- /**
-- * struct nl80211_wowlan_pattern_support - pattern support information
-+ * struct nl80211_pattern_support - packet pattern support information
- * @max_patterns: maximum number of patterns supported
- * @min_pattern_len: minimum length of each pattern
- * @max_pattern_len: maximum length of each pattern
-@@ -3101,13 +3131,22 @@ enum nl80211_wowlan_packet_pattern_attr
- * that is part of %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED in the
- * capability information given by the kernel to userspace.
- */
--struct nl80211_wowlan_pattern_support {
-+struct nl80211_pattern_support {
- __u32 max_patterns;
- __u32 min_pattern_len;
- __u32 max_pattern_len;
- __u32 max_pkt_offset;
- } __attribute__((packed));
-
-+/* only for backward compatibility */
-+#define __NL80211_WOWLAN_PKTPAT_INVALID __NL80211_PKTPAT_INVALID
-+#define NL80211_WOWLAN_PKTPAT_MASK NL80211_PKTPAT_MASK
-+#define NL80211_WOWLAN_PKTPAT_PATTERN NL80211_PKTPAT_PATTERN
-+#define NL80211_WOWLAN_PKTPAT_OFFSET NL80211_PKTPAT_OFFSET
-+#define NUM_NL80211_WOWLAN_PKTPAT NUM_NL80211_PKTPAT
-+#define MAX_NL80211_WOWLAN_PKTPAT MAX_NL80211_PKTPAT
-+#define nl80211_wowlan_pattern_support nl80211_pattern_support
-+
- /**
- * enum nl80211_wowlan_triggers - WoWLAN trigger definitions
- * @__NL80211_WOWLAN_TRIG_INVALID: invalid number for nested attributes
-@@ -3127,7 +3166,7 @@ struct nl80211_wowlan_pattern_support {
- * pattern matching is done after the packet is converted to the MSDU.
- *
- * In %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED, it is a binary attribute
-- * carrying a &struct nl80211_wowlan_pattern_support.
-+ * carrying a &struct nl80211_pattern_support.
- *
- * When reporting wakeup. it is a u32 attribute containing the 0-based
- * index of the pattern that caused the wakeup, in the patterns passed
-@@ -3284,7 +3323,7 @@ struct nl80211_wowlan_tcp_data_token_fea
- * @NL80211_WOWLAN_TCP_WAKE_PAYLOAD: wake packet payload, for advertising a
- * u32 attribute holding the maximum length
- * @NL80211_WOWLAN_TCP_WAKE_MASK: Wake packet payload mask, not used for
-- * feature advertising. The mask works like @NL80211_WOWLAN_PKTPAT_MASK
-+ * feature advertising. The mask works like @NL80211_PKTPAT_MASK
- * but on the TCP payload only.
- * @NUM_NL80211_WOWLAN_TCP: number of TCP attributes
- * @MAX_NL80211_WOWLAN_TCP: highest attribute number
---- a/net/mac80211/mesh_ps.c
-+++ b/net/mac80211/mesh_ps.c
-@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(str
- enum nl80211_mesh_power_mode pm;
- bool do_buffer;
-
-+ /* For non-assoc STA, prevent buffering or frame transmission */
-+ if (sta->sta_state < IEEE80211_STA_ASSOC)
-+ return;
-+
- /*
- * use peer-specific power mode if peering is established and the
- * peer's power mode is known
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -349,6 +349,11 @@ static const struct nla_policy nl80211_p
- [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
- .len = IEEE80211_MAX_DATA_LEN },
- [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
-+ [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
-+ [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
-+ [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
-+ [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
-+ [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
- };
-
- /* policy for the key attributes */
-@@ -441,10 +446,12 @@ static int nl80211_prepare_wdev_dump(str
- goto out_unlock;
- }
- *rdev = wiphy_to_dev((*wdev)->wiphy);
-- cb->args[0] = (*rdev)->wiphy_idx;
-+ /* 0 is the first index - add 1 to parse only once */
-+ cb->args[0] = (*rdev)->wiphy_idx + 1;
- cb->args[1] = (*wdev)->identifier;
- } else {
-- struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
-+ /* subtract the 1 again here */
-+ struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
- struct wireless_dev *tmp;
-
- if (!wiphy) {
-@@ -974,7 +981,7 @@ static int nl80211_send_wowlan(struct sk
- return -ENOBUFS;
-
- if (dev->wiphy.wowlan->n_patterns) {
-- struct nl80211_wowlan_pattern_support pat = {
-+ struct nl80211_pattern_support pat = {
- .max_patterns = dev->wiphy.wowlan->n_patterns,
- .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
- .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
-@@ -1393,6 +1400,8 @@ static int nl80211_send_wiphy(struct cfg
- if (state->split) {
- CMD(crit_proto_start, CRIT_PROTOCOL_START);
- CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
-+ if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
-+ CMD(channel_switch, CHANNEL_SWITCH);
- }
-
- #ifdef CPTCFG_NL80211_TESTMODE
-@@ -1568,8 +1577,10 @@ static int nl80211_dump_wiphy(struct sk_
- rtnl_lock();
- if (!state) {
- state = kzalloc(sizeof(*state), GFP_KERNEL);
-- if (!state)
-+ if (!state) {
-+ rtnl_unlock();
- return -ENOMEM;
-+ }
- state->filter_wiphy = -1;
- ret = nl80211_dump_wiphy_parse(skb, cb, state);
- if (ret) {
-@@ -2620,8 +2631,8 @@ static int nl80211_get_key(struct sk_buf
-
- hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
- NL80211_CMD_NEW_KEY);
-- if (IS_ERR(hdr))
-- return PTR_ERR(hdr);
-+ if (!hdr)
-+ return -ENOBUFS;
-
- cookie.msg = msg;
- cookie.idx = key_idx;
-@@ -4770,9 +4781,9 @@ do { \
- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
- mask, NL80211_MESHCONF_FORWARDING,
- nla_get_u8);
-- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255,
-+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
- mask, NL80211_MESHCONF_RSSI_THRESHOLD,
-- nla_get_u32);
-+ nla_get_s32);
- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
- mask, NL80211_MESHCONF_HT_OPMODE,
- nla_get_u16);
-@@ -5578,6 +5589,111 @@ static int nl80211_start_radar_detection
- return err;
- }
-
-+static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
-+{
-+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
-+ struct net_device *dev = info->user_ptr[1];
-+ struct wireless_dev *wdev = dev->ieee80211_ptr;
-+ struct cfg80211_csa_settings params;
-+ /* csa_attrs is defined static to avoid waste of stack size - this
-+ * function is called under RTNL lock, so this should not be a problem.
-+ */
-+ static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
-+ u8 radar_detect_width = 0;
-+ int err;
-+
-+ if (!rdev->ops->channel_switch ||
-+ !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
-+ return -EOPNOTSUPP;
-+
-+ /* may add IBSS support later */
-+ if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
-+ dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
-+ return -EOPNOTSUPP;
-+
-+ memset(¶ms, 0, sizeof(params));
-+
-+ if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
-+ !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
-+ return -EINVAL;
-+
-+ /* only important for AP, IBSS and mesh create IEs internally */
-+ if (!info->attrs[NL80211_ATTR_CSA_IES])
-+ return -EINVAL;
-+
-+ /* useless if AP is not running */
-+ if (!wdev->beacon_interval)
-+ return -EINVAL;
-+
-+ params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
-+
-+ err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after);
-+ if (err)
-+ return err;
-+
-+ err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
-+ info->attrs[NL80211_ATTR_CSA_IES],
-+ nl80211_policy);
-+ if (err)
-+ return err;
-+
-+ err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa);
-+ if (err)
-+ return err;
-+
-+ if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
-+ return -EINVAL;
-+
-+ params.counter_offset_beacon =
-+ nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
-+ if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
-+ return -EINVAL;
-+
-+ /* sanity check - counters should be the same */
-+ if (params.beacon_csa.tail[params.counter_offset_beacon] !=
-+ params.count)
-+ return -EINVAL;
-+
-+ if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
-+ params.counter_offset_presp =
-+ nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
-+ if (params.counter_offset_presp >=
-+ params.beacon_csa.probe_resp_len)
-+ return -EINVAL;
-+
-+ if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
-+ params.count)
-+ return -EINVAL;
-+ }
-+
-+ err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
-+ if (err)
-+ return err;
-+
-+ if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef))
-+ return -EINVAL;
-+
-+ err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef);
-+ if (err < 0) {
-+ return err;
-+ } else if (err) {
-+ radar_detect_width = BIT(params.chandef.width);
-+ params.radar_required = true;
-+ }
-+
-+ err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
-+ params.chandef.chan,
-+ CHAN_MODE_SHARED,
-+ radar_detect_width);
-+ if (err)
-+ return err;
-+
-+ if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
-+ params.block_tx = true;
-+
-+ return rdev_channel_switch(rdev, dev, ¶ms);
-+}
-+
- static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
- u32 seq, int flags,
- struct cfg80211_registered_device *rdev,
-@@ -6507,6 +6623,9 @@ static int nl80211_testmode_dump(struct
- NL80211_CMD_TESTMODE);
- struct nlattr *tmdata;
-
-+ if (!hdr)
-+ break;
-+
- if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
- genlmsg_cancel(skb, hdr);
- break;
-@@ -6615,12 +6734,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_ev
-
- void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
- {
-+ struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
- void *hdr = ((void **)skb->cb)[1];
- struct nlattr *data = ((void **)skb->cb)[2];
-
- nla_nest_end(skb, data);
- genlmsg_end(skb, hdr);
-- genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
-+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
-+ nl80211_testmode_mcgrp.id, gfp);
- }
- EXPORT_SYMBOL(cfg80211_testmode_event);
- #endif
-@@ -6949,9 +7070,8 @@ static int nl80211_remain_on_channel(str
-
- hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
- NL80211_CMD_REMAIN_ON_CHANNEL);
--
-- if (IS_ERR(hdr)) {
-- err = PTR_ERR(hdr);
-+ if (!hdr) {
-+ err = -ENOBUFS;
- goto free_msg;
- }
-
-@@ -7249,9 +7369,8 @@ static int nl80211_tx_mgmt(struct sk_buf
-
- hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
- NL80211_CMD_FRAME);
--
-- if (IS_ERR(hdr)) {
-- err = PTR_ERR(hdr);
-+ if (!hdr) {
-+ err = -ENOBUFS;
- goto free_msg;
- }
- }
-@@ -7593,12 +7712,11 @@ static int nl80211_send_wowlan_patterns(
- if (!nl_pat)
- return -ENOBUFS;
- pat_len = wowlan->patterns[i].pattern_len;
-- if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
-- DIV_ROUND_UP(pat_len, 8),
-+ if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
- wowlan->patterns[i].mask) ||
-- nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
-- pat_len, wowlan->patterns[i].pattern) ||
-- nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
-+ nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
-+ wowlan->patterns[i].pattern) ||
-+ nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
- wowlan->patterns[i].pkt_offset))
- return -ENOBUFS;
- nla_nest_end(msg, nl_pat);
-@@ -7939,7 +8057,7 @@ static int nl80211_set_wowlan(struct sk_
- struct nlattr *pat;
- int n_patterns = 0;
- int rem, pat_len, mask_len, pkt_offset;
-- struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
-+ struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
-
- nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
- rem)
-@@ -7958,26 +8076,25 @@ static int nl80211_set_wowlan(struct sk_
-
- nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
- rem) {
-- nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
-- nla_data(pat), nla_len(pat), NULL);
-+ nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
-+ nla_len(pat), NULL);
- err = -EINVAL;
-- if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
-- !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
-+ if (!pat_tb[NL80211_PKTPAT_MASK] ||
-+ !pat_tb[NL80211_PKTPAT_PATTERN])
- goto error;
-- pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
-+ pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
- mask_len = DIV_ROUND_UP(pat_len, 8);
-- if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
-- mask_len)
-+ if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
- goto error;
- if (pat_len > wowlan->pattern_max_len ||
- pat_len < wowlan->pattern_min_len)
- goto error;
-
-- if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
-+ if (!pat_tb[NL80211_PKTPAT_OFFSET])
- pkt_offset = 0;
- else
- pkt_offset = nla_get_u32(
-- pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
-+ pat_tb[NL80211_PKTPAT_OFFSET]);
- if (pkt_offset > wowlan->max_pkt_offset)
- goto error;
- new_triggers.patterns[i].pkt_offset = pkt_offset;
-@@ -7991,11 +8108,11 @@ static int nl80211_set_wowlan(struct sk_
- new_triggers.patterns[i].pattern =
- new_triggers.patterns[i].mask + mask_len;
- memcpy(new_triggers.patterns[i].mask,
-- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
-+ nla_data(pat_tb[NL80211_PKTPAT_MASK]),
- mask_len);
- new_triggers.patterns[i].pattern_len = pat_len;
- memcpy(new_triggers.patterns[i].pattern,
-- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
-+ nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
- pat_len);
- i++;
- }
-@@ -8130,9 +8247,8 @@ static int nl80211_probe_client(struct s
-
- hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
- NL80211_CMD_PROBE_CLIENT);
--
-- if (IS_ERR(hdr)) {
-- err = PTR_ERR(hdr);
-+ if (!hdr) {
-+ err = -ENOBUFS;
- goto free_msg;
- }
-
-@@ -9041,7 +9157,15 @@ static struct genl_ops nl80211_ops[] = {
- .flags = GENL_ADMIN_PERM,
- .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
- NL80211_FLAG_NEED_RTNL,
-- }
-+ },
-+ {
-+ .cmd = NL80211_CMD_CHANNEL_SWITCH,
-+ .doit = nl80211_channel_switch,
-+ .policy = nl80211_policy,
-+ .flags = GENL_ADMIN_PERM,
-+ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
-+ NL80211_FLAG_NEED_RTNL,
-+ },
- };
-
- static struct genl_multicast_group nl80211_mlme_mcgrp = {
-@@ -10066,7 +10190,8 @@ void cfg80211_mgmt_tx_status(struct wire
-
- genlmsg_end(msg, hdr);
-
-- genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
-+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
-+ nl80211_mlme_mcgrp.id, gfp);
- return;
-
- nla_put_failure:
---- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
-@@ -2247,10 +2247,13 @@ int reg_device_uevent(struct device *dev
-
- void wiphy_regulatory_register(struct wiphy *wiphy)
- {
-+ struct regulatory_request *lr;
-+
- if (!reg_dev_ignore_cell_hint(wiphy))
- reg_num_devs_support_basehint++;
-
-- wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
-+ lr = get_last_request();
-+ wiphy_update_regulatory(wiphy, lr->initiator);
- }
-
- void wiphy_regulatory_deregister(struct wiphy *wiphy)
-@@ -2279,7 +2282,9 @@ void wiphy_regulatory_deregister(struct
- static void reg_timeout_work(struct work_struct *work)
- {
- REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n");
-+ rtnl_lock();
- restore_regulatory_settings(true);
-+ rtnl_unlock();
- }
-
- int __init regulatory_init(void)
---- a/net/wireless/sme.c
-+++ b/net/wireless/sme.c
-@@ -34,8 +34,10 @@ struct cfg80211_conn {
- CFG80211_CONN_SCAN_AGAIN,
- CFG80211_CONN_AUTHENTICATE_NEXT,
- CFG80211_CONN_AUTHENTICATING,
-+ CFG80211_CONN_AUTH_FAILED,
- CFG80211_CONN_ASSOCIATE_NEXT,
- CFG80211_CONN_ASSOCIATING,
-+ CFG80211_CONN_ASSOC_FAILED,
- CFG80211_CONN_DEAUTH,
- CFG80211_CONN_CONNECTED,
- } state;
-@@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct
- NULL, 0,
- params->key, params->key_len,
- params->key_idx, NULL, 0);
-+ case CFG80211_CONN_AUTH_FAILED:
-+ return -ENOTCONN;
- case CFG80211_CONN_ASSOCIATE_NEXT:
- BUG_ON(!rdev->ops->assoc);
- wdev->conn->state = CFG80211_CONN_ASSOCIATING;
-@@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct
- WLAN_REASON_DEAUTH_LEAVING,
- false);
- return err;
-+ case CFG80211_CONN_ASSOC_FAILED:
-+ cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-+ NULL, 0,
-+ WLAN_REASON_DEAUTH_LEAVING, false);
-+ return -ENOTCONN;
- case CFG80211_CONN_DEAUTH:
- cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
- NULL, 0,
- WLAN_REASON_DEAUTH_LEAVING, false);
-+ /* free directly, disconnected event already sent */
-+ cfg80211_sme_free(wdev);
- return 0;
- default:
- return 0;
-@@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct w
- return true;
- }
-
-- wdev->conn->state = CFG80211_CONN_DEAUTH;
-+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
- schedule_work(&rdev->conn_work);
- return false;
- }
-@@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless
-
- void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
- {
-- cfg80211_sme_free(wdev);
-+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+ if (!wdev->conn)
-+ return;
-+
-+ wdev->conn->state = CFG80211_CONN_AUTH_FAILED;
-+ schedule_work(&rdev->conn_work);
- }
-
- void cfg80211_sme_disassoc(struct wireless_dev *wdev)
-@@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wirele
-
- void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
- {
-- cfg80211_sme_disassoc(wdev);
-+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+ if (!wdev->conn)
-+ return;
-+
-+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
-+ schedule_work(&rdev->conn_work);
- }
-
- static int cfg80211_sme_connect(struct wireless_dev *wdev,
-@@ -953,21 +976,19 @@ int cfg80211_disconnect(struct cfg80211_
- struct net_device *dev, u16 reason, bool wextev)
- {
- struct wireless_dev *wdev = dev->ieee80211_ptr;
-- int err;
-+ int err = 0;
-
- ASSERT_WDEV_LOCK(wdev);
-
- kfree(wdev->connect_keys);
- wdev->connect_keys = NULL;
-
-- if (wdev->conn) {
-+ if (wdev->conn)
- err = cfg80211_sme_disconnect(wdev, reason);
-- } else if (!rdev->ops->disconnect) {
-+ else if (!rdev->ops->disconnect)
- cfg80211_mlme_down(rdev, dev);
-- err = 0;
-- } else {
-+ else if (wdev->current_bss)
- err = rdev_disconnect(rdev, dev, reason);
-- }
-
- return err;
- }
---- a/net/mac80211/rc80211_minstrel.c
-+++ b/net/mac80211/rc80211_minstrel.c
-@@ -203,6 +203,15 @@ minstrel_update_stats(struct minstrel_pr
- memcpy(mi->max_tp_rate, tmp_tp_rate, sizeof(mi->max_tp_rate));
- mi->max_prob_rate = tmp_prob_rate;
-
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+ /* use fixed index if set */
-+ if (mp->fixed_rate_idx != -1) {
-+ mi->max_tp_rate[0] = mp->fixed_rate_idx;
-+ mi->max_tp_rate[1] = mp->fixed_rate_idx;
-+ mi->max_prob_rate = mp->fixed_rate_idx;
-+ }
-+#endif
-+
- /* Reset update timer */
- mi->stats_update = jiffies;
-
-@@ -290,7 +299,7 @@ minstrel_get_rate(void *priv, struct iee
- struct minstrel_rate *msr, *mr;
- unsigned int ndx;
- bool mrr_capable;
-- bool prev_sample = mi->prev_sample;
-+ bool prev_sample;
- int delta;
- int sampling_ratio;
-
-@@ -310,10 +319,16 @@ minstrel_get_rate(void *priv, struct iee
- /* increase sum packet counter */
- mi->packet_count++;
-
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+ if (mp->fixed_rate_idx != -1)
-+ return;
-+#endif
-+
- delta = (mi->packet_count * sampling_ratio / 100) -
- (mi->sample_count + mi->sample_deferred / 2);
-
- /* delta < 0: no sampling required */
-+ prev_sample = mi->prev_sample;
- mi->prev_sample = false;
- if (delta < 0 || (!mrr_capable && prev_sample))
- return;
---- a/drivers/net/wireless/rt2x00/rt2x00queue.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -936,13 +936,8 @@ void rt2x00queue_index_inc(struct queue_
- spin_unlock_irqrestore(&queue->index_lock, irqflags);
- }
-
--void rt2x00queue_pause_queue(struct data_queue *queue)
-+void rt2x00queue_pause_queue_nocheck(struct data_queue *queue)
- {
-- if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
-- !test_bit(QUEUE_STARTED, &queue->flags) ||
-- test_and_set_bit(QUEUE_PAUSED, &queue->flags))
-- return;
--
- switch (queue->qid) {
- case QID_AC_VO:
- case QID_AC_VI:
-@@ -958,6 +953,15 @@ void rt2x00queue_pause_queue(struct data
- break;
- }
- }
-+void rt2x00queue_pause_queue(struct data_queue *queue)
-+{
-+ if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
-+ !test_bit(QUEUE_STARTED, &queue->flags) ||
-+ test_and_set_bit(QUEUE_PAUSED, &queue->flags))
-+ return;
-+
-+ rt2x00queue_pause_queue_nocheck(queue);
-+}
- EXPORT_SYMBOL_GPL(rt2x00queue_pause_queue);
-
- void rt2x00queue_unpause_queue(struct data_queue *queue)
-@@ -1019,7 +1023,7 @@ void rt2x00queue_stop_queue(struct data_
- return;
- }
-
-- rt2x00queue_pause_queue(queue);
-+ rt2x00queue_pause_queue_nocheck(queue);
-
- queue->rt2x00dev->ops->lib->stop_queue(queue);
-
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -31,10 +31,12 @@
- #include "led.h"
-
- #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
-+#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
- #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
- #define IEEE80211_AUTH_MAX_TRIES 3
- #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
- #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
-+#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
- #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
- #define IEEE80211_ASSOC_MAX_TRIES 3
-
-@@ -209,8 +211,9 @@ ieee80211_determine_chantype(struct ieee
- struct ieee80211_channel *channel,
- const struct ieee80211_ht_operation *ht_oper,
- const struct ieee80211_vht_operation *vht_oper,
-- struct cfg80211_chan_def *chandef, bool verbose)
-+ struct cfg80211_chan_def *chandef, bool tracking)
- {
-+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
- struct cfg80211_chan_def vht_chandef;
- u32 ht_cfreq, ret;
-
-@@ -229,7 +232,7 @@ ieee80211_determine_chantype(struct ieee
- ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
- channel->band);
- /* check that channel matches the right operating channel */
-- if (channel->center_freq != ht_cfreq) {
-+ if (!tracking && channel->center_freq != ht_cfreq) {
- /*
- * It's possible that some APs are confused here;
- * Netgear WNDR3700 sometimes reports 4 higher than
-@@ -237,11 +240,10 @@ ieee80211_determine_chantype(struct ieee
- * since we look at probe response/beacon data here
- * it should be OK.
