---- a/net/mac80211/agg-rx.c
-+++ b/net/mac80211/agg-rx.c
-@@ -204,6 +204,8 @@ static void ieee80211_send_addba_resp(st
- memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
- else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
- memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
-+ else if (sdata->vif.type == NL80211_IFTYPE_WDS)
-+ memcpy(mgmt->bssid, da, ETH_ALEN);
-
- mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
- IEEE80211_STYPE_ACTION);
---- a/net/mac80211/agg-tx.c
-+++ b/net/mac80211/agg-tx.c
-@@ -81,7 +81,8 @@ static void ieee80211_send_addba_request
- memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
- if (sdata->vif.type == NL80211_IFTYPE_AP ||
- sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
-- sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
-+ sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
-+ sdata->vif.type == NL80211_IFTYPE_WDS)
- memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
- else if (sdata->vif.type == NL80211_IFTYPE_STATION)
- memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
-@@ -527,6 +528,7 @@ int ieee80211_start_tx_ba_session(struct
- sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
- sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
- sdata->vif.type != NL80211_IFTYPE_AP &&
-+ sdata->vif.type != NL80211_IFTYPE_WDS &&
- sdata->vif.type != NL80211_IFTYPE_ADHOC)
- return -EINVAL;
-
---- a/net/mac80211/debugfs_sta.c
-+++ b/net/mac80211/debugfs_sta.c
-@@ -66,11 +66,11 @@ static ssize_t sta_flags_read(struct fil
- test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
-
- int res = scnprintf(buf, sizeof(buf),
-- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
-+ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
- TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
- TEST(PS_DRIVER), TEST(AUTHORIZED),
- TEST(SHORT_PREAMBLE),
-- TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
-+ TEST(WME), TEST(CLEAR_PS_FILT),
- TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
- TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
- TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT),
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -463,7 +463,6 @@ int ieee80211_do_open(struct wireless_de
- struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
- struct net_device *dev = wdev->netdev;
- struct ieee80211_local *local = sdata->local;
-- struct sta_info *sta;
- u32 changed = 0;
- int res;
- u32 hw_reconf_flags = 0;
-@@ -629,30 +628,8 @@ int ieee80211_do_open(struct wireless_de
-
- set_bit(SDATA_STATE_RUNNING, &sdata->state);
-
-- if (sdata->vif.type == NL80211_IFTYPE_WDS) {
-- /* Create STA entry for the WDS peer */
-- sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
-- GFP_KERNEL);
-- if (!sta) {
-- res = -ENOMEM;
-- goto err_del_interface;
-- }
--
-- sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
-- sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
-- sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
--
-- res = sta_info_insert(sta);
-- if (res) {
-- /* STA has been freed */
-- goto err_del_interface;
-- }
--
-- rate_control_rate_init(sta);
-- netif_carrier_on(dev);
-- } else if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
-+ if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
- rcu_assign_pointer(local->p2p_sdata, sdata);
-- }
-
- /*
- * set_multicast_list will be invoked by the networking core
-@@ -1116,6 +1093,74 @@ static void ieee80211_if_setup(struct ne
- dev->destructor = free_netdev;
- }
-
-+static void ieee80211_wds_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
-+ struct sk_buff *skb)
-+{
-+ struct ieee80211_local *local = sdata->local;
-+ struct ieee80211_rx_status *rx_status;
-+ struct ieee802_11_elems elems;
-+ struct ieee80211_mgmt *mgmt;
-+ struct sta_info *sta;
-+ size_t baselen;
-+ u32 rates = 0;
-+ u16 stype;
-+ bool new = false;
-+ enum ieee80211_band band;
-+ struct ieee80211_supported_band *sband;
-+
-+ rx_status = IEEE80211_SKB_RXCB(skb);
-+ band = rx_status->band;
-+ sband = local->hw.wiphy->bands[band];
-+ mgmt = (struct ieee80211_mgmt *) skb->data;
-+ stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
-+
-+ if (stype != IEEE80211_STYPE_BEACON)
-+ return;
-+
-+ baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
-+ if (baselen > skb->len)
-+ return;
-+
-+ ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
-+ skb->len - baselen, false, &elems);
-+
-+ rates = ieee80211_sta_get_rates(local, &elems, band, NULL);
-+
-+ rcu_read_lock();
-+
-+ sta = sta_info_get(sdata, sdata->u.wds.remote_addr);
-+
-+ if (!sta) {
-+ rcu_read_unlock();
-+ sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
-+ GFP_KERNEL);
-+ if (!sta)
-+ return;
-+
-+ new = true;
-+ }
-+
-+ sta->last_rx = jiffies;
-+ sta->sta.supp_rates[band] = rates;
-+
-+ if (elems.ht_cap_elem)
-+ ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
-+ elems.ht_cap_elem, sta);
-+
-+ if (elems.wmm_param)
-+ set_sta_flag(sta, WLAN_STA_WME);
-+
-+ if (new) {
-+ sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
-+ sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
-+ sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
-+ rate_control_rate_init(sta);
-+ sta_info_insert_rcu(sta);
-+ }
-+
-+ rcu_read_unlock();
-+}
-+
- static void ieee80211_iface_work(struct work_struct *work)
- {
- struct ieee80211_sub_if_data *sdata =
-@@ -1220,6 +1265,9 @@ static void ieee80211_iface_work(struct
- break;
- ieee80211_mesh_rx_queued_mgmt(sdata, skb);
- break;
-+ case NL80211_IFTYPE_WDS:
-+ ieee80211_wds_rx_queued_mgmt(sdata, skb);
-+ break;
- default:
- WARN(1, "frame for unexpected interface type");
- break;
---- a/net/mac80211/rc80211_minstrel_ht.c
-+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -804,10 +804,18 @@ minstrel_ht_get_rate(void *priv, struct
-
- sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES];
- info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
-+ rate->count = 1;
+commit de5f242e0c10e841017e37eb8c38974a642dbca8
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Tue Jan 28 06:21:59 2014 +0530
+
+ ath9k: Fix build error on ARM
+
+ Use mdelay instead of udelay to fix this error:
+
+ ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined!
+ make[1]: *** [__modpost] Error 1
+ make: *** [modules] Error 2
+
+ Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a
+Author: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Sun Jan 26 11:53:21 2014 +0100
+
+ ath9k: Fix uninitialized variable in ath9k_has_tx_pending()
+
+ drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’:
+ drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function
+
+ Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k:
+ optimize ath9k_flush").
+
+ Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6
+Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Mon Jan 27 11:07:42 2014 +0200
+
+ mac80211: release the channel in error path in start_ap
+
+ When the driver cannot start the AP or when the assignement
+ of the beacon goes wrong, we need to unassign the vif.
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit dfb6889a75c601aedb7450b7e606668e77da6679
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Wed Jan 22 11:14:19 2014 +0200
+
+ cfg80211: send scan results from work queue
+
+ Due to the previous commit, when a scan finishes, it is in theory
+ possible to hit the following sequence:
+ 1. interface starts being removed
+ 2. scan is cancelled by driver and cfg80211 is notified
+ 3. scan done work is scheduled
+ 4. interface is removed completely, rdev->scan_req is freed,
+ event sent to userspace but scan done work remains pending
+ 5. new scan is requested on another virtual interface
+ 6. scan done work runs, freeing the still-running scan
+
+ To fix this situation, hang on to the scan done message and block
+ new scans while that is the case, and only send the message from
+ the work function, regardless of whether the scan_req is already
+ freed from interface removal. This makes step 5 above impossible
+ and changes step 6 to be
+ 5. scan done work runs, sending the scan done message
+
+ As this can't work for wext, so we send the message immediately,
+ but this shouldn't be an issue since we still return -EBUSY.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 45b7ab41fc08627d9a8428cb413d5d84662a9707
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Wed Jan 22 11:14:18 2014 +0200
+
+ cfg80211: fix scan done race
+
+ When an interface/wdev is removed, any ongoing scan should be
+ cancelled by the driver. This will make it call cfg80211, which
+ only queues a work struct. If interface/wdev removal is quick
+ enough, this can leave the scan request pending and processed
+ only after the interface is gone, causing a use-after-free.
+
+ Fix this by making sure the scan request is not pending after
+ the interface is destroyed. We can't flush or cancel the work
+ item due to locking concerns, but when it'll run it shouldn't
+ find anything to do. This leaves a potential issue, if a new
+ scan gets requested before the work runs, it prematurely stops
+ the running scan, potentially causing another crash. I'll fix
+ that in the next patch.
+
+ This was particularly observed with P2P_DEVICE wdevs, likely
+ because freeing them is quicker than freeing netdevs.
+
+ Reported-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
+ Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans")
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit ae04fa489ab31b5a10d3cc8399f52761175d4321
+Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Thu Jan 23 14:28:16 2014 +0200
+
+ mac80211: avoid deadlock revealed by lockdep
+
+ sdata->u.ap.request_smps_work can’t be flushed synchronously
+ under wdev_lock(wdev) since ieee80211_request_smps_ap_work
+ itself locks the same lock.
+ While at it, reset the driver_smps_mode when the ap is
+ stopped to its default: OFF.
+
+ This solves:
+
+ ======================================================
+ [ INFO: possible circular locking dependency detected ]
+ 3.12.0-ipeer+ #2 Tainted: G O
+ -------------------------------------------------------
+ rmmod/2867 is trying to acquire lock:
+ ((&sdata->u.ap.request_smps_work)){+.+...}, at: [<c105b8d0>] flush_work+0x0/0x90
+
+ but task is already holding lock:
+ (&wdev->mtx){+.+.+.}, at: [<f9b32626>] cfg80211_stop_ap+0x26/0x230 [cfg80211]
+
+ which lock already depends on the new lock.
+
+ the existing dependency chain (in reverse order) is:
+
+ -> #1 (&wdev->mtx){+.+.+.}:
+ [<c10aefa9>] lock_acquire+0x79/0xe0
+ [<c1607a1a>] mutex_lock_nested+0x4a/0x360
+ [<fb06288b>] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211]
+ [<c105cdd8>] process_one_work+0x198/0x450
+ [<c105d469>] worker_thread+0xf9/0x320
+ [<c10669ff>] kthread+0x9f/0xb0
+ [<c1613397>] ret_from_kernel_thread+0x1b/0x28
+
+ -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}:
+ [<c10ae9df>] __lock_acquire+0x183f/0x1910
+ [<c10aefa9>] lock_acquire+0x79/0xe0
+ [<c105b917>] flush_work+0x47/0x90
+ [<c105d867>] __cancel_work_timer+0x67/0xe0
+ [<c105d90f>] cancel_work_sync+0xf/0x20
+ [<fb0765cc>] ieee80211_stop_ap+0x8c/0x340 [mac80211]
+ [<f9b3268c>] cfg80211_stop_ap+0x8c/0x230 [cfg80211]
+ [<f9b0d8f9>] cfg80211_leave+0x79/0x100 [cfg80211]
+ [<f9b0da72>] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211]
+ [<c160f2c9>] notifier_call_chain+0x59/0x130
+ [<c106c6de>] __raw_notifier_call_chain+0x1e/0x30
+ [<c106c70f>] raw_notifier_call_chain+0x1f/0x30
+ [<c14f8213>] call_netdevice_notifiers_info+0x33/0x70
+ [<c14f8263>] call_netdevice_notifiers+0x13/0x20
+ [<c14f82a4>] __dev_close_many+0x34/0xb0
+ [<c14f83fe>] dev_close_many+0x6e/0xc0
+ [<c14f9c77>] rollback_registered_many+0xa7/0x1f0
+ [<c14f9dd4>] unregister_netdevice_many+0x14/0x60
+ [<fb06f4d9>] ieee80211_remove_interfaces+0xe9/0x170 [mac80211]
+ [<fb055116>] ieee80211_unregister_hw+0x56/0x110 [mac80211]
+ [<fa3e9396>] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm]
+ [<f9b9d8ca>] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi]
+ [<f9b9d96f>] iwl_opmode_deregister+0x6f/0x90 [iwlwifi]
+ [<fa405179>] __exit_compat+0xd/0x19 [iwlmvm]
+ [<c10b8bf9>] SyS_delete_module+0x179/0x2b0
+ [<c1613421>] sysenter_do_call+0x12/0x32
+
+ Fixes: 687da132234f ("mac80211: implement SMPS for AP")
+ Cc: <stable@vger.kernel.org> [3.13]
+ Reported-by: Ilan Peer <ilan.peer@intel.com>
+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 178b205e96217164fd7c30113464250d0b6f5eca
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Thu Jan 23 16:32:29 2014 +0100
+
+ cfg80211: re-enable 5/10 MHz support
+
+ Unfortunately I forgot this during the merge window, but the
+ patch seems small enough to go in as a fix. The userspace API
+ bug that was the reason for disabling it has long been fixed.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61
+Author: Pontus Fuchs <pontus.fuchs@gmail.com>
+Date: Thu Jan 16 15:00:40 2014 +0100
+
+ nl80211: Reset split_start when netlink skb is exhausted
+
+ When the netlink skb is exhausted split_start is left set. In the
+ subsequent retry, with a larger buffer, the dump is continued from the
+ failing point instead of from the beginning.
+
+ This was causing my rt28xx based USB dongle to now show up when
+ running "iw list" with an old iw version without split dump support.
+
+ Cc: stable@vger.kernel.org
+ Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps")
+ Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
+ [avoid the entire workaround when state->split is set]
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4
+Author: Eliad Peller <eliad@wizery.com>
+Date: Sun Jan 12 11:06:37 2014 +0200
+
+ mac80211: move roc cookie assignment earlier
+
+ ieee80211_start_roc_work() might add a new roc
+ to existing roc, and tell cfg80211 it has already
+ started.
+
+ However, this might happen before the roc cookie
+ was set, resulting in REMAIN_ON_CHANNEL (started)
+ event with null cookie. Consequently, it can make
+ wpa_supplicant go out of sync.
+
+ Fix it by setting the roc cookie earlier.
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Eliad Peller <eliad@wizery.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 14:06:29 2014 +0100
+
+ nl80211: send event when AP operation is stopped
+
+ There are a few cases, e.g. suspend, where an AP interface is
+ stopped by the kernel rather than by userspace request, most
+ commonly when suspending. To let userspace know about this,
+ send the NL80211_CMD_STOP_AP command as an event every time
+ an AP interface is stopped. This also happens when userspace
+ did in fact request the AP stop, but that's not a problem.
+
+ For full-MAC drivers this may need to be extended to also
+ cover cases where the device stopped the AP operation for
+ some reason, this a bit more complicated because then all
+ cfg80211 state also needs to be reset; such API is not part
+ of this patch.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit d5d567eda7704f190379ca852a8f9a4112e3eee3
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Thu Jan 23 16:20:29 2014 +0100
+
+ mac80211: add length check in ieee80211_is_robust_mgmt_frame()
+
+ A few places weren't checking that the frame passed to the
+ function actually has enough data even though the function
+ clearly documents it must have a payload byte. Make this
+ safer by changing the function to take an skb and checking
+ the length inside. The old version is preserved for now as
+ the rtl* drivers use it and don't have a correct skb.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit f8f6d212a047fc65c7d3442dfc038f65517236fc
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 10:53:53 2014 +0100
+
+ nl80211: fix scheduled scan RSSI matchset attribute confusion
+
+ The scheduled scan matchsets were intended to be a list of filters,
+ with the found BSS having to pass at least one of them to be passed
+ to the host. When the RSSI attribute was added, however, this was
+ broken and currently wpa_supplicant adds that attribute in its own
+ matchset; however, it doesn't intend that to mean that anything
+ that passes the RSSI filter should be passed to the host, instead
+ it wants it to mean that everything needs to also have higher RSSI.
+
+ This is semantically problematic because we have a list of filters
+ like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which
+ one should be OR'ed and which one AND'ed.
+
+ To fix this, move the RSSI filter attribute into each matchset. As
+ we need to stay backward compatible, treat a matchset with only the
+ RSSI attribute as a "default RSSI filter" for all other matchsets,
+ but only if there are other matchsets (an RSSI-only matchset by
+ itself is still desirable.)
+
+ To make driver implementation easier, keep a global min_rssi_thold
+ for the entire request as well. The only affected driver is ath6kl.
+
+ I found this when I looked into the code after Raja Mani submitted
+ a patch fixing the n_match_sets calculation to disregard the RSSI,
+ but that patch didn't address the semantic issue.
+
+ Reported-by: Raja Mani <rmani@qti.qualcomm.com>
+ Acked-by: Luciano Coelho <luciano.coelho@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit de553e8545e65a6dc4e45f43df7e1443d4291922
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 10:17:47 2014 +0100
+
+ nl80211: check nla_parse() return values
+
+ If there's a policy, then nla_parse() return values must be
+ checked, otherwise the policy is useless and there's nothing
+ that ensures the attributes are actually what we expect them
+ to be.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1
+Author: Karl Beldan <karl.beldan@rivierawaves.com>
+Date: Thu Jan 23 20:06:34 2014 +0100
+
+ mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec
+
+ ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of
+ the BA parameters. In the discussion [1] about this patch, Johannes
+ recalled that it fixed some races with the DELBA and indeed this
+ behavior was introduced in [2].
