X-Git-Url: https://git.archive.openwrt.org/?p=openwrt.git;a=blobdiff_plain;f=package%2Fkernel%2Fmac80211%2Fpatches%2F300-pending_work.patch;h=e08a2188ce7360ef74625ad19e6f0d944ca34591;hp=4b0337276d0bf55ec815877f20c37898512bfedd;hb=4b78381f4ad771bf8a6b108441ae43c3eac0f621;hpb=0fe930daac0d137ee20eb9da1d8f1f2eb747833a diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch index 4b0337276d..e08a2188ce 100644 --- a/package/kernel/mac80211/patches/300-pending_work.patch +++ b/package/kernel/mac80211/patches/300-pending_work.patch @@ -1,4753 +1,2140 @@ ---- a/drivers/net/wireless/ath/ath10k/mac.c -+++ b/drivers/net/wireless/ath/ath10k/mac.c -@@ -1351,12 +1351,12 @@ static int ath10k_update_channel_list(st - ch->allow_vht = true; - - ch->allow_ibss = -- !(channel->flags & IEEE80211_CHAN_NO_IBSS); -+ !(channel->flags & IEEE80211_CHAN_NO_IR); - - ch->ht40plus = - !(channel->flags & IEEE80211_CHAN_NO_HT40PLUS); - -- passive = channel->flags & IEEE80211_CHAN_PASSIVE_SCAN; -+ passive = channel->flags & IEEE80211_CHAN_NO_IR; - ch->passive = passive; - - ch->freq = channel->center_freq; ---- a/drivers/net/wireless/ath/ath9k/Kconfig -+++ b/drivers/net/wireless/ath/ath9k/Kconfig -@@ -90,7 +90,7 @@ config ATH9K_DFS_CERTIFIED - - config ATH9K_TX99 - bool "Atheros ath9k TX99 testing support" -- depends on CFG80211_CERTIFICATION_ONUS -+ depends on ATH9K_DEBUGFS && CFG80211_CERTIFICATION_ONUS - default n - ---help--- - Say N. This should only be enabled on systems undergoing -@@ -108,6 +108,14 @@ config ATH9K_TX99 - be evaluated to meet the RF exposure limits set forth in the - governmental SAR regulations. - -+config ATH9K_WOW -+ bool "Wake on Wireless LAN support (EXPERIMENTAL)" -+ depends on ATH9K && PM -+ default n -+ ---help--- -+ This option enables Wake on Wireless LAN support for certain cards. -+ Currently, AR9462 is supported. -+ - config ATH9K_LEGACY_RATE_CONTROL - bool "Atheros ath9k rate control" - depends on ATH9K ---- a/drivers/net/wireless/ath/ath9k/Makefile -+++ b/drivers/net/wireless/ath/ath9k/Makefile -@@ -13,9 +13,9 @@ ath9k-$(CPTCFG_ATH9K_PCI) += pci.o - ath9k-$(CPTCFG_ATH9K_AHB) += ahb.o - ath9k-$(CPTCFG_ATH9K_DEBUGFS) += debug.o - ath9k-$(CPTCFG_ATH9K_DFS_DEBUGFS) += dfs_debug.o --ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += \ -- dfs.o --ath9k-$(CONFIG_PM_SLEEP) += wow.o -+ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += dfs.o -+ath9k-$(CPTCFG_ATH9K_TX99) += tx99.o -+ath9k-$(CPTCFG_ATH9K_WOW) += wow.o - - obj-$(CPTCFG_ATH9K) += ath9k.o - -@@ -41,6 +41,8 @@ ath9k_hw-y:= \ - ar9003_eeprom.o \ - ar9003_paprd.o - -+ath9k_hw-$(CPTCFG_ATH9K_WOW) += ar9003_wow.o +commit b9f268b5b01331c3c82179abca551429450e9417 +Author: Michal Kazior +Date: Wed Jan 29 14:22:27 2014 +0100 + + cfg80211: consider existing DFS interfaces + + It was possible to break interface combinations in + the following way: + + combo 1: iftype = AP, num_ifaces = 2, num_chans = 2, + combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20 + + With the above interface combinations it was + possible to: + + step 1. start AP on DFS channel by matching combo 2 + step 2. start AP on non-DFS channel by matching combo 1 + + This was possible beacuse (step 2) did not consider + if other interfaces require radar detection. + + The patch changes how cfg80211 tracks channels - + instead of channel itself now a complete chandef + is stored. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit bc9c62f5f511cc395c62dbf4cdd437f23db53b28 +Author: Antonio Quartulli +Date: Wed Jan 29 17:53:43 2014 +0100 + + cfg80211: fix channel configuration in IBSS join + + When receiving an IBSS_JOINED event select the BSS object + based on the {bssid, channel} couple rather than the bssid + only. + With the current approach if another cell having the same + BSSID (but using a different channel) exists then cfg80211 + picks up the wrong BSS object. + The result is a mismatching channel configuration between + cfg80211 and the driver, that can lead to any sort of + problem. + + The issue can be triggered by having an IBSS sitting on + given channel and then asking the driver to create a new + cell using the same BSSID but with a different frequency. + By passing the channel to cfg80211_get_bss() we can solve + this ambiguity and retrieve/create the correct BSS object. + All the users of cfg80211_ibss_joined() have been changed + accordingly. + + Moreover WARN when cfg80211_ibss_joined() gets a NULL + channel as argument and remove a bogus call of the same + function in ath6kl (it does not make sense to call + cfg80211_ibss_joined() with a zero BSSID on ibss-leave). + + Cc: Kalle Valo + Cc: Arend van Spriel + Cc: Bing Zhao + Cc: Jussi Kivilinna + Cc: libertas-dev@lists.infradead.org + Acked-by: Kalle Valo + Signed-off-by: Antonio Quartulli + [minor code cleanup in ath6kl] + Signed-off-by: Johannes Berg + +commit 7e0c41cb41f215aba2c39b1c237bb4d42ec49a85 +Author: Johannes Berg +Date: Fri Jan 24 14:41:44 2014 +0100 + + mac80211: fix bufferable MMPDU RX handling + + Action, disassoc and deauth frames are bufferable, and as such don't + have the PM bit in the frame control field reserved which means we + need to react to the bit when receiving in such a frame. + + Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu() + and using it for the RX path that currently ignores the PM bit in + any non-data frames for doze->wake transitions, but listens to it in + all frames for wake->doze transitions, both of which are wrong. + + Also use the new helper in the TX path to clean up the code. + + Signed-off-by: Johannes Berg + +commit fc0df6d2343636e3f48a069330d5b972e3d8659d +Author: Janusz Dziedzic +Date: Fri Jan 24 14:29:21 2014 +0100 + + cfg80211: set preset_chandef after channel switch + + Set preset_chandef in channel switch notification. + In other case we will have old preset_chandef. + + Signed-off-by: Janusz Dziedzic + Signed-off-by: Johannes Berg + +commit cdec895e2344987ff171cece96e25d7407a3ebf6 +Author: Simon Wunderlich +Date: Fri Jan 24 23:48:29 2014 +0100 + + mac80211: send ibss probe responses with noack flag + + Responding to probe requests for scanning clients will often create + excessive retries, as it happens quite often that the scanning client + already left the channel. Therefore do it like hostapd and send probe + responses for wildcard SSID only once by using the noack flag. + + Signed-off-by: Simon Wunderlich + [fix typo & 'wildcard SSID' in commit log] + Signed-off-by: Johannes Berg + +commit 0b865d1e6b9c05052adae9315df7cb195dc60c3b +Author: Luciano Coelho +Date: Tue Jan 28 17:09:08 2014 +0200 + + mac80211: ibss: remove unnecessary call to release channel + + The ieee80211_vif_use_channel() function calls + ieee80211_vif_release_channel(), so there's no need to call it + explicitly in __ieee80211_sta_join_ibss(). + + Signed-off-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit e1b6c17e971f0a51ff86c2dac2584c63cd999cd7 +Author: Michal Kazior +Date: Wed Jan 29 07:56:21 2014 +0100 + + mac80211: add missing CSA locking + + The patch adds a missing sdata lock and adds a few + lockdeps for easier maintenance. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit ad17ba7d14d225b109b73c177cd446afb8050598 +Author: Michal Kazior +Date: Wed Jan 29 07:56:20 2014 +0100 + + mac80211: fix sdata->radar_required locking + + radar_required setting wasn't protected by + local->mtx in some places. This should prevent + from scanning/radar detection/roc colliding. + + Signed-off-by: Michal Kazior + Signed-off-by: Johannes Berg + +commit 5fcd5f1808813a3d9e502fd756e01bee8a79c85d +Author: Michal Kazior +Date: Wed Jan 29 07:56:19 2014 +0100 + + mac80211: move csa_active setting in STA CSA + + The sdata->vif.csa_active could be left set after, + e.g. channel context constraints check fail in STA + mode leaving the interface in