ -802,6 +801,8 @@ ieee80211_ibss_process_chanswitch(struct
2520 + sdata_assert_lock(sdata);
2522 sta_flags = IEEE80211_STA_DISABLE_VHT;
2523 switch (ifibss->chandef.width) {
2524 case NL80211_CHAN_WIDTH_5:
2525 @@ -1471,6 +1472,11 @@ static void ieee80211_rx_mgmt_probe_req(
2526 memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN);
2527 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa);
2528 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2530 + /* avoid excessive retries for probe request to wildcard SSIDs */
2532 + IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_NO_ACK;
2534 ieee80211_tx_skb(sdata, skb);
2537 --- a/net/mac80211/mesh.c
2538 +++ b/net/mac80211/mesh.c
2539 @@ -872,6 +872,8 @@ ieee80211_mesh_process_chnswitch(struct
2540 if (!ifmsh->mesh_id)
2543 + sdata_assert_lock(sdata);
2545 sta_flags = IEEE80211_STA_DISABLE_VHT;
2546 switch (sdata->vif.bss_conf.chandef.width) {
2547 case NL80211_CHAN_WIDTH_20_NOHT:
2548 --- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
2549 +++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
2550 @@ -4658,6 +4658,7 @@ brcmf_notify_connect_status(struct brcmf
2551 struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
2552 struct net_device *ndev = ifp->ndev;
2553 struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2554 + struct ieee80211_channel *chan;
2557 if (ifp->vif->mode == WL_MODE_AP) {
2558 @@ -4665,9 +4666,10 @@ brcmf_notify_connect_status(struct brcmf
2559 } else if (brcmf_is_linkup(e)) {
2560 brcmf_dbg(CONN, "Linkup\n");
2561 if (brcmf_is_ibssmode(ifp->vif)) {
2562 + chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
2563 memcpy(profile->bssid, e->addr, ETH_ALEN);
2564 wl_inform_ibss(cfg, ndev, e->addr);
2565 - cfg80211_ibss_joined(ndev, e->addr, GFP_KERNEL);
2566 + cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
2567 clear_bit(BRCMF_VIF_STATUS_CONNECTING,
2568 &ifp->vif->sme_state);
2569 set_bit(BRCMF_VIF_STATUS_CONNECTED,
2570 --- a/drivers/net/wireless/libertas/cfg.c
2571 +++ b/drivers/net/wireless/libertas/cfg.c
2572 @@ -1766,7 +1766,8 @@ static void lbs_join_post(struct lbs_pri
2573 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len);
2574 priv->wdev->ssid_len = params->ssid_len;
2576 - cfg80211_ibss_joined(priv->dev, bssid, GFP_KERNEL);
2577 + cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
2580 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
2581 priv->connect_status = LBS_CONNECTED;
2582 --- a/drivers/net/wireless/mwifiex/cfg80211.c
2583 +++ b/drivers/net/wireless/mwifiex/cfg80211.c
2584 @@ -1881,7 +1881,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy
2588 - cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, GFP_KERNEL);
2589 + cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid,
2590 + params->chandef.chan, GFP_KERNEL);
2591 dev_dbg(priv->adapter->dev,
2592 "info: joined/created adhoc network with bssid"
2593 " %pM successfully\n", priv->cfg_bssid);
2594 --- a/drivers/net/wireless/rndis_wlan.c
2595 +++ b/drivers/net/wireless/rndis_wlan.c
2596 @@ -2835,7 +2835,9 @@ static void rndis_wlan_do_link_up_work(s
2597 bssid, req_ie, req_ie_len,
2598 resp_ie, resp_ie_len, GFP_KERNEL);
2599 } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
2600 - cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL);
2601 + cfg80211_ibss_joined(usbdev->net, bssid,
2602 + get_current_channel(usbdev, NULL),
2607 --- a/net/wireless/ibss.c
2608 +++ b/net/wireless/ibss.c
2610 #include "rdev-ops.h"
2613 -void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid)
2614 +void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
2615 + struct ieee80211_channel *channel)
2617 struct wireless_dev *wdev = dev->ieee80211_ptr;
2618 struct cfg80211_bss *bss;
2619 @@ -28,8 +29,7 @@ void __cfg80211_ibss_joined(struct net_d
2620 if (!wdev->ssid_len)
2623 - bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
2624 - wdev->ssid, wdev->ssid_len,
2625 + bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, NULL, 0,
2626 WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_IBSS);
2629 @@ -54,21 +54,26 @@ void __cfg80211_ibss_joined(struct net_d
2633 -void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp)
2634 +void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
2635 + struct ieee80211_channel *channel, gfp_t gfp)
2637 struct wireless_dev *wdev = dev->ieee80211_ptr;
2638 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
2639 struct cfg80211_event *ev;
2640 unsigned long flags;