+ While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on
+ their BA params TID AC violates the spec and is more a workaround for
+ some drivers. Helmut expressed some concerns wrt such drivers, in
+ particular DELBAs in rt2x00.
+
+ ATM, DELBAs are sent after a driver has called (hence "purposely")
+ ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some
+ details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_*
+ given to the driver ampdu_action supposed to call this function, which
+ could prove handy to people trying to do the right thing in faulty
+ drivers (if their fw/hw don't get in their way).
+
+ [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com
+ [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames")
+
+ Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
+ Cc: Helmut Schaa <helmut.schaa@googlemail.com>
+ Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
++++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
+@@ -3256,6 +3256,15 @@ static int ath6kl_cfg80211_sscan_start(s
+ struct ath6kl_vif *vif = netdev_priv(dev);
+ u16 interval;
+ int ret, rssi_thold;
++ int n_match_sets = request->n_match_sets;
+
-+ if (sample_idx / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) {
-+ int idx = sample_idx % ARRAY_SIZE(mp->cck_rates);
-+ rate->idx = mp->cck_rates[idx];
-+ rate->flags = 0;
-+ return;
-+ }
-+
- rate->idx = sample_idx % MCS_GROUP_RATES +
- (sample_group->streams - 1) * MCS_GROUP_RATES;
- rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags;
-- rate->count = 1;
- }
-
- static void
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -936,8 +936,14 @@ ieee80211_rx_h_check(struct ieee80211_rx
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
- struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
-
-- /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
-- if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
+ /*
-+ * Drop duplicate 802.11 retransmissions
-+ * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery")
++ * If there's a matchset w/o an SSID, then assume it's just for
++ * the RSSI (nothing else is currently supported) and ignore it.
++ * The device only supports a global RSSI filter that we set below.
+ */
-+ if (rx->skb->len >= 24 && rx->sta &&
-+ !ieee80211_is_ctl(hdr->frame_control) &&
-+ !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
-+ !is_multicast_ether_addr(hdr->addr1)) {
- if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
- rx->sta->last_seq_ctrl[rx->seqno_idx] ==
- hdr->seq_ctrl)) {
-@@ -2369,6 +2375,7 @@ ieee80211_rx_h_action(struct ieee80211_r
- sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
- sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
- sdata->vif.type != NL80211_IFTYPE_AP &&
-+ sdata->vif.type != NL80211_IFTYPE_WDS &&
- sdata->vif.type != NL80211_IFTYPE_ADHOC)
- break;
-
-@@ -2720,14 +2727,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
-
- if (!ieee80211_vif_is_mesh(&sdata->vif) &&
- sdata->vif.type != NL80211_IFTYPE_ADHOC &&
-- sdata->vif.type != NL80211_IFTYPE_STATION)
-+ sdata->vif.type != NL80211_IFTYPE_STATION &&
-+ sdata->vif.type != NL80211_IFTYPE_WDS)
- return RX_DROP_MONITOR;
-
- switch (stype) {
- case cpu_to_le16(IEEE80211_STYPE_AUTH):
- case cpu_to_le16(IEEE80211_STYPE_BEACON):
- case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
-- /* process for all: mesh, mlme, ibss */
-+ /* process for all: mesh, mlme, ibss, wds */
- break;
- case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
- case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
-@@ -3059,10 +3067,16 @@ static int prepare_for_handlers(struct i
- }
- break;
- case NL80211_IFTYPE_WDS:
-- if (bssid || !ieee80211_is_data(hdr->frame_control))
-- return 0;
- if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2))
- return 0;
-+
-+ if (ieee80211_is_data(hdr->frame_control) ||
-+ ieee80211_is_action(hdr->frame_control)) {
-+ if (compare_ether_addr(sdata->vif.addr, hdr->addr1))
-+ return 0;
-+ } else if (!ieee80211_is_beacon(hdr->frame_control))
-+ return 0;
-+
- break;
- case NL80211_IFTYPE_P2P_DEVICE:
- if (!ieee80211_is_public_action(hdr, skb->len) &&
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -32,7 +32,6 @@
- * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble
- * frames.
- * @WLAN_STA_WME: Station is a QoS-STA.
-- * @WLAN_STA_WDS: Station is one of our WDS peers.
- * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the
- * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next
- * frame to this station is transmitted.
-@@ -66,7 +65,6 @@ enum ieee80211_sta_info_flags {
- WLAN_STA_AUTHORIZED,
- WLAN_STA_SHORT_PREAMBLE,
- WLAN_STA_WME,
-- WLAN_STA_WDS,
- WLAN_STA_CLEAR_PS_FILT,
- WLAN_STA_MFP,
- WLAN_STA_BLOCK_BA,
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -135,6 +135,9 @@ static struct ath_frame_info *get_frame_
-
- static void ath_send_bar(struct ath_atx_tid *tid, u16 seqno)
- {
-+ if (!tid->an->sta)
-+ return;
-+
- ieee80211_send_bar(tid->an->vif, tid->an->sta->addr, tid->tidno,
- seqno << IEEE80211_SEQ_SEQ_SHIFT);
- }
-@@ -146,6 +149,93 @@ static void ath_set_rates(struct ieee802
- ARRAY_SIZE(bf->rates));
- }
-
-+static void ath_txq_skb_done(struct ath_softc *sc, struct ath_txq *txq,
-+ struct sk_buff *skb)
-+{
-+ int q;
-+
-+ q = skb_get_queue_mapping(skb);
-+ if (txq == sc->tx.uapsdq)
-+ txq = sc->tx.txq_map[q];
-+
-+ if (txq != sc->tx.txq_map[q])
-+ return;
-+
-+ if (WARN_ON(--txq->pending_frames < 0))
-+ txq->pending_frames = 0;
-+
-+ if (txq->stopped &&
-+ txq->pending_frames < sc->tx.txq_max_pending[q]) {
-+ ieee80211_wake_queue(sc->hw, q);
-+ txq->stopped = false;
-+ }
-+}
-+
-+static struct ath_atx_tid *
-+ath_get_skb_tid(struct ath_softc *sc, struct ath_node *an, struct sk_buff *skb)
-+{
-+ struct ieee80211_hdr *hdr;
-+ u8 tidno = 0;
-+
-+ hdr = (struct ieee80211_hdr *) skb->data;
-+ if (ieee80211_is_data_qos(hdr->frame_control))
-+ tidno = ieee80211_get_qos_ctl(hdr)[0];
-+
-+ tidno &= IEEE80211_QOS_CTL_TID_MASK;
-+ return ATH_AN_2_TID(an, tidno);
-+}
-+
-+static bool ath_tid_has_buffered(struct ath_atx_tid *tid)
-+{
-+ return !skb_queue_empty(&tid->buf_q) || !skb_queue_empty(&tid->retry_q);
-+}
-+
-+static struct sk_buff *ath_tid_dequeue(struct ath_atx_tid *tid)
-+{
-+ struct sk_buff *skb;
-+
-+ skb = __skb_dequeue(&tid->retry_q);
-+ if (!skb)
-+ skb = __skb_dequeue(&tid->buf_q);
-+
-+ return skb;
-+}
-+
-+/*
-+ * ath_tx_tid_change_state:
-+ * - clears a-mpdu flag of previous session
-+ * - force sequence number allocation to fix next BlockAck Window
-+ */
-+static void
-+ath_tx_tid_change_state(struct ath_softc *sc, struct ath_atx_tid *tid)
-+{
-+ struct ath_txq *txq = tid->ac->txq;
-+ struct ieee80211_tx_info *tx_info;
-+ struct sk_buff *skb, *tskb;
-+ struct ath_buf *bf;
-+ struct ath_frame_info *fi;
-+
-+ skb_queue_walk_safe(&tid->buf_q, skb, tskb) {
-+ fi = get_frame_info(skb);
-+ bf = fi->bf;
-+
-+ tx_info = IEEE80211_SKB_CB(skb);
-+ tx_info->flags &= ~IEEE80211_TX_CTL_AMPDU;
-+
-+ if (bf)
-+ continue;
-+
-+ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-+ if (!bf) {
-+ __skb_unlink(skb, &tid->buf_q);
-+ ath_txq_skb_done(sc, txq, skb);
-+ ieee80211_free_txskb(sc->hw, skb);
-+ continue;
-+ }
-+ }
-+
-+}
-+
- static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
- {
- struct ath_txq *txq = tid->ac->txq;
-@@ -160,27 +250,22 @@ static void ath_tx_flush_tid(struct ath_
++ if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len)
++ n_match_sets = 0;
+
+ if (ar->state != ATH6KL_STATE_ON)
+ return -EIO;
+@@ -3268,11 +3277,11 @@ static int ath6kl_cfg80211_sscan_start(s
+ ret = ath6kl_set_probed_ssids(ar, vif, request->ssids,
+ request->n_ssids,
+ request->match_sets,
+- request->n_match_sets);
++ n_match_sets);
+ if (ret < 0)
+ return ret;
+
+- if (!request->n_match_sets) {
++ if (!n_match_sets) {
+ ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx,
+ ALL_BSS_FILTER, 0);
+ if (ret < 0)
+@@ -3286,12 +3295,12 @@ static int ath6kl_cfg80211_sscan_start(s
+
+ if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD,
+ ar->fw_capabilities)) {
+- if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
++ if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
+ rssi_thold = 0;
+- else if (request->rssi_thold < -127)
++ else if (request->min_rssi_thold < -127)
+ rssi_thold = -127;
+ else
+- rssi_thold = request->rssi_thold;
++ rssi_thold = request->min_rssi_thold;
+
+ ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx,
+ rssi_thold);
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at
+ if (AR_SREV_9300_20_OR_LATER(ah))
+ udelay(50);
+ else if (AR_SREV_9100(ah))
+- udelay(10000);
++ mdelay(10);
+ else
+ udelay(100);
- memset(&ts, 0, sizeof(ts));
+@@ -2051,9 +2051,8 @@ static bool ath9k_hw_set_power_awake(str
-- while ((skb = __skb_dequeue(&tid->buf_q))) {
-+ while ((skb = __skb_dequeue(&tid->retry_q))) {
- fi = get_frame_info(skb);
- bf = fi->bf;
+ REG_SET_BIT(ah, AR_RTC_FORCE_WAKE,
+ AR_RTC_FORCE_WAKE_EN);
-
- if (!bf) {
-- bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-- if (!bf) {
-- ieee80211_free_txskb(sc->hw, skb);
-- continue;
-- }
-+ ath_txq_skb_done(sc, txq, skb);
-+ ieee80211_free_txskb(sc->hw, skb);
-+ continue;
- }
-
-- if (fi->retries) {
-- list_add_tail(&bf->list, &bf_head);
-+ if (fi->baw_tracked) {
- ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
-- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
- sendbar = true;
-- } else {
-- ath_set_rates(tid->an->vif, tid->an->sta, bf);
-- ath_tx_send_normal(sc, txq, NULL, skb);
- }
-+
-+ list_add_tail(&bf->list, &bf_head);
-+ ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
- }
+ if (AR_SREV_9100(ah))
+- udelay(10000);
++ mdelay(10);
+ else
+ udelay(50);
- if (sendbar) {
-@@ -209,13 +294,16 @@ static void ath_tx_update_baw(struct ath
- }
+--- a/drivers/net/wireless/ath/ath9k/main.c
++++ b/drivers/net/wireless/ath/ath9k/main.c
+@@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str
- static void ath_tx_addto_baw(struct ath_softc *sc, struct ath_atx_tid *tid,
-- u16 seqno)
-+ struct ath_buf *bf)
+ static bool ath9k_has_tx_pending(struct ath_softc *sc)
{
-+ struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu);
-+ u16 seqno = bf->bf_state.seqno;
- int index, cindex;
-
- index = ATH_BA_INDEX(tid->seq_start, seqno);
- cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1);
- __set_bit(cindex, tid->tx_buf);
-+ fi->baw_tracked = 1;
-
- if (index >= ((tid->baw_tail - tid->baw_head) &
- (ATH_TID_MAX_BUFS - 1))) {
-@@ -224,12 +312,6 @@ static void ath_tx_addto_baw(struct ath_
- }
- }
-
--/*
-- * TODO: For frame(s) that are in the retry state, we will reuse the
-- * sequence number(s) without setting the retry bit. The
-- * alternative is to give up on these and BAR the receiver's window
-- * forward.
-- */
- static void ath_tid_drain(struct ath_softc *sc, struct ath_txq *txq,
- struct ath_atx_tid *tid)
-
-@@ -243,7 +325,7 @@ static void ath_tid_drain(struct ath_sof
- memset(&ts, 0, sizeof(ts));
- INIT_LIST_HEAD(&bf_head);
-
-- while ((skb = __skb_dequeue(&tid->buf_q))) {
-+ while ((skb = ath_tid_dequeue(tid))) {
- fi = get_frame_info(skb);
- bf = fi->bf;
-
-@@ -253,14 +335,8 @@ static void ath_tid_drain(struct ath_sof
- }
-
- list_add_tail(&bf->list, &bf_head);
--
-- ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
- }
--
-- tid->seq_next = tid->seq_start;
-- tid->baw_tail = tid->baw_head;
-- tid->bar_index = -1;
- }
-
- static void ath_tx_set_retry(struct ath_softc *sc, struct ath_txq *txq,
-@@ -380,7 +456,6 @@ static void ath_tx_complete_aggr(struct
- struct ieee80211_tx_rate rates[4];
- struct ath_frame_info *fi;
- int nframes;
-- u8 tidno;
- bool flush = !!(ts->ts_status & ATH9K_TX_FLUSH);
- int i, retries;
- int bar_index = -1;
-@@ -406,7 +481,7 @@ static void ath_tx_complete_aggr(struct
- while (bf) {
- bf_next = bf->bf_next;
-
-- if (!bf->bf_stale || bf_next != NULL)
-+ if (!bf->bf_state.stale || bf_next != NULL)
- list_move_tail(&bf->list, &bf_head);
-
- ath_tx_complete_buf(sc, bf, txq, &bf_head, ts, 0);
-@@ -417,8 +492,7 @@ static void ath_tx_complete_aggr(struct
- }
-
- an = (struct ath_node *)sta->drv_priv;
-- tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK;
-- tid = ATH_AN_2_TID(an, tidno);
-+ tid = ath_get_skb_tid(sc, an, skb);
- seq_first = tid->seq_start;
- isba = ts->ts_flags & ATH9K_TX_BA;
-
-@@ -430,7 +504,7 @@ static void ath_tx_complete_aggr(struct
- * Only BlockAcks have a TID and therefore normal Acks cannot be
- * checked
+- int i, npend;
++ int i, npend = 0;
+
+ for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
+ if (!ATH_TXQ_SETUP(sc, i))
+--- a/drivers/net/wireless/iwlwifi/mvm/scan.c
++++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
+@@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid(
+ * config match list.
*/
-- if (isba && tidno != ts->tid)
-+ if (isba && tid->tidno != ts->tid)
- txok = false;
-
- isaggr = bf_isaggr(bf);
-@@ -466,7 +540,8 @@ static void ath_tx_complete_aggr(struct
- tx_info = IEEE80211_SKB_CB(skb);
- fi = get_frame_info(skb);
-
-- if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) {
-+ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno) ||
-+ !tid->active) {
- /*
- * Outside of the current BlockAck window,
- * maybe part of a previous session
-@@ -499,7 +574,7 @@ static void ath_tx_complete_aggr(struct
- * not a holding desc.