- */
-- if (verbose)
-- sdata_info(sdata,
-- "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
-- channel->center_freq, ht_cfreq,
-- ht_oper->primary_chan, channel->band);
-+ sdata_info(sdata,
-+ "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
-+ channel->center_freq, ht_cfreq,
-+ ht_oper->primary_chan, channel->band);
- ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
- goto out;
- }
-@@ -295,7 +297,7 @@ ieee80211_determine_chantype(struct ieee
- channel->band);
- break;
- default:
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
- vht_oper->chan_width);
-@@ -304,7 +306,7 @@ ieee80211_determine_chantype(struct ieee
- }
-
- if (!cfg80211_chandef_valid(&vht_chandef)) {
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT information is invalid, disable VHT\n");
- ret = IEEE80211_STA_DISABLE_VHT;
-@@ -317,7 +319,7 @@ ieee80211_determine_chantype(struct ieee
- }
-
- if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT information doesn't match HT, disable VHT\n");
- ret = IEEE80211_STA_DISABLE_VHT;
-@@ -333,18 +335,27 @@ out:
- if (ret & IEEE80211_STA_DISABLE_VHT)
- vht_chandef = *chandef;
-
-+ /*
-+ * Ignore the DISABLED flag when we're already connected and only
-+ * tracking the APs beacon for bandwidth changes - otherwise we
-+ * might get disconnected here if we connect to an AP, update our
-+ * regulatory information based on the AP's country IE and the
-+ * information we have is wrong/outdated and disables the channel
-+ * that we're actually using for the connection to the AP.
-+ */
- while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
-- IEEE80211_CHAN_DISABLED)) {
-+ tracking ? 0 :
-+ IEEE80211_CHAN_DISABLED)) {
- if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
- ret = IEEE80211_STA_DISABLE_HT |
- IEEE80211_STA_DISABLE_VHT;
-- goto out;
-+ break;
- }
-
- ret |= chandef_downgrade(chandef);
- }
-
-- if (chandef->width != vht_chandef.width && verbose)
-+ if (chandef->width != vht_chandef.width && !tracking)
- sdata_info(sdata,
- "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
-
-@@ -384,7 +395,7 @@ static int ieee80211_config_bw(struct ie
-
- /* calculate new channel (type) based on HT/VHT operation IEs */
- flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
-- vht_oper, &chandef, false);
-+ vht_oper, &chandef, true);
-
- /*
- * Downgrade the new channel if we associated with restricted
-@@ -1043,6 +1054,13 @@ ieee80211_sta_process_chanswitch(struct
- if (!ieee80211_operating_class_to_band(
- elems->ext_chansw_ie->new_operating_class,
- &new_band)) {
-+ /*
-+ * Some APs send invalid ECSA IEs in probe response
-+ * frames, so check for these and ignore them.
-+ */
-+ if (beacon && elems->ext_chansw_ie->new_ch_num == 0 &&
-+ elems->ext_chansw_ie->new_operating_class == 0)
-+ return;
- sdata_info(sdata,
- "cannot understand ECSA IE operating class %d, disconnecting\n",
- elems->ext_chansw_ie->new_operating_class);
-@@ -1110,6 +1128,15 @@ ieee80211_sta_process_chanswitch(struct
- case -1:
- cfg80211_chandef_create(&new_chandef, new_chan,
- NL80211_CHAN_NO_HT);
-+ /* keep width for 5/10 MHz channels */
-+ switch (sdata->vif.bss_conf.chandef.width) {
-+ case NL80211_CHAN_WIDTH_5:
-+ case NL80211_CHAN_WIDTH_10:
-+ new_chandef.width = sdata->vif.bss_conf.chandef.width;
-+ break;
-+ default:
-+ break;
-+ }
- break;
- }
-
-@@ -3394,10 +3421,13 @@ static int ieee80211_probe_auth(struct i
-
- if (tx_flags == 0) {
- auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
-- ifmgd->auth_data->timeout_started = true;
-+ auth_data->timeout_started = true;
- run_again(sdata, auth_data->timeout);
- } else {
-- auth_data->timeout_started = false;
-+ auth_data->timeout =
-+ round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
-+ auth_data->timeout_started = true;
-+ run_again(sdata, auth_data->timeout);
- }
-
- return 0;
-@@ -3434,7 +3464,11 @@ static int ieee80211_do_assoc(struct iee
- assoc_data->timeout_started = true;
- run_again(sdata, assoc_data->timeout);
- } else {
-- assoc_data->timeout_started = false;
-+ assoc_data->timeout =
-+ round_jiffies_up(jiffies +
-+ IEEE80211_ASSOC_TIMEOUT_LONG);
-+ assoc_data->timeout_started = true;
-+ run_again(sdata, assoc_data->timeout);
- }
-
- return 0;
-@@ -3829,7 +3863,7 @@ static int ieee80211_prep_channel(struct
- ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
- cbss->channel,
- ht_oper, vht_oper,
-- &chandef, true);
-+ &chandef, false);
-
- sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
- local->rx_chains);
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -772,6 +772,7 @@ void cfg80211_leave(struct cfg80211_regi
- cfg80211_leave_mesh(rdev, dev);
- break;
- case NL80211_IFTYPE_AP:
-+ case NL80211_IFTYPE_P2P_GO:
- cfg80211_stop_ap(rdev, dev);
- break;
- default:
---- a/drivers/net/wireless/rtlwifi/Kconfig
-+++ b/drivers/net/wireless/rtlwifi/Kconfig
-@@ -1,29 +1,22 @@
--config RTLWIFI
-- tristate "Realtek wireless card support"
-+menuconfig RTL_CARDS
-+ tristate "Realtek rtlwifi family of devices"
- depends on m
-- depends on MAC80211
-- select BACKPORT_FW_LOADER
-- ---help---
-- This is common code for RTL8192CE/RTL8192CU/RTL8192SE/RTL8723AE
-- drivers. This module does nothing by itself - the various front-end
-- drivers need to be enabled to support any desired devices.
--
-- If you choose to build as a module, it'll be called rtlwifi.
--
--config RTLWIFI_DEBUG
-- bool "Debugging output for rtlwifi driver family"
-- depends on RTLWIFI
-+ depends on MAC80211 && (PCI || USB)
- default y
- ---help---
-- To use the module option that sets the dynamic-debugging level for,
-- the front-end driver, this parameter must be "Y". For memory-limited
-- systems, choose "N". If in doubt, choose "Y".
-+ This option will enable support for the Realtek mac80211-based
-+ wireless drivers. Drivers rtl8192ce, rtl8192cu, rtl8192se, rtl8192de,
-+ rtl8723eu, and rtl8188eu share some common code.
-+
-+if RTL_CARDS
-
- config RTL8192CE
- tristate "Realtek RTL8192CE/RTL8188CE Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
- select RTL8192C_COMMON
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192CE/RTL8188CE 802.11n PCIe
- wireless network adapters.
-@@ -33,7 +26,9 @@ config RTL8192CE
- config RTL8192SE
- tristate "Realtek RTL8192SE/RTL8191SE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192SE/RTL8191SE 802.11n PCIe
- wireless network adapters.
-@@ -43,7 +38,9 @@ config RTL8192SE
- config RTL8192DE
- tristate "Realtek RTL8192DE/RTL8188DE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192DE/RTL8188DE 802.11n PCIe
- wireless network adapters.
-@@ -53,7 +50,9 @@ config RTL8192DE
- config RTL8723AE
- tristate "Realtek RTL8723AE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8723AE 802.11n PCIe
- wireless network adapters.
-@@ -63,7 +62,9 @@ config RTL8723AE
- config RTL8188EE
- tristate "Realtek RTL8188EE Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8188EE 802.11n PCIe
- wireless network adapters.
-@@ -73,7 +74,9 @@ config RTL8188EE
- config RTL8192CU
- tristate "Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && USB
-+ depends on USB
-+ select RTLWIFI
-+ select RTLWIFI_USB
- select RTL8192C_COMMON
- ---help---
- This is the driver for Realtek RTL8192CU/RTL8188CU 802.11n USB
-@@ -81,8 +84,32 @@ config RTL8192CU
-
- If you choose to build it as a module, it will be called rtl8192cu
-
-+config RTLWIFI
-+ tristate
-+ depends on m
-+ select BACKPORT_FW_LOADER
-+
-+config RTLWIFI_PCI
-+ tristate
-+ depends on m
-+
-+config RTLWIFI_USB
-+ tristate
-+ depends on m
-+
-+config RTLWIFI_DEBUG
-+ bool "Debugging output for rtlwifi driver family"
-+ depends on RTLWIFI
-+ default y
-+ ---help---
-+ To use the module option that sets the dynamic-debugging level for,
-+ the front-end driver, this parameter must be "Y". For memory-limited
-+ systems, choose "N". If in doubt, choose "Y".
