X-Git-Url: https://git.archive.openwrt.org/?p=openwrt.git;a=blobdiff_plain;f=package%2Fkernel%2Fmac80211%2Fpatches%2F300-pending_work.patch;h=1a68845aae36657400e4b08dbf077dd023219cb1;hp=95e87fa84c9a70ea74fa09b3ab858625fb0f2bc1;hb=c93aa68a917ba295e67d40465b8de9f02538ed47;hpb=1f352abeec14a62ec3a04a8d3a2425002ccb0c7f diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch index 95e87fa84c..1a68845aae 100644 --- a/package/kernel/mac80211/patches/300-pending_work.patch +++ b/package/kernel/mac80211/patches/300-pending_work.patch @@ -1,7886 +1,3709 @@ ---- a/net/mac80211/agg-rx.c -+++ b/net/mac80211/agg-rx.c -@@ -204,6 +204,8 @@ static void ieee80211_send_addba_resp(st - memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); - else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) - memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN); -+ else if (sdata->vif.type == NL80211_IFTYPE_WDS) -+ memcpy(mgmt->bssid, da, ETH_ALEN); - - mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | - IEEE80211_STYPE_ACTION); ---- a/net/mac80211/agg-tx.c -+++ b/net/mac80211/agg-tx.c -@@ -81,7 +81,8 @@ static void ieee80211_send_addba_request - memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); - if (sdata->vif.type == NL80211_IFTYPE_AP || - sdata->vif.type == NL80211_IFTYPE_AP_VLAN || -- sdata->vif.type == NL80211_IFTYPE_MESH_POINT) -+ sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -+ sdata->vif.type == NL80211_IFTYPE_WDS) - memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); - else if (sdata->vif.type == NL80211_IFTYPE_STATION) - memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); -@@ -527,6 +528,7 @@ int ieee80211_start_tx_ba_session(struct - sdata->vif.type != NL80211_IFTYPE_MESH_POINT && - sdata->vif.type != NL80211_IFTYPE_AP_VLAN && - sdata->vif.type != NL80211_IFTYPE_AP && -+ sdata->vif.type != NL80211_IFTYPE_WDS && - sdata->vif.type != NL80211_IFTYPE_ADHOC) - return -EINVAL; - ---- a/net/mac80211/debugfs_sta.c -+++ b/net/mac80211/debugfs_sta.c -@@ -66,11 +66,11 @@ static ssize_t sta_flags_read(struct fil - test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : "" - - int res = scnprintf(buf, sizeof(buf), -- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", -+ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", - TEST(AUTH), TEST(ASSOC), TEST(PS_STA), - TEST(PS_DRIVER), TEST(AUTHORIZED), - TEST(SHORT_PREAMBLE), -- TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT), -+ TEST(WME), TEST(CLEAR_PS_FILT), - TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL), - TEST(UAPSD), TEST(SP), TEST(TDLS_PEER), - TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT), -@@ -455,6 +455,15 @@ void ieee80211_sta_debugfs_add(struct st - DEBUGFS_ADD_COUNTER(tx_retry_count, tx_retry_count); - DEBUGFS_ADD_COUNTER(wep_weak_iv_count, wep_weak_iv_count); - -+ if (sizeof(sta->driver_buffered_tids) == sizeof(u32)) -+ debugfs_create_x32("driver_buffered_tids", 0400, -+ sta->debugfs.dir, -+ (u32 *)&sta->driver_buffered_tids); -+ else -+ debugfs_create_x64("driver_buffered_tids", 0400, -+ sta->debugfs.dir, -+ (u64 *)&sta->driver_buffered_tids); -+ - drv_sta_add_debugfs(local, sdata, &sta->sta, sta->debugfs.dir); - } +commit 1abdeca3c6fb9cf1f84f85e78ed8d1c33bd69db0 +Author: Felix Fietkau +Date: Fri Feb 28 18:52:56 2014 +0100 + + ath9k_hw: tweak noise immunity thresholds for older chipsets + + Older chipsets are more sensitive to high PHY error counts, and the + current noise immunity thresholds were based on tests run at QCA with + newer chipsets. + + This patch brings back the values from the old ANI implementation for + old chipsets, and it also disables weak signal detection on an earlier + noise immunity level, to improve overall radio stability on affected + devices. + + Signed-off-by: Felix Fietkau + +commit 431e506da5953adc3b65af25f4b90873d528c115 +Author: Felix Fietkau +Date: Fri Feb 28 18:44:13 2014 +0100 + + ath9k_hw: toggle weak signal detection in AP mode on older chipsets + + The commit 80b4205b "ath9k: Fix OFDM weak signal detection for AP mode" + prevented weak signal detection changes from taking effect in AP mode on + all chipsets, claiming it is "not allowed". + + The main reason for not disabling weak signal detection in AP mode is + that typically beacon RSSI is used to track whether it is needed to + boost range, and this is unavailable in AP mode for obvious reasons. + + The problem with not disabling weak signal detection is that older + chipsets are very sensitive to high PHY error counts. When faced with + heavy noise, this can lead to an excessive amount of "Failed to stop + TX DMA" errors in the field. + + Signed-off-by: Felix Fietkau + +commit 98d1a6c5b14688ed030e81b889f607be308e0df9 +Author: Felix Fietkau +Date: Mon Feb 24 22:20:32 2014 +0100 + + ath9k: fix invalid descriptor discarding + + Only set sc->rx.discard_next to rx_stats->rs_more when actually + discarding the current descriptor. + + Also, fix a detection of broken descriptors: + First the code checks if the current descriptor is not done. + Then it checks if the next descriptor is done. + Add a check that afterwards checks the first descriptor again, because + it might have been completed in the mean time. + + This fixes a regression introduced in + commit 723e711356b5a8a95728a890e254e8b0d47b55cf + "ath9k: fix handling of broken descriptors" + + Cc: stable@vger.kernel.org + Reported-by: Marco André Dinis + Signed-off-by: Felix Fietkau + +commit 52a46300e782fe6994466523eb2b0b59091ea59f +Author: Felix Fietkau +Date: Mon Feb 24 11:43:50 2014 +0100 + + ath9k: reduce baseband hang detection false positive rate + + Check if the baseband state remains stable, and add a small delay + between register reads. + + Signed-off-by: Felix Fietkau + +commit 118945bb12082e9d4edddc868d88143164e0f440 +Author: Felix Fietkau +Date: Sat Feb 22 14:55:23 2014 +0100 + + ath5k: set SURVEY_INFO_IN_USE on get_survey + + Only one channel is returned - the one currently being used. + + Signed-off-by: Felix Fietkau + +commit ee41f72476e1ea44283dfe1cbf75b9543a1e15c8 +Author: Felix Fietkau +Date: Sat Feb 22 14:44:52 2014 +0100 + + ath9k: make some hardware reset log messages debug-only + + On some chips, baseband watchdog hangs are more common than others, and + the driver has support for handling them. + Interrupts even after a watchdog hang are also quite common, so there's + not much point in spamming the user's logfiles. + + Signed-off-by: Felix Fietkau + +commit b14fbb554fc65a2e0b5c41a319269b0350f187e7 +Author: Felix Fietkau +Date: Sat Feb 22 14:35:25 2014 +0100 + + ath9k: do not set half/quarter channel flags in AR_PHY_MODE + + 5/10 MHz channel bandwidth is configured via the PLL clock, instead of + the AR_PHY_MODE register. Using that register is AR93xx specific, and + makes the mode incompatible with earlier chipsets. + + In some early versions, these flags were apparently applied at the wrong + point in time and thus did not cause connectivity issues, however now + they are causing problems, as pointed out in this OpenWrt ticket: + + https://dev.openwrt.org/ticket/14916 + + Signed-off-by: Felix Fietkau + +commit 0f1cb7be2551b30b02cd54c897e0e29e483cfda5 +Author: Felix Fietkau +Date: Sat Feb 22 13:43:29 2014 +0100 + + ath9k: fix ps-poll responses under a-mpdu sessions + + When passing tx frames to the U-APSD queue for powersave poll responses, + the ath_atx_tid pointer needs to be passed to ath_tx_setup_buffer for + proper sequence number accounting. + + This fixes high latency and connection stability issues with ath9k + running as AP and a few kinds of mobile phones as client, when PS-Poll + is heavily used + + Cc: stable@vger.kernel.org + Signed-off-by: Felix Fietkau + +commit d5d87a37bbd6066b2c3c5d0bd0fe2a6e2ea45cc5 +Author: Felix Fietkau +Date: Fri Feb 21 11:39:59 2014 +0100 + + ath9k: list more reset causes in debugfs + + Number of MAC hangs and stuck beacons were missing + + Signed-off-by: Felix Fietkau + +commit d84856012e0f10fe598a5ad3b7b869397a089e07 +Author: Johannes Berg +Date: Thu Feb 20 11:19:58 2014 +0100 + + mac80211: fix station wakeup powersave race + + Consider the following (relatively unlikely) scenario: + 1) station goes to sleep while frames are buffered in driver + 2) driver blocks wakeup (until no more frames are buffered) + 3) station wakes up again + 4) driver unblocks wakeup + + In this case, the current mac80211 code will do the following: + 1) WLAN_STA_PS_STA set + 2) WLAN_STA_PS_DRIVER set + 3) - nothing - + 4) WLAN_STA_PS_DRIVER cleared + + As a result, no frames will be delivered to the client, even + though it is awake, until it sends another frame to us that + triggers ieee80211_sta_ps_deliver_wakeup() in sta_ps_end(). + + Since we now take the PS spinlock, we can fix this while at + the same time removing the complexity with the pending skb + queue function. This was broken since my commit 50a9432daeec + ("mac80211: fix powersaving clients races") due to removing + the clearing of WLAN_STA_PS_STA in the RX path. + + While at it, fix a cleanup path issue when a station is + removed while the driver is still blocking its wakeup. + + Signed-off-by: Johannes Berg + +commit 798f2786602cbe93e6b928299614aa36ebf50692 +Author: Johannes Berg +Date: Mon Feb 17 20:49:03 2014 +0100 + + mac80211: insert stations before adding to driver + + There's a race condition in mac80211 because we add stations + to the internal lists after adding them to the driver, which + means that (for example) the following can happen: + 1. a station connects and is added + 2. first, it is added to the driver + 3. then, it is added to the mac80211 lists + + If the station goes to sleep between steps 2 and 3, and the + firmware/hardware records it as being asleep, mac80211 will + never instruct the driver to wake it up again as it never + realized it went to sleep since the RX path discarded the + frame as a "spurious class 3 frame", no station entry was + present yet. + + Fix this by adding the station in software first, and only + then adding it to the driver. That way, any state that the + driver changes will be reflected properly in mac80211's + station state. The problematic part is the roll-back if the + driver fails to add the station, in that case a bit more is + needed. To not make that overly complex prevent starting BA + sessions in the meantime. + + Signed-off-by: Johannes Berg + +commit b9ba6a520cb07ab3aa7aaaf9ce4a0bc7a6bc06fe +Author: Emmanuel Grumbach +Date: Thu Feb 20 09:22:11 2014 +0200 + + mac80211: fix AP powersave TX vs. wakeup race + + There is a race between the TX path and the STA wakeup: while + a station is sleeping, mac80211 buffers frames until it wakes + up, then the frames are transmitted. However, the RX and TX + path are concurrent, so the packet indicating wakeup can be + processed while a packet is being transmitted. + + This can lead to a situation where the buffered frames list + is emptied on the one side, while a frame is being added on + the other side, as the station is still seen as sleeping in + the TX path. + + As a result, the newly added frame will not be send anytime + soon. It might be sent much later (and out of order) when the + station goes to sleep and wakes up the next time. + + Additionally, it can lead to the crash below. + + Fix all this by synchronising both paths with a new lock. + Both path are not fastpath since they handle PS situations. + + In a later patch we'll remove the extra skb queue locks to + reduce locking overhead. + + BUG: unable to handle kernel + NULL pointer dereference at 000000b0 + IP: [] ieee80211_report_used_skb+0x11/0x3e0 [mac80211] + *pde = 00000000 + Oops: 0000 [#1] SMP DEBUG_PAGEALLOC + EIP: 0060:[] EFLAGS: 00210282 CPU: 1 + EIP is at ieee80211_report_used_skb+0x11/0x3e0 [mac80211] + EAX: e5900da0 EBX: 00000000 ECX: 00000001 EDX: 00000000 + ESI: e41d00c0 EDI: e5900da0 EBP: ebe458e4 ESP: ebe458b0 + DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 + CR0: 8005003b CR2: 000000b0 CR3: 25a78000 CR4: 000407d0 + DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 + DR6: ffff0ff0 DR7: 00000400 + Process iperf (pid: 3934, ti=ebe44000 task=e757c0b0 task.ti=ebe44000) + iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command LQ_CMD (#4e), seq: 0x0903, 92 bytes at 3[3]:9 + Stack: + e403b32c ebe458c4 00200002 00200286 e403b338 ebe458cc c10960bb e5900da0 + ff76a6ec ebe458d8 00000000 e41d00c0 e5900da0 ebe458f0 ff6f1b75 e403b210 + ebe4598c ff723dc1 00000000 ff76a6ec e597c978 e403b758 00000002 00000002 + Call Trace: + [] ieee80211_free_txskb+0x15/0x20 [mac80211] + [] invoke_tx_handlers+0x1661/0x1780 [mac80211] + [] ieee80211_tx+0x75/0x100 [mac80211] + [] ieee80211_xmit+0x8f/0xc0 [mac80211] + [] ieee80211_subif_start_xmit+0x4fe/0xe20 [mac80211] + [] dev_hard_start_xmit+0x450/0x950 + [] sch_direct_xmit+0xa9/0x250 + [] __qdisc_run+0x4b/0x150 + [] dev_queue_xmit+0x2c2/0xca0 + + Cc: stable@vger.kernel.org + Reported-by: Yaara Rozenblum + Signed-off-by: Emmanuel Grumbach + Reviewed-by: Stanislaw Gruszka + [reword commit log, use a separate lock] + Signed-off-by: Johannes Berg + +commit 80e419de0dff38436b30d363311c625766193f86 +Author: Inbal Hacohen +Date: Wed Feb 12 09:32:27 2014 +0200 + + cfg80211: bugfix in regulatory user hint process + + After processing hint_user, we would want to schedule the + timeout work only if we are actually waiting to CRDA. This happens + when the status is not "IGNORE" nor "ALREADY_SET". + + Signed-off-by: Inbal Hacohen + Signed-off-by: Johannes Berg + +commit 6514c93afede55284e2cb63359aadedb85884c80 +Author: Jouni Malinen +Date: Tue Feb 18 20:41:08 2014 +0200 + + ath9k: Enable U-APSD AP mode support + + mac80211 handles the actual operations, so ath9k can just indicate + support for this. Based on initial tests, this combination seems to + work fine. + + Signed-off-by: Jouni Malinen + +commit a63caf0a357ad5c1f08d6b7827dc76c451445017 +Author: Stanislaw Gruszka +Date: Wed Feb 19 13:15:17 2014 +0100 + + ath9k: protect tid->sched check + + We check tid->sched without a lock taken on ath_tx_aggr_sleep(). That + is race condition which can result of doing list_del(&tid->list) twice + (second time with poisoned list node) and cause crash like shown below: + + [424271.637220] BUG: unable to handle kernel paging request at 00100104 + [424271.637328] IP: [] ath_tx_aggr_sleep+0x62/0xe0 [ath9k] + ... + [424271.639953] Call Trace: + [424271.639998] [] ? ath9k_get_survey+0x110/0x110 [ath9k] + [424271.640083] [] ath9k_sta_notify+0x42/0x50 [ath9k] + [424271.640177] [] sta_ps_start+0x8f/0x1c0 [mac80211] + [424271.640258] [] ? free_compound_page+0x2e/0x40 + [424271.640346] [] ieee80211_rx_handlers+0x9d5/0x2340 [mac80211] + [424271.640437] [] ? kmem_cache_free+0x1d8/0x1f0 + [424271.640510] [] ? kfree_skbmem+0x34/0x90 + [424271.640578] [] ? put_page+0x2c/0x40 + [424271.640640] [] ? kfree_skbmem+0x34/0x90 + [424271.640706] [] ? kfree_skbmem+0x34/0x90 + [424271.640787] [] ? ieee80211_rx_handlers_result+0x73/0x1d0 [mac80211] + [424271.640897] [] ieee80211_prepare_and_rx_handle+0x520/0xad0 [mac80211] + [424271.641009] [] ? ieee80211_rx_handlers+0x2ed/0x2340 [mac80211] + [424271.641104] [] ? ip_output+0x7e/0xd0 + [424271.641182] [] ieee80211_rx+0x307/0x7c0 [mac80211] + [424271.641266] [] ath_rx_tasklet+0x88e/0xf70 [ath9k] + [424271.641358] [] ? ieee80211_rx+0x1dc/0x7c0 [mac80211] + [424271.641445] [] ath9k_tasklet+0xcb/0x130 [ath9k] + + Bug report: + https://bugzilla.kernel.org/show_bug.cgi?id=70551 + + Reported-and-tested-by: Max Sydorenko + Cc: stable@vger.kernel.org + Signed-off-by: Stanislaw Gruszka + +commit 82ed9e3ccc02797df2ffe4b78127c4cd5f799a41 +Author: Felix Fietkau +Date: Tue Feb 11 15:54:13 2014 +0100 + + mac80211: send control port protocol frames to the VO queue + + Improves reliability of wifi connections with WPA, since authentication + frames are prioritized over normal traffic and also typically exempt + from aggregation. + + Cc: stable@vger.kernel.org + Signed-off-by: Felix Fietkau + +commit d4426800f71e972feaa33e04c5801fc730627bdd +Author: Stanislaw Gruszka +Date: Mon Feb 10 22:38:28 2014 +0100 + + rtl8187: fix regression on MIPS without coherent DMA + + This patch fixes regression caused by commit a16dad77634 "MIPS: Fix + potencial corruption". That commit fixes one corruption scenario in + cost of adding another one, which actually start to cause crashes + on Yeeloong laptop when rtl8187 driver is used. + + For correct DMA read operation on machines without DMA coherence, kernel + have to invalidate cache, such it will refill later with new data that + device wrote to memory, when that data is needed to process. We can only + invalidate full cache line. Hence when cache line includes both dma + buffer and some other data (written in cache, but not yet in main + memory), the other data can not hit memory due to invalidation. That + happen on rtl8187 where struct rtl8187_priv fields are located just + before and after small buffers that are passed to USB layer and DMA + is performed on them. + + To fix the problem we align buffers and reserve space after them to make + them match cache line. + + This patch does not resolve all possible MIPS problems entirely, for + that we have to assure that we always map cache aligned buffers for DMA, + what can be complex or even not possible. But patch fixes visible and + reproducible regression and seems other possible corruptions do not + happen in practice, since Yeeloong laptop works stable without rtl8187 + driver. + + Bug report: + https://bugzilla.kernel.org/show_bug.cgi?id=54391 + + Reported-by: Petr Pisar + Bisected-by: Tom Li + Reported-and-tested-by: Tom Li + Cc: stable@vger.kernel.org + Signed-off-by: Stanislaw Gruszka + +commit e2f141d67ad1e7fe10aaab61811e8a409dfb2442 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:55 2014 +0530 + + ath9k: Calculate IQ-CAL median + + This patch adds a routine to calculate the median IQ correction + values for AR955x, which is used for outlier detection. + The normal method which is used for all other chips is + bypassed for AR955x. + + Signed-off-by: Sujith Manoharan + +commit c52a6fce0820c8d0687443ab86058ae03b478c8f +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:54 2014 +0530 + + ath9k: Expand the IQ coefficient array + + This will be used for storing data for mutiple + IQ calibration runs, for AR955x. + + Signed-off-by: Sujith Manoharan + +commit 034969ff5c2b6431d10e07c1938f0b916da85cc3 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:53 2014 +0530 + + ath9k: Modify IQ calibration for AR955x + + IQ calibration post-processing for AR955x is different + from other chips - instead of just doing it as part + of AGC calibration once, it is triggered 3 times and + a median is determined. This patch adds initial support + for changing the calibration behavior for AR955x. + + Also, to simplify things, a helper routine to issue/poll + AGC calibration is used. + + For non-AR955x chips, the iqcal_idx (which will be used + in subsequent patches) is set to zero. + + Signed-off-by: Sujith Manoharan + +commit 9b1ed6454e6f3511f24266be99b4e403f243f6a8 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:52 2014 +0530 + + ath9k: Fix magnitude/phase calculation + + Incorrect values are programmed in the registers + containing the IQ correction coefficients by the IQ-CAL + post-processing code. Fix this. + + Signed-off-by: Sujith Manoharan + +commit 36f93484f96f79171dcecb67c5ef0c3de22531a6 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:51 2014 +0530 + + ath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes + + Use ar9003_hw_tx_iq_cal_outlier_detection instead. + + Signed-off-by: Sujith Manoharan + +commit 3af09a7f5d21dd5fd15b973ce6a91a575da30417 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:50 2014 +0530 + + ath9k: Check explicitly for IQ calibration + + In chips like AR955x, the initvals contain the information + whether IQ calibration is to be done in the HW when an + AGC calibration is triggered. Check if IQ-CAL is enabled + in the initvals before flagging 'txiqcal_done' as true. + + Signed-off-by: Sujith Manoharan + +commit cb4969634b93c4643a32cc3fbd27d2b288b25771 +Author: Sujith Manoharan +Date: Fri Feb 7 10:29:49 2014 +0530 + + ath9k: Fix IQ cal post processing for SoC + + Calibration data is not reused for SoC chips, so + call ar9003_hw_tx_iq_cal_post_proc() with the correct + argument. The 'is_reusable' flag is currently used + only for PC-OEM chips, but it makes things clearer to + specify it explicity. + + Signed-off-by: Sujith Manoharan + +commit e138e0ef9560c46ce93dbb22a728a57888e94d1c +Author: Sujith Manoharan +Date: Mon Feb 3 13:31:37 2014 +0530 + + ath9k: Fix TX power calculation + + The commit, "ath9k_hw: Fix incorrect Tx control power in AR9003 template" + fixed the incorrect values in the eeprom templates, but if + boards have already been calibrated with incorrect values, + they would still be using the wrong TX power. Fix this by assigning + a default value in such cases. + + Cc: Rajkumar Manoharan + Signed-off-by: Sujith Manoharan + +commit b9f268b5b01331c3c82179abca551429450e9417 +Author: Michal Kazior +Date: Wed Jan 29 14:22:27 2014 +0100 + + cfg80211: consider existing DFS interfaces + + It was possible to break interface combinations in + the following way: + + combo 1: iftype = AP, num_ifaces = 2, num_chans = 2, + combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20 + + With the above interface combinations it was + possible to: + + step 1. start AP on DFS channel by matching combo 2 + step 2. start AP on non-DFS channel by matching combo 1 + + This was possible beacuse (step 2) did not consider + if other interfaces require radar detection. + + The patch changes how cfg80211 tracks channels - + instead of channel itself now a complete chandef + is stored. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit bc9c62f5f511cc395c62dbf4cdd437f23db53b28 +Author: Antonio Quartulli +Date: Wed Jan 29 17:53:43 2014 +0100 + + cfg80211: fix channel configuration in IBSS join + + When receiving an IBSS_JOINED event select the BSS object + based on the {bssid, channel} couple rather than the bssid + only. + With the current approach if another cell having the same + BSSID (but using a different channel) exists then cfg80211 + picks up the wrong BSS object. + The result is a mismatching channel configuration between + cfg80211 and the driver, that can lead to any sort of + problem. + + The issue can be triggered by having an IBSS sitting on + given channel and then asking the driver to create a new + cell using the same BSSID but with a different frequency. + By passing the channel to cfg80211_get_bss() we can solve + this ambiguity and retrieve/create the correct BSS object. + All the users of cfg80211_ibss_joined() have been changed + accordingly. + + Moreover WARN when cfg80211_ibss_joined() gets a NULL + channel as argument and remove a bogus call of the same + function in ath6kl (it does not make sense to call + cfg80211_ibss_joined() with a zero BSSID on ibss-leave). + + Cc: Kalle Valo + Cc: Arend van Spriel + Cc: Bing Zhao + Cc: Jussi Kivilinna + Cc: libertas-dev@lists.infradead.org + Acked-by: Kalle Valo + Signed-off-by: Antonio Quartulli + [minor code cleanup in ath6kl] + Signed-off-by: Johannes Berg + +commit 7e0c41cb41f215aba2c39b1c237bb4d42ec49a85 +Author: Johannes Berg +Date: Fri Jan 24 14:41:44 2014 +0100 + + mac80211: fix bufferable MMPDU RX handling + + Action, disassoc and deauth frames are bufferable, and as such don't + have the PM bit in the frame control field reserved which means we + need to react to the bit when receiving in such a frame. + + Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu() + and using it for the RX path that currently ignores the PM bit in + any non-data frames for doze->wake transitions, but listens to it in + all frames for wake->doze transitions, both of which are wrong. + + Also use the new helper in the TX path to clean up the code. + + Signed-off-by: Johannes Berg + +commit fc0df6d2343636e3f48a069330d5b972e3d8659d +Author: Janusz Dziedzic +Date: Fri Jan 24 14:29:21 2014 +0100 + + cfg80211: set preset_chandef after channel switch + + Set preset_chandef in channel switch notification. + In other case we will have old preset_chandef. + + Signed-off-by: Janusz Dziedzic + Signed-off-by: Johannes Berg + +commit cdec895e2344987ff171cece96e25d7407a3ebf6 +Author: Simon Wunderlich +Date: Fri Jan 24 23:48:29 2014 +0100 + + mac80211: send ibss probe responses with noack flag + + Responding to probe requests for scanning clients will often create + excessive retries, as it happens quite often that the scanning client + already left the channel. Therefore do it like hostapd and send probe + responses for wildcard SSID only once by using the noack flag. + + Signed-off-by: Simon Wunderlich + [fix typo & 'wildcard SSID' in commit log] + Signed-off-by: Johannes Berg + +commit 0b865d1e6b9c05052adae9315df7cb195dc60c3b +Author: Luciano Coelho +Date: Tue Jan 28 17:09:08 2014 +0200 + + mac80211: ibss: remove unnecessary call to release channel + + The ieee80211_vif_use_channel() function calls + ieee80211_vif_release_channel(), so there's no need to call it + explicitly in __ieee80211_sta_join_ibss(). + + Signed-off-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit e1b6c17e971f0a51ff86c2dac2584c63cd999cd7 +Author: Michal Kazior +Date: Wed Jan 29 07:56:21 2014 +0100 + + mac80211: add missing CSA locking + + The patch adds a missing sdata lock and adds a few + lockdeps for easier maintenance. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit ad17ba7d14d225b109b73c177cd446afb8050598 +Author: Michal Kazior +Date: Wed Jan 29 07:56:20 2014 +0100 + + mac80211: fix sdata->radar_required locking + + radar_required setting wasn't protected by + local->mtx in some places. This should prevent + from scanning/radar detection/roc colliding. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit 5fcd5f1808813a3d9e502fd756e01bee8a79c85d +Author: Michal Kazior +Date: Wed Jan 29 07:56:19 2014 +0100 + + mac80211: move csa_active setting in STA CSA + + The sdata->vif.csa_active could be left set after, + e.g. channel context constraints check fail in STA + mode leaving the interface in a strange state for + a brief period of time until it is disconnected. + This was harmless but ugly. + + Signed-off-by: Michal Kazior + Reviewed-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit e486da4b7eed71821c6b4c1bb9ac62ffd3ab13e9 +Author: Michal Kazior +Date: Wed Jan 29 07:56:18 2014 +0100 + + mac80211: fix possible memory leak on AP CSA failure + + If CSA for AP interface failed and the interface + was not stopped afterwards another CSA request + would leak sdata->u.ap.next_beacon. + + Signed-off-by: Michal Kazior + Reviewed-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit 3a77ba08940682bf3d52cf14f980337324af9d4a +Author: Johannes Berg +Date: Sat Feb 1 00:33:29 2014 +0100 + + mac80211: fix fragmentation code, particularly for encryption + + The "new" fragmentation code (since my rewrite almost 5 years ago) + erroneously sets skb->len rather than using skb_trim() to adjust + the length of the first fragment after copying out all the others. + This leaves the skb tail pointer pointing to after where the data + originally ended, and thus causes the encryption MIC to be written + at that point, rather than where it belongs: immediately after the + data. + + The impact of this is that if software encryption is done, then + a) encryption doesn't work for the first fragment, the connection + becomes unusable as the first fragment will never be properly + verified at the receiver, the MIC is practically guaranteed to + be wrong + b) we leak up to 8 bytes of plaintext (!) of the packet out into + the air + + This is only mitigated by the fact that many devices are capable + of doing encryption in hardware, in which case this can't happen + as the tail pointer is irrelevant in that case. Additionally, + fragmentation is not used very frequently and would normally have + to be configured manually. + + Fix this by using skb_trim() properly. + + Cc: stable@vger.kernel.org + Fixes: 2de8e0d999b8 ("mac80211: rewrite fragmentation") + Reported-by: Jouni Malinen + Signed-off-by: Johannes Berg + +commit de5f242e0c10e841017e37eb8c38974a642dbca8 +Author: Sujith Manoharan +Date: Tue Jan 28 06:21:59 2014 +0530 + + ath9k: Fix build error on ARM + + Use mdelay instead of udelay to fix this error: + + ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined! + make[1]: *** [__modpost] Error 1 + make: *** [modules] Error 2 + + Reported-by: Josh Boyer + Signed-off-by: Sujith Manoharan + +commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a +Author: Geert Uytterhoeven +Date: Sun Jan 26 11:53:21 2014 +0100 + + ath9k: Fix uninitialized variable in ath9k_has_tx_pending() + + drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’: + drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function + + Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k: + optimize ath9k_flush"). + + Signed-off-by: Geert Uytterhoeven + +commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6 +Author: Emmanuel Grumbach +Date: Mon Jan 27 11:07:42 2014 +0200 + + mac80211: release the channel in error path in start_ap + + When the driver cannot start the AP or when the assignement + of the beacon goes wrong, we need to unassign the vif. + + Cc: stable@vger.kernel.org + Signed-off-by: Emmanuel Grumbach + Signed-off-by: Johannes Berg + +commit dfb6889a75c601aedb7450b7e606668e77da6679 +Author: Johannes Berg +Date: Wed Jan 22 11:14:19 2014 +0200 + + cfg80211: send scan results from work queue + + Due to the previous commit, when a scan finishes, it is in theory + possible to hit the following sequence: + 1. interface starts being removed + 2. scan is cancelled by driver and cfg80211 is notified + 3. scan done work is scheduled + 4. interface is removed completely, rdev->scan_req is freed, + event sent to userspace but scan done work remains pending + 5. new scan is requested on another virtual interface + 6. scan done work runs, freeing the still-running scan + + To fix this situation, hang on to the scan done message and block + new scans while that is the case, and only send the message from + the work function, regardless of whether the scan_req is already + freed from interface removal. This makes step 5 above impossible + and changes step 6 to be + 5. scan done work runs, sending the scan done message + + As this can't work for wext, so we send the message immediately, + but this shouldn't be an issue since we still return -EBUSY. + + Signed-off-by: Johannes Berg + +commit 45b7ab41fc08627d9a8428cb413d5d84662a9707 +Author: Johannes Berg +Date: Wed Jan 22 11:14:18 2014 +0200 + + cfg80211: fix scan done race + + When an interface/wdev is removed, any ongoing scan should be + cancelled by the driver. This will make it call cfg80211, which + only queues a work struct. If interface/wdev removal is quick + enough, this can leave the scan request pending and processed + only after the interface is gone, causing a use-after-free. + + Fix this by making sure the scan request is not pending after + the interface is destroyed. We can't flush or cancel the work + item due to locking concerns, but when it'll run it shouldn't + find anything to do. This leaves a potential issue, if a new + scan gets requested before the work runs, it prematurely stops + the running scan, potentially causing another crash. I'll fix + that in the next patch. + + This was particularly observed with P2P_DEVICE wdevs, likely + because freeing them is quicker than freeing netdevs. + + Reported-by: Andrei Otcheretianski + Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans") + Signed-off-by: Johannes Berg + +commit ae04fa489ab31b5a10d3cc8399f52761175d4321 +Author: Emmanuel Grumbach +Date: Thu Jan 23 14:28:16 2014 +0200 + + mac80211: avoid deadlock revealed by lockdep + + sdata->u.ap.request_smps_work can’t be flushed synchronously + under wdev_lock(wdev) since ieee80211_request_smps_ap_work + itself locks the same lock. + While at it, reset the driver_smps_mode when the ap is + stopped to its default: OFF. + + This solves: + + ====================================================== + [ INFO: possible circular locking dependency detected ] + 3.12.0-ipeer+ #2 Tainted: G O + ------------------------------------------------------- + rmmod/2867 is trying to acquire lock: + ((&sdata->u.ap.request_smps_work)){+.+...}, at: [] flush_work+0x0/0x90 + + but task is already holding lock: + (&wdev->mtx){+.+.+.}, at: [] cfg80211_stop_ap+0x26/0x230 [cfg80211] + + which lock already depends on the new lock. + + the existing dependency chain (in reverse order) is: + + -> #1 (&wdev->mtx){+.+.+.}: + [] lock_acquire+0x79/0xe0 + [] mutex_lock_nested+0x4a/0x360 + [] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211] + [] process_one_work+0x198/0x450 + [] worker_thread+0xf9/0x320 + [] kthread+0x9f/0xb0 + [] ret_from_kernel_thread+0x1b/0x28 + + -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}: + [] __lock_acquire+0x183f/0x1910 + [] lock_acquire+0x79/0xe0 + [] flush_work+0x47/0x90 + [] __cancel_work_timer+0x67/0xe0 + [] cancel_work_sync+0xf/0x20 + [] ieee80211_stop_ap+0x8c/0x340 [mac80211] + [] cfg80211_stop_ap+0x8c/0x230 [cfg80211] + [] cfg80211_leave+0x79/0x100 [cfg80211] + [] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211] + [] notifier_call_chain+0x59/0x130 + [] __raw_notifier_call_chain+0x1e/0x30 + [] raw_notifier_call_chain+0x1f/0x30 + [] call_netdevice_notifiers_info+0x33/0x70 + [] call_netdevice_notifiers+0x13/0x20 + [] __dev_close_many+0x34/0xb0 + [] dev_close_many+0x6e/0xc0 + [] rollback_registered_many+0xa7/0x1f0 + [] unregister_netdevice_many+0x14/0x60 + [] ieee80211_remove_interfaces+0xe9/0x170 [mac80211] + [] ieee80211_unregister_hw+0x56/0x110 [mac80211] + [] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm] + [] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi] + [] iwl_opmode_deregister+0x6f/0x90 [iwlwifi] + [] __exit_compat+0xd/0x19 [iwlmvm] + [] SyS_delete_module+0x179/0x2b0 + [] sysenter_do_call+0x12/0x32 + + Fixes: 687da132234f ("mac80211: implement SMPS for AP") + Cc: [3.13] + Reported-by: Ilan Peer + Signed-off-by: Emmanuel Grumbach + Signed-off-by: Johannes Berg + +commit 178b205e96217164fd7c30113464250d0b6f5eca +Author: Johannes Berg +Date: Thu Jan 23 16:32:29 2014 +0100 + + cfg80211: re-enable 5/10 MHz support + + Unfortunately I forgot this during the merge window, but the + patch seems small enough to go in as a fix. The userspace API + bug that was the reason for disabling it has long been fixed. + + Signed-off-by: Johannes Berg + +commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61 +Author: Pontus Fuchs +Date: Thu Jan 16 15:00:40 2014 +0100 + + nl80211: Reset split_start when netlink skb is exhausted + + When the netlink skb is exhausted split_start is left set. In the + subsequent retry, with a larger buffer, the dump is continued from the + failing point instead of from the beginning. + + This was causing my rt28xx based USB dongle to now show up when + running "iw list" with an old iw version without split dump support. + + Cc: stable@vger.kernel.org + Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps") + Signed-off-by: Pontus Fuchs + [avoid the entire workaround when state->split is set] + Signed-off-by: Johannes Berg + +commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4 +Author: Eliad Peller +Date: Sun Jan 12 11:06:37 2014 +0200 + + mac80211: move roc cookie assignment earlier + + ieee80211_start_roc_work() might add a new roc + to existing roc, and tell cfg80211 it has already + started. + + However, this might happen before the roc cookie + was set, resulting in REMAIN_ON_CHANNEL (started) + event with null cookie. Consequently, it can make + wpa_supplicant go out of sync. + + Fix it by setting the roc cookie earlier. + + Cc: stable@vger.kernel.org + Signed-off-by: Eliad Peller + Signed-off-by: Johannes Berg + +commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c +Author: Johannes Berg +Date: Fri Jan 24 14:06:29 2014 +0100 + + nl80211: send event when AP operation is stopped + + There are a few cases, e.g. suspend, where an AP interface is + stopped by the kernel rather than by userspace request, most + commonly when suspending. To let userspace know about this, + send the NL80211_CMD_STOP_AP command as an event every time + an AP interface is stopped. This also happens when userspace + did in fact request the AP stop, but that's not a problem. + + For full-MAC drivers this may need to be extended to also + cover cases where the device stopped the AP operation for + some reason, this a bit more complicated because then all + cfg80211 state also needs to be reset; such API is not part + of this patch. + + Signed-off-by: Johannes Berg + +commit d5d567eda7704f190379ca852a8f9a4112e3eee3 +Author: Johannes Berg +Date: Thu Jan 23 16:20:29 2014 +0100 + + mac80211: add length check in ieee80211_is_robust_mgmt_frame() + + A few places weren't checking that the frame passed to the + function actually has enough data even though the function + clearly documents it must have a payload byte. Make this + safer by changing the function to take an skb and checking + the length inside. The old version is preserved for now as + the rtl* drivers use it and don't have a correct skb. + + Signed-off-by: Johannes Berg + +commit f8f6d212a047fc65c7d3442dfc038f65517236fc +Author: Johannes Berg +Date: Fri Jan 24 10:53:53 2014 +0100 + + nl80211: fix scheduled scan RSSI matchset attribute confusion + + The scheduled scan matchsets were intended to be a list of filters, + with the found BSS having to pass at least one of them to be passed + to the host. When the RSSI attribute was added, however, this was + broken and currently wpa_supplicant adds that attribute in its own + matchset; however, it doesn't intend that to mean that anything + that passes the RSSI filter should be passed to the host, instead + it wants it to mean that everything needs to also have higher RSSI. + + This is semantically problematic because we have a list of filters + like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which + one should be OR'ed and which one AND'ed. + + To fix this, move the RSSI filter attribute into each matchset. As + we need to stay backward compatible, treat a matchset with only the + RSSI attribute as a "default RSSI filter" for all other matchsets, + but only if there are other matchsets (an RSSI-only matchset by + itself is still desirable.) + + To make driver implementation easier, keep a global min_rssi_thold + for the entire request as well. The only affected driver is ath6kl. + + I found this when I looked into the code after Raja Mani submitted + a patch fixing the n_match_sets calculation to disregard the RSSI, + but that patch didn't address the semantic issue. + + Reported-by: Raja Mani + Acked-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit de553e8545e65a6dc4e45f43df7e1443d4291922 +Author: Johannes Berg +Date: Fri Jan 24 10:17:47 2014 +0100 + + nl80211: check nla_parse() return values + + If there's a policy, then nla_parse() return values must be + checked, otherwise the policy is useless and there's nothing + that ensures the attributes are actually what we expect them + to be. + + Signed-off-by: Johannes Berg + +commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1 +Author: Karl Beldan +Date: Thu Jan 23 20:06:34 2014 +0100 + + mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec + + ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of + the BA parameters. In the discussion [1] about this patch, Johannes + recalled that it fixed some races with the DELBA and indeed this + behavior was introduced in [2]. + While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on + their BA params TID AC violates the spec and is more a workaround for + some drivers. Helmut expressed some concerns wrt such drivers, in + particular DELBAs in rt2x00. + + ATM, DELBAs are sent after a driver has called (hence "purposely") + ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some + details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_* + given to the driver ampdu_action supposed to call this function, which + could prove handy to people trying to do the right thing in faulty + drivers (if their fw/hw don't get in their way). + + [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com + [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames") + + Signed-off-by: Karl Beldan + Cc: Helmut Schaa + Cc: Emmanuel Grumbach + Signed-off-by: Johannes Berg +--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c ++++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c +@@ -790,7 +790,7 @@ void ath6kl_cfg80211_connect_event(struc + if (nw_type & ADHOC_NETWORK) { + ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "ad-hoc %s selected\n", + nw_type & ADHOC_CREATOR ? "creator" : "joiner"); +- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(vif->ndev, bssid, chan, GFP_KERNEL); + cfg80211_put_bss(ar->wiphy, bss); + return; + } +@@ -861,13 +861,9 @@ void ath6kl_cfg80211_disconnect_event(st + } ---- a/net/mac80211/iface.c -+++ b/net/mac80211/iface.c -@@ -274,6 +274,12 @@ static int ieee80211_check_concurrent_if - if (iftype == NL80211_IFTYPE_ADHOC && - nsdata->vif.type == NL80211_IFTYPE_ADHOC) - return -EBUSY; -+ /* -+ * will not add another interface while any channel -+ * switch is active. -+ */ -+ if (nsdata->vif.csa_active) -+ return -EBUSY; - - /* - * The remaining checks are only performed for interfaces -@@ -463,7 +469,6 @@ int ieee80211_do_open(struct wireless_de - struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); - struct net_device *dev = wdev->netdev; - struct ieee80211_local *local = sdata->local; -- struct sta_info *sta; - u32 changed = 0; - int res; - u32 hw_reconf_flags = 0; -@@ -629,30 +634,8 @@ int ieee80211_do_open(struct wireless_de - - set_bit(SDATA_STATE_RUNNING, &sdata->state); - -- if (sdata->vif.type == NL80211_IFTYPE_WDS) { -- /* Create STA entry for the WDS peer */ -- sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr, -- GFP_KERNEL); -- if (!sta) { -- res = -ENOMEM; -- goto err_del_interface; -- } -- -- sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); -- sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); -- sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); -- -- res = sta_info_insert(sta); -- if (res) { -- /* STA has been freed */ -- goto err_del_interface; + if (vif->nw_type & ADHOC_NETWORK) { +- if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) { ++ if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) + ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, + "%s: ath6k not in ibss mode\n", __func__); +- return; - } -- -- rate_control_rate_init(sta); -- netif_carrier_on(dev); -- } else if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) { -+ if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) - rcu_assign_pointer(local->p2p_sdata, sdata); -- } - - /* - * set_multicast_list will be invoked by the networking core -@@ -809,6 +792,8 @@ static void ieee80211_do_stop(struct iee - cancel_work_sync(&local->dynamic_ps_enable_work); +- memset(bssid, 0, ETH_ALEN); +- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL); + return; + } - cancel_work_sync(&sdata->recalc_smps); -+ sdata->vif.csa_active = false; -+ cancel_work_sync(&sdata->csa_finalize_work); +@@ -3256,6 +3252,15 @@ static int ath6kl_cfg80211_sscan_start(s + struct ath6kl_vif *vif = netdev_priv(dev); + u16 interval; + int ret, rssi_thold; ++ int n_match_sets = request->n_match_sets; ++ ++ /* ++ * If there's a matchset w/o an SSID, then assume it's just for ++ * the RSSI (nothing else is currently supported) and ignore it. ++ * The device only supports a global RSSI filter that we set below. ++ */ ++ if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len) ++ n_match_sets = 0; + + if (ar->state != ATH6KL_STATE_ON) + return -EIO; +@@ -3268,11 +3273,11 @@ static int ath6kl_cfg80211_sscan_start(s + ret = ath6kl_set_probed_ssids(ar, vif, request->ssids, + request->n_ssids, + request->match_sets, +- request->n_match_sets); ++ n_match_sets); + if (ret < 0) + return ret; - cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); +- if (!request->n_match_sets) { ++ if (!n_match_sets) { + ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx, + ALL_BSS_FILTER, 0); + if (ret < 0) +@@ -3286,12 +3291,12 @@ static int ath6kl_cfg80211_sscan_start(s + + if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD, + ar->fw_capabilities)) { +- if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF) ++ if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF) + rssi_thold = 0; +- else if (request->rssi_thold < -127) ++ else if (request->min_rssi_thold < -127) + rssi_thold = -127; + else +- rssi_thold = request->rssi_thold; ++ rssi_thold = request->min_rssi_thold; -@@ -1116,6 +1101,74 @@ static void ieee80211_if_setup(struct ne - dev->destructor = free_netdev; - } + ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx, + rssi_thold); +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at + if (AR_SREV_9300_20_OR_LATER(ah)) + udelay(50); + else if (AR_SREV_9100(ah)) +- udelay(10000); ++ mdelay(10); + else + udelay(100); -+static void ieee80211_wds_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, -+ struct sk_buff *skb) -+{ -+ struct ieee80211_local *local = sdata->local; -+ struct ieee80211_rx_status *rx_status; -+ struct ieee802_11_elems elems; -+ struct ieee80211_mgmt *mgmt; -+ struct sta_info *sta; -+ size_t baselen; -+ u32 rates = 0; -+ u16 stype; -+ bool new = false; -+ enum ieee80211_band band; -+ struct ieee80211_supported_band *sband; -+ -+ rx_status = IEEE80211_SKB_RXCB(skb); -+ band = rx_status->band; -+ sband = local->hw.wiphy->bands[band]; -+ mgmt = (struct ieee80211_mgmt *) skb->data; -+ stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; -+ -+ if (stype != IEEE80211_STYPE_BEACON) -+ return; -+ -+ baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; -+ if (baselen > skb->len) -+ return; -+ -+ ieee802_11_parse_elems(mgmt->u.probe_resp.variable, -+ skb->len - baselen, false, &elems); -+ -+ rates = ieee80211_sta_get_rates(local, &elems, band, NULL); -+ -+ rcu_read_lock(); -+ -+ sta = sta_info_get(sdata, sdata->u.wds.remote_addr); -+ -+ if (!sta) { -+ rcu_read_unlock(); -+ sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr, -+ GFP_KERNEL); -+ if (!sta) -+ return; -+ -+ new = true; -+ } -+ -+ sta->last_rx = jiffies; -+ sta->sta.supp_rates[band] = rates; -+ -+ if (elems.ht_cap_elem) -+ ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, -+ elems.ht_cap_elem, sta); -+ -+ if (elems.wmm_param) -+ set_sta_flag(sta, WLAN_STA_WME); -+ -+ if (new) { -+ sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); -+ sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); -+ sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); -+ rate_control_rate_init(sta); -+ sta_info_insert_rcu(sta); -+ } -+ -+ rcu_read_unlock(); -+} -+ - static void ieee80211_iface_work(struct work_struct *work) +@@ -1534,7 +1534,7 @@ EXPORT_SYMBOL(ath9k_hw_check_nav); + bool ath9k_hw_check_alive(struct ath_hw *ah) { - struct ieee80211_sub_if_data *sdata = -@@ -1220,6 +1273,9 @@ static void ieee80211_iface_work(struct - break; - ieee80211_mesh_rx_queued_mgmt(sdata, skb); - break; -+ case NL80211_IFTYPE_WDS: -+ ieee80211_wds_rx_queued_mgmt(sdata, skb); -+ break; - default: - WARN(1, "frame for unexpected interface type"); - break; -@@ -1282,6 +1338,7 @@ static void ieee80211_setup_sdata(struct - skb_queue_head_init(&sdata->skb_queue); - INIT_WORK(&sdata->work, ieee80211_iface_work); - INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work); -+ INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work); + int count = 50; +- u32 reg; ++ u32 reg, last_val; - switch (type) { - case NL80211_IFTYPE_P2P_GO: ---- a/net/mac80211/rc80211_minstrel_ht.c -+++ b/net/mac80211/rc80211_minstrel_ht.c -@@ -365,6 +365,14 @@ minstrel_ht_update_stats(struct minstrel - } - } - -+#ifdef CPTCFG_MAC80211_DEBUGFS -+ /* use fixed index if set */ -+ if (mp->fixed_rate_idx != -1) { -+ mi->max_tp_rate = mp->fixed_rate_idx; -+ mi->max_tp_rate2 = mp->fixed_rate_idx; -+ mi->max_prob_rate = mp->fixed_rate_idx; -+ } -+#endif - - mi->stats_update = jiffies; - } -@@ -774,6 +782,11 @@ minstrel_ht_get_rate(void *priv, struct - info->flags |= mi->tx_flags; - minstrel_ht_check_cck_shortpreamble(mp, mi, txrc->short_preamble); + if (AR_SREV_9300(ah)) + return !ath9k_hw_detect_mac_hang(ah); +@@ -1542,9 +1542,13 @@ bool ath9k_hw_check_alive(struct ath_hw + if (AR_SREV_9285_12_OR_LATER(ah)) + return true; -+#ifdef CPTCFG_MAC80211_DEBUGFS -+ if (mp->fixed_rate_idx != -1) -+ return; -+#endif -+ - /* Don't use EAPOL frames for sampling on non-mrr hw */ - if (mp->hw->max_rates == 1 && - txrc->skb->protocol == cpu_to_be16(ETH_P_PAE)) -@@ -781,16 +794,6 @@ minstrel_ht_get_rate(void *priv, struct - else - sample_idx = minstrel_get_sample_rate(mp, mi); - --#ifdef CPTCFG_MAC80211_DEBUGFS -- /* use fixed index if set */ -- if (mp->fixed_rate_idx != -1) { -- mi->max_tp_rate = mp->fixed_rate_idx; -- mi->max_tp_rate2 = mp->fixed_rate_idx; -- mi->max_prob_rate = mp->fixed_rate_idx; -- sample_idx = -1; -- } --#endif -- - mi->total_packets++; ++ last_val = REG_READ(ah, AR_OBS_BUS_1); + do { + reg = REG_READ(ah, AR_OBS_BUS_1); ++ if (reg != last_val) ++ return true; - /* wraparound */ -@@ -804,10 +807,18 @@ minstrel_ht_get_rate(void *priv, struct ++ last_val = reg; + if ((reg & 0x7E7FFFEF) == 0x00702400) + continue; - sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES]; - info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; -+ rate->count = 1; -+ -+ if (sample_idx / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) { -+ int idx = sample_idx % ARRAY_SIZE(mp->cck_rates); -+ rate->idx = mp->cck_rates[idx]; -+ rate->flags = 0; -+ return; -+ } +@@ -1556,6 +1560,8 @@ bool ath9k_hw_check_alive(struct ath_hw + default: + return true; + } + - rate->idx = sample_idx % MCS_GROUP_RATES + - (sample_group->streams - 1) * MCS_GROUP_RATES; - rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags; -- rate->count = 1; - } ++ udelay(1); + } while (count-- > 0); - static void -@@ -820,6 +831,9 @@ minstrel_ht_update_cck(struct minstrel_p - if (sband->band != IEEE80211_BAND_2GHZ) - return; + return false; +@@ -2051,9 +2057,8 @@ static bool ath9k_hw_set_power_awake(str -+ if (!