- */
- INIT_LIST_HEAD(&bf_head);
-- if (bf_next != NULL || !bf_last->bf_stale)
-+ if (bf_next != NULL || !bf_last->bf_state.stale)
- list_move_tail(&bf->list, &bf_head);
-
- if (!txpending) {
-@@ -523,7 +598,7 @@ static void ath_tx_complete_aggr(struct
- ieee80211_sta_eosp(sta);
- }
- /* retry the un-acked ones */
-- if (bf->bf_next == NULL && bf_last->bf_stale) {
-+ if (bf->bf_next == NULL && bf_last->bf_state.stale) {
- struct ath_buf *tbf;
-
- tbf = ath_clone_txbuf(sc, bf_last);
-@@ -560,7 +635,7 @@ static void ath_tx_complete_aggr(struct
- if (an->sleeping)
- ieee80211_sta_set_buffered(sta, tid->tidno, true);
-
-- skb_queue_splice(&bf_pending, &tid->buf_q);
-+ skb_queue_splice_tail(&bf_pending, &tid->retry_q);
- if (!an->sleeping) {
- ath_tx_queue_tid(txq, tid);
-
-@@ -618,7 +693,7 @@ static void ath_tx_process_buffer(struct
- } else
- ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok);
-
-- if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) && !flush)
-+ if (!flush)
- ath_txq_schedule(sc, txq);
- }
-
-@@ -792,15 +867,20 @@ static int ath_compute_num_delims(struct
-
- static struct ath_buf *
- ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq,
-- struct ath_atx_tid *tid)
-+ struct ath_atx_tid *tid, struct sk_buff_head **q)
- {
-+ struct ieee80211_tx_info *tx_info;
- struct ath_frame_info *fi;
- struct sk_buff *skb;
- struct ath_buf *bf;
- u16 seqno;
-
- while (1) {
-- skb = skb_peek(&tid->buf_q);
-+ *q = &tid->retry_q;
-+ if (skb_queue_empty(*q))
-+ *q = &tid->buf_q;
-+
-+ skb = skb_peek(*q);
- if (!skb)
- break;
-
-@@ -808,13 +888,26 @@ ath_tx_get_tid_subframe(struct ath_softc
- bf = fi->bf;
- if (!fi->bf)
- bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-+ else
-+ bf->bf_state.stale = false;
-
- if (!bf) {
-- __skb_unlink(skb, &tid->buf_q);
-+ __skb_unlink(skb, *q);
-+ ath_txq_skb_done(sc, txq, skb);
- ieee80211_free_txskb(sc->hw, skb);
- continue;
- }
-
-+ bf->bf_next = NULL;
-+ bf->bf_lastbf = bf;
-+
-+ tx_info = IEEE80211_SKB_CB(skb);
-+ tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT;
-+ if (!(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) {
-+ bf->bf_state.bf_type = 0;
-+ return bf;
-+ }
-+
- bf->bf_state.bf_type = BUF_AMPDU | BUF_AGGR;
- seqno = bf->bf_state.seqno;
-
-@@ -828,73 +921,52 @@ ath_tx_get_tid_subframe(struct ath_softc
-
- INIT_LIST_HEAD(&bf_head);
- list_add(&bf->list, &bf_head);
-- __skb_unlink(skb, &tid->buf_q);
-+ __skb_unlink(skb, *q);
- ath_tx_update_baw(sc, tid, seqno);
- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
- continue;
- }
-
-- bf->bf_next = NULL;
-- bf->bf_lastbf = bf;
- return bf;
- }
-
- return NULL;
- }
-
--static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
-- struct ath_txq *txq,
-- struct ath_atx_tid *tid,
-- struct list_head *bf_q,
-- int *aggr_len)
-+static bool
-+ath_tx_form_aggr(struct ath_softc *sc, struct ath_txq *txq,
-+ struct ath_atx_tid *tid, struct list_head *bf_q,
-+ struct ath_buf *bf_first, struct sk_buff_head *tid_q,
-+ int *aggr_len)
- {
- #define PADBYTES(_len) ((4 - ((_len) % 4)) % 4)
-- struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL;
-- int rl = 0, nframes = 0, ndelim, prev_al = 0;
-+ struct ath_buf *bf = bf_first, *bf_prev = NULL;
-+ int nframes = 0, ndelim;
- u16 aggr_limit = 0, al = 0, bpad = 0,
-- al_delta, h_baw = tid->baw_size / 2;
-- enum ATH_AGGR_STATUS status = ATH_AGGR_DONE;
-+ al_delta, h_baw = tid->baw_size / 2;
- struct ieee80211_tx_info *tx_info;
- struct ath_frame_info *fi;
- struct sk_buff *skb;
-+ bool closed = false;
-
-- do {
-- bf = ath_tx_get_tid_subframe(sc, txq, tid);
-- if (!bf) {
-- status = ATH_AGGR_BAW_CLOSED;
-- break;
-- }
-+ bf = bf_first;
-+ aggr_limit = ath_lookup_rate(sc, bf, tid);
-
-+ do {
- skb = bf->bf_mpdu;
- fi = get_frame_info(skb);
-
-- if (!bf_first)
-- bf_first = bf;
--
-- if (!rl) {
-- ath_set_rates(tid->an->vif, tid->an->sta, bf);
-- aggr_limit = ath_lookup_rate(sc, bf, tid);
-- rl = 1;
-- }
--
- /* do not exceed aggregation limit */
- al_delta = ATH_AGGR_DELIM_SZ + fi->framelen;
-+ if (nframes) {
-+ if (aggr_limit < al + bpad + al_delta ||
-+ ath_lookup_legacy(bf) || nframes >= h_baw)
-+ break;
-
-- if (nframes &&
-- ((aggr_limit < (al + bpad + al_delta + prev_al)) ||
-- ath_lookup_legacy(bf))) {
-- status = ATH_AGGR_LIMITED;
-- break;
-- }
--
-- tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-- if (nframes && (tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE))
-- break;
--
-- /* do not exceed subframe limit */
-- if (nframes >= min((int)h_baw, ATH_AMPDU_SUBFRAME_DEFAULT)) {
-- status = ATH_AGGR_LIMITED;
-- break;
-+ tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+ if ((tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) ||
-+ !(tx_info->flags & IEEE80211_TX_CTL_AMPDU))
-+ break;
- }
-
- /* add padding for previous frame to aggregation length */
-@@ -912,22 +984,37 @@ static enum ATH_AGGR_STATUS ath_tx_form_
- bf->bf_next = NULL;
-
- /* link buffers of this frame to the aggregate */
-- if (!fi->retries)
-- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
-+ if (!fi->baw_tracked)
-+ ath_tx_addto_baw(sc, tid, bf);
- bf->bf_state.ndelim = ndelim;
-
-- __skb_unlink(skb, &tid->buf_q);
-+ __skb_unlink(skb, tid_q);
- list_add_tail(&bf->list, bf_q);
- if (bf_prev)
- bf_prev->bf_next = bf;
-
- bf_prev = bf;
-
-- } while (!skb_queue_empty(&tid->buf_q));
-+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+ if (!bf) {
-+ closed = true;
-+ break;
-+ }
-+ } while (ath_tid_has_buffered(tid));
-+
-+ bf = bf_first;
-+ bf->bf_lastbf = bf_prev;
-+
-+ if (bf == bf_prev) {
-+ al = get_frame_info(bf->bf_mpdu)->framelen;
-+ bf->bf_state.bf_type = BUF_AMPDU;
-+ } else {
-+ TX_STAT_INC(txq->axq_qnum, a_aggr);
-+ }
-
- *aggr_len = al;
-
-- return status;
-+ return closed;
- #undef PADBYTES
- }
-
-@@ -1188,53 +1275,86 @@ static void ath_tx_fill_desc(struct ath_
- }
- }
-
--static void ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq,
-- struct ath_atx_tid *tid)
-+static void
-+ath_tx_form_burst(struct ath_softc *sc, struct ath_txq *txq,
-+ struct ath_atx_tid *tid, struct list_head *bf_q,
-+ struct ath_buf *bf_first, struct sk_buff_head *tid_q)
- {
-- struct ath_buf *bf;
-- enum ATH_AGGR_STATUS status;
-- struct ieee80211_tx_info *tx_info;
-- struct list_head bf_q;
-- int aggr_len;
-+ struct ath_buf *bf = bf_first, *bf_prev = NULL;
-+ struct sk_buff *skb;
-+ int nframes = 0;
-
- do {
-- if (skb_queue_empty(&tid->buf_q))
-- return;
-+ struct ieee80211_tx_info *tx_info;
-+ skb = bf->bf_mpdu;
-
-- INIT_LIST_HEAD(&bf_q);
-+ nframes++;
-+ __skb_unlink(skb, tid_q);
-+ list_add_tail(&bf->list, bf_q);
-+ if (bf_prev)
-+ bf_prev->bf_next = bf;
-+ bf_prev = bf;
-
-- status = ath_tx_form_aggr(sc, txq, tid, &bf_q, &aggr_len);
-+ if (nframes >= 2)
-+ break;
-
-- /*
-- * no frames picked up to be aggregated;
-- * block-ack window is not open.
-- */
-- if (list_empty(&bf_q))
-+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+ if (!bf)
- break;
-
-- bf = list_first_entry(&bf_q, struct ath_buf, list);
-- bf->bf_lastbf = list_entry(bf_q.prev, struct ath_buf, list);
- tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+ if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
-+ break;
-
-- if (tid->ac->clear_ps_filter) {
-- tid->ac->clear_ps_filter = false;
-- tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
-- } else {
-- tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT;
-- }
-+ ath_set_rates(tid->an->vif, tid->an->sta, bf);
-+ } while (1);
-+}
-
-- /* if only one frame, send as non-aggregate */
-- if (bf == bf->bf_lastbf) {
-- aggr_len = get_frame_info(bf->bf_mpdu)->framelen;
-- bf->bf_state.bf_type = BUF_AMPDU;
-- } else {
-- TX_STAT_INC(txq->axq_qnum, a_aggr);
-- }
-+static bool ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq,
-+ struct ath_atx_tid *tid, bool *stop)
-+{
-+ struct ath_buf *bf;
-+ struct ieee80211_tx_info *tx_info;
-+ struct sk_buff_head *tid_q;
-+ struct list_head bf_q;
-+ int aggr_len = 0;
-+ bool aggr, last = true;
-+
-+ if (!ath_tid_has_buffered(tid))
-+ return false;
-+
-+ INIT_LIST_HEAD(&bf_q);
-+
-+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+ if (!bf)
-+ return false;
-+
-+ tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+ aggr = !!(tx_info->flags & IEEE80211_TX_CTL_AMPDU);
-+ if ((aggr && txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) ||
-+ (!aggr && txq->axq_depth >= ATH_NON_AGGR_MIN_QDEPTH)) {
-+ *stop = true;
-+ return false;
-+ }
-+
-+ ath_set_rates(tid->an->vif, tid->an->sta, bf);
-+ if (aggr)
-+ last = ath_tx_form_aggr(sc, txq, tid, &bf_q, bf,
-+ tid_q, &aggr_len);
-+ else
-+ ath_tx_form_burst(sc, txq, tid, &bf_q, bf, tid_q);
-
-- ath_tx_fill_desc(sc, bf, txq, aggr_len);
-- ath_tx_txqaddbuf(sc, txq, &bf_q, false);
-- } while (txq->axq_ampdu_depth < ATH_AGGR_MIN_QDEPTH &&
-- status != ATH_AGGR_BAW_CLOSED);
-+ if (list_empty(&bf_q))
-+ return false;
-+
-+ if (tid->ac->clear_ps_filter || tid->an->no_ps_filter) {
-+ tid->ac->clear_ps_filter = false;
-+ tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
-+ }
-+
-+ ath_tx_fill_desc(sc, bf, txq, aggr_len);
-+ ath_tx_txqaddbuf(sc, txq, &bf_q, false);
-+ return true;
- }
-
- int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
-@@ -1258,6 +1378,9 @@ int ath_tx_aggr_start(struct ath_softc *
- an->mpdudensity = density;
- }
-
-+ /* force sequence number allocation for pending frames */
-+ ath_tx_tid_change_state(sc, txtid);
-+
- txtid->active = true;
- txtid->paused = true;
- *ssn = txtid->seq_start = txtid->seq_next;
-@@ -1277,8 +1400,9 @@ void ath_tx_aggr_stop(struct ath_softc *
-
- ath_txq_lock(sc, txq);
- txtid->active = false;
-- txtid->paused = true;
-+ txtid->paused = false;
- ath_tx_flush_tid(sc, txtid);
-+ ath_tx_tid_change_state(sc, txtid);
- ath_txq_unlock_complete(sc, txq);
- }
-
-@@ -1302,7 +1426,7 @@ void ath_tx_aggr_sleep(struct ieee80211_
-
- ath_txq_lock(sc, txq);
-
-- buffered = !skb_queue_empty(&tid->buf_q);
-+ buffered = ath_tid_has_buffered(tid);
-
- tid->sched = false;
- list_del(&tid->list);
-@@ -1334,7 +1458,7 @@ void ath_tx_aggr_wakeup(struct ath_softc
- ath_txq_lock(sc, txq);
- ac->clear_ps_filter = true;
-
-- if (!skb_queue_empty(&tid->buf_q) && !tid->paused) {
-+ if (!tid->paused && ath_tid_has_buffered(tid)) {
- ath_tx_queue_tid(txq, tid);
- ath_txq_schedule(sc, txq);
- }
-@@ -1359,7 +1483,7 @@ void ath_tx_aggr_resume(struct ath_softc
- tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor;
- tid->paused = false;
-
-- if (!skb_queue_empty(&tid->buf_q)) {
-+ if (ath_tid_has_buffered(tid)) {
- ath_tx_queue_tid(txq, tid);
- ath_txq_schedule(sc, txq);
- }
-@@ -1379,6 +1503,7 @@ void ath9k_release_buffered_frames(struc
- struct ieee80211_tx_info *info;
- struct list_head bf_q;
- struct ath_buf *bf_tail = NULL, *bf;
-+ struct sk_buff_head *tid_q;
- int sent = 0;
- int i;
-
-@@ -1394,15 +1519,15 @@ void ath9k_release_buffered_frames(struc
- continue;
-
- ath_txq_lock(sc, tid->ac->txq);
-- while (!skb_queue_empty(&tid->buf_q) && nframes > 0) {
-- bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid);
-+ while (nframes > 0) {
-+ bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid, &tid_q);
- if (!bf)
- break;
-
-- __skb_unlink(bf->bf_mpdu, &tid->buf_q);
-+ __skb_unlink(bf->bf_mpdu, tid_q);
- list_add_tail(&bf->list, &bf_q);
- ath_set_rates(tid->an->vif, tid->an->sta, bf);
-- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
-+ ath_tx_addto_baw(sc, tid, bf);
- bf->bf_state.bf_type &= ~BUF_AGGR;
- if (bf_tail)
- bf_tail->bf_next = bf;
-@@ -1412,7 +1537,7 @@ void ath9k_release_buffered_frames(struc
- sent++;
- TX_STAT_INC(txq->axq_qnum, a_queued_hw);
-
-- if (skb_queue_empty(&tid->buf_q))
-+ if (an->sta && !ath_tid_has_buffered(tid))
- ieee80211_sta_set_buffered(an->sta, i, false);
- }
- ath_txq_unlock_complete(sc, tid->ac->txq);
-@@ -1571,7 +1696,7 @@ static void ath_drain_txq_list(struct at
- while (!list_empty(list)) {
- bf = list_first_entry(list, struct ath_buf, list);
-
-- if (bf->bf_stale) {
-+ if (bf->bf_state.stale) {
- list_del(&bf->list);
-
- ath_tx_return_buffer(sc, bf);
-@@ -1665,25 +1790,27 @@ void ath_tx_cleanupq(struct ath_softc *s
- */
- void ath_txq_schedule(struct ath_softc *sc, struct ath_txq *txq)
- {
-- struct ath_atx_ac *ac, *ac_tmp, *last_ac;
-+ struct ath_atx_ac *ac, *last_ac;
- struct ath_atx_tid *tid, *last_tid;
-+ bool sent = false;
-
- if (test_bit(SC_OP_HW_RESET, &sc->sc_flags) ||
-- list_empty(&txq->axq_acq) ||
-- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+ list_empty(&txq->axq_acq))
- return;
-
- rcu_read_lock();
-
-- ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list);
- last_ac = list_entry(txq->axq_acq.prev, struct ath_atx_ac, list);
-+ while (!list_empty(&txq->axq_acq)) {
-+ bool stop = false;
-
-- list_for_each_entry_safe(ac, ac_tmp, &txq->axq_acq, list) {
-+ ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list);
- last_tid = list_entry(ac->tid_q.prev, struct ath_atx_tid, list);
- list_del(&ac->list);
- ac->sched = false;
-
- while (!list_empty(&ac->tid_q)) {
-+
- tid = list_first_entry(&ac->tid_q, struct ath_atx_tid,
- list);
- list_del(&tid->list);
-@@ -1692,17 +1819,17 @@ void ath_txq_schedule(struct ath_softc *
- if (tid->paused)
- continue;
-
-- ath_tx_sched_aggr(sc, txq, tid);
-+ if (ath_tx_sched_aggr(sc, txq, tid, &stop))
-+ sent = true;
-
- /*
- * add tid to round-robin queue if more frames
- * are pending for the tid
- */
-- if (!skb_queue_empty(&tid->buf_q))
-+ if (ath_tid_has_buffered(tid))
- ath_tx_queue_tid(txq, tid);
-
-- if (tid == last_tid ||
-- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+ if (stop || tid == last_tid)
- break;
+ for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) {
++ /* skip empty SSID matchsets */
++ if (!req->match_sets[i].ssid.ssid_len)
++ continue;
+ scan->direct_scan[i].id = WLAN_EID_SSID;
+ scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len;
+ memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid,
+--- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
+@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80
+ /* During testing, hdr was NULL */
+ return false;
}
-
-@@ -1711,9 +1838,17 @@ void ath_txq_schedule(struct ath_softc *
- list_add_tail(&ac->list, &txq->axq_acq);
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
+@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80
+ /* In testing, hdr was NULL here */
+ return false;
}
-
-- if (ac == last_ac ||
-- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+ if (stop)
- break;
-+
-+ if (ac == last_ac) {
-+ if (!sent)
-+ break;
-+
-+ sent = false;
-+ last_ac = list_entry(txq->axq_acq.prev,
-+ struct ath_atx_ac, list);
-+ }
- }
-
- rcu_read_unlock();
-@@ -1792,57 +1927,6 @@ static void ath_tx_txqaddbuf(struct ath_
- }
- }
-
--static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq,
-- struct ath_atx_tid *tid, struct sk_buff *skb,
-- struct ath_tx_control *txctl)
--{
-- struct ath_frame_info *fi = get_frame_info(skb);
-- struct list_head bf_head;
-- struct ath_buf *bf;
--
-- /*
-- * Do not queue to h/w when any of the following conditions is true:
-- * - there are pending frames in software queue
-- * - the TID is currently paused for ADDBA/BAR request
-- * - seqno is not within block-ack window
-- * - h/w queue depth exceeds low water mark
-- */
-- if ((!skb_queue_empty(&tid->buf_q) || tid->paused ||
-- !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) ||
-- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) &&
-- txq != sc->tx.uapsdq) {
-- /*
-- * Add this frame to software queue for scheduling later
-- * for aggregation.