2642 - trace_cfg80211_ibss_joined(dev, bssid);
2643 + trace_cfg80211_ibss_joined(dev, bssid, channel);
2645 + if (WARN_ON(!channel))
2648 ev = kzalloc(sizeof(*ev), gfp);
2652 ev->type = EVENT_IBSS_JOINED;
2653 - memcpy(ev->cr.bssid, bssid, ETH_ALEN);
2654 + memcpy(ev->ij.bssid, bssid, ETH_ALEN);
2655 + ev->ij.channel = channel;
2657 spin_lock_irqsave(&wdev->event_lock, flags);
2658 list_add_tail(&ev->list, &wdev->event_list);
2659 @@ -117,6 +122,7 @@ int __cfg80211_join_ibss(struct cfg80211
2661 wdev->ibss_fixed = params->channel_fixed;
2662 wdev->ibss_dfs_possible = params->userspace_handles_dfs;
2663 + wdev->chandef = params->chandef;
2664 #ifdef CPTCFG_CFG80211_WEXT
2665 wdev->wext.ibss.chandef = params->chandef;
2667 @@ -200,6 +206,7 @@ static void __cfg80211_clear_ibss(struct
2669 wdev->current_bss = NULL;
2671 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
2672 #ifdef CPTCFG_CFG80211_WEXT
2674 wdev->wext.ibss.ssid_len = 0;
2675 --- a/net/wireless/trace.h
2676 +++ b/net/wireless/trace.h
2677 @@ -2278,11 +2278,6 @@ DECLARE_EVENT_CLASS(cfg80211_rx_evt,
2678 TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT, NETDEV_PR_ARG, MAC_PR_ARG(addr))
2681 -DEFINE_EVENT(cfg80211_rx_evt, cfg80211_ibss_joined,
2682 - TP_PROTO(struct net_device *netdev, const u8 *addr),
2683 - TP_ARGS(netdev, addr)
2686 DEFINE_EVENT(cfg80211_rx_evt, cfg80211_rx_spurious_frame,
2687 TP_PROTO(struct net_device *netdev, const u8 *addr),
2688 TP_ARGS(netdev, addr)
2689 @@ -2293,6 +2288,24 @@ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_r
2690 TP_ARGS(netdev, addr)
2693 +TRACE_EVENT(cfg80211_ibss_joined,
2694 + TP_PROTO(struct net_device *netdev, const u8 *bssid,
2695 + struct ieee80211_channel *channel),
2696 + TP_ARGS(netdev, bssid, channel),
2704 + MAC_ASSIGN(bssid, bssid);
2705 + CHAN_ASSIGN(channel);
2707 + TP_printk(NETDEV_PR_FMT ", bssid: " MAC_PR_FMT ", " CHAN_PR_FMT,
2708 + NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG)
2711 TRACE_EVENT(cfg80211_probe_status,
2712 TP_PROTO(struct net_device *netdev, const u8 *addr, u64 cookie,
2714 --- a/net/wireless/util.c
2715 +++ b/net/wireless/util.c
2716 @@ -820,7 +820,8 @@ void cfg80211_process_wdev_events(struct
2717 ev->dc.reason, true);
2719 case EVENT_IBSS_JOINED:
2720 - __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid);
2721 + __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid,
2726 @@ -1356,7 +1357,7 @@ int cfg80211_can_use_iftype_chan(struct
2728 mutex_lock_nested(&wdev_iter->mtx, 1);
2729 __acquire(wdev_iter->mtx);
2730 - cfg80211_get_chan_state(wdev_iter, &ch, &chmode);
2731 + cfg80211_get_chan_state(wdev_iter, &ch, &chmode, &radar_detect);
2732 wdev_unlock(wdev_iter);
2735 --- a/net/wireless/chan.c
2736 +++ b/net/wireless/chan.c
2737 @@ -642,7 +642,8 @@ int cfg80211_set_monitor_channel(struct
2739 cfg80211_get_chan_state(struct wireless_dev *wdev,
2740 struct ieee80211_channel **chan,
2741 - enum cfg80211_chan_mode *chanmode)
2742 + enum cfg80211_chan_mode *chanmode,
2746 *chanmode = CHAN_MODE_UNDEFINED;
2747 @@ -660,6 +661,11 @@ cfg80211_get_chan_state(struct wireless_
2748 !wdev->ibss_dfs_possible)
2750 : CHAN_MODE_EXCLUSIVE;
2752 + /* consider worst-case - IBSS can try to return to the
2753 + * original user-specified channel as creator */
2754 + if (wdev->ibss_dfs_possible)
2755 + *radar_detect |= BIT(wdev->chandef.width);
2759 @@ -674,17 +680,26 @@ cfg80211_get_chan_state(struct wireless_
2760 case NL80211_IFTYPE_AP:
2761 case NL80211_IFTYPE_P2P_GO:
2762 if (wdev->cac_started) {
2763 - *chan = wdev->channel;
2764 + *chan = wdev->chandef.chan;
2765 *chanmode = CHAN_MODE_SHARED;
2766 + *radar_detect |= BIT(wdev->chandef.width);
2767 } else if (wdev->beacon_interval) {
2768 - *chan = wdev->channel;
2769 + *chan = wdev->chandef.chan;
2770 *chanmode = CHAN_MODE_SHARED;
2772 + if (cfg80211_chandef_dfs_required(wdev->wiphy,
2774 + *radar_detect |= BIT(wdev->chandef.width);
2777 case NL80211_IFTYPE_MESH_POINT:
2778 if (wdev->mesh_id_len) {
2779 - *chan = wdev->channel;
2780 + *chan = wdev->chandef.chan;
2781 *chanmode = CHAN_MODE_SHARED;
2783 + if (cfg80211_chandef_dfs_required(wdev->wiphy,
2785 + *radar_detect |= BIT(wdev->chandef.width);
2788 case NL80211_IFTYPE_MONITOR:
2789 --- a/net/wireless/mesh.c
2790 +++ b/net/wireless/mesh.c
2791 @@ -195,7 +195,7 @@ int __cfg80211_join_mesh(struct cfg80211
2793 memcpy(wdev->ssid, setup->mesh_id, setup->mesh_id_len);
2794 wdev->mesh_id_len = setup->mesh_id_len;