-+
- config RTL8192C_COMMON
- tristate
- depends on m
- depends on RTL8192CE || RTL8192CU
-- default m
-+ default y
-+
-+endif
---- a/drivers/net/wireless/rtlwifi/Makefile
-+++ b/drivers/net/wireless/rtlwifi/Makefile
-@@ -12,13 +12,11 @@ rtlwifi-objs := \
-
- rtl8192c_common-objs += \
-
--ifneq ($(CONFIG_PCI),)
--rtlwifi-objs += pci.o
--endif
-+obj-$(CPTCFG_RTLWIFI_PCI) += rtl_pci.o
-+rtl_pci-objs := pci.o
-
--ifneq ($(CONFIG_USB),)
--rtlwifi-objs += usb.o
--endif
-+obj-$(CPTCFG_RTLWIFI_USB) += rtl_usb.o
-+rtl_usb-objs := usb.o
-
- obj-$(CPTCFG_RTL8192C_COMMON) += rtl8192c/
- obj-$(CPTCFG_RTL8192CE) += rtl8192ce/
---- a/drivers/net/wireless/rtlwifi/ps.h
-+++ b/drivers/net/wireless/rtlwifi/ps.h
-@@ -49,5 +49,6 @@ void rtl_swlps_rf_awake(struct ieee80211
- void rtl_swlps_rf_sleep(struct ieee80211_hw *hw);
- void rtl_p2p_ps_cmd(struct ieee80211_hw *hw, u8 p2p_ps_state);
- void rtl_p2p_info(struct ieee80211_hw *hw, void *data, unsigned int len);
-+void rtl_lps_change_work_callback(struct work_struct *work);
-
- #endif
---- a/drivers/net/wireless/rtlwifi/base.c
-+++ b/drivers/net/wireless/rtlwifi/base.c
-@@ -173,6 +173,7 @@ u8 rtl_tid_to_ac(u8 tid)
- {
- return tid_to_ac[tid];
- }
-+EXPORT_SYMBOL_GPL(rtl_tid_to_ac);
-
- static void _rtl_init_hw_ht_capab(struct ieee80211_hw *hw,
- struct ieee80211_sta_ht_cap *ht_cap)
-@@ -407,6 +408,7 @@ void rtl_deinit_deferred_work(struct iee
- cancel_delayed_work(&rtlpriv->works.ps_rfon_wq);
- cancel_delayed_work(&rtlpriv->works.fwevt_wq);
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_deferred_work);
-
- void rtl_init_rfkill(struct ieee80211_hw *hw)
- {
-@@ -440,6 +442,7 @@ void rtl_deinit_rfkill(struct ieee80211_
- {
- wiphy_rfkill_stop_polling(hw->wiphy);
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_rfkill);
-
- int rtl_init_core(struct ieee80211_hw *hw)
- {
-@@ -490,10 +493,12 @@ int rtl_init_core(struct ieee80211_hw *h
-
- return 0;
- }
-+EXPORT_SYMBOL_GPL(rtl_init_core);
-
- void rtl_deinit_core(struct ieee80211_hw *hw)
- {
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_core);
-
- void rtl_init_rx_config(struct ieee80211_hw *hw)
- {
-@@ -502,6 +507,7 @@ void rtl_init_rx_config(struct ieee80211
-
- rtlpriv->cfg->ops->get_hw_reg(hw, HW_VAR_RCR, (u8 *) (&mac->rx_conf));
- }
-+EXPORT_SYMBOL_GPL(rtl_init_rx_config);
-
- /*********************************************************
- *
-@@ -880,6 +886,7 @@ bool rtl_tx_mgmt_proc(struct ieee80211_h
-
- return true;
- }
-+EXPORT_SYMBOL_GPL(rtl_tx_mgmt_proc);
-
- void rtl_get_tcb_desc(struct ieee80211_hw *hw,
- struct ieee80211_tx_info *info,
-@@ -1053,6 +1060,7 @@ bool rtl_action_proc(struct ieee80211_hw
-
- return true;
- }
-+EXPORT_SYMBOL_GPL(rtl_action_proc);
-
- /*should call before software enc*/
- u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
-@@ -1126,6 +1134,7 @@ u8 rtl_is_special_data(struct ieee80211_
-
- return false;
- }
-+EXPORT_SYMBOL_GPL(rtl_is_special_data);
-
- /*********************************************************
- *
-@@ -1301,6 +1310,7 @@ void rtl_beacon_statistic(struct ieee802
-
- rtlpriv->link_info.bcn_rx_inperiod++;
- }
-+EXPORT_SYMBOL_GPL(rtl_beacon_statistic);
-
- void rtl_watchdog_wq_callback(void *data)
- {
-@@ -1794,6 +1804,7 @@ void rtl_recognize_peer(struct ieee80211
-
- mac->vendor = vendor;
- }
-+EXPORT_SYMBOL_GPL(rtl_recognize_peer);
-
- /*********************************************************
- *
-@@ -1850,6 +1861,7 @@ struct attribute_group rtl_attribute_gro
- .name = "rtlsysfs",
- .attrs = rtl_sysfs_entries,
- };
-+EXPORT_SYMBOL_GPL(rtl_attribute_group);
-
- MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
- MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-@@ -1857,7 +1869,8 @@ MODULE_AUTHOR("Larry Finger <Larry.FInge
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Realtek 802.11n PCI wireless core");
-
--struct rtl_global_var global_var = {};
-+struct rtl_global_var rtl_global_var = {};
-+EXPORT_SYMBOL_GPL(rtl_global_var);
-
- static int __init rtl_core_module_init(void)
- {
-@@ -1865,8 +1878,8 @@ static int __init rtl_core_module_init(v
- pr_err("Unable to register rtl_rc, use default RC !!\n");
-
- /* init some global vars */
-- INIT_LIST_HEAD(&global_var.glb_priv_list);
-- spin_lock_init(&global_var.glb_list_lock);
-+ INIT_LIST_HEAD(&rtl_global_var.glb_priv_list);
-+ spin_lock_init(&rtl_global_var.glb_list_lock);
-
- return 0;
- }
---- a/drivers/net/wireless/rtlwifi/base.h
-+++ b/drivers/net/wireless/rtlwifi/base.h
-@@ -147,7 +147,7 @@ void rtl_recognize_peer(struct ieee80211
- u8 rtl_tid_to_ac(u8 tid);
- extern struct attribute_group rtl_attribute_group;
- void rtl_easy_concurrent_retrytimer_callback(unsigned long data);
--extern struct rtl_global_var global_var;
-+extern struct rtl_global_var rtl_global_var;
- int rtlwifi_rate_mapping(struct ieee80211_hw *hw,
- bool isht, u8 desc_rate, bool first_ampdu);
- bool rtl_tx_mgmt_proc(struct ieee80211_hw *hw, struct sk_buff *skb);
---- a/drivers/net/wireless/rtlwifi/core.c
-+++ b/drivers/net/wireless/rtlwifi/core.c
-@@ -1330,3 +1330,4 @@ const struct ieee80211_ops rtl_ops = {
- .rfkill_poll = rtl_op_rfkill_poll,
- .flush = rtl_op_flush,
- };
-+EXPORT_SYMBOL_GPL(rtl_ops);
---- a/drivers/net/wireless/rtlwifi/debug.c
-+++ b/drivers/net/wireless/rtlwifi/debug.c
-@@ -51,3 +51,4 @@ void rtl_dbgp_flag_init(struct ieee80211
-
- /*Init Debug flag enable condition */
- }
-+EXPORT_SYMBOL_GPL(rtl_dbgp_flag_init);
---- a/drivers/net/wireless/rtlwifi/efuse.c
-+++ b/drivers/net/wireless/rtlwifi/efuse.c
-@@ -229,6 +229,7 @@ void read_efuse_byte(struct ieee80211_hw
-
- *pbuf = (u8) (value32 & 0xff);
- }
-+EXPORT_SYMBOL_GPL(read_efuse_byte);
-
- void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf)
- {
---- a/drivers/net/wireless/rtlwifi/pci.c
-+++ b/drivers/net/wireless/rtlwifi/pci.c
-@@ -35,6 +35,13 @@
- #include "efuse.h"
- #include <linux/export.h>
- #include <linux/kmemleak.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("PCI basic driver for rtlwifi");
-
- static const u16 pcibridge_vendors[PCI_BRIDGE_VENDOR_MAX] = {
- PCI_VENDOR_ID_INTEL,
-@@ -1008,19 +1015,6 @@ static void _rtl_pci_prepare_bcn_tasklet
- return;
- }
-
--static void rtl_lps_change_work_callback(struct work_struct *work)
--{
-- struct rtl_works *rtlworks =
-- container_of(work, struct rtl_works, lps_change_work);
-- struct ieee80211_hw *hw = rtlworks->hw;
-- struct rtl_priv *rtlpriv = rtl_priv(hw);
--
-- if (rtlpriv->enter_ps)
-- rtl_lps_enter(hw);
-- else
-- rtl_lps_leave(hw);
--}
--
- static void _rtl_pci_init_trx_var(struct ieee80211_hw *hw)
- {
- struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
-@@ -1899,7 +1893,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
- rtlpriv->rtlhal.interface = INTF_PCI;
- rtlpriv->cfg = (struct rtl_hal_cfg *)(id->driver_data);
- rtlpriv->intf_ops = &rtl_pci_ops;
-- rtlpriv->glb_var = &global_var;
-+ rtlpriv->glb_var = &rtl_global_var;
-
- /*
- *init dbgp flags before all
---- a/drivers/net/wireless/rtlwifi/ps.c
-+++ b/drivers/net/wireless/rtlwifi/ps.c
-@@ -269,6 +269,7 @@ void rtl_ips_nic_on(struct ieee80211_hw
-
- spin_unlock_irqrestore(&rtlpriv->locks.ips_lock, flags);
- }
-+EXPORT_SYMBOL_GPL(rtl_ips_nic_on);
-
- /*for FW LPS*/
-
-@@ -518,6 +519,7 @@ void rtl_swlps_beacon(struct ieee80211_h
- "u_bufferd: %x, m_buffered: %x\n", u_buffed, m_buffed);
- }
- }
-+EXPORT_SYMBOL_GPL(rtl_swlps_beacon);
-
- void rtl_swlps_rf_awake(struct ieee80211_hw *hw)
- {
-@@ -611,6 +613,19 @@ void rtl_swlps_rf_sleep(struct ieee80211
- MSECS(sleep_intv * mac->vif->bss_conf.beacon_int - 40));
- }
-
-+void rtl_lps_change_work_callback(struct work_struct *work)
-+{
-+ struct rtl_works *rtlworks =
-+ container_of(work, struct rtl_works, lps_change_work);
-+ struct ieee80211_hw *hw = rtlworks->hw;
-+ struct rtl_priv *rtlpriv = rtl_priv(hw);
-+
-+ if (rtlpriv->enter_ps)
-+ rtl_lps_enter(hw);
-+ else
-+ rtl_lps_leave(hw);
-+}
-+EXPORT_SYMBOL_GPL(rtl_lps_change_work_callback);
-
- void rtl_swlps_wq_callback(void *data)
- {
-@@ -922,3 +937,4 @@ void rtl_p2p_info(struct ieee80211_hw *h
- else
- rtl_p2p_noa_ie(hw, data, len - FCS_LEN);
- }
-+EXPORT_SYMBOL_GPL(rtl_p2p_info);
---- a/drivers/net/wireless/rtlwifi/usb.c
-+++ b/drivers/net/wireless/rtlwifi/usb.c
-@@ -32,6 +32,13 @@
- #include "ps.h"
- #include "rtl8192c/fw_common.h"
- #include <linux/export.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("USB basic driver for rtlwifi");
-
- #define REALTEK_USB_VENQT_READ 0xC0
- #define REALTEK_USB_VENQT_WRITE 0x40
-@@ -1070,6 +1077,8 @@ int rtl_usb_probe(struct usb_interface *
- spin_lock_init(&rtlpriv->locks.usb_lock);
- INIT_WORK(&rtlpriv->works.fill_h2c_cmd,
- rtl_fill_h2c_cmd_work_callback);
-+ INIT_WORK(&rtlpriv->works.lps_change_work,
-+ rtl_lps_change_work_callback);
-
- rtlpriv->usb_data_index = 0;
- init_completion(&rtlpriv->firmware_loading_complete);
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -72,17 +72,12 @@ struct ath_config {
- /*************************/
-
- #define ATH_TXBUF_RESET(_bf) do { \
-- (_bf)->bf_stale = false; \
- (_bf)->bf_lastbf = NULL; \
- (_bf)->bf_next = NULL; \
- memset(&((_bf)->bf_state), 0, \
- sizeof(struct ath_buf_state)); \
- } while (0)
-
--#define ATH_RXBUF_RESET(_bf) do { \
-- (_bf)->bf_stale = false; \
-- } while (0)
--
- /**
- * enum buffer_type - Buffer type flags
- *
-@@ -137,7 +132,8 @@ int ath_descdma_setup(struct ath_softc *
- #define ATH_AGGR_ENCRYPTDELIM 10
- /* minimum h/w qdepth to be sustained to maximize aggregation */
- #define ATH_AGGR_MIN_QDEPTH 2
--#define ATH_AMPDU_SUBFRAME_DEFAULT 32
-+/* minimum h/w qdepth for non-aggregated traffic */
-+#define ATH_NON_AGGR_MIN_QDEPTH 8
-
- #define IEEE80211_SEQ_SEQ_SHIFT 4
- #define IEEE80211_SEQ_MAX 4096
-@@ -174,12 +170,6 @@ int ath_descdma_setup(struct ath_softc *
-
- #define ATH_TX_COMPLETE_POLL_INT 1000
-
--enum ATH_AGGR_STATUS {
-- ATH_AGGR_DONE,
-- ATH_AGGR_BAW_CLOSED,
-- ATH_AGGR_LIMITED,
--};
--
- #define ATH_TXFIFO_DEPTH 8
- struct ath_txq {
- int mac80211_qnum; /* mac80211 queue number, -1 means not mac80211 Q */
-@@ -201,10 +191,10 @@ struct ath_txq {
-
- struct ath_atx_ac {
- struct ath_txq *txq;
-- int sched;
- struct list_head list;
- struct list_head tid_q;
- bool clear_ps_filter;
-+ bool sched;
- };
-
- struct ath_frame_info {
-@@ -212,14 +202,16 @@ struct ath_frame_info {
- int framelen;
- enum ath9k_key_type keytype;
- u8 keyix;
-- u8 retries;
- u8 rtscts_rate;
-+ u8 retries : 7;
-+ u8 baw_tracked : 1;
- };
-
- struct ath_buf_state {
- u8 bf_type;
- u8 bfs_paprd;
- u8 ndelim;
-+ bool stale;
- u16 seqno;
- unsigned long bfs_paprd_timestamp;
- };
-@@ -233,7 +225,6 @@ struct ath_buf {
- void *bf_desc; /* virtual addr of desc */
- dma_addr_t bf_daddr; /* physical addr of desc */
- dma_addr_t bf_buf_addr; /* physical addr of data buffer, for DMA */
-- bool bf_stale;
- struct ieee80211_tx_rate rates[4];
- struct ath_buf_state bf_state;
- };
-@@ -241,16 +232,18 @@ struct ath_buf {
- struct ath_atx_tid {
- struct list_head list;
- struct sk_buff_head buf_q;
-+ struct sk_buff_head retry_q;
- struct ath_node *an;
- struct ath_atx_ac *ac;
- unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)];
-- int bar_index;
- u16 seq_start;
- u16 seq_next;
- u16 baw_size;
-- int tidno;
-+ u8 tidno;
- int baw_head; /* first un-acked tx buffer */
- int baw_tail; /* next unused tx buffer slot */
-+
-+ s8 bar_index;
- bool sched;
- bool paused;
- bool active;
-@@ -262,12 +255,13 @@ struct ath_node {
- struct ieee80211_vif *vif; /* interface with which we're associated */
- struct ath_atx_tid tid[IEEE80211_NUM_TIDS];
- struct ath_atx_ac ac[IEEE80211_NUM_ACS];
-- int ps_key;
-
- u16 maxampdu;
- u8 mpdudensity;
-+ s8 ps_key;
-
- bool sleeping;
-+ bool no_ps_filter;
-
- #if defined(CPTCFG_MAC80211_DEBUGFS) && defined(CPTCFG_ATH9K_DEBUGFS)
- struct dentry *node_stat;
-@@ -317,6 +311,7 @@ struct ath_rx {
- struct ath_descdma rxdma;
- struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX];
-
-+ struct ath_buf *buf_hold;
- struct sk_buff *frag;
-
- u32 ampdu_ref;
-@@ -367,6 +362,7 @@ void ath9k_release_buffered_frames(struc
- /********/
-
- struct ath_vif {
-+ struct ath_node mcast_node;
- int av_bslot;
- bool primary_sta_vif;
- __le64 tsf_adjust; /* TSF adjustment for staggered beacons */
-@@ -585,19 +581,14 @@ static inline void ath_fill_led_pin(stru
- #define ATH_ANT_DIV_COMB_MAX_COUNT 100
- #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO 30
- #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2 20
-+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO_LOW_RSSI 50
-+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2_LOW_RSSI 50
-
- #define ATH_ANT_DIV_COMB_LNA1_LNA2_SWITCH_DELTA -1
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_HI -4
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_MID -2
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_LOW 2
-
--enum ath9k_ant_div_comb_lna_conf {
-- ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2,
-- ATH_ANT_DIV_COMB_LNA2,
-- ATH_ANT_DIV_COMB_LNA1,
-- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2,
--};
--
- struct ath_ant_comb {
- u16 count;
- u16 total_pkt_count;
-@@ -614,27 +605,36 @@ struct ath_ant_comb {
- int rssi_first;
- int rssi_second;
- int rssi_third;
-+ int ant_ratio;
-+ int ant_ratio2;
- bool alt_good;
- int quick_scan_cnt;
-- int main_conf;
-+ enum ath9k_ant_div_comb_lna_conf main_conf;
- enum ath9k_ant_div_comb_lna_conf first_quick_scan_conf;
- enum ath9k_ant_div_comb_lna_conf second_quick_scan_conf;
- bool first_ratio;
- bool second_ratio;
- unsigned long scan_start_time;
-+
-+ /*
-+ * Card-specific config values.
-+ */
-+ int low_rssi_thresh;
-+ int fast_div_bias;
- };
-
- void ath_ant_comb_scan(struct ath_softc *sc, struct ath_rx_status *rs);
--void ath_ant_comb_update(struct ath_softc *sc);
-
- /********************/
- /* Main driver core */
- /********************/
-
--#define ATH9K_PCI_CUS198 0x0001
--#define ATH9K_PCI_CUS230 0x0002
--#define ATH9K_PCI_CUS217 0x0004
--#define ATH9K_PCI_WOW 0x0008
-+#define ATH9K_PCI_CUS198 0x0001
-+#define ATH9K_PCI_CUS230 0x0002
-+#define ATH9K_PCI_CUS217 0x0004
-+#define ATH9K_PCI_WOW 0x0008
-+#define ATH9K_PCI_BT_ANT_DIV 0x0010
-+#define ATH9K_PCI_D3_L1_WAR 0x0020
-
- /*
- * Default cache line size, in bytes.