-- */
-- TX_STAT_INC(txq->axq_qnum, a_queued_sw);
-- __skb_queue_tail(&tid->buf_q, skb);
-- if (!txctl->an || !txctl->an->sleeping)
-- ath_tx_queue_tid(txq, tid);
-- return;
-- }
--
-- bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-- if (!bf) {
-- ieee80211_free_txskb(sc->hw, skb);
-- return;
-- }
--
-- ath_set_rates(tid->an->vif, tid->an->sta, bf);
-- bf->bf_state.bf_type = BUF_AMPDU;
-- INIT_LIST_HEAD(&bf_head);
-- list_add(&bf->list, &bf_head);
--
-- /* Add sub-frame to BAW */
-- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
--
-- /* Queue to h/w without aggregation */
-- TX_STAT_INC(txq->axq_qnum, a_queued_hw);
-- bf->bf_lastbf = bf;
-- ath_tx_fill_desc(sc, bf, txq, fi->framelen);
-- ath_tx_txqaddbuf(sc, txq, &bf_head, false);
--}
--
- static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
- struct ath_atx_tid *tid, struct sk_buff *skb)
- {
-@@ -1985,6 +2069,7 @@ static int ath_tx_prepare(struct ieee802
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_sta *sta = txctl->sta;
- struct ieee80211_vif *vif = info->control.vif;
-+ struct ath_vif *avp;
- struct ath_softc *sc = hw->priv;
- int frmlen = skb->len + FCS_LEN;
- int padpos, padsize;
-@@ -1992,6 +2077,10 @@ static int ath_tx_prepare(struct ieee802
- /* NOTE: sta can be NULL according to net/mac80211.h */
- if (sta)
- txctl->an = (struct ath_node *)sta->drv_priv;
-+ else if (vif && ieee80211_is_data(hdr->frame_control)) {
-+ avp = (void *)vif->drv_priv;
-+ txctl->an = &avp->mcast_node;
-+ }
-
- if (info->control.hw_key)
- frmlen += info->control.hw_key->icv_len;
-@@ -2041,7 +2130,6 @@ int ath_tx_start(struct ieee80211_hw *hw
- struct ath_txq *txq = txctl->txq;
- struct ath_atx_tid *tid = NULL;
- struct ath_buf *bf;
-- u8 tidno;
- int q;
- int ret;
-
-@@ -2069,27 +2157,31 @@ int ath_tx_start(struct ieee80211_hw *hw
- ath_txq_unlock(sc, txq);
- txq = sc->tx.uapsdq;
- ath_txq_lock(sc, txq);
-- }
--
-- if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) {
-- tidno = ieee80211_get_qos_ctl(hdr)[0] &
-- IEEE80211_QOS_CTL_TID_MASK;
-- tid = ATH_AN_2_TID(txctl->an, tidno);
-+ } else if (txctl->an &&
-+ ieee80211_is_data_present(hdr->frame_control)) {
-+ tid = ath_get_skb_tid(sc, txctl->an, skb);
-
- WARN_ON(tid->ac->txq != txctl->txq);
-- }
-
-- if ((info->flags & IEEE80211_TX_CTL_AMPDU) && tid) {
-+ if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
-+ tid->ac->clear_ps_filter = true;
-+
- /*
-- * Try aggregation if it's a unicast data frame
-- * and the destination is HT capable.
-+ * Add this frame to software queue for scheduling later
-+ * for aggregation.
- */
-- ath_tx_send_ampdu(sc, txq, tid, skb, txctl);
-+ TX_STAT_INC(txq->axq_qnum, a_queued_sw);
-+ __skb_queue_tail(&tid->buf_q, skb);
-+ if (!txctl->an->sleeping)
-+ ath_tx_queue_tid(txq, tid);
-+
-+ ath_txq_schedule(sc, txq);
- goto out;
- }
-
- bf = ath_tx_setup_buffer(sc, txq, tid, skb);
- if (!bf) {
-+ ath_txq_skb_done(sc, txq, skb);
- if (txctl->paprd)
- dev_kfree_skb_any(skb);
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
else
-@@ -2189,7 +2281,7 @@ static void ath_tx_complete(struct ath_s
- struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
- struct ieee80211_hdr * hdr = (struct ieee80211_hdr *)skb->data;
-- int q, padpos, padsize;
-+ int padpos, padsize;
- unsigned long flags;
-
- ath_dbg(common, XMIT, "TX complete: skb: %p\n", skb);
-@@ -2225,21 +2317,7 @@ static void ath_tx_complete(struct ath_s
- spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
-
- __skb_queue_tail(&txq->complete_q, skb);
--
-- q = skb_get_queue_mapping(skb);
-- if (txq == sc->tx.uapsdq)
-- txq = sc->tx.txq_map[q];
--
-- if (txq == sc->tx.txq_map[q]) {
-- if (WARN_ON(--txq->pending_frames < 0))
-- txq->pending_frames = 0;
--
-- if (txq->stopped &&
-- txq->pending_frames < sc->tx.txq_max_pending[q]) {
-- ieee80211_wake_queue(sc->hw, q);
-- txq->stopped = false;
-- }
-- }
-+ ath_txq_skb_done(sc, txq, skb);
- }
-
- static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf,
-@@ -2360,8 +2438,7 @@ static void ath_tx_processq(struct ath_s
-
- if (list_empty(&txq->axq_q)) {
- txq->axq_link = NULL;
-- if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT)
-- ath_txq_schedule(sc, txq);
-+ ath_txq_schedule(sc, txq);
- break;
+--- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
+@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80
+ /* during testing, hdr was NULL here */
+ return false;
}
- bf = list_first_entry(&txq->axq_q, struct ath_buf, list);
-@@ -2375,7 +2452,7 @@ static void ath_tx_processq(struct ath_s
- * it with the STALE flag.
- */
- bf_held = NULL;
-- if (bf->bf_stale) {
-+ if (bf->bf_state.stale) {
- bf_held = bf;
- if (list_is_last(&bf_held->list, &txq->axq_q))
- break;
-@@ -2399,7 +2476,7 @@ static void ath_tx_processq(struct ath_s
- * however leave the last descriptor back as the holding
- * descriptor for hw.
- */
-- lastbf->bf_stale = true;
-+ lastbf->bf_state.stale = true;
- INIT_LIST_HEAD(&bf_head);
- if (!list_is_singular(&lastbf->list))
- list_cut_position(&bf_head,
-@@ -2470,7 +2547,7 @@ void ath_tx_edma_tasklet(struct ath_soft
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
+@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee
+ /* during testing, hdr could be NULL here */
+ return false;
}
-
- bf = list_first_entry(fifo_list, struct ath_buf, list);
-- if (bf->bf_stale) {
-+ if (bf->bf_state.stale) {
- list_del(&bf->list);
- ath_tx_return_buffer(sc, bf);
- bf = list_first_entry(fifo_list, struct ath_buf, list);
-@@ -2492,7 +2569,7 @@ void ath_tx_edma_tasklet(struct ath_soft
- ath_tx_txqaddbuf(sc, txq, &bf_q, true);
- }
- } else {
-- lastbf->bf_stale = true;
-+ lastbf->bf_state.stale = true;
- if (bf != lastbf)
- list_cut_position(&bf_head, fifo_list,
- lastbf->list.prev);
-@@ -2583,6 +2660,7 @@ void ath_tx_node_init(struct ath_softc *
- tid->paused = false;
- tid->active = false;
- __skb_queue_head_init(&tid->buf_q);
-+ __skb_queue_head_init(&tid->retry_q);
- acno = TID_TO_WME_AC(tidno);
- tid->ac = &an->ac[acno];
- }
-@@ -2590,6 +2668,7 @@ void ath_tx_node_init(struct ath_softc *
- for (acno = 0, ac = &an->ac[acno];
- acno < IEEE80211_NUM_ACS; acno++, ac++) {
- ac->sched = false;
-+ ac->clear_ps_filter = true;
- ac->txq = sc->tx.txq_map[acno];
- INIT_LIST_HEAD(&ac->tid_q);
- }
---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -966,6 +966,8 @@ static int ath9k_add_interface(struct ie
- struct ath_softc *sc = hw->priv;
- struct ath_hw *ah = sc->sc_ah;
- struct ath_common *common = ath9k_hw_common(ah);
-+ struct ath_vif *avp = (void *)vif->drv_priv;
-+ struct ath_node *an = &avp->mcast_node;
-
- mutex_lock(&sc->mutex);
-
-@@ -979,6 +981,12 @@ static int ath9k_add_interface(struct ie
- if (ath9k_uses_beacons(vif->type))
- ath9k_beacon_assign_slot(sc, vif);
-
-+ an->sc = sc;
-+ an->sta = NULL;
-+ an->vif = vif;
-+ an->no_ps_filter = true;
-+ ath_tx_node_init(sc, an);
-+
- mutex_unlock(&sc->mutex);
- return 0;
- }
-@@ -1016,6 +1024,7 @@ static void ath9k_remove_interface(struc
- {
- struct ath_softc *sc = hw->priv;
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-+ struct ath_vif *avp = (void *)vif->drv_priv;
-
- ath_dbg(common, CONFIG, "Detach Interface\n");
-
-@@ -1030,6 +1039,8 @@ static void ath9k_remove_interface(struc
- ath9k_calculate_summary_state(hw, NULL);
- ath9k_ps_restore(sc);
-
-+ ath_tx_node_cleanup(sc, &avp->mcast_node);
-+
- mutex_unlock(&sc->mutex);
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/include/linux/ieee80211.h
++++ b/include/linux/ieee80211.h
+@@ -2192,10 +2192,10 @@ static inline u8 *ieee80211_get_DA(struc
}
-@@ -1374,9 +1385,6 @@ static void ath9k_sta_notify(struct ieee
- struct ath_softc *sc = hw->priv;
- struct ath_node *an = (struct ath_node *) sta->drv_priv;
-
-- if (!sta->ht_cap.ht_supported)
-- return;
--
- switch (cmd) {
- case STA_NOTIFY_SLEEP:
- an->sleeping = true;
-@@ -2094,7 +2102,7 @@ static void ath9k_wow_add_pattern(struct
- {
- struct ath_hw *ah = sc->sc_ah;
- struct ath9k_wow_pattern *wow_pattern = NULL;
-- struct cfg80211_wowlan_trig_pkt_pattern *patterns = wowlan->patterns;
-+ struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
- int mask_len;
- s8 i = 0;
-
---- a/drivers/net/wireless/mwifiex/cfg80211.c
-+++ b/drivers/net/wireless/mwifiex/cfg80211.c
-@@ -2298,8 +2298,7 @@ EXPORT_SYMBOL_GPL(mwifiex_del_virtual_in
-
- #ifdef CONFIG_PM
- static bool
--mwifiex_is_pattern_supported(struct cfg80211_wowlan_trig_pkt_pattern *pat,
-- s8 *byte_seq)
-+mwifiex_is_pattern_supported(struct cfg80211_pkt_pattern *pat, s8 *byte_seq)
- {
- int j, k, valid_byte_cnt = 0;
- bool dont_care_byte = false;
---- a/drivers/net/wireless/ti/wlcore/main.c
-+++ b/drivers/net/wireless/ti/wlcore/main.c
-@@ -1315,7 +1315,7 @@ static struct sk_buff *wl12xx_alloc_dumm
-
- #ifdef CONFIG_PM
- static int
--wl1271_validate_wowlan_pattern(struct cfg80211_wowlan_trig_pkt_pattern *p)
-+wl1271_validate_wowlan_pattern(struct cfg80211_pkt_pattern *p)
- {
- int num_fields = 0, in_field = 0, fields_size = 0;
- int i, pattern_len = 0;
-@@ -1458,9 +1458,9 @@ void wl1271_rx_filter_flatten_fields(str
- * Allocates an RX filter returned through f
- * which needs to be freed using rx_filter_free()
+ /**
+- * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
++ * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
+ * @hdr: the frame (buffer must include at least the first octet of payload)
*/
--static int wl1271_convert_wowlan_pattern_to_rx_filter(
-- struct cfg80211_wowlan_trig_pkt_pattern *p,
-- struct wl12xx_rx_filter **f)
-+static int
-+wl1271_convert_wowlan_pattern_to_rx_filter(struct cfg80211_pkt_pattern *p,
-+ struct wl12xx_rx_filter **f)
+-static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
++static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
{
- int i, j, ret = 0;
- struct wl12xx_rx_filter *filter;
-@@ -1562,7 +1562,7 @@ static int wl1271_configure_wowlan(struc
-
- /* Translate WoWLAN patterns into filters */
- for (i = 0; i < wow->n_patterns; i++) {
-- struct cfg80211_wowlan_trig_pkt_pattern *p;
-+ struct cfg80211_pkt_pattern *p;
- struct wl12xx_rx_filter *filter = NULL;
+ if (ieee80211_is_disassoc(hdr->frame_control) ||
+ ieee80211_is_deauth(hdr->frame_control))
+@@ -2224,6 +2224,17 @@ static inline bool ieee80211_is_robust_m
+ }
- p = &wow->patterns[i];
+ /**
++ * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame
++ * @skb: the skb containing the frame, length will be checked
++ */
++static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb)
++{
++ if (skb->len < 25)
++ return false;
++ return _ieee80211_is_robust_mgmt_frame((void *)skb->data);
++}
++
++/**
+ * ieee80211_is_public_action - check if frame is a public action frame
+ * @hdr: the frame
+ * @len: length of the frame
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
-@@ -1698,7 +1698,7 @@ struct cfg80211_pmksa {
+@@ -1395,9 +1395,11 @@ struct cfg80211_scan_request {
+ * struct cfg80211_match_set - sets of attributes to match
+ *
+ * @ssid: SSID to be matched
++ * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
+ */
+ struct cfg80211_match_set {
+ struct cfg80211_ssid ssid;
++ s32 rssi_thold;
};
/**
-- * struct cfg80211_wowlan_trig_pkt_pattern - packet pattern
-+ * struct cfg80211_pkt_pattern - packet pattern
- * @mask: bitmask where to match pattern and where to ignore bytes,
- * one bit per byte, in same format as nl80211
- * @pattern: bytes to match where bitmask is 1
-@@ -1708,7 +1708,7 @@ struct cfg80211_pmksa {
- * Internal note: @mask and @pattern are allocated in one chunk of
- * memory, free @mask only!