2795 - wdev->channel = setup->chandef.chan;
2796 + wdev->chandef = setup->chandef;
2800 @@ -244,7 +244,7 @@ int cfg80211_set_mesh_channel(struct cfg
2801 err = rdev_libertas_set_mesh_channel(rdev, wdev->netdev,
2804 - wdev->channel = chandef->chan;
2805 + wdev->chandef = *chandef;
2809 @@ -276,7 +276,7 @@ static int __cfg80211_leave_mesh(struct
2810 err = rdev_leave_mesh(rdev, dev);
2812 wdev->mesh_id_len = 0;
2813 - wdev->channel = NULL;
2814 + memset(&wdev->chandef, 0, sizeof(wdev->chandef));
2815 rdev_set_qos_map(rdev, dev, NULL);
2818 --- a/net/wireless/mlme.c
2819 +++ b/net/wireless/mlme.c
2820 @@ -772,7 +772,7 @@ void cfg80211_cac_event(struct net_devic
2821 if (WARN_ON(!wdev->cac_started))
2824 - if (WARN_ON(!wdev->channel))
2825 + if (WARN_ON(!wdev->chandef.chan))
2829 --- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
2830 +++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
2831 @@ -5065,6 +5065,10 @@ static u16 ar9003_hw_get_max_edge_power(
2836 + if (is2GHz && !twiceMaxEdgePower)
2837 + twiceMaxEdgePower = 60;
2839 return twiceMaxEdgePower;
2842 --- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c
2843 +++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c
2845 #define MAX_MEASUREMENT MAX_IQCAL_MEASUREMENT
2846 #define MAX_MAG_DELTA 11
2847 #define MAX_PHS_DELTA 10
2851 - int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
2852 - int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
2853 + int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
2854 + int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
2858 @@ -800,7 +801,7 @@ static bool ar9003_hw_calc_iq_corr(struc
2862 - iqc_coeff[0] = (q_q_coff * 128) + q_i_coff;
2863 + iqc_coeff[0] = (q_q_coff * 128) + (0x7f & q_i_coff);
2865 ath_dbg(common, CALIBRATE, "tx chain %d: iq corr coeff=%x\n",
2866 chain_idx, iqc_coeff[0]);
2867 @@ -831,7 +832,7 @@ static bool ar9003_hw_calc_iq_corr(struc
2871 - iqc_coeff[1] = (q_q_coff * 128) + q_i_coff;
2872 + iqc_coeff[1] = (q_q_coff * 128) + (0x7f & q_i_coff);
2874 ath_dbg(common, CALIBRATE, "rx chain %d: iq corr coeff=%x\n",
2875 chain_idx, iqc_coeff[1]);
2876 @@ -839,7 +840,8 @@ static bool ar9003_hw_calc_iq_corr(struc
2880 -static void ar9003_hw_detect_outlier(int *mp_coeff, int nmeasurement,
2881 +static void ar9003_hw_detect_outlier(int mp_coeff[][MAXIQCAL],
2885 int mp_max = -64, max_idx = 0;
2886 @@ -848,20 +850,20 @@ static void ar9003_hw_detect_outlier(int
2888 /* find min/max mismatch across all calibrated gains */
2889 for (i = 0; i < nmeasurement; i++) {
2890 - if (mp_coeff[i] > mp_max) {
2891 - mp_max = mp_coeff[i];
2892 + if (mp_coeff[i][0] > mp_max) {
2893 + mp_max = mp_coeff[i][0];
2895 - } else if (mp_coeff[i] < mp_min) {
2896 - mp_min = mp_coeff[i];
2897 + } else if (mp_coeff[i][0] < mp_min) {
2898 + mp_min = mp_coeff[i][0];
2903 /* find average (exclude max abs value) */
2904 for (i = 0; i < nmeasurement; i++) {
2905 - if ((abs(mp_coeff[i]) < abs(mp_max)) ||
2906 - (abs(mp_coeff[i]) < abs(mp_min))) {
2907 - mp_avg += mp_coeff[i];
2908 + if ((abs(mp_coeff[i][0]) < abs(mp_max)) ||
2909 + (abs(mp_coeff[i][0]) < abs(mp_min))) {
2910 + mp_avg += mp_coeff[i][0];
2914 @@ -873,7 +875,7 @@ static void ar9003_hw_detect_outlier(int
2918 - mp_avg = mp_coeff[nmeasurement - 1];
2919 + mp_avg = mp_coeff[nmeasurement - 1][0];
2921 /* detect outlier */
2922 if (abs(mp_max - mp_min) > max_delta) {
2923 @@ -882,15 +884,16 @@ static void ar9003_hw_detect_outlier(int
2925 outlier_idx = min_idx;
2927 - mp_coeff[outlier_idx] = mp_avg;
2928 + mp_coeff[outlier_idx][0] = mp_avg;
2932 -static void ar9003_hw_tx_iqcal_load_avg_2_passes(struct ath_hw *ah,
2933 - struct coeff *coeff,
2935 +static void ar9003_hw_tx_iq_cal_outlier_detection(struct ath_hw *ah,
2936 + struct coeff *coeff,
2939 int i, im, nmeasurement;
2940 + int magnitude, phase;
2941 u32 tx_corr_coeff[MAX_MEASUREMENT][AR9300_MAX_CHAINS];
2942 struct ath9k_hw_cal_data *caldata = ah->caldata;
2944 @@ -920,21 +923,30 @@ static void ar9003_hw_tx_iqcal_load_avg_
2945 if (nmeasurement > MAX_MEASUREMENT)
2946 nmeasurement = MAX_MEASUREMENT;
2948 - /* detect outlier only if nmeasurement > 1 */
2949 - if (nmeasurement > 1) {
2950 - /* Detect magnitude outlier */
2951 - ar9003_hw_detect_outlier(coeff->mag_coeff[i],
2952 - nmeasurement, MAX_MAG_DELTA);
2954 - /* Detect phase outlier */
2955 - ar9003_hw_detect_outlier(coeff->phs_coeff[i],
2956 - nmeasurement, MAX_PHS_DELTA);
2958 + * Skip normal outlier detection for AR9550.