---- a/drivers/net/wireless/ath/ath9k/debug.c
-+++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -270,25 +270,29 @@ static const struct file_operations fops
- .llseek = default_llseek,
- };
-
--static ssize_t read_file_ant_diversity(struct file *file, char __user *user_buf,
-- size_t count, loff_t *ppos)
-+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+
-+static ssize_t read_file_bt_ant_diversity(struct file *file,
-+ char __user *user_buf,
-+ size_t count, loff_t *ppos)
- {
- struct ath_softc *sc = file->private_data;
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
- char buf[32];
- unsigned int len;
-
-- len = sprintf(buf, "%d\n", common->antenna_diversity);
-+ len = sprintf(buf, "%d\n", common->bt_ant_diversity);
- return simple_read_from_buffer(user_buf, count, ppos, buf, len);
- }
-
--static ssize_t write_file_ant_diversity(struct file *file,
-- const char __user *user_buf,
-- size_t count, loff_t *ppos)
-+static ssize_t write_file_bt_ant_diversity(struct file *file,
-+ const char __user *user_buf,
-+ size_t count, loff_t *ppos)
- {
- struct ath_softc *sc = file->private_data;
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-- unsigned long antenna_diversity;
-+ struct ath9k_hw_capabilities *pCap = &sc->sc_ah->caps;
-+ unsigned long bt_ant_diversity;
- char buf[32];
- ssize_t len;
-
-@@ -296,26 +300,147 @@ static ssize_t write_file_ant_diversity(
- if (copy_from_user(buf, user_buf, len))
- return -EFAULT;
-
-- if (!AR_SREV_9565(sc->sc_ah))
-+ if (!(pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV))
- goto exit;
-
- buf[len] = '\0';
-- if (strict_strtoul(buf, 0, &antenna_diversity))
-+ if (kstrtoul(buf, 0, &bt_ant_diversity))
- return -EINVAL;
-
-- common->antenna_diversity = !!antenna_diversity;
-+ common->bt_ant_diversity = !!bt_ant_diversity;
- ath9k_ps_wakeup(sc);
-- ath_ant_comb_update(sc);
-- ath_dbg(common, CONFIG, "Antenna diversity: %d\n",
-- common->antenna_diversity);
-+ ath9k_hw_set_bt_ant_diversity(sc->sc_ah, common->bt_ant_diversity);
-+ ath_dbg(common, CONFIG, "Enable WLAN/BT RX Antenna diversity: %d\n",
-+ common->bt_ant_diversity);
- ath9k_ps_restore(sc);
- exit:
- return count;
- }
-
--static const struct file_operations fops_ant_diversity = {
-- .read = read_file_ant_diversity,
-- .write = write_file_ant_diversity,
-+static const struct file_operations fops_bt_ant_diversity = {
-+ .read = read_file_bt_ant_diversity,
-+ .write = write_file_bt_ant_diversity,
-+ .open = simple_open,
-+ .owner = THIS_MODULE,
-+ .llseek = default_llseek,
-+};
-+
-+#endif
-+
-+void ath9k_debug_stat_ant(struct ath_softc *sc,
-+ struct ath_hw_antcomb_conf *div_ant_conf,
-+ int main_rssi_avg, int alt_rssi_avg)
-+{
-+ struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN];
-+ struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT];
-+
-+ as_main->lna_attempt_cnt[div_ant_conf->main_lna_conf]++;
-+ as_alt->lna_attempt_cnt[div_ant_conf->alt_lna_conf]++;
-+
-+ as_main->rssi_avg = main_rssi_avg;
-+ as_alt->rssi_avg = alt_rssi_avg;
-+}
-+
-+static ssize_t read_file_antenna_diversity(struct file *file,
-+ char __user *user_buf,
-+ size_t count, loff_t *ppos)
-+{
-+ struct ath_softc *sc = file->private_data;
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath9k_hw_capabilities *pCap = &ah->caps;
-+ struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN];
-+ struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT];
-+ struct ath_hw_antcomb_conf div_ant_conf;
-+ unsigned int len = 0, size = 1024;
-+ ssize_t retval = 0;
-+ char *buf;
-+ char *lna_conf_str[4] = {"LNA1_MINUS_LNA2",
-+ "LNA2",
-+ "LNA1",
-+ "LNA1_PLUS_LNA2"};
-+
-+ buf = kzalloc(size, GFP_KERNEL);
-+ if (buf == NULL)
-+ return -ENOMEM;
-+
-+ if (!(pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB)) {
-+ len += snprintf(buf + len, size - len, "%s\n",
-+ "Antenna Diversity Combining is disabled");
-+ goto exit;
-+ }
-+
-+ ath9k_ps_wakeup(sc);
-+ ath9k_hw_antdiv_comb_conf_get(ah, &div_ant_conf);
-+ len += snprintf(buf + len, size - len, "Current MAIN config : %s\n",
-+ lna_conf_str[div_ant_conf.main_lna_conf]);
-+ len += snprintf(buf + len, size - len, "Current ALT config : %s\n",
-+ lna_conf_str[div_ant_conf.alt_lna_conf]);
-+ len += snprintf(buf + len, size - len, "Average MAIN RSSI : %d\n",
-+ as_main->rssi_avg);
-+ len += snprintf(buf + len, size - len, "Average ALT RSSI : %d\n\n",
-+ as_alt->rssi_avg);
-+ ath9k_ps_restore(sc);
-+
-+ len += snprintf(buf + len, size - len, "Packet Receive Cnt:\n");
-+ len += snprintf(buf + len, size - len, "-------------------\n");
-+
-+ len += snprintf(buf + len, size - len, "%30s%15s\n",
-+ "MAIN", "ALT");
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "TOTAL COUNT",
-+ as_main->recv_cnt,
-+ as_alt->recv_cnt);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1",
-+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1],
-+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA2",
-+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2],
-+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1 + LNA2",
-+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2],
-+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1 - LNA2",
-+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2],
-+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]);
-+
-+ len += snprintf(buf + len, size - len, "\nLNA Config Attempts:\n");
-+ len += snprintf(buf + len, size - len, "--------------------\n");
-+
-+ len += snprintf(buf + len, size - len, "%30s%15s\n",
-+ "MAIN", "ALT");
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1",
-+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1],
-+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA2",
-+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2],
-+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1 + LNA2",
-+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2],
-+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]);
-+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+ "LNA1 - LNA2",
-+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2],
-+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]);
-+
-+exit:
-+ if (len > size)
-+ len = size;
-+
-+ retval = simple_read_from_buffer(user_buf, count, ppos, buf, len);
-+ kfree(buf);
-+
-+ return retval;
-+}
-+
-+static const struct file_operations fops_antenna_diversity = {
-+ .read = read_file_antenna_diversity,
- .open = simple_open,
- .owner = THIS_MODULE,
- .llseek = default_llseek,
-@@ -607,6 +732,28 @@ static ssize_t read_file_xmit(struct fil
- return retval;
- }
-
-+static ssize_t print_queue(struct ath_softc *sc, struct ath_txq *txq,
-+ char *buf, ssize_t size)
-+{
-+ ssize_t len = 0;
-+
-+ ath_txq_lock(sc, txq);
-+
-+ len += snprintf(buf + len, size - len, "%s: %d ",
-+ "qnum", txq->axq_qnum);
-+ len += snprintf(buf + len, size - len, "%s: %2d ",
-+ "qdepth", txq->axq_depth);
-+ len += snprintf(buf + len, size - len, "%s: %2d ",
-+ "ampdu-depth", txq->axq_ampdu_depth);
-+ len += snprintf(buf + len, size - len, "%s: %3d ",
-+ "pending", txq->pending_frames);
-+ len += snprintf(buf + len, size - len, "%s: %d\n",
-+ "stopped", txq->stopped);
-+
-+ ath_txq_unlock(sc, txq);
-+ return len;
-+}
-+
- static ssize_t read_file_queues(struct file *file, char __user *user_buf,
- size_t count, loff_t *ppos)
- {
-@@ -624,24 +771,13 @@ static ssize_t read_file_queues(struct f
-
- for (i = 0; i < IEEE80211_NUM_ACS; i++) {
- txq = sc->tx.txq_map[i];
-- len += snprintf(buf + len, size - len, "(%s): ", qname[i]);
--
-- ath_txq_lock(sc, txq);
--
-- len += snprintf(buf + len, size - len, "%s: %d ",
-- "qnum", txq->axq_qnum);
-- len += snprintf(buf + len, size - len, "%s: %2d ",
-- "qdepth", txq->axq_depth);
-- len += snprintf(buf + len, size - len, "%s: %2d ",
-- "ampdu-depth", txq->axq_ampdu_depth);
-- len += snprintf(buf + len, size - len, "%s: %3d ",
-- "pending", txq->pending_frames);
-- len += snprintf(buf + len, size - len, "%s: %d\n",
-- "stopped", txq->stopped);
--
-- ath_txq_unlock(sc, txq);
-+ len += snprintf(buf + len, size - len, "(%s): ", qname[i]);
-+ len += print_queue(sc, txq, buf + len, size - len);
- }
-
-+ len += snprintf(buf + len, size - len, "(CAB): ");
-+ len += print_queue(sc, sc->beacon.cabq, buf + len, size - len);
-+
- if (len > size)
- len = size;
-
-@@ -1818,9 +1954,11 @@ int ath9k_init_debug(struct ath_hw *ah)
- sc->debug.debugfs_phy, &sc->sc_ah->gpio_mask);
- debugfs_create_u32("gpio_val", S_IRUSR | S_IWUSR,
- sc->debug.debugfs_phy, &sc->sc_ah->gpio_val);
-- debugfs_create_file("diversity", S_IRUSR | S_IWUSR,
-- sc->debug.debugfs_phy, sc, &fops_ant_diversity);
-+ debugfs_create_file("antenna_diversity", S_IRUSR,
-+ sc->debug.debugfs_phy, sc, &fops_antenna_diversity);
- #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+ debugfs_create_file("bt_ant_diversity", S_IRUSR | S_IWUSR,
-+ sc->debug.debugfs_phy, sc, &fops_bt_ant_diversity);
- debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc,
- &fops_btcoex);
- #endif
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -30,13 +30,14 @@
-
- #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
- #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
-+#define IEEE80211_IBSS_RSN_INACTIVITY_LIMIT (10 * HZ)
-
- #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
-
-
- static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
- const u8 *bssid, const int beacon_int,
-- struct ieee80211_channel *chan,
-+ struct cfg80211_chan_def *req_chandef,
- const u32 basic_rates,
- const u16 capability, u64 tsf,
- bool creator)
-@@ -51,6 +52,7 @@ static void __ieee80211_sta_join_ibss(st
- u32 bss_change;
- u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
- struct cfg80211_chan_def chandef;
-+ struct ieee80211_channel *chan;
- struct beacon_data *presp;
- int frame_len;
-
-@@ -81,7 +83,9 @@ static void __ieee80211_sta_join_ibss(st
-
- sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0;
-
-- chandef = ifibss->chandef;
-+ /* make a copy of the chandef, it could be modified below. */
-+ chandef = *req_chandef;
-+ chan = chandef.chan;
- if (!cfg80211_reg_can_beacon(local->hw.wiphy, &chandef)) {
- chandef.width = NL80211_CHAN_WIDTH_20;
- chandef.center_freq1 = chan->center_freq;
-@@ -259,10 +263,12 @@ static void ieee80211_sta_join_ibss(stru
- struct cfg80211_bss *cbss =
- container_of((void *)bss, struct cfg80211_bss, priv);
- struct ieee80211_supported_band *sband;
-+ struct cfg80211_chan_def chandef;
- u32 basic_rates;
- int i, j;
- u16 beacon_int = cbss->beacon_interval;
- const struct cfg80211_bss_ies *ies;
-+ enum nl80211_channel_type chan_type;
- u64 tsf;
-
- sdata_assert_lock(sdata);
-@@ -270,6 +276,26 @@ static void ieee80211_sta_join_ibss(stru
- if (beacon_int < 10)
- beacon_int = 10;
-
-+ switch (sdata->u.ibss.chandef.width) {
-+ case NL80211_CHAN_WIDTH_20_NOHT:
-+ case NL80211_CHAN_WIDTH_20:
-+ case NL80211_CHAN_WIDTH_40:
-+ chan_type = cfg80211_get_chandef_type(&sdata->u.ibss.chandef);
-+ cfg80211_chandef_create(&chandef, cbss->channel, chan_type);
-+ break;
-+ case NL80211_CHAN_WIDTH_5:
-+ case NL80211_CHAN_WIDTH_10:
-+ cfg80211_chandef_create(&chandef, cbss->channel,
-+ NL80211_CHAN_WIDTH_20_NOHT);
-+ chandef.width = sdata->u.ibss.chandef.width;
-+ break;
-+ default:
-+ /* fall back to 20 MHz for unsupported modes */
-+ cfg80211_chandef_create(&chandef, cbss->channel,
-+ NL80211_CHAN_WIDTH_20_NOHT);
-+ break;
-+ }
-+
- sband = sdata->local->hw.wiphy->bands[cbss->channel->band];
-
- basic_rates = 0;
-@@ -294,7 +320,7 @@ static void ieee80211_sta_join_ibss(stru
-
- __ieee80211_sta_join_ibss(sdata, cbss->bssid,
- beacon_int,
-- cbss->channel,
-+ &chandef,
- basic_rates,
- cbss->capability,
- tsf, false);
-@@ -672,6 +698,33 @@ static int ieee80211_sta_active_ibss(str
- return active;
- }
-
-+static void ieee80211_ibss_sta_expire(struct ieee80211_sub_if_data *sdata)
-+{
-+ struct ieee80211_local *local = sdata->local;
-+ struct sta_info *sta, *tmp;
-+ unsigned long exp_time = IEEE80211_IBSS_INACTIVITY_LIMIT;
-+ unsigned long exp_rsn_time = IEEE80211_IBSS_RSN_INACTIVITY_LIMIT;
-+
-+ mutex_lock(&local->sta_mtx);
-+
-+ list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
-+ if (sdata != sta->sdata)
-+ continue;
-+
-+ if (time_after(jiffies, sta->last_rx + exp_time) ||
-+ (time_after(jiffies, sta->last_rx + exp_rsn_time) &&
-+ sta->sta_state != IEEE80211_STA_AUTHORIZED)) {
-+ sta_dbg(sta->sdata, "expiring inactive %sSTA %pM\n",
-+ sta->sta_state != IEEE80211_STA_AUTHORIZED ?
-+ "not authorized " : "", sta->sta.addr);
-+
-+ WARN_ON(__sta_info_destroy(sta));
-+ }
-+ }
-+
-+ mutex_unlock(&local->sta_mtx);
-+}
-+
- /*
- * This function is called with state == IEEE80211_IBSS_MLME_JOINED
- */
-@@ -685,7 +738,7 @@ static void ieee80211_sta_merge_ibss(str
- mod_timer(&ifibss->timer,
- round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
-
-- ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT);
-+ ieee80211_ibss_sta_expire(sdata);
-
- if (time_before(jiffies, ifibss->last_scan_completed +
- IEEE80211_IBSS_MERGE_INTERVAL))
-@@ -736,7 +789,7 @@ static void ieee80211_sta_create_ibss(st
- sdata->drop_unencrypted = 0;
-
- __ieee80211_sta_join_ibss(sdata, bssid, sdata->vif.bss_conf.beacon_int,
-- ifibss->chandef.chan, ifibss->basic_rates,
-+ &ifibss->chandef, ifibss->basic_rates,
- capability, 0, true);
- }
-
-@@ -792,6 +845,17 @@ static void ieee80211_sta_find_ibss(stru
- return;
- }
-
-+ /* if a fixed bssid and a fixed freq have been provided create the IBSS
-+ * directly and do not waste time scanning
-+ */
-+ if (ifibss->fixed_bssid && ifibss->fixed_channel) {
-+ sdata_info(sdata, "Created IBSS using preconfigured BSSID %pM\n",
-+ bssid);
-+ ieee80211_sta_create_ibss(sdata);
-+ return;
-+ }
-+
-+
- ibss_dbg(sdata, "sta_find_ibss: did not try to join ibss\n");
-
- /* Selected IBSS not found in current scan results - try to scan */
-@@ -1138,6 +1202,7 @@ int ieee80211_ibss_leave(struct ieee8021
- clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
- ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
- BSS_CHANGED_IBSS);
-+ ieee80211_vif_release_channel(sdata);
- synchronize_rcu();
- kfree(presp);
-
---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-@@ -632,6 +632,22 @@ static void ar9003_hw_override_ini(struc
-
- REG_SET_BIT(ah, AR_PHY_CCK_DETECT,
- AR_PHY_CCK_DETECT_BB_ENABLE_ANT_FAST_DIV);
-+
-+ if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) {
-+ REG_WRITE(ah, AR_GLB_SWREG_DISCONT_MODE,
-+ AR_GLB_SWREG_DISCONT_EN_BT_WLAN);
-+
-+ if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0,
-+ AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL))
-+ ah->enabled_cals |= TX_IQ_CAL;
-+ else
-+ ah->enabled_cals &= ~TX_IQ_CAL;
-+
-+ if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE)
-+ ah->enabled_cals |= TX_CL_CAL;
-+ else
-+ ah->enabled_cals &= ~TX_CL_CAL;
-+ }
- }
-
- static void ar9003_hw_prog_ini(struct ath_hw *ah,
-@@ -814,29 +830,12 @@ static int ar9003_hw_process_ini(struct
- if (chan->channel == 2484)
- ar9003_hw_prog_ini(ah, &ah->iniCckfirJapan2484, 1);
-
-- if (AR_SREV_9462(ah) || AR_SREV_9565(ah))
-- REG_WRITE(ah, AR_GLB_SWREG_DISCONT_MODE,
-- AR_GLB_SWREG_DISCONT_EN_BT_WLAN);
--
- ah->modes_index = modesIndex;
- ar9003_hw_override_ini(ah);
- ar9003_hw_set_channel_regs(ah, chan);
- ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask);
- ath9k_hw_apply_txpower(ah, chan, false);
-
-- if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) {
-- if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0,
-- AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL))
-- ah->enabled_cals |= TX_IQ_CAL;
-- else
-- ah->enabled_cals &= ~TX_IQ_CAL;
--
-- if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE)
-- ah->enabled_cals |= TX_CL_CAL;
-- else
-- ah->enabled_cals &= ~TX_CL_CAL;
-- }
--
- return 0;
- }
-
-@@ -1173,6 +1172,10 @@ skip_ws_det:
- * is_on == 0 means MRC CCK is OFF (more noise imm)
- */
- bool is_on = param ? 1 : 0;
-+
-+ if (ah->caps.rx_chainmask == 1)
-+ break;
-+
- REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
- AR_PHY_MRC_CCK_ENABLE, is_on);
- REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
-@@ -1413,65 +1416,111 @@ static void ar9003_hw_antdiv_comb_conf_s
- REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval);
- }
-
--static void ar9003_hw_antctrl_shared_chain_lnadiv(struct ath_hw *ah,
-- bool enable)
-+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+
-+static void ar9003_hw_set_bt_ant_diversity(struct ath_hw *ah, bool enable)
- {
-+ struct ath9k_hw_capabilities *pCap = &ah->caps;
- u8 ant_div_ctl1;
- u32 regval;
-
-- if (!AR_SREV_9565(ah))
-+ if (!AR_SREV_9485(ah) && !AR_SREV_9565(ah))
- return;
-
-- ah->shared_chain_lnadiv = enable;
-+ if (AR_SREV_9485(ah)) {
-+ regval = ar9003_hw_ant_ctrl_common_2_get(ah,
-+ IS_CHAN_2GHZ(ah->curchan));
-+ if (enable) {
-+ regval &= ~AR_SWITCH_TABLE_COM2_ALL;
-+ regval |= ah->config.ant_ctrl_comm2g_switch_enable;
-+ }
-+ REG_RMW_FIELD(ah, AR_PHY_SWITCH_COM_2,
-+ AR_SWITCH_TABLE_COM2_ALL, regval);
-+ }
-+
- ant_div_ctl1 = ah->eep_ops->get_eeprom(ah, EEP_ANT_DIV_CTL1);
-
-+ /*
-+ * Set MAIN/ALT LNA conf.
-+ * Set MAIN/ALT gain_tb.
-+ */
- regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL);
- regval &= (~AR_ANT_DIV_CTRL_ALL);
- regval |= (ant_div_ctl1 & 0x3f) << AR_ANT_DIV_CTRL_ALL_S;
-- regval &= ~AR_PHY_ANT_DIV_LNADIV;
-- regval |= ((ant_div_ctl1 >> 6) & 0x1) << AR_PHY_ANT_DIV_LNADIV_S;
--
-- if (enable)
-- regval |= AR_ANT_DIV_ENABLE;
--
- REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval);
-
-- regval = REG_READ(ah, AR_PHY_CCK_DETECT);
-- regval &= ~AR_FAST_DIV_ENABLE;
-- regval |= ((ant_div_ctl1 >> 7) & 0x1) << AR_FAST_DIV_ENABLE_S;
--
-- if (enable)
-- regval |= AR_FAST_DIV_ENABLE;
--
-- REG_WRITE(ah, AR_PHY_CCK_DETECT, regval);
--
-- if (enable) {
-- REG_SET_BIT(ah, AR_PHY_MC_GAIN_CTRL,
-- (1 << AR_PHY_ANT_SW_RX_PROT_S));
-- if (ah->curchan && IS_CHAN_2GHZ(ah->curchan))
-- REG_SET_BIT(ah, AR_PHY_RESTART,
-- AR_PHY_RESTART_ENABLE_DIV_M2FLAG);
-- REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV,
-- AR_BTCOEX_WL_LNADIV_FORCE_ON);
-- } else {
-- REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, AR_ANT_DIV_ENABLE);
-- REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL,
-- (1 << AR_PHY_ANT_SW_RX_PROT_S));
-- REG_CLR_BIT(ah, AR_PHY_CCK_DETECT, AR_FAST_DIV_ENABLE);
-- REG_CLR_BIT(ah, AR_BTCOEX_WL_LNADIV,
-- AR_BTCOEX_WL_LNADIV_FORCE_ON);
--
-+ if (AR_SREV_9485_11_OR_LATER(ah)) {
-+ /*
-+ * Enable LNA diversity.