+@@ -1420,7 +1422,8 @@ struct cfg80211_match_set {
+ * @dev: the interface
+ * @scan_start: start time of the scheduled scan
+ * @channels: channels to scan
+- * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
++ * @min_rssi_thold: for drivers only supporting a single threshold, this
++ * contains the minimum over all matchsets
*/
--struct cfg80211_wowlan_trig_pkt_pattern {
-+struct cfg80211_pkt_pattern {
- u8 *mask, *pattern;
- int pattern_len;
- int pkt_offset;
-@@ -1770,7 +1770,7 @@ struct cfg80211_wowlan {
- bool any, disconnect, magic_pkt, gtk_rekey_failure,
- eap_identity_req, four_way_handshake,
- rfkill_release;
-- struct cfg80211_wowlan_trig_pkt_pattern *patterns;
-+ struct cfg80211_pkt_pattern *patterns;
- struct cfg80211_wowlan_tcp *tcp;
- int n_patterns;
- };
+ struct cfg80211_sched_scan_request {
+ struct cfg80211_ssid *ssids;
+@@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request {
+ u32 flags;
+ struct cfg80211_match_set *match_sets;
+ int n_match_sets;
+- s32 rssi_thold;
++ s32 min_rssi_thold;
+
+ /* internal */
+ struct wiphy *wiphy;
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
-@@ -3060,11 +3060,11 @@ enum nl80211_tx_power_setting {
- };
-
- /**
-- * enum nl80211_wowlan_packet_pattern_attr - WoWLAN packet pattern attribute
-- * @__NL80211_WOWLAN_PKTPAT_INVALID: invalid number for nested attribute
-- * @NL80211_WOWLAN_PKTPAT_PATTERN: the pattern, values where the mask has
-+ * enum nl80211_packet_pattern_attr - packet pattern attribute
-+ * @__NL80211_PKTPAT_INVALID: invalid number for nested attribute
-+ * @NL80211_PKTPAT_PATTERN: the pattern, values where the mask has
- * a zero bit are ignored
-- * @NL80211_WOWLAN_PKTPAT_MASK: pattern mask, must be long enough to have
-+ * @NL80211_PKTPAT_MASK: pattern mask, must be long enough to have
- * a bit for each byte in the pattern. The lowest-order bit corresponds
- * to the first byte of the pattern, but the bytes of the pattern are
- * in a little-endian-like format, i.e. the 9th byte of the pattern
-@@ -3075,23 +3075,23 @@ enum nl80211_tx_power_setting {
- * Note that the pattern matching is done as though frames were not
- * 802.11 frames but 802.3 frames, i.e. the frame is fully unpacked
- * first (including SNAP header unpacking) and then matched.
-- * @NL80211_WOWLAN_PKTPAT_OFFSET: packet offset, pattern is matched after
-+ * @NL80211_PKTPAT_OFFSET: packet offset, pattern is matched after
- * these fixed number of bytes of received packet
-- * @NUM_NL80211_WOWLAN_PKTPAT: number of attributes
-- * @MAX_NL80211_WOWLAN_PKTPAT: max attribute number
-+ * @NUM_NL80211_PKTPAT: number of attributes
-+ * @MAX_NL80211_PKTPAT: max attribute number
- */
--enum nl80211_wowlan_packet_pattern_attr {
-- __NL80211_WOWLAN_PKTPAT_INVALID,
-- NL80211_WOWLAN_PKTPAT_MASK,
-- NL80211_WOWLAN_PKTPAT_PATTERN,
-- NL80211_WOWLAN_PKTPAT_OFFSET,
-+enum nl80211_packet_pattern_attr {
-+ __NL80211_PKTPAT_INVALID,
-+ NL80211_PKTPAT_MASK,
-+ NL80211_PKTPAT_PATTERN,
-+ NL80211_PKTPAT_OFFSET,
-
-- NUM_NL80211_WOWLAN_PKTPAT,
-- MAX_NL80211_WOWLAN_PKTPAT = NUM_NL80211_WOWLAN_PKTPAT - 1,
-+ NUM_NL80211_PKTPAT,
-+ MAX_NL80211_PKTPAT = NUM_NL80211_PKTPAT - 1,
- };
-
- /**
-- * struct nl80211_wowlan_pattern_support - pattern support information
-+ * struct nl80211_pattern_support - packet pattern support information
- * @max_patterns: maximum number of patterns supported
- * @min_pattern_len: minimum length of each pattern
- * @max_pattern_len: maximum length of each pattern
-@@ -3101,13 +3101,22 @@ enum nl80211_wowlan_packet_pattern_attr
- * that is part of %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED in the
- * capability information given by the kernel to userspace.
- */
--struct nl80211_wowlan_pattern_support {
-+struct nl80211_pattern_support {
- __u32 max_patterns;
- __u32 min_pattern_len;
- __u32 max_pattern_len;
- __u32 max_pkt_offset;
- } __attribute__((packed));
-
-+/* only for backward compatibility */
-+#define __NL80211_WOWLAN_PKTPAT_INVALID __NL80211_PKTPAT_INVALID
-+#define NL80211_WOWLAN_PKTPAT_MASK NL80211_PKTPAT_MASK
-+#define NL80211_WOWLAN_PKTPAT_PATTERN NL80211_PKTPAT_PATTERN
-+#define NL80211_WOWLAN_PKTPAT_OFFSET NL80211_PKTPAT_OFFSET
-+#define NUM_NL80211_WOWLAN_PKTPAT NUM_NL80211_PKTPAT
-+#define MAX_NL80211_WOWLAN_PKTPAT MAX_NL80211_PKTPAT
-+#define nl80211_wowlan_pattern_support nl80211_pattern_support
-+
- /**
- * enum nl80211_wowlan_triggers - WoWLAN trigger definitions
- * @__NL80211_WOWLAN_TRIG_INVALID: invalid number for nested attributes
-@@ -3127,7 +3136,7 @@ struct nl80211_wowlan_pattern_support {
- * pattern matching is done after the packet is converted to the MSDU.
- *
- * In %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED, it is a binary attribute
-- * carrying a &struct nl80211_wowlan_pattern_support.
-+ * carrying a &struct nl80211_pattern_support.
- *
- * When reporting wakeup. it is a u32 attribute containing the 0-based
- * index of the pattern that caused the wakeup, in the patterns passed
-@@ -3284,7 +3293,7 @@ struct nl80211_wowlan_tcp_data_token_fea
- * @NL80211_WOWLAN_TCP_WAKE_PAYLOAD: wake packet payload, for advertising a
- * u32 attribute holding the maximum length
- * @NL80211_WOWLAN_TCP_WAKE_MASK: Wake packet payload mask, not used for
-- * feature advertising. The mask works like @NL80211_WOWLAN_PKTPAT_MASK
-+ * feature advertising. The mask works like @NL80211_PKTPAT_MASK
- * but on the TCP payload only.
- * @NUM_NL80211_WOWLAN_TCP: number of TCP attributes
- * @MAX_NL80211_WOWLAN_TCP: highest attribute number
---- a/net/mac80211/mesh_ps.c
-+++ b/net/mac80211/mesh_ps.c
-@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(str
- enum nl80211_mesh_power_mode pm;
- bool do_buffer;
-
-+ /* For non-assoc STA, prevent buffering or frame transmission */
-+ if (sta->sta_state < IEEE80211_STA_ASSOC)
-+ return;
-+
- /*
- * use peer-specific power mode if peering is established and the
- * peer's power mode is known
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -441,10 +441,12 @@ static int nl80211_prepare_wdev_dump(str
- goto out_unlock;
- }
- *rdev = wiphy_to_dev((*wdev)->wiphy);
-- cb->args[0] = (*rdev)->wiphy_idx;
-+ /* 0 is the first index - add 1 to parse only once */
-+ cb->args[0] = (*rdev)->wiphy_idx + 1;
- cb->args[1] = (*wdev)->identifier;
- } else {
-- struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
-+ /* subtract the 1 again here */
-+ struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
- struct wireless_dev *tmp;
-
- if (!wiphy) {
-@@ -974,7 +976,7 @@ static int nl80211_send_wowlan(struct sk
- return -ENOBUFS;
-
- if (dev->wiphy.wowlan->n_patterns) {
-- struct nl80211_wowlan_pattern_support pat = {
-+ struct nl80211_pattern_support pat = {
- .max_patterns = dev->wiphy.wowlan->n_patterns,
- .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
- .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
-@@ -1568,8 +1570,10 @@ static int nl80211_dump_wiphy(struct sk_
- rtnl_lock();
- if (!state) {
- state = kzalloc(sizeof(*state), GFP_KERNEL);
-- if (!state)
-+ if (!state) {
-+ rtnl_unlock();
- return -ENOMEM;
-+ }
- state->filter_wiphy = -1;
- ret = nl80211_dump_wiphy_parse(skb, cb, state);
- if (ret) {
-@@ -6615,12 +6619,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_ev
-
- void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
- {
-+ struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
- void *hdr = ((void **)skb->cb)[1];
- struct nlattr *data = ((void **)skb->cb)[2];
-
- nla_nest_end(skb, data);
- genlmsg_end(skb, hdr);
-- genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
-+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
-+ nl80211_testmode_mcgrp.id, gfp);
- }
- EXPORT_SYMBOL(cfg80211_testmode_event);
- #endif
-@@ -7593,12 +7599,11 @@ static int nl80211_send_wowlan_patterns(
- if (!nl_pat)
- return -ENOBUFS;
- pat_len = wowlan->patterns[i].pattern_len;
-- if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
-- DIV_ROUND_UP(pat_len, 8),
-+ if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
- wowlan->patterns[i].mask) ||
-- nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
-- pat_len, wowlan->patterns[i].pattern) ||
-- nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
-+ nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
-+ wowlan->patterns[i].pattern) ||
-+ nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
- wowlan->patterns[i].pkt_offset))
- return -ENOBUFS;
- nla_nest_end(msg, nl_pat);
-@@ -7939,7 +7944,7 @@ static int nl80211_set_wowlan(struct sk_
- struct nlattr *pat;
- int n_patterns = 0;
- int rem, pat_len, mask_len, pkt_offset;
-- struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
-+ struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
-
- nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
- rem)
-@@ -7958,26 +7963,25 @@ static int nl80211_set_wowlan(struct sk_
-
- nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
- rem) {
-- nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
-- nla_data(pat), nla_len(pat), NULL);
-+ nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
-+ nla_len(pat), NULL);
- err = -EINVAL;
-- if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
-- !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
-+ if (!pat_tb[NL80211_PKTPAT_MASK] ||
-+ !pat_tb[NL80211_PKTPAT_PATTERN])
- goto error;
-- pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
-+ pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
- mask_len = DIV_ROUND_UP(pat_len, 8);
-- if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
-- mask_len)
-+ if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
- goto error;
- if (pat_len > wowlan->pattern_max_len ||
- pat_len < wowlan->pattern_min_len)
- goto error;
-
-- if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
-+ if (!pat_tb[NL80211_PKTPAT_OFFSET])
- pkt_offset = 0;
- else
- pkt_offset = nla_get_u32(
-- pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
-+ pat_tb[NL80211_PKTPAT_OFFSET]);
- if (pkt_offset > wowlan->max_pkt_offset)
- goto error;
- new_triggers.patterns[i].pkt_offset = pkt_offset;
-@@ -7991,11 +7995,11 @@ static int nl80211_set_wowlan(struct sk_
- new_triggers.patterns[i].pattern =
- new_triggers.patterns[i].mask + mask_len;
- memcpy(new_triggers.patterns[i].mask,
-- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
-+ nla_data(pat_tb[NL80211_PKTPAT_MASK]),
- mask_len);
- new_triggers.patterns[i].pattern_len = pat_len;
- memcpy(new_triggers.patterns[i].pattern,
-- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
-+ nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
- pat_len);
- i++;
- }
-@@ -10066,7 +10070,8 @@ void cfg80211_mgmt_tx_status(struct wire
-
- genlmsg_end(msg, hdr);
-
-- genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
-+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
-+ nl80211_mlme_mcgrp.id, gfp);
- return;
-
- nla_put_failure:
---- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
-@@ -2247,10 +2247,13 @@ int reg_device_uevent(struct device *dev
-
- void wiphy_regulatory_register(struct wiphy *wiphy)
- {
-+ struct regulatory_request *lr;
-+
- if (!reg_dev_ignore_cell_hint(wiphy))
- reg_num_devs_support_basehint++;
+@@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr {
+ * enum nl80211_sched_scan_match_attr - scheduled scan match attributes
+ * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching,
+- * only report BSS with matching SSID.
++ * only report BSS with matching SSID.
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a
+- * BSS in scan results. Filtering is turned off if not specified.
++ * BSS in scan results. Filtering is turned off if not specified. Note that
++ * if this attribute is in a match set of its own, then it is treated as
++ * the default value for all matchsets with an SSID, rather than being a
++ * matchset of its own without an RSSI filter. This is due to problems with
++ * how this API was implemented in the past. Also, due to the same problem,
++ * the only way to create a matchset with only an RSSI filter (with this
++ * attribute) is if there's only a single matchset with the RSSI attribute.