2960 + if (!AR_SREV_9550(ah)) {
2961 + /* detect outlier only if nmeasurement > 1 */
2962 + if (nmeasurement > 1) {
2963 + /* Detect magnitude outlier */
2964 + ar9003_hw_detect_outlier(coeff->mag_coeff[i],
2968 + /* Detect phase outlier */
2969 + ar9003_hw_detect_outlier(coeff->phs_coeff[i],
2975 for (im = 0; im < nmeasurement; im++) {
2976 + magnitude = coeff->mag_coeff[i][im][0];
2977 + phase = coeff->phs_coeff[i][im][0];
2979 - coeff->iqc_coeff[0] = (coeff->mag_coeff[i][im] & 0x7f) |
2980 - ((coeff->phs_coeff[i][im] & 0x7f) << 7);
2981 + coeff->iqc_coeff[0] =
2982 + (phase & 0x7f) | ((magnitude & 0x7f) << 7);
2985 REG_RMW_FIELD(ah, tx_corr_coeff[im][i],
2986 @@ -991,7 +1003,63 @@ static bool ar9003_hw_tx_iq_cal_run(stru
2990 -static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah, bool is_reusable)
2991 +static void __ar955x_tx_iq_cal_sort(struct ath_hw *ah,
2992 + struct coeff *coeff,
2993 + int i, int nmeasurement)
2995 + struct ath_common *common = ath9k_hw_common(ah);
2996 + int im, ix, iy, temp;
2998 + for (im = 0; im < nmeasurement; im++) {
2999 + for (ix = 0; ix < MAXIQCAL - 1; ix++) {
3000 + for (iy = ix + 1; iy <= MAXIQCAL - 1; iy++) {
3001 + if (coeff->mag_coeff[i][im][iy] <
3002 + coeff->mag_coeff[i][im][ix]) {
3003 + temp = coeff->mag_coeff[i][im][ix];
3004 + coeff->mag_coeff[i][im][ix] =
3005 + coeff->mag_coeff[i][im][iy];
3006 + coeff->mag_coeff[i][im][iy] = temp;
3008 + if (coeff->phs_coeff[i][im][iy] <
3009 + coeff->phs_coeff[i][im][ix]) {
3010 + temp = coeff->phs_coeff[i][im][ix];
3011 + coeff->phs_coeff[i][im][ix] =
3012 + coeff->phs_coeff[i][im][iy];
3013 + coeff->phs_coeff[i][im][iy] = temp;
3017 + coeff->mag_coeff[i][im][0] = coeff->mag_coeff[i][im][MAXIQCAL / 2];
3018 + coeff->phs_coeff[i][im][0] = coeff->phs_coeff[i][im][MAXIQCAL / 2];
3020 + ath_dbg(common, CALIBRATE,
3021 + "IQCAL: Median [ch%d][gain%d]: mag = %d phase = %d\n",
3023 + coeff->mag_coeff[i][im][0],
3024 + coeff->phs_coeff[i][im][0]);
3028 +static bool ar955x_tx_iq_cal_median(struct ath_hw *ah,
3029 + struct coeff *coeff,
3035 + if ((iqcal_idx + 1) != MAXIQCAL)
3038 + for (i = 0; i < AR9300_MAX_CHAINS; i++) {
3039 + __ar955x_tx_iq_cal_sort(ah, coeff, i, nmeasurement);
3045 +static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah,
3049 struct ath_common *common = ath9k_hw_common(ah);
3050 const u32 txiqcal_status[AR9300_MAX_CHAINS] = {
3051 @@ -1004,10 +1072,11 @@ static void ar9003_hw_tx_iq_cal_post_pro
3052 AR_PHY_CHAN_INFO_TAB_1,
3053 AR_PHY_CHAN_INFO_TAB_2,
3055 - struct coeff coeff;
3056 + static struct coeff coeff;
3060 + int nmeasurement = 0;
3061 + bool outlier_detect = true;
3063 for (i = 0; i < AR9300_MAX_CHAINS; i++) {
3064 if (!(ah->txchainmask & (1 << i)))
3065 @@ -1065,17 +1134,23 @@ static void ar9003_hw_tx_iq_cal_post_pro
3069 - coeff.mag_coeff[i][im] = coeff.iqc_coeff[0] & 0x7f;
3070 - coeff.phs_coeff[i][im] =
3071 + coeff.phs_coeff[i][im][iqcal_idx] =
3072 + coeff.iqc_coeff[0] & 0x7f;
3073 + coeff.mag_coeff[i][im][iqcal_idx] =
3074 (coeff.iqc_coeff[0] >> 7) & 0x7f;
3076 - if (coeff.mag_coeff[i][im] > 63)
3077 - coeff.mag_coeff[i][im] -= 128;
3078 - if (coeff.phs_coeff[i][im] > 63)
3079 - coeff.phs_coeff[i][im] -= 128;
3080 + if (coeff.mag_coeff[i][im][iqcal_idx] > 63)
3081 + coeff.mag_coeff[i][im][iqcal_idx] -= 128;
3082 + if (coeff.phs_coeff[i][im][iqcal_idx] > 63)
3083 + coeff.phs_coeff[i][im][iqcal_idx] -= 128;
3086 - ar9003_hw_tx_iqcal_load_avg_2_passes(ah, &coeff, is_reusable);
3088 + if (AR_SREV_9550(ah))
3089 + outlier_detect = ar955x_tx_iq_cal_median(ah, &coeff,
3090 + iqcal_idx, nmeasurement);
3091 + if (outlier_detect)
3092 + ar9003_hw_tx_iq_cal_outlier_detection(ah, &coeff, is_reusable);
3096 @@ -1409,7 +1484,7 @@ skip_tx_iqcal:
3100 - ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
3101 + ar9003_hw_tx_iq_cal_post_proc(ah, 0, is_reusable);
3102 else if (caldata && test_bit(TXIQCAL_DONE, &caldata->cal_flags))
3103 ar9003_hw_tx_iq_cal_reload(ah);
3105 @@ -1455,14 +1530,38 @@ skip_tx_iqcal:
3109 +static bool do_ar9003_agc_cal(struct ath_hw *ah)
3111 + struct ath_common *common = ath9k_hw_common(ah);
3114 + REG_WRITE(ah, AR_PHY_AGC_CONTROL,
3115 + REG_READ(ah, AR_PHY_AGC_CONTROL) |
3116 + AR_PHY_AGC_CONTROL_CAL);
3118 + status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
3119 + AR_PHY_AGC_CONTROL_CAL,
3120 + 0, AH_WAIT_TIMEOUT);
3122 + ath_dbg(common, CALIBRATE,
3123 + "offset calibration failed to complete in %d ms,"
3124 + "noisy environment?\n",
3125 + AH_WAIT_TIMEOUT / 1000);
3132 static bool ar9003_hw_init_cal_soc(struct ath_hw *ah,
3133 struct ath9k_channel *chan)
3135 struct ath_common *common = ath9k_hw_common(ah);
3136 struct ath9k_hw_cal_data *caldata = ah->caldata;
3137 bool txiqcal_done = false;
3138 - bool is_reusable = true, status = true;
3139 + bool status = true;
3140 bool run_agc_cal = false, sep_iq_cal = false;
3143 /* Use chip chainmask only for calibration */
3144 ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask);
3145 @@ -1485,7 +1584,12 @@ static bool ar9003_hw_init_cal_soc(struc
3146 * AGC calibration. Specifically, AR9550 in SoC chips.