(mp->hw->flags & IEEE80211_HW_SUPPORTS_HT_CCK_RATES)) -+ return; -+ - mi->cck_supported = 0; - mi->cck_supported_short = 0; - for (i = 0; i < 4; i++) { ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -936,8 +936,14 @@ ieee80211_rx_h_check(struct ieee80211_rx - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; - struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); + REG_SET_BIT(ah, AR_RTC_FORCE_WAKE, + AR_RTC_FORCE_WAKE_EN); +- + if (AR_SREV_9100(ah)) +- udelay(10000); ++ mdelay(10); + else + udelay(50); -- /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ -- if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { -+ /* -+ * Drop duplicate 802.11 retransmissions -+ * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery") -+ */ -+ if (rx->skb->len >= 24 && rx->sta && -+ !ieee80211_is_ctl(hdr->frame_control) && -+ !ieee80211_is_qos_nullfunc(hdr->frame_control) && -+ !is_multicast_ether_addr(hdr->addr1)) { - if (unlikely(ieee80211_has_retry(hdr->frame_control) && - rx->sta->last_seq_ctrl[rx->seqno_idx] == - hdr->seq_ctrl)) { -@@ -2369,6 +2375,7 @@ ieee80211_rx_h_action(struct ieee80211_r - sdata->vif.type != NL80211_IFTYPE_MESH_POINT && - sdata->vif.type != NL80211_IFTYPE_AP_VLAN && - sdata->vif.type != NL80211_IFTYPE_AP && -+ sdata->vif.type != NL80211_IFTYPE_WDS && - sdata->vif.type != NL80211_IFTYPE_ADHOC) - break; +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -451,7 +451,7 @@ void ath9k_tasklet(unsigned long data) + * interrupts are enabled in the reset routine. + */ + atomic_inc(&ah->intr_ref_cnt); +- ath_dbg(common, ANY, "FATAL: Skipping interrupts\n"); ++ ath_dbg(common, RESET, "FATAL: Skipping interrupts\n"); + goto out; + } -@@ -2720,14 +2727,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_ - - if (!ieee80211_vif_is_mesh(&sdata->vif) && - sdata->vif.type != NL80211_IFTYPE_ADHOC && -- sdata->vif.type != NL80211_IFTYPE_STATION) -+ sdata->vif.type != NL80211_IFTYPE_STATION && -+ sdata->vif.type != NL80211_IFTYPE_WDS) - return RX_DROP_MONITOR; - - switch (stype) { - case cpu_to_le16(IEEE80211_STYPE_AUTH): - case cpu_to_le16(IEEE80211_STYPE_BEACON): - case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): -- /* process for all: mesh, mlme, ibss */ -+ /* process for all: mesh, mlme, ibss, wds */ - break; - case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): - case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): -@@ -3008,6 +3016,9 @@ static int prepare_for_handlers(struct i - case NL80211_IFTYPE_ADHOC: - if (!bssid) - return 0; -+ if (ether_addr_equal(sdata->vif.addr, hdr->addr2) || -+ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2)) -+ return 0; - if (ieee80211_is_beacon(hdr->frame_control)) { - return 1; - } else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { -@@ -3059,10 +3070,16 @@ static int prepare_for_handlers(struct i +@@ -471,7 +471,7 @@ void ath9k_tasklet(unsigned long data) + * interrupts are enabled in the reset routine. + */ + atomic_inc(&ah->intr_ref_cnt); +- ath_dbg(common, ANY, ++ ath_dbg(common, RESET, + "BB_WATCHDOG: Skipping interrupts\n"); + goto out; } - break; - case NL80211_IFTYPE_WDS: -- if (bssid || !ieee80211_is_data(hdr->frame_control)) -- return 0; - if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2)) - return 0; -+ -+ if (ieee80211_is_data(hdr->frame_control) || -+ ieee80211_is_action(hdr->frame_control)) { -+ if (compare_ether_addr(sdata->vif.addr, hdr->addr1)) -+ return 0; -+ } else if (!ieee80211_is_beacon(hdr->frame_control)) -+ return 0; -+ - break; - case NL80211_IFTYPE_P2P_DEVICE: - if (!ieee80211_is_public_action(hdr, skb->len) && ---- a/net/mac80211/sta_info.h -+++ b/net/mac80211/sta_info.h -@@ -32,7 +32,6 @@ - * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble - * frames. - * @WLAN_STA_WME: Station is a QoS-STA. -- * @WLAN_STA_WDS: Station is one of our WDS peers. - * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the - * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next - * frame to this station is transmitted. -@@ -66,7 +65,6 @@ enum ieee80211_sta_info_flags { - WLAN_STA_AUTHORIZED, - WLAN_STA_SHORT_PREAMBLE, - WLAN_STA_WME, -- WLAN_STA_WDS, - WLAN_STA_CLEAR_PS_FILT, - WLAN_STA_MFP, - WLAN_STA_BLOCK_BA, ---- a/drivers/net/wireless/ath/ath9k/xmit.c -+++ b/drivers/net/wireless/ath/ath9k/xmit.c -@@ -135,6 +135,9 @@ static struct ath_frame_info *get_frame_ +@@ -484,7 +484,7 @@ void ath9k_tasklet(unsigned long data) + type = RESET_TYPE_TX_GTT; + ath9k_queue_reset(sc, type); + atomic_inc(&ah->intr_ref_cnt); +- ath_dbg(common, ANY, ++ ath_dbg(common, RESET, + "GTT: Skipping interrupts\n"); + goto out; + } +@@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str - static void ath_send_bar(struct ath_atx_tid *tid, u16 seqno) + static bool ath9k_has_tx_pending(struct ath_softc *sc) { -+ if (!tid->an->sta) -+ return; -+ - ieee80211_send_bar(tid->an->vif, tid->an->sta->addr, tid->tidno, - seqno << IEEE80211_SEQ_SEQ_SHIFT); - } -@@ -146,6 +149,93 @@ static void ath_set_rates(struct ieee802 - ARRAY_SIZE(bf->rates)); +- int i, npend; ++ int i, npend = 0; + + for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) { + if (!ATH_TXQ_SETUP(sc, i)) +--- a/drivers/net/wireless/iwlwifi/mvm/scan.c ++++ b/drivers/net/wireless/iwlwifi/mvm/scan.c +@@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid( + * config match list. + */ + for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) { ++ /* skip empty SSID matchsets */ ++ if (!req->match_sets[i].ssid.ssid_len) ++ continue; + scan->direct_scan[i].id = WLAN_EID_SSID; + scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len; + memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid, +--- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c +@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80 + /* During testing, hdr was NULL */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c +@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80 + /* In testing, hdr was NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c +@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80 + /* during testing, hdr was NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c +@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee + /* during testing, hdr could be NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/include/linux/ieee80211.h ++++ b/include/linux/ieee80211.h +@@ -597,6 +597,20 @@ static inline int ieee80211_is_qos_nullf } -+static void ath_txq_skb_done(struct ath_softc *sc, struct ath_txq *txq, -+ struct sk_buff *skb) -+{ -+ int q; -+ -+ q = skb_get_queue_mapping(skb); -+ if (txq == sc->tx.uapsdq) -+ txq = sc->tx.txq_map[q]; -+ -+ if (txq != sc->tx.txq_map[q]) -+ return; -+ -+ if (WARN_ON(--txq->pending_frames < 0)) -+ txq->pending_frames = 0; -+ -+ if (txq->stopped && -+ txq->pending_frames < sc->tx.txq_max_pending[q]) { -+ ieee80211_wake_queue(sc->hw, q); -+ txq->stopped = false; -+ } -+} -+ -+static struct ath_atx_tid * -+ath_get_skb_tid(struct ath_softc *sc, struct ath_node *an, struct sk_buff *skb) -+{ -+ struct ieee80211_hdr *hdr; -+ u8 tidno = 0; -+ -+ hdr = (struct ieee80211_hdr *) skb->data; -+ if (ieee80211_is_data_qos(hdr->frame_control)) -+ tidno = ieee80211_get_qos_ctl(hdr)[0]; -+ -+ tidno &= IEEE80211_QOS_CTL_TID_MASK; -+ return ATH_AN_2_TID(an, tidno); -+} -+ -+static bool ath_tid_has_buffered(struct ath_atx_tid *tid) -+{ -+ return !skb_queue_empty(&tid->buf_q) || !skb_queue_empty(&tid->retry_q); -+} -+ -+static struct sk_buff *ath_tid_dequeue(struct ath_atx_tid *tid) + /** ++ * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU ++ * @fc: frame control field in little-endian byteorder ++ */ ++static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc) +{ -+ struct sk_buff *skb; -+ -+ skb = __skb_dequeue(&tid->retry_q); -+ if (!skb) -+ skb = __skb_dequeue(&tid->buf_q); -+ -+ return skb; ++ /* IEEE 802.11-2012, definition of "bufferable management frame"; ++ * note that this ignores the IBSS special case. */ ++ return ieee80211_is_mgmt(fc) && ++ (ieee80211_is_action(fc) || ++ ieee80211_is_disassoc(fc) || ++ ieee80211_is_deauth(fc)); +} + -+/* -+ * ath_tx_tid_change_state: -+ * - clears a-mpdu flag of previous session -+ * - force sequence number allocation to fix next BlockAck Window ++/** + * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set + * @seq_ctrl: frame sequence control bytes in little-endian byteorder + */ +@@ -2192,10 +2206,10 @@ static inline u8 *ieee80211_get_DA(struc + } + + /** +- * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame ++ * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame + * @hdr: the frame (buffer must include at least the first octet of payload) + */ +-static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) ++static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) + { + if (ieee80211_is_disassoc(hdr->frame_control) || + ieee80211_is_deauth(hdr->frame_control)) +@@ -2224,6 +2238,17 @@ static inline bool ieee80211_is_robust_m + } + + /** ++ * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame ++ * @skb: the skb containing the frame, length will be checked + */ -+static void -+ath_tx_tid_change_state(struct ath_softc *sc, struct ath_atx_tid *tid) ++static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb) +{ -+ struct ath_txq *txq = tid->ac->txq; -+ struct ieee80211_tx_info *tx_info; -+ struct sk_buff *skb, *tskb; -+ struct ath_buf *bf; -+ struct ath_frame_info *fi; -+ -+ skb_queue_walk_safe(&tid->buf_q, skb, tskb) { -+ fi = get_frame_info(skb); -+ bf = fi->bf; -+ -+ tx_info = IEEE80211_SKB_CB(skb); -+ tx_info->flags &= ~IEEE80211_TX_CTL_AMPDU; -+ -+ if (bf) -+ continue; -+ -+ bf = ath_tx_setup_buffer(sc, txq, tid, skb); -+ if (!bf) { -+ __skb_unlink(skb, &tid->buf_q); -+ ath_txq_skb_done(sc, txq, skb); -+ ieee80211_free_txskb(sc->hw, skb); -+ continue; -+ } -+ } -+ ++ if (skb->len < 25) ++ return false; ++ return _ieee80211_is_robust_mgmt_frame((void *)skb->data); +} + - static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid) - { - struct ath_txq *txq = tid->ac->txq; -@@ -160,27 +250,22 @@ static void ath_tx_flush_tid(struct ath_ - - memset(&ts, 0, sizeof(ts)); ++/** + * ieee80211_is_public_action - check if frame is a public action frame + * @hdr: the frame + * @len: length of the frame +--- a/include/net/cfg80211.h ++++ b/include/net/cfg80211.h +@@ -1395,9 +1395,11 @@ struct cfg80211_scan_request { + * struct cfg80211_match_set - sets of attributes to match + * + * @ssid: SSID to be matched ++ * @rssi_thold: don't report scan results below this threshold (in s32 dBm) + */ + struct cfg80211_match_set { + struct cfg80211_ssid ssid; ++ s32 rssi_thold; + }; -- while ((skb = __skb_dequeue(&tid->buf_q))) { -+ while ((skb = __skb_dequeue(&tid->retry_q))) { - fi = get_frame_info(skb); - bf = fi->bf; -- - if (!bf) { -- bf = ath_tx_setup_buffer(sc, txq, tid, skb); -- if (!bf) { -- ieee80211_free_txskb(sc->hw, skb); -- continue; -- } -+ ath_txq_skb_done(sc, txq, skb); -+ ieee80211_free_txskb(sc->hw, skb); -+ continue; - } + /** +@@ -1420,7 +1422,8 @@ struct cfg80211_match_set { + * @dev: the interface + * @scan_start: start time of the scheduled scan + * @channels: channels to scan +- * @rssi_thold: don't report scan results below this threshold (in s32 dBm) ++ * @min_rssi_thold: for drivers only supporting a single threshold, this ++ * contains the minimum over all matchsets + */ + struct cfg80211_sched_scan_request { + struct cfg80211_ssid *ssids; +@@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request { + u32 flags; + struct cfg80211_match_set *match_sets; + int n_match_sets; +- s32 rssi_thold; ++ s32 min_rssi_thold; + + /* internal */ + struct wiphy *wiphy; +@@ -3130,8 +3133,8 @@ struct cfg80211_cached_keys; + * @identifier: (private) Identifier used in nl80211 to identify this + * wireless device if it has no netdev + * @current_bss: (private) Used by the internal configuration code +- * @channel: (private) Used by the internal configuration code to track +- * the user-set AP, monitor and WDS channel ++ * @chandef: (private) Used by the internal configuration code to track ++ * the user-set channel definition. + * @preset_chandef: (private) Used by the internal configuration code to + * track the channel to be used for AP later + * @bssid: (private) Used by the internal configuration code +@@ -3195,9 +3198,7 @@ struct wireless_dev { + + struct cfg80211_internal_bss *current_bss; /* associated / joined */ + struct cfg80211_chan_def preset_chandef; +- +- /* for AP and mesh channel tracking */ +- struct ieee80211_channel *channel; ++ struct cfg80211_chan_def chandef; -- if (fi->retries) { -- list_add_tail(&bf->list, &bf_head); -+ if (fi->baw_tracked) { - ath_tx_update_baw(sc, tid, bf->bf_state.seqno); -- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); - sendbar = true; -- } else { -- ath_set_rates(tid->an->vif, tid->an->sta, bf); -- ath_tx_send_normal(sc, txq, NULL, skb); - } -+ -+ list_add_tail(&bf->list, &bf_head); -+ ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); - } + bool ibss_fixed; + bool ibss_dfs_possible; +@@ -3879,6 +3880,7 @@ void cfg80211_michael_mic_failure(struct + * + * @dev: network device + * @bssid: the BSSID of the IBSS joined ++ * @channel: the channel of the IBSS joined + * @gfp: allocation flags + * + * This function notifies cfg80211 that the device joined an IBSS or +@@ -3888,7 +3890,8 @@ void cfg80211_michael_mic_failure(struct + * with the locally generated beacon -- this guarantees that there is + * always a scan result for this IBSS. cfg80211 will handle the rest. + */ +-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp); ++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel, gfp_t gfp); - if (sendbar) { -@@ -209,13 +294,16 @@ static void ath_tx_update_baw(struct ath - } + /** + * cfg80211_notify_new_candidate - notify cfg80211 of a new mesh peer candidate +--- a/include/uapi/linux/nl80211.h ++++ b/include/uapi/linux/nl80211.h +@@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr { + * enum nl80211_sched_scan_match_attr - scheduled scan match attributes + * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved + * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching, +- * only report BSS with matching SSID. ++ * only report BSS with matching SSID. + * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a +- * BSS in scan results. Filtering is turned off if not specified. ++ * BSS in scan results. Filtering is turned off if not specified. Note that ++ * if this attribute is in a match set of its own, then it is treated as ++ * the default value for all matchsets with an SSID, rather than being a ++ * matchset of its own without an RSSI filter. This is due to problems with ++ * how this API was implemented in the past. Also, due to the same problem, ++ * the only way to create a matchset with only an RSSI filter (with this ++ * attribute) is if there's only a single matchset with the RSSI attribute. + * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter + * attribute number currently defined + * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -107,7 +107,7 @@ static void ieee80211_send_addba_request + mgmt->u.action.u.addba_req.start_seq_num = + cpu_to_le16(start_seq_num << 4); - static void ath_tx_addto_baw(struct ath_softc *sc, struct ath_atx_tid *tid, -- u16 seqno) -+ struct ath_buf *bf) - { -+ struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu); -+ u16 seqno = bf->bf_state.seqno; - int index, cindex; - - index = ATH_BA_INDEX(tid->seq_start, seqno); - cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); - __set_bit(cindex, tid->tx_buf); -+ fi->baw_tracked = 1; - - if (index >= ((tid->baw_tail - tid->baw_head) & - (ATH_TID_MAX_BUFS - 1))) { -@@ -224,12 +312,6 @@ static void ath_tx_addto_baw(struct ath_ - } +- ieee80211_tx_skb_tid(sdata, skb, tid); ++ ieee80211_tx_skb(sdata, skb); } --/* -- * TODO: For frame(s) that are in the retry state, we will reuse the -- * sequence number(s) without setting the retry bit. The -- * alternative is to give up on these and BAR the receiver's window -- * forward. -- */ - static void ath_tid_drain(struct ath_softc *sc, struct ath_txq *txq, - struct ath_atx_tid *tid) - -@@ -243,7 +325,7 @@ static void ath_tid_drain(struct ath_sof - memset(&ts, 0, sizeof(ts)); - INIT_LIST_HEAD(&bf_head); - -- while ((skb = __skb_dequeue(&tid->buf_q))) { -+ while ((skb = ath_tid_dequeue(tid))) { - fi = get_frame_info(skb); - bf = fi->bf; - -@@ -253,14 +335,8 @@ static void ath_tid_drain(struct ath_sof - } + void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn) +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -970,9 +970,9 @@ static int ieee80211_start_ap(struct wip + /* TODO: make hostapd tell us what it wants */ + sdata->smps_mode = IEEE80211_SMPS_OFF; + sdata->needed_rx_chains = sdata->local->rx_chains; +- sdata->radar_required = params->radar_required; + + mutex_lock(&local->mtx); ++ sdata->radar_required = params->radar_required; + err = ieee80211_vif_use_channel(sdata, ¶ms->chandef, + IEEE80211_CHANCTX_SHARED); + mutex_unlock(&local->mtx); +@@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip + IEEE80211_P2P_OPPPS_ENABLE_BIT; + + err = ieee80211_assign_beacon(sdata, ¶ms->beacon); +- if (err < 0) ++ if (err < 0) { ++ ieee80211_vif_release_channel(sdata); + return err; ++ } + changed |= err; - list_add_tail(&bf->list, &bf_head); -- -- ath_tx_update_baw(sc, tid, bf->bf_state.seqno); - ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); + err = drv_start_ap(sdata->local, sdata); +@@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip + if (old) + kfree_rcu(old, rcu_head); + RCU_INIT_POINTER(sdata->u.ap.beacon, NULL); ++ ieee80211_vif_release_channel(sdata); + return err; } -- -- tid->seq_next = tid->seq_start; -- tid->baw_tail = tid->baw_head; -- tid->bar_index = -1; - } - - static void ath_tx_set_retry(struct ath_softc *sc, struct ath_txq *txq, -@@ -323,6 +399,7 @@ static struct ath_buf* ath_clone_txbuf(s - tbf->bf_buf_addr = bf->bf_buf_addr; - memcpy(tbf->bf_desc, bf->bf_desc, sc->sc_ah->caps.tx_desc_len); - tbf->bf_state = bf->bf_state; -+ tbf->bf_state.stale = false; - return tbf; - } -@@ -380,7 +457,6 @@ static void ath_tx_complete_aggr(struct - struct ieee80211_tx_rate rates[4]; - struct ath_frame_info *fi; - int nframes; -- u8 tidno; - bool flush = !!(ts->ts_status & ATH9K_TX_FLUSH); - int i, retries; - int bar_index = -1; -@@ -406,7 +482,7 @@ static void ath_tx_complete_aggr(struct - while (bf) { - bf_next = bf->bf_next; - -- if (!bf->bf_stale || bf_next != NULL) -+ if (!bf->bf_state.stale || bf_next != NULL) - list_move_tail(&bf->list, &bf_head); - - ath_tx_complete_buf(sc, bf, txq, &bf_head, ts, 0); -@@ -417,8 +493,7 @@ static void ath_tx_complete_aggr(struct - } +@@ -1053,6 +1056,7 @@ static int ieee80211_change_beacon(struc + int err; - an = (struct ath_node *)sta->drv_priv; -- tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK; -- tid = ATH_AN_2_TID(an, tidno); -+ tid = ath_get_skb_tid(sc, an, skb); - seq_first = tid->seq_start; - isba = ts->ts_flags & ATH9K_TX_BA; + sdata = IEEE80211_DEV_TO_SUB_IF(dev); ++ sdata_assert_lock(sdata); -@@ -430,7 +505,7 @@ static void ath_tx_complete_aggr(struct - * Only BlockAcks have a TID and therefore normal Acks cannot be - * checked - */ -- if (isba && tidno != ts->tid) -+ if (isba && tid->tidno != ts->tid) - txok = false; - - isaggr = bf_isaggr(bf); -@@ -466,7 +541,8 @@ static void ath_tx_complete_aggr(struct - tx_info = IEEE80211_SKB_CB(skb); - fi = get_frame_info(skb); - -- if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) { -+ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno) || -+ !tid->active) { - /* - * Outside of the current BlockAck window, - * maybe part of a previous session -@@ -499,7 +575,7 @@ static void ath_tx_complete_aggr(struct - * not a holding desc. - */ - INIT_LIST_HEAD(&bf_head); -- if (bf_next != NULL || !bf_last->bf_stale) -+ if (bf_next != NULL || !bf_last->bf_state.stale) - list_move_tail(&bf->list, &bf_head); - - if (!txpending) { -@@ -523,7 +599,7 @@ static void ath_tx_complete_aggr(struct - ieee80211_sta_eosp(sta); - } - /* retry the un-acked ones */ -- if (bf->bf_next == NULL && bf_last->bf_stale) { -+ if (bf->bf_next == NULL && bf_last->bf_state.stale) { - struct ath_buf *tbf; - - tbf = ath_clone_txbuf(sc, bf_last); -@@ -560,7 +636,7 @@ static void ath_tx_complete_aggr(struct - if (an->sleeping) - ieee80211_sta_set_buffered(sta, tid->tidno, true); - -- skb_queue_splice(&bf_pending, &tid->buf_q); -+ skb_queue_splice_tail(&bf_pending, &tid->retry_q); - if (!an->sleeping) { - ath_tx_queue_tid(txq, tid); - -@@ -618,7 +694,7 @@ static void ath_tx_process_buffer(struct - } else - ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok); - -- if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) && !flush) -+ if (!flush) - ath_txq_schedule(sc, txq); - } + /* don't allow changing the beacon while CSA is in place - offset + * of channel switch counter may change +@@ -1080,6 +1084,8 @@ static int ieee80211_stop_ap(struct wiph + struct probe_resp *old_probe_resp; + struct cfg80211_chan_def chandef; -@@ -792,15 +868,20 @@ static int ath_compute_num_delims(struct ++ sdata_assert_lock(sdata); ++ + old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata); + if (!old_beacon) + return -ENOENT; +@@ -1090,8 +1096,6 @@ static int ieee80211_stop_ap(struct wiph + kfree(sdata->u.ap.next_beacon); + sdata->u.ap.next_beacon = NULL; - static struct ath_buf * - ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq, -- struct ath_atx_tid *tid) -+ struct ath_atx_tid *tid, struct sk_buff_head **q) - { -+ struct ieee80211_tx_info *tx_info; - struct ath_frame_info *fi; - struct sk_buff *skb; - struct ath_buf *bf; - u16 seqno; +- cancel_work_sync(&sdata->u.ap.request_smps_work); +- + /* turn off carrier for this interface and dependent VLANs */ + list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) + netif_carrier_off(vlan->dev); +@@ -1103,6 +1107,7 @@ static int ieee80211_stop_ap(struct wiph + kfree_rcu(old_beacon, rcu_head); + if (old_probe_resp) + kfree_rcu(old_probe_resp, rcu_head); ++ sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF; + + __sta_info_flush(sdata, true); + ieee80211_free_keys(sdata, true); +@@ -2638,6 +2643,24 @@ static int ieee80211_start_roc_work(stru + INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work); + INIT_LIST_HEAD(&roc->dependents); - while (1) { -- skb = skb_peek(&tid->buf_q); -+ *q = &tid->retry_q; -+ if (skb_queue_empty(*q)) -+ *q = &tid->buf_q; ++ /* ++ * cookie is either the roc cookie (for normal roc) ++ * or the SKB (for mgmt TX) ++ */ ++ if (!txskb) { ++ /* local->mtx protects this */ ++ local->roc_cookie_counter++; ++ roc->cookie = local->roc_cookie_counter; ++ /* wow, you wrapped 64 bits ... more likely a bug */ ++ if (WARN_ON(roc->cookie == 0)) { ++ roc->cookie = 1; ++ local->roc_cookie_counter++; ++ } ++ *cookie = roc->cookie; ++ } else { ++ *cookie = (unsigned long)txskb; ++ } + -+ skb = skb_peek(*q); - if (!skb) - break; + /* if there's one pending or we're scanning, queue this one */ + if (!list_empty(&local->roc_list) || + local->scanning || local->radar_detect_enabled) +@@ -2772,24 +2795,6 @@ static int ieee80211_start_roc_work(stru + if (!queued) + list_add_tail(&roc->list, &local->roc_list); -@@ -808,13 +889,26 @@ ath_tx_get_tid_subframe(struct ath_softc - bf = fi->bf; - if (!fi->bf) - bf = ath_tx_setup_buffer(sc, txq, tid, skb); -+ else -+ bf->bf_state.stale = false; - - if (!bf) { -- __skb_unlink(skb, &tid->buf_q); -+ __skb_unlink(skb, *q); -+ ath_txq_skb_done(sc, txq, skb); - ieee80211_free_txskb(sc->hw, skb); - continue; - } +- /* +- * cookie is either the roc cookie (for normal roc) +- * or the SKB (for mgmt TX) +- */ +- if (!txskb) { +- /* local->mtx protects this */ +- local->roc_cookie_counter++; +- roc->cookie = local->roc_cookie_counter; +- /* wow, you wrapped 64 bits ... more likely a bug */ +- if (WARN_ON(roc->cookie == 0)) { +- roc->cookie = 1; +- local->roc_cookie_counter++; +- } +- *cookie = roc->cookie; +- } else { +- *cookie = (unsigned long)txskb; +- } +- + return 0; + } + +@@ -3004,8 +3009,10 @@ void ieee80211_csa_finalize_work(struct + if (!ieee80211_sdata_running(sdata)) + goto unlock; -+ bf->bf_next = NULL; -+ bf->bf_lastbf = bf; +- sdata->radar_required = sdata->csa_radar_required; ++ sdata_assert_lock(sdata); + -+ tx_info = IEEE80211_SKB_CB(skb); -+ tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT; -+ if (!(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) { -+ bf->bf_state.bf_type = 0; -+ return bf; -+ } + mutex_lock(&local->mtx); ++ sdata->radar_required = sdata->csa_radar_required; + err = ieee80211_vif_change_channel(sdata, &changed); + mutex_unlock(&local->mtx); + if (WARN_ON(err < 0)) +@@ -3022,13 +3029,13 @@ void ieee80211_csa_finalize_work(struct + switch (sdata->vif.type) { + case NL80211_IFTYPE_AP: + err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon); ++ kfree(sdata->u.ap.next_beacon); ++ sdata->u.ap.next_beacon = NULL; + - bf->bf_state.bf_type = BUF_AMPDU | BUF_AGGR; - seqno = bf->bf_state.seqno; + if (err < 0) + goto unlock; -@@ -828,73 +922,52 @@ ath_tx_get_tid_subframe(struct ath_softc + changed |= err; +- kfree(sdata->u.ap.next_beacon); +- sdata->u.ap.next_beacon = NULL; +- + ieee80211_bss_info_change_notify(sdata, err); + break; + case NL80211_IFTYPE_ADHOC: +@@ -3066,7 +3073,7 @@ int ieee80211_channel_switch(struct wiph + struct ieee80211_if_mesh __maybe_unused *ifmsh; + int err, num_chanctx; - INIT_LIST_HEAD(&bf_head); - list_add(&bf->list, &bf_head); -- __skb_unlink(skb, &tid->buf_q); -+ __skb_unlink(skb, *q); - ath_tx_update_baw(sc, tid, seqno); - ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); - continue; - } +- lockdep_assert_held(&sdata->wdev.mtx); ++ sdata_assert_lock(sdata); -- bf->bf_next = NULL; -- bf->bf_lastbf = bf; - return bf; - } + if (!list_empty(&local->roc_list) || local->scanning) + return -EBUSY; +--- a/net/mac80211/ht.c ++++ b/net/mac80211/ht.c +@@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802 + mgmt->u.action.u.delba.params = cpu_to_le16(params); + mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code); - return NULL; +- ieee80211_tx_skb_tid(sdata, skb, tid); ++ ieee80211_tx_skb(sdata, skb); } --static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, -- struct ath_txq *txq, -- struct ath_atx_tid *tid, -- struct list_head *bf_q, -- int *aggr_len) -+static bool -+ath_tx_form_aggr(struct ath_softc *sc, struct ath_txq *txq, -+ struct ath_atx_tid *tid, struct list_head *bf_q, -+ struct ath_buf *bf_first, struct sk_buff_head *tid_q, -+ int *aggr_len) - { - #define PADBYTES(_len) ((4 - ((_len) % 4)) % 4) -- struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL; -- int rl = 0, nframes = 0, ndelim, prev_al = 0; -+ struct ath_buf *bf = bf_first, *bf_prev = NULL; -+ int nframes = 0, ndelim; - u16 aggr_limit = 0, al = 0, bpad = 0, -- al_delta, h_baw = tid->baw_size / 2; -- enum ATH_AGGR_STATUS status = ATH_AGGR_DONE; -+ al_delta, h_baw = tid->baw_size / 2; - struct ieee80211_tx_info *tx_info; - struct ath_frame_info *fi; - struct sk_buff *skb; -+ bool closed = false; + void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, +@@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru + u.ap.request_smps_work); -- do { -- bf = ath_tx_get_tid_subframe(sc, txq, tid); -- if (!bf) { -- status = ATH_AGGR_BAW_CLOSED; -- break; -- } -+ bf = bf_first; -+ aggr_limit = ath_lookup_rate(sc, bf, tid); + sdata_lock(sdata); +- __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode); ++ if (sdata_dereference(sdata->u.ap.beacon, sdata)) ++ __ieee80211_request_smps_ap(sdata, ++ sdata->u.ap.driver_smps_mode); + sdata_unlock(sdata); + } -+ do { - skb = bf->bf_mpdu; - fi = get_frame_info(skb); +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee -- if (!bf_first) -- bf_first = bf; -- -- if (!rl) { -- ath_set_rates(tid->an->vif, tid->an->sta, bf); -- aggr_limit = ath_lookup_rate(sc, bf, tid); -- rl = 1; -- } -- - /* do not exceed aggregation limit */ - al_delta = ATH_AGGR_DELIM_SZ + fi->framelen; -+ if (nframes) { -+ if (aggr_limit < al + bpad + al_delta || -+ ath_lookup_legacy(bf) || nframes >= h_baw) -+ break; - -- if (nframes && -- ((aggr_limit < (al + bpad + al_delta + prev_al)) || -- ath_lookup_legacy(bf))) { -- status = ATH_AGGR_LIMITED; -- break; -- } + ieee80211_roc_purge(local, sdata); + +- if (sdata->vif.type == NL80211_IFTYPE_STATION) ++ switch (sdata->vif.type) { ++ case NL80211_IFTYPE_STATION: + ieee80211_mgd_stop(sdata); - -- tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); -- if (nframes && (tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)) -- break; +- if (sdata->vif.type == NL80211_IFTYPE_ADHOC) ++ break; ++ case NL80211_IFTYPE_ADHOC: + ieee80211_ibss_stop(sdata); - -- /* do not exceed subframe limit */ -- if (nframes >= min((int)h_baw, ATH_AMPDU_SUBFRAME_DEFAULT)) { -- status = ATH_AGGR_LIMITED; -- break; -+ tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); -+ if ((tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) || -+ !(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) -+ break; - } - - /* add padding for previous frame to aggregation length */ -@@ -912,22 +985,37 @@ static enum ATH_AGGR_STATUS ath_tx_form_ - bf->bf_next = NULL; - - /* link buffers of this frame to the aggregate */ -- if (!fi->retries) -- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); -+ if (!fi->baw_tracked) -+ ath_tx_addto_baw(sc, tid, bf); - bf->bf_state.ndelim = ndelim; - -- __skb_unlink(skb, &tid->buf_q); -+ __skb_unlink(skb, tid_q); - list_add_tail(&bf->list, bf_q); - if (bf_prev) - bf_prev->bf_next = bf; - - bf_prev = bf; - -- } while (!skb_queue_empty(&tid->buf_q)); -+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q); -+ if (!bf) { -+ closed = true; -+ break; -+ } -+ } while (ath_tid_has_buffered(tid)); -+ -+ bf = bf_first; -+ bf->bf_lastbf = bf_prev; -+ -+ if (bf == bf_prev) { -+ al = get_frame_info(bf->bf_mpdu)->framelen; -+ bf->bf_state.bf_type = BUF_AMPDU; -+ } else { -+ TX_STAT_INC(txq->axq_qnum, a_aggr); ++ break; ++ case NL80211_IFTYPE_AP: ++ cancel_work_sync(&sdata->u.ap.request_smps_work); ++ break; ++ default: ++ break; + } - *aggr_len = al; - -- return status; -+ return closed; - #undef PADBYTES - } + /* + * Remove all stations associated with this interface. +@@ -827,7 +834,9 @@ static void ieee80211_do_stop(struct iee + cancel_work_sync(&local->dynamic_ps_enable_work); -@@ -999,7 +1087,7 @@ void ath_update_max_aggr_framelen(struct - } + cancel_work_sync(&sdata->recalc_smps); ++ sdata_lock(sdata); + sdata->vif.csa_active = false; ++ sdata_unlock(sdata); + cancel_work_sync(&sdata->csa_finalize_work); - static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf, -- struct ath_tx_info *info, int len) -+ struct ath_tx_info *info, int len, bool rts) + cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m { - struct ath_hw *ah = sc->sc_ah; - struct sk_buff *skb; -@@ -1008,6 +1096,7 @@ static void ath_buf_set_rate(struct ath_ - const struct ieee80211_rate *rate; - struct ieee80211_hdr *hdr; - struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu); -+ u32 rts_thresh = sc->hw->wiphy->rts_threshold; - int i; - u8 rix = 0; - -@@ -1030,7 +1119,17 @@ static void ath_buf_set_rate(struct ath_ - rix = rates[i].idx; - info->rates[i].Tries = rates[i].count; + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; -- if (rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) { -+ /* -+ * Handle RTS threshold for unaggregated HT frames. -+ */ -+ if (bf_isampdu(bf) && !bf_isaggr(bf) && -+ (rates[i].flags & IEEE80211_TX_RC_MCS) && -+ unlikely(rts_thresh != (u32) -1)) { -+ if (!rts_thresh || (len > rts_thresh)) -+ rts = true; -+ } -+ -+ if (rts || rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) { - info->rates[i].RateFlags |= ATH9K_RATESERIES_RTS_CTS; - info->flags |= ATH9K_TXDESC_RTSENA; - } else if (rates[i].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) { -@@ -1123,6 +1222,8 @@ static void ath_tx_fill_desc(struct ath_ - struct ath_hw *ah = sc->sc_ah; - struct ath_buf *bf_first = NULL; - struct ath_tx_info info; -+ u32 rts_thresh = sc->hw->wiphy->rts_threshold; -+ bool rts = false; - - memset(&info, 0, sizeof(info)); - info.is_first = true; -@@ -1159,7 +1260,22 @@ static void ath_tx_fill_desc(struct ath_ - info.flags |= (u32) bf->bf_state.bfs_paprd << - ATH9K_TXDESC_PAPRD_S; - -- ath_buf_set_rate(sc, bf, &info, len); -+ /* -+ * mac80211 doesn't handle RTS threshold for HT because -+ * the decision has to be taken based on AMPDU length -+ * and aggregation is done entirely inside ath9k. -+ * Set the RTS/CTS flag for the first subframe based -+ * on the threshold. -+ */ -+ if (aggr && (bf == bf_first) && -+ unlikely(rts_thresh != (u32) -1)) { -+ /* -+ * "len" is the size of the entire AMPDU. -+ */ -+ if (!rts_thresh || (len > rts_thresh)) -+ rts = true; -+ } -+ ath_buf_set_rate(sc, bf, &info, len, rts); - } +- if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1)) ++ if (is_multicast_ether_addr(hdr->addr1)) + return 0; - info.buf_addr[0] = bf->bf_buf_addr; -@@ -1188,64 +1304,101 @@ static void ath_tx_fill_desc(struct ath_ - } +- return ieee80211_is_robust_mgmt_frame(hdr); ++ return ieee80211_is_robust_mgmt_frame(skb); } --static void ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq, -- struct ath_atx_tid *tid) -+static void -+ath_tx_form_burst(struct ath_softc *sc, struct ath_txq *txq, -+ struct ath_atx_tid *tid, struct list_head *bf_q, -+ struct ath_buf *bf_first, struct sk_buff_head *tid_q) + +@@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust { -- struct ath_buf *bf; -- enum ATH_AGGR_STATUS status; -- struct ieee80211_tx_info *tx_info; -- struct list_head bf_q; -- int aggr_len; -+ struct ath_buf *bf = bf_first, *bf_prev = NULL; -+ struct sk_buff *skb; -+ int nframes = 0; + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; - do { -- if (skb_queue_empty(&tid->buf_q)) -- return; -+ struct ieee80211_tx_info *tx_info; -+ skb = bf->bf_mpdu; - -- INIT_LIST_HEAD(&bf_q); -+ nframes++; -+ __skb_unlink(skb, tid_q); -+ list_add_tail(&bf->list, bf_q); -+ if (bf_prev) -+ bf_prev->bf_next = bf; -+ bf_prev = bf; - -- status = ath_tx_form_aggr(sc, txq, tid, &bf_q, &aggr_len); -+ if (nframes >= 2) -+ break; - -- /* -- * no frames picked up to be aggregated; -- * block-ack window is not open. -- */ -- if (list_empty(&bf_q)) -+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q); -+ if (!bf) - break; +- if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1)) ++ if (!is_multicast_ether_addr(hdr->addr1)) + return 0; -- bf = list_first_entry(&bf_q, struct ath_buf, list); -- bf->bf_lastbf = list_entry(bf_q.prev, struct ath_buf, list); - tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); -+ if (tx_info->flags & IEEE80211_TX_CTL_AMPDU) -+ break; - -- if (tid->ac->clear_ps_filter) { -- tid->ac->clear_ps_filter = false; -- tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; -- } else { -- tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT; -- } -+ ath_set_rates(tid->an->vif, tid->an->sta, bf); -+ } while (1); -+} +- return ieee80211_is_robust_mgmt_frame(hdr); ++ return ieee80211_is_robust_mgmt_frame(skb); + } -- /* if only one frame, send as non-aggregate */ -- if (bf == bf->bf_lastbf) { -- aggr_len = get_frame_info(bf->bf_mpdu)->framelen; -- bf->bf_state.bf_type = BUF_AMPDU; -- } else { -- TX_STAT_INC(txq->axq_qnum, a_aggr); -- } -+static bool ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq, -+ struct ath_atx_tid *tid, bool *stop) -+{ -+ struct ath_buf *bf; -+ struct ieee80211_tx_info *tx_info; -+ struct sk_buff_head *tid_q; -+ struct list_head bf_q; -+ int aggr_len = 0; -+ bool aggr, last = true; -+ -+ if (!ath_tid_has_buffered(tid)) -+ return false; -+ -+ INIT_LIST_HEAD(&bf_q); -+ -+ bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q); -+ if (!bf) -+ return false; -+ -+ tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); -+ aggr = !!(tx_info->flags & IEEE80211_TX_CTL_AMPDU); -+ if ((aggr && txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) || -+ (!aggr && txq->axq_depth >= ATH_NON_AGGR_MIN_QDEPTH)) { -+ *stop = true; -+ return false; -+ } -- ath_tx_fill_desc(sc, bf, txq, aggr_len); -- ath_tx_txqaddbuf(sc, txq, &bf_q, false); -- } while (txq->axq_ampdu_depth < ATH_AGGR_MIN_QDEPTH && -- status != ATH_AGGR_BAW_CLOSED); -+ ath_set_rates(tid->an->vif, tid->an->sta, bf); -+ if (aggr) -+ last = ath_tx_form_aggr(sc, txq, tid, &bf_q, bf, -+ tid_q, &aggr_len); -+ else -+ ath_tx_form_burst(sc, txq, tid, &bf_q, bf, tid_q); -+ -+ if (list_empty(&bf_q)) -+ return false; -+ -+ if (tid->ac->clear_ps_filter || tid->an->no_ps_filter) { -+ tid->ac->clear_ps_filter = false; -+ tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; -+ } -+ -+ ath_tx_fill_desc(sc, bf, txq, aggr_len); -+ ath_tx_txqaddbuf(sc, txq, &bf_q, false); -+ return true; - } +@@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str + if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da)) + return -1; - int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta, - u16 tid, u16 *ssn) - { - struct ath_atx_tid *txtid; -+ struct ath_txq *txq; - struct ath_node *an; - u8 density; - - an = (struct ath_node *)sta->drv_priv; - txtid = ATH_AN_2_TID(an, tid); -+ txq = txtid->ac->txq; -+ -+ ath_txq_lock(sc, txq); +- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr)) ++ if (!ieee80211_is_robust_mgmt_frame(skb)) + return -1; /* not a robust management frame */ - /* update ampdu factor/density, they may have changed. This may happen - * in HT IBSS when a beacon with HT-info is received after the station -@@ -1258,6 +1411,9 @@ int ath_tx_aggr_start(struct ath_softc * - an->mpdudensity = density; + mmie = (struct ieee80211_mmie *) +@@ -1128,6 +1128,13 @@ static void sta_ps_end(struct sta_info * + sta->sta.addr, sta->sta.aid); + + if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { ++ /* ++ * Clear the flag only if the other one is still set ++ * so that the TX path won't start TX'ing new frames ++ * directly ... In the case that the driver flag isn't ++ * set ieee80211_sta_ps_deliver_wakeup() will clear it. ++ */ ++ clear_sta_flag(sta, WLAN_STA_PS_STA); + ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n", + sta->sta.addr, sta->sta.aid); + return; +@@ -1311,18 +1318,15 @@ ieee80211_rx_h_sta_process(struct ieee80 + !ieee80211_has_morefrags(hdr->frame_control) && + !