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter
+ * attribute number currently defined
+ * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use
+--- a/net/mac80211/agg-tx.c
++++ b/net/mac80211/agg-tx.c
+@@ -107,7 +107,7 @@ static void ieee80211_send_addba_request
+ mgmt->u.action.u.addba_req.start_seq_num =
+ cpu_to_le16(start_seq_num << 4);
-- wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
-+ lr = get_last_request();
-+ wiphy_update_regulatory(wiphy, lr->initiator);
+- ieee80211_tx_skb_tid(sdata, skb, tid);
++ ieee80211_tx_skb(sdata, skb);
}
- void wiphy_regulatory_deregister(struct wiphy *wiphy)
-@@ -2279,7 +2282,9 @@ void wiphy_regulatory_deregister(struct
- static void reg_timeout_work(struct work_struct *work)
- {
- REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n");
-+ rtnl_lock();
- restore_regulatory_settings(true);
-+ rtnl_unlock();
- }
+ void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip
+ IEEE80211_P2P_OPPPS_ENABLE_BIT;
- int __init regulatory_init(void)
---- a/net/wireless/sme.c
-+++ b/net/wireless/sme.c
-@@ -34,8 +34,10 @@ struct cfg80211_conn {
- CFG80211_CONN_SCAN_AGAIN,
- CFG80211_CONN_AUTHENTICATE_NEXT,
- CFG80211_CONN_AUTHENTICATING,
-+ CFG80211_CONN_AUTH_FAILED,
- CFG80211_CONN_ASSOCIATE_NEXT,
- CFG80211_CONN_ASSOCIATING,
-+ CFG80211_CONN_ASSOC_FAILED,
- CFG80211_CONN_DEAUTH,
- CFG80211_CONN_CONNECTED,
- } state;
-@@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct
- NULL, 0,
- params->key, params->key_len,
- params->key_idx, NULL, 0);
-+ case CFG80211_CONN_AUTH_FAILED:
-+ return -ENOTCONN;
- case CFG80211_CONN_ASSOCIATE_NEXT:
- BUG_ON(!rdev->ops->assoc);
- wdev->conn->state = CFG80211_CONN_ASSOCIATING;
-@@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct
- WLAN_REASON_DEAUTH_LEAVING,
- false);
+ err = ieee80211_assign_beacon(sdata, ¶ms->beacon);
+- if (err < 0)
++ if (err < 0) {
++ ieee80211_vif_release_channel(sdata);
+ return err;
++ }
+ changed |= err;
+
+ err = drv_start_ap(sdata->local, sdata);
+@@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip
+ if (old)
+ kfree_rcu(old, rcu_head);
+ RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
++ ieee80211_vif_release_channel(sdata);
return err;
-+ case CFG80211_CONN_ASSOC_FAILED:
-+ cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-+ NULL, 0,
-+ WLAN_REASON_DEAUTH_LEAVING, false);
-+ return -ENOTCONN;
- case CFG80211_CONN_DEAUTH:
- cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
- NULL, 0,
- WLAN_REASON_DEAUTH_LEAVING, false);
-+ /* free directly, disconnected event already sent */
-+ cfg80211_sme_free(wdev);
- return 0;
- default:
- return 0;
-@@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct w
- return true;
}
-- wdev->conn->state = CFG80211_CONN_DEAUTH;
-+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
- schedule_work(&rdev->conn_work);
- return false;
- }
-@@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless
-
- void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
- {
-- cfg80211_sme_free(wdev);
-+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+ if (!wdev->conn)
-+ return;
-+
-+ wdev->conn->state = CFG80211_CONN_AUTH_FAILED;
-+ schedule_work(&rdev->conn_work);
- }
+@@ -1090,8 +1093,6 @@ static int ieee80211_stop_ap(struct wiph
+ kfree(sdata->u.ap.next_beacon);
+ sdata->u.ap.next_beacon = NULL;
- void cfg80211_sme_disassoc(struct wireless_dev *wdev)
-@@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wirele
+- cancel_work_sync(&sdata->u.ap.request_smps_work);
+-
+ /* turn off carrier for this interface and dependent VLANs */
+ list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
+ netif_carrier_off(vlan->dev);
+@@ -1103,6 +1104,7 @@ static int ieee80211_stop_ap(struct wiph
+ kfree_rcu(old_beacon, rcu_head);
+ if (old_probe_resp)
+ kfree_rcu(old_probe_resp, rcu_head);
++ sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
+
+ __sta_info_flush(sdata, true);
+ ieee80211_free_keys(sdata, true);
+@@ -2638,6 +2640,24 @@ static int ieee80211_start_roc_work(stru
+ INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
+ INIT_LIST_HEAD(&roc->dependents);
- void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
- {
-- cfg80211_sme_disassoc(wdev);
-+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+ if (!wdev->conn)
-+ return;
++ /*
++ * cookie is either the roc cookie (for normal roc)
++ * or the SKB (for mgmt TX)
++ */
++ if (!txskb) {
++ /* local->mtx protects this */
++ local->roc_cookie_counter++;
++ roc->cookie = local->roc_cookie_counter;
++ /* wow, you wrapped 64 bits ... more likely a bug */
++ if (WARN_ON(roc->cookie == 0)) {
++ roc->cookie = 1;
++ local->roc_cookie_counter++;
++ }
++ *cookie = roc->cookie;
++ } else {
++ *cookie = (unsigned long)txskb;
++ }
+
-+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
-+ schedule_work(&rdev->conn_work);
- }
-
- static int cfg80211_sme_connect(struct wireless_dev *wdev,
---- a/net/mac80211/rc80211_minstrel.c
-+++ b/net/mac80211/rc80211_minstrel.c
-@@ -290,7 +290,7 @@ minstrel_get_rate(void *priv, struct iee
- struct minstrel_rate *msr, *mr;
- unsigned int ndx;
- bool mrr_capable;
-- bool prev_sample = mi->prev_sample;
-+ bool prev_sample;
- int delta;
- int sampling_ratio;
-
-@@ -314,6 +314,7 @@ minstrel_get_rate(void *priv, struct iee
- (mi->sample_count + mi->sample_deferred / 2);
-
- /* delta < 0: no sampling required */
-+ prev_sample = mi->prev_sample;
- mi->prev_sample = false;
- if (delta < 0 || (!mrr_capable && prev_sample))
- return;
---- a/drivers/net/wireless/rt2x00/rt2x00queue.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -936,13 +936,8 @@ void rt2x00queue_index_inc(struct queue_
- spin_unlock_irqrestore(&queue->index_lock, irqflags);
- }
+ /* if there's one pending or we're scanning, queue this one */
+ if (!list_empty(&local->roc_list) ||
+ local->scanning || local->radar_detect_enabled)
+@@ -2772,24 +2792,6 @@ static int ieee80211_start_roc_work(stru
+ if (!queued)
+ list_add_tail(&roc->list, &local->roc_list);
--void rt2x00queue_pause_queue(struct data_queue *queue)
-+void rt2x00queue_pause_queue_nocheck(struct data_queue *queue)
- {
-- if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
-- !test_bit(QUEUE_STARTED, &queue->flags) ||
-- test_and_set_bit(QUEUE_PAUSED, &queue->flags))
-- return;
+- /*
+- * cookie is either the roc cookie (for normal roc)
+- * or the SKB (for mgmt TX)
+- */
+- if (!txskb) {
+- /* local->mtx protects this */
+- local->roc_cookie_counter++;
+- roc->cookie = local->roc_cookie_counter;
+- /* wow, you wrapped 64 bits ... more likely a bug */
+- if (WARN_ON(roc->cookie == 0)) {
+- roc->cookie = 1;
+- local->roc_cookie_counter++;
+- }
+- *cookie = roc->cookie;
+- } else {
+- *cookie = (unsigned long)txskb;
+- }
-
- switch (queue->qid) {
- case QID_AC_VO:
- case QID_AC_VI:
-@@ -958,6 +953,15 @@ void rt2x00queue_pause_queue(struct data
- break;
- }
+ return 0;
}
-+void rt2x00queue_pause_queue(struct data_queue *queue)
-+{
-+ if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
-+ !test_bit(QUEUE_STARTED, &queue->flags) ||
-+ test_and_set_bit(QUEUE_PAUSED, &queue->flags))
-+ return;
-+
-+ rt2x00queue_pause_queue_nocheck(queue);
-+}
- EXPORT_SYMBOL_GPL(rt2x00queue_pause_queue);
-
- void rt2x00queue_unpause_queue(struct data_queue *queue)
-@@ -1019,7 +1023,7 @@ void rt2x00queue_stop_queue(struct data_
- return;
- }
-
-- rt2x00queue_pause_queue(queue);
-+ rt2x00queue_pause_queue_nocheck(queue);
-
- queue->rt2x00dev->ops->lib->stop_queue(queue);
-
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -31,10 +31,12 @@
- #include "led.h"
-
- #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
-+#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
- #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
- #define IEEE80211_AUTH_MAX_TRIES 3
- #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
- #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
-+#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
- #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
- #define IEEE80211_ASSOC_MAX_TRIES 3
-
-@@ -209,8 +211,9 @@ ieee80211_determine_chantype(struct ieee
- struct ieee80211_channel *channel,
- const struct ieee80211_ht_operation *ht_oper,
- const struct ieee80211_vht_operation *vht_oper,
-- struct cfg80211_chan_def *chandef, bool verbose)
-+ struct cfg80211_chan_def *chandef, bool tracking)
- {
-+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
- struct cfg80211_chan_def vht_chandef;
- u32 ht_cfreq, ret;
-
-@@ -229,7 +232,7 @@ ieee80211_determine_chantype(struct ieee
- ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
- channel->band);
- /* check that channel matches the right operating channel */
-- if (channel->center_freq != ht_cfreq) {
-+ if (!tracking && channel->center_freq != ht_cfreq) {
- /*
- * It's possible that some APs are confused here;
- * Netgear WNDR3700 sometimes reports 4 higher than
-@@ -237,11 +240,10 @@ ieee80211_determine_chantype(struct ieee
- * since we look at probe response/beacon data here
- * it should be OK.
- */
-- if (verbose)
-- sdata_info(sdata,
-- "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
-- channel->center_freq, ht_cfreq,
-- ht_oper->primary_chan, channel->band);
-+ sdata_info(sdata,
-+ "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
-+ channel->center_freq, ht_cfreq,
-+ ht_oper->primary_chan, channel->band);
- ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
- goto out;
- }
-@@ -295,7 +297,7 @@ ieee80211_determine_chantype(struct ieee
- channel->band);
- break;
- default:
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
- vht_oper->chan_width);
-@@ -304,7 +306,7 @@ ieee80211_determine_chantype(struct ieee
- }
- if (!cfg80211_chandef_valid(&vht_chandef)) {
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT information is invalid, disable VHT\n");
- ret = IEEE80211_STA_DISABLE_VHT;
-@@ -317,7 +319,7 @@ ieee80211_determine_chantype(struct ieee
- }
-
- if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
-- if (verbose)
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
- sdata_info(sdata,
- "AP VHT information doesn't match HT, disable VHT\n");
- ret = IEEE80211_STA_DISABLE_VHT;
-@@ -333,18 +335,27 @@ out:
- if (ret & IEEE80211_STA_DISABLE_VHT)
- vht_chandef = *chandef;
-
-+ /*
-+ * Ignore the DISABLED flag when we're already connected and only
-+ * tracking the APs beacon for bandwidth changes - otherwise we
-+ * might get disconnected here if we connect to an AP, update our
-+ * regulatory information based on the AP's country IE and the
-+ * information we have is wrong/outdated and disables the channel
-+ * that we're actually using for the connection to the AP.
-+ */
- while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
-- IEEE80211_CHAN_DISABLED)) {
-+ tracking ? 0 :
-+ IEEE80211_CHAN_DISABLED)) {
- if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
- ret = IEEE80211_STA_DISABLE_HT |
- IEEE80211_STA_DISABLE_VHT;
-- goto out;
-+ break;
- }
-
- ret |= chandef_downgrade(chandef);
- }
+--- a/net/mac80211/ht.c
++++ b/net/mac80211/ht.c
+@@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802
+ mgmt->u.action.u.delba.params = cpu_to_le16(params);
+ mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
-- if (chandef->width != vht_chandef.width && verbose)
-+ if (chandef->width != vht_chandef.width && !tracking)
- sdata_info(sdata,
- "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
+- ieee80211_tx_skb_tid(sdata, skb, tid);
++ ieee80211_tx_skb(sdata, skb);
+ }
-@@ -384,7 +395,7 @@ static int ieee80211_config_bw(struct ie
+ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
+@@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru
+ u.ap.request_smps_work);
- /* calculate new channel (type) based on HT/VHT operation IEs */
- flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
-- vht_oper, &chandef, false);
-+ vht_oper, &chandef, true);
+ sdata_lock(sdata);
+- __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode);
++ if (sdata_dereference(sdata->u.ap.beacon, sdata))
++ __ieee80211_request_smps_ap(sdata,
++ sdata->u.ap.driver_smps_mode);
+ sdata_unlock(sdata);
+ }
- /*
- * Downgrade the new channel if we associated with restricted
-@@ -3394,10 +3405,13 @@ static int ieee80211_probe_auth(struct i
-
- if (tx_flags == 0) {
- auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
-- ifmgd->auth_data->timeout_started = true;
-+ auth_data->timeout_started = true;
- run_again(sdata, auth_data->timeout);
- } else {
-- auth_data->timeout_started = false;
-+ auth_data->timeout =
-+ round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
-+ auth_data->timeout_started = true;
-+ run_again(sdata, auth_data->timeout);
- }
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee
- return 0;
-@@ -3434,7 +3448,11 @@ static int ieee80211_do_assoc(struct iee
- assoc_data->timeout_started = true;
- run_again(sdata, assoc_data->timeout);
- } else {
-- assoc_data->timeout_started = false;
-+ assoc_data->timeout =
-+ round_jiffies_up(jiffies +
-+ IEEE80211_ASSOC_TIMEOUT_LONG);
-+ assoc_data->timeout_started = true;
-+ run_again(sdata, assoc_data->timeout);
- }
+ ieee80211_roc_purge(local, sdata);
- return 0;
-@@ -3829,7 +3847,7 @@ static int ieee80211_prep_channel(struct
- ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
- cbss->channel,
- ht_oper, vht_oper,
-- &chandef, true);
-+ &chandef, false);
-
- sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
- local->rx_chains);
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -772,6 +772,7 @@ void cfg80211_leave(struct cfg80211_regi
- cfg80211_leave_mesh(rdev, dev);
- break;
- case NL80211_IFTYPE_AP:
-+ case NL80211_IFTYPE_P2P_GO:
- cfg80211_stop_ap(rdev, dev);
- break;
- default:
---- a/drivers/net/wireless/rtlwifi/Kconfig
-+++ b/drivers/net/wireless/rtlwifi/Kconfig
-@@ -1,29 +1,22 @@
--config RTLWIFI
-- tristate "Realtek wireless card support"
-+menuconfig RTL_CARDS
-+ tristate "Realtek rtlwifi family of devices"
- depends on m
-- depends on MAC80211
-- select BACKPORT_FW_LOADER
-- ---help---
-- This is common code for RTL8192CE/RTL8192CU/RTL8192SE/RTL8723AE
-- drivers. This module does nothing by itself - the various front-end
-- drivers need to be enabled to support any desired devices.
+- if (sdata->vif.type == NL80211_IFTYPE_STATION)
++ switch (sdata->vif.type) {
++ case NL80211_IFTYPE_STATION:
+ ieee80211_mgd_stop(sdata);
-
-- If you choose to build as a module, it'll be called rtlwifi.
+- if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
++ break;
++ case NL80211_IFTYPE_ADHOC:
+ ieee80211_ibss_stop(sdata);
-
--config RTLWIFI_DEBUG
-- bool "Debugging output for rtlwifi driver family"
-- depends on RTLWIFI
-+ depends on MAC80211 && (PCI || USB)
- default y
- ---help---
-- To use the module option that sets the dynamic-debugging level for,
-- the front-end driver, this parameter must be "Y". For memory-limited
-- systems, choose "N". If in doubt, choose "Y".
-+ This option will enable support for the Realtek mac80211-based
-+ wireless drivers. Drivers rtl8192ce, rtl8192cu, rtl8192se, rtl8192de,
-+ rtl8723eu, and rtl8188eu share some common code.
-+
-+if RTL_CARDS
-
- config RTL8192CE
- tristate "Realtek RTL8192CE/RTL8188CE Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
- select RTL8192C_COMMON
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192CE/RTL8188CE 802.11n PCIe
- wireless network adapters.
-@@ -33,7 +26,9 @@ config RTL8192CE
- config RTL8192SE
- tristate "Realtek RTL8192SE/RTL8191SE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192SE/RTL8191SE 802.11n PCIe
- wireless network adapters.
-@@ -43,7 +38,9 @@ config RTL8192SE
- config RTL8192DE
- tristate "Realtek RTL8192DE/RTL8188DE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8192DE/RTL8188DE 802.11n PCIe
- wireless network adapters.
-@@ -53,7 +50,9 @@ config RTL8192DE
- config RTL8723AE
- tristate "Realtek RTL8723AE PCIe Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8723AE 802.11n PCIe
- wireless network adapters.
-@@ -63,7 +62,9 @@ config RTL8723AE
- config RTL8188EE
- tristate "Realtek RTL8188EE Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && PCI
-+ depends on PCI
-+ select RTLWIFI
-+ select RTLWIFI_PCI
- ---help---
- This is the driver for Realtek RTL8188EE 802.11n PCIe
- wireless network adapters.
-@@ -73,7 +74,9 @@ config RTL8188EE
- config RTL8192CU
- tristate "Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter"
- depends on m
-- depends on RTLWIFI && USB
-+ depends on USB
-+ select RTLWIFI
-+ select RTLWIFI_USB
- select RTL8192C_COMMON
- ---help---
- This is the driver for Realtek RTL8192CU/RTL8188CU 802.11n USB
-@@ -81,8 +84,32 @@ config RTL8192CU
-
- If you choose to build it as a module, it will be called rtl8192cu
-
-+config RTLWIFI
-+ tristate "Realtek common driver part"
-+ depends on m
-+ select BACKPORT_FW_LOADER
-+
-+config RTLWIFI_PCI
-+ depends on m
-+ tristate
-+
-+config RTLWIFI_USB
-+ depends on m
-+ tristate
-+
-+config RTLWIFI_DEBUG
-+ bool "Debugging output for rtlwifi driver family"
-+ depends on RTLWIFI
-+ default y
-+ ---help---
-+ To use the module option that sets the dynamic-debugging level for,
-+ the front-end driver, this parameter must be "Y". For memory-limited
-+ systems, choose "N". If in doubt, choose "Y".
-+
- config RTL8192C_COMMON
- tristate
- depends on m
- depends on RTL8192CE || RTL8192CU
- default m
-+
-+endif
---- a/drivers/net/wireless/rtlwifi/Makefile
-+++ b/drivers/net/wireless/rtlwifi/Makefile
-@@ -12,13 +12,11 @@ rtlwifi-objs := \
-
- rtl8192c_common-objs += \
-
--ifneq ($(CONFIG_PCI),)
--rtlwifi-objs += pci.o
--endif
-+obj-$(CPTCFG_RTLWIFI_PCI) += rtl_pci.o
-+rtl_pci-objs := pci.o
-
--ifneq ($(CONFIG_USB),)
--rtlwifi-objs += usb.o
--endif
-+obj-$(CPTCFG_RTLWIFI_USB) += rtl_usb.o
-+rtl_usb-objs := usb.o
-
- obj-$(CPTCFG_RTL8192C_COMMON) += rtl8192c/
- obj-$(CPTCFG_RTL8192CE) += rtl8192ce/
---- a/drivers/net/wireless/rtlwifi/base.c
-+++ b/drivers/net/wireless/rtlwifi/base.c
-@@ -173,6 +173,7 @@ u8 rtl_tid_to_ac(u8 tid)
- {
- return tid_to_ac[tid];
- }
-+EXPORT_SYMBOL_GPL(rtl_tid_to_ac);
-
- static void _rtl_init_hw_ht_capab(struct ieee80211_hw *hw,
- struct ieee80211_sta_ht_cap *ht_cap)
-@@ -407,6 +408,7 @@ void rtl_deinit_deferred_work(struct iee
- cancel_delayed_work(&rtlpriv->works.ps_rfon_wq);
- cancel_delayed_work(&rtlpriv->works.fwevt_wq);
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_deferred_work);
++ break;
++ case NL80211_IFTYPE_AP:
++ cancel_work_sync(&sdata->u.ap.request_smps_work);
++ break;
++ default:
++ break;
++ }
- void rtl_init_rfkill(struct ieee80211_hw *hw)
- {
-@@ -440,6 +442,7 @@ void rtl_deinit_rfkill(struct ieee80211_
+ /*
+ * Remove all stations associated with this interface.