3148 if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) {
3149 - txiqcal_done = true;
3150 + if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0,
3151 + AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) {
3152 + txiqcal_done = true;
3154 + txiqcal_done = false;
3159 @@ -1512,27 +1616,37 @@ skip_tx_iqcal:
3160 if (AR_SREV_9330_11(ah))
3161 ar9003_hw_manual_peak_cal(ah, 0, IS_CHAN_2GHZ(chan));
3163 - /* Calibrate the AGC */
3164 - REG_WRITE(ah, AR_PHY_AGC_CONTROL,
3165 - REG_READ(ah, AR_PHY_AGC_CONTROL) |
3166 - AR_PHY_AGC_CONTROL_CAL);
3168 - /* Poll for offset calibration complete */
3169 - status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
3170 - AR_PHY_AGC_CONTROL_CAL,
3171 - 0, AH_WAIT_TIMEOUT);
3174 + * For non-AR9550 chips, we just trigger AGC calibration
3175 + * in the HW, poll for completion and then process
3178 + * For AR955x, we run it multiple times and use
3179 + * median IQ correction.
3181 + if (!AR_SREV_9550(ah)) {
3182 + status = do_ar9003_agc_cal(ah);
3187 - ath_dbg(common, CALIBRATE,
3188 - "offset calibration failed to complete in %d ms; noisy environment?\n",
3189 - AH_WAIT_TIMEOUT / 1000);
3192 + ar9003_hw_tx_iq_cal_post_proc(ah, 0, false);
3194 + if (!txiqcal_done) {
3195 + status = do_ar9003_agc_cal(ah);
3199 + for (i = 0; i < MAXIQCAL; i++) {
3200 + status = do_ar9003_agc_cal(ah);
3203 + ar9003_hw_tx_iq_cal_post_proc(ah, i, false);
3210 - ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
3212 /* Revert chainmask to runtime parameters */
3213 ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask);
3215 --- a/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h
3216 +++ b/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h
3221 +#include <linux/cache.h>
3223 #include "rtl818x.h"
3226 @@ -139,7 +141,10 @@ struct rtl8187_priv {
3233 + u8 dummy1[L1_CACHE_BYTES];
3234 + } ____cacheline_aligned;
3235 struct sk_buff_head queue;
3236 } b_tx_status; /* This queue is used by both -b and non-b devices */
3237 struct mutex io_mutex;
3238 @@ -147,7 +152,8 @@ struct rtl8187_priv {
3243 + u8 dummy2[L1_CACHE_BYTES];
3244 + } *io_dmabuf ____cacheline_aligned;
3248 --- a/net/mac80211/wme.c
3249 +++ b/net/mac80211/wme.c
3250 @@ -154,6 +154,11 @@ u16 ieee80211_select_queue(struct ieee80
3251 return IEEE80211_AC_BE;
3254 + if (skb->protocol == sdata->control_port_protocol) {
3255 + skb->priority = 7;
3256 + return ieee80211_downgrade_queue(sdata, skb);
3259 /* use the data classifier to determine what 802.1d tag the
3262 --- a/drivers/net/wireless/ath/ath9k/xmit.c
3263 +++ b/drivers/net/wireless/ath/ath9k/xmit.c
3264 @@ -1444,14 +1444,16 @@ void ath_tx_aggr_sleep(struct ieee80211_
3265 for (tidno = 0, tid = &an->tid[tidno];
3266 tidno < IEEE80211_NUM_TIDS; tidno++, tid++) {
3274 ath_txq_lock(sc, txq);
3276 + if (!tid->sched) {
3277 + ath_txq_unlock(sc, txq);
3281 buffered = ath_tid_has_buffered(tid);
3284 @@ -2184,14 +2186,15 @@ int ath_tx_start(struct ieee80211_hw *hw
3285 txq->stopped = true;
3289 + tid = ath_get_skb_tid(sc, txctl->an, skb);
3291 if (info->flags & IEEE80211_TX_CTL_PS_RESPONSE) {
3292 ath_txq_unlock(sc, txq);
3293 txq = sc->tx.uapsdq;
3294 ath_txq_lock(sc, txq);
3295 } else if (txctl->an &&
3296 ieee80211_is_data_present(hdr->frame_control)) {
3297 - tid = ath_get_skb_tid(sc, txctl->an, skb);
3299 WARN_ON(tid->ac->txq != txctl->txq);
3301 if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
3302 --- a/drivers/net/wireless/ath/ath9k/init.c
3303 +++ b/drivers/net/wireless/ath/ath9k/init.c
3304 @@ -943,6 +943,7 @@ static void ath9k_set_hw_capab(struct at
3305 hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
3306 hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_5_10_MHZ;
3307 hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
3308 + hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
3312 --- a/net/mac80211/ieee80211_i.h
3313 +++ b/net/mac80211/ieee80211_i.h
3314 @@ -1700,14 +1700,8 @@ void ieee80211_stop_queue_by_reason(stru
3315 void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue);
3316 void ieee80211_add_pending_skb(struct ieee80211_local *local,
3317 struct sk_buff *skb);
3318 -void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
3319 - struct sk_buff_head *skbs,
3320 - void (*fn)(void *data), void *data);
3321 -static inline void ieee80211_add_pending_skbs(struct ieee80211_local *local,
3322 - struct sk_buff_head *skbs)
3324 - ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL);
3326 +void ieee80211_add_pending_skbs(struct ieee80211_local *local,
3327 + struct sk_buff_head *skbs);
3328 void ieee80211_flush_queues(struct ieee80211_local *local,
3329 struct ieee80211_sub_if_data *sdata);
3331 --- a/net/mac80211/sta_info.c
3332 +++ b/net/mac80211/sta_info.c
3333 @@ -91,7 +91,7 @@ static int sta_info_hash_del(struct ieee
3337 -static void cleanup_single_sta(struct sta_info *sta)
3338 +static void __cleanup_single_sta(struct sta_info *sta)
3341 struct tid_ampdu_tx *tid_tx;
3342 @@ -99,7 +99,8 @@ static void cleanup_single_sta(struct st
3343 struct ieee80211_local *local = sdata->local;