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && + (rx->sdata->vif.type == NL80211_IFTYPE_AP || +- rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { ++ rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && ++ /* PM bit is only checked in frames where it isn't reserved, ++ * in AP mode it's reserved in non-bufferable management frames ++ * (cf. IEEE 802.11-2012 8.2.4.1.7 Power Management field) ++ */ ++ (!ieee80211_is_mgmt(hdr->frame_control) || ++ ieee80211_is_bufferable_mmpdu(hdr->frame_control))) { + if (test_sta_flag(sta, WLAN_STA_PS_STA)) { +- /* +- * Ignore doze->wake transitions that are +- * indicated by non-data frames, the standard +- * is unclear here, but for example going to +- * PS mode and then scanning would cause a +- * doze->wake transition for the probe request, +- * and that is clearly undesirable. +- */ +- if (ieee80211_is_data(hdr->frame_control) && +- !ieee80211_has_pm(hdr->frame_control)) ++ if (!ieee80211_has_pm(hdr->frame_control)) + sta_ps_end(sta); + } else { + if (ieee80211_has_pm(hdr->frame_control)) +@@ -1845,8 +1849,7 @@ static int ieee80211_drop_unencrypted_mg + * having configured keys. + */ + if (unlikely(ieee80211_is_action(fc) && !rx->key && +- ieee80211_is_robust_mgmt_frame( +- (struct ieee80211_hdr *) rx->skb->data))) ++ ieee80211_is_robust_mgmt_frame(rx->skb))) + return -EACCES; } -+ /* force sequence number allocation for pending frames */ -+ ath_tx_tid_change_state(sc, txtid); +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc, + if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP)) + return 0; + +- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) +- skb->data)) ++ if (!ieee80211_is_robust_mgmt_frame(skb)) + return 0; + + return 1; +@@ -478,6 +477,20 @@ ieee80211_tx_h_unicast_ps_buf(struct iee + sta->sta.addr, sta->sta.aid, ac); + if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) + purge_old_ps_buffers(tx->local); + - txtid->active = true; - txtid->paused = true; - *ssn = txtid->seq_start = txtid->seq_next; -@@ -1266,6 +1422,8 @@ int ath_tx_aggr_start(struct ath_softc * - memset(txtid->tx_buf, 0, sizeof(txtid->tx_buf)); - txtid->baw_head = txtid->baw_tail = 0; - -+ ath_txq_unlock_complete(sc, txq); ++ /* sync with ieee80211_sta_ps_deliver_wakeup */ ++ spin_lock(&sta->ps_lock); ++ /* ++ * STA woke up the meantime and all the frames on ps_tx_buf have ++ * been queued to pending queue. No reordering can happen, go ++ * ahead and Tx the packet. ++ */ ++ if (!test_sta_flag(sta, WLAN_STA_PS_STA) && ++ !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { ++ spin_unlock(&sta->ps_lock); ++ return TX_CONTINUE; ++ } + + if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) { + struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]); + ps_dbg(tx->sdata, +@@ -492,6 +505,7 @@ ieee80211_tx_h_unicast_ps_buf(struct iee + info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; + info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS; + skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb); ++ spin_unlock(&sta->ps_lock); + + if (!timer_pending(&local->sta_cleanup)) + mod_timer(&local->sta_cleanup, +@@ -525,9 +539,7 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t + + /* only deauth, disassoc and action are bufferable MMPDUs */ + if (ieee80211_is_mgmt(hdr->frame_control) && +- !ieee80211_is_deauth(hdr->frame_control) && +- !ieee80211_is_disassoc(hdr->frame_control) && +- !ieee80211_is_action(hdr->frame_control)) { ++ !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) { + if (tx->flags & IEEE80211_TX_UNICAST) + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; + return TX_CONTINUE; +@@ -567,7 +579,7 @@ ieee80211_tx_h_select_key(struct ieee802 + tx->key = key; + else if (ieee80211_is_mgmt(hdr->frame_control) && + is_multicast_ether_addr(hdr->addr1) && +- ieee80211_is_robust_mgmt_frame(hdr) && ++ ieee80211_is_robust_mgmt_frame(tx->skb) && + (key = rcu_dereference(tx->sdata->default_mgmt_key))) + tx->key = key; + else if (is_multicast_ether_addr(hdr->addr1) && +@@ -582,12 +594,12 @@ ieee80211_tx_h_select_key(struct ieee802 + tx->key = NULL; + else if (tx->skb->protocol == tx->sdata->control_port_protocol) + tx->key = NULL; +- else if (ieee80211_is_robust_mgmt_frame(hdr) && ++ else if (ieee80211_is_robust_mgmt_frame(tx->skb) && + !(ieee80211_is_action(hdr->frame_control) && + tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP))) + tx->key = NULL; + else if (ieee80211_is_mgmt(hdr->frame_control) && +- !ieee80211_is_robust_mgmt_frame(hdr)) ++ !ieee80211_is_robust_mgmt_frame(tx->skb)) + tx->key = NULL; + else { + I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); +@@ -878,7 +890,7 @@ static int ieee80211_fragment(struct iee + } + + /* adjust first fragment's length */ +- skb->len = hdrlen + per_fragm; ++ skb_trim(skb, hdrlen + per_fragm); return 0; } -@@ -1277,8 +1435,9 @@ void ath_tx_aggr_stop(struct ath_softc * - - ath_txq_lock(sc, txq); - txtid->active = false; -- txtid->paused = true; -+ txtid->paused = false; - ath_tx_flush_tid(sc, txtid); -+ ath_tx_tid_change_state(sc, txtid); - ath_txq_unlock_complete(sc, txq); - } - -@@ -1302,7 +1461,7 @@ void ath_tx_aggr_sleep(struct ieee80211_ +--- a/net/mac80211/wpa.c ++++ b/net/mac80211/wpa.c +@@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee + hdrlen = ieee80211_hdrlen(hdr->frame_control); - ath_txq_lock(sc, txq); - -- buffered = !skb_queue_empty(&tid->buf_q); -+ buffered = ath_tid_has_buffered(tid); - - tid->sched = false; - list_del(&tid->list); -@@ -1334,7 +1493,7 @@ void ath_tx_aggr_wakeup(struct ath_softc - ath_txq_lock(sc, txq); - ac->clear_ps_filter = true; + if (!ieee80211_is_data(hdr->frame_control) && +- !ieee80211_is_robust_mgmt_frame(hdr)) ++ !ieee80211_is_robust_mgmt_frame(skb)) + return RX_CONTINUE; -- if (!skb_queue_empty(&tid->buf_q) && !tid->paused) { -+ if (!tid->paused && ath_tid_has_buffered(tid)) { - ath_tx_queue_tid(txq, tid); - ath_txq_schedule(sc, txq); - } -@@ -1359,7 +1518,7 @@ void ath_tx_aggr_resume(struct ath_softc - tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor; - tid->paused = false; - -- if (!skb_queue_empty(&tid->buf_q)) { -+ if (ath_tid_has_buffered(tid)) { - ath_tx_queue_tid(txq, tid); - ath_txq_schedule(sc, txq); + data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - +--- a/net/wireless/ap.c ++++ b/net/wireless/ap.c +@@ -27,9 +27,10 @@ static int __cfg80211_stop_ap(struct cfg + err = rdev_stop_ap(rdev, dev); + if (!err) { + wdev->beacon_interval = 0; +- wdev->channel = NULL; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + wdev->ssid_len = 0; + rdev_set_qos_map(rdev, dev, NULL); ++ nl80211_send_ap_stopped(wdev); } -@@ -1379,6 +1538,7 @@ void ath9k_release_buffered_frames(struc - struct ieee80211_tx_info *info; - struct list_head bf_q; - struct ath_buf *bf_tail = NULL, *bf; -+ struct sk_buff_head *tid_q; - int sent = 0; - int i; - -@@ -1394,16 +1554,18 @@ void ath9k_release_buffered_frames(struc - continue; - - ath_txq_lock(sc, tid->ac->txq); -- while (!skb_queue_empty(&tid->buf_q) && nframes > 0) { -- bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid); -+ while (nframes > 0) { -+ bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid, &tid_q); - if (!bf) - break; - -- __skb_unlink(bf->bf_mpdu, &tid->buf_q); -+ __skb_unlink(bf->bf_mpdu, tid_q); - list_add_tail(&bf->list, &bf_q); - ath_set_rates(tid->an->vif, tid->an->sta, bf); -- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); -- bf->bf_state.bf_type &= ~BUF_AGGR; -+ if (bf_isampdu(bf)) { -+ ath_tx_addto_baw(sc, tid, bf); -+ bf->bf_state.bf_type &= ~BUF_AGGR; -+ } - if (bf_tail) - bf_tail->bf_next = bf; - -@@ -1412,7 +1574,7 @@ void ath9k_release_buffered_frames(struc - sent++; - TX_STAT_INC(txq->axq_qnum, a_queued_hw); -- if (skb_queue_empty(&tid->buf_q)) -+ if (an->sta && !ath_tid_has_buffered(tid)) - ieee80211_sta_set_buffered(an->sta, i, false); - } - ath_txq_unlock_complete(sc, tid->ac->txq); -@@ -1571,7 +1733,7 @@ static void ath_drain_txq_list(struct at - while (!list_empty(list)) { - bf = list_first_entry(list, struct ath_buf, list); + return err; +--- a/net/wireless/core.c ++++ b/net/wireless/core.c +@@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg -- if (bf->bf_stale) { -+ if (bf->bf_state.stale) { - list_del(&bf->list); + rdev->opencount--; - ath_tx_return_buffer(sc, bf); -@@ -1665,25 +1827,27 @@ void ath_tx_cleanupq(struct ath_softc *s - */ - void ath_txq_schedule(struct ath_softc *sc, struct ath_txq *txq) - { -- struct ath_atx_ac *ac, *ac_tmp, *last_ac; -+ struct ath_atx_ac *ac, *last_ac; - struct ath_atx_tid *tid, *last_tid; -+ bool sent = false; - - if (test_bit(SC_OP_HW_RESET, &sc->sc_flags) || -- list_empty(&txq->axq_acq) || -- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) -+ list_empty(&txq->axq_acq)) - return; +- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev && +- !rdev->scan_req->notified); ++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) { ++ if (WARN_ON(!rdev->scan_req->notified)) ++ rdev->scan_req->aborted = true; ++ ___cfg80211_scan_done(rdev, false); ++ } + } - rcu_read_lock(); + static int cfg80211_rfkill_set_block(void *data, bool blocked) +@@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy) + int i; + u16 ifmodes = wiphy->interface_modes; -- ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list); - last_ac = list_entry(txq->axq_acq.prev, struct ath_atx_ac, list); -+ while (!list_empty(&txq->axq_acq)) { -+ bool stop = false; +- /* support for 5/10 MHz is broken due to nl80211 API mess - disable */ +- wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ; +- + /* + * There are major locking problems in nl80211/mac80211 for CSA, + * disable for all drivers until this has been reworked. +@@ -875,8 +875,11 @@ static int cfg80211_netdev_notifier_call + break; + case NETDEV_DOWN: + cfg80211_update_iface_num(rdev, wdev->iftype, -1); +- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev && +- !rdev->scan_req->notified); ++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) { ++ if (WARN_ON(!rdev->scan_req->notified)) ++ rdev->scan_req->aborted = true; ++ ___cfg80211_scan_done(rdev, false); ++ } -- list_for_each_entry_safe(ac, ac_tmp, &txq->axq_acq, list) { -+ ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list); - last_tid = list_entry(ac->tid_q.prev, struct ath_atx_tid, list); - list_del(&ac->list); - ac->sched = false; + if (WARN_ON(rdev->sched_scan_req && + rdev->sched_scan_req->dev == wdev->netdev)) { +--- a/net/wireless/core.h ++++ b/net/wireless/core.h +@@ -62,6 +62,7 @@ struct cfg80211_registered_device { + struct rb_root bss_tree; + u32 bss_generation; + struct cfg80211_scan_request *scan_req; /* protected by RTNL */ ++ struct sk_buff *scan_msg; + struct cfg80211_sched_scan_request *sched_scan_req; + unsigned long suspend_at; + struct work_struct scan_done_wk; +@@ -210,6 +211,7 @@ struct cfg80211_event { + } dc; + struct { + u8 bssid[ETH_ALEN]; ++ struct ieee80211_channel *channel; + } ij; + }; + }; +@@ -257,7 +259,8 @@ int __cfg80211_leave_ibss(struct cfg8021 + struct net_device *dev, bool nowext); + int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, + struct net_device *dev, bool nowext); +-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid); ++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel); + int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev, + struct wireless_dev *wdev); + +@@ -361,7 +364,8 @@ int cfg80211_validate_key_settings(struc + struct key_params *params, int key_idx, + bool pairwise, const u8 *mac_addr); + void __cfg80211_scan_done(struct work_struct *wk); +-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev); ++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, ++ bool send_message); + void __cfg80211_sched_scan_results(struct work_struct *wk); + int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, + bool driver_initiated); +@@ -441,7 +445,8 @@ static inline unsigned int elapsed_jiffi + void + cfg80211_get_chan_state(struct wireless_dev *wdev, + struct ieee80211_channel **chan, +- enum cfg80211_chan_mode *chanmode); ++ enum cfg80211_chan_mode *chanmode, ++ u8 *radar_detect); + + int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev, + struct cfg80211_chan_def *chandef); +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_ + * We can then retry with the larger buffer. + */ + if ((ret == -ENOBUFS || ret == -EMSGSIZE) && +- !skb->len && ++ !skb->len && !state->split && + cb->min_dump_alloc < 4096) { + cb->min_dump_alloc = 4096; ++ state->split_start = 0; + rtnl_unlock(); + return 1; + } +@@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b + nla_for_each_nested(nl_txq_params, + info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], + rem_txq_params) { +- nla_parse(tb, NL80211_TXQ_ATTR_MAX, +- nla_data(nl_txq_params), +- nla_len(nl_txq_params), +- txq_params_policy); ++ result = nla_parse(tb, NL80211_TXQ_ATTR_MAX, ++ nla_data(nl_txq_params), ++ nla_len(nl_txq_params), ++ txq_params_policy); ++ if (result) ++ goto bad_res; + result = parse_txq_params(tb, &txq_params); + if (result) + goto bad_res; +@@ -3289,7 +3292,7 @@ static int nl80211_start_ap(struct sk_bu + if (!err) { + wdev->preset_chandef = params.chandef; + wdev->beacon_interval = params.beacon_interval; +- wdev->channel = params.chandef.chan; ++ wdev->chandef = params.chandef; + wdev->ssid_len = params.ssid_len; + memcpy(wdev->ssid, params.ssid, wdev->ssid_len); + } +@@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf + + nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], + rem_reg_rules) { +- nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, +- nla_data(nl_reg_rule), nla_len(nl_reg_rule), +- reg_rule_policy); ++ r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, ++ nla_data(nl_reg_rule), nla_len(nl_reg_rule), ++ reg_rule_policy); ++ if (r) ++ goto bad_reg; + r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); + if (r) + goto bad_reg; +@@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s + if (!rdev->ops->scan) + return -EOPNOTSUPP; + +- if (rdev->scan_req) { ++ if (rdev->scan_req || rdev->scan_msg) { + err = -EBUSY; + goto unlock; + } +@@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru + enum ieee80211_band band; + size_t ie_len; + struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; ++ s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; + + if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || + !rdev->ops->sched_scan_start) +@@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru + if (n_ssids > wiphy->max_sched_scan_ssids) + return -EINVAL; - while (!list_empty(&ac->tid_q)) { +- if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) ++ /* ++ * First, count the number of 'real' matchsets. Due to an issue with ++ * the old implementation, matchsets containing only the RSSI attribute ++ * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' ++ * RSSI for all matchsets, rather than their own matchset for reporting ++ * all APs with a strong RSSI. This is needed to be compatible with ++ * older userspace that treated a matchset with only the RSSI as the ++ * global RSSI for all other matchsets - if there are other matchsets. ++ */ ++ if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { + nla_for_each_nested(attr, + info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], +- tmp) +- n_match_sets++; ++ tmp) { ++ struct nlattr *rssi; ++ ++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, ++ nla_data(attr), nla_len(attr), ++ nl80211_match_policy); ++ if (err) ++ return err; ++ /* add other standalone attributes here */ ++ if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) { ++ n_match_sets++; ++ continue; ++ } ++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; ++ if (rssi) ++ default_match_rssi = nla_get_s32(rssi); ++ } ++ } + - tid = list_first_entry(&ac->tid_q, struct ath_atx_tid, - list); - list_del(&tid->list); -@@ -1692,17 +1856,17 @@ void ath_txq_schedule(struct ath_softc * - if (tid->paused) - continue; - -- ath_tx_sched_aggr(sc, txq, tid); -+ if (ath_tx_sched_aggr(sc, txq, tid, &stop)) -+ sent = true; - - /* - * add tid to round-robin queue if more frames - * are pending for the tid - */ -- if (!skb_queue_empty(&tid->buf_q)) -+ if (ath_tid_has_buffered(tid)) - ath_tx_queue_tid(txq, tid); - -- if (tid == last_tid || -- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) -+ if (stop || tid == last_tid) - break; - } ++ /* However, if there's no other matchset, add the RSSI one */ ++ if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) ++ n_match_sets = 1; -@@ -1711,9 +1875,17 @@ void ath_txq_schedule(struct ath_softc * - list_add_tail(&ac->list, &txq->axq_acq); + if (n_match_sets > wiphy->max_match_sets) + return -EINVAL; +@@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru + tmp) { + struct nlattr *ssid, *rssi; + +- nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, +- nla_data(attr), nla_len(attr), +- nl80211_match_policy); ++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, ++ nla_data(attr), nla_len(attr), ++ nl80211_match_policy); ++ if (err) ++ goto out_free; + ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; + if (ssid) { ++ if (WARN_ON(i >= n_match_sets)) { ++ /* this indicates a programming error, ++ * the loop above should have verified ++ * things properly ++ */ ++ err = -EINVAL; ++ goto out_free; ++ } ++ + if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { + err = -EINVAL; + goto out_free; +@@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru + nla_data(ssid), nla_len(ssid)); + request->match_sets[i].ssid.ssid_len = + nla_len(ssid); ++ /* special attribute - old implemenation w/a */ ++ request->match_sets[i].rssi_thold = ++ default_match_rssi; ++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; ++ if (rssi) ++ request->match_sets[i].rssi_thold = ++ nla_get_s32(rssi); + } +- rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; +- if (rssi) +- request->rssi_thold = nla_get_u32(rssi); +- else +- request->rssi_thold = +- NL80211_SCAN_RSSI_THOLD_OFF; + i++; } - -- if (ac == last_ac || -- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) -+ if (stop) - break; + -+ if (ac == last_ac) { -+ if (!sent) -+ break; ++ /* there was no other matchset, so the RSSI one is alone */ ++ if (i == 0) ++ request->match_sets[0].rssi_thold = default_match_rssi; + -+ sent = false; -+ last_ac = list_entry(txq->axq_acq.prev, -+ struct ath_atx_ac, list); -+ } ++ request->min_rssi_thold = INT_MAX; ++ for (i = 0; i < n_match_sets; i++) ++ request->min_rssi_thold = ++ min(request->match_sets[i].rssi_thold, ++ request->min_rssi_thold); ++ } else { ++ request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; } - rcu_read_unlock(); -@@ -1787,74 +1959,28 @@ static void ath_tx_txqaddbuf(struct ath_ - if (bf_is_ampdu_not_probing(bf)) - txq->axq_ampdu_depth++; - -- bf = bf->bf_lastbf->bf_next; -+ bf_last = bf->bf_lastbf; -+ bf = bf_last->bf_next; -+ bf_last->bf_next = NULL; - } - } - } + if (info->attrs[NL80211_ATTR_IE]) { +@@ -5751,7 +5810,7 @@ static int nl80211_start_radar_detection --static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq, -- struct ath_atx_tid *tid, struct sk_buff *skb, -- struct ath_tx_control *txctl) --{ -- struct ath_frame_info *fi = get_frame_info(skb); -- struct list_head bf_head; -- struct ath_buf *bf; -- -- /* -- * Do not queue to h/w when any of the following conditions is true: -- * - there are pending frames in software queue -- * - the TID is currently paused for ADDBA/BAR request -- * - seqno is not within block-ack window -- * - h/w queue depth exceeds low water mark -- */ -- if ((!skb_queue_empty(&tid->buf_q) || tid->paused || -- !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) || -- txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) && -- txq != sc->tx.uapsdq) { -- /* -- * Add this frame to software queue for scheduling later -- * for aggregation. -- */ -- TX_STAT_INC(txq->axq_qnum, a_queued_sw); -- __skb_queue_tail(&tid->buf_q, skb); -- if (!txctl->an || !txctl->an->sleeping) -- ath_tx_queue_tid(txq, tid); + err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef); + if (!err) { +- wdev->channel = chandef.chan; ++ wdev->chandef = chandef; + wdev->cac_started = true; + wdev->cac_start_time = jiffies; + } +@@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s + * directly to the enum ieee80211_band values used in cfg80211. + */ + BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); +- nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) +- { ++ nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) { + enum ieee80211_band band = nla_type(tx_rates); ++ int err; ++ + if (band < 0 || band >= IEEE80211_NUM_BANDS) + return -EINVAL; + sband = rdev->wiphy.bands[band]; + if (sband == NULL) + return -EINVAL; +- nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), +- nla_len(tx_rates), nl80211_txattr_policy); ++ err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), ++ nla_len(tx_rates), nl80211_txattr_policy); ++ if (err) ++ return err; + if (tb[NL80211_TXRATE_LEGACY]) { + mask.control[band].legacy = rateset_to_mask( + sband, +@@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8 + NL80211_MCGRP_SCAN, GFP_KERNEL); + } + +-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev) ++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, ++ struct wireless_dev *wdev, bool aborted) + { + struct sk_buff *msg; + + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) - return; -- } -- -- bf = ath_tx_setup_buffer(sc, txq, tid, skb); -- if (!bf) { -- ieee80211_free_txskb(sc->hw, skb); ++ return NULL; + + if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, +- NL80211_CMD_NEW_SCAN_RESULTS) < 0) { ++ aborted ? NL80211_CMD_SCAN_ABORTED : ++ NL80211_CMD_NEW_SCAN_RESULTS) < 0) { + nlmsg_free(msg); - return; -- } -- -- ath_set_rates(tid->an->vif, tid->an->sta, bf); -- bf->bf_state.bf_type = BUF_AMPDU; -- INIT_LIST_HEAD(&bf_head); -- list_add(&bf->list, &bf_head); -- -- /* Add sub-frame to BAW */ -- ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); -- -- /* Queue to h/w without aggregation */ -- TX_STAT_INC(txq->axq_qnum, a_queued_hw); -- bf->bf_lastbf = bf; -- ath_tx_fill_desc(sc, bf, txq, fi->framelen); -- ath_tx_txqaddbuf(sc, txq, &bf_head, false); --} -- - static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq, - struct ath_atx_tid *tid, struct sk_buff *skb) ++ return NULL; + } + +- genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, +- NL80211_MCGRP_SCAN, GFP_KERNEL); ++ return msg; + } + +-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev) ++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, ++ struct sk_buff *msg) { -+ struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); - struct ath_frame_info *fi = get_frame_info(skb); - struct list_head bf_head; -- struct ath_buf *bf; +- struct sk_buff *msg; - -- bf = fi->bf; -+ struct ath_buf *bf = fi->bf; - - INIT_LIST_HEAD(&bf_head); - list_add_tail(&bf->list, &bf_head); - bf->bf_state.bf_type = 0; -+ if (tid && (tx_info->flags & IEEE80211_TX_CTL_AMPDU)) { -+ bf->bf_state.bf_type = BUF_AMPDU; -+ ath_tx_addto_baw(sc, tid, bf); -+ } - - bf->bf_next = NULL; - bf->bf_lastbf = bf; -@@ -1985,6 +2111,7 @@ static int ath_tx_prepare(struct ieee802 - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); - struct ieee80211_sta *sta = txctl->sta; - struct ieee80211_vif *vif = info->control.vif; -+ struct ath_vif *avp; - struct ath_softc *sc = hw->priv; - int frmlen = skb->len + FCS_LEN; - int padpos, padsize; -@@ -1992,6 +2119,10 @@ static int ath_tx_prepare(struct ieee802 - /* NOTE: sta can be NULL according to net/mac80211.h */ - if (sta) - txctl->an = (struct ath_node *)sta->drv_priv; -+ else if (vif && ieee80211_is_data(hdr->frame_control)) { -+ avp = (void *)vif->drv_priv; -+ txctl->an = &avp->mcast_node; -+ } +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) + return; - if (info->control.hw_key) - frmlen += info->control.hw_key->icv_len; -@@ -2041,7 +2172,6 @@ int ath_tx_start(struct ieee80211_hw *hw - struct ath_txq *txq = txctl->txq; - struct ath_atx_tid *tid = NULL; - struct ath_buf *bf; -- u8 tidno; - int q; - int ret; - -@@ -2069,27 +2199,31 @@ int ath_tx_start(struct ieee80211_hw *hw - ath_txq_unlock(sc, txq); - txq = sc->tx.uapsdq; - ath_txq_lock(sc, txq); +- if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, +- NL80211_CMD_SCAN_ABORTED) < 0) { +- nlmsg_free(msg); +- return; - } - -- if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) { -- tidno = ieee80211_get_qos_ctl(hdr)[0] & -- IEEE80211_QOS_CTL_TID_MASK; -- tid = ATH_AN_2_TID(txctl->an, tidno); -+ } else if (txctl->an && -+ ieee80211_is_data_present(hdr->frame_control)) { -+ tid = ath_get_skb_tid(sc, txctl->an, skb); + genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, + NL80211_MCGRP_SCAN, GFP_KERNEL); + } +@@ -11158,7 +11211,8 @@ void cfg80211_ch_switch_notify(struct ne + wdev->iftype != NL80211_IFTYPE_MESH_POINT)) + return; - WARN_ON(tid->ac->txq != txctl->txq); -- } +- wdev->channel = chandef->chan; ++ wdev->chandef = *chandef; ++ wdev->preset_chandef = *chandef; + nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL); + } + EXPORT_SYMBOL(cfg80211_ch_switch_notify); +@@ -11673,6 +11727,35 @@ void cfg80211_crit_proto_stopped(struct + } + EXPORT_SYMBOL(cfg80211_crit_proto_stopped); -- if ((info->flags & IEEE80211_TX_CTL_AMPDU) && tid) { -+ if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) -+ tid->ac->clear_ps_filter = true; ++void nl80211_send_ap_stopped(struct wireless_dev *wdev) ++{ ++ struct wiphy *wiphy = wdev->wiphy; ++ struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); ++ struct sk_buff *msg; ++ void *hdr; + - /* -- * Try aggregation if it's a unicast data frame -- * and the destination is HT capable. -+ * Add this frame to software queue for scheduling later -+ * for aggregation. - */ -- ath_tx_send_ampdu(sc, txq, tid, skb, txctl); -+ TX_STAT_INC(txq->axq_qnum, a_queued_sw); -+ __skb_queue_tail(&tid->buf_q, skb); -+ if (!txctl->an->sleeping) -+ ath_tx_queue_tid(txq, tid); ++ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); ++ if (!msg) ++ return; + -+ ath_txq_schedule(sc, txq); - goto out; - } ++ hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); ++ if (!hdr) ++ goto out; ++ ++ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || ++ nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || ++ nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) ++ goto out; ++ ++ genlmsg_end(msg, hdr); ++ ++ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, ++ NL80211_MCGRP_MLME, GFP_KERNEL); ++ return; ++ out: ++ nlmsg_free(msg); ++} ++ + /* initialisation/exit functions */ + + int nl80211_init(void) +--- a/net/wireless/nl80211.h ++++ b/net/wireless/nl80211.h +@@ -8,10 +8,10 @@ void nl80211_exit(void); + void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev); + void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, + struct wireless_dev *wdev); +-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev); +-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev); ++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, ++ struct wireless_dev *wdev, bool aborted); ++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, ++ struct sk_buff *msg); + void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, + struct net_device *netdev, u32 cmd); + void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, +@@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg + enum nl80211_radar_event event, + struct net_device *netdev, gfp_t gfp); + ++void nl80211_send_ap_stopped(struct wireless_dev *wdev); ++ + void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev); + + #endif /* __NET_WIRELESS_NL80211_H */ +--- a/net/wireless/scan.c ++++ b/net/wireless/scan.c +@@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct + dev->bss_generation++; + } + +-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev) ++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, ++ bool send_message) + { + struct cfg80211_scan_request *request; + struct wireless_dev *wdev; ++ struct sk_buff *msg; + #ifdef CPTCFG_CFG80211_WEXT + union iwreq_data wrqu; + #endif - bf = ath_tx_setup_buffer(sc, txq, tid, skb); - if (!bf) { -+ ath_txq_skb_done(sc, txq, skb); - if (txctl->paprd) - dev_kfree_skb_any(skb); - else -@@ -2142,7 +2276,7 @@ void ath_tx_cabq(struct ieee80211_hw *hw - - bf->bf_lastbf = bf; - ath_set_rates(vif, NULL, bf); -- ath_buf_set_rate(sc, bf, &info, fi->framelen); -+ ath_buf_set_rate(sc, bf, &info, fi->framelen, false); - duration += info.rates[0].PktDuration; - if (bf_tail) - bf_tail->bf_next = bf; -@@ -2189,7 +2323,7 @@ static void ath_tx_complete(struct ath_s - struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); - struct ath_common *common = ath9k_hw_common(sc->sc_ah); - struct ieee80211_hdr * hdr = (struct ieee80211_hdr *)skb->data; -- int q, padpos, padsize; -+ int padpos, padsize; - unsigned long flags; + ASSERT_RTNL(); - ath_dbg(common, XMIT, "TX complete: skb: %p\n", skb); -@@ -2225,21 +2359,7 @@ static void ath_tx_complete(struct ath_s - spin_unlock_irqrestore(&sc->sc_pm_lock, flags); +- request = rdev->scan_req; ++ if (rdev->scan_msg) { ++ nl80211_send_scan_result(rdev, rdev->scan_msg); ++ rdev->scan_msg = NULL; ++ return; ++ } - __skb_queue_tail(&txq->complete_q, skb); -- -- q = skb_get_queue_mapping(skb); -- if (txq == sc->tx.uapsdq) -- txq = sc->tx.txq_map[q]; -- -- if (txq == sc->tx.txq_map[q]) { -- if (WARN_ON(--txq->pending_frames < 0)) -- txq->pending_frames = 0; -- -- if (txq->stopped && -- txq->pending_frames < sc->tx.txq_max_pending[q]) { -- ieee80211_wake_queue(sc->hw, q); -- txq->stopped = false; ++ request = rdev->scan_req; + if (!request) + return; + +@@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802 + if (wdev->netdev) + cfg80211_sme_scan_done(wdev->netdev); + +- if (request->aborted) { +- nl80211_send_scan_aborted(rdev, wdev); +- } else { +- if (request->flags & NL80211_SCAN_FLAG_FLUSH) { +- /* flush entries from previous scans */ +- spin_lock_bh(&rdev->bss_lock); +- __cfg80211_bss_expire(rdev, request->scan_start); +- spin_unlock_bh(&rdev->bss_lock); - } -- } -+ ath_txq_skb_done(sc, txq, skb); +- nl80211_send_scan_done(rdev, wdev); ++ if (!request->aborted && ++ request->flags & NL80211_SCAN_FLAG_FLUSH) { ++ /* flush entries from previous scans */ ++ spin_lock_bh(&rdev->bss_lock); ++ __cfg80211_bss_expire(rdev, request->scan_start); ++ spin_unlock_bh(&rdev->bss_lock); + } + ++ msg = nl80211_build_scan_msg(rdev, wdev, request->aborted); ++ + #ifdef CPTCFG_CFG80211_WEXT + if (wdev->netdev && !request->aborted) { + memset(&wrqu, 0, sizeof(wrqu)); +@@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802 + + rdev->scan_req = NULL; + kfree(request); ++ ++ if (!send_message) ++ rdev->scan_msg = msg; ++ else ++ nl80211_send_scan_result(rdev, msg); } - static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf, -@@ -2360,8 +2480,7 @@ static void ath_tx_processq(struct ath_s + void __cfg80211_scan_done(struct work_struct *wk) +@@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st + scan_done_wk); - if (list_empty(&txq->axq_q)) { - txq->axq_link = NULL; -- if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) -- ath_txq_schedule(sc, txq); -+ ath_txq_schedule(sc, txq); - break; - } - bf = list_first_entry(&txq->axq_q, struct ath_buf, list); -@@ -2375,7 +2494,7 @@ static void ath_tx_processq(struct ath_s - * it with the STALE flag. - */ - bf_held = NULL; -- if (bf->bf_stale) { -+ if (bf->bf_state.stale) { - bf_held = bf; - if (list_is_last(&bf_held->list, &txq->axq_q)) - break; -@@ -2399,7 +2518,7 @@ static void ath_tx_processq(struct ath_s - * however leave the last descriptor back as the holding - * descriptor for hw. - */ -- lastbf->bf_stale = true; -+ lastbf->bf_state.stale = true; - INIT_LIST_HEAD(&bf_head); - if (!list_is_singular(&lastbf->list)) - list_cut_position(&bf_head, -@@ -2470,7 +2589,7 @@ void ath_tx_edma_tasklet(struct ath_soft - } + rtnl_lock(); +- ___cfg80211_scan_done(rdev); ++ ___cfg80211_scan_done(rdev, true); + rtnl_unlock(); + } - bf = list_first_entry(fifo_list, struct ath_buf, list); -- if (bf->bf_stale) { -+ if (bf->bf_state.stale) { - list_del(&bf->list); - ath_tx_return_buffer(sc, bf); - bf = list_first_entry(fifo_list, struct ath_buf, list); -@@ -2492,7 +2611,7 @@ void ath_tx_edma_tasklet(struct ath_soft - ath_tx_txqaddbuf(sc, txq, &bf_q, true); - } - } else { -- lastbf->bf_stale = true; -+ lastbf->bf_state.stale = true; - if (bf != lastbf) - list_cut_position(&bf_head, fifo_list, - lastbf->list.prev); -@@ -2583,6 +2702,7 @@ void ath_tx_node_init(struct ath_softc * - tid->paused = false; - tid->active = false; - __skb_queue_head_init(&tid->buf_q); -+ __skb_queue_head_init(&tid->retry_q); - acno = TID_TO_WME_AC(tidno); - tid->ac = &an->ac[acno]; - } -@@ -2590,6 +2710,7 @@ void ath_tx_node_init(struct ath_softc * - for (acno = 0, ac = &an->ac[acno]; - acno < IEEE80211_NUM_ACS; acno++, ac++) { - ac->sched = false; -+ ac->clear_ps_filter = true; - ac->txq = sc->tx.txq_map[acno]; - INIT_LIST_HEAD(&ac->tid_q); +@@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev + if (IS_ERR(rdev)) + return PTR_ERR(rdev); + +- if (rdev->scan_req) { ++ if (rdev->scan_req || rdev->scan_msg) { + err = -EBUSY; + goto out; } ---- a/drivers/net/wireless/ath/ath9k/main.c -+++ b/drivers/net/wireless/ath/ath9k/main.c -@@ -173,8 +173,7 @@ static void ath_restart_work(struct ath_ - { - ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0); +@@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev + if (IS_ERR(rdev)) + return PTR_ERR(rdev); + +- if (rdev->scan_req) ++ if (rdev->scan_req || rdev->scan_msg) + return -EAGAIN; + + res = ieee80211_scan_results(rdev, info, extra, data->length); +--- a/net/wireless/sme.c ++++ b/net/wireless/sme.c +@@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir + ASSERT_RDEV_LOCK(rdev); + ASSERT_WDEV_LOCK(wdev); -- if (AR_SREV_9340(sc->sc_ah) || AR_SREV_9485(sc->sc_ah) || -- AR_SREV_9550(sc->sc_ah)) -+ if (AR_SREV_9340(sc->sc_ah) || AR_SREV_9330(sc->sc_ah)) - ieee80211_queue_delayed_work(sc->hw, &sc->hw_pll_work, - msecs_to_jiffies(ATH_PLL_WORK_INTERVAL)); +- if (rdev->scan_req) ++ if (rdev->scan_req || rdev->scan_msg) + return -EBUSY; -@@ -238,9 +237,6 @@ static bool ath_complete_reset(struct at - ath_restart_work(sc); + if (wdev->conn->params.channel) +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -1001,7 +1001,6 @@ ieee80211_sta_process_chanswitch(struct } -- if ((ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) && sc->ant_rx != 3) -- ath_ant_comb_update(sc); -- - ieee80211_wake_queues(sc->hw); + ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; +- sdata->vif.csa_active = true; - return true; -@@ -966,6 +962,8 @@ static int ath9k_add_interface(struct ie - struct ath_softc *sc = hw->priv; - struct ath_hw *ah = sc->sc_ah; - struct ath_common *common = ath9k_hw_common(ah); -+ struct ath_vif *avp = (void *)vif->drv_priv; -+ struct ath_node *an = &avp->mcast_node; + mutex_lock(&local->chanctx_mtx); + if (local->use_chanctx) { +@@ -1039,6 +1038,7 @@ ieee80211_sta_process_chanswitch(struct + mutex_unlock(&local->chanctx_mtx); - mutex_lock(&sc->mutex); + sdata->csa_chandef = csa_ie.chandef; ++ sdata->vif.csa_active = true; -@@ -979,6 +977,12 @@ static int ath9k_add_interface(struct ie - if (ath9k_uses_beacons(vif->type)) - ath9k_beacon_assign_slot(sc, vif); + if (csa_ie.mode) + ieee80211_stop_queues_by_reason(&local->hw, +--- a/net/mac80211/chan.c ++++ b/net/mac80211/chan.c +@@ -196,6 +196,8 @@ static bool ieee80211_is_radar_required( + { + struct ieee80211_sub_if_data *sdata; -+ an->sc = sc; -+ an->sta = NULL; -+ an->vif = vif; -+ an->no_ps_filter = true; -+ ath_tx_node_init(sc, an); ++ lockdep_assert_held(&local->mtx); + - mutex_unlock(&sc->mutex); - return 0; - } -@@ -1016,6 +1020,7 @@ static void ath9k_remove_interface(struc - { - struct ath_softc *sc = hw->priv; - struct ath_common *common = ath9k_hw_common(sc->sc_ah); -+ struct ath_vif *avp = (void *)vif->drv_priv; + rcu_read_lock(); + list_for_each_entry_rcu(sdata, &local->interfaces, list) { + if (sdata->radar_required) { +--- a/net/mac80211/ibss.c ++++ b/net/mac80211/ibss.c +@@ -294,7 +294,6 @@ static void __ieee80211_sta_join_ibss(st + } - ath_dbg(common, CONFIG, "Detach Interface\n"); + mutex_lock(&local->mtx); +- ieee80211_vif_release_channel(sdata); + if (ieee80211_vif_use_channel(sdata, &chandef, + ifibss->fixed_channel ? + IEEE80211_CHANCTX_SHARED : +@@ -303,6 +302,7 @@ static void __ieee80211_sta_join_ibss(st + mutex_unlock(&local->mtx); + return; + } ++ sdata->radar_required = radar_required; + mutex_unlock(&local->mtx); -@@ -1030,6 +1035,8 @@ static void ath9k_remove_interface(struc - ath9k_calculate_summary_state(hw, NULL); - ath9k_ps_restore(sc); + memcpy(ifibss->bssid, bssid, ETH_ALEN); +@@ -318,7 +318,6 @@ static void __ieee80211_sta_join_ibss(st + rcu_assign_pointer(ifibss->presp, presp); + mgmt = (void *)presp->head; -+ ath_tx_node_cleanup(sc, &avp->mcast_node); -+ - mutex_unlock(&sc->mutex); +- sdata->radar_required = radar_required; + sdata->vif.bss_conf.enable_beacon = true; + sdata->vif.bss_conf.beacon_int = beacon_int; + sdata->vif.bss_conf.basic_rates = basic_rates; +@@ -386,7 +385,7 @@ static void __ieee80211_sta_join_ibss(st + presp->head_len, 0, GFP_KERNEL); + cfg80211_put_bss(local->hw.wiphy, bss); + netif_carrier_on(sdata->dev); +- cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(sdata->dev, ifibss->bssid, chan, GFP_KERNEL); } -@@ -1193,8 +1200,6 @@ static int ath9k_config(struct ieee80211 - - if ((changed & IEEE80211_CONF_CHANGE_CHANNEL) || reset_channel) { - struct ieee80211_channel *curchan = hw->conf.chandef.chan; -- enum nl80211_channel_type channel_type = -- cfg80211_get_chandef_type(&conf->chandef); - int pos = curchan->hw_value; - int old_pos = -1; - unsigned long flags; -@@ -1202,8 +1207,8 @@ static int ath9k_config(struct ieee80211 - if (ah->curchan) - old_pos = ah->curchan - &ah->channels[0]; - -- ath_dbg(common, CONFIG, "Set channel: %d MHz type: %d\n", -- curchan->center_freq, channel_type); -+ ath_dbg(common, CONFIG, "Set channel: %d MHz width: %d\n", -+ curchan->center_freq, hw->conf.chandef.width); - - /* update survey stats for the old channel before switching */ - spin_lock_irqsave(&common->cc_lock, flags); -@@ -1211,7 +1216,7 @@ static int ath9k_config(struct ieee80211 - spin_unlock_irqrestore(&common->cc_lock, flags); - - ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos], -- curchan, channel_type); -+ &conf->chandef); - - /* - * If the operating channel changes, change the survey in-use flags -@@ -1374,9 +1379,6 @@ static void ath9k_sta_notify(struct ieee - struct ath_softc *sc = hw->priv; - struct ath_node *an = (struct ath_node *) sta->drv_priv; + static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata, +@@ -802,6 +801,8 @@ ieee80211_ibss_process_chanswitch(struct + int err; + u32 sta_flags; -- if (!sta->ht_cap.ht_supported) -- return; -- - switch (cmd) { - case STA_NOTIFY_SLEEP: - an->sleeping = true; -@@ -2094,7 +2096,7 @@ static void ath9k_wow_add_pattern(struct - { - struct ath_hw *ah = sc->sc_ah; - struct ath9k_wow_pattern *wow_pattern = NULL; -- struct cfg80211_wowlan_trig_pkt_pattern *patterns = wowlan->patterns; -+ struct cfg80211_pkt_pattern *patterns = wowlan->patterns; - int mask_len; - s8 i = 0; - ---- a/drivers/net/wireless/mwifiex/cfg80211.c -+++ b/drivers/net/wireless/mwifiex/cfg80211.c -@@ -2298,8 +2298,7 @@ EXPORT_SYMBOL_GPL(mwifiex_del_virtual_in - - #ifdef CONFIG_PM - static bool --mwifiex_is_pattern_supported(struct cfg80211_wowlan_trig_pkt_pattern *pat, -- s8 *byte_seq) -+mwifiex_is_pattern_supported(struct cfg80211_pkt_pattern *pat, s8 *byte_seq) - { - int j, k, valid_byte_cnt = 0; - bool dont_care_byte = false; ---- a/drivers/net/wireless/ti/wlcore/main.c -+++ b/drivers/net/wireless/ti/wlcore/main.c -@@ -1315,7 +1315,7 @@ static struct sk_buff *wl12xx_alloc_dumm - - #ifdef CONFIG_PM - static int --wl1271_validate_wowlan_pattern(struct cfg80211_wowlan_trig_pkt_pattern *p) -+wl1271_validate_wowlan_pattern(struct cfg80211_pkt_pattern *p) - { - int num_fields = 0, in_field = 0, fields_size = 0; - int i, pattern_len = 0; -@@ -1458,9 +1458,9 @@ void wl1271_rx_filter_flatten_fields(str - * Allocates an RX filter returned through f - * which needs to be freed using rx_filter_free() - */ --static int wl1271_convert_wowlan_pattern_to_rx_filter( -- struct cfg80211_wowlan_trig_pkt_pattern *p, -- struct wl12xx_rx_filter **f) -+static int -+wl1271_convert_wowlan_pattern_to_rx_filter(struct cfg80211_pkt_pattern *p, -+ struct wl12xx_rx_filter **f) - { - int i, j, ret = 0; - struct wl12xx_rx_filter *filter; -@@ -1562,7 +1562,7 @@ static int wl1271_configure_wowlan(struc - - /* Translate WoWLAN patterns into filters */ - for (i = 0; i < wow->n_patterns; i++) { -- struct cfg80211_wowlan_trig_pkt_pattern *p; -+ struct cfg80211_pkt_pattern *p; - struct wl12xx_rx_filter *filter = NULL; - - p = &wow->patterns[i]; ---- a/include/net/cfg80211.h -+++ b/include/net/cfg80211.h -@@ -639,6 +639,30 @@ struct cfg80211_ap_settings { - }; - - /** -+ * struct cfg80211_csa_settings - channel switch settings -+ * -+ * Used for channel switch -+ * -+ * @chandef: defines the channel to use after the switch -+ * @beacon_csa: beacon data while performing the switch -+ * @counter_offset_beacon: offset for the counter within the beacon (tail) -+ * @counter_offset_presp: offset for the counter within the probe response -+ * @beacon_after: beacon data to be used on the new channel -+ * @radar_required: whether radar detection is required on the new channel -+ * @block_tx: whether transmissions should be blocked while changing -+ * @count: number of beacons until switch -+ */ -+struct cfg80211_csa_settings { -+ struct cfg80211_chan_def chandef; -+ struct cfg80211_beacon_data beacon_csa; -+ u16 counter_offset_beacon, counter_offset_presp; -+ struct cfg80211_beacon_data beacon_after; -+ bool radar_required; -+ bool block_tx; -+ u8 count; -+}; -+ -+/** - * enum station_parameters_apply_mask - station parameter values to apply - * @STATION_PARAM_APPLY_UAPSD: apply new uAPSD parameters (uapsd_queues, max_sp) - * @STATION_PARAM_APPLY_CAPABILITY: apply new capability -@@ -1698,7 +1722,7 @@ struct cfg80211_pmksa { - }; - - /** -- * struct cfg80211_wowlan_trig_pkt_pattern - packet pattern -+ * struct cfg80211_pkt_pattern - packet pattern - * @mask: bitmask where to match pattern and where to ignore bytes, - * one bit per byte, in same format as nl80211 - * @pattern: bytes to match where bitmask is 1 -@@ -1708,7 +1732,7 @@ struct cfg80211_pmksa { - * Internal note: @mask and @pattern are allocated in one chunk of - * memory, free @mask only! - */ --struct cfg80211_wowlan_trig_pkt_pattern { -+struct cfg80211_pkt_pattern { - u8 *mask, *pattern; - int pattern_len; - int pkt_offset; -@@ -1770,7 +1794,7 @@ struct cfg80211_wowlan { - bool any, disconnect, magic_pkt, gtk_rekey_failure, - eap_identity_req, four_way_handshake, - rfkill_release; -- struct cfg80211_wowlan_trig_pkt_pattern *patterns; -+ struct cfg80211_pkt_pattern *patterns; - struct cfg80211_wowlan_tcp *tcp; - int n_patterns; - }; -@@ -2071,6 +2095,8 @@ struct cfg80211_update_ft_ies_params { - * driver can take the most appropriate actions. - * @crit_proto_stop: Indicates critical protocol no longer needs increased link - * reliability. This operation can not fail. -+ * -+ * @channel_switch: initiate channel-switch procedure (with CSA) - */ - struct cfg80211_ops { - int (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow); -@@ -2306,6 +2332,10 @@ struct cfg80211_ops { - u16 duration); - void (*crit_proto_stop)(struct wiphy *wiphy, - struct wireless_dev *wdev); -+ -+ int (*channel_switch)(struct wiphy *wiphy, -+ struct net_device *dev, -+ struct cfg80211_csa_settings *params); - }; - - /* -@@ -2371,6 +2401,8 @@ struct cfg80211_ops { - * @WIPHY_FLAG_OFFCHAN_TX: Device supports direct off-channel TX. - * @WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL: Device supports remain-on-channel call. - * @WIPHY_FLAG_SUPPORTS_5_10_MHZ: Device supports 5 MHz and 10 MHz channels. -+ * @WIPHY_FLAG_HAS_CHANNEL_SWITCH: Device supports channel switch in -+ * beaconing mode (AP, IBSS, Mesh, ...). - */ - enum wiphy_flags { - WIPHY_FLAG_CUSTOM_REGULATORY = BIT(0), -@@ -2395,6 +2427,7 @@ enum wiphy_flags { - WIPHY_FLAG_OFFCHAN_TX = BIT(20), - WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL = BIT(21), - WIPHY_FLAG_SUPPORTS_5_10_MHZ = BIT(22), -+ WIPHY_FLAG_HAS_CHANNEL_SWITCH = BIT(23), - }; - - /** ---- a/include/uapi/linux/nl80211.h -+++ b/include/uapi/linux/nl80211.h -@@ -648,6 +648,16 @@ - * @NL80211_CMD_CRIT_PROTOCOL_STOP: Indicates the connection reliability can - * return back to normal. - * -+ * @NL80211_CMD_CHANNEL_SWITCH: Perform a channel switch by announcing the -+ * the new channel information (Channel Switch Announcement - CSA) -+ * in the beacon for some time (as defined in the -+ * %NL80211_ATTR_CH_SWITCH_COUNT parameter) and then change to the -+ * new channel. Userspace provides the new channel information (using -+ * %NL80211_ATTR_WIPHY_FREQ and the attributes determining channel -+ * width). %NL80211_ATTR_CH_SWITCH_BLOCK_TX may be supplied to inform -+ * other station that transmission must be blocked until the channel -+ * switch is complete. -+ * - * @NL80211_CMD_MAX: highest used command number - * @__NL80211_CMD_AFTER_LAST: internal use - */ -@@ -810,6 +820,8 @@ enum nl80211_commands { - NL80211_CMD_CRIT_PROTOCOL_START, - NL80211_CMD_CRIT_PROTOCOL_STOP, - -+ NL80211_CMD_CHANNEL_SWITCH, -+ - /* add new commands above here */ - - /* used to define NL80211_CMD_MAX below */ -@@ -1436,6 +1448,18 @@ enum nl80211_commands { - * allowed to be used with the first @NL80211_CMD_SET_STATION command to - * update a TDLS peer STA entry. - * -+ * @NL80211_ATTR_CH_SWITCH_COUNT: u32 attribute specifying the number of TBTT's -+ * until the channel switch event. -+ * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission -+ * must be blocked on the current channel (before the channel switch -+ * operation). -+ * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information -+ * for the time while performing a channel switch. -+ * @NL80211_ATTR_CSA_C_OFF_BEACON: Offset of the channel switch counter -+ * field in the beacons tail (%NL80211_ATTR_BEACON_TAIL). -+ * @NL80211_ATTR_CSA_C_OFF_PRESP: Offset of the channel switch counter -+ * field in the probe response (%NL80211_ATTR_PROBE_RESP). -+ * - * @NL80211_ATTR_MAX: highest attribute number currently defined - * @__NL80211_ATTR_AFTER_LAST: internal use - */ -@@ -1736,6 +1760,12 @@ enum nl80211_attrs { - - NL80211_ATTR_PEER_AID, - -+ NL80211_ATTR_CH_SWITCH_COUNT, -+ NL80211_ATTR_CH_SWITCH_BLOCK_TX, -+ NL80211_ATTR_CSA_IES, -+ NL80211_ATTR_CSA_C_OFF_BEACON, -+ NL80211_ATTR_CSA_C_OFF_PRESP, -+ - /* add attributes here, update the policy in nl80211.c */ - - __NL80211_ATTR_AFTER_LAST, -@@ -3060,11 +3090,11 @@ enum nl80211_tx_power_setting { - }; - - /** -- * enum nl80211_wowlan_packet_pattern_attr - WoWLAN packet pattern attribute -- * @__NL80211_WOWLAN_PKTPAT_INVALID: invalid number for nested attribute -- * @NL80211_WOWLAN_PKTPAT_PATTERN: the pattern, values where the mask has -+ * enum nl80211_packet_pattern_attr - packet pattern attribute -+ * @__NL80211_PKTPAT_INVALID: invalid number for nested attribute -+ * @NL80211_PKTPAT_PATTERN: the pattern, values where the mask has - * a zero bit are ignored -- * @NL80211_WOWLAN_PKTPAT_MASK: pattern mask, must be long enough to have -+ * @NL80211_PKTPAT_MASK: pattern mask, must be long enough to have - * a bit for each byte in the pattern. The lowest-order bit corresponds - * to the first byte of the pattern, but the bytes of the pattern are - * in a little-endian-like format, i.e. the 9th byte of the pattern -@@ -3075,23 +3105,23 @@ enum nl80211_tx_power_setting { - * Note that the pattern matching is done as though frames were not - * 802.11 frames but 802.3 frames, i.e. the frame is fully unpacked - * first (including SNAP header unpacking) and then matched. -- * @NL80211_WOWLAN_PKTPAT_OFFSET: packet offset, pattern is matched after -+ * @NL80211_PKTPAT_OFFSET: packet offset, pattern is matched after - * these fixed number of bytes of received packet -- * @NUM_NL80211_WOWLAN_PKTPAT: number of attributes -- * @MAX_NL80211_WOWLAN_PKTPAT: max attribute number -+ * @NUM_NL80211_PKTPAT: number of attributes -+ * @MAX_NL80211_PKTPAT: max attribute number - */ --enum nl80211_wowlan_packet_pattern_attr { -- __NL80211_WOWLAN_PKTPAT_INVALID, -- NL80211_WOWLAN_PKTPAT_MASK, -- NL80211_WOWLAN_PKTPAT_PATTERN, -- NL80211_WOWLAN_PKTPAT_OFFSET, -+enum nl80211_packet_pattern_attr { -+ __NL80211_PKTPAT_INVALID, -+ NL80211_PKTPAT_MASK, -+ NL80211_PKTPAT_PATTERN, -+ NL80211_PKTPAT_OFFSET, - -- NUM_NL80211_WOWLAN_PKTPAT, -- MAX_NL80211_WOWLAN_PKTPAT = NUM_NL80211_WOWLAN_PKTPAT - 1, -+ NUM_NL80211_PKTPAT, -+ MAX_NL80211_PKTPAT = NUM_NL80211_PKTPAT - 1, - }; - - /** -- * struct nl80211_wowlan_pattern_support - pattern support information -+ * struct nl80211_pattern_support - packet pattern support information - * @max_patterns: maximum number of patterns supported - * @min_pattern_len: minimum length of each pattern - * @max_pattern_len: maximum length of each pattern -@@ -3101,13 +3131,22 @@ enum nl80211_wowlan_packet_pattern_attr - * that is part of %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED in the - * capability information given by the kernel to userspace. - */ --struct nl80211_wowlan_pattern_support { -+struct nl80211_pattern_support { - __u32 max_patterns; - __u32 min_pattern_len; - __u32 max_pattern_len; - __u32 max_pkt_offset; - } __attribute__((packed)); - -+/* only for backward compatibility */ -+#define __NL80211_WOWLAN_PKTPAT_INVALID __NL80211_PKTPAT_INVALID -+#define NL80211_WOWLAN_PKTPAT_MASK NL80211_PKTPAT_MASK -+#define NL80211_WOWLAN_PKTPAT_PATTERN NL80211_PKTPAT_PATTERN -+#define NL80211_WOWLAN_PKTPAT_OFFSET NL80211_PKTPAT_OFFSET -+#define NUM_NL80211_WOWLAN_PKTPAT NUM_NL80211_PKTPAT -+#define MAX_NL80211_WOWLAN_PKTPAT MAX_NL80211_PKTPAT -+#define nl80211_wowlan_pattern_support nl80211_pattern_support -+ - /** - * enum nl80211_wowlan_triggers - WoWLAN trigger definitions - * @__NL80211_WOWLAN_TRIG_INVALID: invalid number for nested attributes -@@ -3127,7 +3166,7 @@ struct nl80211_wowlan_pattern_support { - * pattern matching is done after the packet is converted to the MSDU. - * - * In %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED, it is a binary attribute -- * carrying a &struct nl80211_wowlan_pattern_support. -+ * carrying a &struct nl80211_pattern_support. - * - * When reporting wakeup. it is a u32 attribute containing the 0-based - * index of the pattern that caused the wakeup, in the patterns passed -@@ -3284,7 +3323,7 @@ struct nl80211_wowlan_tcp_data_token_fea - * @NL80211_WOWLAN_TCP_WAKE_PAYLOAD: wake packet payload, for advertising a - * u32 attribute holding the maximum length - * @NL80211_WOWLAN_TCP_WAKE_MASK: Wake packet payload mask, not used for -- * feature advertising. The mask works like @NL80211_WOWLAN_PKTPAT_MASK -+ * feature advertising. The mask works like @NL80211_PKTPAT_MASK - * but on the TCP payload only. - * @NUM_NL80211_WOWLAN_TCP: number of TCP attributes - * @MAX_NL80211_WOWLAN_TCP: highest attribute number ---- a/net/mac80211/mesh_ps.c -+++ b/net/mac80211/mesh_ps.c -@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(str - enum nl80211_mesh_power_mode pm; - bool do_buffer; - -+ /* For non-assoc STA, prevent buffering or frame transmission */ -+ if (sta->sta_state < IEEE80211_STA_ASSOC) -+ return; -+ - /* - * use peer-specific power mode if peering is established and the - * peer's power mode is known ---- a/net/wireless/nl80211.c -+++ b/net/wireless/nl80211.c -@@ -349,6 +349,11 @@ static const struct nla_policy nl80211_p - [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, - .len = IEEE80211_MAX_DATA_LEN }, - [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, -+ [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, -+ [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, -+ [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, -+ [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 }, -+ [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 }, - }; - - /* policy for the key attributes */ -@@ -441,10 +446,12 @@ static int nl80211_prepare_wdev_dump(str - goto out_unlock; - } - *rdev = wiphy_to_dev((*wdev)->wiphy); -- cb->args[0] = (*rdev)->wiphy_idx; -+ /* 0 is the first index - add 1 to parse only once */ -+ cb->args[0] = (*rdev)->wiphy_idx + 1; - cb->args[1] = (*wdev)->identifier; - } else { -- struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]); -+ /* subtract the 1 again here */ -+ struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); - struct wireless_dev *tmp; - - if (!wiphy) { -@@ -974,7 +981,7 @@ static int nl80211_send_wowlan(struct sk - return -ENOBUFS; - - if (dev->wiphy.wowlan->n_patterns) { -- struct nl80211_wowlan_pattern_support pat = { -+ struct nl80211_pattern_support pat = { - .max_patterns = dev->wiphy.wowlan->n_patterns, - .min_pattern_len = dev->wiphy.wowlan->pattern_min_len, - .max_pattern_len = dev->wiphy.wowlan->pattern_max_len, -@@ -1393,6 +1400,8 @@ static int nl80211_send_wiphy(struct cfg - if (state->split) { - CMD(crit_proto_start, CRIT_PROTOCOL_START); - CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); -+ if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) -+ CMD(channel_switch, CHANNEL_SWITCH); - } - - #ifdef CPTCFG_NL80211_TESTMODE -@@ -1568,8 +1577,10 @@ static int nl80211_dump_wiphy(struct sk_ - rtnl_lock(); - if (!state) { - state = kzalloc(sizeof(*state), GFP_KERNEL); -- if (!state) -+ if (!state) { -+ rtnl_unlock(); - return -ENOMEM; -+ } - state->filter_wiphy = -1; - ret = nl80211_dump_wiphy_parse(skb, cb, state); - if (ret) { -@@ -2620,8 +2631,8 @@ static int nl80211_get_key(struct sk_buf - - hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0, - NL80211_CMD_NEW_KEY); -- if (IS_ERR(hdr)) -- return PTR_ERR(hdr); -+ if (!hdr) -+ return -ENOBUFS; - - cookie.msg = msg; - cookie.idx = key_idx; -@@ -4770,9 +4781,9 @@ do { \ - FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, - mask, NL80211_MESHCONF_FORWARDING, - nla_get_u8); -- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255, -+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0, - mask, NL80211_MESHCONF_RSSI_THRESHOLD, -- nla_get_u32); -+ nla_get_s32); - FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, - mask, NL80211_MESHCONF_HT_OPMODE, - nla_get_u16); -@@ -5578,6 +5589,111 @@ static int nl80211_start_radar_detection - return err; - } - -+static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) -+{ -+ struct cfg80211_registered_device *rdev = info->user_ptr[0]; -+ struct net_device *dev = info->user_ptr[1]; -+ struct wireless_dev *wdev = dev->ieee80211_ptr; -+ struct cfg80211_csa_settings params; -+ /* csa_attrs is defined static to avoid waste of stack size - this -+ * function is called under RTNL lock, so this should not be a problem. -+ */ -+ static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1]; -+ u8 radar_detect_width = 0; -+ int err; -+ -+ if (!rdev->ops->channel_switch || -+ !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) -+ return -EOPNOTSUPP; -+ -+ /* may add IBSS support later */ -+ if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && -+ dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) -+ return -EOPNOTSUPP; -+ -+ memset(¶ms, 0, sizeof(params)); -+ -+ if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || -+ !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) -+ return -EINVAL; -+ -+ /* only important for AP, IBSS and mesh create IEs internally */ -+ if (!info->attrs[NL80211_ATTR_CSA_IES]) -+ return -EINVAL; -+ -+ /* useless if AP is not running */ -+ if (!wdev->beacon_interval) -+ return -EINVAL; -+ -+ params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); -+ -+ err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after); -+ if (err) -+ return err; -+ -+ err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX, -+ info->attrs[NL80211_ATTR_CSA_IES], -+ nl80211_policy); -+ if (err) -+ return err; -+ -+ err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa); -+ if (err) -+ return err; -+ -+ if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]) -+ return -EINVAL; -+ -+ params.counter_offset_beacon = -+ nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]); -+ if (params.counter_offset_beacon >= params.beacon_csa.tail_len) -+ return -EINVAL; -+ -+ /* sanity check - counters should be the same */ -+ if (params.beacon_csa.tail[params.counter_offset_beacon] != -+ params.count) -+ return -EINVAL; -+ -+ if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) { -+ params.counter_offset_presp = -+ nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]); -+ if (params.counter_offset_presp >= -+ params.beacon_csa.probe_resp_len) -+ return -EINVAL; -+ -+ if (params.beacon_csa.probe_resp[params.counter_offset_presp] != -+ params.count) -+ return -EINVAL; -+ } -+ -+ err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); -+ if (err) -+ return err; -+ -+ if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef)) -+ return -EINVAL; -+ -+ err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef); -+ if (err < 0) { -+ return err; -+ } else if (err) { -+ radar_detect_width = BIT(params.chandef.width); -+ params.radar_required = true; -+ } -+ -+ err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, -+ params.chandef.chan, -+ CHAN_MODE_SHARED, -+ radar_detect_width); -+ if (err) -+ return err; -+ -+ if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) -+ params.block_tx = true; ++ sdata_assert_lock(sdata); + -+ return rdev_channel_switch(rdev, dev, ¶ms); -+} + sta_flags = IEEE80211_STA_DISABLE_VHT; + switch (ifibss->chandef.width) { + case NL80211_CHAN_WIDTH_5: +@@ -1471,6 +1472,11 @@ static void ieee80211_rx_mgmt_probe_req( + memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN); + ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa); + IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; + - static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, - u32 seq, int flags, - struct cfg80211_registered_device *rdev, -@@ -6507,6 +6623,9 @@ static int nl80211_testmode_dump(struct - NL80211_CMD_TESTMODE); - struct nlattr *tmdata; - -+ if (!hdr) -+ break; ++ /* avoid excessive retries for probe request to wildcard SSIDs */ ++ if (pos[1] == 0) ++ IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_NO_ACK; + - if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { - genlmsg_cancel(skb, hdr); - break; -@@ -6615,12 +6734,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_ev - - void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) - { -+ struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; - void *hdr = ((void **)skb->cb)[1]; - struct nlattr *data = ((void **)skb->cb)[2]; - - nla_nest_end(skb, data); - genlmsg_end(skb, hdr); -- genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); -+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0, -+ nl80211_testmode_mcgrp.id, gfp); + ieee80211_tx_skb(sdata, skb); } - EXPORT_SYMBOL(cfg80211_testmode_event); - #endif -@@ -6949,9 +7070,8 @@ static int nl80211_remain_on_channel(str - - hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0, - NL80211_CMD_REMAIN_ON_CHANNEL); -- -- if (IS_ERR(hdr)) { -- err = PTR_ERR(hdr); -+ if (!hdr) { -+ err = -ENOBUFS; - goto free_msg; - } - -@@ -7249,9 +7369,8 @@ static int nl80211_tx_mgmt(struct sk_buf - - hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0, - NL80211_CMD_FRAME); -- -- if (IS_ERR(hdr)) { -- err = PTR_ERR(hdr); -+ if (!hdr) { -+ err = -ENOBUFS; - goto free_msg; - } - } -@@ -7593,12 +7712,11 @@ static int nl80211_send_wowlan_patterns( - if (!nl_pat) - return -ENOBUFS; - pat_len = wowlan->patterns[i].pattern_len; -- if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, -- DIV_ROUND_UP(pat_len, 8), -+ if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), - wowlan->patterns[i].mask) || -- nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, -- pat_len, wowlan->patterns[i].pattern) || -- nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET, -+ nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, -+ wowlan->patterns[i].pattern) || -+ nla_put_u32(msg, NL80211_PKTPAT_OFFSET, - wowlan->patterns[i].pkt_offset)) - return -ENOBUFS; - nla_nest_end(msg, nl_pat); -@@ -7939,7 +8057,7 @@ static int nl80211_set_wowlan(struct sk_ - struct nlattr *pat; - int n_patterns = 0; - int rem, pat_len, mask_len, pkt_offset; -- struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; -+ struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; - - nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], - rem) -@@ -7958,26 +8076,25 @@ static int nl80211_set_wowlan(struct sk_ - - nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], - rem) { -- nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, -- nla_data(pat), nla_len(pat), NULL); -+ nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat), -+ nla_len(pat), NULL); - err = -EINVAL; -- if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || -- !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) -+ if (!pat_tb[NL80211_PKTPAT_MASK] || -+ !pat_tb[NL80211_PKTPAT_PATTERN]) - goto error; -- pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); -+ pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); - mask_len = DIV_ROUND_UP(pat_len, 8); -- if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != -- mask_len) -+ if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) - goto error; - if (pat_len > wowlan->pattern_max_len || - pat_len < wowlan->pattern_min_len) - goto error; - -- if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]) -+ if (!pat_tb[NL80211_PKTPAT_OFFSET]) - pkt_offset = 0; - else - pkt_offset = nla_get_u32( -- pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]); -+ pat_tb[NL80211_PKTPAT_OFFSET]); - if (pkt_offset > wowlan->max_pkt_offset) - goto error; - new_triggers.patterns[i].pkt_offset = pkt_offset; -@@ -7991,11 +8108,11 @@ static int nl80211_set_wowlan(struct sk_ - new_triggers.patterns[i].pattern = - new_triggers.patterns[i].mask + mask_len; - memcpy(new_triggers.patterns[i].mask, -- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), -+ nla_data(pat_tb[NL80211_PKTPAT_MASK]), - mask_len); - new_triggers.patterns[i].pattern_len = pat_len; - memcpy(new_triggers.patterns[i].pattern, -- nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), -+ nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), - pat_len); - i++; - } -@@ -8130,9 +8247,8 @@ static int nl80211_probe_client(struct s - - hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0, - NL80211_CMD_PROBE_CLIENT); -- -- if (IS_ERR(hdr)) { -- err = PTR_ERR(hdr); -+ if (!hdr) { -+ err = -ENOBUFS; - goto free_msg; - } - -@@ -9041,7 +9157,15 @@ static struct genl_ops nl80211_ops[] = { - .flags = GENL_ADMIN_PERM, - .internal_flags = NL80211_FLAG_NEED_WDEV_UP | - NL80211_FLAG_NEED_RTNL, -- } -+ }, -+ { -+ .cmd = NL80211_CMD_CHANNEL_SWITCH, -+ .doit = nl80211_channel_switch, -+ .policy = nl80211_policy, -+ .flags = GENL_ADMIN_PERM, -+ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | -+ NL80211_FLAG_NEED_RTNL, -+ }, - }; - - static struct genl_multicast_group nl80211_mlme_mcgrp = { -@@ -10066,7 +10190,8 @@ void cfg80211_mgmt_tx_status(struct wire - genlmsg_end(msg, hdr); - -- genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); -+ genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, -+ nl80211_mlme_mcgrp.id, gfp); - return; - - nla_put_failure: ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -2247,10 +2247,13 @@ int reg_device_uevent(struct device *dev - - void wiphy_regulatory_register(struct wiphy *wiphy) - { -+ struct regulatory_request *lr; -+ - if (!reg_dev_ignore_cell_hint(wiphy)) - reg_num_devs_support_basehint++; +--- a/net/mac80211/mesh.c ++++ b/net/mac80211/mesh.c +@@ -872,6 +872,8 @@ ieee80211_mesh_process_chnswitch(struct + if (!ifmsh->mesh_id) + return false; -- wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE); -+ lr = get_last_request(); -+ wiphy_update_regulatory(wiphy, lr->initiator); - } ++ sdata_assert_lock(sdata); ++ + sta_flags = IEEE80211_STA_DISABLE_VHT; + switch (sdata->vif.bss_conf.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: +--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c ++++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c +@@ -4658,6 +4658,7 @@ brcmf_notify_connect_status(struct brcmf + struct brcmf_cfg80211_info *cfg = ifp->drvr->config; + struct net_device *ndev = ifp->ndev; + struct brcmf_cfg80211_profile *profile = &ifp->vif->profile; ++ struct ieee80211_channel *chan; + s32 err = 0; + + if (ifp->vif->mode == WL_MODE_AP) { +@@ -4665,9 +4666,10 @@ brcmf_notify_connect_status(struct brcmf + } else if (brcmf_is_linkup(e)) { + brcmf_dbg(CONN, "Linkup\n"); + if (brcmf_is_ibssmode(ifp->vif)) { ++ chan = ieee80211_get_channel(cfg->wiphy, cfg->channel); + memcpy(profile->bssid, e->addr, ETH_ALEN); + wl_inform_ibss(cfg, ndev, e->addr); +- cfg80211_ibss_joined(ndev, e->addr, GFP_KERNEL); ++ cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL); + clear_bit(BRCMF_VIF_STATUS_CONNECTING, + &ifp->vif->sme_state); + set_bit(BRCMF_VIF_STATUS_CONNECTED, +--- a/drivers/net/wireless/libertas/cfg.c ++++ b/drivers/net/wireless/libertas/cfg.c +@@ -1766,7 +1766,8 @@ static void lbs_join_post(struct lbs_pri + memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); + priv->wdev->ssid_len = params->ssid_len; + +- cfg80211_ibss_joined(priv->dev, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, ++ GFP_KERNEL); + + /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ + priv->connect_status = LBS_CONNECTED; +--- a/drivers/net/wireless/mwifiex/cfg80211.c ++++ b/drivers/net/wireless/mwifiex/cfg80211.c +@@ -1881,7 +1881,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy + params->privacy); + done: + if (!ret) { +- cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, ++ params->chandef.chan, GFP_KERNEL); + dev_dbg(priv->adapter->dev, + "info: joined/created adhoc network with bssid" + " %pM successfully\n", priv->cfg_bssid); +--- a/drivers/net/wireless/rndis_wlan.c ++++ b/drivers/net/wireless/rndis_wlan.c +@@ -2835,7 +2835,9 @@ static void rndis_wlan_do_link_up_work(s + bssid, req_ie, req_ie_len, + resp_ie, resp_ie_len, GFP_KERNEL); + } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC) +- cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(usbdev->net, bssid, ++ get_current_channel(usbdev, NULL), ++ GFP_KERNEL); - void wiphy_regulatory_deregister(struct wiphy *wiphy) -@@ -2279,7 +2282,9 @@ void wiphy_regulatory_deregister(struct - static void reg_timeout_work(struct work_struct *work) - { - REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); -+ rtnl_lock(); - restore_regulatory_settings(true); -+ rtnl_unlock(); - } + kfree(info); - int __init regulatory_init(void) ---- a/net/wireless/sme.c -+++ b/net/wireless/sme.c -@@ -34,8 +34,10 @@ struct cfg80211_conn { - CFG80211_CONN_SCAN_AGAIN, - CFG80211_CONN_AUTHENTICATE_NEXT, - CFG80211_CONN_AUTHENTICATING, -+ CFG80211_CONN_AUTH_FAILED, - CFG80211_CONN_ASSOCIATE_NEXT, - CFG80211_CONN_ASSOCIATING, -+ CFG80211_CONN_ASSOC_FAILED, - CFG80211_CONN_DEAUTH, - CFG80211_CONN_CONNECTED, - } state; -@@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct - NULL, 0, - params->key, params->key_len, - params->key_idx, NULL, 0); -+ case CFG80211_CONN_AUTH_FAILED: -+ return -ENOTCONN; - case CFG80211_CONN_ASSOCIATE_NEXT: - BUG_ON(!rdev->ops->assoc); - wdev->conn->state = CFG80211_CONN_ASSOCIATING; -@@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct - WLAN_REASON_DEAUTH_LEAVING, - false); - return err; -+ case CFG80211_CONN_ASSOC_FAILED: -+ cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, -+ NULL, 0, -+ WLAN_REASON_DEAUTH_LEAVING, false); -+ return -ENOTCONN; - case CFG80211_CONN_DEAUTH: - cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, - NULL, 0, - WLAN_REASON_DEAUTH_LEAVING, false); -+ /* free directly, disconnected event already sent */ -+ cfg80211_sme_free(wdev); - return 0; - default: - return 0; -@@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct w - return true; - } +--- a/net/wireless/ibss.c ++++ b/net/wireless/ibss.c +@@ -14,7 +14,8 @@ + #include "rdev-ops.h" -- wdev->conn->state = CFG80211_CONN_DEAUTH; -+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; - schedule_work(&rdev->conn_work); - return false; - } -@@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless - void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) +-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid) ++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel) { -- cfg80211_sme_free(wdev); -+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); -+ -+ if (!wdev->conn) -+ return; -+ -+ wdev->conn->state = CFG80211_CONN_AUTH_FAILED; -+ schedule_work(&rdev->conn_work); - } + struct wireless_dev *wdev = dev->ieee80211_ptr; + struct cfg80211_bss *bss; +@@ -28,8 +29,7 @@ void __cfg80211_ibss_joined(struct net_d + if (!wdev->ssid_len) + return; - void cfg80211_sme_disassoc(struct wireless_dev *wdev) -@@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wirele +- bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, +- wdev->ssid, wdev->ssid_len, ++ bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, NULL, 0, + WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_IBSS); - void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) - { -- cfg80211_sme_disassoc(wdev); -+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); -+ -+ if (!wdev->conn) -+ return; -+ -+ wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; -+ schedule_work(&rdev->conn_work); + if (WARN_ON(!bss)) +@@ -54,21 +54,26 @@ void __cfg80211_ibss_joined(struct net_d + #endif } - static int cfg80211_sme_connect(struct wireless_dev *wdev, -@@ -953,21 +976,19 @@ int cfg80211_disconnect(struct cfg80211_ - struct net_device *dev, u16 reason, bool wextev) +-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp) ++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel, gfp_t gfp) { struct wireless_dev *wdev = dev->ieee80211_ptr; -- int err; -+ int err = 0; - - ASSERT_WDEV_LOCK(wdev); - - kfree(wdev->connect_keys); - wdev->connect_keys = NULL; - -- if (wdev->conn) { -+ if (wdev->conn) - err = cfg80211_sme_disconnect(wdev, reason); -- } else if (!rdev->ops->disconnect) { -+ else if (!rdev->ops->disconnect) - cfg80211_mlme_down(rdev, dev); -- err = 0; -- } else { -+ else if (wdev->current_bss) - err = rdev_disconnect(rdev, dev, reason); -- } + struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); + struct cfg80211_event *ev; + unsigned long flags; - return err; - } ---- a/net/mac80211/rc80211_minstrel.c -+++ b/net/mac80211/rc80211_minstrel.c -@@ -203,6 +203,15 @@ minstrel_update_stats(struct minstrel_pr - memcpy(mi->max_tp_rate, tmp_tp_rate, sizeof(mi->max_tp_rate)); - mi->max_prob_rate = tmp_prob_rate; - -+#ifdef CPTCFG_MAC80211_DEBUGFS -+ /* use fixed index if set */ -+ if (mp->fixed_rate_idx != -1) { -+ mi->max_tp_rate[0] = mp->fixed_rate_idx; -+ mi->max_tp_rate[1] = mp->fixed_rate_idx; -+ mi->max_prob_rate = mp->fixed_rate_idx; -+ } -+#endif -+ - /* Reset update timer */ - mi->stats_update = jiffies; - -@@ -290,7 +299,7 @@ minstrel_get_rate(void *priv, struct iee - struct minstrel_rate *msr, *mr; - unsigned int ndx; - bool mrr_capable; -- bool prev_sample = mi->prev_sample; -+ bool prev_sample; - int delta; - int sampling_ratio; - -@@ -310,10 +319,16 @@ minstrel_get_rate(void *priv, struct iee - /* increase sum packet counter */ - mi->packet_count++; - -+#ifdef CPTCFG_MAC80211_DEBUGFS -+ if (mp->fixed_rate_idx != -1) -+ return; -+#endif +- trace_cfg80211_ibss_joined(dev, bssid); ++ trace_cfg80211_ibss_joined(dev, bssid, channel); + - delta = (mi->packet_count * sampling_ratio / 100) - - (mi->sample_count + mi->sample_deferred / 2); - - /* delta < 0: no sampling required */ -+ prev_sample = mi->prev_sample; - mi->prev_sample = false; - if (delta < 0 || (!mrr_capable && prev_sample)) - return; ---- a/drivers/net/wireless/rt2x00/rt2x00queue.c -+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -936,13 +936,8 @@ void rt2x00queue_index_inc(struct queue_ - spin_unlock_irqrestore(&queue->index_lock, irqflags); - } - --void rt2x00queue_pause_queue(struct data_queue *queue) -+void rt2x00queue_pause_queue_nocheck(struct data_queue *queue) - { -- if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) || -- !test_bit(QUEUE_STARTED, &queue->flags) || -- test_and_set_bit(QUEUE_PAUSED, &queue->flags)) -- return; -- - switch (queue->qid) { - case QID_AC_VO: - case QID_AC_VI: -@@ -958,6 +953,15 @@ void rt2x00queue_pause_queue(struct data - break; - } - } -+void rt2x00queue_pause_queue(struct data_queue *queue) -+{ -+ if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) || -+ !test_bit(QUEUE_STARTED, &queue->flags) || -+ test_and_set_bit(QUEUE_PAUSED, &queue->flags)) ++ if (WARN_ON(!channel)) + return; -+ -+ rt2x00queue_pause_queue_nocheck(queue); -+} - EXPORT_SYMBOL_GPL(rt2x00queue_pause_queue); - void rt2x00queue_unpause_queue(struct data_queue *queue) -@@ -1019,7 +1023,7 @@ void rt2x00queue_stop_queue(struct data_ + ev = kzalloc(sizeof(*ev), gfp); + if (!ev) return; - } - -- rt2x00queue_pause_queue(queue); -+ rt2x00queue_pause_queue_nocheck(queue); - - queue->rt2x00dev->ops->lib->stop_queue(queue); - ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -31,10 +31,12 @@ - #include "led.h" - - #define IEEE80211_AUTH_TIMEOUT (HZ / 5) -+#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) - #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) - #define IEEE80211_AUTH_MAX_TRIES 3 - #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) - #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) -+#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) - #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) - #define IEEE80211_ASSOC_MAX_TRIES 3 - -@@ -209,8 +211,9 @@ ieee80211_determine_chantype(struct ieee - struct ieee80211_channel *channel, - const struct ieee80211_ht_operation *ht_oper, - const struct ieee80211_vht_operation *vht_oper, -- struct cfg80211_chan_def *chandef, bool verbose) -+ struct cfg80211_chan_def *chandef, bool tracking) - { -+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; - struct cfg80211_chan_def vht_chandef; - u32 ht_cfreq, ret; - -@@ -229,7 +232,7 @@ ieee80211_determine_chantype(struct ieee - ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, - channel->band); - /* check that channel matches the right operating channel */ -- if (channel->center_freq != ht_cfreq) { -+ if (!tracking && channel->center_freq != ht_cfreq) { - /* - * It's possible that some APs are confused here; - * Netgear WNDR3700 sometimes reports 4 higher than -@@ -237,11 +240,10 @@ ieee80211_determine_chantype(struct ieee - * since we look at probe response/beacon data here - * it should be OK. - */ -- if (verbose) -- sdata_info(sdata, -- "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", -- channel->center_freq, ht_cfreq, -- ht_oper->primary_chan, channel->band); -+ sdata_info(sdata, -+ "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", -+ channel->center_freq, ht_cfreq, -+ ht_oper->primary_chan, channel->band); - ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; - goto out; - } -@@ -295,7 +297,7 @@ ieee80211_determine_chantype(struct ieee - channel->band); - break; - default: -- if (verbose) -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) - sdata_info(sdata, - "AP VHT operation IE has invalid channel width (%d), disable VHT\n", - vht_oper->chan_width); -@@ -304,7 +306,7 @@ ieee80211_determine_chantype(struct ieee - } - - if (!cfg80211_chandef_valid(&vht_chandef)) { -- if (verbose) -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) - sdata_info(sdata, - "AP VHT information is invalid, disable VHT\n"); - ret = IEEE80211_STA_DISABLE_VHT; -@@ -317,7 +319,7 @@ ieee80211_determine_chantype(struct ieee - } - - if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { -- if (verbose) -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) - sdata_info(sdata, - "AP VHT information doesn't match HT, disable VHT\n"); - ret = IEEE80211_STA_DISABLE_VHT; -@@ -333,18 +335,27 @@ out: - if (ret & IEEE80211_STA_DISABLE_VHT) - vht_chandef = *chandef; - -+ /* -+ * Ignore the DISABLED flag when we're already connected and only -+ * tracking the APs beacon for bandwidth changes - otherwise we -+ * might get disconnected here if we connect to an AP, update our -+ * regulatory information based on the AP's country IE and the -+ * information we have is wrong/outdated and disables the channel -+ * that we're actually using for the connection to the AP. -+ */ - while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, -- IEEE80211_CHAN_DISABLED)) { -+ tracking ? 0 : -+ IEEE80211_CHAN_DISABLED)) { - if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { - ret = IEEE80211_STA_DISABLE_HT | - IEEE80211_STA_DISABLE_VHT; -- goto out; -+ break; - } - - ret |= chandef_downgrade(chandef); - } - -- if (chandef->width != vht_chandef.width && verbose) -+ if (chandef->width != vht_chandef.width && !tracking) - sdata_info(sdata, - "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); - -@@ -384,7 +395,7 @@ static int ieee80211_config_bw(struct ie - - /* calculate new channel (type) based on HT/VHT operation IEs */ - flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, -- vht_oper, &chandef, false); -+ vht_oper, &chandef, true); - - /* - * Downgrade the new channel if we associated with restricted -@@ -1043,6 +1054,13 @@ ieee80211_sta_process_chanswitch(struct - if (!ieee80211_operating_class_to_band( - elems->ext_chansw_ie->new_operating_class, - &new_band)) { -+ /* -+ * Some APs send invalid ECSA IEs in probe response -+ * frames, so check for these and ignore them. -+ */ -+ if (beacon && elems->ext_chansw_ie->new_ch_num == 0 && -+ elems->ext_chansw_ie->new_operating_class == 0) -+ return; - sdata_info(sdata, - "cannot understand ECSA IE operating class %d, disconnecting\n", - elems->ext_chansw_ie->new_operating_class); -@@ -1110,6 +1128,15 @@ ieee80211_sta_process_chanswitch(struct - case -1: - cfg80211_chandef_create(&new_chandef, new_chan, - NL80211_CHAN_NO_HT); -+ /* keep width for 5/10 MHz channels */ -+ switch (sdata->vif.bss_conf.chandef.width) { -+ case NL80211_CHAN_WIDTH_5: -+ case NL80211_CHAN_WIDTH_10: -+ new_chandef.width = sdata->vif.bss_conf.chandef.width; -+ break; -+ default: -+ break; -+ } - break; - } - -@@ -3394,10 +3421,13 @@ static int ieee80211_probe_auth(struct i - - if (tx_flags == 0) { - auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; -- ifmgd->auth_data->timeout_started = true; -+ auth_data->timeout_started = true; - run_again(sdata, auth_data->timeout); - } else { -- auth_data->timeout_started = false; -+ auth_data->timeout = -+ round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); -+ auth_data->timeout_started = true; -+ run_again(sdata, auth_data->timeout); - } - - return 0; -@@ -3434,7 +3464,11 @@ static int ieee80211_do_assoc(struct iee - assoc_data->timeout_started = true; - run_again(sdata, assoc_data->timeout); - } else { -- assoc_data->timeout_started = false; -+ assoc_data->timeout = -+ round_jiffies_up(jiffies + -+ IEEE80211_ASSOC_TIMEOUT_LONG); -+ assoc_data->timeout_started = true; -+ run_again(sdata, assoc_data->timeout); - } - - return 0; -@@ -3829,7 +3863,7 @@ static int ieee80211_prep_channel(struct - ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, - cbss->channel, - ht_oper, vht_oper, -- &chandef, true); -+ &chandef, false); - - sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), - local->rx_chains); ---- a/net/wireless/core.c -+++ b/net/wireless/core.c -@@ -772,6 +772,7 @@ void cfg80211_leave(struct cfg80211_regi - cfg80211_leave_mesh(rdev, dev); - break; - case NL80211_IFTYPE_AP: -+ case NL80211_IFTYPE_P2P_GO: - cfg80211_stop_ap(rdev, dev); - break; - default: ---- a/drivers/net/wireless/rtlwifi/Kconfig -+++ b/drivers/net/wireless/rtlwifi/Kconfig -@@ -1,29 +1,22 @@ --config RTLWIFI -- tristate "Realtek wireless card support" -+menuconfig RTL_CARDS -+ tristate "Realtek rtlwifi family of devices" - depends on m -- depends on MAC80211 -- select BACKPORT_FW_LOADER -- ---help--- -- This is common code for RTL8192CE/RTL8192CU/RTL8192SE/RTL8723AE -- drivers. This module does nothing by itself - the various front-end -- drivers need to be enabled to support any desired devices. -- -- If you choose to build as a module, it'll be called rtlwifi. -- --config RTLWIFI_DEBUG -- bool "Debugging output for rtlwifi driver family" -- depends on RTLWIFI -+ depends on MAC80211 && (PCI || USB) - default y - ---help--- -- To use the module option that sets the dynamic-debugging level for, -- the front-end driver, this parameter must be "Y". For memory-limited -- systems, choose "N". If in doubt, choose "Y". -+ This option will enable support for the Realtek mac80211-based -+ wireless drivers. Drivers rtl8192ce, rtl8192cu, rtl8192se, rtl8192de, -+ rtl8723eu, and rtl8188eu share some common code. -+ -+if RTL_CARDS - - config RTL8192CE - tristate "Realtek RTL8192CE/RTL8188CE Wireless Network Adapter" - depends on m -- depends on RTLWIFI && PCI -+ depends on PCI - select RTL8192C_COMMON -+ select RTLWIFI -+ select RTLWIFI_PCI - ---help--- - This is the driver for Realtek RTL8192CE/RTL8188CE 802.11n PCIe - wireless network adapters. -@@ -33,7 +26,9 @@ config RTL8192CE - config RTL8192SE - tristate "Realtek RTL8192SE/RTL8191SE PCIe Wireless Network Adapter" - depends on m -- depends on RTLWIFI && PCI -+ depends on PCI -+ select RTLWIFI -+ select RTLWIFI_PCI - ---help--- - This is the driver for Realtek RTL8192SE/RTL8191SE 802.11n PCIe - wireless network adapters. -@@ -43,7 +38,9 @@ config RTL8192SE - config RTL8192DE - tristate "Realtek RTL8192DE/RTL8188DE PCIe Wireless Network Adapter" - depends on m -- depends on RTLWIFI && PCI -+ depends on PCI -+ select RTLWIFI -+ select RTLWIFI_PCI - ---help--- - This is the driver for Realtek RTL8192DE/RTL8188DE 802.11n PCIe - wireless network adapters. -@@ -53,7 +50,9 @@ config RTL8192DE - config RTL8723AE - tristate "Realtek RTL8723AE PCIe Wireless Network Adapter" - depends on m -- depends on RTLWIFI && PCI -+ depends on PCI -+ select RTLWIFI -+ select RTLWIFI_PCI - ---help--- - This is the driver for Realtek RTL8723AE 802.11n PCIe - wireless network adapters. -@@ -63,7 +62,9 @@ config RTL8723AE - config RTL8188EE - tristate "Realtek RTL8188EE Wireless Network Adapter" - depends on m -- depends on RTLWIFI && PCI -+ depends on PCI -+ select RTLWIFI -+ select RTLWIFI_PCI - ---help--- - This is the driver for Realtek RTL8188EE 802.11n PCIe - wireless network adapters. -@@ -73,7 +74,9 @@ config RTL8188EE - config RTL8192CU - tristate "Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter" - depends on m -- depends on RTLWIFI && USB -+ depends on USB -+ select RTLWIFI -+ select RTLWIFI_USB - select RTL8192C_COMMON - ---help--- - This is the driver for Realtek RTL8192CU/RTL8188CU 802.11n USB -@@ -81,8 +84,32 @@ config RTL8192CU - - If you choose to build it as a module, it will be called rtl8192cu - -+config RTLWIFI -+ tristate -+ depends on m -+ select BACKPORT_FW_LOADER -+ -+config RTLWIFI_PCI -+ tristate -+ depends on m -+ -+config RTLWIFI_USB -+ tristate -+ depends on m -+ -+config RTLWIFI_DEBUG -+ bool "Debugging output for rtlwifi driver family" -+ depends on RTLWIFI -+ default y -+ ---help--- -+ To use the module option that sets the dynamic-debugging level for, -+ the front-end driver, this parameter must be "Y". For memory-limited -+ systems, choose "N". If in doubt, choose "Y". -+ - config RTL8192C_COMMON - tristate - depends on m - depends on RTL8192CE || RTL8192CU -- default m -+ default y -+ -+endif ---- a/drivers/net/wireless/rtlwifi/Makefile -+++ b/drivers/net/wireless/rtlwifi/Makefile -@@ -12,13 +12,11 @@ rtlwifi-objs := \ - - rtl8192c_common-objs += \ - --ifneq ($(CONFIG_PCI),) --rtlwifi-objs += pci.o --endif -+obj-$(CPTCFG_RTLWIFI_PCI) += rtl_pci.o -+rtl_pci-objs := pci.o - --ifneq ($(CONFIG_USB),) --rtlwifi-objs += usb.o --endif -+obj-$(CPTCFG_RTLWIFI_USB) += rtl_usb.o -+rtl_usb-objs := usb.o - - obj-$(CPTCFG_RTL8192C_COMMON) += rtl8192c/ - obj-$(CPTCFG_RTL8192CE) += rtl8192ce/ ---- a/drivers/net/wireless/rtlwifi/ps.h -+++ b/drivers/net/wireless/rtlwifi/ps.h -@@ -49,5 +49,6 @@ void rtl_swlps_rf_awake(struct ieee80211 - void rtl_swlps_rf_sleep(struct ieee80211_hw *hw); - void rtl_p2p_ps_cmd(struct ieee80211_hw *hw, u8 p2p_ps_state); - void rtl_p2p_info(struct ieee80211_hw *hw, void *data, unsigned int len); -+void rtl_lps_change_work_callback(struct work_struct *work); - #endif ---- a/drivers/net/wireless/rtlwifi/base.c -+++ b/drivers/net/wireless/rtlwifi/base.c -@@ -173,6 +173,7 @@ u8 rtl_tid_to_ac(u8 tid) - { - return tid_to_ac[tid]; - } -+EXPORT_SYMBOL_GPL(rtl_tid_to_ac); + ev->type = EVENT_IBSS_JOINED; +- memcpy(ev->cr.bssid, bssid, ETH_ALEN); ++ memcpy(ev->ij.bssid, bssid, ETH_ALEN); ++ ev->ij.channel = channel; - static void _rtl_init_hw_ht_capab(struct ieee80211_hw *hw, - struct ieee80211_sta_ht_cap *ht_cap) -@@ -407,6 +408,7 @@ void rtl_deinit_deferred_work(struct iee - cancel_delayed_work(&rtlpriv->works.ps_rfon_wq); - cancel_delayed_work(&rtlpriv->works.fwevt_wq); - } -+EXPORT_SYMBOL_GPL(rtl_deinit_deferred_work); - - void rtl_init_rfkill(struct ieee80211_hw *hw) - { -@@ -440,6 +442,7 @@ void rtl_deinit_rfkill(struct ieee80211_ - { - wiphy_rfkill_stop_polling(hw->wiphy); - } -+EXPORT_SYMBOL_GPL(rtl_deinit_rfkill); - - int rtl_init_core(struct ieee80211_hw *hw) - { -@@ -490,10 +493,12 @@ int rtl_init_core(struct ieee80211_hw *h - - return 0; - } -+EXPORT_SYMBOL_GPL(rtl_init_core); - - void rtl_deinit_core(struct ieee80211_hw *hw) - { - } -+EXPORT_SYMBOL_GPL(rtl_deinit_core); - - void rtl_init_rx_config(struct ieee80211_hw *hw) - { -@@ -502,6 +507,7 @@ void rtl_init_rx_config(struct ieee80211 - - rtlpriv->cfg->ops->get_hw_reg(hw, HW_VAR_RCR, (u8 *) (&mac->rx_conf)); - } -+EXPORT_SYMBOL_GPL(rtl_init_rx_config); - - /********************************************************* - * -@@ -880,6 +886,7 @@ bool rtl_tx_mgmt_proc(struct ieee80211_h - - return true; - } -+EXPORT_SYMBOL_GPL(rtl_tx_mgmt_proc); - - void rtl_get_tcb_desc(struct ieee80211_hw *hw, - struct ieee80211_tx_info *info, -@@ -1053,6 +1060,7 @@ bool rtl_action_proc(struct ieee80211_hw - - return true; - } -+EXPORT_SYMBOL_GPL(rtl_action_proc); - - /*should call before software enc*/ - u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx) -@@ -1126,6 +1134,7 @@ u8 rtl_is_special_data(struct ieee80211_ - - return false; - } -+EXPORT_SYMBOL_GPL(rtl_is_special_data); - - /********************************************************* - * -@@ -1301,6 +1310,7 @@ void rtl_beacon_statistic(struct ieee802 - - rtlpriv->link_info.bcn_rx_inperiod++; - } -+EXPORT_SYMBOL_GPL(rtl_beacon_statistic); - - void rtl_watchdog_wq_callback(void *data) - { -@@ -1794,6 +1804,7 @@ void rtl_recognize_peer(struct ieee80211 - - mac->vendor = vendor; - } -+EXPORT_SYMBOL_GPL(rtl_recognize_peer); - - /********************************************************* - * -@@ -1850,6 +1861,7 @@ struct attribute_group rtl_attribute_gro - .name = "rtlsysfs", - .attrs = rtl_sysfs_entries, - }; -+EXPORT_SYMBOL_GPL(rtl_attribute_group); - - MODULE_AUTHOR("lizhaoming "); - MODULE_AUTHOR("Realtek WlanFAE "); -@@ -1857,7 +1869,8 @@ MODULE_AUTHOR("Larry Finger - #include -+#include -+ -+MODULE_AUTHOR("lizhaoming "); -+MODULE_AUTHOR("Realtek WlanFAE "); -+MODULE_AUTHOR("Larry Finger "); -+MODULE_LICENSE("GPL"); -+MODULE_DESCRIPTION("PCI basic driver for rtlwifi"); - - static const u16 pcibridge_vendors[PCI_BRIDGE_VENDOR_MAX] = { - PCI_VENDOR_ID_INTEL, -@@ -1008,19 +1015,6 @@ static void _rtl_pci_prepare_bcn_tasklet - return; - } - --static void rtl_lps_change_work_callback(struct work_struct *work) --{ -- struct rtl_works *rtlworks = -- container_of(work, struct rtl_works, lps_change_work); -- struct ieee80211_hw *hw = rtlworks->hw; -- struct rtl_priv *rtlpriv = rtl_priv(hw); -- -- if (rtlpriv->enter_ps) -- rtl_lps_enter(hw); -- else -- rtl_lps_leave(hw); --} -- - static void _rtl_pci_init_trx_var(struct ieee80211_hw *hw) - { - struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); -@@ -1899,7 +1893,7 @@ int rtl_pci_probe(struct pci_dev *pdev, - rtlpriv->rtlhal.interface = INTF_PCI; - rtlpriv->cfg = (struct rtl_hal_cfg *)(id->driver_data); - rtlpriv->intf_ops = &rtl_pci_ops; -- rtlpriv->glb_var = &global_var; -+ rtlpriv->glb_var = &rtl_global_var; - - /* - *init dbgp flags before all ---- a/drivers/net/wireless/rtlwifi/ps.c -+++ b/drivers/net/wireless/rtlwifi/ps.c -@@ -269,6 +269,7 @@ void rtl_ips_nic_on(struct ieee80211_hw - - spin_unlock_irqrestore(&rtlpriv->locks.ips_lock, flags); - } -+EXPORT_SYMBOL_GPL(rtl_ips_nic_on); - - /*for FW LPS*/ - -@@ -518,6 +519,7 @@ void rtl_swlps_beacon(struct ieee80211_h - "u_bufferd: %x, m_buffered: %x\n", u_buffed, m_buffed); - } - } -+EXPORT_SYMBOL_GPL(rtl_swlps_beacon); - - void rtl_swlps_rf_awake(struct ieee80211_hw *hw) - { -@@ -611,6 +613,19 @@ void rtl_swlps_rf_sleep(struct ieee80211 - MSECS(sleep_intv * mac->vif->bss_conf.beacon_int - 40)); - } - -+void rtl_lps_change_work_callback(struct work_struct *work) -+{ -+ struct rtl_works *rtlworks = -+ container_of(work, struct rtl_works, lps_change_work); -+ struct ieee80211_hw *hw = rtlworks->hw; -+ struct rtl_priv *rtlpriv = rtl_priv(hw); -+ -+ if (rtlpriv->enter_ps) -+ rtl_lps_enter(hw); -+ else -+ rtl_lps_leave(hw); -+} -+EXPORT_SYMBOL_GPL(rtl_lps_change_work_callback); - - void rtl_swlps_wq_callback(void *data) - { -@@ -922,3 +937,4 @@ void rtl_p2p_info(struct ieee80211_hw *h - else - rtl_p2p_noa_ie(hw, data, len - FCS_LEN); - } -+EXPORT_SYMBOL_GPL(rtl_p2p_info); ---- a/drivers/net/wireless/rtlwifi/usb.c -+++ b/drivers/net/wireless/rtlwifi/usb.c -@@ -32,6 +32,13 @@ - #include "ps.h" - #include "rtl8192c/fw_common.h" - #include -+#include -+ -+MODULE_AUTHOR("lizhaoming "); -+MODULE_AUTHOR("Realtek WlanFAE "); -+MODULE_AUTHOR("Larry Finger "); -+MODULE_LICENSE("GPL"); -+MODULE_DESCRIPTION("USB basic driver for rtlwifi"); - - #define REALTEK_USB_VENQT_READ 0xC0 - #define REALTEK_USB_VENQT_WRITE 0x40 -@@ -1070,6 +1077,8 @@ int rtl_usb_probe(struct usb_interface * - spin_lock_init(&rtlpriv->locks.usb_lock); - INIT_WORK(&rtlpriv->works.fill_h2c_cmd, - rtl_fill_h2c_cmd_work_callback); -+ INIT_WORK(&rtlpriv->works.lps_change_work, -+ rtl_lps_change_work_callback); - - rtlpriv->usb_data_index = 0; - init_completion(&rtlpriv->firmware_loading_complete); ---- a/drivers/net/wireless/ath/ath9k/ath9k.h -+++ b/drivers/net/wireless/ath/ath9k/ath9k.h -@@ -72,17 +72,12 @@ struct ath_config { - /*************************/ - - #define ATH_TXBUF_RESET(_bf) do { \ -- (_bf)->bf_stale = false; \ - (_bf)->bf_lastbf = NULL; \ - (_bf)->bf_next = NULL; \ - memset(&((_bf)->bf_state), 0, \ - sizeof(struct ath_buf_state)); \ - } while (0) - --#define ATH_RXBUF_RESET(_bf) do { \ -- (_bf)->bf_stale = false; \ -- } while (0) -- - /** - * enum buffer_type - Buffer type flags - * -@@ -137,7 +132,8 @@ int ath_descdma_setup(struct ath_softc * - #define ATH_AGGR_ENCRYPTDELIM 10 - /* minimum h/w qdepth to be sustained to maximize aggregation */ - #define ATH_AGGR_MIN_QDEPTH 2 --#define ATH_AMPDU_SUBFRAME_DEFAULT 32 -+/* minimum h/w qdepth for non-aggregated traffic */ -+#define ATH_NON_AGGR_MIN_QDEPTH 8 - - #define IEEE80211_SEQ_SEQ_SHIFT 4 - #define IEEE80211_SEQ_MAX 4096 -@@ -174,12 +170,6 @@ int ath_descdma_setup(struct ath_softc * - - #define ATH_TX_COMPLETE_POLL_INT 1000 - --enum ATH_AGGR_STATUS { -- ATH_AGGR_DONE, -- ATH_AGGR_BAW_CLOSED, -- ATH_AGGR_LIMITED, --}; -- - #define ATH_TXFIFO_DEPTH 8 - struct ath_txq { - int mac80211_qnum; /* mac80211 queue number, -1 means not mac80211 Q */ -@@ -201,10 +191,10 @@ struct ath_txq { - - struct ath_atx_ac { - struct ath_txq *txq; -- int sched; - struct list_head list; - struct list_head tid_q; - bool clear_ps_filter; -+ bool sched; - }; - - struct ath_frame_info { -@@ -212,14 +202,16 @@ struct ath_frame_info { - int framelen; - enum ath9k_key_type keytype; - u8 keyix; -- u8 retries; - u8 rtscts_rate; -+ u8 retries : 7; -+ u8 baw_tracked : 1; - }; - - struct ath_buf_state { - u8 bf_type; - u8 bfs_paprd; - u8 ndelim; -+ bool stale; - u16 seqno; - unsigned long bfs_paprd_timestamp; - }; -@@ -233,7 +225,6 @@ struct ath_buf { - void *bf_desc; /* virtual addr of desc */ - dma_addr_t bf_daddr; /* physical addr of desc */ - dma_addr_t bf_buf_addr; /* physical addr of data buffer, for DMA */ -- bool bf_stale; - struct ieee80211_tx_rate rates[4]; - struct ath_buf_state bf_state; - }; -@@ -241,16 +232,18 @@ struct ath_buf { - struct ath_atx_tid { - struct list_head list; - struct sk_buff_head buf_q; -+ struct sk_buff_head retry_q; - struct ath_node *an; - struct ath_atx_ac *ac; - unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)]; -- int bar_index; - u16 seq_start; - u16 seq_next; - u16 baw_size; -- int tidno; -+ u8 tidno; - int baw_head; /* first un-acked tx buffer */ - int baw_tail; /* next unused tx buffer slot */ -+ -+ s8 bar_index; - bool sched; - bool paused; - bool active; -@@ -262,12 +255,13 @@ struct ath_node { - struct ieee80211_vif *vif; /* interface with which we're associated */ - struct ath_atx_tid tid[IEEE80211_NUM_TIDS]; - struct ath_atx_ac ac[IEEE80211_NUM_ACS]; -- int ps_key; - - u16 maxampdu; - u8 mpdudensity; -+ s8 ps_key; - - bool sleeping; -+ bool no_ps_filter; - - #if defined(CPTCFG_MAC80211_DEBUGFS) && defined(CPTCFG_ATH9K_DEBUGFS) - struct dentry *node_stat; -@@ -317,6 +311,7 @@ struct ath_rx { - struct ath_descdma rxdma; - struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX]; - -+ struct ath_buf *buf_hold; - struct sk_buff *frag; - - u32 ampdu_ref; -@@ -367,6 +362,7 @@ void ath9k_release_buffered_frames(struc - /********/ - - struct ath_vif { -+ struct ath_node mcast_node; - int av_bslot; - bool primary_sta_vif; - __le64 tsf_adjust; /* TSF adjustment for staggered beacons */ -@@ -585,19 +581,14 @@ static inline void ath_fill_led_pin(stru - #define ATH_ANT_DIV_COMB_MAX_COUNT 100 - #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO 30 - #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2 20 -+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO_LOW_RSSI 50 -+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2_LOW_RSSI 50 - - #define ATH_ANT_DIV_COMB_LNA1_LNA2_SWITCH_DELTA -1 - #define ATH_ANT_DIV_COMB_LNA1_DELTA_HI -4 - #define ATH_ANT_DIV_COMB_LNA1_DELTA_MID -2 - #define ATH_ANT_DIV_COMB_LNA1_DELTA_LOW 2 - --enum ath9k_ant_div_comb_lna_conf { -- ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2, -- ATH_ANT_DIV_COMB_LNA2, -- ATH_ANT_DIV_COMB_LNA1, -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2, --}; -- - struct ath_ant_comb { - u16 count; - u16 total_pkt_count; -@@ -614,27 +605,36 @@ struct ath_ant_comb { - int rssi_first; - int rssi_second; - int rssi_third; -+ int ant_ratio; -+ int ant_ratio2; - bool alt_good; - int quick_scan_cnt; -- int main_conf; -+ enum ath9k_ant_div_comb_lna_conf main_conf; - enum ath9k_ant_div_comb_lna_conf first_quick_scan_conf; - enum ath9k_ant_div_comb_lna_conf second_quick_scan_conf; - bool first_ratio; - bool second_ratio; - unsigned long scan_start_time; -+ -+ /* -+ * Card-specific config values. -+ */ -+ int low_rssi_thresh; -+ int fast_div_bias; - }; - - void ath_ant_comb_scan(struct ath_softc *sc, struct ath_rx_status *rs); --void ath_ant_comb_update(struct ath_softc *sc); - - /********************/ - /* Main driver core */ - /********************/ - --#define ATH9K_PCI_CUS198 0x0001 --#define ATH9K_PCI_CUS230 0x0002 --#define ATH9K_PCI_CUS217 0x0004 --#define ATH9K_PCI_WOW 0x0008 -+#define ATH9K_PCI_CUS198 0x0001 -+#define ATH9K_PCI_CUS230 0x0002 -+#define ATH9K_PCI_CUS217 0x0004 -+#define ATH9K_PCI_WOW 0x0008 -+#define ATH9K_PCI_BT_ANT_DIV 0x0010 -+#define ATH9K_PCI_D3_L1_WAR 0x0020 - - /* - * Default cache line size, in bytes. ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -270,25 +270,29 @@ static const struct file_operations fops - .llseek = default_llseek, - }; - --static ssize_t read_file_ant_diversity(struct file *file, char __user *user_buf, -- size_t count, loff_t *ppos) -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ -+static ssize_t read_file_bt_ant_diversity(struct file *file, -+ char __user *user_buf, -+ size_t count, loff_t *ppos) - { - struct ath_softc *sc = file->private_data; - struct ath_common *common = ath9k_hw_common(sc->sc_ah); - char buf[32]; - unsigned int len; - -- len = sprintf(buf, "%d\n", common->antenna_diversity); -+ len = sprintf(buf, "%d\n", common->bt_ant_diversity); - return simple_read_from_buffer(user_buf, count, ppos, buf, len); - } - --static ssize_t write_file_ant_diversity(struct file *file, -- const char __user *user_buf, -- size_t count, loff_t *ppos) -+static ssize_t write_file_bt_ant_diversity(struct file *file, -+ const char __user *user_buf, -+ size_t count, loff_t *ppos) - { - struct ath_softc *sc = file->private_data; - struct ath_common *common = ath9k_hw_common(sc->sc_ah); -- unsigned long antenna_diversity; -+ struct ath9k_hw_capabilities *pCap = &sc->sc_ah->caps; -+ unsigned long bt_ant_diversity; - char buf[32]; - ssize_t len; - -@@ -296,26 +300,147 @@ static ssize_t write_file_ant_diversity( - if (copy_from_user(buf, user_buf, len)) - return -EFAULT; - -- if (!AR_SREV_9565(sc->sc_ah)) -+ if (!(pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV)) - goto exit; - - buf[len] = '\0'; -- if (strict_strtoul(buf, 0, &antenna_diversity)) -+ if (kstrtoul(buf, 0, &bt_ant_diversity)) - return -EINVAL; - -- common->antenna_diversity = !!antenna_diversity; -+ common->bt_ant_diversity = !!bt_ant_diversity; - ath9k_ps_wakeup(sc); -- ath_ant_comb_update(sc); -- ath_dbg(common, CONFIG, "Antenna diversity: %d\n", -- common->antenna_diversity); -+ ath9k_hw_set_bt_ant_diversity(sc->sc_ah, common->bt_ant_diversity); -+ ath_dbg(common, CONFIG, "Enable WLAN/BT RX Antenna diversity: %d\n", -+ common->bt_ant_diversity); - ath9k_ps_restore(sc); - exit: - return count; - } - --static const struct file_operations fops_ant_diversity = { -- .read = read_file_ant_diversity, -- .write = write_file_ant_diversity, -+static const struct file_operations fops_bt_ant_diversity = { -+ .read = read_file_bt_ant_diversity, -+ .write = write_file_bt_ant_diversity, -+ .open = simple_open, -+ .owner = THIS_MODULE, -+ .llseek = default_llseek, -+}; -+ -+#endif -+ -+void ath9k_debug_stat_ant(struct ath_softc *sc, -+ struct ath_hw_antcomb_conf *div_ant_conf, -+ int main_rssi_avg, int alt_rssi_avg) -+{ -+ struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN]; -+ struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT]; -+ -+ as_main->lna_attempt_cnt[div_ant_conf->main_lna_conf]++; -+ as_alt->lna_attempt_cnt[div_ant_conf->alt_lna_conf]++; -+ -+ as_main->rssi_avg = main_rssi_avg; -+ as_alt->rssi_avg = alt_rssi_avg; -+} -+ -+static ssize_t read_file_antenna_diversity(struct file *file, -+ char __user *user_buf, -+ size_t count, loff_t *ppos) -+{ -+ struct ath_softc *sc = file->private_data; -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath9k_hw_capabilities *pCap = &ah->caps; -+ struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN]; -+ struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT]; -+ struct ath_hw_antcomb_conf div_ant_conf; -+ unsigned int len = 0, size = 1024; -+ ssize_t retval = 0; -+ char *buf; -+ char *lna_conf_str[4] = {"LNA1_MINUS_LNA2", -+ "LNA2", -+ "LNA1", -+ "LNA1_PLUS_LNA2"}; -+ -+ buf = kzalloc(size, GFP_KERNEL); -+ if (buf == NULL) -+ return -ENOMEM; -+ -+ if (!(pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB)) { -+ len += snprintf(buf + len, size - len, "%s\n", -+ "Antenna Diversity Combining is disabled"); -+ goto exit; -+ } -+ -+ ath9k_ps_wakeup(sc); -+ ath9k_hw_antdiv_comb_conf_get(ah, &div_ant_conf); -+ len += snprintf(buf + len, size - len, "Current MAIN config : %s\n", -+ lna_conf_str[div_ant_conf.main_lna_conf]); -+ len += snprintf(buf + len, size - len, "Current ALT config : %s\n", -+ lna_conf_str[div_ant_conf.alt_lna_conf]); -+ len += snprintf(buf + len, size - len, "Average MAIN RSSI : %d\n", -+ as_main->rssi_avg); -+ len += snprintf(buf + len, size - len, "Average ALT RSSI : %d\n\n", -+ as_alt->rssi_avg); -+ ath9k_ps_restore(sc); -+ -+ len += snprintf(buf + len, size - len, "Packet Receive Cnt:\n"); -+ len += snprintf(buf + len, size - len, "-------------------\n"); -+ -+ len += snprintf(buf + len, size - len, "%30s%15s\n", -+ "MAIN", "ALT"); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "TOTAL COUNT", -+ as_main->recv_cnt, -+ as_alt->recv_cnt); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1", -+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1], -+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA2", -+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2], -+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1 + LNA2", -+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2], -+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1 - LNA2", -+ as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2], -+ as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]); -+ -+ len += snprintf(buf + len, size - len, "\nLNA Config Attempts:\n"); -+ len += snprintf(buf + len, size - len, "--------------------\n"); -+ -+ len += snprintf(buf + len, size - len, "%30s%15s\n", -+ "MAIN", "ALT"); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1", -+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1], -+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA2", -+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2], -+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1 + LNA2", -+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2], -+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]); -+ len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n", -+ "LNA1 - LNA2", -+ as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2], -+ as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]); -+ -+exit: -+ if (len > size) -+ len = size; -+ -+ retval = simple_read_from_buffer(user_buf, count, ppos, buf, len); -+ kfree(buf); -+ -+ return retval; -+} -+ -+static const struct file_operations fops_antenna_diversity = { -+ .read = read_file_antenna_diversity, - .open = simple_open, - .owner = THIS_MODULE, - .llseek = default_llseek, -@@ -607,6 +732,28 @@ static ssize_t read_file_xmit(struct fil - return retval; - } - -+static ssize_t print_queue(struct ath_softc *sc, struct ath_txq *txq, -+ char *buf, ssize_t size) -+{ -+ ssize_t len = 0; -+ -+ ath_txq_lock(sc, txq); -+ -+ len += snprintf(buf + len, size - len, "%s: %d ", -+ "qnum", txq->axq_qnum); -+ len += snprintf(buf + len, size - len, "%s: %2d ", -+ "qdepth", txq->axq_depth); -+ len += snprintf(buf + len, size - len, "%s: %2d ", -+ "ampdu-depth", txq->axq_ampdu_depth); -+ len += snprintf(buf + len, size - len, "%s: %3d ", -+ "pending", txq->pending_frames); -+ len += snprintf(buf + len, size - len, "%s: %d\n", -+ "stopped", txq->stopped); -+ -+ ath_txq_unlock(sc, txq); -+ return len; -+} -+ - static ssize_t read_file_queues(struct file *file, char __user *user_buf, - size_t count, loff_t *ppos) - { -@@ -624,24 +771,13 @@ static ssize_t read_file_queues(struct f - - for (i = 0; i < IEEE80211_NUM_ACS; i++) { - txq = sc->tx.txq_map[i]; -- len += snprintf(buf + len, size - len, "(%s): ", qname[i]); -- -- ath_txq_lock(sc, txq); -- -- len += snprintf(buf + len, size - len, "%s: %d ", -- "qnum", txq->axq_qnum); -- len += snprintf(buf + len, size - len, "%s: %2d ", -- "qdepth", txq->axq_depth); -- len += snprintf(buf + len, size - len, "%s: %2d ", -- "ampdu-depth", txq->axq_ampdu_depth); -- len += snprintf(buf + len, size - len, "%s: %3d ", -- "pending", txq->pending_frames); -- len += snprintf(buf + len, size - len, "%s: %d\n", -- "stopped", txq->stopped); -- -- ath_txq_unlock(sc, txq); -+ len += snprintf(buf + len, size - len, "(%s): ", qname[i]); -+ len += print_queue(sc, txq, buf + len, size - len); - } - -+ len += snprintf(buf + len, size - len, "(CAB): "); -+ len += print_queue(sc, sc->beacon.cabq, buf + len, size - len); -+ - if (len > size) - len = size; - -@@ -1818,9 +1954,11 @@ int ath9k_init_debug(struct ath_hw *ah) - sc->debug.debugfs_phy, &sc->sc_ah->gpio_mask); - debugfs_create_u32("gpio_val", S_IRUSR | S_IWUSR, - sc->debug.debugfs_phy, &sc->sc_ah->gpio_val); -- debugfs_create_file("diversity", S_IRUSR | S_IWUSR, -- sc->debug.debugfs_phy, sc, &fops_ant_diversity); -+ debugfs_create_file("antenna_diversity", S_IRUSR, -+ sc->debug.debugfs_phy, sc, &fops_antenna_diversity); - #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ debugfs_create_file("bt_ant_diversity", S_IRUSR | S_IWUSR, -+ sc->debug.debugfs_phy, sc, &fops_bt_ant_diversity); - debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc, - &fops_btcoex); - #endif ---- a/net/mac80211/ibss.c -+++ b/net/mac80211/ibss.c -@@ -30,13 +30,14 @@ - - #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ) - #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ) -+#define IEEE80211_IBSS_RSN_INACTIVITY_LIMIT (10 * HZ) - - #define IEEE80211_IBSS_MAX_STA_ENTRIES 128 - - - static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata, - const u8 *bssid, const int beacon_int, -- struct ieee80211_channel *chan, -+ struct cfg80211_chan_def *req_chandef, - const u32 basic_rates, - const u16 capability, u64 tsf, - bool creator) -@@ -51,6 +52,7 @@ static void __ieee80211_sta_join_ibss(st - u32 bss_change; - u8 supp_rates[IEEE80211_MAX_SUPP_RATES]; - struct cfg80211_chan_def chandef; -+ struct ieee80211_channel *chan; - struct beacon_data *presp; - int frame_len; - -@@ -81,7 +83,9 @@ static void __ieee80211_sta_join_ibss(st - - sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0; - -- chandef = ifibss->chandef; -+ /* make a copy of the chandef, it could be modified below. */ -+ chandef = *req_chandef; -+ chan = chandef.chan; - if (!cfg80211_reg_can_beacon(local->hw.wiphy, &chandef)) { - chandef.width = NL80211_CHAN_WIDTH_20; - chandef.center_freq1 = chan->center_freq; -@@ -259,10 +263,12 @@ static void ieee80211_sta_join_ibss(stru - struct cfg80211_bss *cbss = - container_of((void *)bss, struct cfg80211_bss, priv); - struct ieee80211_supported_band *sband; -+ struct cfg80211_chan_def chandef; - u32 basic_rates; - int i, j; - u16 beacon_int = cbss->beacon_interval; - const struct cfg80211_bss_ies *ies; -+ enum nl80211_channel_type chan_type; - u64 tsf; - - sdata_assert_lock(sdata); -@@ -270,6 +276,26 @@ static void ieee80211_sta_join_ibss(stru - if (beacon_int < 10) - beacon_int = 10; - -+ switch (sdata->u.ibss.chandef.width) { -+ case NL80211_CHAN_WIDTH_20_NOHT: -+ case NL80211_CHAN_WIDTH_20: -+ case NL80211_CHAN_WIDTH_40: -+ chan_type = cfg80211_get_chandef_type(&sdata->u.ibss.chandef); -+ cfg80211_chandef_create(&chandef, cbss->channel, chan_type); -+ break; -+ case NL80211_CHAN_WIDTH_5: -+ case NL80211_CHAN_WIDTH_10: -+ cfg80211_chandef_create(&chandef, cbss->channel, -+ NL80211_CHAN_WIDTH_20_NOHT); -+ chandef.width = sdata->u.ibss.chandef.width; -+ break; -+ default: -+ /* fall back to 20 MHz for unsupported modes */ -+ cfg80211_chandef_create(&chandef, cbss->channel, -+ NL80211_CHAN_WIDTH_20_NOHT); -+ break; -+ } -+ - sband = sdata->local->hw.wiphy->bands[cbss->channel->band]; - - basic_rates = 0; -@@ -294,7 +320,7 @@ static void ieee80211_sta_join_ibss(stru - - __ieee80211_sta_join_ibss(sdata, cbss->bssid, - beacon_int, -- cbss->channel, -+ &chandef, - basic_rates, - cbss->capability, - tsf, false); -@@ -672,6 +698,33 @@ static int ieee80211_sta_active_ibss(str - return active; - } - -+static void ieee80211_ibss_sta_expire(struct ieee80211_sub_if_data *sdata) -+{ -+ struct ieee80211_local *local = sdata->local; -+ struct sta_info *sta, *tmp; -+ unsigned long exp_time = IEEE80211_IBSS_INACTIVITY_LIMIT; -+ unsigned long exp_rsn_time = IEEE80211_IBSS_RSN_INACTIVITY_LIMIT; -+ -+ mutex_lock(&local->sta_mtx); -+ -+ list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { -+ if (sdata != sta->sdata) -+ continue; -+ -+ if (time_after(jiffies, sta->last_rx + exp_time) || -+ (time_after(jiffies, sta->last_rx + exp_rsn_time) && -+ sta->sta_state != IEEE80211_STA_AUTHORIZED)) { -+ sta_dbg(sta->sdata, "expiring inactive %sSTA %pM\n", -+ sta->sta_state != IEEE80211_STA_AUTHORIZED ? -+ "not authorized " : "", sta->sta.addr); -+ -+ WARN_ON(__sta_info_destroy(sta)); -+ } -+ } -+ -+ mutex_unlock(&local->sta_mtx); -+} -+ - /* - * This function is called with state == IEEE80211_IBSS_MLME_JOINED - */ -@@ -685,7 +738,7 @@ static void ieee80211_sta_merge_ibss(str - mod_timer(&ifibss->timer, - round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL)); - -- ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT); -+ ieee80211_ibss_sta_expire(sdata); - - if (time_before(jiffies, ifibss->last_scan_completed + - IEEE80211_IBSS_MERGE_INTERVAL)) -@@ -736,7 +789,7 @@ static void ieee80211_sta_create_ibss(st - sdata->drop_unencrypted = 0; - - __ieee80211_sta_join_ibss(sdata, bssid, sdata->vif.bss_conf.beacon_int, -- ifibss->chandef.chan, ifibss->basic_rates, -+ &ifibss->chandef, ifibss->basic_rates, - capability, 0, true); - } - -@@ -792,6 +845,17 @@ static void ieee80211_sta_find_ibss(stru - return; - } - -+ /* if a fixed bssid and a fixed freq have been provided create the IBSS -+ * directly and do not waste time scanning -+ */ -+ if (ifibss->fixed_bssid && ifibss->fixed_channel) { -+ sdata_info(sdata, "Created IBSS using preconfigured BSSID %pM\n", -+ bssid); -+ ieee80211_sta_create_ibss(sdata); -+ return; -+ } -+ -+ - ibss_dbg(sdata, "sta_find_ibss: did not try to join ibss\n"); - - /* Selected IBSS not found in current scan results - try to scan */ -@@ -1138,6 +1202,7 @@ int ieee80211_ibss_leave(struct ieee8021 - clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); - ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | - BSS_CHANGED_IBSS); -+ ieee80211_vif_release_channel(sdata); - synchronize_rcu(); - kfree(presp); - ---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c -@@ -632,6 +632,22 @@ static void ar9003_hw_override_ini(struc - - REG_SET_BIT(ah, AR_PHY_CCK_DETECT, - AR_PHY_CCK_DETECT_BB_ENABLE_ANT_FAST_DIV); -+ -+ if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) { -+ REG_WRITE(ah, AR_GLB_SWREG_DISCONT_MODE, -+ AR_GLB_SWREG_DISCONT_EN_BT_WLAN); -+ -+ if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0, -+ AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) -+ ah->enabled_cals |= TX_IQ_CAL; -+ else -+ ah->enabled_cals &= ~TX_IQ_CAL; -+ -+ if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE) -+ ah->enabled_cals |= TX_CL_CAL; -+ else -+ ah->enabled_cals &= ~TX_CL_CAL; -+ } - } - - static void ar9003_hw_prog_ini(struct ath_hw *ah, -@@ -814,29 +830,12 @@ static int ar9003_hw_process_ini(struct - if (chan->channel == 2484) - ar9003_hw_prog_ini(ah, &ah->iniCckfirJapan2484, 1); - -- if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) -- REG_WRITE(ah, AR_GLB_SWREG_DISCONT_MODE, -- AR_GLB_SWREG_DISCONT_EN_BT_WLAN); -- - ah->modes_index = modesIndex; - ar9003_hw_override_ini(ah); - ar9003_hw_set_channel_regs(ah, chan); - ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask); - ath9k_hw_apply_txpower(ah, chan, false); - -- if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) { -- if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0, -- AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) -- ah->enabled_cals |= TX_IQ_CAL; -- else -- ah->enabled_cals &= ~TX_IQ_CAL; -- -- if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE) -- ah->enabled_cals |= TX_CL_CAL; -- else -- ah->enabled_cals &= ~TX_CL_CAL; -- } -- - return 0; - } - -@@ -1173,6 +1172,10 @@ skip_ws_det: - * is_on == 0 means MRC CCK is OFF (more noise imm) - */ - bool is_on = param ? 1 : 0; -+ -+ if (ah->caps.rx_chainmask == 1) -+ break; -+ - REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, - AR_PHY_MRC_CCK_ENABLE, is_on); - REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, -@@ -1413,65 +1416,111 @@ static void ar9003_hw_antdiv_comb_conf_s - REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); - } - --static void ar9003_hw_antctrl_shared_chain_lnadiv(struct ath_hw *ah, -- bool enable) -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ -+static void ar9003_hw_set_bt_ant_diversity(struct ath_hw *ah, bool enable) - { -+ struct ath9k_hw_capabilities *pCap = &ah->caps; - u8 ant_div_ctl1; - u32 regval; - -- if (!AR_SREV_9565(ah)) -+ if (!AR_SREV_9485(ah) && !AR_SREV_9565(ah)) - return; - -- ah->shared_chain_lnadiv = enable; -+ if (AR_SREV_9485(ah)) { -+ regval = ar9003_hw_ant_ctrl_common_2_get(ah, -+ IS_CHAN_2GHZ(ah->curchan)); -+ if (enable) { -+ regval &= ~AR_SWITCH_TABLE_COM2_ALL; -+ regval |= ah->config.ant_ctrl_comm2g_switch_enable; -+ } -+ REG_RMW_FIELD(ah, AR_PHY_SWITCH_COM_2, -+ AR_SWITCH_TABLE_COM2_ALL, regval); -+ } -+ - ant_div_ctl1 = ah->eep_ops->get_eeprom(ah, EEP_ANT_DIV_CTL1); - -+ /* -+ * Set MAIN/ALT LNA conf. -+ * Set MAIN/ALT gain_tb. -+ */ - regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL); - regval &= (~AR_ANT_DIV_CTRL_ALL); - regval |= (ant_div_ctl1 & 0x3f) << AR_ANT_DIV_CTRL_ALL_S; -- regval &= ~AR_PHY_ANT_DIV_LNADIV; -- regval |= ((ant_div_ctl1 >> 6) & 0x1) << AR_PHY_ANT_DIV_LNADIV_S; -- -- if (enable) -- regval |= AR_ANT_DIV_ENABLE; -- - REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); - -- regval = REG_READ(ah, AR_PHY_CCK_DETECT); -- regval &= ~AR_FAST_DIV_ENABLE; -- regval |= ((ant_div_ctl1 >> 7) & 0x1) << AR_FAST_DIV_ENABLE_S; -- -- if (enable) -- regval |= AR_FAST_DIV_ENABLE; -- -- REG_WRITE(ah, AR_PHY_CCK_DETECT, regval); -- -- if (enable) { -- REG_SET_BIT(ah, AR_PHY_MC_GAIN_CTRL, -- (1 << AR_PHY_ANT_SW_RX_PROT_S)); -- if (ah->curchan && IS_CHAN_2GHZ(ah->curchan)) -- REG_SET_BIT(ah, AR_PHY_RESTART, -- AR_PHY_RESTART_ENABLE_DIV_M2FLAG); -- REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, -- AR_BTCOEX_WL_LNADIV_FORCE_ON); -- } else { -- REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, AR_ANT_DIV_ENABLE); -- REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, -- (1 << AR_PHY_ANT_SW_RX_PROT_S)); -- REG_CLR_BIT(ah, AR_PHY_CCK_DETECT, AR_FAST_DIV_ENABLE); -- REG_CLR_BIT(ah, AR_BTCOEX_WL_LNADIV, -- AR_BTCOEX_WL_LNADIV_FORCE_ON); -- -+ if (AR_SREV_9485_11_OR_LATER(ah)) { -+ /* -+ * Enable LNA diversity. -+ */ - regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL); -- regval &= ~(AR_PHY_ANT_DIV_MAIN_LNACONF | -- AR_PHY_ANT_DIV_ALT_LNACONF | -- AR_PHY_ANT_DIV_MAIN_GAINTB | -- AR_PHY_ANT_DIV_ALT_GAINTB); -- regval |= (AR_PHY_ANT_DIV_LNA1 << AR_PHY_ANT_DIV_MAIN_LNACONF_S); -- regval |= (AR_PHY_ANT_DIV_LNA2 << AR_PHY_ANT_DIV_ALT_LNACONF_S); -+ regval &= ~AR_PHY_ANT_DIV_LNADIV; -+ regval |= ((ant_div_ctl1 >> 6) & 0x1) << AR_PHY_ANT_DIV_LNADIV_S; -+ if (enable) -+ regval |= AR_ANT_DIV_ENABLE; -+ - REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); -+ -+ /* -+ * Enable fast antenna diversity. -+ */ -+ regval = REG_READ(ah, AR_PHY_CCK_DETECT); -+ regval &= ~AR_FAST_DIV_ENABLE; -+ regval |= ((ant_div_ctl1 >> 7) & 0x1) << AR_FAST_DIV_ENABLE_S; -+ if (enable) -+ regval |= AR_FAST_DIV_ENABLE; -+ -+ REG_WRITE(ah, AR_PHY_CCK_DETECT, regval); -+ -+ if (pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) { -+ regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL); -+ regval &= (~(AR_PHY_ANT_DIV_MAIN_LNACONF | -+ AR_PHY_ANT_DIV_ALT_LNACONF | -+ AR_PHY_ANT_DIV_ALT_GAINTB | -+ AR_PHY_ANT_DIV_MAIN_GAINTB)); -+ /* -+ * Set MAIN to LNA1 and ALT to LNA2 at the -+ * beginning. -+ */ -+ regval |= (ATH_ANT_DIV_COMB_LNA1 << -+ AR_PHY_ANT_DIV_MAIN_LNACONF_S); -+ regval |= (ATH_ANT_DIV_COMB_LNA2 << -+ AR_PHY_ANT_DIV_ALT_LNACONF_S); -+ REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); -+ } -+ } else if (AR_SREV_9565(ah)) { -+ if (enable) { -+ REG_SET_BIT(ah, AR_PHY_MC_GAIN_CTRL, -+ (1 << AR_PHY_ANT_SW_RX_PROT_S)); -+ if (ah->curchan && IS_CHAN_2GHZ(ah->curchan)) -+ REG_SET_BIT(ah, AR_PHY_RESTART, -+ AR_PHY_RESTART_ENABLE_DIV_M2FLAG); -+ REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, -+ AR_BTCOEX_WL_LNADIV_FORCE_ON); -+ } else { -+ REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, AR_ANT_DIV_ENABLE); -+ REG_CLR_BIT(ah, AR_PHY_MC_GAIN_CTRL, -+ (1 << AR_PHY_ANT_SW_RX_PROT_S)); -+ REG_CLR_BIT(ah, AR_PHY_CCK_DETECT, AR_FAST_DIV_ENABLE); -+ REG_CLR_BIT(ah, AR_BTCOEX_WL_LNADIV, -+ AR_BTCOEX_WL_LNADIV_FORCE_ON); -+ -+ regval = REG_READ(ah, AR_PHY_MC_GAIN_CTRL); -+ regval &= ~(AR_PHY_ANT_DIV_MAIN_LNACONF | -+ AR_PHY_ANT_DIV_ALT_LNACONF | -+ AR_PHY_ANT_DIV_MAIN_GAINTB | -+ AR_PHY_ANT_DIV_ALT_GAINTB); -+ regval |= (ATH_ANT_DIV_COMB_LNA1 << -+ AR_PHY_ANT_DIV_MAIN_LNACONF_S); -+ regval |= (ATH_ANT_DIV_COMB_LNA2 << -+ AR_PHY_ANT_DIV_ALT_LNACONF_S); -+ REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); -+ } - } - } - -+#endif -+ - static int ar9003_hw_fast_chan_change(struct ath_hw *ah, - struct ath9k_channel *chan, - u8 *ini_reloaded) -@@ -1518,6 +1567,18 @@ static int ar9003_hw_fast_chan_change(st - - REG_WRITE_ARRAY(&ah->iniModesTxGain, modesIndex, regWrites); - -+ if (AR_SREV_9462_20_OR_LATER(ah)) { -+ /* -+ * CUS217 mix LNA mode. -+ */ -+ if (ar9003_hw_get_rx_gain_idx(ah) == 2) { -+ REG_WRITE_ARRAY(&ah->ini_modes_rxgain_bb_core, -+ 1, regWrites); -+ REG_WRITE_ARRAY(&ah->ini_modes_rxgain_bb_postamble, -+ modesIndex, regWrites); -+ } -+ } -+ - /* - * For 5GHz channels requiring Fast Clock, apply - * different modal values. -@@ -1528,7 +1589,11 @@ static int ar9003_hw_fast_chan_change(st - if (AR_SREV_9565(ah)) - REG_WRITE_ARRAY(&ah->iniModesFastClock, 1, regWrites); - -- REG_WRITE_ARRAY(&ah->iniAdditional, 1, regWrites); -+ /* -+ * JAPAN regulatory. -+ */ -+ if (chan->channel == 2484) -+ ar9003_hw_prog_ini(ah, &ah->iniCckfirJapan2484, 1); - - ah->modes_index = modesIndex; - *ini_reloaded = true; -@@ -1631,11 +1696,14 @@ void ar9003_hw_attach_phy_ops(struct ath - - ops->antdiv_comb_conf_get = ar9003_hw_antdiv_comb_conf_get; - ops->antdiv_comb_conf_set = ar9003_hw_antdiv_comb_conf_set; -- ops->antctrl_shared_chain_lnadiv = ar9003_hw_antctrl_shared_chain_lnadiv; - ops->spectral_scan_config = ar9003_hw_spectral_scan_config; - ops->spectral_scan_trigger = ar9003_hw_spectral_scan_trigger; - ops->spectral_scan_wait = ar9003_hw_spectral_scan_wait; - -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ ops->set_bt_ant_diversity = ar9003_hw_set_bt_ant_diversity; -+#endif -+ - ar9003_hw_set_nf_limits(ah); - ar9003_hw_set_radar_conf(ah); - memcpy(ah->nf_regs, ar9300_cca_regs, sizeof(ah->nf_regs)); ---- a/drivers/net/wireless/ath/ath9k/recv.c -+++ b/drivers/net/wireless/ath/ath9k/recv.c -@@ -42,8 +42,6 @@ static void ath_rx_buf_link(struct ath_s - struct ath_desc *ds; - struct sk_buff *skb; - -- ATH_RXBUF_RESET(bf); -- - ds = bf->bf_desc; - ds->ds_link = 0; /* link to null */ - ds->ds_data = bf->bf_buf_addr; -@@ -70,6 +68,14 @@ static void ath_rx_buf_link(struct ath_s - sc->rx.rxlink = &ds->ds_link; - } - -+static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf) -+{ -+ if (sc->rx.buf_hold) -+ ath_rx_buf_link(sc, sc->rx.buf_hold); -+ -+ sc->rx.buf_hold = bf; -+} -+ - static void ath_setdefantenna(struct ath_softc *sc, u32 antenna) - { - /* XXX block beacon interrupts */ -@@ -117,7 +123,6 @@ static bool ath_rx_edma_buf_link(struct - - skb = bf->bf_mpdu; - -- ATH_RXBUF_RESET(bf); - memset(skb->data, 0, ah->caps.rx_status_len); - dma_sync_single_for_device(sc->dev, bf->bf_buf_addr, - ah->caps.rx_status_len, DMA_TO_DEVICE); -@@ -185,7 +190,7 @@ static void ath_rx_edma_cleanup(struct a - - static void ath_rx_edma_init_queue(struct ath_rx_edma *rx_edma, int size) - { -- skb_queue_head_init(&rx_edma->rx_fifo); -+ __skb_queue_head_init(&rx_edma->rx_fifo); - rx_edma->rx_fifo_hwsize = size; - } - -@@ -432,6 +437,7 @@ int ath_startrecv(struct ath_softc *sc) - if (list_empty(&sc->rx.rxbuf)) - goto start_recv; - -+ sc->rx.buf_hold = NULL; - sc->rx.rxlink = NULL; - list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) { - ath_rx_buf_link(sc, bf); -@@ -677,6 +683,9 @@ static struct ath_buf *ath_get_next_rx_b - } - - bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list); -+ if (bf == sc->rx.buf_hold) -+ return NULL; -+ - ds = bf->bf_desc; - - /* -@@ -755,7 +764,6 @@ static bool ath9k_rx_accept(struct ath_c - bool is_mc, is_valid_tkip, strip_mic, mic_error; - struct ath_hw *ah = common->ah; - __le16 fc; -- u8 rx_status_len = ah->caps.rx_status_len; - - fc = hdr->frame_control; - -@@ -777,25 +785,6 @@ static bool ath9k_rx_accept(struct ath_c - !test_bit(rx_stats->rs_keyix, common->ccmp_keymap)) - rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; - -- if (!rx_stats->rs_datalen) { -- RX_STAT_INC(rx_len_err); -- return false; -- } -- -- /* -- * rs_status follows rs_datalen so if rs_datalen is too large -- * we can take a hint that hardware corrupted it, so ignore -- * those frames. -- */ -- if (rx_stats->rs_datalen > (common->rx_bufsize - rx_status_len)) { -- RX_STAT_INC(rx_len_err); -- return false; -- } -- -- /* Only use error bits from the last fragment */ -- if (rx_stats->rs_more) -- return true; -- - mic_error = is_valid_tkip && !ieee80211_is_ctl(fc) && - !ieee80211_has_morefrags(fc) && - !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) && -@@ -814,8 +803,6 @@ static bool ath9k_rx_accept(struct ath_c - rxs->flag |= RX_FLAG_FAILED_FCS_CRC; - mic_error = false; - } -- if (rx_stats->rs_status & ATH9K_RXERR_PHY) -- return false; - - if ((rx_stats->rs_status & ATH9K_RXERR_DECRYPT) || - (!is_mc && (rx_stats->rs_status & ATH9K_RXERR_KEYMISS))) { -@@ -898,129 +885,65 @@ static int ath9k_process_rate(struct ath - - static void ath9k_process_rssi(struct ath_common *common, - struct ieee80211_hw *hw, -- struct ieee80211_hdr *hdr, -- struct ath_rx_status *rx_stats) -+ struct ath_rx_status *rx_stats, -+ struct ieee80211_rx_status *rxs) - { - struct ath_softc *sc = hw->priv; - struct ath_hw *ah = common->ah; - int last_rssi; - int rssi = rx_stats->rs_rssi; - -- if (!rx_stats->is_mybeacon || -- ((ah->opmode != NL80211_IFTYPE_STATION) && -- (ah->opmode != NL80211_IFTYPE_ADHOC))) -+ /* -+ * RSSI is not available for subframes in an A-MPDU. -+ */ -+ if (rx_stats->rs_moreaggr) { -+ rxs->flag |= RX_FLAG_NO_SIGNAL_VAL; - return; -- -- if (rx_stats->rs_rssi != ATH9K_RSSI_BAD && !rx_stats->rs_moreaggr) -- ATH_RSSI_LPF(sc->last_rssi, rx_stats->rs_rssi); -- -- last_rssi = sc->last_rssi; -- if (likely(last_rssi != ATH_RSSI_DUMMY_MARKER)) -- rssi = ATH_EP_RND(last_rssi, ATH_RSSI_EP_MULTIPLIER); -- if (rssi < 0) -- rssi = 0; -- -- /* Update Beacon RSSI, this is used by ANI. */ -- ah->stats.avgbrssi = rssi; --} -- --/* -- * For Decrypt or Demic errors, we only mark packet status here and always push -- * up the frame up to let mac80211 handle the actual error case, be it no -- * decryption key or real decryption error. This let us keep statistics there. -- */ --static int ath9k_rx_skb_preprocess(struct ath_softc *sc, -- struct ieee80211_hdr *hdr, -- struct ath_rx_status *rx_stats, -- struct ieee80211_rx_status *rx_status, -- bool *decrypt_error) --{ -- struct ieee80211_hw *hw = sc->hw; -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- bool discard_current = sc->rx.discard_next; -- -- sc->rx.discard_next = rx_stats->rs_more; -- if (discard_current) -- return -EINVAL; -+ } - - /* -- * everything but the rate is checked here, the rate check is done -- * separately to avoid doing two lookups for a rate for each frame. -+ * Check if the RSSI for the last subframe in an A-MPDU -+ * or an unaggregated frame is valid. - */ -- if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) -- return -EINVAL; -- -- /* Only use status info from the last fragment */ -- if (rx_stats->rs_more) -- return 0; -+ if (rx_stats->rs_rssi == ATH9K_RSSI_BAD) { -+ rxs->flag |= RX_FLAG_NO_SIGNAL_VAL; -+ return; -+ } - -- if (ath9k_process_rate(common, hw, rx_stats, rx_status)) -- return -EINVAL; -+ /* -+ * Update Beacon RSSI, this is used by ANI. -+ */ -+ if (rx_stats->is_mybeacon && -+ ((ah->opmode == NL80211_IFTYPE_STATION) || -+ (ah->opmode == NL80211_IFTYPE_ADHOC))) { -+ ATH_RSSI_LPF(sc->last_rssi, rx_stats->rs_rssi); -+ last_rssi = sc->last_rssi; - -- ath9k_process_rssi(common, hw, hdr, rx_stats); -+ if (likely(last_rssi != ATH_RSSI_DUMMY_MARKER)) -+ rssi = ATH_EP_RND(last_rssi, ATH_RSSI_EP_MULTIPLIER); -+ if (rssi < 0) -+ rssi = 0; - -- rx_status->band = hw->conf.chandef.chan->band; -- rx_status->freq = hw->conf.chandef.chan->center_freq; -- rx_status->signal = ah->noise + rx_stats->rs_rssi; -- rx_status->antenna = rx_stats->rs_antenna; -- rx_status->flag |= RX_FLAG_MACTIME_END; -- if (rx_stats->rs_moreaggr) -- rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; -+ ah->stats.avgbrssi = rssi; -+ } - -- sc->rx.discard_next = false; -- return 0; -+ rxs->signal = ah->noise + rx_stats->rs_rssi; - } - --static void ath9k_rx_skb_postprocess(struct ath_common *common, -- struct sk_buff *skb, -- struct ath_rx_status *rx_stats, -- struct ieee80211_rx_status *rxs, -- bool decrypt_error) -+static void ath9k_process_tsf(struct ath_rx_status *rs, -+ struct ieee80211_rx_status *rxs, -+ u64 tsf) - { -- struct ath_hw *ah = common->ah; -- struct ieee80211_hdr *hdr; -- int hdrlen, padpos, padsize; -- u8 keyix; -- __le16 fc; -+ u32 tsf_lower = tsf & 0xffffffff; - -- /* see if any padding is done by the hw and remove it */ -- hdr = (struct ieee80211_hdr *) skb->data; -- hdrlen = ieee80211_get_hdrlen_from_skb(skb); -- fc = hdr->frame_control; -- padpos = ieee80211_hdrlen(fc); -+ rxs->mactime = (tsf & ~0xffffffffULL) | rs->rs_tstamp; -+ if (rs->rs_tstamp > tsf_lower && -+ unlikely(rs->rs_tstamp - tsf_lower > 0x10000000)) -+ rxs->mactime -= 0x100000000ULL; - -- /* The MAC header is padded to have 32-bit boundary if the -- * packet payload is non-zero. The general calculation for -- * padsize would take into account odd header lengths: -- * padsize = (4 - padpos % 4) % 4; However, since only -- * even-length headers are used, padding can only be 0 or 2 -- * bytes and we can optimize this a bit. In addition, we must -- * not try to remove padding from short control frames that do -- * not have payload. */ -- padsize = padpos & 3; -- if (padsize && skb->len>=padpos+padsize+FCS_LEN) { -- memmove(skb->data + padsize, skb->data, padpos); -- skb_pull(skb, padsize); -- } -- -- keyix = rx_stats->rs_keyix; -- -- if (!(keyix == ATH9K_RXKEYIX_INVALID) && !decrypt_error && -- ieee80211_has_protected(fc)) { -- rxs->flag |= RX_FLAG_DECRYPTED; -- } else if (ieee80211_has_protected(fc) -- && !decrypt_error && skb->len >= hdrlen + 4) { -- keyix = skb->data[hdrlen + 3] >> 6; -- -- if (test_bit(keyix, common->keymap)) -- rxs->flag |= RX_FLAG_DECRYPTED; -- } -- if (ah->sw_mgmt_crypto && -- (rxs->flag & RX_FLAG_DECRYPTED) && -- ieee80211_is_mgmt(fc)) -- /* Use software decrypt for management frames. */ -- rxs->flag &= ~RX_FLAG_DECRYPTED; -+ if (rs->rs_tstamp < tsf_lower && -+ unlikely(tsf_lower - rs->rs_tstamp > 0x10000000)) -+ rxs->mactime += 0x100000000ULL; - } - - #ifdef CPTCFG_ATH9K_DEBUGFS -@@ -1133,6 +1056,234 @@ static int ath_process_fft(struct ath_so - #endif - } - -+static bool ath9k_is_mybeacon(struct ath_softc *sc, struct ieee80211_hdr *hdr) -+{ -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ -+ if (ieee80211_is_beacon(hdr->frame_control)) { -+ RX_STAT_INC(rx_beacons); -+ if (!is_zero_ether_addr(common->curbssid) && -+ ether_addr_equal(hdr->addr3, common->curbssid)) -+ return true; -+ } -+ -+ return false; -+} -+ -+/* -+ * For Decrypt or Demic errors, we only mark packet status here and always push -+ * up the frame up to let mac80211 handle the actual error case, be it no -+ * decryption key or real decryption error. This let us keep statistics there. -+ */ -+static int ath9k_rx_skb_preprocess(struct ath_softc *sc, -+ struct sk_buff *skb, -+ struct ath_rx_status *rx_stats, -+ struct ieee80211_rx_status *rx_status, -+ bool *decrypt_error, u64 tsf) -+{ -+ struct ieee80211_hw *hw = sc->hw; -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ struct ieee80211_hdr *hdr; -+ bool discard_current = sc->rx.discard_next; -+ int ret = 0; -+ -+ /* -+ * Discard corrupt descriptors which are marked in -+ * ath_get_next_rx_buf(). -+ */ -+ sc->rx.discard_next = rx_stats->rs_more; -+ if (discard_current) -+ return -EINVAL; -+ -+ /* -+ * Discard zero-length packets. -+ */ -+ if (!rx_stats->rs_datalen) { -+ RX_STAT_INC(rx_len_err); -+ return -EINVAL; -+ } -+ -+ /* -+ * rs_status follows rs_datalen so if rs_datalen is too large -+ * we can take a hint that hardware corrupted it, so ignore -+ * those frames. -+ */ -+ if (rx_stats->rs_datalen > (common->rx_bufsize - ah->caps.rx_status_len)) { -+ RX_STAT_INC(rx_len_err); -+ return -EINVAL; -+ } -+ -+ /* Only use status info from the last fragment */ -+ if (rx_stats->rs_more) -+ return 0; -+ -+ /* -+ * Return immediately if the RX descriptor has been marked -+ * as corrupt based on the various error bits. -+ * -+ * This is different from the other corrupt descriptor -+ * condition handled above. -+ */ -+ if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) { -+ ret = -EINVAL; -+ goto exit; -+ } -+ -+ hdr = (struct ieee80211_hdr *) (skb->data + ah->caps.rx_status_len); -+ -+ ath9k_process_tsf(rx_stats, rx_status, tsf); -+ ath_debug_stat_rx(sc, rx_stats); -+ -+ /* -+ * Process PHY errors and return so that the packet -+ * can be dropped. -+ */ -+ if (rx_stats->rs_status & ATH9K_RXERR_PHY) { -+ ath9k_dfs_process_phyerr(sc, hdr, rx_stats, rx_status->mactime); -+ if (ath_process_fft(sc, hdr, rx_stats, rx_status->mactime)) -+ RX_STAT_INC(rx_spectral); -+ -+ ret = -EINVAL; -+ goto exit; -+ } -+ -+ /* -+ * everything but the rate is checked here, the rate check is done -+ * separately to avoid doing two lookups for a rate for each frame. -+ */ -+ if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) { -+ ret = -EINVAL; -+ goto exit; -+ } -+ -+ rx_stats->is_mybeacon = ath9k_is_mybeacon(sc, hdr); -+ if (rx_stats->is_mybeacon) { -+ sc->hw_busy_count = 0; -+ ath_start_rx_poll(sc, 3); -+ } -+ -+ if (ath9k_process_rate(common, hw, rx_stats, rx_status)) { -+ ret =-EINVAL; -+ goto exit; -+ } -+ -+ ath9k_process_rssi(common, hw, rx_stats, rx_status); -+ -+ rx_status->band = hw->conf.chandef.chan->band; -+ rx_status->freq = hw->conf.chandef.chan->center_freq; -+ rx_status->antenna = rx_stats->rs_antenna; -+ rx_status->flag |= RX_FLAG_MACTIME_END; -+ -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ if (ieee80211_is_data_present(hdr->frame_control) && -+ !ieee80211_is_qos_nullfunc(hdr->frame_control)) -+ sc->rx.num_pkts++; -+#endif -+ -+exit: -+ sc->rx.discard_next = false; -+ return ret; -+} -+ -+static void ath9k_rx_skb_postprocess(struct ath_common *common, -+ struct sk_buff *skb, -+ struct ath_rx_status *rx_stats, -+ struct ieee80211_rx_status *rxs, -+ bool decrypt_error) -+{ -+ struct ath_hw *ah = common->ah; -+ struct ieee80211_hdr *hdr; -+ int hdrlen, padpos, padsize; -+ u8 keyix; -+ __le16 fc; -+ -+ /* see if any padding is done by the hw and remove it */ -+ hdr = (struct ieee80211_hdr *) skb->data; -+ hdrlen = ieee80211_get_hdrlen_from_skb(skb); -+ fc = hdr->frame_control; -+ padpos = ieee80211_hdrlen(fc); -+ -+ /* The MAC header is padded to have 32-bit boundary if the -+ * packet payload is non-zero. The general calculation for -+ * padsize would take into account odd header lengths: -+ * padsize = (4 - padpos % 4) % 4; However, since only -+ * even-length headers are used, padding can only be 0 or 2 -+ * bytes and we can optimize this a bit. In addition, we must -+ * not try to remove padding from short control frames that do -+ * not have payload. */ -+ padsize = padpos & 3; -+ if (padsize && skb->len>=padpos+padsize+FCS_LEN) { -+ memmove(skb->data + padsize, skb->data, padpos); -+ skb_pull(skb, padsize); -+ } -+ -+ keyix = rx_stats->rs_keyix; -+ -+ if (!(keyix == ATH9K_RXKEYIX_INVALID) && !decrypt_error && -+ ieee80211_has_protected(fc)) { -+ rxs->flag |= RX_FLAG_DECRYPTED; -+ } else if (ieee80211_has_protected(fc) -+ && !decrypt_error && skb->len >= hdrlen + 4) { -+ keyix = skb->data[hdrlen + 3] >> 6; -+ -+ if (test_bit(keyix, common->keymap)) -+ rxs->flag |= RX_FLAG_DECRYPTED; -+ } -+ if (ah->sw_mgmt_crypto && -+ (rxs->flag & RX_FLAG_DECRYPTED) && -+ ieee80211_is_mgmt(fc)) -+ /* Use software decrypt for management frames. */ -+ rxs->flag &= ~RX_FLAG_DECRYPTED; -+} -+ -+/* -+ * Run the LNA combining algorithm only in these cases: -+ * -+ * Standalone WLAN cards with both LNA/Antenna diversity -+ * enabled in the EEPROM. -+ * -+ * WLAN+BT cards which are in the supported card list -+ * in ath_pci_id_table and the user has loaded the -+ * driver with "bt_ant_diversity" set to true. -+ */ -+static void ath9k_antenna_check(struct ath_softc *sc, -+ struct ath_rx_status *rs) -+{ -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath9k_hw_capabilities *pCap = &ah->caps; -+ struct ath_common *common = ath9k_hw_common(ah); -+ -+ if (!(ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB)) -+ return; -+ -+ /* -+ * All MPDUs in an aggregate will use the same LNA -+ * as the first MPDU. -+ */ -+ if (rs->rs_isaggr && !rs->rs_firstaggr) -+ return; -+ -+ /* -+ * Change the default rx antenna if rx diversity -+ * chooses the other antenna 3 times in a row. -+ */ -+ if (sc->rx.defant != rs->rs_antenna) { -+ if (++sc->rx.rxotherant >= 3) -+ ath_setdefantenna(sc, rs->rs_antenna); -+ } else { -+ sc->rx.rxotherant = 0; -+ } -+ -+ if (pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV) { -+ if (common->bt_ant_diversity) -+ ath_ant_comb_scan(sc, rs); -+ } else { -+ ath_ant_comb_scan(sc, rs); -+ } -+} -+ - static void ath9k_apply_ampdu_details(struct ath_softc *sc, - struct ath_rx_status *rs, struct ieee80211_rx_status *rxs) - { -@@ -1159,15 +1310,12 @@ int ath_rx_tasklet(struct ath_softc *sc, - struct ath_hw *ah = sc->sc_ah; - struct ath_common *common = ath9k_hw_common(ah); - struct ieee80211_hw *hw = sc->hw; -- struct ieee80211_hdr *hdr; - int retval; - struct ath_rx_status rs; - enum ath9k_rx_qtype qtype; - bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA); - int dma_type; -- u8 rx_status_len = ah->caps.rx_status_len; - u64 tsf = 0; -- u32 tsf_lower = 0; - unsigned long flags; - dma_addr_t new_buf_addr; - -@@ -1179,7 +1327,6 @@ int ath_rx_tasklet(struct ath_softc *sc, - qtype = hp ? ATH9K_RX_QUEUE_HP : ATH9K_RX_QUEUE_LP; - - tsf = ath9k_hw_gettsf64(ah); -- tsf_lower = tsf & 0xffffffff; - - do { - bool decrypt_error = false; -@@ -1206,55 +1353,14 @@ int ath_rx_tasklet(struct ath_softc *sc, - else - hdr_skb = skb; - -- hdr = (struct ieee80211_hdr *) (hdr_skb->data + rx_status_len); - rxs = IEEE80211_SKB_RXCB(hdr_skb); -- if (ieee80211_is_beacon(hdr->frame_control)) { -- RX_STAT_INC(rx_beacons); -- if (!is_zero_ether_addr(common->curbssid) && -- ether_addr_equal(hdr->addr3, common->curbssid)) -- rs.is_mybeacon = true; -- else -- rs.is_mybeacon = false; -- } -- else -- rs.is_mybeacon = false; -- -- if (ieee80211_is_data_present(hdr->frame_control) && -- !ieee80211_is_qos_nullfunc(hdr->frame_control)) -- sc->rx.num_pkts++; -- -- ath_debug_stat_rx(sc, &rs); -- - memset(rxs, 0, sizeof(struct ieee80211_rx_status)); - -- rxs->mactime = (tsf & ~0xffffffffULL) | rs.rs_tstamp; -- if (rs.rs_tstamp > tsf_lower && -- unlikely(rs.rs_tstamp - tsf_lower > 0x10000000)) -- rxs->mactime -= 0x100000000ULL; -- -- if (rs.rs_tstamp < tsf_lower && -- unlikely(tsf_lower - rs.rs_tstamp > 0x10000000)) -- rxs->mactime += 0x100000000ULL; -- -- if (rs.rs_phyerr == ATH9K_PHYERR_RADAR) -- ath9k_dfs_process_phyerr(sc, hdr, &rs, rxs->mactime); -- -- if (rs.rs_status & ATH9K_RXERR_PHY) { -- if (ath_process_fft(sc, hdr, &rs, rxs->mactime)) { -- RX_STAT_INC(rx_spectral); -- goto requeue_drop_frag; -- } -- } -- -- retval = ath9k_rx_skb_preprocess(sc, hdr, &rs, rxs, -- &decrypt_error); -+ retval = ath9k_rx_skb_preprocess(sc, hdr_skb, &rs, rxs, -+ &decrypt_error, tsf); - if (retval) - goto requeue_drop_frag; - -- if (rs.is_mybeacon) { -- sc->hw_busy_count = 0; -- ath_start_rx_poll(sc, 3); -- } - /* Ensure we always have an skb to requeue once we are done - * processing the current buffer's skb */ - requeue_skb = ath_rxbuf_alloc(common, common->rx_bufsize, GFP_ATOMIC); -@@ -1308,8 +1414,6 @@ int ath_rx_tasklet(struct ath_softc *sc, - sc->rx.frag = skb; - goto requeue; - } -- if (rs.rs_status & ATH9K_RXERR_CORRUPT_DESC) -- goto requeue_drop_frag; - - if (sc->rx.frag) { - int space = skb->len - skb_tailroom(hdr_skb); -@@ -1328,22 +1432,6 @@ int ath_rx_tasklet(struct ath_softc *sc, - skb = hdr_skb; - } - -- -- if (ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) { -- -- /* -- * change the default rx antenna if rx diversity -- * chooses the other antenna 3 times in a row. -- */ -- if (sc->rx.defant != rs.rs_antenna) { -- if (++sc->rx.rxotherant >= 3) -- ath_setdefantenna(sc, rs.rs_antenna); -- } else { -- sc->rx.rxotherant = 0; -- } -- -- } -- - if (rxs->flag & RX_FLAG_MMIC_STRIPPED) - skb_trim(skb, skb->len - 8); - -@@ -1355,8 +1443,7 @@ int ath_rx_tasklet(struct ath_softc *sc, - ath_rx_ps(sc, skb, rs.is_mybeacon); - spin_unlock_irqrestore(&sc->sc_pm_lock, flags); - -- if ((ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) && sc->ant_rx == 3) -- ath_ant_comb_scan(sc, &rs); -+ ath9k_antenna_check(sc, &rs); - - ath9k_apply_ampdu_details(sc, &rs, rxs); - -@@ -1375,7 +1462,7 @@ requeue: - if (edma) { - ath_rx_edma_buf_link(sc, qtype); - } else { -- ath_rx_buf_link(sc, bf); -+ ath_rx_buf_relink(sc, bf); - ath9k_hw_rxena(ah); - } - } while (1); ---- a/drivers/net/wireless/ath/ath9k/init.c -+++ b/drivers/net/wireless/ath/ath9k/init.c -@@ -53,9 +53,9 @@ static int ath9k_btcoex_enable; - module_param_named(btcoex_enable, ath9k_btcoex_enable, int, 0444); - MODULE_PARM_DESC(btcoex_enable, "Enable wifi-BT coexistence"); - --static int ath9k_enable_diversity; --module_param_named(enable_diversity, ath9k_enable_diversity, int, 0444); --MODULE_PARM_DESC(enable_diversity, "Enable Antenna diversity for AR9565"); -+static int ath9k_bt_ant_diversity; -+module_param_named(bt_ant_diversity, ath9k_bt_ant_diversity, int, 0444); -+MODULE_PARM_DESC(bt_ant_diversity, "Enable WLAN/BT RX antenna diversity"); - - bool is_ath9k_unloaded; - /* We use the hw_value as an index into our private channel structure */ -@@ -516,6 +516,7 @@ static void ath9k_init_misc(struct ath_s - static void ath9k_init_platform(struct ath_softc *sc) - { - struct ath_hw *ah = sc->sc_ah; -+ struct ath9k_hw_capabilities *pCap = &ah->caps; - struct ath_common *common = ath9k_hw_common(ah); - - if (common->bus_ops->ath_bus_type != ATH_PCI) -@@ -525,12 +526,27 @@ static void ath9k_init_platform(struct a - ATH9K_PCI_CUS230)) { - ah->config.xlna_gpio = 9; - ah->config.xatten_margin_cfg = true; -+ ah->config.alt_mingainidx = true; -+ ah->config.ant_ctrl_comm2g_switch_enable = 0x000BBB88; -+ sc->ant_comb.low_rssi_thresh = 20; -+ sc->ant_comb.fast_div_bias = 3; - - ath_info(common, "Set parameters for %s\n", - (sc->driver_data & ATH9K_PCI_CUS198) ? - "CUS198" : "CUS230"); -- } else if (sc->driver_data & ATH9K_PCI_CUS217) { -+ } -+ -+ if (sc->driver_data & ATH9K_PCI_CUS217) - ath_info(common, "CUS217 card detected\n"); -+ -+ if (sc->driver_data & ATH9K_PCI_BT_ANT_DIV) { -+ pCap->hw_caps |= ATH9K_HW_CAP_BT_ANT_DIV; -+ ath_info(common, "Set BT/WLAN RX diversity capability\n"); -+ } -+ -+ if (sc->driver_data & ATH9K_PCI_D3_L1_WAR) { -+ ah->config.pcie_waen = 0x0040473b; -+ ath_info(common, "Enable WAR for ASPM D3/L1\n"); - } - } - -@@ -584,6 +600,7 @@ static int ath9k_init_softc(u16 devid, s - { - struct ath9k_platform_data *pdata = sc->dev->platform_data; - struct ath_hw *ah = NULL; -+ struct ath9k_hw_capabilities *pCap; - struct ath_common *common; - int ret = 0, i; - int csz = 0; -@@ -600,6 +617,7 @@ static int ath9k_init_softc(u16 devid, s - ah->reg_ops.rmw = ath9k_reg_rmw; - atomic_set(&ah->intr_ref_cnt, -1); - sc->sc_ah = ah; -+ pCap = &ah->caps; - - sc->dfs_detector = dfs_pattern_detector_init(ah, NL80211_DFS_UNSET); - -@@ -631,11 +649,15 @@ static int ath9k_init_softc(u16 devid, s - ath9k_init_platform(sc); - - /* -- * Enable Antenna diversity only when BTCOEX is disabled -- * and the user manually requests the feature. -+ * Enable WLAN/BT RX Antenna diversity only when: -+ * -+ * - BTCOEX is disabled. -+ * - the user manually requests the feature. -+ * - the HW cap is set using the platform data. - */ -- if (!common->btcoex_enabled && ath9k_enable_diversity) -- common->antenna_diversity = 1; -+ if (!common->btcoex_enabled && ath9k_bt_ant_diversity && -+ (pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV)) -+ common->bt_ant_diversity = 1; - - spin_lock_init(&common->cc_lock); - -@@ -710,13 +732,15 @@ static void ath9k_init_band_txpower(stru - struct ieee80211_supported_band *sband; - struct ieee80211_channel *chan; - struct ath_hw *ah = sc->sc_ah; -+ struct cfg80211_chan_def chandef; - int i; - - sband = &sc->sbands[band]; - for (i = 0; i < sband->n_channels; i++) { - chan = &sband->channels[i]; - ah->curchan = &ah->channels[chan->hw_value]; -- ath9k_cmn_update_ichannel(ah->curchan, chan, NL80211_CHAN_HT20); -+ cfg80211_chandef_create(&chandef, chan, NL80211_CHAN_HT20); -+ ath9k_cmn_update_ichannel(ah->curchan, &chandef); - ath9k_hw_set_txpowerlimit(ah, MAX_RATE_POWER, true); - } - } -@@ -802,7 +826,8 @@ void ath9k_set_hw_capab(struct ath_softc - IEEE80211_HW_PS_NULLFUNC_STACK | - IEEE80211_HW_SPECTRUM_MGMT | - IEEE80211_HW_REPORTS_TX_ACK_STATUS | -- IEEE80211_HW_SUPPORTS_RC_TABLE; -+ IEEE80211_HW_SUPPORTS_RC_TABLE | -+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES; - - if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) { - hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION; ---- a/drivers/net/wireless/ath/carl9170/main.c -+++ b/drivers/net/wireless/ath/carl9170/main.c -@@ -1878,7 +1878,8 @@ void *carl9170_alloc(size_t priv_size) - IEEE80211_HW_PS_NULLFUNC_STACK | - IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC | - IEEE80211_HW_SUPPORTS_RC_TABLE | -- IEEE80211_HW_SIGNAL_DBM; -+ IEEE80211_HW_SIGNAL_DBM | -+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES; - - if (!modparam_noht) { - /* ---- a/drivers/net/wireless/rt2x00/rt2800lib.c -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c -@@ -6133,7 +6133,8 @@ static int rt2800_probe_hw_mode(struct r - IEEE80211_HW_SUPPORTS_PS | - IEEE80211_HW_PS_NULLFUNC_STACK | - IEEE80211_HW_AMPDU_AGGREGATION | -- IEEE80211_HW_REPORTS_TX_ACK_STATUS; -+ IEEE80211_HW_REPORTS_TX_ACK_STATUS | -+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES; - - /* - * Don't set IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING for USB devices ---- a/include/net/mac80211.h -+++ b/include/net/mac80211.h -@@ -152,11 +152,14 @@ struct ieee80211_low_level_stats { - * @IEEE80211_CHANCTX_CHANGE_WIDTH: The channel width changed - * @IEEE80211_CHANCTX_CHANGE_RX_CHAINS: The number of RX chains changed - * @IEEE80211_CHANCTX_CHANGE_RADAR: radar detection flag changed -+ * @IEEE80211_CHANCTX_CHANGE_CHANNEL: switched to another operating channel, -+ * this is used only with channel switching with CSA - */ - enum ieee80211_chanctx_change { - IEEE80211_CHANCTX_CHANGE_WIDTH = BIT(0), - IEEE80211_CHANCTX_CHANGE_RX_CHAINS = BIT(1), - IEEE80211_CHANCTX_CHANGE_RADAR = BIT(2), -+ IEEE80211_CHANCTX_CHANGE_CHANNEL = BIT(3), - }; - - /** -@@ -1080,6 +1083,7 @@ enum ieee80211_vif_flags { - * @addr: address of this interface - * @p2p: indicates whether this AP or STA interface is a p2p - * interface, i.e. a GO or p2p-sta respectively -+ * @csa_active: marks whether a channel switch is going on - * @driver_flags: flags/capabilities the driver has for this interface, - * these need to be set (or cleared) when the interface is added - * or, if supported by the driver, the interface type is changed -@@ -1102,6 +1106,7 @@ struct ieee80211_vif { - struct ieee80211_bss_conf bss_conf; - u8 addr[ETH_ALEN]; - bool p2p; -+ bool csa_active; - - u8 cab_queue; - u8 hw_queue[IEEE80211_NUM_ACS]; -@@ -1499,6 +1504,7 @@ enum ieee80211_hw_flags { - IEEE80211_HW_SUPPORTS_RC_TABLE = 1<<24, - IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF = 1<<25, - IEEE80211_HW_TIMING_BEACON_ONLY = 1<<26, -+ IEEE80211_HW_SUPPORTS_HT_CCK_RATES = 1<<27, - }; - - /** -@@ -2633,6 +2639,16 @@ enum ieee80211_roc_type { - * @ipv6_addr_change: IPv6 address assignment on the given interface changed. - * Currently, this is only called for managed or P2P client interfaces. - * This callback is optional; it must not sleep. -+ * -+ * @channel_switch_beacon: Starts a channel switch to a new channel. -+ * Beacons are modified to include CSA or ECSA IEs before calling this -+ * function. The corresponding count fields in these IEs must be -+ * decremented, and when they reach zero the driver must call -+ * ieee80211_csa_finish(). Drivers which use ieee80211_beacon_get() -+ * get the csa counter decremented by mac80211, but must check if it is -+ * zero using ieee80211_csa_is_complete() after the beacon has been -+ * transmitted and then call ieee80211_csa_finish(). -+ * - */ - struct ieee80211_ops { - void (*tx)(struct ieee80211_hw *hw, -@@ -2830,6 +2846,9 @@ struct ieee80211_ops { - struct ieee80211_vif *vif, - struct inet6_dev *idev); - #endif -+ void (*channel_switch_beacon)(struct ieee80211_hw *hw, -+ struct ieee80211_vif *vif, -+ struct cfg80211_chan_def *chandef); - }; - - /** -@@ -3325,6 +3344,25 @@ static inline struct sk_buff *ieee80211_ - } - - /** -+ * ieee80211_csa_finish - notify mac80211 about channel switch -+ * @vif: &struct ieee80211_vif pointer from the add_interface callback. -+ * -+ * After a channel switch announcement was scheduled and the counter in this -+ * announcement hit zero, this function must be called by the driver to -+ * notify mac80211 that the channel can be changed. -+ */ -+void ieee80211_csa_finish(struct ieee80211_vif *vif); -+ -+/** -+ * ieee80211_csa_is_complete - find out if counters reached zero -+ * @vif: &struct ieee80211_vif pointer from the add_interface callback. -+ * -+ * This function returns whether the channel switch counters reached zero. -+ */ -+bool ieee80211_csa_is_complete(struct ieee80211_vif *vif); -+ -+ -+/** - * ieee80211_proberesp_get - retrieve a Probe Response template - * @hw: pointer obtained from ieee80211_alloc_hw(). - * @vif: &struct ieee80211_vif pointer from the add_interface callback. ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -854,8 +854,8 @@ static int ieee80211_set_probe_resp(stru - return 0; - } - --static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata, -- struct cfg80211_beacon_data *params) -+int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata, -+ struct cfg80211_beacon_data *params) - { - struct beacon_data *new, *old; - int new_head_len, new_tail_len; -@@ -1018,6 +1018,12 @@ static int ieee80211_change_beacon(struc - - sdata = IEEE80211_DEV_TO_SUB_IF(dev); - -+ /* don't allow changing the beacon while CSA is in place - offset -+ * of channel switch counter may change -+ */ -+ if (sdata->vif.csa_active) -+ return -EBUSY; -+ - old = rtnl_dereference(sdata->u.ap.beacon); - if (!old) - return -ENOENT; -@@ -1042,6 +1048,10 @@ static int ieee80211_stop_ap(struct wiph - return -ENOENT; - old_probe_resp = rtnl_dereference(sdata->u.ap.probe_resp); - -+ /* abort any running channel switch */ -+ sdata->vif.csa_active = false; -+ cancel_work_sync(&sdata->csa_finalize_work); -+ - /* turn off carrier for this interface and dependent VLANs */ - list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) - netif_carrier_off(vlan->dev); -@@ -2784,6 +2794,178 @@ static int ieee80211_start_radar_detecti - return 0; - } - -+static struct cfg80211_beacon_data * -+cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon) -+{ -+ struct cfg80211_beacon_data *new_beacon; -+ u8 *pos; -+ int len; -+ -+ len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len + -+ beacon->proberesp_ies_len + beacon->assocresp_ies_len + -+ beacon->probe_resp_len; -+ -+ new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL); -+ if (!new_beacon) -+ return NULL; -+ -+ pos = (u8 *)(new_beacon + 1); -+ if (beacon->head_len) { -+ new_beacon->head_len = beacon->head_len; -+ new_beacon->head = pos; -+ memcpy(pos, beacon->head, beacon->head_len); -+ pos += beacon->head_len; -+ } -+ if (beacon->tail_len) { -+ new_beacon->tail_len = beacon->tail_len; -+ new_beacon->tail = pos; -+ memcpy(pos, beacon->tail, beacon->tail_len); -+ pos += beacon->tail_len; -+ } -+ if (beacon->beacon_ies_len) { -+ new_beacon->beacon_ies_len = beacon->beacon_ies_len; -+ new_beacon->beacon_ies = pos; -+ memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len); -+ pos += beacon->beacon_ies_len; -+ } -+ if (beacon->proberesp_ies_len) { -+ new_beacon->proberesp_ies_len = beacon->proberesp_ies_len; -+ new_beacon->proberesp_ies = pos; -+ memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len); -+ pos += beacon->proberesp_ies_len; -+ } -+ if (beacon->assocresp_ies_len) { -+ new_beacon->assocresp_ies_len = beacon->assocresp_ies_len; -+ new_beacon->assocresp_ies = pos; -+ memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len); -+ pos += beacon->assocresp_ies_len; -+ } -+ if (beacon->probe_resp_len) { -+ new_beacon->probe_resp_len = beacon->probe_resp_len; -+ beacon->probe_resp = pos; -+ memcpy(pos, beacon->probe_resp, beacon->probe_resp_len); -+ pos += beacon->probe_resp_len; -+ } -+ -+ return new_beacon; -+} -+ -+void ieee80211_csa_finalize_work(struct work_struct *work) -+{ -+ struct ieee80211_sub_if_data *sdata = -+ container_of(work, struct ieee80211_sub_if_data, -+ csa_finalize_work); -+ struct ieee80211_local *local = sdata->local; -+ int err, changed; -+ -+ if (!ieee80211_sdata_running(sdata)) -+ return; -+ -+ if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP)) -+ return; -+ -+ sdata->radar_required = sdata->csa_radar_required; -+ err = ieee80211_vif_change_channel(sdata, &local->csa_chandef, -+ &changed); -+ if (WARN_ON(err < 0)) -+ return; -+ -+ err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon); -+ if (err < 0) -+ return; -+ -+ changed |= err; -+ kfree(sdata->u.ap.next_beacon); -+ sdata->u.ap.next_beacon = NULL; -+ sdata->vif.csa_active = false; -+ -+ ieee80211_wake_queues_by_reason(&sdata->local->hw, -+ IEEE80211_MAX_QUEUE_MAP, -+ IEEE80211_QUEUE_STOP_REASON_CSA); -+ -+ ieee80211_bss_info_change_notify(sdata, changed); -+ -+ cfg80211_ch_switch_notify(sdata->dev, &local->csa_chandef); -+} -+ -+static int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev, -+ struct cfg80211_csa_settings *params) -+{ -+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); -+ struct ieee80211_local *local = sdata->local; -+ struct ieee80211_chanctx_conf *chanctx_conf; -+ struct ieee80211_chanctx *chanctx; -+ int err, num_chanctx; -+ -+ if (!list_empty(&local->roc_list) || local->scanning) -+ return -EBUSY; -+ -+ if (sdata->wdev.cac_started) -+ return -EBUSY; -+ -+ if (cfg80211_chandef_identical(¶ms->chandef, -+ &sdata->vif.bss_conf.chandef)) -+ return -EINVAL; -+ -+ rcu_read_lock(); -+ chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); -+ if (!chanctx_conf) { -+ rcu_read_unlock(); -+ return -EBUSY; -+ } -+ -+ /* don't handle for multi-VIF cases */ -+ chanctx = container_of(chanctx_conf, struct ieee80211_chanctx, conf); -+ if (chanctx->refcount > 1) { -+ rcu_read_unlock(); -+ return -EBUSY; -+ } -+ num_chanctx = 0; -+ list_for_each_entry_rcu(chanctx, &local->chanctx_list, list) -+ num_chanctx++; -+ rcu_read_unlock(); -+ -+ if (num_chanctx > 1) -+ return -EBUSY; -+ -+ /* don't allow another channel switch if one is already active. */ -+ if (sdata->vif.csa_active) -+ return -EBUSY; -+ -+ /* only handle AP for now. */ -+ switch (sdata->vif.type) { -+ case NL80211_IFTYPE_AP: -+ break; -+ default: -+ return -EOPNOTSUPP; -+ } -+ -+ sdata->u.ap.next_beacon = cfg80211_beacon_dup(¶ms->beacon_after); -+ if (!sdata->u.ap.next_beacon) -+ return -ENOMEM; -+ -+ sdata->csa_counter_offset_beacon = params->counter_offset_beacon; -+ sdata->csa_counter_offset_presp = params->counter_offset_presp; -+ sdata->csa_radar_required = params->radar_required; -+ -+ if (params->block_tx) -+ ieee80211_stop_queues_by_reason(&local->hw, -+ IEEE80211_MAX_QUEUE_MAP, -+ IEEE80211_QUEUE_STOP_REASON_CSA); -+ -+ err = ieee80211_assign_beacon(sdata, ¶ms->beacon_csa); -+ if (err < 0) -+ return err; -+ -+ local->csa_chandef = params->chandef; -+ sdata->vif.csa_active = true; -+ -+ ieee80211_bss_info_change_notify(sdata, err); -+ drv_channel_switch_beacon(sdata, ¶ms->chandef); -+ -+ return 0; -+} -+ - static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, - struct ieee80211_channel *chan, bool offchan, - unsigned int wait, const u8 *buf, size_t len, -@@ -3332,7 +3514,7 @@ static int ieee80211_probe_client(struct - return -EINVAL; - } - band = chanctx_conf->def.chan->band; -- sta = sta_info_get(sdata, peer); -+ sta = sta_info_get_bss(sdata, peer); - if (sta) { - qos = test_sta_flag(sta, WLAN_STA_WME); - } else { -@@ -3501,4 +3683,5 @@ struct cfg80211_ops mac80211_config_ops - .get_et_strings = ieee80211_get_et_strings, - .get_channel = ieee80211_cfg_get_channel, - .start_radar_detection = ieee80211_start_radar_detection, -+ .channel_switch = ieee80211_channel_switch, - }; ---- a/net/mac80211/chan.c -+++ b/net/mac80211/chan.c -@@ -410,6 +410,64 @@ int ieee80211_vif_use_channel(struct iee - return ret; - } - -+int ieee80211_vif_change_channel(struct ieee80211_sub_if_data *sdata, -+ const struct cfg80211_chan_def *chandef, -+ u32 *changed) -+{ -+ struct ieee80211_local *local = sdata->local; -+ struct ieee80211_chanctx_conf *conf; -+ struct ieee80211_chanctx *ctx; -+ int ret; -+ u32 chanctx_changed = 0; -+ -+ /* should never be called if not performing a channel switch. */ -+ if (WARN_ON(!sdata->vif.csa_active)) -+ return -EINVAL; -+ -+ if (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, -+ IEEE80211_CHAN_DISABLED)) -+ return -EINVAL; -+ -+ mutex_lock(&local->chanctx_mtx); -+ conf = rcu_dereference_protected(sdata->vif.chanctx_conf, -+ lockdep_is_held(&local->chanctx_mtx)); -+ if (!conf) { -+ ret = -EINVAL; -+ goto out; -+ } -+ -+ ctx = container_of(conf, struct ieee80211_chanctx, conf); -+ if (ctx->refcount != 1) { -+ ret = -EINVAL; -+ goto out; -+ } -+ -+ if (sdata->vif.bss_conf.chandef.width != chandef->width) { -+ chanctx_changed = IEEE80211_CHANCTX_CHANGE_WIDTH; -+ *changed |= BSS_CHANGED_BANDWIDTH; -+ } -+ -+ sdata->vif.bss_conf.chandef = *chandef; -+ ctx->conf.def = *chandef; -+ -+ chanctx_changed |= IEEE80211_CHANCTX_CHANGE_CHANNEL; -+ drv_change_chanctx(local, ctx, chanctx_changed); -+ -+ if (!local->use_chanctx) { -+ local->_oper_chandef = *chandef; -+ ieee80211_hw_config(local, 0); -+ } -+ -+ ieee80211_recalc_chanctx_chantype(local, ctx); -+ ieee80211_recalc_smps_chanctx(local, ctx); -+ ieee80211_recalc_radar_chanctx(local, ctx); -+ -+ ret = 0; -+ out: -+ mutex_unlock(&local->chanctx_mtx); -+ return ret; -+} -+ - int ieee80211_vif_change_bandwidth(struct ieee80211_sub_if_data *sdata, - const struct cfg80211_chan_def *chandef, - u32 *changed) ---- a/net/mac80211/driver-ops.h -+++ b/net/mac80211/driver-ops.h -@@ -1104,4 +1104,17 @@ static inline void drv_ipv6_addr_change( - } - #endif - -+static inline void -+drv_channel_switch_beacon(struct ieee80211_sub_if_data *sdata, -+ struct cfg80211_chan_def *chandef) -+{ -+ struct ieee80211_local *local = sdata->local; -+ -+ if (local->ops->channel_switch_beacon) { -+ trace_drv_channel_switch_beacon(local, sdata, chandef); -+ local->ops->channel_switch_beacon(&local->hw, &sdata->vif, -+ chandef); -+ } -+} -+ - #endif /* __MAC80211_DRIVER_OPS */ ---- a/net/mac80211/ieee80211_i.h -+++ b/net/mac80211/ieee80211_i.h -@@ -53,9 +53,6 @@ struct ieee80211_local; - * increased memory use (about 2 kB of RAM per entry). */ - #define IEEE80211_FRAGMENT_MAX 4 - --#define TU_TO_JIFFIES(x) (usecs_to_jiffies((x) * 1024)) --#define TU_TO_EXP_TIME(x) (jiffies + TU_TO_JIFFIES(x)) -- - /* power level hasn't been configured (or set to automatic) */ - #define IEEE80211_UNSET_POWER_LEVEL INT_MIN - -@@ -259,6 +256,8 @@ struct ieee80211_if_ap { - struct beacon_data __rcu *beacon; - struct probe_resp __rcu *probe_resp; - -+ /* to be used after channel switch. */ -+ struct cfg80211_beacon_data *next_beacon; - struct list_head vlans; - - struct ps_data ps; -@@ -713,6 +712,11 @@ struct ieee80211_sub_if_data { - - struct ieee80211_tx_queue_params tx_conf[IEEE80211_NUM_ACS]; - -+ struct work_struct csa_finalize_work; -+ int csa_counter_offset_beacon; -+ int csa_counter_offset_presp; -+ bool csa_radar_required; -+ - /* used to reconfigure hardware SM PS */ - struct work_struct recalc_smps; - -@@ -1346,6 +1350,9 @@ void ieee80211_roc_notify_destroy(struct - void ieee80211_sw_roc_work(struct work_struct *work); - void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); - -+/* channel switch handling */ -+void ieee80211_csa_finalize_work(struct work_struct *work); -+ - /* interface handling */ - int ieee80211_iface_init(void); - void ieee80211_iface_exit(void); -@@ -1367,6 +1374,8 @@ void ieee80211_del_virtual_monitor(struc - - bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); - void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); -+int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata, -+ struct cfg80211_beacon_data *params); - - static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata) - { -@@ -1627,6 +1636,11 @@ int __must_check - ieee80211_vif_change_bandwidth(struct ieee80211_sub_if_data *sdata, - const struct cfg80211_chan_def *chandef, - u32 *changed); -+/* NOTE: only use ieee80211_vif_change_channel() for channel switch */ -+int __must_check -+ieee80211_vif_change_channel(struct ieee80211_sub_if_data *sdata, -+ const struct cfg80211_chan_def *chandef, -+ u32 *changed); - void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata); - void ieee80211_vif_vlan_copy_chanctx(struct ieee80211_sub_if_data *sdata); - void ieee80211_vif_copy_chanctx_to_vlans(struct ieee80211_sub_if_data *sdata, ---- a/net/mac80211/trace.h -+++ b/net/mac80211/trace.h -@@ -1906,6 +1906,32 @@ TRACE_EVENT(api_radar_detected, - ) - ); - -+TRACE_EVENT(drv_channel_switch_beacon, -+ TP_PROTO(struct ieee80211_local *local, -+ struct ieee80211_sub_if_data *sdata, -+ struct cfg80211_chan_def *chandef), -+ -+ TP_ARGS(local, sdata, chandef), -+ -+ TP_STRUCT__entry( -+ LOCAL_ENTRY -+ VIF_ENTRY -+ CHANDEF_ENTRY -+ ), -+ -+ TP_fast_assign( -+ LOCAL_ASSIGN; -+ VIF_ASSIGN; -+ CHANDEF_ASSIGN(chandef); -+ ), -+ -+ TP_printk( -+ LOCAL_PR_FMT VIF_PR_FMT " channel switch to " CHANDEF_PR_FMT, -+ LOCAL_PR_ARG, VIF_PR_ARG, CHANDEF_PR_ARG -+ ) -+); -+ -+ - #ifdef CPTCFG_MAC80211_MESSAGE_TRACING - #undef TRACE_SYSTEM - #define TRACE_SYSTEM mac80211_msg ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -1101,7 +1101,8 @@ ieee80211_tx_prepare(struct ieee80211_su - tx->sta = rcu_dereference(sdata->u.vlan.sta); - if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr) - return TX_DROP; -- } else if (info->flags & IEEE80211_TX_CTL_INJECTED || -+ } else if (info->flags & (IEEE80211_TX_CTL_INJECTED | -+ IEEE80211_TX_INTFL_NL80211_FRAME_TX) || - tx->sdata->control_port_protocol == tx->skb->protocol) { - tx->sta = sta_info_get_bss(sdata, hdr->addr1); - } -@@ -2326,6 +2327,81 @@ static int ieee80211_beacon_add_tim(stru - return 0; - } - -+void ieee80211_csa_finish(struct ieee80211_vif *vif) -+{ -+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); -+ -+ ieee80211_queue_work(&sdata->local->hw, -+ &sdata->csa_finalize_work); -+} -+EXPORT_SYMBOL(ieee80211_csa_finish); -+ -+static void ieee80211_update_csa(struct ieee80211_sub_if_data *sdata, -+ struct beacon_data *beacon) -+{ -+ struct probe_resp *resp; -+ int counter_offset_beacon = sdata->csa_counter_offset_beacon; -+ int counter_offset_presp = sdata->csa_counter_offset_presp; -+ -+ /* warn if the driver did not check for/react to csa completeness */ -+ if (WARN_ON(((u8 *)beacon->tail)[counter_offset_beacon] == 0)) -+ return; -+ -+ ((u8 *)beacon->tail)[counter_offset_beacon]--; -+ -+ if (sdata->vif.type == NL80211_IFTYPE_AP && -+ counter_offset_presp) { -+ rcu_read_lock(); -+ resp = rcu_dereference(sdata->u.ap.probe_resp); -+ -+ /* if nl80211 accepted the offset, this should not happen. */ -+ if (WARN_ON(!resp)) { -+ rcu_read_unlock(); -+ return; -+ } -+ resp->data[counter_offset_presp]--; -+ rcu_read_unlock(); -+ } -+} -+ -+bool ieee80211_csa_is_complete(struct ieee80211_vif *vif) -+{ -+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); -+ struct beacon_data *beacon = NULL; -+ u8 *beacon_data; -+ size_t beacon_data_len; -+ int counter_beacon = sdata->csa_counter_offset_beacon; -+ int ret = false; -+ -+ if (!ieee80211_sdata_running(sdata)) -+ return false; -+ -+ rcu_read_lock(); -+ if (vif->type == NL80211_IFTYPE_AP) { -+ struct ieee80211_if_ap *ap = &sdata->u.ap; -+ -+ beacon = rcu_dereference(ap->beacon); -+ if (WARN_ON(!beacon || !beacon->tail)) -+ goto out; -+ beacon_data = beacon->tail; -+ beacon_data_len = beacon->tail_len; -+ } else { -+ WARN_ON(1); -+ goto out; -+ } -+ -+ if (WARN_ON(counter_beacon > beacon_data_len)) -+ goto out; -+ -+ if (beacon_data[counter_beacon] == 0) -+ ret = true; -+ out: -+ rcu_read_unlock(); -+ -+ return ret; -+} -+EXPORT_SYMBOL(ieee80211_csa_is_complete); -+ - struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw, - struct ieee80211_vif *vif, - u16 *tim_offset, u16 *tim_length) -@@ -2356,6 +2432,9 @@ struct sk_buff *ieee80211_beacon_get_tim - struct beacon_data *beacon = rcu_dereference(ap->beacon); - - if (beacon) { -+ if (sdata->vif.csa_active) -+ ieee80211_update_csa(sdata, beacon); -+ - /* - * headroom, head length, - * tail length and maximum TIM length ---- a/net/wireless/rdev-ops.h -+++ b/net/wireless/rdev-ops.h -@@ -923,4 +923,16 @@ static inline void rdev_crit_proto_stop( - trace_rdev_return_void(&rdev->wiphy); - } + spin_lock_irqsave(&wdev->event_lock, flags); + list_add_tail(&ev->list, &wdev->event_list); +@@ -117,6 +122,7 @@ int __cfg80211_join_ibss(struct cfg80211 -+static inline int rdev_channel_switch(struct cfg80211_registered_device *rdev, -+ struct net_device *dev, -+ struct cfg80211_csa_settings *params) -+{ -+ int ret; -+ -+ trace_rdev_channel_switch(&rdev->wiphy, dev, params); -+ ret = rdev->ops->channel_switch(&rdev->wiphy, dev, params); -+ trace_rdev_return_int(&rdev->wiphy, ret); -+ return ret; -+} -+ - #endif /* __CFG80211_RDEV_OPS */ + wdev->ibss_fixed = params->channel_fixed; + wdev->ibss_dfs_possible = params->userspace_handles_dfs; ++ wdev->chandef = params->chandef; + #ifdef CPTCFG_CFG80211_WEXT + wdev->wext.ibss.chandef = params->chandef; + #endif +@@ -200,6 +206,7 @@ static void __cfg80211_clear_ibss(struct + + wdev->current_bss = NULL; + wdev->ssid_len = 0; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + #ifdef CPTCFG_CFG80211_WEXT + if (!nowext) + wdev->wext.ibss.ssid_len = 0; --- a/net/wireless/trace.h +++ b/net/wireless/trace.h -@@ -1841,6 +1841,39 @@ TRACE_EVENT(rdev_crit_proto_stop, - WIPHY_PR_ARG, WDEV_PR_ARG) +@@ -2278,11 +2278,6 @@ DECLARE_EVENT_CLASS(cfg80211_rx_evt, + TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT, NETDEV_PR_ARG, MAC_PR_ARG(addr)) + ); + +-DEFINE_EVENT(cfg80211_rx_evt, cfg80211_ibss_joined, +- TP_PROTO(struct net_device *netdev, const u8 *addr), +- TP_ARGS(netdev, addr) +-); +- + DEFINE_EVENT(cfg80211_rx_evt, cfg80211_rx_spurious_frame, + TP_PROTO(struct net_device *netdev, const u8 *addr), + TP_ARGS(netdev, addr) +@@ -2293,6 +2288,24 @@ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_r + TP_ARGS(netdev, addr) ); -+TRACE_EVENT(rdev_channel_switch, -+ TP_PROTO(struct wiphy *wiphy, struct net_device *netdev, -+ struct cfg80211_csa_settings *params), -+ TP_ARGS(wiphy, netdev, params), ++TRACE_EVENT(cfg80211_ibss_joined, ++ TP_PROTO(struct net_device *netdev, const u8 *bssid, ++ struct ieee80211_channel *channel), ++ TP_ARGS(netdev, bssid, channel), + TP_STRUCT__entry( -+ WIPHY_ENTRY + NETDEV_ENTRY -+ CHAN_DEF_ENTRY -+ __field(u16, counter_offset_beacon) -+ __field(u16, counter_offset_presp) -+ __field(bool, radar_required) -+ __field(bool, block_tx) -+ __field(u8, count) ++ MAC_ENTRY(bssid) ++ CHAN_ENTRY + ), + TP_fast_assign( -+ WIPHY_ASSIGN; + NETDEV_ASSIGN; -+ CHAN_DEF_ASSIGN(¶ms->chandef); -+ __entry->counter_offset_beacon = params->counter_offset_beacon; -+ __entry->counter_offset_presp = params->counter_offset_presp; -+ __entry->radar_required = params->radar_required; -+ __entry->block_tx = params->block_tx; -+ __entry->count = params->count; ++ MAC_ASSIGN(bssid, bssid); ++ CHAN_ASSIGN(channel); + ), -+ TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", " CHAN_DEF_PR_FMT -+ ", block_tx: %d, count: %u, radar_required: %d" -+ ", counter offsets (beacon/presp): %u/%u", -+ WIPHY_PR_ARG, NETDEV_PR_ARG, CHAN_DEF_PR_ARG, -+ __entry->block_tx, __entry->count, __entry->radar_required, -+ __entry->counter_offset_beacon, -+ __entry->counter_offset_presp) ++ TP_printk(NETDEV_PR_FMT ", bssid: " MAC_PR_FMT ", " CHAN_PR_FMT, ++ NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG) +); + - /************************************************************* - * cfg80211 exported functions traces * - *************************************************************/ ---- a/drivers/net/wireless/ath/ath.h -+++ b/drivers/net/wireless/ath/ath.h -@@ -159,7 +159,7 @@ struct ath_common { - - bool btcoex_enabled; - bool disable_ani; -- bool antenna_diversity; -+ bool bt_ant_diversity; - }; - - struct sk_buff *ath_rxbuf_alloc(struct ath_common *common, ---- a/drivers/net/wireless/ath/ath9k/antenna.c -+++ b/drivers/net/wireless/ath/ath9k/antenna.c -@@ -16,37 +16,119 @@ - - #include "ath9k.h" - --static inline bool ath_is_alt_ant_ratio_better(int alt_ratio, int maxdelta, -+/* -+ * AR9285 -+ * ====== -+ * -+ * EEPROM has 2 4-bit fields containing the card configuration. -+ * -+ * antdiv_ctl1: -+ * ------------ -+ * bb_enable_ant_div_lnadiv : 1 -+ * bb_ant_div_alt_gaintb : 1 -+ * bb_ant_div_main_gaintb : 1 -+ * bb_enable_ant_fast_div : 1 -+ * -+ * antdiv_ctl2: -+ * ----------- -+ * bb_ant_div_alt_lnaconf : 2 -+ * bb_ant_div_main_lnaconf : 2 -+ * -+ * The EEPROM bits are used as follows: -+ * ------------------------------------ -+ * -+ * bb_enable_ant_div_lnadiv - Enable LNA path rx antenna diversity/combining. -+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL. -+ * -+ * bb_ant_div_[alt/main]_gaintb - 0 -> Antenna config Alt/Main uses gaintable 0 -+ * 1 -> Antenna config Alt/Main uses gaintable 1 -+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL. -+ * -+ * bb_enable_ant_fast_div - Enable fast antenna diversity. -+ * Set in AR_PHY_CCK_DETECT. -+ * -+ * bb_ant_div_[alt/main]_lnaconf - Alt/Main LNA diversity/combining input config. -+ * Set in AR_PHY_MULTICHAIN_GAIN_CTL. -+ * 10=LNA1 -+ * 01=LNA2 -+ * 11=LNA1+LNA2 -+ * 00=LNA1-LNA2 -+ * -+ * AR9485 / AR9565 / AR9331 -+ * ======================== -+ * -+ * The same bits are present in the EEPROM, but the location in the -+ * EEPROM is different (ant_div_control in ar9300_BaseExtension_1). -+ * -+ * ant_div_alt_lnaconf ==> bit 0~1 -+ * ant_div_main_lnaconf ==> bit 2~3 -+ * ant_div_alt_gaintb ==> bit 4 -+ * ant_div_main_gaintb ==> bit 5 -+ * enable_ant_div_lnadiv ==> bit 6 -+ * enable_ant_fast_div ==> bit 7 -+ */ -+ -+static inline bool ath_is_alt_ant_ratio_better(struct ath_ant_comb *antcomb, -+ int alt_ratio, int maxdelta, - int mindelta, int main_rssi_avg, - int alt_rssi_avg, int pkt_count) - { -- return (((alt_ratio >= ATH_ANT_DIV_COMB_ALT_ANT_RATIO2) && -- (alt_rssi_avg > main_rssi_avg + maxdelta)) || -- (alt_rssi_avg > main_rssi_avg + mindelta)) && (pkt_count > 50); -+ if (pkt_count <= 50) -+ return false; -+ -+ if (alt_rssi_avg > main_rssi_avg + mindelta) -+ return true; -+ -+ if (alt_ratio >= antcomb->ant_ratio2 && -+ alt_rssi_avg >= antcomb->low_rssi_thresh && -+ (alt_rssi_avg > main_rssi_avg + maxdelta)) -+ return true; -+ -+ return false; - } - --static inline bool ath_ant_div_comb_alt_check(u8 div_group, int alt_ratio, -- int curr_main_set, int curr_alt_set, -- int alt_rssi_avg, int main_rssi_avg) -+static inline bool ath_ant_div_comb_alt_check(struct ath_hw_antcomb_conf *conf, -+ struct ath_ant_comb *antcomb, -+ int alt_ratio, int alt_rssi_avg, -+ int main_rssi_avg) - { -- bool result = false; -- switch (div_group) { -+ bool result, set1, set2; -+ -+ result = set1 = set2 = false; -+ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2 && -+ conf->alt_lna_conf == ATH_ANT_DIV_COMB_LNA1) -+ set1 = true; -+ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA1 && -+ conf->alt_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ set2 = true; -+ -+ switch (conf->div_group) { - case 0: - if (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO) - result = true; - break; - case 1: - case 2: -- if ((((curr_main_set == ATH_ANT_DIV_COMB_LNA2) && -- (curr_alt_set == ATH_ANT_DIV_COMB_LNA1) && -- (alt_rssi_avg >= (main_rssi_avg - 5))) || -- ((curr_main_set == ATH_ANT_DIV_COMB_LNA1) && -- (curr_alt_set == ATH_ANT_DIV_COMB_LNA2) && -- (alt_rssi_avg >= (main_rssi_avg - 2)))) && -- (alt_rssi_avg >= 4)) -+ if (alt_rssi_avg < 4 || alt_rssi_avg < antcomb->low_rssi_thresh) -+ break; -+ -+ if ((set1 && (alt_rssi_avg >= (main_rssi_avg - 5))) || -+ (set2 && (alt_rssi_avg >= (main_rssi_avg - 2))) || -+ (alt_ratio > antcomb->ant_ratio)) - result = true; -- else -- result = false; -+ -+ break; -+ case 3: -+ if (alt_rssi_avg < 4 || alt_rssi_avg < antcomb->low_rssi_thresh) -+ break; -+ -+ if ((set1 && (alt_rssi_avg >= (main_rssi_avg - 3))) || -+ (set2 && (alt_rssi_avg >= (main_rssi_avg + 3))) || -+ (alt_ratio > antcomb->ant_ratio)) -+ result = true; -+ + TRACE_EVENT(cfg80211_probe_status, + TP_PROTO(struct net_device *netdev, const u8 *addr, u64 cookie, + bool acked), +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -820,7 +820,8 @@ void cfg80211_process_wdev_events(struct + ev->dc.reason, true); + break; + case EVENT_IBSS_JOINED: +- __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid); ++ __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid, ++ ev->ij.channel); + break; + } + wdev_unlock(wdev); +@@ -1356,7 +1357,7 @@ int cfg80211_can_use_iftype_chan(struct + */ + mutex_lock_nested(&wdev_iter->mtx, 1); + __acquire(wdev_iter->mtx); +- cfg80211_get_chan_state(wdev_iter, &ch, &chmode); ++ cfg80211_get_chan_state(wdev_iter, &ch, &chmode, &radar_detect); + wdev_unlock(wdev_iter); + + switch (chmode) { +--- a/net/wireless/chan.c ++++ b/net/wireless/chan.c +@@ -642,7 +642,8 @@ int cfg80211_set_monitor_channel(struct + void + cfg80211_get_chan_state(struct wireless_dev *wdev, + struct ieee80211_channel **chan, +- enum cfg80211_chan_mode *chanmode) ++ enum cfg80211_chan_mode *chanmode, ++ u8 *radar_detect) + { + *chan = NULL; + *chanmode = CHAN_MODE_UNDEFINED; +@@ -660,6 +661,11 @@ cfg80211_get_chan_state(struct wireless_ + !wdev->ibss_dfs_possible) + ? CHAN_MODE_SHARED + : CHAN_MODE_EXCLUSIVE; ++ ++ /* consider worst-case - IBSS can try to return to the ++ * original user-specified channel as creator */ ++ if (wdev->ibss_dfs_possible) ++ *radar_detect |= BIT(wdev->chandef.width); + return; + } break; +@@ -674,17 +680,26 @@ cfg80211_get_chan_state(struct wireless_ + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + if (wdev->cac_started) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ *radar_detect |= BIT(wdev->chandef.width); + } else if (wdev->beacon_interval) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ ++ if (cfg80211_chandef_dfs_required(wdev->wiphy, ++ &wdev->chandef)) ++ *radar_detect |= BIT(wdev->chandef.width); + } + return; + case NL80211_IFTYPE_MESH_POINT: + if (wdev->mesh_id_len) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ ++ if (cfg80211_chandef_dfs_required(wdev->wiphy, ++ &wdev->chandef)) ++ *radar_detect |= BIT(wdev->chandef.width); + } + return; + case NL80211_IFTYPE_MONITOR: +--- a/net/wireless/mesh.c ++++ b/net/wireless/mesh.c +@@ -195,7 +195,7 @@ int __cfg80211_join_mesh(struct cfg80211 + if (!err) { + memcpy(wdev->ssid, setup->mesh_id, setup->mesh_id_len); + wdev->mesh_id_len = setup->mesh_id_len; +- wdev->channel = setup->chandef.chan; ++ wdev->chandef = setup->chandef; } -@@ -108,6 +190,74 @@ static void ath_lnaconf_alt_good_scan(st + return err; +@@ -244,7 +244,7 @@ int cfg80211_set_mesh_channel(struct cfg + err = rdev_libertas_set_mesh_channel(rdev, wdev->netdev, + chandef->chan); + if (!err) +- wdev->channel = chandef->chan; ++ wdev->chandef = *chandef; + + return err; + } +@@ -276,7 +276,7 @@ static int __cfg80211_leave_mesh(struct + err = rdev_leave_mesh(rdev, dev); + if (!err) { + wdev->mesh_id_len = 0; +- wdev->channel = NULL; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + rdev_set_qos_map(rdev, dev, NULL); } - } -+static void ath_ant_set_alt_ratio(struct ath_ant_comb *antcomb, -+ struct ath_hw_antcomb_conf *conf) -+{ -+ /* set alt to the conf with maximun ratio */ -+ if (antcomb->first_ratio && antcomb->second_ratio) { -+ if (antcomb->rssi_second > antcomb->rssi_third) { -+ /* first alt*/ -+ if ((antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) || -+ (antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2)) -+ /* Set alt LNA1 or LNA2*/ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ else -+ /* Set alt to A+B or A-B */ -+ conf->alt_lna_conf = -+ antcomb->first_quick_scan_conf; -+ } else if ((antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) || -+ (antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2)) { -+ /* Set alt LNA1 or LNA2 */ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ } else { -+ /* Set alt to A+B or A-B */ -+ conf->alt_lna_conf = antcomb->second_quick_scan_conf; -+ } -+ } else if (antcomb->first_ratio) { -+ /* first alt */ -+ if ((antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) || -+ (antcomb->first_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2)) -+ /* Set alt LNA1 or LNA2 */ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ else -+ /* Set alt to A+B or A-B */ -+ conf->alt_lna_conf = antcomb->first_quick_scan_conf; -+ } else if (antcomb->second_ratio) { -+ /* second alt */ -+ if ((antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) || -+ (antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA2)) -+ /* Set alt LNA1 or LNA2 */ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ else -+ /* Set alt to A+B or A-B */ -+ conf->alt_lna_conf = antcomb->second_quick_scan_conf; -+ } else { -+ /* main is largest */ -+ if ((antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) || -+ (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2)) -+ /* Set alt LNA1 or LNA2 */ -+ if (conf->main_lna_conf == ATH_ANT_DIV_COMB_LNA2) -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ else -+ /* Set alt to A+B or A-B */ -+ conf->alt_lna_conf = antcomb->main_conf; -+ } -+} -+ - static void ath_select_ant_div_from_quick_scan(struct ath_ant_comb *antcomb, - struct ath_hw_antcomb_conf *div_ant_conf, - int main_rssi_avg, int alt_rssi_avg, -@@ -129,7 +279,7 @@ static void ath_select_ant_div_from_quic - - if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) { - /* main is LNA1 */ -- if (ath_is_alt_ant_ratio_better(alt_ratio, -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, - ATH_ANT_DIV_COMB_LNA1_DELTA_HI, - ATH_ANT_DIV_COMB_LNA1_DELTA_LOW, - main_rssi_avg, alt_rssi_avg, -@@ -138,7 +288,7 @@ static void ath_select_ant_div_from_quic - else - antcomb->first_ratio = false; - } else if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2) { -- if (ath_is_alt_ant_ratio_better(alt_ratio, -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, - ATH_ANT_DIV_COMB_LNA1_DELTA_MID, - ATH_ANT_DIV_COMB_LNA1_DELTA_LOW, - main_rssi_avg, alt_rssi_avg, -@@ -147,11 +297,11 @@ static void ath_select_ant_div_from_quic - else - antcomb->first_ratio = false; - } else { -- if ((((alt_ratio >= ATH_ANT_DIV_COMB_ALT_ANT_RATIO2) && -- (alt_rssi_avg > main_rssi_avg + -- ATH_ANT_DIV_COMB_LNA1_DELTA_HI)) || -- (alt_rssi_avg > main_rssi_avg)) && -- (antcomb->total_pkt_count > 50)) -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, -+ ATH_ANT_DIV_COMB_LNA1_DELTA_HI, -+ 0, -+ main_rssi_avg, alt_rssi_avg, -+ antcomb->total_pkt_count)) - antcomb->first_ratio = true; - else - antcomb->first_ratio = false; -@@ -164,17 +314,21 @@ static void ath_select_ant_div_from_quic - antcomb->rssi_first = main_rssi_avg; - antcomb->rssi_third = alt_rssi_avg; - -- if (antcomb->second_quick_scan_conf == ATH_ANT_DIV_COMB_LNA1) -+ switch(antcomb->second_quick_scan_conf) { -+ case ATH_ANT_DIV_COMB_LNA1: - antcomb->rssi_lna1 = alt_rssi_avg; -- else if (antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA2) -+ break; -+ case ATH_ANT_DIV_COMB_LNA2: - antcomb->rssi_lna2 = alt_rssi_avg; -- else if (antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2) { -+ break; -+ case ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2: - if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2) - antcomb->rssi_lna2 = main_rssi_avg; - else if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) - antcomb->rssi_lna1 = main_rssi_avg; -+ break; -+ default: -+ break; - } +--- a/net/wireless/mlme.c ++++ b/net/wireless/mlme.c +@@ -772,7 +772,7 @@ void cfg80211_cac_event(struct net_devic + if (WARN_ON(!wdev->cac_started)) + return; - if (antcomb->rssi_lna2 > antcomb->rssi_lna1 + -@@ -184,7 +338,7 @@ static void ath_select_ant_div_from_quic - div_ant_conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; - - if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) { -- if (ath_is_alt_ant_ratio_better(alt_ratio, -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, - ATH_ANT_DIV_COMB_LNA1_DELTA_HI, - ATH_ANT_DIV_COMB_LNA1_DELTA_LOW, - main_rssi_avg, alt_rssi_avg, -@@ -193,7 +347,7 @@ static void ath_select_ant_div_from_quic - else - antcomb->second_ratio = false; - } else if (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2) { -- if (ath_is_alt_ant_ratio_better(alt_ratio, -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, - ATH_ANT_DIV_COMB_LNA1_DELTA_MID, - ATH_ANT_DIV_COMB_LNA1_DELTA_LOW, - main_rssi_avg, alt_rssi_avg, -@@ -202,105 +356,18 @@ static void ath_select_ant_div_from_quic - else - antcomb->second_ratio = false; - } else { -- if ((((alt_ratio >= ATH_ANT_DIV_COMB_ALT_ANT_RATIO2) && -- (alt_rssi_avg > main_rssi_avg + -- ATH_ANT_DIV_COMB_LNA1_DELTA_HI)) || -- (alt_rssi_avg > main_rssi_avg)) && -- (antcomb->total_pkt_count > 50)) -+ if (ath_is_alt_ant_ratio_better(antcomb, alt_ratio, -+ ATH_ANT_DIV_COMB_LNA1_DELTA_HI, -+ 0, -+ main_rssi_avg, alt_rssi_avg, -+ antcomb->total_pkt_count)) - antcomb->second_ratio = true; - else - antcomb->second_ratio = false; - } +- if (WARN_ON(!wdev->channel)) ++ if (WARN_ON(!wdev->chandef.chan)) + return; -- /* set alt to the conf with maximun ratio */ -- if (antcomb->first_ratio && antcomb->second_ratio) { -- if (antcomb->rssi_second > antcomb->rssi_third) { -- /* first alt*/ -- if ((antcomb->first_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA1) || -- (antcomb->first_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA2)) -- /* Set alt LNA1 or LNA2*/ -- if (div_ant_conf->main_lna_conf == -- ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- else -- /* Set alt to A+B or A-B */ -- div_ant_conf->alt_lna_conf = -- antcomb->first_quick_scan_conf; -- } else if ((antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA1) || -- (antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA2)) { -- /* Set alt LNA1 or LNA2 */ -- if (div_ant_conf->main_lna_conf == -- ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- } else { -- /* Set alt to A+B or A-B */ -- div_ant_conf->alt_lna_conf = -- antcomb->second_quick_scan_conf; -- } -- } else if (antcomb->first_ratio) { -- /* first alt */ -- if ((antcomb->first_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA1) || -- (antcomb->first_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA2)) -- /* Set alt LNA1 or LNA2 */ -- if (div_ant_conf->main_lna_conf == -- ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- else -- /* Set alt to A+B or A-B */ -- div_ant_conf->alt_lna_conf = -- antcomb->first_quick_scan_conf; -- } else if (antcomb->second_ratio) { -- /* second alt */ -- if ((antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA1) || -- (antcomb->second_quick_scan_conf == -- ATH_ANT_DIV_COMB_LNA2)) -- /* Set alt LNA1 or LNA2 */ -- if (div_ant_conf->main_lna_conf == -- ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- else -- /* Set alt to A+B or A-B */ -- div_ant_conf->alt_lna_conf = -- antcomb->second_quick_scan_conf; -- } else { -- /* main is largest */ -- if ((antcomb->main_conf == ATH_ANT_DIV_COMB_LNA1) || -- (antcomb->main_conf == ATH_ANT_DIV_COMB_LNA2)) -- /* Set alt LNA1 or LNA2 */ -- if (div_ant_conf->main_lna_conf == -- ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else -- div_ant_conf->alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- else -- /* Set alt to A+B or A-B */ -- div_ant_conf->alt_lna_conf = antcomb->main_conf; -- } -+ ath_ant_set_alt_ratio(antcomb, div_ant_conf); -+ - break; - default: - break; -@@ -430,8 +497,7 @@ static void ath_ant_div_conf_fast_divbia - ant_conf->fast_div_bias = 0x1; - break; - case 0x10: /* LNA2 A-B */ -- if (!