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m
{
- wiphy_rfkill_stop_polling(hw->wiphy);
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_rfkill);
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- int rtl_init_core(struct ieee80211_hw *hw)
- {
-@@ -490,10 +493,12 @@ int rtl_init_core(struct ieee80211_hw *h
+- if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
++ if (is_multicast_ether_addr(hdr->addr1))
+ return 0;
- return 0;
+- return ieee80211_is_robust_mgmt_frame(hdr);
++ return ieee80211_is_robust_mgmt_frame(skb);
}
-+EXPORT_SYMBOL_GPL(rtl_init_core);
- void rtl_deinit_core(struct ieee80211_hw *hw)
- {
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_core);
- void rtl_init_rx_config(struct ieee80211_hw *hw)
+@@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust
{
-@@ -502,6 +507,7 @@ void rtl_init_rx_config(struct ieee80211
-
- rtlpriv->cfg->ops->get_hw_reg(hw, HW_VAR_RCR, (u8 *) (&mac->rx_conf));
- }
-+EXPORT_SYMBOL_GPL(rtl_init_rx_config);
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- /*********************************************************
- *
-@@ -880,6 +886,7 @@ bool rtl_tx_mgmt_proc(struct ieee80211_h
+- if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
++ if (!is_multicast_ether_addr(hdr->addr1))
+ return 0;
- return true;
+- return ieee80211_is_robust_mgmt_frame(hdr);
++ return ieee80211_is_robust_mgmt_frame(skb);
}
-+EXPORT_SYMBOL_GPL(rtl_tx_mgmt_proc);
- void rtl_get_tcb_desc(struct ieee80211_hw *hw,
- struct ieee80211_tx_info *info,
-@@ -1053,6 +1060,7 @@ bool rtl_action_proc(struct ieee80211_hw
- return true;
- }
-+EXPORT_SYMBOL_GPL(rtl_action_proc);
+@@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str
+ if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
+ return -1;
- /*should call before software enc*/
- u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
-@@ -1126,6 +1134,7 @@ u8 rtl_is_special_data(struct ieee80211_
+- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
++ if (!ieee80211_is_robust_mgmt_frame(skb))
+ return -1; /* not a robust management frame */
- return false;
- }
-+EXPORT_SYMBOL_GPL(rtl_is_special_data);
+ mmie = (struct ieee80211_mmie *)
+@@ -1845,8 +1845,7 @@ static int ieee80211_drop_unencrypted_mg
+ * having configured keys.
+ */
+ if (unlikely(ieee80211_is_action(fc) && !rx->key &&
+- ieee80211_is_robust_mgmt_frame(
+- (struct ieee80211_hdr *) rx->skb->data)))
++ ieee80211_is_robust_mgmt_frame(rx->skb)))
+ return -EACCES;
+ }
- /*********************************************************
- *
-@@ -1301,6 +1310,7 @@ void rtl_beacon_statistic(struct ieee802
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc,
+ if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
+ return 0;
- rtlpriv->link_info.bcn_rx_inperiod++;
- }
-+EXPORT_SYMBOL_GPL(rtl_beacon_statistic);
+- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
+- skb->data))
++ if (!ieee80211_is_robust_mgmt_frame(skb))
+ return 0;
- void rtl_watchdog_wq_callback(void *data)
- {
-@@ -1794,6 +1804,7 @@ void rtl_recognize_peer(struct ieee80211
+ return 1;
+@@ -567,7 +566,7 @@ ieee80211_tx_h_select_key(struct ieee802
+ tx->key = key;
+ else if (ieee80211_is_mgmt(hdr->frame_control) &&
+ is_multicast_ether_addr(hdr->addr1) &&
+- ieee80211_is_robust_mgmt_frame(hdr) &&
++ ieee80211_is_robust_mgmt_frame(tx->skb) &&
+ (key = rcu_dereference(tx->sdata->default_mgmt_key)))
+ tx->key = key;
+ else if (is_multicast_ether_addr(hdr->addr1) &&
+@@ -582,12 +581,12 @@ ieee80211_tx_h_select_key(struct ieee802
+ tx->key = NULL;
+ else if (tx->skb->protocol == tx->sdata->control_port_protocol)
+ tx->key = NULL;
+- else if (ieee80211_is_robust_mgmt_frame(hdr) &&
++ else if (ieee80211_is_robust_mgmt_frame(tx->skb) &&
+ !(ieee80211_is_action(hdr->frame_control) &&
+ tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
+ tx->key = NULL;
+ else if (ieee80211_is_mgmt(hdr->frame_control) &&
+- !ieee80211_is_robust_mgmt_frame(hdr))
++ !ieee80211_is_robust_mgmt_frame(tx->skb))
+ tx->key = NULL;
+ else {
+ I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
+--- a/net/mac80211/wpa.c
++++ b/net/mac80211/wpa.c
+@@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+ hdrlen = ieee80211_hdrlen(hdr->frame_control);
+
+ if (!ieee80211_is_data(hdr->frame_control) &&
+- !ieee80211_is_robust_mgmt_frame(hdr))
++ !ieee80211_is_robust_mgmt_frame(skb))
+ return RX_CONTINUE;
+
+ data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
+--- a/net/wireless/ap.c
++++ b/net/wireless/ap.c
+@@ -30,6 +30,7 @@ static int __cfg80211_stop_ap(struct cfg
+ wdev->channel = NULL;
+ wdev->ssid_len = 0;
+ rdev_set_qos_map(rdev, dev, NULL);
++ nl80211_send_ap_stopped(wdev);
+ }
- mac->vendor = vendor;
- }
-+EXPORT_SYMBOL_GPL(rtl_recognize_peer);
+ return err;
+--- a/net/wireless/core.c
++++ b/net/wireless/core.c
+@@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg
- /*********************************************************
- *
-@@ -1850,6 +1861,7 @@ struct attribute_group rtl_attribute_gro
- .name = "rtlsysfs",
- .attrs = rtl_sysfs_entries,
- };
-+EXPORT_SYMBOL_GPL(rtl_attribute_group);
+ rdev->opencount--;
- MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
- MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-@@ -1857,7 +1869,8 @@ MODULE_AUTHOR("Larry Finger <Larry.FInge
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Realtek 802.11n PCI wireless core");
+- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
+- !rdev->scan_req->notified);
++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
++ if (WARN_ON(!rdev->scan_req->notified))
++ rdev->scan_req->aborted = true;
++ ___cfg80211_scan_done(rdev, false);
++ }
+ }
--struct rtl_global_var global_var = {};
-+struct rtl_global_var rtl_global_var = {};
-+EXPORT_SYMBOL_GPL(rtl_global_var);
+ static int cfg80211_rfkill_set_block(void *data, bool blocked)
+@@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy)
+ int i;
+ u16 ifmodes = wiphy->interface_modes;
- static int __init rtl_core_module_init(void)
- {
-@@ -1865,8 +1878,8 @@ static int __init rtl_core_module_init(v
- pr_err("Unable to register rtl_rc, use default RC !!\n");
+- /* support for 5/10 MHz is broken due to nl80211 API mess - disable */
+- wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ;
+-
+ /*
+ * There are major locking problems in nl80211/mac80211 for CSA,
+ * disable for all drivers until this has been reworked.
+@@ -875,8 +875,11 @@ static int cfg80211_netdev_notifier_call
+ break;
+ case NETDEV_DOWN:
+ cfg80211_update_iface_num(rdev, wdev->iftype, -1);
+- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
+- !rdev->scan_req->notified);
++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
++ if (WARN_ON(!rdev->scan_req->notified))
++ rdev->scan_req->aborted = true;
++ ___cfg80211_scan_done(rdev, false);
++ }
- /* init some global vars */
-- INIT_LIST_HEAD(&global_var.glb_priv_list);
-- spin_lock_init(&global_var.glb_list_lock);
-+ INIT_LIST_HEAD(&rtl_global_var.glb_priv_list);
-+ spin_lock_init(&rtl_global_var.glb_list_lock);
+ if (WARN_ON(rdev->sched_scan_req &&
+ rdev->sched_scan_req->dev == wdev->netdev)) {
+--- a/net/wireless/core.h
++++ b/net/wireless/core.h
+@@ -62,6 +62,7 @@ struct cfg80211_registered_device {
+ struct rb_root bss_tree;
+ u32 bss_generation;
+ struct cfg80211_scan_request *scan_req; /* protected by RTNL */
++ struct sk_buff *scan_msg;
+ struct cfg80211_sched_scan_request *sched_scan_req;
+ unsigned long suspend_at;
+ struct work_struct scan_done_wk;
+@@ -361,7 +362,8 @@ int cfg80211_validate_key_settings(struc
+ struct key_params *params, int key_idx,
+ bool pairwise, const u8 *mac_addr);
+ void __cfg80211_scan_done(struct work_struct *wk);
+-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev);
++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
++ bool send_message);
+ void __cfg80211_sched_scan_results(struct work_struct *wk);
+ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
+ bool driver_initiated);
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_
+ * We can then retry with the larger buffer.
+ */
+ if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
+- !skb->len &&
++ !skb->len && !state->split &&
+ cb->min_dump_alloc < 4096) {
+ cb->min_dump_alloc = 4096;
++ state->split_start = 0;
+ rtnl_unlock();
+ return 1;
+ }
+@@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b
+ nla_for_each_nested(nl_txq_params,
+ info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
+ rem_txq_params) {
+- nla_parse(tb, NL80211_TXQ_ATTR_MAX,
+- nla_data(nl_txq_params),
+- nla_len(nl_txq_params),
+- txq_params_policy);
++ result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
++ nla_data(nl_txq_params),
++ nla_len(nl_txq_params),
++ txq_params_policy);
++ if (result)
++ goto bad_res;
+ result = parse_txq_params(tb, &txq_params);
+ if (result)
+ goto bad_res;
+@@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf
+
+ nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
+ rem_reg_rules) {
+- nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
+- nla_data(nl_reg_rule), nla_len(nl_reg_rule),
+- reg_rule_policy);
++ r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
++ nla_data(nl_reg_rule), nla_len(nl_reg_rule),
++ reg_rule_policy);
++ if (r)
++ goto bad_reg;
+ r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
+ if (r)
+ goto bad_reg;
+@@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s
+ if (!rdev->ops->scan)
+ return -EOPNOTSUPP;
+
+- if (rdev->scan_req) {
++ if (rdev->scan_req || rdev->scan_msg) {
+ err = -EBUSY;
+ goto unlock;
+ }
+@@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru
+ enum ieee80211_band band;
+ size_t ie_len;
+ struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
++ s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
+
+ if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
+ !rdev->ops->sched_scan_start)
+@@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru
+ if (n_ssids > wiphy->max_sched_scan_ssids)
+ return -EINVAL;
- return 0;
- }
---- a/drivers/net/wireless/rtlwifi/base.h
-+++ b/drivers/net/wireless/rtlwifi/base.h
-@@ -147,7 +147,7 @@ void rtl_recognize_peer(struct ieee80211
- u8 rtl_tid_to_ac(u8 tid);
- extern struct attribute_group rtl_attribute_group;
- void rtl_easy_concurrent_retrytimer_callback(unsigned long data);
--extern struct rtl_global_var global_var;
-+extern struct rtl_global_var rtl_global_var;
- int rtlwifi_rate_mapping(struct ieee80211_hw *hw,
- bool isht, u8 desc_rate, bool first_ampdu);
- bool rtl_tx_mgmt_proc(struct ieee80211_hw *hw, struct sk_buff *skb);
---- a/drivers/net/wireless/rtlwifi/core.c
-+++ b/drivers/net/wireless/rtlwifi/core.c
-@@ -1330,3 +1330,4 @@ const struct ieee80211_ops rtl_ops = {
- .rfkill_poll = rtl_op_rfkill_poll,
- .flush = rtl_op_flush,
- };
-+EXPORT_SYMBOL_GPL(rtl_ops);
---- a/drivers/net/wireless/rtlwifi/debug.c
-+++ b/drivers/net/wireless/rtlwifi/debug.c
-@@ -51,3 +51,4 @@ void rtl_dbgp_flag_init(struct ieee80211
+- if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
++ /*
++ * First, count the number of 'real' matchsets. Due to an issue with
++ * the old implementation, matchsets containing only the RSSI attribute
++ * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
++ * RSSI for all matchsets, rather than their own matchset for reporting
++ * all APs with a strong RSSI. This is needed to be compatible with
++ * older userspace that treated a matchset with only the RSSI as the
++ * global RSSI for all other matchsets - if there are other matchsets.
++ */
++ if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
+ nla_for_each_nested(attr,
+ info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
+- tmp)
+- n_match_sets++;
++ tmp) {
++ struct nlattr *rssi;
++
++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
++ nla_data(attr), nla_len(attr),
++ nl80211_match_policy);
++ if (err)
++ return err;
++ /* add other standalone attributes here */
++ if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
++ n_match_sets++;
++ continue;
++ }
++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
++ if (rssi)
++ default_match_rssi = nla_get_s32(rssi);
++ }
++ }
++
++ /* However, if there's no other matchset, add the RSSI one */
++ if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
++ n_match_sets = 1;
- /*Init Debug flag enable condition */
- }
-+EXPORT_SYMBOL_GPL(rtl_dbgp_flag_init);
---- a/drivers/net/wireless/rtlwifi/efuse.c
-+++ b/drivers/net/wireless/rtlwifi/efuse.c
-@@ -229,6 +229,7 @@ void read_efuse_byte(struct ieee80211_hw
+ if (n_match_sets > wiphy->max_match_sets)
+ return -EINVAL;
+@@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru
+ tmp) {
+ struct nlattr *ssid, *rssi;
+
+- nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
+- nla_data(attr), nla_len(attr),
+- nl80211_match_policy);
++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
++ nla_data(attr), nla_len(attr),
++ nl80211_match_policy);
++ if (err)
++ goto out_free;
+ ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
+ if (ssid) {
++ if (WARN_ON(i >= n_match_sets)) {
++ /* this indicates a programming error,
++ * the loop above should have verified
++ * things properly
++ */
++ err = -EINVAL;
++ goto out_free;
++ }
++
+ if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
+ err = -EINVAL;
+ goto out_free;
+@@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru
+ nla_data(ssid), nla_len(ssid));
+ request->match_sets[i].ssid.ssid_len =
+ nla_len(ssid);
++ /* special attribute - old implemenation w/a */
++ request->match_sets[i].rssi_thold =
++ default_match_rssi;
++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
++ if (rssi)
++ request->match_sets[i].rssi_thold =
++ nla_get_s32(rssi);
+ }
+- rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
+- if (rssi)
+- request->rssi_thold = nla_get_u32(rssi);
+- else
+- request->rssi_thold =
+- NL80211_SCAN_RSSI_THOLD_OFF;
+ i++;
+ }
++
++ /* there was no other matchset, so the RSSI one is alone */
++ if (i == 0)
++ request->match_sets[0].rssi_thold = default_match_rssi;
++
++ request->min_rssi_thold = INT_MAX;
++ for (i = 0; i < n_match_sets; i++)
++ request->min_rssi_thold =
++ min(request->match_sets[i].rssi_thold,
++ request->min_rssi_thold);
++ } else {
++ request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
+ }
- *pbuf = (u8) (value32 & 0xff);
+ if (info->attrs[NL80211_ATTR_IE]) {
+@@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s
+ * directly to the enum ieee80211_band values used in cfg80211.