3346 - if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
3347 + if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
3348 + test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
3349 if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
3350 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3351 ps = &sdata->bss->ps;
3352 @@ -109,6 +110,7 @@ static void cleanup_single_sta(struct st
3355 clear_sta_flag(sta, WLAN_STA_PS_STA);
3356 + clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
3358 atomic_dec(&ps->num_sta_ps);
3359 sta_info_recalc_tim(sta);
3360 @@ -139,7 +141,14 @@ static void cleanup_single_sta(struct st
3361 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
3366 +static void cleanup_single_sta(struct sta_info *sta)
3368 + struct ieee80211_sub_if_data *sdata = sta->sdata;
3369 + struct ieee80211_local *local = sdata->local;
3371 + __cleanup_single_sta(sta);
3372 sta_info_free(local, sta);
3375 @@ -330,6 +339,7 @@ struct sta_info *sta_info_alloc(struct i
3378 spin_lock_init(&sta->lock);
3379 + spin_lock_init(&sta->ps_lock);
3380 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
3381 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
3382 mutex_init(&sta->ampdu_mlme.mtx);
3383 @@ -487,21 +497,26 @@ static int sta_info_insert_finish(struct
3387 - /* notify driver */
3388 - err = sta_info_insert_drv_state(local, sdata, sta);
3393 local->sta_generation++;
3396 + /* simplify things and don't accept BA sessions yet */
3397 + set_sta_flag(sta, WLAN_STA_BLOCK_BA);
3399 /* make the station visible */
3400 sta_info_hash_add(local, sta);
3402 list_add_rcu(&sta->list, &local->sta_list);
3404 + /* notify driver */
3405 + err = sta_info_insert_drv_state(local, sdata, sta);
3409 set_sta_flag(sta, WLAN_STA_INSERTED);
3410 + /* accept BA sessions now */
3411 + clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
3413 ieee80211_recalc_min_chandef(sdata);
3414 ieee80211_sta_debugfs_add(sta);
3415 @@ -522,6 +537,12 @@ static int sta_info_insert_finish(struct
3416 mesh_accept_plinks_update(sdata);
3420 + sta_info_hash_del(local, sta);
3421 + list_del_rcu(&sta->list);
3423 + synchronize_net();
3424 + __cleanup_single_sta(sta);
3426 mutex_unlock(&local->sta_mtx);
3428 @@ -1071,10 +1092,14 @@ struct ieee80211_sta *ieee80211_find_sta
3430 EXPORT_SYMBOL(ieee80211_find_sta);
3432 -static void clear_sta_ps_flags(void *_sta)
3433 +/* powersave support code */
3434 +void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
3436 - struct sta_info *sta = _sta;
3437 struct ieee80211_sub_if_data *sdata = sta->sdata;
3438 + struct ieee80211_local *local = sdata->local;
3439 + struct sk_buff_head pending;
3440 + int filtered = 0, buffered = 0, ac;
3441 + unsigned long flags;
3444 if (sdata->vif.type == NL80211_IFTYPE_AP ||
3445 @@ -1085,20 +1110,6 @@ static void clear_sta_ps_flags(void *_st
3449 - clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
3450 - if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
3451 - atomic_dec(&ps->num_sta_ps);
3454 -/* powersave support code */
3455 -void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
3457 - struct ieee80211_sub_if_data *sdata = sta->sdata;
3458 - struct ieee80211_local *local = sdata->local;
3459 - struct sk_buff_head pending;
3460 - int filtered = 0, buffered = 0, ac;
3461 - unsigned long flags;
3463 clear_sta_flag(sta, WLAN_STA_SP);
3465 BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1);
3466 @@ -1109,6 +1120,8 @@ void ieee80211_sta_ps_deliver_wakeup(str
3468 skb_queue_head_init(&pending);
3470 + /* sync with ieee80211_tx_h_unicast_ps_buf */
3471 + spin_lock(&sta->ps_lock);
3472 /* Send all buffered frames to the station */
3473 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3474 int count = skb_queue_len(&pending), tmp;
3475 @@ -1127,7 +1140,12 @@ void ieee80211_sta_ps_deliver_wakeup(str
3476 buffered += tmp - count;
3479 - ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta);
3480 + ieee80211_add_pending_skbs(local, &pending);
3481 + clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
3482 + clear_sta_flag(sta, WLAN_STA_PS_STA);
3483 + spin_unlock(&sta->ps_lock);
3485 + atomic_dec(&ps->num_sta_ps);
3487 /* This station just woke up and isn't aware of our SMPS state */
3488 if (!ieee80211_smps_is_restrictive(sta->known_smps_mode,
3489 --- a/net/mac80211/sta_info.h
3490 +++ b/net/mac80211/sta_info.h
3491 @@ -267,6 +267,7 @@ struct ieee80211_tx_latency_stat {
3492 * @drv_unblock_wk: used for driver PS unblocking
3493 * @listen_interval: listen interval of this station, when we're acting as AP
3494 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly
3495 + * @ps_lock: used for powersave (when mac80211 is the AP) related locking
3496 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station
3497 * when it leaves power saving state or polls
3498 * @tx_filtered: buffers (per AC) of frames we already tried to
3499 @@ -356,10 +357,8 @@ struct sta_info {
3500 /* use the accessors defined below */
3501 unsigned long _flags;
3504 - * STA powersave frame queues, no more than the internal
3505 - * locking required.