-+ */
- regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL);
-- regval &= ~(AR_PHY_ANT_DIV_MAIN_LNACONF |
-- AR_PHY_ANT_DIV_ALT_LNACONF |
-- AR_PHY_ANT_DIV_MAIN_GAINTB |
-- AR_PHY_ANT_DIV_ALT_GAINTB);
-- regval |= (AR_PHY_ANT_DIV_LNA1 << AR_PHY_ANT_DIV_MAIN_LNACONF_S);
-- regval |= (AR_PHY_ANT_DIV_LNA2 << AR_PHY_ANT_DIV_ALT_LNACONF_S);
-+ regval &= ~AR_PHY_ANT_DIV_LNADIV;
-+ regval |= ((ant_div_ctl1 >> 6) & 0x1) << AR_PHY_ANT_DIV_LNADIV_S;
-+ if (enable)
-+ regval |= AR_ANT_DIV_ENABLE;
-+
- REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval);
-+
-+ /*
-+ * Enable fast antenna diversity.
-+ */
-+ regval = REG_READ(ah, AR_PHY_CCK_DETECT);
-+ regval &= ~AR_FAST_DIV_ENABLE;
-+ regval |= ((ant_div_ctl1 >> 7) & 0x1) << AR_FAST_DIV_ENABLE_S;
-+ if (enable)
-+ regval |= AR_FAST_DIV_ENABLE;
-+
-+ REG_WRITE(ah, AR_PHY_CCK_DETECT, regval);
-+
-+ if (pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) {
-+ regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL);
-+ regval &= (~(AR_PHY_ANT_DIV_MAIN_LNACONF |
-+ AR_PHY_ANT_DIV_ALT_LNACONF |
-+ AR_PHY_ANT_DIV_ALT_GAINTB |
-+ AR_PHY_ANT_DIV_MAIN_GAINTB));
-+ /*
-+ * Set MAIN to LNA1 and ALT to LNA2 at the
-+ * beginning.
-+ */
-+ regval |= (ATH_ANT_DIV_COMB_LNA1 <<
-+ AR_PHY_ANT_DIV_MAIN_LNACONF_S);
-+ regval |= (ATH_ANT_DIV_COMB_LNA2 <<
-+ AR_PHY_ANT_DIV_ALT_LNACONF_S);
-+ REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval);
-+ }
-+ } else if (AR_SREV_9565(ah)) {
-+ if (enable) {
-+ REG_SET_BIT(ah, AR_PHY_MC_GAIN_CTRL,
-+ (1 << AR_PHY_ANT_SW_RX_PROT_S));
-+ if (ah->curchan && IS_CHAN_2GHZ(ah->curchan))
-+ REG_SET_BIT(ah, AR_PHY_RESTART,
-+ AR_PHY_RESTART_ENABLE_DIV_M2FLAG);
-+ REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV,
-+ AR_BTCOEX_WL_LNADIV_FORCE_ON);
-+ } else {
-+ REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, AR_ANT_DIV_ENABLE);
-+ REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL,
-+ (1 << AR_PHY_ANT_SW_RX_PROT_S));
-+ REG_CLR_BIT(ah, AR_PHY_CCK_DETECT, AR_FAST_DIV_ENABLE);
-+ REG_CLR_BIT(ah, AR_BTCOEX_WL_LNADIV,
-+ AR_BTCOEX_WL_LNADIV_FORCE_ON);
-+
-+ regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL);
-+ regval &= ~(AR_PHY_ANT_DIV_MAIN_LNACONF |
-+ AR_PHY_ANT_DIV_ALT_LNACONF |
-+ AR_PHY_ANT_DIV_MAIN_GAINTB |
-+ AR_PHY_ANT_DIV_ALT_GAINTB);
-+ regval |= (ATH_ANT_DIV_COMB_LNA1 <<
-+ AR_PHY_ANT_DIV_MAIN_LNACONF_S);
-+ regval |= (ATH_ANT_DIV_COMB_LNA2 <<
-+ AR_PHY_ANT_DIV_ALT_LNACONF_S);
-+ REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval);
-+ }
- }
- }
-
-+#endif
-+
- static int ar9003_hw_fast_chan_change(struct ath_hw *ah,
- struct ath9k_channel *chan,
- u8 *ini_reloaded)
-@@ -1518,6 +1567,18 @@ static int ar9003_hw_fast_chan_change(st
-
- REG_WRITE_ARRAY(&ah->iniModesTxGain, modesIndex, regWrites);
-
-+ if (AR_SREV_9462_20_OR_LATER(ah)) {
-+ /*
-+ * CUS217 mix LNA mode.
-+ */
-+ if (ar9003_hw_get_rx_gain_idx(ah) == 2) {
-+ REG_WRITE_ARRAY(&ah->ini_modes_rxgain_bb_core,
-+ 1, regWrites);
-+ REG_WRITE_ARRAY(&ah->ini_modes_rxgain_bb_postamble,
-+ modesIndex, regWrites);
-+ }
-+ }
-+
- /*
- * For 5GHz channels requiring Fast Clock, apply
- * different modal values.
-@@ -1528,7 +1589,11 @@ static int ar9003_hw_fast_chan_change(st
- if (AR_SREV_9565(ah))
- REG_WRITE_ARRAY(&ah->iniModesFastClock, 1, regWrites);
-
-- REG_WRITE_ARRAY(&ah->iniAdditional, 1, regWrites);
-+ /*
-+ * JAPAN regulatory.
-+ */
-+ if (chan->channel == 2484)
-+ ar9003_hw_prog_ini(ah, &ah->iniCckfirJapan2484, 1);
-
- ah->modes_index = modesIndex;
- *ini_reloaded = true;
-@@ -1631,11 +1696,14 @@ void ar9003_hw_attach_phy_ops(struct ath
-
- ops->antdiv_comb_conf_get = ar9003_hw_antdiv_comb_conf_get;
- ops->antdiv_comb_conf_set = ar9003_hw_antdiv_comb_conf_set;
-- ops->antctrl_shared_chain_lnadiv = ar9003_hw_antctrl_shared_chain_lnadiv;
- ops->spectral_scan_config = ar9003_hw_spectral_scan_config;
- ops->spectral_scan_trigger = ar9003_hw_spectral_scan_trigger;
- ops->spectral_scan_wait = ar9003_hw_spectral_scan_wait;
-
-+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+ ops->set_bt_ant_diversity = ar9003_hw_set_bt_ant_diversity;
-+#endif
-+
- ar9003_hw_set_nf_limits(ah);
- ar9003_hw_set_radar_conf(ah);
- memcpy(ah->nf_regs, ar9300_cca_regs, sizeof(ah->nf_regs));
---- a/drivers/net/wireless/ath/ath9k/recv.c
-+++ b/drivers/net/wireless/ath/ath9k/recv.c
-@@ -42,8 +42,6 @@ static void ath_rx_buf_link(struct ath_s
- struct ath_desc *ds;
- struct sk_buff *skb;
-
-- ATH_RXBUF_RESET(bf);
--
- ds = bf->bf_desc;
- ds->ds_link = 0; /* link to null */
- ds->ds_data = bf->bf_buf_addr;
-@@ -70,6 +68,14 @@ static void ath_rx_buf_link(struct ath_s
- sc->rx.rxlink = &ds->ds_link;
- }
-
-+static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf)
-+{
-+ if (sc->rx.buf_hold)
-+ ath_rx_buf_link(sc, sc->rx.buf_hold);
-+
-+ sc->rx.buf_hold = bf;
-+}
-+
- static void ath_setdefantenna(struct ath_softc *sc, u32 antenna)
- {
- /* XXX block beacon interrupts */
-@@ -117,7 +123,6 @@ static bool ath_rx_edma_buf_link(struct
-
- skb = bf->bf_mpdu;
-
-- ATH_RXBUF_RESET(bf);
- memset(skb->data, 0, ah->caps.rx_status_len);
- dma_sync_single_for_device(sc->dev, bf->bf_buf_addr,
- ah->caps.rx_status_len, DMA_TO_DEVICE);
-@@ -185,7 +190,7 @@ static void ath_rx_edma_cleanup(struct a
-
- static void ath_rx_edma_init_queue(struct ath_rx_edma *rx_edma, int size)
- {
-- skb_queue_head_init(&rx_edma->rx_fifo);
-+ __skb_queue_head_init(&rx_edma->rx_fifo);
- rx_edma->rx_fifo_hwsize = size;
- }
-
-@@ -432,6 +437,7 @@ int ath_startrecv(struct ath_softc *sc)
- if (list_empty(&sc->rx.rxbuf))
- goto start_recv;
-
-+ sc->rx.buf_hold = NULL;
- sc->rx.rxlink = NULL;
- list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) {
- ath_rx_buf_link(sc, bf);
-@@ -677,6 +683,9 @@ static struct ath_buf *ath_get_next_rx_b
- }
-
- bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list);
-+ if (bf == sc->rx.buf_hold)
-+ return NULL;
-+
- ds = bf->bf_desc;
-
- /*
-@@ -755,7 +764,6 @@ static bool ath9k_rx_accept(struct ath_c
- bool is_mc, is_valid_tkip, strip_mic, mic_error;
- struct ath_hw *ah = common->ah;
- __le16 fc;
-- u8 rx_status_len = ah->caps.rx_status_len;
-
- fc = hdr->frame_control;
-
-@@ -777,25 +785,6 @@ static bool ath9k_rx_accept(struct ath_c
- !test_bit(rx_stats->rs_keyix, common->ccmp_keymap))
- rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS;
-
-- if (!rx_stats->rs_datalen) {
-- RX_STAT_INC(rx_len_err);
-- return false;
-- }
--
-- /*
-- * rs_status follows rs_datalen so if rs_datalen is too large
-- * we can take a hint that hardware corrupted it, so ignore
-- * those frames.
-- */
-- if (rx_stats->rs_datalen > (common->rx_bufsize - rx_status_len)) {
-- RX_STAT_INC(rx_len_err);
-- return false;
-- }
--
-- /* Only use error bits from the last fragment */
-- if (rx_stats->rs_more)
-- return true;
--
- mic_error = is_valid_tkip && !ieee80211_is_ctl(fc) &&
- !ieee80211_has_morefrags(fc) &&
- !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) &&
-@@ -814,8 +803,6 @@ static bool ath9k_rx_accept(struct ath_c
- rxs->flag |= RX_FLAG_FAILED_FCS_CRC;
- mic_error = false;
- }
-- if (rx_stats->rs_status & ATH9K_RXERR_PHY)
-- return false;
-
- if ((rx_stats->rs_status & ATH9K_RXERR_DECRYPT) ||
- (!is_mc && (rx_stats->rs_status & ATH9K_RXERR_KEYMISS))) {
-@@ -898,129 +885,65 @@ static int ath9k_process_rate(struct ath
-
- static void ath9k_process_rssi(struct ath_common *common,
- struct ieee80211_hw *hw,
-- struct ieee80211_hdr *hdr,
-- struct ath_rx_status *rx_stats)
-+ struct ath_rx_status *rx_stats,
-+ struct ieee80211_rx_status *rxs)
- {
- struct ath_softc *sc = hw->priv;
- struct ath_hw *ah = common->ah;
- int last_rssi;
- int rssi = rx_stats->rs_rssi;
-
-- if (!rx_stats->is_mybeacon ||
-- ((ah->opmode != NL80211_IFTYPE_STATION) &&
-- (ah->opmode != NL80211_IFTYPE_ADHOC)))
-+ /*
-+ * RSSI is not available for subframes in an A-MPDU.
-+ */
-+ if (rx_stats->rs_moreaggr) {
-+ rxs->flag |= RX_FLAG_NO_SIGNAL_VAL;
- return;
--
-- if (rx_stats->rs_rssi != ATH9K_RSSI_BAD && !rx_stats->rs_moreaggr)
-- ATH_RSSI_LPF(sc->last_rssi, rx_stats->rs_rssi);
--
-- last_rssi = sc->last_rssi;
-- if (likely(last_rssi != ATH_RSSI_DUMMY_MARKER))
-- rssi = ATH_EP_RND(last_rssi, ATH_RSSI_EP_MULTIPLIER);
-- if (rssi < 0)
-- rssi = 0;
--
-- /* Update Beacon RSSI, this is used by ANI. */
-- ah->stats.avgbrssi = rssi;
--}
--
--/*
-- * For Decrypt or Demic errors, we only mark packet status here and always push
-- * up the frame up to let mac80211 handle the actual error case, be it no
-- * decryption key or real decryption error. This let us keep statistics there.
-- */
--static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
-- struct ieee80211_hdr *hdr,
-- struct ath_rx_status *rx_stats,
-- struct ieee80211_rx_status *rx_status,
-- bool *decrypt_error)
--{
-- struct ieee80211_hw *hw = sc->hw;
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
-- bool discard_current = sc->rx.discard_next;
--
-- sc->rx.discard_next = rx_stats->rs_more;
-- if (discard_current)
-- return -EINVAL;
-+ }
-
- /*
-- * everything but the rate is checked here, the rate check is done
-- * separately to avoid doing two lookups for a rate for each frame.
-+ * Check if the RSSI for the last subframe in an A-MPDU
-+ * or an unaggregated frame is valid.
- */
-- if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error))
-- return -EINVAL;
--
-- /* Only use status info from the last fragment */
-- if (rx_stats->rs_more)
-- return 0;
-+ if (rx_stats->rs_rssi == ATH9K_RSSI_BAD) {
-+ rxs->flag |= RX_FLAG_NO_SIGNAL_VAL;
-+ return;
-+ }
-
-- if (ath9k_process_rate(common, hw, rx_stats, rx_status))
-- return -EINVAL;
-+ /*
-+ * Update Beacon RSSI, this is used by ANI.
-+ */
-+ if (rx_stats->is_mybeacon &&
-+ ((ah->opmode == NL80211_IFTYPE_STATION) ||
-+ (ah->opmode == NL80211_IFTYPE_ADHOC))) {
-+ ATH_RSSI_LPF(sc->last_rssi, rx_stats->rs_rssi);
-+ last_rssi = sc->last_rssi;
-
-- ath9k_process_rssi(common, hw, hdr, rx_stats);
-+ if (likely(last_rssi != ATH_RSSI_DUMMY_MARKER))
-+ rssi = ATH_EP_RND(last_rssi, ATH_RSSI_EP_MULTIPLIER);
-+ if (rssi < 0)
-+ rssi = 0;
-
-- rx_status->band = hw->conf.chandef.chan->band;
-- rx_status->freq = hw->conf.chandef.chan->center_freq;
-- rx_status->signal = ah->noise + rx_stats->rs_rssi;
-- rx_status->antenna = rx_stats->rs_antenna;
-- rx_status->flag |= RX_FLAG_MACTIME_END;
-- if (rx_stats->rs_moreaggr)
-- rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;
-+ ah->stats.avgbrssi = rssi;
-+ }
-
-- sc->rx.discard_next = false;
-- return 0;
-+ rxs->signal = ah->noise + rx_stats->rs_rssi;
- }
-
--static void ath9k_rx_skb_postprocess(struct ath_common *common,
-- struct sk_buff *skb,
-- struct ath_rx_status *rx_stats,
-- struct ieee80211_rx_status *rxs,
-- bool decrypt_error)
-+static void ath9k_process_tsf(struct ath_rx_status *rs,
-+ struct ieee80211_rx_status *rxs,
-+ u64 tsf)
- {
-- struct ath_hw *ah = common->ah;
-- struct ieee80211_hdr *hdr;
-- int hdrlen, padpos, padsize;
-- u8 keyix;
-- __le16 fc;
-+ u32 tsf_lower = tsf & 0xffffffff;
-
-- /* see if any padding is done by the hw and remove it */
-- hdr = (struct ieee80211_hdr *) skb->data;
-- hdrlen = ieee80211_get_hdrlen_from_skb(skb);
-- fc = hdr->frame_control;
-- padpos = ieee80211_hdrlen(fc);
-+ rxs->mactime = (tsf & ~0xffffffffULL) | rs->rs_tstamp;
-+ if (rs->rs_tstamp > tsf_lower &&
-+ unlikely(rs->rs_tstamp - tsf_lower > 0x10000000))
-+ rxs->mactime -= 0x100000000ULL;
-
-- /* The MAC header is padded to have 32-bit boundary if the
-- * packet payload is non-zero. The general calculation for
-- * padsize would take into account odd header lengths:
-- * padsize = (4 - padpos % 4) % 4; However, since only
-- * even-length headers are used, padding can only be 0 or 2
-- * bytes and we can optimize this a bit. In addition, we must
-- * not try to remove padding from short control frames that do
-- * not have payload. */
-- padsize = padpos & 3;
-- if (padsize && skb->len>=padpos+padsize+FCS_LEN) {
-- memmove(skb->data + padsize, skb->data, padpos);
-- skb_pull(skb, padsize);
-- }
--
-- keyix = rx_stats->rs_keyix;
--
-- if (!(keyix == ATH9K_RXKEYIX_INVALID) && !decrypt_error &&
-- ieee80211_has_protected(fc)) {
-- rxs->flag |= RX_FLAG_DECRYPTED;
-- } else if (ieee80211_has_protected(fc)
-- && !decrypt_error && skb->len >= hdrlen + 4) {
-- keyix = skb->data[hdrlen + 3] >> 6;
--
-- if (test_bit(keyix, common->keymap))
-- rxs->flag |= RX_FLAG_DECRYPTED;
-- }
-- if (ah->sw_mgmt_crypto &&
-- (rxs->flag & RX_FLAG_DECRYPTED) &&
-- ieee80211_is_mgmt(fc))
-- /* Use software decrypt for management frames. */
-- rxs->flag &= ~RX_FLAG_DECRYPTED;
-+ if (rs->rs_tstamp < tsf_lower &&
-+ unlikely(tsf_lower - rs->rs_tstamp > 0x10000000))
-+ rxs->mactime += 0x100000000ULL;
- }
-
- #ifdef CPTCFG_ATH9K_DEBUGFS
-@@ -1133,6 +1056,234 @@ static int ath_process_fft(struct ath_so
- #endif
- }
-
-+static bool ath9k_is_mybeacon(struct ath_softc *sc, struct ieee80211_hdr *hdr)
-+{
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+
-+ if (ieee80211_is_beacon(hdr->frame_control)) {
-+ RX_STAT_INC(rx_beacons);
-+ if (!is_zero_ether_addr(common->curbssid) &&
-+ ether_addr_equal(hdr->addr3, common->curbssid))
-+ return true;
-+ }
-+
-+ return false;
-+}
-+
-+/*
-+ * For Decrypt or Demic errors, we only mark packet status here and always push
-+ * up the frame up to let mac80211 handle the actual error case, be it no
-+ * decryption key or real decryption error. This let us keep statistics there.