+ */
+ BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
+- nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
+- {
++ nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
+ enum ieee80211_band band = nla_type(tx_rates);
++ int err;
++
+ if (band < 0 || band >= IEEE80211_NUM_BANDS)
+ return -EINVAL;
+ sband = rdev->wiphy.bands[band];
+ if (sband == NULL)
+ return -EINVAL;
+- nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
+- nla_len(tx_rates), nl80211_txattr_policy);
++ err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
++ nla_len(tx_rates), nl80211_txattr_policy);
++ if (err)
++ return err;
+ if (tb[NL80211_TXRATE_LEGACY]) {
+ mask.control[band].legacy = rateset_to_mask(
+ sband,
+@@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8
+ NL80211_MCGRP_SCAN, GFP_KERNEL);
}
-+EXPORT_SYMBOL_GPL(read_efuse_byte);
- void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf)
+-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev)
++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
++ struct wireless_dev *wdev, bool aborted)
{
---- a/drivers/net/wireless/rtlwifi/pci.c
-+++ b/drivers/net/wireless/rtlwifi/pci.c
-@@ -35,6 +35,13 @@
- #include "efuse.h"
- #include <linux/export.h>
- #include <linux/kmemleak.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("PCI basic driver for rtlwifi");
-
- static const u16 pcibridge_vendors[PCI_BRIDGE_VENDOR_MAX] = {
- PCI_VENDOR_ID_INTEL,
-@@ -1899,7 +1906,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
- rtlpriv->rtlhal.interface = INTF_PCI;
- rtlpriv->cfg = (struct rtl_hal_cfg *)(id->driver_data);
- rtlpriv->intf_ops = &rtl_pci_ops;
-- rtlpriv->glb_var = &global_var;
-+ rtlpriv->glb_var = &rtl_global_var;
-
- /*
- *init dbgp flags before all
---- a/drivers/net/wireless/rtlwifi/ps.c
-+++ b/drivers/net/wireless/rtlwifi/ps.c
-@@ -269,6 +269,7 @@ void rtl_ips_nic_on(struct ieee80211_hw
-
- spin_unlock_irqrestore(&rtlpriv->locks.ips_lock, flags);
- }
-+EXPORT_SYMBOL_GPL(rtl_ips_nic_on);
+ struct sk_buff *msg;
- /*for FW LPS*/
+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!msg)
+- return;
++ return NULL;
-@@ -518,6 +519,7 @@ void rtl_swlps_beacon(struct ieee80211_h
- "u_bufferd: %x, m_buffered: %x\n", u_buffed, m_buffed);
+ if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
+- NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
++ aborted ? NL80211_CMD_SCAN_ABORTED :
++ NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
+ nlmsg_free(msg);
+- return;
++ return NULL;
}
+
+- genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
+- NL80211_MCGRP_SCAN, GFP_KERNEL);
++ return msg;
}
-+EXPORT_SYMBOL_GPL(rtl_swlps_beacon);
- void rtl_swlps_rf_awake(struct ieee80211_hw *hw)
+-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev)
++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
++ struct sk_buff *msg)
{
-@@ -922,3 +924,4 @@ void rtl_p2p_info(struct ieee80211_hw *h
- else
- rtl_p2p_noa_ie(hw, data, len - FCS_LEN);
- }
-+EXPORT_SYMBOL_GPL(rtl_p2p_info);
---- a/drivers/net/wireless/rtlwifi/usb.c
-+++ b/drivers/net/wireless/rtlwifi/usb.c
-@@ -32,6 +32,13 @@
- #include "ps.h"
- #include "rtl8192c/fw_common.h"
- #include <linux/export.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("USB basic driver for rtlwifi");
-
- #define REALTEK_USB_VENQT_READ 0xC0
- #define REALTEK_USB_VENQT_WRITE 0x40
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -72,17 +72,12 @@ struct ath_config {
- /*************************/
-
- #define ATH_TXBUF_RESET(_bf) do { \
-- (_bf)->bf_stale = false; \
- (_bf)->bf_lastbf = NULL; \
- (_bf)->bf_next = NULL; \
- memset(&((_bf)->bf_state), 0, \
- sizeof(struct ath_buf_state)); \
- } while (0)
-
--#define ATH_RXBUF_RESET(_bf) do { \
-- (_bf)->bf_stale = false; \
-- } while (0)
+- struct sk_buff *msg;
-
- /**
- * enum buffer_type - Buffer type flags
- *
-@@ -137,7 +132,8 @@ int ath_descdma_setup(struct ath_softc *
- #define ATH_AGGR_ENCRYPTDELIM 10
- /* minimum h/w qdepth to be sustained to maximize aggregation */
- #define ATH_AGGR_MIN_QDEPTH 2
--#define ATH_AMPDU_SUBFRAME_DEFAULT 32
-+/* minimum h/w qdepth for non-aggregated traffic */
-+#define ATH_NON_AGGR_MIN_QDEPTH 8
-
- #define IEEE80211_SEQ_SEQ_SHIFT 4
- #define IEEE80211_SEQ_MAX 4096
-@@ -174,12 +170,6 @@ int ath_descdma_setup(struct ath_softc *
-
- #define ATH_TX_COMPLETE_POLL_INT 1000
-
--enum ATH_AGGR_STATUS {
-- ATH_AGGR_DONE,
-- ATH_AGGR_BAW_CLOSED,
-- ATH_AGGR_LIMITED,
--};
--
- #define ATH_TXFIFO_DEPTH 8
- struct ath_txq {
- int mac80211_qnum; /* mac80211 queue number, -1 means not mac80211 Q */
-@@ -201,10 +191,10 @@ struct ath_txq {
-
- struct ath_atx_ac {
- struct ath_txq *txq;
-- int sched;
- struct list_head list;
- struct list_head tid_q;
- bool clear_ps_filter;
-+ bool sched;
- };
-
- struct ath_frame_info {
-@@ -212,14 +202,16 @@ struct ath_frame_info {
- int framelen;
- enum ath9k_key_type keytype;
- u8 keyix;
-- u8 retries;
- u8 rtscts_rate;
-+ u8 retries : 7;
-+ u8 baw_tracked : 1;
- };
+- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!msg)
+ return;
- struct ath_buf_state {
- u8 bf_type;
- u8 bfs_paprd;
- u8 ndelim;
-+ bool stale;
- u16 seqno;
- unsigned long bfs_paprd_timestamp;
- };
-@@ -233,7 +225,6 @@ struct ath_buf {
- void *bf_desc; /* virtual addr of desc */
- dma_addr_t bf_daddr; /* physical addr of desc */
- dma_addr_t bf_buf_addr; /* physical addr of data buffer, for DMA */
-- bool bf_stale;
- struct ieee80211_tx_rate rates[4];
- struct ath_buf_state bf_state;
- };
-@@ -241,16 +232,18 @@ struct ath_buf {
- struct ath_atx_tid {
- struct list_head list;
- struct sk_buff_head buf_q;
-+ struct sk_buff_head retry_q;
- struct ath_node *an;
- struct ath_atx_ac *ac;
- unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)];
-- int bar_index;
- u16 seq_start;
- u16 seq_next;
- u16 baw_size;
-- int tidno;
-+ u8 tidno;
- int baw_head; /* first un-acked tx buffer */
- int baw_tail; /* next unused tx buffer slot */
-+
-+ s8 bar_index;
- bool sched;
- bool paused;
- bool active;
-@@ -262,12 +255,13 @@ struct ath_node {
- struct ieee80211_vif *vif; /* interface with which we're associated */
- struct ath_atx_tid tid[IEEE80211_NUM_TIDS];
- struct ath_atx_ac ac[IEEE80211_NUM_ACS];
-- int ps_key;
-
- u16 maxampdu;
- u8 mpdudensity;
-+ s8 ps_key;
-
- bool sleeping;
-+ bool no_ps_filter;
-
- #if defined(CPTCFG_MAC80211_DEBUGFS) && defined(CPTCFG_ATH9K_DEBUGFS)
- struct dentry *node_stat;
-@@ -317,6 +311,7 @@ struct ath_rx {
- struct ath_descdma rxdma;
- struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX];
-
-+ struct ath_buf *buf_hold;
- struct sk_buff *frag;
-
- u32 ampdu_ref;
-@@ -367,6 +362,7 @@ void ath9k_release_buffered_frames(struc
- /********/
-
- struct ath_vif {
-+ struct ath_node mcast_node;
- int av_bslot;
- bool primary_sta_vif;
- __le64 tsf_adjust; /* TSF adjustment for staggered beacons */
---- a/drivers/net/wireless/ath/ath9k/debug.c
-+++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -607,6 +607,28 @@ static ssize_t read_file_xmit(struct fil
- return retval;
+- if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
+- NL80211_CMD_SCAN_ABORTED) < 0) {
+- nlmsg_free(msg);
+- return;
+- }
+-
+ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
+ NL80211_MCGRP_SCAN, GFP_KERNEL);
+ }
+@@ -11673,6 +11726,35 @@ void cfg80211_crit_proto_stopped(struct
}
+ EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
-+static ssize_t print_queue(struct ath_softc *sc, struct ath_txq *txq,
-+ char *buf, ssize_t size)
++void nl80211_send_ap_stopped(struct wireless_dev *wdev)
+{
-+ ssize_t len = 0;
++ struct wiphy *wiphy = wdev->wiphy;
++ struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
++ struct sk_buff *msg;
++ void *hdr;
++
++ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
++ if (!msg)
++ return;
+
-+ ath_txq_lock(sc, txq);
++ hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
++ if (!hdr)
++ goto out;
+
-+ len += snprintf(buf + len, size - len, "%s: %d ",
-+ "qnum", txq->axq_qnum);
-+ len += snprintf(buf + len, size - len, "%s: %2d ",
-+ "qdepth", txq->axq_depth);
-+ len += snprintf(buf + len, size - len, "%s: %2d ",
-+ "ampdu-depth", txq->axq_ampdu_depth);
-+ len += snprintf(buf + len, size - len, "%s: %3d ",
-+ "pending", txq->pending_frames);
-+ len += snprintf(buf + len, size - len, "%s: %d\n",
-+ "stopped", txq->stopped);
++ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
++ nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
++ nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
++ goto out;
+
-+ ath_txq_unlock(sc, txq);
-+ return len;
++ genlmsg_end(msg, hdr);
++
++ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
++ NL80211_MCGRP_MLME, GFP_KERNEL);
++ return;
++ out:
++ nlmsg_free(msg);
+}
+
- static ssize_t read_file_queues(struct file *file, char __user *user_buf,
- size_t count, loff_t *ppos)
+ /* initialisation/exit functions */
+
+ int nl80211_init(void)
+--- a/net/wireless/nl80211.h
++++ b/net/wireless/nl80211.h
+@@ -8,10 +8,10 @@ void nl80211_exit(void);
+ void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
+ void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
+ struct wireless_dev *wdev);
+-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev);
+-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev);
++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
++ struct wireless_dev *wdev, bool aborted);
++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
++ struct sk_buff *msg);
+ void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
+ struct net_device *netdev, u32 cmd);
+ void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
+@@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg
+ enum nl80211_radar_event event,
+ struct net_device *netdev, gfp_t gfp);
+
++void nl80211_send_ap_stopped(struct wireless_dev *wdev);
++
+ void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev);
+
+ #endif /* __NET_WIRELESS_NL80211_H */
+--- a/net/wireless/scan.c
++++ b/net/wireless/scan.c
+@@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct
+ dev->bss_generation++;
+ }
+
+-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev)
++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
++ bool send_message)
{
-@@ -624,24 +646,13 @@ static ssize_t read_file_queues(struct f
+ struct cfg80211_scan_request *request;
+ struct wireless_dev *wdev;
++ struct sk_buff *msg;
+ #ifdef CPTCFG_CFG80211_WEXT
+ union iwreq_data wrqu;
+ #endif
- for (i = 0; i < IEEE80211_NUM_ACS; i++) {
- txq = sc->tx.txq_map[i];
-- len += snprintf(buf + len, size - len, "(%s): ", qname[i]);
--
-- ath_txq_lock(sc, txq);
--
-- len += snprintf(buf + len, size - len, "%s: %d ",
-- "qnum", txq->axq_qnum);
-- len += snprintf(buf + len, size - len, "%s: %2d ",
-- "qdepth", txq->axq_depth);
-- len += snprintf(buf + len, size - len, "%s: %2d ",
-- "ampdu-depth", txq->axq_ampdu_depth);
-- len += snprintf(buf + len, size - len, "%s: %3d ",
-- "pending", txq->pending_frames);
-- len += snprintf(buf + len, size - len, "%s: %d\n",
-- "stopped", txq->stopped);
--
-- ath_txq_unlock(sc, txq);
-+ len += snprintf(buf + len, size - len, "(%s): ", qname[i]);
-+ len += print_queue(sc, txq, buf + len, size - len);
- }
+ ASSERT_RTNL();
-+ len += snprintf(buf + len, size - len, "(CAB): ");
-+ len += print_queue(sc, sc->beacon.cabq, buf + len, size - len);
-+
- if (len > size)
- len = size;
+- request = rdev->scan_req;
++ if (rdev->scan_msg) {
++ nl80211_send_scan_result(rdev, rdev->scan_msg);
++ rdev->scan_msg = NULL;
++ return;
++ }
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -792,6 +792,17 @@ static void ieee80211_sta_find_ibss(stru
++ request = rdev->scan_req;
+ if (!request)
return;
+
+@@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802
+ if (wdev->netdev)
+ cfg80211_sme_scan_done(wdev->netdev);
+
+- if (request->aborted) {
+- nl80211_send_scan_aborted(rdev, wdev);
+- } else {
+- if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
+- /* flush entries from previous scans */
+- spin_lock_bh(&rdev->bss_lock);
+- __cfg80211_bss_expire(rdev, request->scan_start);
+- spin_unlock_bh(&rdev->bss_lock);
+- }
+- nl80211_send_scan_done(rdev, wdev);
++ if (!request->aborted &&
++ request->flags & NL80211_SCAN_FLAG_FLUSH) {
++ /* flush entries from previous scans */
++ spin_lock_bh(&rdev->bss_lock);
++ __cfg80211_bss_expire(rdev, request->scan_start);
++ spin_unlock_bh(&rdev->bss_lock);
}
-+ /* if a fixed bssid and a fixed freq have been provided create the IBSS
-+ * directly and do not waste time scanning
-+ */
-+ if (ifibss->fixed_bssid && ifibss->fixed_channel) {
-+ sdata_info(sdata, "Created IBSS using preconfigured BSSID %pM\n",
-+ bssid);
-+ ieee80211_sta_create_ibss(sdata);
-+ return;
-+ }
++ msg = nl80211_build_scan_msg(rdev, wdev, request->aborted);
+
-+
- ibss_dbg(sdata, "sta_find_ibss: did not try to join ibss\n");
+ #ifdef CPTCFG_CFG80211_WEXT
+ if (wdev->netdev && !request->aborted) {
+ memset(&wrqu, 0, sizeof(wrqu));
+@@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802
- /* Selected IBSS not found in current scan results - try to scan */
---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-@@ -1173,6 +1173,10 @@ skip_ws_det:
- * is_on == 0 means MRC CCK is OFF (more noise imm)
- */
- bool is_on = param ? 1 : 0;
+ rdev->scan_req = NULL;
+ kfree(request);
+
-+ if (ah->caps.rx_chainmask == 1)
-+ break;
-+
- REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
- AR_PHY_MRC_CCK_ENABLE, is_on);
- REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
---- a/drivers/net/wireless/ath/ath9k/recv.c
-+++ b/drivers/net/wireless/ath/ath9k/recv.c
-@@ -42,8 +42,6 @@ static void ath_rx_buf_link(struct ath_s
- struct ath_desc *ds;
- struct sk_buff *skb;
-
-- ATH_RXBUF_RESET(bf);
--
- ds = bf->bf_desc;
- ds->ds_link = 0; /* link to null */
- ds->ds_data = bf->bf_buf_addr;
-@@ -70,6 +68,14 @@ static void ath_rx_buf_link(struct ath_s
- sc->rx.rxlink = &ds->ds_link;
++ if (!send_message)
++ rdev->scan_msg = msg;
++ else
++ nl80211_send_scan_result(rdev, msg);
}
-+static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf)
-+{
-+ if (sc->rx.buf_hold)
-+ ath_rx_buf_link(sc, sc->rx.buf_hold);
-+
-+ sc->rx.buf_hold = bf;
-+}
-+
- static void ath_setdefantenna(struct ath_softc *sc, u32 antenna)
- {
- /* XXX block beacon interrupts */
-@@ -117,7 +123,6 @@ static bool ath_rx_edma_buf_link(struct
-
- skb = bf->bf_mpdu;
-
-- ATH_RXBUF_RESET(bf);
- memset(skb->data, 0, ah->caps.rx_status_len);
- dma_sync_single_for_device(sc->dev, bf->bf_buf_addr,
- ah->caps.rx_status_len, DMA_TO_DEVICE);
-@@ -432,6 +437,7 @@ int ath_startrecv(struct ath_softc *sc)
- if (list_empty(&sc->rx.rxbuf))
- goto start_recv;
-
-+ sc->rx.buf_hold = NULL;
- sc->rx.rxlink = NULL;
- list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) {
- ath_rx_buf_link(sc, bf);
-@@ -677,6 +683,9 @@ static struct ath_buf *ath_get_next_rx_b
+ void __cfg80211_scan_done(struct work_struct *wk)
+@@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st
+ scan_done_wk);
+
+ rtnl_lock();
+- ___cfg80211_scan_done(rdev);
++ ___cfg80211_scan_done(rdev, true);
+ rtnl_unlock();
+ }
+
+@@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev
+ if (IS_ERR(rdev))
+ return PTR_ERR(rdev);
+
+- if (rdev->scan_req) {
++ if (rdev->scan_req || rdev->scan_msg) {
+ err = -EBUSY;
+ goto out;
}
+@@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev
+ if (IS_ERR(rdev))
+ return PTR_ERR(rdev);
- bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list);
-+ if (bf == sc->rx.buf_hold)
-+ return NULL;
-+
- ds = bf->bf_desc;
+- if (rdev->scan_req)
++ if (rdev->scan_req || rdev->scan_msg)
+ return -EAGAIN;
- /*
-@@ -1375,7 +1384,7 @@ requeue:
- if (edma) {
- ath_rx_edma_buf_link(sc, qtype);
- } else {
-- ath_rx_buf_link(sc, bf);
-+ ath_rx_buf_relink(sc, bf);
- ath9k_hw_rxena(ah);
- }
- } while (1);
+ res = ieee80211_scan_results(rdev, info, extra, data->length);
+--- a/net/wireless/sme.c
++++ b/net/wireless/sme.c
+@@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir
+ ASSERT_RDEV_LOCK(rdev);
+ ASSERT_WDEV_LOCK(wdev);
+
+- if (rdev->scan_req)
++ if (rdev->scan_req || rdev->scan_msg)
+ return -EBUSY;
+
+ if (wdev->conn->params.channel)
projects / openwrt.git / blobdiff