3507 + /* STA powersave lock and frame queues */
3508 + spinlock_t ps_lock;
3509 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS];
3510 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS];
3511 unsigned long driver_buffered_tids;
3512 --- a/net/mac80211/util.c
3513 +++ b/net/mac80211/util.c
3514 @@ -435,9 +435,8 @@ void ieee80211_add_pending_skb(struct ie
3515 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3518 -void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
3519 - struct sk_buff_head *skbs,
3520 - void (*fn)(void *data), void *data)
3521 +void ieee80211_add_pending_skbs(struct ieee80211_local *local,
3522 + struct sk_buff_head *skbs)
3524 struct ieee80211_hw *hw = &local->hw;
3525 struct sk_buff *skb;
3526 @@ -461,9 +460,6 @@ void ieee80211_add_pending_skbs_fn(struc
3527 __skb_queue_tail(&local->pending[queue], skb);
3533 for (i = 0; i < hw->queues; i++)
3534 __ieee80211_wake_queue(hw, i,
3535 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
3536 --- a/net/wireless/reg.c
3537 +++ b/net/wireless/reg.c
3538 @@ -1700,7 +1700,7 @@ static void reg_process_hint(struct regu
3540 case NL80211_REGDOM_SET_BY_USER:
3541 treatment = reg_process_hint_user(reg_request);
3542 - if (treatment == REG_REQ_OK ||
3543 + if (treatment == REG_REQ_IGNORE ||
3544 treatment == REG_REQ_ALREADY_SET)
3546 schedule_delayed_work(®_timeout, msecs_to_jiffies(3142));
3547 --- a/drivers/net/wireless/ath/ath9k/debug.c
3548 +++ b/drivers/net/wireless/ath/ath9k/debug.c
3549 @@ -866,6 +866,12 @@ static ssize_t read_file_reset(struct fi
3550 "%17s: %2d\n", "PLL RX Hang",
3551 sc->debug.stats.reset[RESET_TYPE_PLL_HANG]);
3552 len += scnprintf(buf + len, sizeof(buf) - len,
3553 + "%17s: %2d\n", "MAC Hang",
3554 + sc->debug.stats.reset[RESET_TYPE_MAC_HANG]);
3555 + len += scnprintf(buf + len, sizeof(buf) - len,
3556 + "%17s: %2d\n", "Stuck Beacon",
3557 + sc->debug.stats.reset[RESET_TYPE_BEACON_STUCK]);
3558 + len += scnprintf(buf + len, sizeof(buf) - len,
3559 "%17s: %2d\n", "MCI Reset",
3560 sc->debug.stats.reset[RESET_TYPE_MCI]);
3562 --- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
3563 +++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
3564 @@ -868,10 +868,6 @@ static void ar9003_hw_set_rfmode(struct
3566 if (IS_CHAN_A_FAST_CLOCK(ah, chan))
3567 rfMode |= (AR_PHY_MODE_DYNAMIC | AR_PHY_MODE_DYN_CCK_DISABLE);
3568 - if (IS_CHAN_QUARTER_RATE(chan))
3569 - rfMode |= AR_PHY_MODE_QUARTER;
3570 - if (IS_CHAN_HALF_RATE(chan))
3571 - rfMode |= AR_PHY_MODE_HALF;
3573 if (rfMode & (AR_PHY_MODE_QUARTER | AR_PHY_MODE_HALF))
3574 REG_RMW_FIELD(ah, AR_PHY_FRAME_CTL,
3575 --- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c
3576 +++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c
3577 @@ -706,6 +706,7 @@ ath5k_get_survey(struct ieee80211_hw *hw
3578 survey->channel = conf->chandef.chan;
3579 survey->noise = ah->ah_noise_floor;
3580 survey->filled = SURVEY_INFO_NOISE_DBM |
3581 + SURVEY_INFO_IN_USE |
3582 SURVEY_INFO_CHANNEL_TIME |
3583 SURVEY_INFO_CHANNEL_TIME_BUSY |
3584 SURVEY_INFO_CHANNEL_TIME_RX |
3585 --- a/drivers/net/wireless/ath/ath9k/recv.c
3586 +++ b/drivers/net/wireless/ath/ath9k/recv.c
3587 @@ -732,11 +732,18 @@ static struct ath_rxbuf *ath_get_next_rx
3591 - * mark descriptor as zero-length and set the 'more'
3592 - * flag to ensure that both buffers get discarded
3593 + * Re-check previous descriptor, in case it has been filled
3594 + * in the mean time.
3596 - rs->rs_datalen = 0;
3597 - rs->rs_more = true;
3598 + ret = ath9k_hw_rxprocdesc(ah, ds, rs);
3599 + if (ret == -EINPROGRESS) {
3601 + * mark descriptor as zero-length and set the 'more'
3602 + * flag to ensure that both buffers get discarded
3604 + rs->rs_datalen = 0;
3605 + rs->rs_more = true;
3609 list_del(&bf->list);
3610 @@ -985,32 +992,32 @@ static int ath9k_rx_skb_preprocess(struc
3611 struct ath_common *common = ath9k_hw_common(ah);
3612 struct ieee80211_hdr *hdr;
3613 bool discard_current = sc->rx.discard_next;
3617 * Discard corrupt descriptors which are marked in
3618 * ath_get_next_rx_buf().
3620 - sc->rx.discard_next = rx_stats->rs_more;
3621 if (discard_current)
3625 + sc->rx.discard_next = false;
3628 * Discard zero-length packets.