-+ */
-+static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
-+ struct sk_buff *skb,
-+ struct ath_rx_status *rx_stats,
-+ struct ieee80211_rx_status *rx_status,
-+ bool *decrypt_error, u64 tsf)
-+{
-+ struct ieee80211_hw *hw = sc->hw;
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+ struct ieee80211_hdr *hdr;
-+ bool discard_current = sc->rx.discard_next;
-+ int ret = 0;
-+
-+ /*
-+ * Discard corrupt descriptors which are marked in
-+ * ath_get_next_rx_buf().
-+ */
-+ sc->rx.discard_next = rx_stats->rs_more;
-+ if (discard_current)
-+ return -EINVAL;
-+
-+ /*
-+ * Discard zero-length packets.
-+ */
-+ if (!rx_stats->rs_datalen) {
-+ RX_STAT_INC(rx_len_err);
-+ return -EINVAL;
-+ }
-+
-+ /*
-+ * rs_status follows rs_datalen so if rs_datalen is too large
-+ * we can take a hint that hardware corrupted it, so ignore
-+ * those frames.
-+ */
-+ if (rx_stats->rs_datalen > (common->rx_bufsize - ah->caps.rx_status_len)) {
-+ RX_STAT_INC(rx_len_err);
-+ return -EINVAL;
-+ }
-+
-+ /* Only use status info from the last fragment */
-+ if (rx_stats->rs_more)
-+ return 0;
-+
-+ /*
-+ * Return immediately if the RX descriptor has been marked
-+ * as corrupt based on the various error bits.
-+ *
-+ * This is different from the other corrupt descriptor
-+ * condition handled above.
-+ */
-+ if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) {
-+ ret = -EINVAL;
-+ goto exit;
-+ }
-+
-+ hdr = (struct ieee80211_hdr *) (skb->data + ah->caps.rx_status_len);
-+
-+ ath9k_process_tsf(rx_stats, rx_status, tsf);
-+ ath_debug_stat_rx(sc, rx_stats);
-+
-+ /*
-+ * Process PHY errors and return so that the packet
-+ * can be dropped.
-+ */
-+ if (rx_stats->rs_status & ATH9K_RXERR_PHY) {
-+ ath9k_dfs_process_phyerr(sc, hdr, rx_stats, rx_status->mactime);
-+ if (ath_process_fft(sc, hdr, rx_stats, rx_status->mactime))
-+ RX_STAT_INC(rx_spectral);
-+
-+ ret = -EINVAL;
-+ goto exit;
-+ }
-+
-+ /*
-+ * everything but the rate is checked here, the rate check is done
-+ * separately to avoid doing two lookups for a rate for each frame.
-+ */
-+ if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) {
-+ ret = -EINVAL;
-+ goto exit;
-+ }
-+
-+ rx_stats->is_mybeacon = ath9k_is_mybeacon(sc, hdr);
-+ if (rx_stats->is_mybeacon) {
-+ sc->hw_busy_count = 0;
-+ ath_start_rx_poll(sc, 3);
-+ }
-+
-+ if (ath9k_process_rate(common, hw, rx_stats, rx_status)) {
-+ ret =-EINVAL;
-+ goto exit;
-+ }
-+
-+ ath9k_process_rssi(common, hw, rx_stats, rx_status);
-+
-+ rx_status->band = hw->conf.chandef.chan->band;
-+ rx_status->freq = hw->conf.chandef.chan->center_freq;
-+ rx_status->antenna = rx_stats->rs_antenna;
-+ rx_status->flag |= RX_FLAG_MACTIME_END;
-+
-+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+ if (ieee80211_is_data_present(hdr->frame_control) &&
-+ !ieee80211_is_qos_nullfunc(hdr->frame_control))
-+ sc->rx.num_pkts++;
-+#endif
-+
-+exit:
-+ sc->rx.discard_next = false;
-+ return ret;
-+}
-+
-+static void ath9k_rx_skb_postprocess(struct ath_common *common,
-+ struct sk_buff *skb,
-+ struct ath_rx_status *rx_stats,
-+ struct ieee80211_rx_status *rxs,
-+ bool decrypt_error)
-+{
-+ struct ath_hw *ah = common->ah;
-+ struct ieee80211_hdr *hdr;
-+ int hdrlen, padpos, padsize;
-+ u8 keyix;
-+ __le16 fc;
-+
-+ /* see if any padding is done by the hw and remove it */
-+ hdr = (struct ieee80211_hdr *) skb->data;
-+ hdrlen = ieee80211_get_hdrlen_from_skb(skb);
-+ fc = hdr->frame_control;
-+ padpos = ieee80211_hdrlen(fc);
-+
-+ /* The MAC header is padded to have 32-bit boundary if the
-+ * packet payload is non-zero. The general calculation for
-+ * padsize would take into account odd header lengths:
-+ * padsize = (4 - padpos % 4) % 4; However, since only
-+ * even-length headers are used, padding can only be 0 or 2
-+ * bytes and we can optimize this a bit. In addition, we must
-+ * not try to remove padding from short control frames that do
-+ * not have payload. */
-+ padsize = padpos & 3;
-+ if (padsize && skb->len>=padpos+padsize+FCS_LEN) {
-+ memmove(skb->data + padsize, skb->data, padpos);
-+ skb_pull(skb, padsize);
-+ }
-+
-+ keyix = rx_stats->rs_keyix;
-+
-+ if (!(keyix == ATH9K_RXKEYIX_INVALID) && !decrypt_error &&
-+ ieee80211_has_protected(fc)) {
-+ rxs->flag |= RX_FLAG_DECRYPTED;
-+ } else if (ieee80211_has_protected(fc)
-+ && !decrypt_error && skb->len >= hdrlen + 4) {
-+ keyix = skb->data[hdrlen + 3] >> 6;
-+
-+ if (test_bit(keyix, common->keymap))
-+ rxs->flag |= RX_FLAG_DECRYPTED;
-+ }
-+ if (ah->sw_mgmt_crypto &&
-+ (rxs->flag & RX_FLAG_DECRYPTED) &&
-+ ieee80211_is_mgmt(fc))
-+ /* Use software decrypt for management frames. */
-+ rxs->flag &= ~RX_FLAG_DECRYPTED;
-+}
-+
-+/*
-+ * Run the LNA combining algorithm only in these cases:
-+ *
-+ * Standalone WLAN cards with both LNA/Antenna diversity
-+ * enabled in the EEPROM.
-+ *
-+ * WLAN+BT cards which are in the supported card list
-+ * in ath_pci_id_table and the user has loaded the
-+ * driver with "bt_ant_diversity" set to true.
-+ */
-+static void ath9k_antenna_check(struct ath_softc *sc,
-+ struct ath_rx_status *rs)
-+{
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath9k_hw_capabilities *pCap = &ah->caps;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+
-+ if (!(ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB))
-+ return;
-+
-+ /*
-+ * All MPDUs in an aggregate will use the same LNA
-+ * as the first MPDU.
-+ */
-+ if (rs->rs_isaggr && !rs->rs_firstaggr)
-+ return;
-+
-+ /*
-+ * Change the default rx antenna if rx diversity
-+ * chooses the other antenna 3 times in a row.
-+ */
-+ if (sc->rx.defant != rs->rs_antenna) {
-+ if (++sc->rx.rxotherant >= 3)
-+ ath_setdefantenna(sc, rs->rs_antenna);
-+ } else {
-+ sc->rx.rxotherant = 0;
-+ }
-+
-+ if (pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV) {
-+ if (common->bt_ant_diversity)
-+ ath_ant_comb_scan(sc, rs);
-+ } else {
-+ ath_ant_comb_scan(sc, rs);
-+ }
-+}
-+
- static void ath9k_apply_ampdu_details(struct ath_softc *sc,
- struct ath_rx_status *rs, struct ieee80211_rx_status *rxs)
- {
-@@ -1159,15 +1310,12 @@ int ath_rx_tasklet(struct ath_softc *sc,
- struct ath_hw *ah = sc->sc_ah;
- struct ath_common *common = ath9k_hw_common(ah);
- struct ieee80211_hw *hw = sc->hw;
-- struct ieee80211_hdr *hdr;
- int retval;
- struct ath_rx_status rs;
- enum ath9k_rx_qtype qtype;
- bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA);
- int dma_type;
-- u8 rx_status_len = ah->caps.rx_status_len;
- u64 tsf = 0;
-- u32 tsf_lower = 0;
- unsigned long flags;
- dma_addr_t new_buf_addr;
-
-@@ -1179,7 +1327,6 @@ int ath_rx_tasklet(struct ath_softc *sc,
- qtype = hp ? ATH9K_RX_QUEUE_HP : ATH9K_RX_QUEUE_LP;
-
- tsf = ath9k_hw_gettsf64(ah);
-- tsf_lower = tsf & 0xffffffff;
-
- do {
- bool decrypt_error = false;
-@@ -1206,55 +1353,14 @@ int ath_rx_tasklet(struct ath_softc *sc,
- else
- hdr_skb = skb;
-
-- hdr = (struct ieee80211_hdr *) (hdr_skb->data + rx_status_len);
- rxs = IEEE80211_SKB_RXCB(hdr_skb);
-- if (ieee80211_is_beacon(hdr->frame_control)) {
-- RX_STAT_INC(rx_beacons);
-- if (!is_zero_ether_addr(common->curbssid) &&
-- ether_addr_equal(hdr->addr3, common->curbssid))
-- rs.is_mybeacon = true;
-- else
-- rs.is_mybeacon = false;
-- }
-- else
-- rs.is_mybeacon = false;
--
-- if (ieee80211_is_data_present(hdr->frame_control) &&
-- !ieee80211_is_qos_nullfunc(hdr->frame_control))
-- sc->rx.num_pkts++;
--
-- ath_debug_stat_rx(sc, &rs);
--
- memset(rxs, 0, sizeof(struct ieee80211_rx_status));
-
-- rxs->mactime = (tsf & ~0xffffffffULL) | rs.rs_tstamp;
-- if (rs.rs_tstamp > tsf_lower &&
-- unlikely(rs.rs_tstamp - tsf_lower > 0x10000000))
-- rxs->mactime -= 0x100000000ULL;
--
-- if (rs.rs_tstamp < tsf_lower &&
-- unlikely(tsf_lower - rs.rs_tstamp > 0x10000000))
-- rxs->mactime += 0x100000000ULL;
--
-- if (rs.rs_phyerr == ATH9K_PHYERR_RADAR)
-- ath9k_dfs_process_phyerr(sc, hdr, &rs, rxs->mactime);
--
-- if (rs.rs_status & ATH9K_RXERR_PHY) {
-- if (ath_process_fft(sc, hdr, &rs, rxs->mactime)) {
-- RX_STAT_INC(rx_spectral);
-- goto requeue_drop_frag;
-- }
-- }
--
-- retval = ath9k_rx_skb_preprocess(sc, hdr, &rs, rxs,
-- &decrypt_error);
-+ retval = ath9k_rx_skb_preprocess(sc, hdr_skb, &rs, rxs,
-+ &decrypt_error, tsf);
- if (retval)
- goto requeue_drop_frag;
-
-- if (rs.is_mybeacon) {
-- sc->hw_busy_count = 0;
-- ath_start_rx_poll(sc, 3);
-- }
- /* Ensure we always have an skb to requeue once we are done
- * processing the current buffer's skb */
- requeue_skb = ath_rxbuf_alloc(common, common->rx_bufsize, GFP_ATOMIC);
-@@ -1308,8 +1414,6 @@ int ath_rx_tasklet(struct ath_softc *sc,
- sc->rx.frag = skb;
- goto requeue;
- }
-- if (rs.rs_status & ATH9K_RXERR_CORRUPT_DESC)
-- goto requeue_drop_frag;
-
- if (sc->rx.frag) {
- int space = skb->len - skb_tailroom(hdr_skb);
-@@ -1328,22 +1432,6 @@ int ath_rx_tasklet(struct ath_softc *sc,
- skb = hdr_skb;
- }
-
--
-- if (ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) {
--
-- /*
-- * change the default rx antenna if rx diversity
-- * chooses the other antenna 3 times in a row.
-- */
-- if (sc->rx.defant != rs.rs_antenna) {
-- if (++sc->rx.rxotherant >= 3)
-- ath_setdefantenna(sc, rs.rs_antenna);
-- } else {
-- sc->rx.rxotherant = 0;
-- }
--
-- }
--
- if (rxs->flag & RX_FLAG_MMIC_STRIPPED)
- skb_trim(skb, skb->len - 8);
-
-@@ -1355,8 +1443,7 @@ int ath_rx_tasklet(struct ath_softc *sc,
- ath_rx_ps(sc, skb, rs.is_mybeacon);
- spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
-
-- if ((ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) && sc->ant_rx == 3)
-- ath_ant_comb_scan(sc, &rs);
-+ ath9k_antenna_check(sc, &rs);
-
- ath9k_apply_ampdu_details(sc, &rs, rxs);
-
-@@ -1375,7 +1462,7 @@ requeue:
- if (edma) {
- ath_rx_edma_buf_link(sc, qtype);
- } else {
-- ath_rx_buf_link(sc, bf);
-+ ath_rx_buf_relink(sc, bf);
- ath9k_hw_rxena(ah);
- }
- } while (1);
---- a/drivers/net/wireless/ath/ath9k/init.c
-+++ b/drivers/net/wireless/ath/ath9k/init.c
-@@ -53,9 +53,9 @@ static int ath9k_btcoex_enable;
- module_param_named(btcoex_enable, ath9k_btcoex_enable, int, 0444);
- MODULE_PARM_DESC(btcoex_enable, "Enable wifi-BT coexistence");
-
--static int ath9k_enable_diversity;
--module_param_named(enable_diversity, ath9k_enable_diversity, int, 0444);
--MODULE_PARM_DESC(enable_diversity, "Enable Antenna diversity for AR9565");
-+static int ath9k_bt_ant_diversity;
-+module_param_named(bt_ant_diversity, ath9k_bt_ant_diversity, int, 0444);
-+MODULE_PARM_DESC(bt_ant_diversity, "Enable WLAN/BT RX antenna diversity");
-
- bool is_ath9k_unloaded;
- /* We use the hw_value as an index into our private channel structure */
-@@ -516,6 +516,7 @@ static void ath9k_init_misc(struct ath_s
- static void ath9k_init_platform(struct ath_softc *sc)
- {
- struct ath_hw *ah = sc->sc_ah;
-+ struct ath9k_hw_capabilities *pCap = &ah->caps;
- struct ath_common *common = ath9k_hw_common(ah);
-
- if (common->bus_ops->ath_bus_type != ATH_PCI)
-@@ -525,12 +526,27 @@ static void ath9k_init_platform(struct a
- ATH9K_PCI_CUS230)) {
- ah->config.xlna_gpio = 9;
- ah->config.xatten_margin_cfg = true;
-+ ah->config.alt_mingainidx = true;
-+ ah->config.ant_ctrl_comm2g_switch_enable = 0x000BBB88;
-+ sc->ant_comb.low_rssi_thresh = 20;
-+ sc->ant_comb.fast_div_bias = 3;
-
- ath_info(common, "Set parameters for %s\n",
- (sc->driver_data & ATH9K_PCI_CUS198) ?
- "CUS198" : "CUS230");
-- } else if (sc->driver_data & ATH9K_PCI_CUS217) {
-+ }
-+
-+ if (sc->driver_data & ATH9K_PCI_CUS217)
- ath_info(common, "CUS217 card detected\n");
-+
-+ if (sc->driver_data & ATH9K_PCI_BT_ANT_DIV) {
-+ pCap->hw_caps |= ATH9K_HW_CAP_BT_ANT_DIV;
-+ ath_info(common, "Set BT/WLAN RX diversity capability\n");
-+ }
-+
-+ if (sc->driver_data & ATH9K_PCI_D3_L1_WAR) {
-+ ah->config.pcie_waen = 0x0040473b;
-+ ath_info(common, "Enable WAR for ASPM D3/L1\n");
- }
- }
-
-@@ -584,6 +600,7 @@ static int ath9k_init_softc(u16 devid, s
- {
- struct ath9k_platform_data *pdata = sc->dev->platform_data;
- struct ath_hw *ah = NULL;
-+ struct ath9k_hw_capabilities *pCap;
- struct ath_common *common;
- int ret = 0, i;
- int csz = 0;
-@@ -600,6 +617,7 @@ static int ath9k_init_softc(u16 devid, s
- ah->reg_ops.rmw = ath9k_reg_rmw;
- atomic_set(&ah->intr_ref_cnt, -1);
- sc->sc_ah = ah;
-+ pCap = &ah->caps;
-
- sc->dfs_detector = dfs_pattern_detector_init(ah, NL80211_DFS_UNSET);
-
-@@ -631,11 +649,15 @@ static int ath9k_init_softc(u16 devid, s
- ath9k_init_platform(sc);
-
- /*
-- * Enable Antenna diversity only when BTCOEX is disabled
-- * and the user manually requests the feature.
-+ * Enable WLAN/BT RX Antenna diversity only when:
-+ *
-+ * - BTCOEX is disabled.
-+ * - the user manually requests the feature.
-+ * - the HW cap is set using the platform data.