(antcomb->scan) && -- (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO)) -+ if (!antcomb->scan && (alt_ratio > antcomb->ant_ratio)) - ant_conf->fast_div_bias = 0x1; - else - ant_conf->fast_div_bias = 0x2; -@@ -440,15 +506,13 @@ static void ath_ant_div_conf_fast_divbia - ant_conf->fast_div_bias = 0x1; - break; - case 0x13: /* LNA2 A+B */ -- if (!(antcomb->scan) && -- (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO)) -+ if (!antcomb->scan && (alt_ratio > antcomb->ant_ratio)) - ant_conf->fast_div_bias = 0x1; - else - ant_conf->fast_div_bias = 0x2; - break; - case 0x20: /* LNA1 A-B */ -- if (!(antcomb->scan) && -- (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO)) -+ if (!antcomb->scan && (alt_ratio > antcomb->ant_ratio)) - ant_conf->fast_div_bias = 0x1; - else - ant_conf->fast_div_bias = 0x2; -@@ -457,8 +521,7 @@ static void ath_ant_div_conf_fast_divbia - ant_conf->fast_div_bias = 0x1; - break; - case 0x23: /* LNA1 A+B */ -- if (!(antcomb->scan) && -- (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO)) -+ if (!antcomb->scan && (alt_ratio > antcomb->ant_ratio)) - ant_conf->fast_div_bias = 0x1; - else - ant_conf->fast_div_bias = 0x2; -@@ -475,6 +538,9 @@ static void ath_ant_div_conf_fast_divbia - default: + switch (event) { +--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c +@@ -5065,6 +5065,10 @@ static u16 ar9003_hw_get_max_edge_power( break; } -+ -+ if (antcomb->fast_div_bias) -+ ant_conf->fast_div_bias = antcomb->fast_div_bias; - } else if (ant_conf->div_group == 3) { - switch ((ant_conf->main_lna_conf << 4) | - ant_conf->alt_lna_conf) { -@@ -540,6 +606,138 @@ static void ath_ant_div_conf_fast_divbia } - } - -+static void ath_ant_try_scan(struct ath_ant_comb *antcomb, -+ struct ath_hw_antcomb_conf *conf, -+ int curr_alt_set, int alt_rssi_avg, -+ int main_rssi_avg) -+{ -+ switch (curr_alt_set) { -+ case ATH_ANT_DIV_COMB_LNA2: -+ antcomb->rssi_lna2 = alt_rssi_avg; -+ antcomb->rssi_lna1 = main_rssi_avg; -+ antcomb->scan = true; -+ /* set to A+B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -+ break; -+ case ATH_ANT_DIV_COMB_LNA1: -+ antcomb->rssi_lna1 = alt_rssi_avg; -+ antcomb->rssi_lna2 = main_rssi_avg; -+ antcomb->scan = true; -+ /* set to A+B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -+ break; -+ case ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2: -+ antcomb->rssi_add = alt_rssi_avg; -+ antcomb->scan = true; -+ /* set to A-B */ -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -+ break; -+ case ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2: -+ antcomb->rssi_sub = alt_rssi_avg; -+ antcomb->scan = false; -+ if (antcomb->rssi_lna2 > -+ (antcomb->rssi_lna1 + ATH_ANT_DIV_COMB_LNA1_LNA2_SWITCH_DELTA)) { -+ /* use LNA2 as main LNA */ -+ if ((antcomb->rssi_add > antcomb->rssi_lna1) && -+ (antcomb->rssi_add > antcomb->rssi_sub)) { -+ /* set to A+B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -+ } else if (antcomb->rssi_sub > -+ antcomb->rssi_lna1) { -+ /* set to A-B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -+ } else { -+ /* set to LNA1 */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ } -+ } else { -+ /* use LNA1 as main LNA */ -+ if ((antcomb->rssi_add > antcomb->rssi_lna2) && -+ (antcomb->rssi_add > antcomb->rssi_sub)) { -+ /* set to A+B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -+ } else if (antcomb->rssi_sub > -+ antcomb->rssi_lna1) { -+ /* set to A-B */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -+ } else { -+ /* set to LNA2 */ -+ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ } -+ } -+ break; -+ default: -+ break; -+ } -+} -+ -+static bool ath_ant_try_switch(struct ath_hw_antcomb_conf *div_ant_conf, -+ struct ath_ant_comb *antcomb, -+ int alt_ratio, int alt_rssi_avg, -+ int main_rssi_avg, int curr_main_set, -+ int curr_alt_set) -+{ -+ bool ret = false; -+ -+ if (ath_ant_div_comb_alt_check(div_ant_conf, antcomb, alt_ratio, -+ alt_rssi_avg, main_rssi_avg)) { -+ if (curr_alt_set == ATH_ANT_DIV_COMB_LNA2) { -+ /* -+ * Switch main and alt LNA. -+ */ -+ div_ant_conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ div_ant_conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ } else if (curr_alt_set == ATH_ANT_DIV_COMB_LNA1) { -+ div_ant_conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ div_ant_conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ } -+ -+ ret = true; -+ } else if ((curr_alt_set != ATH_ANT_DIV_COMB_LNA1) && -+ (curr_alt_set != ATH_ANT_DIV_COMB_LNA2)) { -+ /* -+ Set alt to another LNA. -+ */ -+ if (curr_main_set == ATH_ANT_DIV_COMB_LNA2) -+ div_ant_conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1; -+ else if (curr_main_set == ATH_ANT_DIV_COMB_LNA1) -+ div_ant_conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA2; -+ -+ ret = true; -+ } -+ -+ return ret; -+} -+ -+static bool ath_ant_short_scan_check(struct ath_ant_comb *antcomb) -+{ -+ int alt_ratio; -+ -+ if (!antcomb->scan || !antcomb->alt_good) -+ return false; -+ -+ if (time_after(jiffies, antcomb->scan_start_time + -+ msecs_to_jiffies(ATH_ANT_DIV_COMB_SHORT_SCAN_INTR))) -+ return true; -+ -+ if (antcomb->total_pkt_count == ATH_ANT_DIV_COMB_SHORT_SCAN_PKTCOUNT) { -+ alt_ratio = ((antcomb->alt_recv_cnt * 100) / -+ antcomb->total_pkt_count); -+ if (alt_ratio < antcomb->ant_ratio) -+ return true; -+ } + -+ return false; -+} -+ - void ath_ant_comb_scan(struct ath_softc *sc, struct ath_rx_status *rs) - { - struct ath_hw_antcomb_conf div_ant_conf; -@@ -549,41 +747,46 @@ void ath_ant_comb_scan(struct ath_softc - int main_rssi = rs->rs_rssi_ctl0; - int alt_rssi = rs->rs_rssi_ctl1; - int rx_ant_conf, main_ant_conf; -- bool short_scan = false; -+ bool short_scan = false, ret; - - rx_ant_conf = (rs->rs_rssi_ctl2 >> ATH_ANT_RX_CURRENT_SHIFT) & - ATH_ANT_RX_MASK; - main_ant_conf = (rs->rs_rssi_ctl2 >> ATH_ANT_RX_MAIN_SHIFT) & - ATH_ANT_RX_MASK; - -+ if (alt_rssi >= antcomb->low_rssi_thresh) { -+ antcomb->ant_ratio = ATH_ANT_DIV_COMB_ALT_ANT_RATIO; -+ antcomb->ant_ratio2 = ATH_ANT_DIV_COMB_ALT_ANT_RATIO2; -+ } else { -+ antcomb->ant_ratio = ATH_ANT_DIV_COMB_ALT_ANT_RATIO_LOW_RSSI; -+ antcomb->ant_ratio2 = ATH_ANT_DIV_COMB_ALT_ANT_RATIO2_LOW_RSSI; -+ } -+ - /* Record packet only when both main_rssi and alt_rssi is positive */ - if (main_rssi > 0 && alt_rssi > 0) { - antcomb->total_pkt_count++; - antcomb->main_total_rssi += main_rssi; - antcomb->alt_total_rssi += alt_rssi; ++ if (is2GHz && !twiceMaxEdgePower) ++ twiceMaxEdgePower = 60; + - if (main_ant_conf == rx_ant_conf) - antcomb->main_recv_cnt++; - else - antcomb->alt_recv_cnt++; - } + return twiceMaxEdgePower; + } -- /* Short scan check */ -- if (antcomb->scan && antcomb->alt_good) { -- if (time_after(jiffies, antcomb->scan_start_time + -- msecs_to_jiffies(ATH_ANT_DIV_COMB_SHORT_SCAN_INTR))) -- short_scan = true; -- else -- if (antcomb->total_pkt_count == -- ATH_ANT_DIV_COMB_SHORT_SCAN_PKTCOUNT) { -- alt_ratio = ((antcomb->alt_recv_cnt * 100) / -- antcomb->total_pkt_count); -- if (alt_ratio < ATH_ANT_DIV_COMB_ALT_ANT_RATIO) -- short_scan = true; -- } -+ if (main_ant_conf == rx_ant_conf) { -+ ANT_STAT_INC(ANT_MAIN, recv_cnt); -+ ANT_LNA_INC(ANT_MAIN, rx_ant_conf); -+ } else { -+ ANT_STAT_INC(ANT_ALT, recv_cnt); -+ ANT_LNA_INC(ANT_ALT, rx_ant_conf); - } +--- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c +@@ -23,10 +23,11 @@ + #define MAX_MEASUREMENT MAX_IQCAL_MEASUREMENT + #define MAX_MAG_DELTA 11 + #define MAX_PHS_DELTA 10 ++#define MAXIQCAL 3 -+ /* Short scan check */ -+ short_scan = ath_ant_short_scan_check(antcomb); -+ - if (((antcomb->total_pkt_count < ATH_ANT_DIV_COMB_MAX_PKTCOUNT) || -- rs->rs_moreaggr) && !short_scan) -+ rs->rs_moreaggr) && !short_scan) - return; + struct coeff { +- int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT]; +- int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT]; ++ int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL]; ++ int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL]; + int iqc_coeff[2]; + }; - if (antcomb->total_pkt_count) { -@@ -595,15 +798,13 @@ void ath_ant_comb_scan(struct ath_softc - antcomb->total_pkt_count); - } +@@ -800,7 +801,7 @@ static bool ar9003_hw_calc_iq_corr(struc + if (q_q_coff > 63) + q_q_coff = 63; -- - ath9k_hw_antdiv_comb_conf_get(sc->sc_ah, &div_ant_conf); - curr_alt_set = div_ant_conf.alt_lna_conf; - curr_main_set = div_ant_conf.main_lna_conf; -- - antcomb->count++; - - if (antcomb->count == ATH_ANT_DIV_COMB_MAX_COUNT) { -- if (alt_ratio > ATH_ANT_DIV_COMB_ALT_ANT_RATIO) { -+ if (alt_ratio > antcomb->ant_ratio) { - ath_lnaconf_alt_good_scan(antcomb, div_ant_conf, - main_rssi_avg); - antcomb->alt_good = true; -@@ -617,153 +818,47 @@ void ath_ant_comb_scan(struct ath_softc - } +- iqc_coeff[0] = (q_q_coff * 128) + q_i_coff; ++ iqc_coeff[0] = (q_q_coff * 128) + (0x7f & q_i_coff); - if (!antcomb->scan) { -- if (ath_ant_div_comb_alt_check(div_ant_conf.div_group, -- alt_ratio, curr_main_set, curr_alt_set, -- alt_rssi_avg, main_rssi_avg)) { -- if (curr_alt_set == ATH_ANT_DIV_COMB_LNA2) { -- /* Switch main and alt LNA */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- } else if (curr_alt_set == ATH_ANT_DIV_COMB_LNA1) { -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- } -- -- goto div_comb_done; -- } else if ((curr_alt_set != ATH_ANT_DIV_COMB_LNA1) && -- (curr_alt_set != ATH_ANT_DIV_COMB_LNA2)) { -- /* Set alt to another LNA */ -- if (curr_main_set == ATH_ANT_DIV_COMB_LNA2) -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- else if (curr_main_set == ATH_ANT_DIV_COMB_LNA1) -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- -- goto div_comb_done; -- } -- -- if ((alt_rssi_avg < (main_rssi_avg + -- div_ant_conf.lna1_lna2_delta))) -+ ret = ath_ant_try_switch(&div_ant_conf, antcomb, alt_ratio, -+ alt_rssi_avg, main_rssi_avg, -+ curr_main_set, curr_alt_set); -+ if (ret) - goto div_comb_done; + ath_dbg(common, CALIBRATE, "tx chain %d: iq corr coeff=%x\n", + chain_idx, iqc_coeff[0]); +@@ -831,7 +832,7 @@ static bool ar9003_hw_calc_iq_corr(struc + if (q_q_coff > 63) + q_q_coff = 63; + +- iqc_coeff[1] = (q_q_coff * 128) + q_i_coff; ++ iqc_coeff[1] = (q_q_coff * 128) + (0x7f & q_i_coff); + + ath_dbg(common, CALIBRATE, "rx chain %d: iq corr coeff=%x\n", + chain_idx, iqc_coeff[1]); +@@ -839,7 +840,8 @@ static bool ar9003_hw_calc_iq_corr(struc + return true; + } + +-static void ar9003_hw_detect_outlier(int *mp_coeff, int nmeasurement, ++static void ar9003_hw_detect_outlier(int mp_coeff[][MAXIQCAL], ++ int nmeasurement, + int max_delta) + { + int mp_max = -64, max_idx = 0; +@@ -848,20 +850,20 @@ static void ar9003_hw_detect_outlier(int + + /* find min/max mismatch across all calibrated gains */ + for (i = 0; i < nmeasurement; i++) { +- if (mp_coeff[i] > mp_max) { +- mp_max = mp_coeff[i]; ++ if (mp_coeff[i][0] > mp_max) { ++ mp_max = mp_coeff[i][0]; + max_idx = i; +- } else if (mp_coeff[i] < mp_min) { +- mp_min = mp_coeff[i]; ++ } else if (mp_coeff[i][0] < mp_min) { ++ mp_min = mp_coeff[i][0]; + min_idx = i; + } } -+ if (!antcomb->scan && -+ (alt_rssi_avg < (main_rssi_avg + div_ant_conf.lna1_lna2_delta))) -+ goto div_comb_done; -+ - if (!antcomb->scan_not_start) { -- switch (curr_alt_set) { -- case ATH_ANT_DIV_COMB_LNA2: -- antcomb->rssi_lna2 = alt_rssi_avg; -- antcomb->rssi_lna1 = main_rssi_avg; -- antcomb->scan = true; -- /* set to A+B */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -- break; -- case ATH_ANT_DIV_COMB_LNA1: -- antcomb->rssi_lna1 = alt_rssi_avg; -- antcomb->rssi_lna2 = main_rssi_avg; -- antcomb->scan = true; -- /* set to A+B */ -- div_ant_conf.main_lna_conf = ATH_ANT_DIV_COMB_LNA2; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -- break; -- case ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2: -- antcomb->rssi_add = alt_rssi_avg; -- antcomb->scan = true; -- /* set to A-B */ -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -- break; -- case ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2: -- antcomb->rssi_sub = alt_rssi_avg; -- antcomb->scan = false; -- if (antcomb->rssi_lna2 > -- (antcomb->rssi_lna1 + -- ATH_ANT_DIV_COMB_LNA1_LNA2_SWITCH_DELTA)) { -- /* use LNA2 as main LNA */ -- if ((antcomb->rssi_add > antcomb->rssi_lna1) && -- (antcomb->rssi_add > antcomb->rssi_sub)) { -- /* set to A+B */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -- } else if (antcomb->rssi_sub > -- antcomb->rssi_lna1) { -- /* set to A-B */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -- } else { -- /* set to LNA1 */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- } -- } else { -- /* use LNA1 as main LNA */ -- if ((antcomb->rssi_add > antcomb->rssi_lna2) && -- (antcomb->rssi_add > antcomb->rssi_sub)) { -- /* set to A+B */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; -- } else if (antcomb->rssi_sub > -- antcomb->rssi_lna1) { -- /* set to A-B */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -- } else { -- /* set to LNA2 */ -- div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -- div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -- } -- } -- break; -- default: -- break; -- } -+ ath_ant_try_scan(antcomb, &div_ant_conf, curr_alt_set, -+ alt_rssi_avg, main_rssi_avg); - } else { - if (!antcomb->alt_good) { - antcomb->scan_not_start = false; - /* Set alt to another LNA */ - if (curr_main_set == ATH_ANT_DIV_COMB_LNA2) { - div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -+ ATH_ANT_DIV_COMB_LNA2; - div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -+ ATH_ANT_DIV_COMB_LNA1; - } else if (curr_main_set == ATH_ANT_DIV_COMB_LNA1) { - div_ant_conf.main_lna_conf = -- ATH_ANT_DIV_COMB_LNA1; -+ ATH_ANT_DIV_COMB_LNA1; - div_ant_conf.alt_lna_conf = -- ATH_ANT_DIV_COMB_LNA2; -+ ATH_ANT_DIV_COMB_LNA2; - } - goto div_comb_done; + /* find average (exclude max abs value) */ + for (i = 0; i < nmeasurement; i++) { +- if ((abs(mp_coeff[i]) < abs(mp_max)) || +- (abs(mp_coeff[i]) < abs(mp_min))) { +- mp_avg += mp_coeff[i]; ++ if ((abs(mp_coeff[i][0]) < abs(mp_max)) || ++ (abs(mp_coeff[i][0]) < abs(mp_min))) { ++ mp_avg += mp_coeff[i][0]; + mp_count++; } -+ ath_select_ant_div_from_quick_scan(antcomb, &div_ant_conf, -+ main_rssi_avg, alt_rssi_avg, -+ alt_ratio); -+ antcomb->quick_scan_cnt++; } +@@ -873,7 +875,7 @@ static void ar9003_hw_detect_outlier(int + if (mp_count) + mp_avg /= mp_count; + else +- mp_avg = mp_coeff[nmeasurement - 1]; ++ mp_avg = mp_coeff[nmeasurement - 1][0]; -- ath_select_ant_div_from_quick_scan(antcomb, &div_ant_conf, -- main_rssi_avg, alt_rssi_avg, -- alt_ratio); -- -- antcomb->quick_scan_cnt++; -- - div_comb_done: - ath_ant_div_conf_fast_divbias(&div_ant_conf, antcomb, alt_ratio); - ath9k_hw_antdiv_comb_conf_set(sc->sc_ah, &div_ant_conf); -+ ath9k_debug_stat_ant(sc, &div_ant_conf, main_rssi_avg, alt_rssi_avg); - - antcomb->scan_start_time = jiffies; - antcomb->total_pkt_count = 0; -@@ -772,26 +867,3 @@ div_comb_done: - antcomb->main_recv_cnt = 0; - antcomb->alt_recv_cnt = 0; + /* detect outlier */ + if (abs(mp_max - mp_min) > max_delta) { +@@ -882,15 +884,16 @@ static void ar9003_hw_detect_outlier(int + else + outlier_idx = min_idx; + +- mp_coeff[outlier_idx] = mp_avg; ++ mp_coeff[outlier_idx][0] = mp_avg; + } } -- --void ath_ant_comb_update(struct ath_softc *sc) --{ -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- struct ath_hw_antcomb_conf div_ant_conf; -- u8 lna_conf; -- -- ath9k_hw_antdiv_comb_conf_get(ah, &div_ant_conf); -- -- if (sc->ant_rx == 1) -- lna_conf = ATH_ANT_DIV_COMB_LNA1; -- else -- lna_conf = ATH_ANT_DIV_COMB_LNA2; -- -- div_ant_conf.main_lna_conf = lna_conf; -- div_ant_conf.alt_lna_conf = lna_conf; -- -- ath9k_hw_antdiv_comb_conf_set(ah, &div_ant_conf); -- -- if (common->antenna_diversity) -- ath9k_hw_antctrl_shared_chain_lnadiv(ah, true); --} ---- a/drivers/net/wireless/ath/ath9k/ar5008_phy.c -+++ b/drivers/net/wireless/ath/ath9k/ar5008_phy.c -@@ -610,7 +610,15 @@ static void ar5008_hw_override_ini(struc - REG_SET_BIT(ah, AR_DIAG_SW, (AR_DIAG_RX_DIS | AR_DIAG_RX_ABORT)); - if (AR_SREV_9280_20_OR_LATER(ah)) { -- val = REG_READ(ah, AR_PCU_MISC_MODE2); +-static void ar9003_hw_tx_iqcal_load_avg_2_passes(struct ath_hw *ah, +- struct coeff *coeff, +- bool is_reusable) ++static void ar9003_hw_tx_iq_cal_outlier_detection(struct ath_hw *ah, ++ struct coeff *coeff, ++ bool is_reusable) + { + int i, im, nmeasurement; ++ int magnitude, phase; + u32 tx_corr_coeff[MAX_MEASUREMENT][AR9300_MAX_CHAINS]; + struct ath9k_hw_cal_data *caldata = ah->caldata; + +@@ -920,21 +923,30 @@ static void ar9003_hw_tx_iqcal_load_avg_ + if (nmeasurement > MAX_MEASUREMENT) + nmeasurement = MAX_MEASUREMENT; + +- /* detect outlier only if nmeasurement > 1 */ +- if (nmeasurement > 1) { +- /* Detect magnitude outlier */ +- ar9003_hw_detect_outlier(coeff->mag_coeff[i], +- nmeasurement, MAX_MAG_DELTA); +- +- /* Detect phase outlier */ +- ar9003_hw_detect_outlier(coeff->phs_coeff[i], +- nmeasurement, MAX_PHS_DELTA); + /* -+ * For AR9280 and above, there is a new feature that allows -+ * Multicast search based on both MAC Address and Key ID. -+ * By default, this feature is enabled. But since the driver -+ * is not using this feature, we switch it off; otherwise -+ * multicast search based on MAC addr only will fail. ++ * Skip normal outlier detection for AR9550. + */ -+ val = REG_READ(ah, AR_PCU_MISC_MODE2) & -+ (~AR_ADHOC_MCAST_KEYID_ENABLE); - - if (!AR_SREV_9271(ah)) - val &= ~AR_PCU_MISC_MODE2_HWWAR1; ---- a/drivers/net/wireless/ath/ath9k/ar9002_phy.c -+++ b/drivers/net/wireless/ath/ath9k/ar9002_phy.c -@@ -555,6 +555,69 @@ static void ar9002_hw_antdiv_comb_conf_s - REG_WRITE(ah, AR_PHY_MULTICHAIN_GAIN_CTL, regval); ++ if (!AR_SREV_9550(ah)) { ++ /* detect outlier only if nmeasurement > 1 */ ++ if (nmeasurement > 1) { ++ /* Detect magnitude outlier */ ++ ar9003_hw_detect_outlier(coeff->mag_coeff[i], ++ nmeasurement, ++ MAX_MAG_DELTA); ++ ++ /* Detect phase outlier */ ++ ar9003_hw_detect_outlier(coeff->phs_coeff[i], ++ nmeasurement, ++ MAX_PHS_DELTA); ++ } + } + + for (im = 0; im < nmeasurement; im++) { ++ magnitude = coeff->mag_coeff[i][im][0]; ++ phase = coeff->phs_coeff[i][im][0]; + +- coeff->iqc_coeff[0] = (coeff->mag_coeff[i][im] & 0x7f) | +- ((coeff->phs_coeff[i][im] & 0x7f) << 7); ++ coeff->iqc_coeff[0] = ++ (phase & 0x7f) | ((magnitude & 0x7f) << 7); + + if ((im % 2) == 0) + REG_RMW_FIELD(ah, tx_corr_coeff[im][i], +@@ -991,7 +1003,63 @@ static bool ar9003_hw_tx_iq_cal_run(stru + return true; } -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ -+static void ar9002_hw_set_bt_ant_diversity(struct ath_hw *ah, bool enable) +-static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah, bool is_reusable) ++static void __ar955x_tx_iq_cal_sort(struct ath_hw *ah, ++ struct coeff *coeff, ++ int i, int nmeasurement) +{ -+ struct ath_btcoex_hw *btcoex = &ah->btcoex_hw; -+ u8 antdiv_ctrl1, antdiv_ctrl2; -+ u32 regval; -+ -+ if (enable) { -+ antdiv_ctrl1 = ATH_BT_COEX_ANTDIV_CONTROL1_ENABLE; -+ antdiv_ctrl2 = ATH_BT_COEX_ANTDIV_CONTROL2_ENABLE; ++ struct ath_common *common = ath9k_hw_common(ah); ++ int im, ix, iy, temp; ++ ++ for (im = 0; im < nmeasurement; im++) { ++ for (ix = 0; ix < MAXIQCAL - 1; ix++) { ++ for (iy = ix + 1; iy <= MAXIQCAL - 1; iy++) { ++ if (coeff->mag_coeff[i][im][iy] < ++ coeff->mag_coeff[i][im][ix]) { ++ temp = coeff->mag_coeff[i][im][ix]; ++ coeff->mag_coeff[i][im][ix] = ++ coeff->mag_coeff[i][im][iy]; ++ coeff->mag_coeff[i][im][iy] = temp; ++ } ++ if (coeff->phs_coeff[i][im][iy] < ++ coeff->phs_coeff[i][im][ix]) { ++ temp = coeff->phs_coeff[i][im][ix]; ++ coeff->phs_coeff[i][im][ix] = ++ coeff->phs_coeff[i][im][iy]; ++ coeff->phs_coeff[i][im][iy] = temp; ++ } ++ } ++ } ++ coeff->mag_coeff[i][im][0] = coeff->mag_coeff[i][im][MAXIQCAL / 2]; ++ coeff->phs_coeff[i][im][0] = coeff->phs_coeff[i][im][MAXIQCAL / 2]; + -+ /* -+ * Don't disable BT ant to allow BB to control SWCOM. -+ */ -+ btcoex->bt_coex_mode2 &= (~(AR_BT_DISABLE_BT_ANT)); -+ REG_WRITE(ah, AR_BT_COEX_MODE2, btcoex->bt_coex_mode2); ++ ath_dbg(common, CALIBRATE, ++ "IQCAL: Median [ch%d][gain%d]: mag = %d phase = %d\n", ++ i, im, ++ coeff->mag_coeff[i][im][0], ++ coeff->phs_coeff[i][im][0]); ++ } ++} + -+ REG_WRITE(ah, AR_PHY_SWITCH_COM, ATH_BT_COEX_ANT_DIV_SWITCH_COM); -+ REG_RMW(ah, AR_PHY_SWITCH_CHAIN_0, 0, 0xf0000000); -+ } else { -+ /* -+ * Disable antenna diversity, use LNA1 only. -+ */ -+ antdiv_ctrl1 = ATH_BT_COEX_ANTDIV_CONTROL1_FIXED_A; -+ antdiv_ctrl2 = ATH_BT_COEX_ANTDIV_CONTROL2_FIXED_A; ++static bool ar955x_tx_iq_cal_median(struct ath_hw *ah, ++ struct coeff *coeff, ++ int iqcal_idx, ++ int nmeasurement) ++{ ++ int i; + -+ /* -+ * Disable BT Ant. to allow concurrent BT and WLAN receive. -+ */ -+ btcoex->bt_coex_mode2 |= AR_BT_DISABLE_BT_ANT; -+ REG_WRITE(ah, AR_BT_COEX_MODE2, btcoex->bt_coex_mode2); ++ if ((iqcal_idx + 1) != MAXIQCAL) ++ return false; + -+ /* -+ * Program SWCOM table to make sure RF switch always parks -+ * at BT side. -+ */ -+ REG_WRITE(ah, AR_PHY_SWITCH_COM, 0); -+ REG_RMW(ah, AR_PHY_SWITCH_CHAIN_0, 0, 0xf0000000); ++ for (i = 0; i < AR9300_MAX_CHAINS; i++) { ++ __ar955x_tx_iq_cal_sort(ah, coeff, i, nmeasurement); + } + -+ regval = REG_READ(ah, AR_PHY_MULTICHAIN_GAIN_CTL); -+ regval &= (~(AR_PHY_9285_ANT_DIV_CTL_ALL)); -+ /* -+ * Clear ant_fast_div_bias [14:9] since for WB195, -+ * the main LNA is always LNA1. -+ */ -+ regval &= (~(AR_PHY_9285_FAST_DIV_BIAS)); -+ regval |= SM(antdiv_ctrl1, AR_PHY_9285_ANT_DIV_CTL); -+ regval |= SM(antdiv_ctrl2, AR_PHY_9285_ANT_DIV_ALT_LNACONF); -+ regval |= SM((antdiv_ctrl2 >> 2), AR_PHY_9285_ANT_DIV_MAIN_LNACONF); -+ regval |= SM((antdiv_ctrl1 >> 1), AR_PHY_9285_ANT_DIV_ALT_GAINTB); -+ regval |= SM((antdiv_ctrl1 >> 2), AR_PHY_9285_ANT_DIV_MAIN_GAINTB); -+ REG_WRITE(ah, AR_PHY_MULTICHAIN_GAIN_CTL, regval); -+ -+ regval = REG_READ(ah, AR_PHY_CCK_DETECT); -+ regval &= (~AR_PHY_CCK_DETECT_BB_ENABLE_ANT_FAST_DIV); -+ regval |= SM((antdiv_ctrl1 >> 3), AR_PHY_CCK_DETECT_BB_ENABLE_ANT_FAST_DIV); -+ REG_WRITE(ah, AR_PHY_CCK_DETECT, regval); ++ return true; +} + -+#endif -+ - static void ar9002_hw_spectral_scan_config(struct ath_hw *ah, - struct ath_spec_scan *param) - { -@@ -634,5 +697,9 @@ void ar9002_hw_attach_phy_ops(struct ath - ops->spectral_scan_trigger = ar9002_hw_spectral_scan_trigger; - ops->spectral_scan_wait = ar9002_hw_spectral_scan_wait; - -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ ops->set_bt_ant_diversity = ar9002_hw_set_bt_ant_diversity; -+#endif -+ - ar9002_hw_set_nf_limits(ah); - } ---- a/drivers/net/wireless/ath/ath9k/ar9002_phy.h -+++ b/drivers/net/wireless/ath/ath9k/ar9002_phy.h -@@ -317,13 +317,15 @@ - #define AR_PHY_9285_ANT_DIV_ALT_GAINTB_S 29 - #define AR_PHY_9285_ANT_DIV_MAIN_GAINTB 0x40000000 - #define AR_PHY_9285_ANT_DIV_MAIN_GAINTB_S 30 --#define AR_PHY_9285_ANT_DIV_LNA1 2 --#define AR_PHY_9285_ANT_DIV_LNA2 1 --#define AR_PHY_9285_ANT_DIV_LNA1_PLUS_LNA2 3 --#define AR_PHY_9285_ANT_DIV_LNA1_MINUS_LNA2 0 - #define AR_PHY_9285_ANT_DIV_GAINTB_0 0 - #define AR_PHY_9285_ANT_DIV_GAINTB_1 1 - -+#define ATH_BT_COEX_ANTDIV_CONTROL1_ENABLE 0x0b -+#define ATH_BT_COEX_ANTDIV_CONTROL2_ENABLE 0x09 -+#define ATH_BT_COEX_ANTDIV_CONTROL1_FIXED_A 0x04 -+#define ATH_BT_COEX_ANTDIV_CONTROL2_FIXED_A 0x09 -+#define ATH_BT_COEX_ANT_DIV_SWITCH_COM 0x66666666 -+ - #define AR_PHY_EXT_CCA0 0x99b8 - #define AR_PHY_EXT_CCA0_THRESH62 0x000000FF - #define AR_PHY_EXT_CCA0_THRESH62_S 0 ---- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c -@@ -3541,13 +3541,12 @@ static u16 ar9003_switch_com_spdt_get(st - return le16_to_cpu(ar9003_modal_header(ah, is2ghz)->switchcomspdt); - } - -- --static u32 ar9003_hw_ant_ctrl_common_get(struct ath_hw *ah, bool is2ghz) -+u32 ar9003_hw_ant_ctrl_common_get(struct ath_hw *ah, bool is2ghz) ++static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah, ++ int iqcal_idx, ++ bool is_reusable) { - return le32_to_cpu(ar9003_modal_header(ah, is2ghz)->antCtrlCommon); - } - --static u32 ar9003_hw_ant_ctrl_common_2_get(struct ath_hw *ah, bool is2ghz) -+u32 ar9003_hw_ant_ctrl_common_2_get(struct ath_hw *ah, bool is2ghz) - { - return le32_to_cpu(ar9003_modal_header(ah, is2ghz)->antCtrlCommon2); - } -@@ -3561,6 +3560,7 @@ static u16 ar9003_hw_ant_ctrl_chain_get( + struct ath_common *common = ath9k_hw_common(ah); + const u32 txiqcal_status[AR9300_MAX_CHAINS] = { +@@ -1004,10 +1072,11 @@ static void ar9003_hw_tx_iq_cal_post_pro + AR_PHY_CHAN_INFO_TAB_1, + AR_PHY_CHAN_INFO_TAB_2, + }; +- struct coeff coeff; ++ static struct coeff coeff; + s32 iq_res[6]; + int i, im, j; +- int nmeasurement; ++ int nmeasurement = 0; ++ bool outlier_detect = true; + + for (i = 0; i < AR9300_MAX_CHAINS; i++) { + if (!(ah->txchainmask & (1 << i))) +@@ -1065,17 +1134,23 @@ static void ar9003_hw_tx_iq_cal_post_pro + goto tx_iqcal_fail; + } - static void ar9003_hw_ant_ctrl_apply(struct ath_hw *ah, bool is2ghz) - { -+ struct ath_common *common = ath9k_hw_common(ah); - struct ath9k_hw_capabilities *pCap = &ah->caps; - int chain; - u32 regval, value, gpio; -@@ -3614,6 +3614,11 @@ static void ar9003_hw_ant_ctrl_apply(str +- coeff.mag_coeff[i][im] = coeff.iqc_coeff[0] & 0x7f; +- coeff.phs_coeff[i][im] = ++ coeff.phs_coeff[i][im][iqcal_idx] = ++ coeff.iqc_coeff[0] & 0x7f; ++ coeff.mag_coeff[i][im][iqcal_idx] = + (coeff.iqc_coeff[0] >> 7) & 0x7f; + +- if (coeff.mag_coeff[i][im] > 63) +- coeff.mag_coeff[i][im] -= 128; +- if (coeff.phs_coeff[i][im] > 63) +- coeff.phs_coeff[i][im] -= 128; ++ if (coeff.mag_coeff[i][im][iqcal_idx] > 63) ++ coeff.mag_coeff[i][im][iqcal_idx] -= 128; ++ if (coeff.phs_coeff[i][im][iqcal_idx] > 63) ++ coeff.phs_coeff[i][im][iqcal_idx] -= 128; + } } - - value = ar9003_hw_ant_ctrl_common_2_get(ah, is2ghz); -+ if (AR_SREV_9485(ah) && common->bt_ant_diversity) { -+ regval &= ~AR_SWITCH_TABLE_COM2_ALL; -+ regval |= ah->config.ant_ctrl_comm2g_switch_enable; +- ar9003_hw_tx_iqcal_load_avg_2_passes(ah, &coeff, is_reusable); + -+ } - REG_RMW_FIELD(ah, AR_PHY_SWITCH_COM_2, AR_SWITCH_TABLE_COM2_ALL, value); - - if ((AR_SREV_9462(ah)) && (ah->rxchainmask == 0x2)) { -@@ -3645,8 +3650,11 @@ static void ar9003_hw_ant_ctrl_apply(str - regval &= (~AR_PHY_ANT_DIV_LNADIV); - regval |= ((value >> 6) & 0x1) << AR_PHY_ANT_DIV_LNADIV_S; ++ if (AR_SREV_9550(ah)) ++ outlier_detect = ar955x_tx_iq_cal_median(ah, &coeff, ++ iqcal_idx, nmeasurement); ++ if (outlier_detect) ++ ar9003_hw_tx_iq_cal_outlier_detection(ah, &coeff, is_reusable); -+ if (AR_SREV_9485(ah) && common->bt_ant_diversity) -+ regval |= AR_ANT_DIV_ENABLE; -+ - if (AR_SREV_9565(ah)) { -- if (ah->shared_chain_lnadiv) { -+ if (common->bt_ant_diversity) { - regval |= (1 << AR_PHY_ANT_SW_RX_PROT_S); - } else { - regval &= ~(1 << AR_PHY_ANT_DIV_LNADIV_S); -@@ -3656,10 +3664,14 @@ static void ar9003_hw_ant_ctrl_apply(str - - REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); - -- /*enable fast_div */ -+ /* enable fast_div */ - regval = REG_READ(ah, AR_PHY_CCK_DETECT); - regval &= (~AR_FAST_DIV_ENABLE); - regval |= ((value >> 7) & 0x1) << AR_FAST_DIV_ENABLE_S; -+ -+ if (AR_SREV_9485(ah) && common->bt_ant_diversity) -+ regval |= AR_FAST_DIV_ENABLE; -+ - REG_WRITE(ah, AR_PHY_CCK_DETECT, regval); - - if (pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) { -@@ -3673,9 +3685,9 @@ static void ar9003_hw_ant_ctrl_apply(str - AR_PHY_ANT_DIV_ALT_GAINTB | - AR_PHY_ANT_DIV_MAIN_GAINTB)); - /* by default use LNA1 for the main antenna */ -- regval |= (AR_PHY_ANT_DIV_LNA1 << -+ regval |= (ATH_ANT_DIV_COMB_LNA1 << - AR_PHY_ANT_DIV_MAIN_LNACONF_S); -- regval |= (AR_PHY_ANT_DIV_LNA2 << -+ regval |= (ATH_ANT_DIV_COMB_LNA2 << - AR_PHY_ANT_DIV_ALT_LNACONF_S); - REG_WRITE(ah, AR_PHY_MC_GAIN_CTRL, regval); - } -@@ -3813,6 +3825,11 @@ static void ar9003_hw_atten_apply(struct - else - value = ar9003_hw_atten_chain_get_margin(ah, i, chan); - -+ if (ah->config.alt_mingainidx) -+ REG_RMW_FIELD(ah, AR_PHY_EXT_ATTEN_CTL_0, -+ AR_PHY_EXT_ATTEN_CTL_XATTEN1_MARGIN, -+ value); -+ - REG_RMW_FIELD(ah, ext_atten_reg[i], - AR_PHY_EXT_ATTEN_CTL_XATTEN1_MARGIN, - value); ---- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h -@@ -334,6 +334,8 @@ struct ar9300_eeprom { - - s32 ar9003_hw_get_tx_gain_idx(struct ath_hw *ah); - s32 ar9003_hw_get_rx_gain_idx(struct ath_hw *ah); -+u32 ar9003_hw_ant_ctrl_common_get(struct ath_hw *ah, bool is2ghz); -+u32 ar9003_hw_ant_ctrl_common_2_get(struct ath_hw *ah, bool is2ghz); - - u8 *ar9003_get_spur_chan_ptr(struct ath_hw *ah, bool is_2ghz); - ---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h -@@ -148,6 +148,8 @@ - #define AR_PHY_SFCORR_SPUR_SUBCHNL_SD_S 28 - #define AR_PHY_EXT_CCA_THRESH62 0x007F0000 - #define AR_PHY_EXT_CCA_THRESH62_S 16 -+#define AR_PHY_EXTCHN_PWRTHR1_ANT_DIV_ALT_ANT_MINGAINIDX 0x0000FF00 -+#define AR_PHY_EXTCHN_PWRTHR1_ANT_DIV_ALT_ANT_MINGAINIDX_S 8 - #define AR_PHY_EXT_MINCCA_PWR 0x01FF0000 - #define AR_PHY_EXT_MINCCA_PWR_S 16 - #define AR_PHY_EXT_CYCPWR_THR1 0x0000FE00L -@@ -296,11 +298,6 @@ - #define AR_PHY_ANT_DIV_MAIN_GAINTB 0x40000000 - #define AR_PHY_ANT_DIV_MAIN_GAINTB_S 30 - --#define AR_PHY_ANT_DIV_LNA1_MINUS_LNA2 0x0 --#define AR_PHY_ANT_DIV_LNA2 0x1 --#define AR_PHY_ANT_DIV_LNA1 0x2 --#define AR_PHY_ANT_DIV_LNA1_PLUS_LNA2 0x3 -- - #define AR_PHY_EXTCHN_PWRTHR1 (AR_AGC_BASE + 0x2c) - #define AR_PHY_EXT_CHN_WIN (AR_AGC_BASE + 0x30) - #define AR_PHY_20_40_DET_THR (AR_AGC_BASE + 0x34) ---- a/drivers/net/wireless/ath/ath9k/debug.h -+++ b/drivers/net/wireless/ath/ath9k/debug.h -@@ -28,9 +28,13 @@ struct fft_sample_tlv; - #ifdef CPTCFG_ATH9K_DEBUGFS - #define TX_STAT_INC(q, c) sc->debug.stats.txstats[q].c++ - #define RESET_STAT_INC(sc, type) sc->debug.stats.reset[type]++ -+#define ANT_STAT_INC(i, c) sc->debug.stats.ant_stats[i].c++ -+#define ANT_LNA_INC(i, c) sc->debug.stats.ant_stats[i].lna_recv_cnt[c]++; - #else - #define TX_STAT_INC(q, c) do { } while (0) - #define RESET_STAT_INC(sc, type) do { } while (0) -+#define ANT_STAT_INC(i, c) do { } while (0) -+#define ANT_LNA_INC(i, c) do { } while (0) - #endif + return; - enum ath_reset_type { -@@ -243,11 +247,22 @@ struct ath_rx_stats { - u32 rx_spectral; - }; +@@ -1409,7 +1484,7 @@ skip_tx_iqcal: + } -+#define ANT_MAIN 0 -+#define ANT_ALT 1 -+ -+struct ath_antenna_stats { -+ u32 recv_cnt; -+ u32 rssi_avg; -+ u32 lna_recv_cnt[4]; -+ u32 lna_attempt_cnt[4]; -+}; -+ - struct ath_stats { - struct ath_interrupt_stats istats; - struct ath_tx_stats txstats[ATH9K_NUM_TX_QUEUES]; - struct ath_rx_stats rxstats; - struct ath_dfs_stats dfs_stats; -+ struct ath_antenna_stats ant_stats[2]; - u32 reset[__RESET_TYPE_MAX]; - }; + if (txiqcal_done) +- ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable); ++ ar9003_hw_tx_iq_cal_post_proc(ah, 0, is_reusable); + else if (caldata && test_bit(TXIQCAL_DONE, &caldata->cal_flags)) + ar9003_hw_tx_iq_cal_reload(ah); -@@ -281,10 +296,11 @@ void ath9k_sta_remove_debugfs(struct iee - struct ieee80211_vif *vif, - struct ieee80211_sta *sta, - struct dentry *dir); -- - void ath_debug_send_fft_sample(struct ath_softc *sc, - struct fft_sample_tlv *fft_sample); -- -+void ath9k_debug_stat_ant(struct ath_softc *sc, -+ struct ath_hw_antcomb_conf *div_ant_conf, -+ int main_rssi_avg, int alt_rssi_avg); - #else - - #define RX_STAT_INC(c) /* NOP */ -@@ -297,12 +313,10 @@ static inline int ath9k_init_debug(struc - static inline void ath9k_deinit_debug(struct ath_softc *sc) - { - } -- - static inline void ath_debug_stat_interrupt(struct ath_softc *sc, - enum ath9k_int status) - { - } -- - static inline void ath_debug_stat_tx(struct ath_softc *sc, - struct ath_buf *bf, - struct ath_tx_status *ts, -@@ -310,11 +324,16 @@ static inline void ath_debug_stat_tx(str - unsigned int flags) - { - } -- - static inline void ath_debug_stat_rx(struct ath_softc *sc, - struct ath_rx_status *rs) - { +@@ -1455,14 +1530,38 @@ skip_tx_iqcal: + return true; } -+static inline void ath9k_debug_stat_ant(struct ath_softc *sc, -+ struct ath_hw_antcomb_conf *div_ant_conf, -+ int main_rssi_avg, int alt_rssi_avg) + ++static bool do_ar9003_agc_cal(struct ath_hw *ah) +{ ++ struct ath_common *common = ath9k_hw_common(ah); ++ bool status; ++ ++ REG_WRITE(ah, AR_PHY_AGC_CONTROL, ++ REG_READ(ah, AR_PHY_AGC_CONTROL) | ++ AR_PHY_AGC_CONTROL_CAL); ++ ++ status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL, ++ AR_PHY_AGC_CONTROL_CAL, ++ 0, AH_WAIT_TIMEOUT); ++ if (!status) { ++ ath_dbg(common, CALIBRATE, ++ "offset calibration failed to complete in %d ms," ++ "noisy environment?\n", ++ AH_WAIT_TIMEOUT / 1000); ++ return false; ++ } + ++ return true; +} - - #endif /* CPTCFG_ATH9K_DEBUGFS */ - ---- a/drivers/net/wireless/ath/ath9k/eeprom_4k.c -+++ b/drivers/net/wireless/ath/ath9k/eeprom_4k.c -@@ -812,6 +812,7 @@ static void ath9k_hw_4k_set_gain(struct - static void ath9k_hw_4k_set_board_values(struct ath_hw *ah, - struct ath9k_channel *chan) - { -+ struct ath9k_hw_capabilities *pCap = &ah->caps; - struct modal_eep_4k_header *pModal; - struct ar5416_eeprom_4k *eep = &ah->eeprom.map4k; - struct base_eep_header_4k *pBase = &eep->baseEepHeader; -@@ -858,6 +859,24 @@ static void ath9k_hw_4k_set_board_values - - REG_WRITE(ah, AR_PHY_CCK_DETECT, regVal); - regVal = REG_READ(ah, AR_PHY_CCK_DETECT); -+ -+ if (pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) { -+ /* -+ * If diversity combining is enabled, -+ * set MAIN to LNA1 and ALT to LNA2 initially. -+ */ -+ regVal = REG_READ(ah, AR_PHY_MULTICHAIN_GAIN_CTL); -+ regVal &= (~(AR_PHY_9285_ANT_DIV_MAIN_LNACONF | -+ AR_PHY_9285_ANT_DIV_ALT_LNACONF)); + -+ regVal |= (ATH_ANT_DIV_COMB_LNA1 << -+ AR_PHY_9285_ANT_DIV_MAIN_LNACONF_S); -+ regVal |= (ATH_ANT_DIV_COMB_LNA2 << -+ AR_PHY_9285_ANT_DIV_ALT_LNACONF_S); -+ regVal &= (~(AR_PHY_9285_FAST_DIV_BIAS)); -+ regVal |= (0 << AR_PHY_9285_FAST_DIV_BIAS_S); -+ REG_WRITE(ah, AR_PHY_MULTICHAIN_GAIN_CTL, regVal); + static bool ar9003_hw_init_cal_soc(struct ath_hw *ah, + struct ath9k_channel *chan) + { + struct ath_common *common = ath9k_hw_common(ah); + struct ath9k_hw_cal_data *caldata = ah->caldata; + bool txiqcal_done = false; +- bool is_reusable = true, status = true; ++ bool status = true; + bool run_agc_cal = false, sep_iq_cal = false; ++ int i = 0; + + /* Use chip chainmask only for calibration */ + ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask); +@@ -1485,7 +1584,12 @@ static bool ar9003_hw_init_cal_soc(struc + * AGC calibration. Specifically, AR9550 in SoC chips. + */ + if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) { +- txiqcal_done = true; ++ if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0, ++ AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) { ++ txiqcal_done = true; ++ } else { ++ txiqcal_done = false; ++ } + run_agc_cal = true; + } else { + sep_iq_cal = true; +@@ -1512,27 +1616,37 @@ skip_tx_iqcal: + if (AR_SREV_9330_11(ah)) + ar9003_hw_manual_peak_cal(ah, 0, IS_CHAN_2GHZ(chan)); + +- /* Calibrate the AGC */ +- REG_WRITE(ah, AR_PHY_AGC_CONTROL, +- REG_READ(ah, AR_PHY_AGC_CONTROL) | +- AR_PHY_AGC_CONTROL_CAL); +- +- /* Poll for offset calibration complete */ +- status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL, +- AR_PHY_AGC_CONTROL_CAL, +- 0, AH_WAIT_TIMEOUT); +- } ++ /* ++ * For non-AR9550 chips, we just trigger AGC calibration ++ * in the HW, poll for completion and then process ++ * the results. ++ * ++ * For AR955x, we run it multiple times and use ++ * median IQ correction. ++ */ ++ if (!AR_SREV_9550(ah)) { ++ status = do_ar9003_agc_cal(ah); ++ if (!status) ++ return false; + +- if (!status) { +- ath_dbg(common, CALIBRATE, +- "offset calibration failed to complete in %d ms; noisy environment?\n", +- AH_WAIT_TIMEOUT / 1000); +- return false; ++ if (txiqcal_done) ++ ar9003_hw_tx_iq_cal_post_proc(ah, 0, false); ++ } else { ++ if (!txiqcal_done) { ++ status = do_ar9003_agc_cal(ah); ++ if (!status) ++ return false; ++ } else { ++ for (i = 0; i < MAXIQCAL; i++) { ++ status = do_ar9003_agc_cal(ah); ++ if (!status) ++ return false; ++ ar9003_hw_tx_iq_cal_post_proc(ah, i, false); ++ } ++ } + } } - if (pModal->version >= 2) { ---- a/drivers/net/wireless/ath/ath9k/hw-ops.h -+++ b/drivers/net/wireless/ath/ath9k/hw-ops.h -@@ -78,13 +78,16 @@ static inline void ath9k_hw_antdiv_comb_ - ath9k_hw_ops(ah)->antdiv_comb_conf_set(ah, antconf); - } +- if (txiqcal_done) +- ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable); +- + /* Revert chainmask to runtime parameters */ + ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask); --static inline void ath9k_hw_antctrl_shared_chain_lnadiv(struct ath_hw *ah, -- bool enable) -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ -+static inline void ath9k_hw_set_bt_ant_diversity(struct ath_hw *ah, bool enable) - { -- if (ath9k_hw_ops(ah)->antctrl_shared_chain_lnadiv) -- ath9k_hw_ops(ah)->antctrl_shared_chain_lnadiv(ah, enable); -+ if (ath9k_hw_ops(ah)->set_bt_ant_diversity) -+ ath9k_hw_ops(ah)->set_bt_ant_diversity(ah, enable); - } +--- a/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h ++++ b/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h +@@ -15,6 +15,8 @@ + #ifndef RTL8187_H + #define RTL8187_H + ++#include ++ + #include "rtl818x.h" + #include "leds.h" + +@@ -139,7 +141,10 @@ struct rtl8187_priv { + u8 aifsn[4]; + u8 rfkill_mask; + struct { +- __le64 buf; ++ union { ++ __le64 buf; ++ u8 dummy1[L1_CACHE_BYTES]; ++ } ____cacheline_aligned; + struct sk_buff_head queue; + } b_tx_status; /* This queue is used by both -b and non-b devices */ + struct mutex io_mutex; +@@ -147,7 +152,8 @@ struct rtl8187_priv { + u8 bits8; + __le16 bits16; + __le32 bits32; +- } *io_dmabuf; ++ u8 dummy2[L1_CACHE_BYTES]; ++ } *io_dmabuf ____cacheline_aligned; + bool rfkill_off; + u16 seqno; + }; +--- a/net/mac80211/wme.c ++++ b/net/mac80211/wme.c +@@ -154,6 +154,11 @@ u16 ieee80211_select_queue(struct ieee80 + return IEEE80211_AC_BE; + } -+#endif ++ if (skb->protocol == sdata->control_port_protocol) { ++ skb->priority = 7; ++ return ieee80211_downgrade_queue(sdata, skb); ++ } + - /* Private hardware call ops */ - - /* PHY ops */ ---- a/drivers/net/wireless/ath/ath9k/hw.c -+++ b/drivers/net/wireless/ath/ath9k/hw.c -@@ -450,7 +450,6 @@ static void ath9k_hw_init_config(struct - ah->config.ack_6mb = 0x0; - ah->config.cwm_ignore_extcca = 0; - ah->config.pcie_clock_req = 0; -- ah->config.pcie_waen = 0; - ah->config.analog_shiftreg = 1; - - for (i = 0; i < AR_EEPROM_MODAL_SPURS; i++) { -@@ -1069,7 +1068,7 @@ void ath9k_hw_init_global_settings(struc - if (IS_CHAN_A_FAST_CLOCK(ah, chan)) - tx_lat += 11; - -- sifstime *= 2; -+ sifstime = 32; - ack_offset = 16; - slottime = 13; - } else if (IS_CHAN_QUARTER_RATE(chan)) { -@@ -1079,7 +1078,7 @@ void ath9k_hw_init_global_settings(struc - if (IS_CHAN_A_FAST_CLOCK(ah, chan)) - tx_lat += 22; - -- sifstime *= 4; -+ sifstime = 64; - ack_offset = 32; - slottime = 21; - } else { -@@ -1116,7 +1115,6 @@ void ath9k_hw_init_global_settings(struc - ctstimeout += 48 - sifstime - ah->slottime; - } + /* use the data classifier to determine what 802.1d tag the + * data frame has */ + rcu_read_lock(); +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -1444,14 +1444,16 @@ void ath_tx_aggr_sleep(struct ieee80211_ + for (tidno = 0, tid = &an->tid[tidno]; + tidno < IEEE80211_NUM_TIDS; tidno++, tid++) { +- if (!tid->sched) +- continue; - - ath9k_hw_set_sifs_time(ah, sifstime); - ath9k_hw_setslottime(ah, slottime); - ath9k_hw_set_ack_timeout(ah, acktimeout); -@@ -1496,16 +1494,18 @@ static bool ath9k_hw_channel_change(stru - struct ath9k_channel *chan) - { - struct ath_common *common = ath9k_hw_common(ah); -+ struct ath9k_hw_capabilities *pCap = &ah->caps; -+ bool band_switch = false, mode_diff = false; -+ u8 ini_reloaded = 0; - u32 qnum; - int r; -- bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA); -- bool band_switch, mode_diff; -- u8 ini_reloaded; -- -- band_switch = (chan->channelFlags & (CHANNEL_2GHZ | CHANNEL_5GHZ)) != -- (ah->curchan->channelFlags & (CHANNEL_2GHZ | -- CHANNEL_5GHZ)); -- mode_diff = (chan->chanmode != ah->curchan->chanmode); + ac = tid->ac; + txq = ac->txq; + + ath_txq_lock(sc, txq); + ++ if (!tid->sched) { ++ ath_txq_unlock(sc, txq); ++ continue; ++ } + -+ if (pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH) { -+ u32 cur = ah->curchan->channelFlags & (CHANNEL_2GHZ | CHANNEL_5GHZ); -+ u32 new = chan->channelFlags & (CHANNEL_2GHZ | CHANNEL_5GHZ); -+ band_switch = (cur != new); -+ mode_diff = (chan->chanmode != ah->curchan->chanmode); -+ } + buffered = ath_tid_has_buffered(tid); - for (qnum = 0; qnum < AR_NUM_QCU; qnum++) { - if (ath9k_hw_numtxpending(ah, qnum)) { -@@ -1520,11 +1520,12 @@ static bool ath9k_hw_channel_change(stru - return false; + tid->sched = false; +@@ -2184,14 +2186,15 @@ int ath_tx_start(struct ieee80211_hw *hw + txq->stopped = true; } -- if (edma && (band_switch || mode_diff)) { -+ if (band_switch || mode_diff) { - ath9k_hw_mark_phy_inactive(ah); - udelay(5); ++ if (txctl->an) ++ tid = ath_get_skb_tid(sc, txctl->an, skb); ++ + if (info->flags & IEEE80211_TX_CTL_PS_RESPONSE) { + ath_txq_unlock(sc, txq); + txq = sc->tx.uapsdq; + ath_txq_lock(sc, txq); + } else if (txctl->an && + ieee80211_is_data_present(hdr->frame_control)) { +- tid = ath_get_skb_tid(sc, txctl->an, skb); +- + WARN_ON(tid->ac->txq != txctl->txq); -- ath9k_hw_init_pll(ah, NULL); -+ if (band_switch) -+ ath9k_hw_init_pll(ah, chan); + if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) +--- a/drivers/net/wireless/ath/ath9k/init.c ++++ b/drivers/net/wireless/ath/ath9k/init.c +@@ -943,6 +943,7 @@ static void ath9k_set_hw_capab(struct at + hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL; + hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_5_10_MHZ; + hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH; ++ hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD; + + hw->queues = 4; + hw->max_rates = 4; +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -1700,14 +1700,8 @@ void ieee80211_stop_queue_by_reason(stru + void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue); + void ieee80211_add_pending_skb(struct ieee80211_local *local, + struct sk_buff *skb); +-void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, +- struct sk_buff_head *skbs, +- void (*fn)(void *data), void *data); +-static inline void ieee80211_add_pending_skbs(struct ieee80211_local *local, +- struct sk_buff_head *skbs) +-{ +- ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL); +-} ++void ieee80211_add_pending_skbs(struct ieee80211_local *local, ++ struct sk_buff_head *skbs); + void ieee80211_flush_queues(struct ieee80211_local *local, + struct ieee80211_sub_if_data *sdata); - if (ath9k_hw_fast_chan_change(ah, chan, &ini_reloaded)) { - ath_err(common, "Failed to do fast channel change\n"); -@@ -1541,22 +1542,21 @@ static bool ath9k_hw_channel_change(stru - } - ath9k_hw_set_clockrate(ah); - ath9k_hw_apply_txpower(ah, chan, false); -- ath9k_hw_rfbus_done(ah); - - if (IS_CHAN_OFDM(chan) || IS_CHAN_HT(chan)) - ath9k_hw_set_delta_slope(ah, chan); - - ath9k_hw_spur_mitigate_freq(ah, chan); - -- if (edma && (band_switch || mode_diff)) { -- ah->ah_flags |= AH_FASTCC; -- if (band_switch || ini_reloaded) -- ah->eep_ops->set_board_values(ah, chan); -+ if (band_switch || ini_reloaded) -+ ah->eep_ops->set_board_values(ah, chan); - -- ath9k_hw_init_bb(ah, chan); -+ ath9k_hw_init_bb(ah, chan); -+ ath9k_hw_rfbus_done(ah); - -- if (band_switch || ini_reloaded) -- ath9k_hw_init_cal(ah, chan); -+ if (band_switch || ini_reloaded) { -+ ah->ah_flags |= AH_FASTCC; -+ ath9k_hw_init_cal(ah, chan); - ah->ah_flags &= ~AH_FASTCC; - } +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -91,7 +91,7 @@ static int sta_info_hash_del(struct ieee + return -ENOENT; + } -@@ -1778,16 +1778,11 @@ static void ath9k_hw_init_desc(struct at - /* - * Fast channel change: - * (Change synthesizer based on channel freq without resetting chip) -- * -- * Don't do FCC when -- * - Flag is not set -- * - Chip is just coming out of full sleep -- * - Channel to be set is same as current channel -- * - Channel flags are different, (eg.,moving from 2GHz to 5GHz channel) - */ - static int ath9k_hw_do_fastcc(struct ath_hw *ah, struct ath9k_channel *chan) +-static void cleanup_single_sta(struct sta_info *sta) ++static void __cleanup_single_sta(struct sta_info *sta) { - struct ath_common *common = ath9k_hw_common(ah); -+ struct ath9k_hw_capabilities *pCap = &ah->caps; - int ret; - - if (AR_SREV_9280(ah) && common->bus_ops->ath_bus_type == ATH_PCI) -@@ -1806,9 +1801,21 @@ static int ath9k_hw_do_fastcc(struct ath - (CHANNEL_HALF | CHANNEL_QUARTER)) - goto fail; + int ac, i; + struct tid_ampdu_tx *tid_tx; +@@ -99,7 +99,8 @@ static void cleanup_single_sta(struct st + struct ieee80211_local *local = sdata->local; + struct ps_data *ps; + +- if (test_sta_flag(sta, WLAN_STA_PS_STA)) { ++ if (test_sta_flag(sta, WLAN_STA_PS_STA) || ++ test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { + if (sta->sdata->vif.type == NL80211_IFTYPE_AP || + sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) + ps = &sdata->bss->ps; +@@ -109,6 +110,7 @@ static void cleanup_single_sta(struct st + return; -- if ((chan->channelFlags & CHANNEL_ALL) != -- (ah->curchan->channelFlags & CHANNEL_ALL)) -- goto fail; -+ /* -+ * If cross-band fcc is not supoprted, bail out if -+ * either channelFlags or chanmode differ. -+ * -+ * chanmode will be different if the HT operating mode -+ * changes because of CSA. -+ */ -+ if (!(pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH)) { -+ if ((chan->channelFlags & CHANNEL_ALL) != -+ (ah->curchan->channelFlags & CHANNEL_ALL)) -+ goto fail; -+ -+ if (chan->chanmode != ah->curchan->chanmode) -+ goto fail; -+ } + clear_sta_flag(sta, WLAN_STA_PS_STA); ++ clear_sta_flag(sta, WLAN_STA_PS_DRIVER); - if (!ath9k_hw_check_alive(ah)) - goto fail; -@@ -2047,7 +2054,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st + atomic_dec(&ps->num_sta_ps); + sta_info_recalc_tim(sta); +@@ -139,7 +141,14 @@ static void cleanup_single_sta(struct st + ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending); + kfree(tid_tx); + } ++} - ath9k_hw_apply_gpio_override(ah); ++static void cleanup_single_sta(struct sta_info *sta) ++{ ++ struct ieee80211_sub_if_data *sdata = sta->sdata; ++ struct ieee80211_local *local = sdata->local; ++ ++ __cleanup_single_sta(sta); + sta_info_free(local, sta); + } -- if (AR_SREV_9565(ah) && ah->shared_chain_lnadiv) -+ if (AR_SREV_9565(ah) && common->bt_ant_diversity) - REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON); +@@ -330,6 +339,7 @@ struct sta_info *sta_info_alloc(struct i + rcu_read_unlock(); - return 0; -@@ -2550,34 +2557,28 @@ int ath9k_hw_fill_cap_info(struct ath_hw - if (AR_SREV_9287_11_OR_LATER(ah) || AR_SREV_9271(ah)) - pCap->hw_caps |= ATH9K_HW_CAP_SGI_20; - -- if (AR_SREV_9285(ah)) -+ if (AR_SREV_9285(ah)) { - if (ah->eep_ops->get_eeprom(ah, EEP_MODAL_VER) >= 3) { - ant_div_ctl1 = - ah->eep_ops->get_eeprom(ah, EEP_ANT_DIV_CTL1); -- if ((ant_div_ctl1 & 0x1) && ((ant_div_ctl1 >> 3) & 0x1)) -+ if ((ant_div_ctl1 & 0x1) && ((ant_div_ctl1 >> 3) & 0x1)) { - pCap->hw_caps |= ATH9K_HW_CAP_ANT_DIV_COMB; -+ ath_info(common, "Enable LNA combining\n"); -+ } - } -+ } -+ - if (AR_SREV_9300_20_OR_LATER(ah)) { - if (ah->eep_ops->get_eeprom(ah, EEP_CHAIN_MASK_REDUCE)) - pCap->hw_caps |= ATH9K_HW_CAP_APM; + spin_lock_init(&sta->lock); ++ spin_lock_init(&sta->ps_lock); + INIT_WORK(&sta->drv_unblock_wk, sta_unblock); + INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); + mutex_init(&sta->ampdu_mlme.mtx); +@@ -487,21 +497,26 @@ static int sta_info_insert_finish(struct + goto out_err; } +- /* notify driver */ +- err = sta_info_insert_drv_state(local, sdata, sta); +- if (err) +- goto out_err; - - if (AR_SREV_9330(ah) || AR_SREV_9485(ah) || AR_SREV_9565(ah)) { - ant_div_ctl1 = ah->eep_ops->get_eeprom(ah, EEP_ANT_DIV_CTL1); -- /* -- * enable the diversity-combining algorithm only when -- * both enable_lna_div and enable_fast_div are set -- * Table for Diversity -- * ant_div_alt_lnaconf bit 0-1 -- * ant_div_main_lnaconf bit 2-3 -- * ant_div_alt_gaintb bit 4 -- * ant_div_main_gaintb bit 5 -- * enable_ant_div_lnadiv bit 6 -- * enable_ant_fast_div bit 7 -- */ -- if ((ant_div_ctl1 >> 0x6) == 0x3) -+ if ((ant_div_ctl1 >> 0x6) == 0x3) { - pCap->hw_caps |= ATH9K_HW_CAP_ANT_DIV_COMB; -+ ath_info(common, "Enable LNA combining\n"); -+ } - } + local->num_sta++; + local->sta_generation++; + smp_mb(); + ++ /* simplify things and don't accept BA sessions yet */ ++ set_sta_flag(sta, WLAN_STA_BLOCK_BA); ++ + /* make the station visible */ + sta_info_hash_add(local, sta); - if (ath9k_hw_dfs_tested(ah)) -@@ -2610,6 +2611,13 @@ int ath9k_hw_fill_cap_info(struct ath_hw - ah->eep_ops->get_eeprom(ah, EEP_PAPRD)) - pCap->hw_caps |= ATH9K_HW_CAP_PAPRD; + list_add_rcu(&sta->list, &local->sta_list); -+ /* -+ * Fast channel change across bands is available -+ * only for AR9462 and AR9565. -+ */ -+ if (AR_SREV_9462(ah) || AR_SREV_9565(ah)) -+ pCap->hw_caps |= ATH9K_HW_CAP_FCC_BAND_SWITCH; ++ /* notify driver */ ++ err = sta_info_insert_drv_state(local, sdata, sta); ++ if (err) ++ goto out_remove; + + set_sta_flag(sta, WLAN_STA_INSERTED); ++ /* accept BA sessions now */ ++ clear_sta_flag(sta, WLAN_STA_BLOCK_BA); + + ieee80211_recalc_min_chandef(sdata); + ieee80211_sta_debugfs_add(sta); +@@ -522,6 +537,12 @@ static int sta_info_insert_finish(struct + mesh_accept_plinks_update(sdata); + return 0; ++ out_remove: ++ sta_info_hash_del(local, sta); ++ list_del_rcu(&sta->list); ++ local->num_sta--; ++ synchronize_net(); ++ __cleanup_single_sta(sta); + out_err: + mutex_unlock(&local->sta_mtx); + rcu_read_lock(); +@@ -1071,10 +1092,14 @@ struct ieee80211_sta *ieee80211_find_sta } + EXPORT_SYMBOL(ieee80211_find_sta); ---- a/drivers/net/wireless/ath/ath9k/hw.h -+++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -247,6 +247,8 @@ enum ath9k_hw_caps { - ATH9K_HW_CAP_DFS = BIT(16), - ATH9K_HW_WOW_DEVICE_CAPABLE = BIT(17), - ATH9K_HW_CAP_PAPRD = BIT(18), -+ ATH9K_HW_CAP_FCC_BAND_SWITCH = BIT(19), -+ ATH9K_HW_CAP_BT_ANT_DIV = BIT(20), - }; +-static void clear_sta_ps_flags(void *_sta) ++/* powersave support code */ ++void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) + { +- struct sta_info *sta = _sta; + struct ieee80211_sub_if_data *sdata = sta->sdata; ++ struct ieee80211_local *local = sdata->local; ++ struct sk_buff_head pending; ++ int filtered = 0, buffered = 0, ac; ++ unsigned long flags; + struct ps_data *ps; - /* -@@ -309,8 +311,11 @@ struct ath9k_ops_config { - u16 ani_poll_interval; /* ANI poll interval in ms */ + if (sdata->vif.type == NL80211_IFTYPE_AP || +@@ -1085,20 +1110,6 @@ static void clear_sta_ps_flags(void *_st + else + return; - /* Platform specific config */ -+ u32 aspm_l1_fix; - u32 xlna_gpio; -+ u32 ant_ctrl_comm2g_switch_enable; - bool xatten_margin_cfg; -+ bool alt_mingainidx; - }; +- clear_sta_flag(sta, WLAN_STA_PS_DRIVER); +- if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA)) +- atomic_dec(&ps->num_sta_ps); +-} +- +-/* powersave support code */ +-void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) +-{ +- struct ieee80211_sub_if_data *sdata = sta->sdata; +- struct ieee80211_local *local = sdata->local; +- struct sk_buff_head pending; +- int filtered = 0, buffered = 0, ac; +- unsigned long flags; +- + clear_sta_flag(sta, WLAN_STA_SP); - enum ath9k_int { -@@ -716,11 +721,14 @@ struct ath_hw_ops { - struct ath_hw_antcomb_conf *antconf); - void (*antdiv_comb_conf_set)(struct ath_hw *ah, - struct ath_hw_antcomb_conf *antconf); -- void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable); - void (*spectral_scan_config)(struct ath_hw *ah, - struct ath_spec_scan *param); - void (*spectral_scan_trigger)(struct ath_hw *ah); - void (*spectral_scan_wait)(struct ath_hw *ah); -+ -+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT -+ void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable); -+#endif - }; + BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1); +@@ -1109,6 +1120,8 @@ void ieee80211_sta_ps_deliver_wakeup(str - struct ath_nf_limits { -@@ -765,7 +773,6 @@ struct ath_hw { - bool aspm_enabled; - bool is_monitoring; - bool need_an_top2_fixup; -- bool shared_chain_lnadiv; - u16 tx_trig_level; - - u32 nf_regs[6]; ---- a/drivers/net/wireless/ath/ath9k/pci.c -+++ b/drivers/net/wireless/ath/ath9k/pci.c -@@ -29,6 +29,60 @@ static DEFINE_PCI_DEVICE_TABLE(ath_pci_i - { PCI_VDEVICE(ATHEROS, 0x0027) }, /* PCI */ - { PCI_VDEVICE(ATHEROS, 0x0029) }, /* PCI */ - { PCI_VDEVICE(ATHEROS, 0x002A) }, /* PCI-E */ -+ -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ PCI_VENDOR_ID_AZWAVE, -+ 0x1C71), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ PCI_VENDOR_ID_FOXCONN, -+ 0xE01F), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x11AD, /* LITEON */ -+ 0x6632), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x11AD, /* LITEON */ -+ 0x6642), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ PCI_VENDOR_ID_QMI, -+ 0x0306), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x185F, /* WNC */ -+ 0x309D), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x10CF, /* Fujitsu */ -+ 0x147C), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x10CF, /* Fujitsu */ -+ 0x147D), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002A, -+ 0x10CF, /* Fujitsu */ -+ 0x1536), -+ .driver_data = ATH9K_PCI_D3_L1_WAR }, -+ -+ /* AR9285 card for Asus */ -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x002B, -+ PCI_VENDOR_ID_AZWAVE, -+ 0x2C37), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ - { PCI_VDEVICE(ATHEROS, 0x002B) }, /* PCI-E */ - { PCI_VDEVICE(ATHEROS, 0x002C) }, /* PCI-E 802.11n bonded out */ - { PCI_VDEVICE(ATHEROS, 0x002D) }, /* PCI */ -@@ -40,29 +94,106 @@ static DEFINE_PCI_DEVICE_TABLE(ath_pci_i - 0x0032, - PCI_VENDOR_ID_AZWAVE, - 0x2086), -- .driver_data = ATH9K_PCI_CUS198 }, -+ .driver_data = ATH9K_PCI_CUS198 | ATH9K_PCI_BT_ANT_DIV }, - { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, - 0x0032, - PCI_VENDOR_ID_AZWAVE, - 0x1237), -- .driver_data = ATH9K_PCI_CUS198 }, -+ .driver_data = ATH9K_PCI_CUS198 | ATH9K_PCI_BT_ANT_DIV }, - { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, - 0x0032, - PCI_VENDOR_ID_AZWAVE, - 0x2126), -- .driver_data = ATH9K_PCI_CUS198 }, -+ .driver_data = ATH9K_PCI_CUS198 | ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_AZWAVE, -+ 0x126A), -+ .driver_data = ATH9K_PCI_CUS198 | ATH9K_PCI_BT_ANT_DIV }, - - /* PCI-E CUS230 */ - { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, - 0x0032, - PCI_VENDOR_ID_AZWAVE, - 0x2152), -- .driver_data = ATH9K_PCI_CUS230 }, -+ .driver_data = ATH9K_PCI_CUS230 | ATH9K_PCI_BT_ANT_DIV }, - { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, - 0x0032, - PCI_VENDOR_ID_FOXCONN, - 0xE075), -- .driver_data = ATH9K_PCI_CUS230 }, -+ .driver_data = ATH9K_PCI_CUS230 | ATH9K_PCI_BT_ANT_DIV }, -+ -+ /* WB225 */ -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_ATHEROS, -+ 0x3119), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_ATHEROS, -+ 0x3122), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ 0x185F, /* WNC */ -+ 0x3119), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ 0x185F, /* WNC */ -+ 0x3027), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0x4105), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0x4106), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0x410D), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0x410E), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0x410F), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0xC706), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0xC680), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_SAMSUNG, -+ 0xC708), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_LENOVO, -+ 0x3218), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ATHEROS, -+ 0x0032, -+ PCI_VENDOR_ID_LENOVO, -+ 0x3219), -+ .driver_data = ATH9K_PCI_BT_ANT_DIV }, - - { PCI_VDEVICE(ATHEROS, 0x0032) }, /* PCI-E AR9485 */ - { PCI_VDEVICE(ATHEROS, 0x0033) }, /* PCI-E AR9580 */ -@@ -229,6 +360,22 @@ static void ath_pci_aspm_init(struct ath - return; - } + skb_queue_head_init(&pending); -+ /* -+ * 0x70c - Ack Frequency Register. -+ * -+ * Bits 27:29 - DEFAULT_L1_ENTRANCE_LATENCY. -+ * -+ * 000 : 1 us -+ * 001 : 2 us -+ * 010 : 4 us -+ * 011 : 8 us -+ * 100 : 16 us -+ * 101 : 32 us -+ * 110/111 : 64 us -+ */ -+ if (AR_SREV_9462(ah)) -+ pci_read_config_dword(pdev, 0x70c, &ah->config.aspm_l1_fix); -+ - pcie_capability_read_word(parent, PCI_EXP_LNKCTL, &aspm); - if (aspm & (PCI_EXP_LNKCTL_ASPM_L0S | PCI_EXP_LNKCTL_ASPM_L1)) { - ah->aspm_enabled = true; ---- a/drivers/net/wireless/ath/ath9k/phy.h -+++ b/drivers/net/wireless/ath/ath9k/phy.h -@@ -48,4 +48,11 @@ - #define AR_PHY_PLL_CONTROL 0x16180 - #define AR_PHY_PLL_MODE 0x16184 - -+enum ath9k_ant_div_comb_lna_conf { -+ ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2, -+ ATH_ANT_DIV_COMB_LNA2, -+ ATH_ANT_DIV_COMB_LNA1, -+ ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2, -+}; -+ - #endif ---- a/drivers/net/wireless/iwlwifi/mvm/time-event.c -+++ b/drivers/net/wireless/iwlwifi/mvm/time-event.c -@@ -73,7 +73,6 @@ - #include "iwl-prph.h" - - /* A TimeUnit is 1024 microsecond */ --#define TU_TO_JIFFIES(_tu) (usecs_to_jiffies((_tu) * 1024)) - #define MSEC_TO_TU(_msec) (_msec*1000/1024) - - /* -@@ -191,8 +190,7 @@ static void iwl_mvm_te_handle_notif(stru - iwl_mvm_te_clear_data(mvm, te_data); - } else if (le32_to_cpu(notif->action) & TE_NOTIF_HOST_EVENT_START) { - te_data->running = true; -- te_data->end_jiffies = jiffies + -- TU_TO_JIFFIES(te_data->duration); -+ te_data->end_jiffies = TU_TO_EXP_TIME(te_data->duration); - - if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) { - set_bit(IWL_MVM_STATUS_ROC_RUNNING, &mvm->status); -@@ -329,8 +327,7 @@ void iwl_mvm_protect_session(struct iwl_ - lockdep_assert_held(&mvm->mutex); - - if (te_data->running && -- time_after(te_data->end_jiffies, -- jiffies + TU_TO_JIFFIES(min_duration))) { -+ time_after(te_data->end_jiffies, TU_TO_EXP_TIME(min_duration))) { - IWL_DEBUG_TE(mvm, "We have enough time in the current TE: %u\n", - jiffies_to_msecs(te_data->end_jiffies - jiffies)); - return; ---- a/include/linux/ieee80211.h -+++ b/include/linux/ieee80211.h -@@ -2279,4 +2279,8 @@ static inline bool ieee80211_check_tim(c - return !!(tim->virtual_map[index] & mask); - } ++ /* sync with ieee80211_tx_h_unicast_ps_buf */ ++ spin_lock(&sta->ps_lock); + /* Send all buffered frames to the station */ + for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { + int count = skb_queue_len(&pending), tmp; +@@ -1127,7 +1140,12 @@ void ieee80211_sta_ps_deliver_wakeup(str + buffered += tmp - count; + } -+/* convert time units */ -+#define TU_TO_JIFFIES(x) (usecs_to_jiffies((x) * 1024)) -+#define TU_TO_EXP_TIME(x) (jiffies + TU_TO_JIFFIES(x)) +- ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta); ++ ieee80211_add_pending_skbs(local, &pending); ++ clear_sta_flag(sta, WLAN_STA_PS_DRIVER); ++ clear_sta_flag(sta, WLAN_STA_PS_STA); ++ spin_unlock(&sta->ps_lock); + - #endif /* LINUX_IEEE80211_H */ ---- a/net/mac80211/rate.c -+++ b/net/mac80211/rate.c -@@ -210,7 +210,7 @@ static bool rc_no_data_or_no_ack_use_min - !ieee80211_is_data(fc); - } ++ atomic_dec(&ps->num_sta_ps); --static void rc_send_low_broadcast(s8 *idx, u32 basic_rates, -+static void rc_send_low_basicrate(s8 *idx, u32 basic_rates, - struct ieee80211_supported_band *sband) - { - u8 i; -@@ -272,28 +272,37 @@ static void __rate_control_send_low(stru - } + /* This station just woke up and isn't aware of our SMPS state */ + if (!ieee80211_smps_is_restrictive(sta->known_smps_mode, +--- a/net/mac80211/sta_info.h ++++ b/net/mac80211/sta_info.h +@@ -267,6 +267,7 @@ struct ieee80211_tx_latency_stat { + * @drv_unblock_wk: used for driver PS unblocking + * @listen_interval: listen interval of this station, when we're acting as AP + * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly ++ * @ps_lock: used for powersave (when mac80211 is the AP) related locking + * @ps_tx_buf: buffers (per AC) of frames to transmit to this station + * when it leaves power saving state or polls + * @tx_filtered: buffers (per AC) of frames we already tried to +@@ -356,10 +357,8 @@ struct sta_info { + /* use the accessors defined below */ + unsigned long _flags; +- /* +- * STA powersave frame queues, no more than the internal +- * locking required. +- */ ++ /* STA powersave lock and frame queues */ ++ spinlock_t ps_lock; + struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS]; + struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS]; + unsigned long driver_buffered_tids; +--- a/net/mac80211/util.c ++++ b/net/mac80211/util.c +@@ -435,9 +435,8 @@ void ieee80211_add_pending_skb(struct ie + spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + } + +-void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, +- struct sk_buff_head *skbs, +- void (*fn)(void *data), void *data) ++void ieee80211_add_pending_skbs(struct ieee80211_local *local, ++ struct sk_buff_head *skbs) + { + struct ieee80211_hw *hw = &local->hw; + struct sk_buff *skb; +@@ -461,9 +460,6 @@ void ieee80211_add_pending_skbs_fn(struc + __skb_queue_tail(&local->pending[queue], skb); + } --bool rate_control_send_low(struct ieee80211_sta *sta, -+bool rate_control_send_low(struct ieee80211_sta *pubsta, - void *priv_sta, - struct ieee80211_tx_rate_control *txrc) - { - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); - struct ieee80211_supported_band *sband = txrc->sband; -+ struct sta_info *sta; - int mcast_rate; -+ bool use_basicrate = false; - -- if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { -- __rate_control_send_low(txrc->hw, sband, sta, info); -+ if (!pubsta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { -+ __rate_control_send_low(txrc->hw, sband, pubsta, info); - -- if (!sta && txrc->bss) { -+ if (!pubsta && txrc->bss) { - mcast_rate = txrc->bss_conf->mcast_rate[sband->band]; - if (mcast_rate > 0) { - info->control.rates[0].idx = mcast_rate - 1; - return true; - } -+ use_basicrate = true; -+ } else if (pubsta) { -+ sta = container_of(pubsta, struct sta_info, sta); -+ if (ieee80211_vif_is_mesh(&sta->sdata->vif)) -+ use_basicrate = true; -+ } +- if (fn) +- fn(data); +- + for (i = 0; i < hw->queues; i++) + __ieee80211_wake_queue(hw, i, + IEEE80211_QUEUE_STOP_REASON_SKB_ADD); +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -1700,7 +1700,7 @@ static void reg_process_hint(struct regu + return; + case NL80211_REGDOM_SET_BY_USER: + treatment = reg_process_hint_user(reg_request); +- if (treatment == REG_REQ_OK || ++ if (treatment == REG_REQ_IGNORE || + treatment == REG_REQ_ALREADY_SET) + return; + schedule_delayed_work(®_timeout, msecs_to_jiffies(3142)); +--- a/drivers/net/wireless/ath/ath9k/debug.c ++++ b/drivers/net/wireless/ath/ath9k/debug.c +@@ -866,6 +866,12 @@ static ssize_t read_file_reset(struct fi + "%17s: %2d\n", "PLL RX Hang", + sc->debug.stats.reset[RESET_TYPE_PLL_HANG]); + len += scnprintf(buf + len, sizeof(buf) - len, ++ "%17s: %2d\n", "MAC Hang", ++ sc->debug.stats.reset[RESET_TYPE_MAC_HANG]); ++ len += scnprintf(buf + len, sizeof(buf) - len, ++ "%17s: %2d\n", "Stuck Beacon", ++ sc->debug.stats.reset[RESET_TYPE_BEACON_STUCK]); ++ len += scnprintf(buf + len, sizeof(buf) - len, + "%17s: %2d\n", "MCI Reset", + sc->debug.stats.reset[RESET_TYPE_MCI]); -- rc_send_low_broadcast(&info->control.rates[0].idx, -+ if (use_basicrate) -+ rc_send_low_basicrate(&info->control.rates[0].idx, - txrc->bss_conf->basic_rates, - sband); -- } -+ - return true; - } - return false; ---- a/drivers/net/wireless/ath/ath9k/Kconfig -+++ b/drivers/net/wireless/ath/ath9k/Kconfig -@@ -60,7 +60,7 @@ config ATH9K_AHB - - config ATH9K_DEBUGFS - bool "Atheros ath9k debugging" -- depends on ATH9K -+ depends on ATH9K && DEBUG_FS - select MAC80211_DEBUGFS - depends on RELAY - ---help--- ---- a/drivers/net/wireless/ath/ath9k/ar9002_hw.c -+++ b/drivers/net/wireless/ath/ath9k/ar9002_hw.c -@@ -269,13 +269,12 @@ static void ar9002_hw_configpcipowersave - if (ah->config.pcie_waen & AR_WA_D3_L1_DISABLE) - val |= AR_WA_D3_L1_DISABLE; - } else { -- if (((AR_SREV_9285(ah) || -- AR_SREV_9271(ah) || -- AR_SREV_9287(ah)) && -- (AR9285_WA_DEFAULT & AR_WA_D3_L1_DISABLE)) || -- (AR_SREV_9280(ah) && -- (AR9280_WA_DEFAULT & AR_WA_D3_L1_DISABLE))) { -- val |= AR_WA_D3_L1_DISABLE; -+ if (AR_SREV_9285(ah) || AR_SREV_9271(ah) || AR_SREV_9287(ah)) { -+ if (AR9285_WA_DEFAULT & AR_WA_D3_L1_DISABLE) -+ val |= AR_WA_D3_L1_DISABLE; -+ } else if (AR_SREV_9280(ah)) { -+ if (AR9280_WA_DEFAULT & AR_WA_D3_L1_DISABLE) -+ val |= AR_WA_D3_L1_DISABLE; - } - } +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +@@ -868,10 +868,6 @@ static void ar9003_hw_set_rfmode(struct + + if (IS_CHAN_A_FAST_CLOCK(ah, chan)) + rfMode |= (AR_PHY_MODE_DYNAMIC | AR_PHY_MODE_DYN_CCK_DISABLE); +- if (IS_CHAN_QUARTER_RATE(chan)) +- rfMode |= AR_PHY_MODE_QUARTER; +- if (IS_CHAN_HALF_RATE(chan)) +- rfMode |= AR_PHY_MODE_HALF; + + if (rfMode & (AR_PHY_MODE_QUARTER | AR_PHY_MODE_HALF)) + REG_RMW_FIELD(ah, AR_PHY_FRAME_CTL, +--- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c ++++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c +@@ -706,6 +706,7 @@ ath5k_get_survey(struct ieee80211_hw *hw + survey->channel = conf->chandef.chan; + survey->noise = ah->ah_noise_floor; + survey->filled = SURVEY_INFO_NOISE_DBM | ++ SURVEY_INFO_IN_USE | + SURVEY_INFO_CHANNEL_TIME | + SURVEY_INFO_CHANNEL_TIME_BUSY | + SURVEY_INFO_CHANNEL_TIME_RX | +--- a/drivers/net/wireless/ath/ath9k/recv.c ++++ b/drivers/net/wireless/ath/ath9k/recv.c +@@ -732,11 +732,18 @@ static struct ath_rxbuf *ath_get_next_rx + return NULL; -@@ -297,24 +296,18 @@ static void ar9002_hw_configpcipowersave - } else { - if (ah->config.pcie_waen) { - val = ah->config.pcie_waen; -- if (!power_off) -- val &= (~AR_WA_D3_L1_DISABLE); -+ val &= (~AR_WA_D3_L1_DISABLE); - } else { -- if (AR_SREV_9285(ah) || -- AR_SREV_9271(ah) || -- AR_SREV_9287(ah)) { -+ if (AR_SREV_9285(ah) || AR_SREV_9271(ah) || AR_SREV_9287(ah)) { - val = AR9285_WA_DEFAULT; -- if (!power_off) -- val &= (~AR_WA_D3_L1_DISABLE); -- } -- else if (AR_SREV_9280(ah)) { -+ val &= (~AR_WA_D3_L1_DISABLE); -+ } else if (AR_SREV_9280(ah)) { - /* - * For AR9280 chips, bit 22 of 0x4004 - * needs to be set. - */ - val = AR9280_WA_DEFAULT; -- if (!power_off) -- val &= (~AR_WA_D3_L1_DISABLE); -+ val &= (~AR_WA_D3_L1_DISABLE); - } else { - val = AR_WA_DEFAULT; - } ---- a/drivers/net/wireless/ath/ath9k/ar9003_hw.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_hw.c -@@ -153,7 +153,7 @@ static void ar9003_hw_init_mode_regs(str - if (!ah->is_clk_25mhz) - INIT_INI_ARRAY(&ah->iniAdditional, - ar9340_1p0_radio_core_40M); -- } else if (AR_SREV_9485_11(ah)) { -+ } else if (AR_SREV_9485_11_OR_LATER(ah)) { - /* mac */ - INIT_INI_ARRAY(&ah->iniMac[ATH_INI_CORE], - ar9485_1_1_mac_core); -@@ -424,7 +424,7 @@ static void ar9003_tx_gain_table_mode0(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9340Modes_lowest_ob_db_tx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485_modes_lowest_ob_db_tx_gain_1_1); - else if (AR_SREV_9550(ah)) -@@ -458,7 +458,7 @@ static void ar9003_tx_gain_table_mode1(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9340Modes_high_ob_db_tx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485Modes_high_ob_db_tx_gain_1_1); - else if (AR_SREV_9580(ah)) -@@ -492,7 +492,7 @@ static void ar9003_tx_gain_table_mode2(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9340Modes_low_ob_db_tx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485Modes_low_ob_db_tx_gain_1_1); - else if (AR_SREV_9580(ah)) -@@ -517,7 +517,7 @@ static void ar9003_tx_gain_table_mode3(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9340Modes_high_power_tx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485Modes_high_power_tx_gain_1_1); - else if (AR_SREV_9580(ah)) -@@ -552,7 +552,7 @@ static void ar9003_tx_gain_table_mode4(s - - static void ar9003_tx_gain_table_mode5(struct ath_hw *ah) - { -- if (AR_SREV_9485_11(ah)) -+ if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485Modes_green_ob_db_tx_gain_1_1); - else if (AR_SREV_9340(ah)) -@@ -571,7 +571,7 @@ static void ar9003_tx_gain_table_mode6(s - if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9340Modes_low_ob_db_and_spur_tx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesTxGain, - ar9485Modes_green_spur_ob_db_tx_gain_1_1); - else if (AR_SREV_9580(ah)) -@@ -611,7 +611,7 @@ static void ar9003_rx_gain_table_mode0(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesRxGain, - ar9340Common_rx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesRxGain, - ar9485_common_rx_gain_1_1); - else if (AR_SREV_9550(ah)) { -@@ -644,7 +644,7 @@ static void ar9003_rx_gain_table_mode1(s - else if (AR_SREV_9340(ah)) - INIT_INI_ARRAY(&ah->iniModesRxGain, - ar9340Common_wo_xlna_rx_gain_table_1p0); -- else if (AR_SREV_9485_11(ah)) -+ else if (AR_SREV_9485_11_OR_LATER(ah)) - INIT_INI_ARRAY(&ah->iniModesRxGain, - ar9485Common_wo_xlna_rx_gain_1_1); - else if (AR_SREV_9462_21(ah)) -@@ -745,16 +745,25 @@ static void ar9003_hw_init_mode_gain_reg - static void ar9003_hw_configpcipowersave(struct ath_hw *ah, - bool power_off) - { -+ /* -+ * Increase L1 Entry Latency. Some WB222 boards don't have -+ * this change in eeprom/OTP. -+ * -+ */ -+ if (AR_SREV_9462(ah)) { -+ u32 val = ah->config.aspm_l1_fix; -+ if ((val & 0xff000000) == 0x17000000) { -+ val &= 0x00ffffff; -+ val |= 0x27000000; -+ REG_WRITE(ah, 0x570c, val); + /* +- * mark descriptor as zero-length and set the 'more' +- * flag to ensure that both buffers get discarded ++ * Re-check previous descriptor, in case it has been filled ++ * in the mean time. + */ +- rs->rs_datalen = 0; +- rs->rs_more = true; ++ ret = ath9k_hw_rxprocdesc(ah, ds, rs); ++ if (ret == -EINPROGRESS) { ++ /* ++ * mark descriptor as zero-length and set the 'more' ++ * flag to ensure that both buffers get discarded ++ */ ++ rs->rs_datalen = 0; ++ rs->rs_more = true; + } -+ } -+ - /* Nothing to do on restore for 11N */ - if (!power_off /* !restore */) { - /* set bit 19 to allow forcing of pcie core into L1 state */ - REG_SET_BIT(ah, AR_PCIE_PM_CTRL, AR_PCIE_PM_CTRL_ENA); -- -- /* Several PCIe massages to ensure proper behaviour */ -- if (ah->config.pcie_waen) -- REG_WRITE(ah, AR_WA, ah->config.pcie_waen); -- else -- REG_WRITE(ah, AR_WA, ah->WARegVal); -+ REG_WRITE(ah, AR_WA, ah->WARegVal); } + list_del(&bf->list); +@@ -985,32 +992,32 @@ static int ath9k_rx_skb_preprocess(struc + struct ath_common *common = ath9k_hw_common(ah); + struct ieee80211_hdr *hdr; + bool discard_current = sc->rx.discard_next; +- int ret = 0; + /* ---- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -@@ -491,6 +491,7 @@ int ath9k_hw_process_rxdesc_edma(struct - rxs->rs_rate = MS(rxsp->status1, AR_RxRate); - rxs->rs_more = (rxsp->status2 & AR_RxMore) ? 1 : 0; - -+ rxs->rs_firstaggr = (rxsp->status11 & AR_RxFirstAggr) ? 1 : 0; - rxs->rs_isaggr = (rxsp->status11 & AR_RxAggr) ? 1 : 0; - rxs->rs_moreaggr = (rxsp->status11 & AR_RxMoreAggr) ? 1 : 0; - rxs->rs_antenna = (MS(rxsp->status4, AR_RxAntenna) & 0x7); ---- a/drivers/net/wireless/ath/ath9k/common.c -+++ b/drivers/net/wireless/ath/ath9k/common.c -@@ -49,37 +49,40 @@ int ath9k_cmn_get_hw_crypto_keytype(stru - } - EXPORT_SYMBOL(ath9k_cmn_get_hw_crypto_keytype); + * Discard corrupt descriptors which are marked in + * ath_get_next_rx_buf(). + */ +- sc->rx.discard_next = rx_stats->rs_more; + if (discard_current) +- return -EINVAL; ++ goto corrupt; ++ ++ sc->rx.discard_next = false; --static u32 ath9k_get_extchanmode(struct ieee80211_channel *chan, -- enum nl80211_channel_type channel_type) -+static u32 ath9k_get_extchanmode(struct cfg80211_chan_def *chandef) - { - u32 chanmode = 0; - -- switch (chan->band) { -+ switch (chandef->chan->band) { - case IEEE80211_BAND_2GHZ: -- switch (channel_type) { -- case NL80211_CHAN_NO_HT: -- case NL80211_CHAN_HT20: -+ switch (chandef->width) { -+ case NL80211_CHAN_WIDTH_20_NOHT: -+ case NL80211_CHAN_WIDTH_20: - chanmode = CHANNEL_G_HT20; - break; -- case NL80211_CHAN_HT40PLUS: -- chanmode = CHANNEL_G_HT40PLUS; -+ case NL80211_CHAN_WIDTH_40: -+ if (chandef->center_freq1 > chandef->chan->center_freq) -+ chanmode = CHANNEL_G_HT40PLUS; -+ else -+ chanmode = CHANNEL_G_HT40MINUS; - break; -- case NL80211_CHAN_HT40MINUS: -- chanmode = CHANNEL_G_HT40MINUS; -+ default: - break; - } - break; - case IEEE80211_BAND_5GHZ: -- switch (channel_type) { -- case NL80211_CHAN_NO_HT: -- case NL80211_CHAN_HT20: -+ switch (chandef->width) { -+ case NL80211_CHAN_WIDTH_20_NOHT: -+ case NL80211_CHAN_WIDTH_20: - chanmode = CHANNEL_A_HT20; - break; -- case NL80211_CHAN_HT40PLUS: -- chanmode = CHANNEL_A_HT40PLUS; -+ case NL80211_CHAN_WIDTH_40: -+ if (chandef->center_freq1 > chandef->chan->center_freq) -+ chanmode = CHANNEL_A_HT40PLUS; -+ else -+ chanmode = CHANNEL_A_HT40MINUS; - break; -- case NL80211_CHAN_HT40MINUS: -- chanmode = CHANNEL_A_HT40MINUS; -+ default: - break; - } - break; -@@ -94,13 +97,12 @@ static u32 ath9k_get_extchanmode(struct - * Update internal channel flags. - */ - void ath9k_cmn_update_ichannel(struct ath9k_channel *ichan, -- struct ieee80211_channel *chan, -- enum nl80211_channel_type channel_type) -+ struct cfg80211_chan_def *chandef) - { -- ichan->channel = chan->center_freq; -- ichan->chan = chan; -+ ichan->channel = chandef->chan->center_freq; -+ ichan->chan = chandef->chan; - -- if (chan->band == IEEE80211_BAND_2GHZ) { -+ if (chandef->chan->band == IEEE80211_BAND_2GHZ) { - ichan->chanmode = CHANNEL_G; - ichan->channelFlags = CHANNEL_2GHZ | CHANNEL_OFDM; - } else { -@@ -108,8 +110,22 @@ void ath9k_cmn_update_ichannel(struct at - ichan->channelFlags = CHANNEL_5GHZ | CHANNEL_OFDM; + /* + * Discard zero-length packets. + */ + if (!rx_stats->rs_datalen) { + RX_STAT_INC(rx_len_err); +- return -EINVAL; ++ goto corrupt; } -- if (channel_type != NL80211_CHAN_NO_HT) -- ichan->chanmode = ath9k_get_extchanmode(chan, channel_type); -+ switch (chandef->width) { -+ case NL80211_CHAN_WIDTH_5: -+ ichan->channelFlags |= CHANNEL_QUARTER; -+ break; -+ case NL80211_CHAN_WIDTH_10: -+ ichan->channelFlags |= CHANNEL_HALF; -+ break; -+ case NL80211_CHAN_WIDTH_20_NOHT: -+ break; -+ case NL80211_CHAN_WIDTH_20: -+ case NL80211_CHAN_WIDTH_40: -+ ichan->chanmode = ath9k_get_extchanmode(chandef); -+ break; -+ default: -+ WARN_ON(1); -+ } - } - EXPORT_SYMBOL(ath9k_cmn_update_ichannel); +- /* +- * rs_status follows rs_datalen so if rs_datalen is too large +- * we can take a hint that hardware corrupted it, so ignore +- * those frames. +- */ ++ /* ++ * rs_status follows rs_datalen so if rs_datalen is too large ++ * we can take a hint that hardware corrupted it, so ignore ++ * those frames. ++ */ + if (rx_stats->rs_datalen > (common->rx_bufsize - ah->caps.rx_status_len)) { + RX_STAT_INC(rx_len_err); +- return -EINVAL; ++ goto corrupt; + } -@@ -125,8 +141,7 @@ struct ath9k_channel *ath9k_cmn_get_curc + /* Only use status info from the last fragment */ +@@ -1024,10 +1031,8 @@ static int ath9k_rx_skb_preprocess(struc + * This is different from the other corrupt descriptor + * condition handled above. + */ +- if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) { +- ret = -EINVAL; +- goto exit; +- } ++ if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) ++ goto corrupt; - chan_idx = curchan->hw_value; - channel = &ah->channels[chan_idx]; -- ath9k_cmn_update_ichannel(channel, curchan, -- cfg80211_get_chandef_type(&hw->conf.chandef)); -+ ath9k_cmn_update_ichannel(channel, &hw->conf.chandef); + hdr = (struct ieee80211_hdr *) (skb->data + ah->caps.rx_status_len); - return channel; - } ---- a/drivers/net/wireless/ath/ath9k/common.h -+++ b/drivers/net/wireless/ath/ath9k/common.h -@@ -44,8 +44,7 @@ - - int ath9k_cmn_get_hw_crypto_keytype(struct sk_buff *skb); - void ath9k_cmn_update_ichannel(struct ath9k_channel *ichan, -- struct ieee80211_channel *chan, -- enum nl80211_channel_type channel_type); -+ struct cfg80211_chan_def *chandef); - struct ath9k_channel *ath9k_cmn_get_curchannel(struct ieee80211_hw *hw, - struct ath_hw *ah); - int ath9k_cmn_count_streams(unsigned int chainmask, int max); ---- a/drivers/net/wireless/ath/ath9k/hif_usb.c -+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c -@@ -115,10 +115,10 @@ static int hif_usb_send_regout(struct hi - cmd->skb = skb; - cmd->hif_dev = hif_dev; - -- usb_fill_bulk_urb(urb, hif_dev->udev, -- usb_sndbulkpipe(hif_dev->udev, USB_REG_OUT_PIPE), -+ usb_fill_int_urb(urb, hif_dev->udev, -+ usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE), - skb->data, skb->len, -- hif_usb_regout_cb, cmd); -+ hif_usb_regout_cb, cmd, 1); - - usb_anchor_urb(urb, &hif_dev->regout_submitted); - ret = usb_submit_urb(urb, GFP_KERNEL); -@@ -723,11 +723,11 @@ static void ath9k_hif_usb_reg_in_cb(stru - return; - } +@@ -1043,18 +1048,15 @@ static int ath9k_rx_skb_preprocess(struc + if (ath_process_fft(sc, hdr, rx_stats, rx_status->mactime)) + RX_STAT_INC(rx_spectral); -- usb_fill_bulk_urb(urb, hif_dev->udev, -- usb_rcvbulkpipe(hif_dev->udev, -+ usb_fill_int_urb(urb, hif_dev->udev, -+ usb_rcvintpipe(hif_dev->udev, - USB_REG_IN_PIPE), - nskb->data, MAX_REG_IN_BUF_SIZE, -- ath9k_hif_usb_reg_in_cb, nskb); -+ ath9k_hif_usb_reg_in_cb, nskb, 1); +- ret = -EINVAL; +- goto exit; ++ return -EINVAL; } - resubmit: -@@ -909,11 +909,11 @@ static int ath9k_hif_usb_alloc_reg_in_ur - goto err_skb; - } + /* + * everything but the rate is checked here, the rate check is done + * separately to avoid doing two lookups for a rate for each frame. + */ +- if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) { +- ret = -EINVAL; +- goto exit; +- } ++ if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) ++ return -EINVAL; -- usb_fill_bulk_urb(urb, hif_dev->udev, -- usb_rcvbulkpipe(hif_dev->udev, -+ usb_fill_int_urb(urb, hif_dev->udev, -+ usb_rcvintpipe(hif_dev->udev, - USB_REG_IN_PIPE), - skb->data, MAX_REG_IN_BUF_SIZE, -- ath9k_hif_usb_reg_in_cb, skb); -+ ath9k_hif_usb_reg_in_cb, skb, 1); + if (ath_is_mybeacon(common, hdr)) { + RX_STAT_INC(rx_beacons); +@@ -1064,15 +1066,11 @@ static int ath9k_rx_skb_preprocess(struc + /* + * This shouldn't happen, but have a safety check anyway. + */ +- if (WARN_ON(!ah->curchan)) { +- ret = -EINVAL; +- goto exit; +- } ++ if (WARN_ON(!ah->curchan)) ++ return -EINVAL; - /* Anchor URB */ - usb_anchor_urb(urb, &hif_dev->reg_in_submitted); -@@ -1031,9 +1031,7 @@ static int ath9k_hif_usb_download_fw(str +- if (ath9k_process_rate(common, hw, rx_stats, rx_status)) { +- ret =-EINVAL; +- goto exit; +- } ++ if (ath9k_process_rate(common, hw, rx_stats, rx_status)) ++ return -EINVAL; - static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev) - { -- struct usb_host_interface *alt = &hif_dev->interface->altsetting[0]; -- struct usb_endpoint_descriptor *endp; -- int ret, idx; -+ int ret; - - ret = ath9k_hif_usb_download_fw(hif_dev); - if (ret) { -@@ -1043,20 +1041,6 @@ static int ath9k_hif_usb_dev_init(struct - return ret; - } + ath9k_process_rssi(common, hw, rx_stats, rx_status); -- /* On downloading the firmware to the target, the USB descriptor of EP4 -- * is 'patched' to change the type of the endpoint to Bulk. This will -- * bring down CPU usage during the scan period. -- */ -- for (idx = 0; idx < alt->desc.bNumEndpoints; idx++) { -- endp = &alt->endpoint[idx].desc; -- if ((endp->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) -- == USB_ENDPOINT_XFER_INT) { -- endp->bmAttributes &= ~USB_ENDPOINT_XFERTYPE_MASK; -- endp->bmAttributes |= USB_ENDPOINT_XFER_BULK; -- endp->bInterval = 0; -- } -- } -- - /* Alloc URBs */ - ret = ath9k_hif_usb_alloc_urbs(hif_dev); - if (ret) { -@@ -1268,7 +1252,7 @@ static void ath9k_hif_usb_reboot(struct - if (!buf) - return; +@@ -1087,9 +1085,11 @@ static int ath9k_rx_skb_preprocess(struc + sc->rx.num_pkts++; + #endif -- ret = usb_bulk_msg(udev, usb_sndbulkpipe(udev, USB_REG_OUT_PIPE), -+ ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE), - buf, 4, NULL, HZ); - if (ret) - dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n"); ---- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c -@@ -1203,16 +1203,13 @@ static int ath9k_htc_config(struct ieee8 - - if ((changed & IEEE80211_CONF_CHANGE_CHANNEL) || chip_reset) { - struct ieee80211_channel *curchan = hw->conf.chandef.chan; -- enum nl80211_channel_type channel_type = -- cfg80211_get_chandef_type(&hw->conf.chandef); - int pos = curchan->hw_value; - - ath_dbg(common, CONFIG, "Set channel: %d MHz\n", - curchan->center_freq); - - ath9k_cmn_update_ichannel(&priv->ah->channels[pos], -- hw->conf.chandef.chan, -- channel_type); -+ &hw->conf.chandef); - - if (ath9k_htc_set_channel(priv, hw, &priv->ah->channels[pos]) < 0) { - ath_err(common, "Unable to set channel\n"); ---- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c -@@ -448,6 +448,7 @@ static void ath9k_htc_tx_process(struct - struct ieee80211_conf *cur_conf = &priv->hw->conf; - bool txok; - int slot; -+ int hdrlen, padsize; - - slot = strip_drv_header(priv, skb); - if (slot < 0) { -@@ -504,6 +505,15 @@ send_mac80211: - - ath9k_htc_tx_clear_slot(priv, slot); - -+ /* Remove padding before handing frame back to mac80211 */ -+ hdrlen = ieee80211_get_hdrlen_from_skb(skb); -+ -+ padsize = hdrlen & 3; -+ if (padsize && skb->len > hdrlen + padsize) { -+ memmove(skb->data + padsize, skb->data, hdrlen); -+ skb_pull(skb, padsize); -+ } +-exit: +- sc->rx.discard_next = false; +- return ret; ++ return 0; + - /* Send status to mac80211 */ - ieee80211_tx_status(priv->hw, skb); - } ---- a/drivers/net/wireless/ath/ath9k/link.c -+++ b/drivers/net/wireless/ath/ath9k/link.c -@@ -41,7 +41,7 @@ void ath_tx_complete_poll_work(struct wo - txq->axq_tx_inprogress = true; - } - } -- ath_txq_unlock_complete(sc, txq); -+ ath_txq_unlock(sc, txq); - } - - if (needreset) { ---- a/drivers/net/wireless/ath/ath9k/mac.c -+++ b/drivers/net/wireless/ath/ath9k/mac.c -@@ -583,9 +583,9 @@ int ath9k_hw_rxprocdesc(struct ath_hw *a - rs->rs_rate = MS(ads.ds_rxstatus0, AR_RxRate); - rs->rs_more = (ads.ds_rxstatus1 & AR_RxMore) ? 1 : 0; - -+ rs->rs_firstaggr = (ads.ds_rxstatus8 & AR_RxFirstAggr) ? 1 : 0; - rs->rs_isaggr = (ads.ds_rxstatus8 & AR_RxAggr) ? 1 : 0; -- rs->rs_moreaggr = -- (ads.ds_rxstatus8 & AR_RxMoreAggr) ? 1 : 0; -+ rs->rs_moreaggr = (ads.ds_rxstatus8 & AR_RxMoreAggr) ? 1 : 0; - rs->rs_antenna = MS(ads.ds_rxstatus3, AR_RxAntenna); - - /* directly mapped flags for ieee80211_rx_status */ ---- a/drivers/net/wireless/ath/ath9k/mac.h -+++ b/drivers/net/wireless/ath/ath9k/mac.h -@@ -140,6 +140,7 @@ struct ath_rx_status { - int8_t rs_rssi_ext1; - int8_t rs_rssi_ext2; - u8 rs_isaggr; -+ u8 rs_firstaggr; - u8 rs_moreaggr; - u8 rs_num_delims; - u8 rs_flags; -@@ -569,6 +570,7 @@ struct ar5416_desc { - #define AR_RxAggr 0x00020000 - #define AR_PostDelimCRCErr 0x00040000 - #define AR_RxStatusRsvd71 0x3ff80000 -+#define AR_RxFirstAggr 0x20000000 - #define AR_DecryptBusyErr 0x40000000 - #define AR_KeyMiss 0x80000000 - ---- a/drivers/net/wireless/ath/ath9k/rc.c -+++ b/drivers/net/wireless/ath/ath9k/rc.c -@@ -1324,8 +1324,8 @@ static void ath_rate_update(void *priv, - ath_rc_init(sc, priv_sta); - - ath_dbg(ath9k_hw_common(sc->sc_ah), CONFIG, -- "Operating HT Bandwidth changed to: %d\n", -- cfg80211_get_chandef_type(&sc->hw->conf.chandef)); -+ "Operating Bandwidth changed to: %d\n", -+ sc->hw->conf.chandef.width); - } ++corrupt: ++ sc->rx.discard_next = rx_stats->rs_more; ++ return -EINVAL; } ---- a/drivers/net/wireless/ath/ath9k/reg.h -+++ b/drivers/net/wireless/ath/ath9k/reg.h -@@ -893,9 +893,9 @@ - - #define AR_SREV_9485(_ah) \ - (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9485)) --#define AR_SREV_9485_11(_ah) \ -- (AR_SREV_9485(_ah) && \ -- ((_ah)->hw_version.macRev == AR_SREV_REVISION_9485_11)) -+#define AR_SREV_9485_11_OR_LATER(_ah) \ -+ (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9485) && \ -+ ((_ah)->hw_version.macRev >= AR_SREV_REVISION_9485_11)) - #define AR_SREV_9485_OR_LATER(_ah) \ - (((_ah)->hw_version.macVersion >= AR_SREV_VERSION_9485)) - ---- a/net/mac80211/main.c -+++ b/net/mac80211/main.c -@@ -101,7 +101,7 @@ static u32 ieee80211_hw_conf_chan(struct - struct ieee80211_sub_if_data *sdata; - struct cfg80211_chan_def chandef = {}; - u32 changed = 0; -- int power; -+ int power = 0; - u32 offchannel_flag; - - offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL; -@@ -155,16 +155,16 @@ static u32 ieee80211_hw_conf_chan(struct - changed |= IEEE80211_CONF_CHANGE_SMPS; - } - -- power = chandef.chan->max_power; + static void ath9k_rx_skb_postprocess(struct ath_common *common, +--- a/drivers/net/wireless/ath/ath9k/ani.c ++++ b/drivers/net/wireless/ath/ath9k/ani.c +@@ -176,16 +176,26 @@ static void ath9k_hw_set_ofdm_nil(struct + if (ah->opmode == NL80211_IFTYPE_STATION && + BEACON_RSSI(ah) <= ATH9K_ANI_RSSI_THR_HIGH) + weak_sig = true; - - rcu_read_lock(); - list_for_each_entry_rcu(sdata, &local->interfaces, list) { - if (!rcu_access_pointer(sdata->vif.chanctx_conf)) - continue; -- power = min(power, sdata->vif.bss_conf.txpower); -+ power = max(power, sdata->vif.bss_conf.txpower); - } - rcu_read_unlock(); - -+ power = min(power, chandef.chan->max_power); + /* +- * OFDM Weak signal detection is always enabled for AP mode. ++ * Newer chipsets are better at dealing with high PHY error counts - ++ * keep weak signal detection enabled when no RSSI threshold is ++ * available to determine if it is needed (mode != STA) + */ +- if (ah->opmode != NL80211_IFTYPE_AP && +- aniState->ofdmWeakSigDetect != weak_sig) { +- ath9k_hw_ani_control(ah, +- ATH9K_ANI_OFDM_WEAK_SIGNAL_DETECTION, +- entry_ofdm->ofdm_weak_signal_on); +- } ++ else if (AR_SREV_9300_20_OR_LATER(ah) && ++ ah->opmode != NL80211_IFTYPE_STATION) ++ weak_sig = true; + - if (local->hw.conf.power_level != power) { - changed |= IEEE80211_CONF_CHANGE_POWER; - local->hw.conf.power_level = power; ---- a/net/mac80211/status.c -+++ b/net/mac80211/status.c -@@ -180,6 +180,9 @@ static void ieee80211_frame_acked(struct - struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata = sta->sdata; - -+ if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) -+ sta->last_rx = jiffies; ++ /* Older chipsets are more sensitive to high PHY error counts */ ++ else if (!AR_SREV_9300_20_OR_LATER(ah) && ++ aniState->ofdmNoiseImmunityLevel >= 8) ++ weak_sig = false; + - if (ieee80211_is_data_qos(mgmt->frame_control)) { - struct ieee80211_hdr *hdr = (void *) skb->data; - u8 *qc = ieee80211_get_qos_ctl(hdr); ++ if (aniState->ofdmWeakSigDetect != weak_sig) ++ ath9k_hw_ani_control(ah, ATH9K_ANI_OFDM_WEAK_SIGNAL_DETECTION, ++ weak_sig); ++ ++ if (!AR_SREV_9300_20_OR_LATER(ah)) ++ return; + + if (aniState->ofdmNoiseImmunityLevel >= ATH9K_ANI_OFDM_DEF_LEVEL) { + ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH; +@@ -483,10 +493,17 @@ void ath9k_hw_ani_init(struct ath_hw *ah + + ath_dbg(common, ANI, "Initialize ANI\n"); + +- ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH; +- ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW; +- ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH; +- ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW; ++ if (AR_SREV_9300_20_OR_LATER(ah)) { ++ ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH; ++ ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW; ++ ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH; ++ ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW; ++ } else { ++ ah->config.ofdm_trig_high = ATH9K_ANI_OFDM_TRIG_HIGH_OLD; ++ ah->config.ofdm_trig_low = ATH9K_ANI_OFDM_TRIG_LOW_OLD; ++ ah->config.cck_trig_high = ATH9K_ANI_CCK_TRIG_HIGH_OLD; ++ ah->config.cck_trig_low = ATH9K_ANI_CCK_TRIG_LOW_OLD; ++ } + + ani->spurImmunityLevel = ATH9K_ANI_SPUR_IMMUNE_LVL; + ani->firstepLevel = ATH9K_ANI_FIRSTEP_LVL; +--- a/drivers/net/wireless/ath/ath9k/ani.h ++++ b/drivers/net/wireless/ath/ath9k/ani.h +@@ -22,12 +22,16 @@ + /* units are errors per second */ + #define ATH9K_ANI_OFDM_TRIG_HIGH 3500 + #define ATH9K_ANI_OFDM_TRIG_HIGH_BELOW_INI 1000 ++#define ATH9K_ANI_OFDM_TRIG_HIGH_OLD 500 + + #define ATH9K_ANI_OFDM_TRIG_LOW 400 + #define ATH9K_ANI_OFDM_TRIG_LOW_ABOVE_INI 900 ++#define ATH9K_ANI_OFDM_TRIG_LOW_OLD 200 + + #define ATH9K_ANI_CCK_TRIG_HIGH 600 ++#define ATH9K_ANI_CCK_TRIG_HIGH_OLD 200 + #define ATH9K_ANI_CCK_TRIG_LOW 300 ++#define ATH9K_ANI_CCK_TRIG_LOW_OLD 100 + + #define ATH9K_ANI_SPUR_IMMUNE_LVL 3 + #define ATH9K_ANI_FIRSTEP_LVL 2