3630 if (!rx_stats->rs_datalen) {
3631 RX_STAT_INC(rx_len_err);
3637 - * rs_status follows rs_datalen so if rs_datalen is too large
3638 - * we can take a hint that hardware corrupted it, so ignore
3642 + * rs_status follows rs_datalen so if rs_datalen is too large
3643 + * we can take a hint that hardware corrupted it, so ignore
3646 if (rx_stats->rs_datalen > (common->rx_bufsize - ah->caps.rx_status_len)) {
3647 RX_STAT_INC(rx_len_err);
3652 /* Only use status info from the last fragment */
3653 @@ -1024,10 +1031,8 @@ static int ath9k_rx_skb_preprocess(struc
3654 * This is different from the other corrupt descriptor
3655 * condition handled above.
3657 - if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) {
3661 + if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC)
3664 hdr = (struct ieee80211_hdr *) (skb->data + ah->caps.rx_status_len);
3666 @@ -1043,18 +1048,15 @@ static int ath9k_rx_skb_preprocess(struc
3667 if (ath_process_fft(sc, hdr, rx_stats, rx_status->mactime))
3668 RX_STAT_INC(rx_spectral);
3676 * everything but the rate is checked here, the rate check is done
3677 * separately to avoid doing two lookups for a rate for each frame.
3679 - if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) {
3683 + if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error))
3686 if (ath_is_mybeacon(common, hdr)) {
3687 RX_STAT_INC(rx_beacons);
3688 @@ -1064,15 +1066,11 @@ static int ath9k_rx_skb_preprocess(struc
3690 * This shouldn't happen, but have a safety check anyway.
3692 - if (WARN_ON(!ah->curchan)) {
3696 + if (WARN_ON(!ah->curchan))
3699 - if (ath9k_process_rate(common, hw, rx_stats, rx_status)) {
3703 + if (ath9k_process_rate(common, hw, rx_stats, rx_status))
3706 ath9k_process_rssi(common, hw, rx_stats, rx_status);
3708 @@ -1087,9 +1085,11 @@ static int ath9k_rx_skb_preprocess(struc
3713 - sc->rx.discard_next = false;
3718 + sc->rx.discard_next = rx_stats->rs_more;
3722 static void ath9k_rx_skb_postprocess(struct ath_common *common,
3723 --- a/drivers/net/wireless/ath/ath9k/ani.c
3724 +++ b/drivers/net/wireless/ath/ath9k/ani.c
3725 @@ -176,16 +176,26 @@ static void ath9k_hw_set_ofdm_nil(struct
3726 if (ah->opmode == NL80211_IFTYPE_STATION &&
3727 BEACON_RSSI(ah) <= ATH9K_ANI_RSSI_THR_HIGH)
3731 - * OFDM Weak signal detection is always enabled for AP mode.
3732 + * Newer chipsets are better at dealing with high PHY error counts -
3733 + * keep weak signal detection enabled when no RSSI threshold is
3734 + * available to determine if it is needed (mode != STA)
3736 - if (ah->opmode != NL80211_IFTYPE_AP &&
3737 - aniState->ofdmWeakSigDetect != weak_sig) {
3738 - ath9k_hw_ani_control(ah,
3739 - ATH9K_ANI_OFDM_WEAK_SIGNAL_DETECTION,
3740 - entry_ofdm->ofdm_weak_signal_on);
3742 + else if (AR_SREV_9300_20_OR_LATER(ah) &&
3743 + ah->opmode != NL80211_IFTYPE_STATION)
3746 + /* Older chipsets are more sensitive to high PHY error counts */
3747 + else if (!AR_SREV_9300_20_OR_LATER(ah) &&
3748 + aniState->ofdmNoiseImmunityLevel >= 8)
3751 + if (aniState->ofdmWeakSigDetect != weak_sig)
3752 + ath9k_hw_ani_control(ah, ATH9K_ANI_OFDM_WEAK_SIGNAL_DETECTION,
3755 + if (!AR_SREV_9300_20_OR_LATER(ah))
3758 if (aniState->ofdmNoiseImmunityLevel >= ATH9K_ANI_OFDM_DEF_LEVEL) {
3759 ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH;
3760 @@ -483,10 +493,17 @@ void ath9k_hw_ani_init(struct ath_hw *ah
3762 ath_dbg(common, ANI, "Initialize ANI\n");
3764 - ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH;
3765 - ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW;
3766 - ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH;
3767 - ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW;
3768 + if (AR_SREV_9300_20_OR_LATER(ah)) {
3769 + ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH;
3770 + ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW;
3771 + ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH;
3772 + ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW;
3774 + ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH_OLD;
3775 + ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW_OLD;
3776 + ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH_OLD;
3777 + ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW_OLD;
3780 ani->spurImmunityLevel = ATH9K_ANI_SPUR_IMMUNE_LVL;
3781 ani->firstepLevel = ATH9K_ANI_FIRSTEP_LVL;
3782 --- a/drivers/net/wireless/ath/ath9k/ani.h
3783 +++ b/drivers/net/wireless/ath/ath9k/ani.h
3785 /* units are errors per second */
3786 #define ATH9K_ANI_OFDM_TRIG_HIGH 3500
3787 #define ATH9K_ANI_OFDM_TRIG_HIGH_BELOW_INI 1000
3788 +#define ATH9K_ANI_OFDM_TRIG_HIGH_OLD 500
3790 #define ATH9K_ANI_OFDM_TRIG_LOW 400
3791 #define ATH9K_ANI_OFDM_TRIG_LOW_ABOVE_INI 900
3792 +#define ATH9K_ANI_OFDM_TRIG_LOW_OLD 200
3794 #define ATH9K_ANI_CCK_TRIG_HIGH 600
3795 +#define ATH9K_ANI_CCK_TRIG_HIGH_OLD 200
3796 #define ATH9K_ANI_CCK_TRIG_LOW 300
3797 +#define ATH9K_ANI_CCK_TRIG_LOW_OLD 100
3799 #define ATH9K_ANI_SPUR_IMMUNE_LVL 3
3800 #define ATH9K_ANI_FIRSTEP_LVL 2
projects / openwrt.git / blob