- */
-- if (!common->btcoex_enabled && ath9k_enable_diversity)
-- common->antenna_diversity = 1;
-+ if (!common->btcoex_enabled && ath9k_bt_ant_diversity &&
-+ (pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV))
-+ common->bt_ant_diversity = 1;
-
- spin_lock_init(&common->cc_lock);
-
-@@ -710,13 +732,15 @@ static void ath9k_init_band_txpower(stru
- struct ieee80211_supported_band *sband;
- struct ieee80211_channel *chan;
- struct ath_hw *ah = sc->sc_ah;
-+ struct cfg80211_chan_def chandef;
- int i;
-
- sband = &sc->sbands[band];
- for (i = 0; i < sband->n_channels; i++) {
- chan = &sband->channels[i];
- ah->curchan = &ah->channels[chan->hw_value];
-- ath9k_cmn_update_ichannel(ah->curchan, chan, NL80211_CHAN_HT20);
-+ cfg80211_chandef_create(&chandef, chan, NL80211_CHAN_HT20);
-+ ath9k_cmn_update_ichannel(ah->curchan, &chandef);
- ath9k_hw_set_txpowerlimit(ah, MAX_RATE_POWER, true);
- }
- }
-@@ -802,7 +826,8 @@ void ath9k_set_hw_capab(struct ath_softc
- IEEE80211_HW_PS_NULLFUNC_STACK |
- IEEE80211_HW_SPECTRUM_MGMT |
- IEEE80211_HW_REPORTS_TX_ACK_STATUS |
-- IEEE80211_HW_SUPPORTS_RC_TABLE;
-+ IEEE80211_HW_SUPPORTS_RC_TABLE |
-+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES;
-
- if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) {
- hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
---- a/drivers/net/wireless/ath/carl9170/main.c
-+++ b/drivers/net/wireless/ath/carl9170/main.c
-@@ -1878,7 +1878,8 @@ void *carl9170_alloc(size_t priv_size)
- IEEE80211_HW_PS_NULLFUNC_STACK |
- IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC |
- IEEE80211_HW_SUPPORTS_RC_TABLE |
-- IEEE80211_HW_SIGNAL_DBM;
-+ IEEE80211_HW_SIGNAL_DBM |
-+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES;
-
- if (!modparam_noht) {
- /*
---- a/drivers/net/wireless/rt2x00/rt2800lib.c
-+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
-@@ -6133,7 +6133,8 @@ static int rt2800_probe_hw_mode(struct r
- IEEE80211_HW_SUPPORTS_PS |
- IEEE80211_HW_PS_NULLFUNC_STACK |
- IEEE80211_HW_AMPDU_AGGREGATION |
-- IEEE80211_HW_REPORTS_TX_ACK_STATUS;
-+ IEEE80211_HW_REPORTS_TX_ACK_STATUS |
-+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES;
-
- /*
- * Don't set IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING for USB devices
---- a/include/net/mac80211.h
-+++ b/include/net/mac80211.h
-@@ -152,11 +152,14 @@ struct ieee80211_low_level_stats {
- * @IEEE80211_CHANCTX_CHANGE_WIDTH: The channel width changed
- * @IEEE80211_CHANCTX_CHANGE_RX_CHAINS: The number of RX chains changed
- * @IEEE80211_CHANCTX_CHANGE_RADAR: radar detection flag changed
-+ * @IEEE80211_CHANCTX_CHANGE_CHANNEL: switched to another operating channel,
-+ * this is used only with channel switching with CSA
- */
- enum ieee80211_chanctx_change {
- IEEE80211_CHANCTX_CHANGE_WIDTH = BIT(0),
- IEEE80211_CHANCTX_CHANGE_RX_CHAINS = BIT(1),
- IEEE80211_CHANCTX_CHANGE_RADAR = BIT(2),
-+ IEEE80211_CHANCTX_CHANGE_CHANNEL = BIT(3),
- };
-
- /**
-@@ -1080,6 +1083,7 @@ enum ieee80211_vif_flags {
- * @addr: address of this interface
- * @p2p: indicates whether this AP or STA interface is a p2p
- * interface, i.e. a GO or p2p-sta respectively
-+ * @csa_active: marks whether a channel switch is going on
- * @driver_flags: flags/capabilities the driver has for this interface,
- * these need to be set (or cleared) when the interface is added
- * or, if supported by the driver, the interface type is changed
-@@ -1102,6 +1106,7 @@ struct ieee80211_vif {
- struct ieee80211_bss_conf bss_conf;
- u8 addr[ETH_ALEN];
- bool p2p;
-+ bool csa_active;
-
- u8 cab_queue;
- u8 hw_queue[IEEE80211_NUM_ACS];
-@@ -1499,6 +1504,7 @@ enum ieee80211_hw_flags {
- IEEE80211_HW_SUPPORTS_RC_TABLE = 1<<24,
- IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF = 1<<25,
- IEEE80211_HW_TIMING_BEACON_ONLY = 1<<26,
-+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES = 1<<27,
- };
-
- /**
-@@ -2633,6 +2639,16 @@ enum ieee80211_roc_type {
- * @ipv6_addr_change: IPv6 address assignment on the given interface changed.
- * Currently, this is only called for managed or P2P client interfaces.
- * This callback is optional; it must not sleep.
-+ *
-+ * @channel_switch_beacon: Starts a channel switch to a new channel.
-+ * Beacons are modified to include CSA or ECSA IEs before calling this
-+ * function. The corresponding count fields in these IEs must be
-+ * decremented, and when they reach zero the driver must call
-+ * ieee80211_csa_finish(). Drivers which use ieee80211_beacon_get()
-+ * get the csa counter decremented by mac80211, but must check if it is
-+ * zero using ieee80211_csa_is_complete() after the beacon has been
-+ * transmitted and then call ieee80211_csa_finish().
-+ *
- */
- struct ieee80211_ops {
- void (*tx)(struct ieee80211_hw *hw,
-@@ -2830,6 +2846,9 @@ struct ieee80211_ops {
- struct ieee80211_vif *vif,
- struct inet6_dev *idev);
- #endif
-+ void (*channel_switch_beacon)(struct ieee80211_hw *hw,
-+ struct ieee80211_vif *vif,
-+ struct cfg80211_chan_def *chandef);
- };
-
- /**
-@@ -3325,6 +3344,25 @@ static inline struct sk_buff *ieee80211_
- }
-
- /**
-+ * ieee80211_csa_finish - notify mac80211 about channel switch
-+ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
-+ *
-+ * After a channel switch announcement was scheduled and the counter in this
-+ * announcement hit zero, this function must be called by the driver to
-+ * notify mac80211 that the channel can be changed.
-+ */
-+void ieee80211_csa_finish(struct ieee80211_vif *vif);
-+
-+/**
-+ * ieee80211_csa_is_complete - find out if counters reached zero
-+ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
-+ *
-+ * This function returns whether the channel switch counters reached zero.
-+ */
-+bool ieee80211_csa_is_complete(struct ieee80211_vif *vif);
-+
-+
-+/**
- * ieee80211_proberesp_get - retrieve a Probe Response template
- * @hw: pointer obtained from ieee80211_alloc_hw().
- * @vif: &struct ieee80211_vif pointer from the add_interface callback.
---- a/net/mac80211/cfg.c
-+++ b/net/mac80211/cfg.c
-@@ -854,8 +854,8 @@ static int ieee80211_set_probe_resp(stru
- return 0;
- }
-
--static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
-- struct cfg80211_beacon_data *params)
-+int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
-+ struct cfg80211_beacon_data *params)
- {
- struct beacon_data *new, *old;
- int new_head_len, new_tail_len;
-@@ -1018,6 +1018,12 @@ static int ieee80211_change_beacon(struc
-
- sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-+ /* don't allow changing the beacon while CSA is in place - offset
-+ * of channel switch counter may change
-+ */
-+ if (sdata->vif.csa_active)
-+ return -EBUSY;
-+
- old = rtnl_dereference(sdata->u.ap.beacon);
- if (!old)
- return -ENOENT;
-@@ -1042,6 +1048,10 @@ static int ieee80211_stop_ap(struct wiph
- return -ENOENT;
- old_probe_resp = rtnl_dereference(sdata->u.ap.probe_resp);
-
-+ /* abort any running channel switch */
-+ sdata->vif.csa_active = false;
-+ cancel_work_sync(&sdata->csa_finalize_work);
-+
- /* turn off carrier for this interface and dependent VLANs */
- list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
- netif_carrier_off(vlan->dev);
-@@ -2784,6 +2794,178 @@ static int ieee80211_start_radar_detecti
- return 0;
- }
-
-+static struct cfg80211_beacon_data *
-+cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
-+{
-+ struct cfg80211_beacon_data *new_beacon;
-+ u8 *pos;
-+ int len;
-+
-+ len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
-+ beacon->proberesp_ies_len + beacon->assocresp_ies_len +
-+ beacon->probe_resp_len;
-+
-+ new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL);
-+ if (!new_beacon)
-+ return NULL;
-+
-+ pos = (u8 *)(new_beacon + 1);
-+ if (beacon->head_len) {
-+ new_beacon->head_len = beacon->head_len;
-+ new_beacon->head = pos;
-+ memcpy(pos, beacon->head, beacon->head_len);
-+ pos += beacon->head_len;
-+ }
-+ if (beacon->tail_len) {
-+ new_beacon->tail_len = beacon->tail_len;
-+ new_beacon->tail = pos;
-+ memcpy(pos, beacon->tail, beacon->tail_len);
-+ pos += beacon->tail_len;
-+ }
-+ if (beacon->beacon_ies_len) {
-+ new_beacon->beacon_ies_len = beacon->beacon_ies_len;
-+ new_beacon->beacon_ies = pos;
-+ memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len);
-+ pos += beacon->beacon_ies_len;
-+ }
-+ if (beacon->proberesp_ies_len) {
-+ new_beacon->proberesp_ies_len = beacon->proberesp_ies_len;
-+ new_beacon->proberesp_ies = pos;
-+ memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len);
-+ pos += beacon->proberesp_ies_len;
-+ }
-+ if (beacon->assocresp_ies_len) {
-+ new_beacon->assocresp_ies_len = beacon->assocresp_ies_len;
-+ new_beacon->assocresp_ies = pos;
-+ memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len);
-+ pos += beacon->assocresp_ies_len;
-+ }
-+ if (beacon->probe_resp_len) {
-+ new_beacon->probe_resp_len = beacon->probe_resp_len;
-+ beacon->probe_resp = pos;
-+ memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
-+ pos += beacon->probe_resp_len;
-+ }
-+
-+ return new_beacon;
-+}
-+
-+void ieee80211_csa_finalize_work(struct work_struct *work)
-+{
-+ struct ieee80211_sub_if_data *sdata =
-+ container_of(work, struct ieee80211_sub_if_data,
-+ csa_finalize_work);
-+ struct ieee80211_local *local = sdata->local;
-+ int err, changed;
-+
-+ if (!ieee80211_sdata_running(sdata))
-+ return;
-+
-+ if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP))
-+ return;
-+
-+ sdata->radar_required = sdata->csa_radar_required;
-+ err = ieee80211_vif_change_channel(sdata, &local->csa_chandef,
-+ &changed);
-+ if (WARN_ON(err < 0))
-+ return;
-+
-+ err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
-+ if (err < 0)
-+ return;
-+
-+ changed |= err;
-+ kfree(sdata->u.ap.next_beacon);
-+ sdata->u.ap.next_beacon = NULL;
-+ sdata->vif.csa_active = false;
-+
-+ ieee80211_wake_queues_by_reason(&sdata->local->hw,
-+ IEEE80211_MAX_QUEUE_MAP,
-+ IEEE80211_QUEUE_STOP_REASON_CSA);
-+
-+ ieee80211_bss_info_change_notify(sdata, changed);
-+
-+ cfg80211_ch_switch_notify(sdata->dev, &local->csa_chandef);
-+}
-+
-+static int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
-+ struct cfg80211_csa_settings *params)
-+{
-+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-+ struct ieee80211_local *local = sdata->local;
-+ struct ieee80211_chanctx_conf *chanctx_conf;
-+ struct ieee80211_chanctx *chanctx;
-+ int err, num_chanctx;
-+
-+ if (!list_empty(&local->roc_list) || local->scanning)
-+ return -EBUSY;
-+
-+ if (sdata->wdev.cac_started)
-+ return -EBUSY;
-+
-+ if (cfg80211_chandef_identical(¶ms->chandef,
-+ &sdata->vif.bss_conf.chandef))
-+ return -EINVAL;
-+
-+ rcu_read_lock();
-+ chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
-+ if (!chanctx_conf) {
-+ rcu_read_unlock();
-+ return -EBUSY;
-+ }
-+
-+ /* don't handle for multi-VIF cases */
-+ chanctx = container_of(chanctx_conf, struct ieee80211_chanctx, conf);
-+ if (chanctx->refcount > 1) {
-+ rcu_read_unlock();
-+ return -EBUSY;
-+ }
-+ num_chanctx = 0;
-+ list_for_each_entry_rcu(chanctx, &local->chanctx_list, list)
-+ num_chanctx++;
-+ rcu_read_unlock();
-+
-+ if (num_chanctx > 1)
-+ return -EBUSY;
-+
-+ /* don't allow another channel switch if one is already active. */
-+ if (sdata->vif.csa_active)
-+ return -EBUSY;
-+
-+ /* only handle AP for now. */
-+ switch (sdata->vif.type) {
-+ case NL80211_IFTYPE_AP:
-+ break;
-+ default:
-+ return -EOPNOTSUPP;
-+ }
-+
-+ sdata->u.ap.next_beacon = cfg80211_beacon_dup(¶ms->beacon_after);
-+ if (!sdata->u.ap.next_beacon)
-+ return -ENOMEM;
-+
-+ sdata->csa_counter_offset_beacon = params->counter_offset_beacon;
-+ sdata->csa_counter_offset_presp = params->counter_offset_presp;
-+ sdata->csa_radar_required = params->radar_required;
-+
-+ if (params->block_tx)
-+ ieee80211_stop_queues_by_reason(&local->hw,
-+ IEEE80211_MAX_QUEUE_MAP,
-+ IEEE80211_QUEUE_STOP_REASON_CSA);
-+
-+ err = ieee80211_assign_beacon(sdata, ¶ms->beacon_csa);
-+ if (err < 0)
-+ return err;
-+
-+ local->csa_chandef = params->chandef;
-+ sdata->vif.csa_active = true;
-+
-+ ieee80211_bss_info_change_notify(sdata, err);
-+ drv_channel_switch_beacon(sdata, ¶ms->chandef);
-+
-+ return 0;
-+}
-+
- static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
- struct ieee80211_channel *chan, bool offchan,
- unsigned int wait, const u8 *buf, size_t len,
-@@ -3501,4 +3683,5 @@ struct cfg80211_ops mac80211_config_ops
- .get_et_strings = ieee80211_get_et_strings,
- .get_channel = ieee80211_cfg_get_channel,
- .start_radar_detection = ieee80211_start_radar_detection,
-+ .channel_switch = ieee80211_channel_switch,
- };
---- a/net/mac80211/chan.c
-+++ b/net/mac80211/chan.c
-@@ -410,6 +410,64 @@ int ieee80211_vif_use_channel(struct iee
- return ret;
- }
-
-+int ieee80211_vif_change_channel(struct ieee80211_sub_if_data *sdata,
-+ const struct cfg80211_chan_def *chandef,
-+ u32 *changed)
-+{
-+ struct ieee80211_local *local = sdata->local;
-+ struct ieee80211_chanctx_conf *conf;
-+ struct ieee80211_chanctx *ctx;
-+ int ret;
-+ u32 chanctx_changed = 0;
-+
-+ /* should never be called if not performing a channel switch. */
-+ if (WARN_ON(!sdata->vif.csa_active))
-+ return -EINVAL;
-+
-+ if (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
-+ IEEE80211_CHAN_DISABLED))
-+ return -EINVAL;
-+
-+ mutex_lock(&local->chanctx_mtx);
-+ conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
-+ lockdep_is_held(&local->chanctx_mtx));
-+ if (!conf) {
-+ ret = -EINVAL;
-+ goto out;
-+ }
-+
-+ ctx = container_of(conf, struct ieee80211_chanctx, conf);
-+ if (ctx->refcount != 1) {
-+ ret = -EINVAL;
-+ goto out;
-+ }
-+
-+ if (sdata->vif.bss_conf.chandef.width != chandef->width) {
-+ chanctx_changed = IEEE80211_CHANCTX_CHANGE_WIDTH;
-+ *changed |= BSS_CHANGED_BANDWIDTH;
-+ }
-+
-+ sdata->vif.bss_conf.chandef = *chandef;
-+ ctx->conf.def = *chandef;
-+
-+ chanctx_changed |= IEEE80211_CHANCTX_CHANGE_CHANNEL;
-+ drv_change_chanctx(local, ctx, chanctx_changed);
-+
-+ if (!local->use_chanctx) {
-+ local->_oper_chandef = *chandef;
-+ ieee80211_hw_config(local, 0);
-+ }
-+
-+ ieee80211_recalc_chanctx_chantype(local, ctx);
-+ ieee80211_recalc_smps_chanctx(local, ctx);
-+ ieee80211_recalc_radar_chanctx(local, ctx);
-+
-+ ret = 0;
-+ out:
-+ mutex_unlock(&local->chanctx_mtx);
-+ return ret;
-+}
-+
- int ieee80211_vif_change_bandwidth(struct ieee80211_sub_if_data *sdata,
- const struct cfg80211_chan_def *chandef,
- u32 *changed)
---- a/net/mac80211/driver-ops.h
-+++ b/net/mac80211/driver-ops.h
-@@ -1104,4 +1104,17 @@ static inline void drv_ipv6_addr_change(
- }
- #endif
-
-+static inline void
-+drv_channel_switch_beacon(struct ieee80211_sub_if_data *sdata,
-+ struct cfg80211_chan_def *chandef)
-+{
-+ struct ieee80211_local *local = sdata->local;
-+
-+ if (local->ops->channel_switch_beacon) {
-+ trace_drv_channel_switch_beacon(local, sdata, chandef);
-+ local->ops->channel_switch_beacon(&local->hw, &sdata->vif,
-+ chandef);
-+ }
-+}
-+
- #endif /* __MAC80211_DRIVER_OPS */
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -53,9 +53,6 @@ struct ieee80211_local;
- * increased memory use (about 2 kB of RAM per entry). */
- #define IEEE80211_FRAGMENT_MAX 4
-
--#define TU_TO_JIFFIES(x) (usecs_to_jiffies((x) * 1024))
--#define TU_TO_EXP_TIME(x) (jiffies + TU_TO_JIFFIES(x))
--
- /* power level hasn't been configured (or set to automatic) */
- #define IEEE80211_UNSET_POWER_LEVEL INT_MIN
-
-@@ -259,6 +256,8 @@ struct ieee80211_if_ap {
- struct beacon_data __rcu *beacon;
- struct probe_resp __rcu *probe_resp;
-
-+ /* to be used after channel switch. */
-+ struct cfg80211_beacon_data *next_beacon;
- struct list_head vlans;
-
- struct ps_data ps;
-@@ -713,6 +712,11 @@ struct ieee80211_sub_if_data {
-
- struct ieee80211_tx_queue_params tx_conf[IEEE80211_NUM_ACS];
-
-+ struct work_struct csa_finalize_work;
-+ int csa_counter_offset_beacon;
-+ int csa_counter_offset_presp;
-+ bool csa_radar_required;
-+
- /* used to reconfigure hardware SM PS */
- struct work_struct recalc_smps;
-
-@@ -1346,6 +1350,9 @@ void ieee80211_roc_notify_destroy(struct
- void ieee80211_sw_roc_work(struct work_struct *work);
- void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
-
-+/* channel switch handling */
-+void ieee80211_csa_finalize_work(struct work_struct *work);
-+
- /* interface handling */
- int ieee80211_iface_init(void);
- void ieee80211_iface_exit(void);
-@@ -1367,6 +1374,8 @@ void ieee80211_del_virtual_monitor(struc
-
- bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
- void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
-+int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
-+ struct cfg80211_beacon_data *params);
-
- static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata)
- {
-@@ -1627,6 +1636,11 @@ int __must_check
- ieee80211_vif_change_bandwidth(struct ieee80211_sub_if_data *sdata,
- const struct cfg80211_chan_def *chandef,
- u32 *changed);
-+/* NOTE: only use ieee80211_vif_change_channel() for channel switch */
-+int __must_check
-+ieee80211_vif_change_channel(struct ieee80211_sub_if_data *sdata,
-+ const struct cfg80211_chan_def *chandef,
-+ u32 *changed);
- void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata);
- void ieee80211_vif_vlan_copy_chanctx(struct ieee80211_sub_if_data *sdata);
- void ieee80211_vif_copy_chanctx_to_vlans(struct ieee80211_sub_if_data *sdata,
---- a/net/mac80211/trace.h
-+++ b/net/mac80211/trace.h
-@@ -1906,6 +1906,32 @@ TRACE_EVENT(api_radar_detected,
- )
- );
-
-+TRACE_EVENT(drv_channel_switch_beacon,
-+ TP_PROTO(struct ieee80211_local *local,
-+ struct ieee80211_sub_if_data *sdata,
-+ struct cfg80211_chan_def *chandef),
-+
-+ TP_ARGS(local, sdata, chandef),
-+
-+ TP_STRUCT__entry(
-+ LOCAL_ENTRY
-+ VIF_ENTRY
-+ CHANDEF_ENTRY
-+ ),
-+
-+ TP_fast_assign(
-+ LOCAL_ASSIGN;
-+ VIF_ASSIGN;
-+ CHANDEF_ASSIGN(chandef);
-+ ),
-+
-+ TP_printk(
-+ LOCAL_PR_FMT VIF_PR_FMT " channel switch to " CHANDEF_PR_FMT,
-+ LOCAL_PR_ARG, VIF_PR_ARG, CHANDEF_PR_ARG
-+ )
-+);
-+
-+
- #ifdef CPTCFG_MAC80211_MESSAGE_TRACING
- #undef TRACE_SYSTEM
- #define TRACE_SYSTEM mac80211_msg
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -2326,6 +2326,81 @@ static int ieee80211_beacon_add_tim(stru
- return 0;
- }
-
-+void ieee80211_csa_finish(struct ieee80211_vif *vif)
-+{
-+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
-+
-+ ieee80211_queue_work(&sdata->local->hw,
-+ &sdata->csa_finalize_work);
-+}
-+EXPORT_SYMBOL(ieee80211_csa_finish);
-+
-+static void ieee80211_update_csa(struct ieee80211_sub_if_data *sdata,
-+ struct beacon_data *beacon)
-+{
-+ struct probe_resp *resp;
-+ int counter_offset_beacon = sdata->csa_counter_offset_beacon;
-+ int counter_offset_presp = sdata->csa_counter_offset_presp;
-+
-+ /* warn if the driver did not check for/react to csa completeness */
-+ if (WARN_ON(((u8 *)beacon->tail)[counter_offset_beacon] == 0))
-+ return;
-+
-+ ((u8 *)beacon->tail)[counter_offset_beacon]--;
-+
-+ if (sdata->vif.type == NL80211_IFTYPE_AP &&
-+ counter_offset_presp) {
-+ rcu_read_lock();
-+ resp = rcu_dereference(sdata->u.ap.probe_resp);
-+
-+ /* if nl80211 accepted the offset, this should not happen. */
-+ if (WARN_ON(!resp)) {
-+ rcu_read_unlock();
-+ return;
-+ }
-+ resp->data[counter_offset_presp]--;
-+ rcu_read_unlock();
-+ }
-+}
-+
-+bool ieee80211_csa_is_complete(struct ieee80211_vif *vif)
-+{
-+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
-+ struct beacon_data *beacon = NULL;
-+ u8 *beacon_data;
-+ size_t beacon_data_len;
-+ int counter_beacon = sdata->csa_counter_offset_beacon;
-+ int ret = false;
-+
-+ if (!ieee80211_sdata_running(sdata))
-+ return false;
-+
-+ rcu_read_lock();
-+ if (vif->type == NL80211_IFTYPE_AP) {
-+ struct ieee80211_if_ap *ap = &sdata->u.ap;
-+
-+ beacon = rcu_dereference(ap->beacon);
-+ if (WARN_ON(!beacon || !beacon->tail))
-+ goto out;
-+ beacon_data = beacon->tail;
-+ beacon_data_len = beacon->tail_len;
-+ } else {
-+ WARN_ON(1);
-+ goto out;
-+ }
-+
-+ if (WARN_ON(counter_beacon > beacon_data_len))
-+ goto out;
-+
-+ if (beacon_data[counter_beacon] == 0)
-+ ret = true;
-+ out:
-+ rcu_read_unlock();
-+
-+ return ret;
-+}
-+EXPORT_SYMBOL(ieee80211_csa_is_complete);
-+
- struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif,
- u16 *tim_offset, u16 *tim_length)
-@@ -2356,6 +2431,9 @@ struct sk_buff *ieee80211_beacon_get_tim
- struct beacon_data *beacon = rcu_dereference(ap->beacon);
-
- if (beacon) {
-+ if (sdata->vif.csa_active)
-+ ieee80211_update_csa(sdata, beacon);
-+
- /*
- * headroom, head length,
- * tail length and maximum TIM length
---- a/net/wireless/rdev-ops.h
-+++ b/net/wireless/rdev-ops.h
-@@ -923,4 +923,16 @@ static inline void rdev_crit_proto_stop(
- trace_rdev_return_void(&rdev->wiphy);
- }
-
-+static inline int rdev_channel_switch(struct cfg80211_registered_device *rdev,
-+ struct net_device *dev,
-+ struct cfg80211_csa_settings *params)
-+{
-+ int ret;
-+
-+ trace_rdev_channel_switch(&rdev->wiphy, dev, params);
-+ ret = rdev->ops->channel_switch(&rdev->wiphy, dev, params);
-+ trace_rdev_return_int(&rdev->wiphy, ret);
-+ return ret;
-+}
-+
- #endif /* __CFG80211_RDEV_OPS */
---- a/net/wireless/trace.h
-+++ b/net/wireless/trace.h
-@@ -1841,6 +1841,39 @@ TRACE_EVENT(rdev_crit_proto_stop,
- WIPHY_PR_ARG, WDEV_PR_ARG)
- );
-
-+TRACE_EVENT(rdev_channel_switch,
-+ TP_PROTO(struct wiphy *wiphy, struct net_device *netdev,
-+ struct cfg80211_csa_settings *params),
-+ TP_ARGS(wiphy, netdev, params),
-+ TP_STRUCT__entry(
-+ WIPHY_ENTRY
-+ NETDEV_ENTRY
-+ CHAN_DEF_ENTRY
-+ __field(u16, counter_offset_beacon)
-+ __field(u16, counter_offset_presp)
-+ __field(bool, radar_required)
-+ __field(bool, block_tx)
-+ __field(u8, count)
-+ ),
-+ TP_fast_assign(
-+ WIPHY_ASSIGN;
-+ NETDEV_ASSIGN;
-+ CHAN_DEF_ASSIGN(¶ms->chandef);
-+ __entry->counter_offset_beacon = params->counter_offset_beacon;
-+ __entry->counter_offset_presp = params->counter_offset_presp;
-+ __entry->radar_required = params->radar_required;
-+ __entry->block_tx = params->block_tx;
-+ __entry->count = params->count;
-+ ),
-+ TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", " CHAN_DEF_PR_FMT
-+ ", block_tx: %d, count: %u, radar_required: %d"
-+ ", counter offsets (beacon/presp): %u/%u",
-+ WIPHY_PR_ARG, NETDEV_PR_ARG, CHAN_DEF_PR_ARG,
-+ __entry->block_tx, __entry->count, __entry->radar_required,
-+ __entry->counter_offset_beacon,
-+ __entry->counter_offset_presp)
-+);
-+
- /*************************************************************
- * cfg80211 exported functions traces *
- *************************************************************/
---- a/drivers/net/wireless/ath/ath.h
-+++ b/drivers/net/wireless/ath/ath.h
-@@ -159,7 +159,7 @@ struct ath_common {
-
- bool btcoex_enabled;
- bool disable_ani;
-- bool antenna_diversity;
-+ bool bt_ant_diversity;
- };
-
- struct sk_buff *ath_rxbuf_alloc(struct ath_common *common,
---- a/drivers/net/wireless/ath/ath9k/antenna.c
-+++ b/drivers/net/wireless/ath/ath9k/antenna.c
-@@ -16,37 +16,119 @@
-
- #include "ath9k.h"
-
--static inline bool ath_is_alt_ant_ratio_better(int alt_ratio, int maxdelta,
-+/*
-+ * AR9285
-+ * ======
-+ *
-+ * EEPROM has 2 4-bit fields containing the card configuration.
-+ *
-+ * antdiv_ctl1:
-+ * ------------
-+ * bb_enable_ant_div_lnadiv : 1
-+ * bb_ant_div_alt_gaintb : 1
-+ * bb_ant_div_main_gaintb : 1
-+ * bb_enable_ant_fast_div : 1
-+ *
-+ * antdiv_ctl2:
-+ * -----------
-+ * bb_ant_div_alt_lnaconf : 2
-+ * bb_ant_div_main_lnaconf : 2
-+ *
-+ * The EEPROM bits are used as follows:
-+ * ------------------------------------
-+ *
-+ * bb_enable_ant_div_lnadiv - Enable LNA path rx antenna diversity/combining.
-+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL.
-+ *
-+ * bb_ant_div_[alt/main]_gaintb - 0 -> Antenna config Alt/Main uses gaintable 0
-+ * 1 -> Antenna config Alt/Main uses gaintable 1
-+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL.
-+ *
-+ * bb_enable_ant_fast_div - Enable fast antenna diversity.
-+ * Set in AR_PHY_CCK_DETECT.
-+ *
-+ * bb_ant_div_[alt/main]_lnaconf - Alt/Main LNA diversity/combining input config.
-+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL.
-+ * 10=LNA1
-+ * 01=LNA2
-+ * 11=LNA1+LNA2
-+ * 00=LNA1-LNA2
-+ *
-+ * AR9485 / AR9565 / AR9331
-+ * ========================
-+ *
-+ * The same bits are present in the EEPROM, but the location in the
-+ * EEPROM is different (ant_div_control in ar9300_BaseExtension_1).
-+ *
-+ * ant_div_alt_lnaconf ==> bit 0~1
-+ * ant_div_main_lnaconf ==> bit 2~3
-+ * ant_div_alt_gaintb ==> bit 4
-+ * ant_div_main_gaintb ==> bit 5
-+ * enable_ant_div_lnadiv ==> bit 6
-+ * enable_ant_fast_div ==> bit 7
-+ */
-+
-+static inline bool ath_is_alt_ant_ratio_better(struct ath_ant_comb *antcomb,
-+ int alt_ratio, int maxdelta,
- int mindelta, int main_rssi_avg,
- int alt_rssi_avg, int pkt_count)
- {
-- return (((alt_ratio >= ATH_ANT_DIV_COMB_ALT_ANT_RATIO2) &&
-- (alt_rssi_avg > main_rssi_avg + maxdelta)) ||
-- (alt_rssi_avg > main_rssi_avg + mindelta)) && (pkt_count > 50);
-+ if (pkt_count <= 50)
-+ return false;
-+
-+ if (alt_rssi_avg > main_rssi_avg + mindelta)
-+ return true;
-+
-+ if (alt_ratio >= antcomb->ant_ratio2 &&
-+ alt_rssi_avg >= antcomb->low_rssi_thresh &&
-+ (alt_rssi_avg > main_rssi_avg + maxdelta))
-+ return true;
-+
-+ return false;
- }
-
--static inline bool ath_ant_div_comb_alt_check(u8 div_group, int alt_ratio,
-- int curr_main_set, int curr_alt_set,
-- int alt_rssi_avg, int main_rssi_avg)
-+static inline bool ath_ant_div_comb_alt_check(struct ath_hw_antcomb_conf *conf,
-+ struct ath_ant_comb *antcomb,
-+ int alt_ratio, int alt_rssi_avg,
-+ int main_rssi_avg)
- {
-- bool result = false;
-- switch (div_group) {
-+ bool result, set1, set2;
-+
-+ result = set1 = set2 = false;
-+
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2 &&
-+ conf->alt_lna_conf == ATH_ANT_DIV_COMB_LNA1)
-+ set1 = true;
-+
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA1 &&
-+ conf->alt_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ set2 = true;
-+
-+ switch (conf->div_group) {
- case 0:
- if (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO)
- result = true;
- break;
- case 1:
- case 2:
-- if ((((curr_main_set == ATH_ANT_DIV_COMB_LNA2) &&
-- (curr_alt_set == ATH_ANT_DIV_COMB_LNA1) &&
-- (alt_rssi_avg >= (main_rssi_avg - 5))) ||
-- ((curr_main_set == ATH_ANT_DIV_COMB_LNA1) &&
-- (curr_alt_set == ATH_ANT_DIV_COMB_LNA2) &&
-- (alt_rssi_avg >= (main_rssi_avg - 2)))) &&
-- (alt_rssi_avg >= 4))
-+ if (alt_rssi_avg < 4 || alt_rssi_avg < antcomb->low_rssi_thresh)
-+ break;
-+
-+ if ((set1 && (alt_rssi_avg >= (main_rssi_avg - 5))) ||
-+ (set2 && (alt_rssi_avg >= (main_rssi_avg - 2))) ||
-+ (alt_ratio > antcomb->ant_ratio))
- result = true;
-- else
-- result = false;
-+
-+ break;
-+ case 3:
-+ if (alt_rssi_avg < 4 || alt_rssi_avg < antcomb->low_rssi_thresh)
-+ break;
-+
-+ if ((set1 && (alt_rssi_avg >= (main_rssi_avg - 3))) ||
-+ (set2 && (alt_rssi_avg >= (main_rssi_avg + 3))) ||
-+ (alt_ratio > antcomb->ant_ratio))
-+ result = true;
-+
- break;
- }
-
-@@ -108,6 +190,74 @@ static void ath_lnaconf_alt_good_scan(st
- }
- }
-
-+static void ath_ant_set_alt_ratio(struct ath_ant_comb *antcomb,
-+ struct ath_hw_antcomb_conf *conf)
-+{
-+ /* set alt to the conf with maximun ratio */
-+ if (antcomb->first_ratio && antcomb->second_ratio) {
-+ if (antcomb->rssi_second > antcomb->rssi_third) {
-+ /* first alt*/
-+ if ((antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) ||
-+ (antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2))
-+ /* Set alt LNA1 or LNA2*/
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1;
-+ else
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2;
-+ else
-+ /* Set alt to A+B or A-B */
-+ conf->alt_lna_conf =
-+ antcomb->first_quick_scan_conf;
-+ } else if ((antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) ||
-+ (antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2)) {
-+ /* Set alt LNA1 or LNA2 */
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1;
-+ else
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2;
-+ } else {
-+ /* Set alt to A+B or A-B */
-+ conf->alt_lna_conf = antcomb->second_quick_scan_conf;
-+ }
-+ } else if (antcomb->first_ratio) {
-+ /* first alt */
-+ if ((antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) ||
-+ (antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2))
-+ /* Set alt LNA1 or LNA2 */
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1;
-+ else
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2;
-+ else
-+ /* Set alt to A+B or A-B */
-+ conf->alt_lna_conf = antcomb->first_quick_scan_conf;
-+ } else if (antcomb->second_ratio) {
-+ /* second alt */
-+ if ((antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) ||
-+ (antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2))
-+ /* Set alt LNA1 or LNA2 */
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1;
-+ else
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2;
-+ else
-+ /* Set alt to A+B or A-B */
-+ conf->alt_lna_conf = antcomb->second_quick_scan_conf;
-+ } else {
-+ /* main is largest */
-+ if ((antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) ||
-+ (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2))
-+ /* Set alt LNA1 or LNA2 */
-+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2)
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1;
-+ else
-+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2;
-+ else
-+ /* Set alt to A+B or A-B */
-+ conf->alt_lna_conf = antcomb->main_conf;