a strange state for + a brief period of time until it is disconnected. + This was harmless but ugly. + + Signed-off-by: Michal Kazior + Reviewed-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit e486da4b7eed71821c6b4c1bb9ac62ffd3ab13e9 +Author: Michal Kazior +Date: Wed Jan 29 07:56:18 2014 +0100 + + mac80211: fix possible memory leak on AP CSA failure + + If CSA for AP interface failed and the interface + was not stopped afterwards another CSA request + would leak sdata->u.ap.next_beacon. + + Signed-off-by: Michal Kazior + Reviewed-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit 3a77ba08940682bf3d52cf14f980337324af9d4a +Author: Johannes Berg +Date: Sat Feb 1 00:33:29 2014 +0100 + + mac80211: fix fragmentation code, particularly for encryption + + The "new" fragmentation code (since my rewrite almost 5 years ago) + erroneously sets skb->len rather than using skb_trim() to adjust + the length of the first fragment after copying out all the others. + This leaves the skb tail pointer pointing to after where the data + originally ended, and thus causes the encryption MIC to be written + at that point, rather than where it belongs: immediately after the + data. + + The impact of this is that if software encryption is done, then + a) encryption doesn't work for the first fragment, the connection + becomes unusable as the first fragment will never be properly + verified at the receiver, the MIC is practically guaranteed to + be wrong + b) we leak up to 8 bytes of plaintext (!) of the packet out into + the air + + This is only mitigated by the fact that many devices are capable + of doing encryption in hardware, in which case this can't happen + as the tail pointer is irrelevant in that case. Additionally, + fragmentation is not used very frequently and would normally have + to be configured manually. + + Fix this by using skb_trim() properly. + + Cc: stable@vger.kernel.org + Fixes: 2de8e0d999b8 ("mac80211: rewrite fragmentation") + Reported-by: Jouni Malinen + Signed-off-by: Johannes Berg + +commit de5f242e0c10e841017e37eb8c38974a642dbca8 +Author: Sujith Manoharan +Date: Tue Jan 28 06:21:59 2014 +0530 + + ath9k: Fix build error on ARM + + Use mdelay instead of udelay to fix this error: + + ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined! + make[1]: *** [__modpost] Error 1 + make: *** [modules] Error 2 + + Reported-by: Josh Boyer + Signed-off-by: Sujith Manoharan + +commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a +Author: Geert Uytterhoeven +Date: Sun Jan 26 11:53:21 2014 +0100 + + ath9k: Fix uninitialized variable in ath9k_has_tx_pending() + + drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’: + drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function + + Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k: + optimize ath9k_flush"). + + Signed-off-by: Geert Uytterhoeven + +commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6 +Author: Emmanuel Grumbach +Date: Mon Jan 27 11:07:42 2014 +0200 + + mac80211: release the channel in error path in start_ap + + When the driver cannot start the AP or when the assignement + of the beacon goes wrong, we need to unassign the vif. + + Cc: stable@vger.kernel.org + Signed-off-by: Emmanuel Grumbach + Signed-off-by: Johannes Berg + +commit dfb6889a75c601aedb7450b7e606668e77da6679 +Author: Johannes Berg +Date: Wed Jan 22 11:14:19 2014 +0200 + + cfg80211: send scan results from work queue + + Due to the previous commit, when a scan finishes, it is in theory + possible to hit the following sequence: + 1. interface starts being removed + 2. scan is cancelled by driver and cfg80211 is notified + 3. scan done work is scheduled + 4. interface is removed completely, rdev->scan_req is freed, + event sent to userspace but scan done work remains pending + 5. new scan is requested on another virtual interface + 6. scan done work runs, freeing the still-running scan + + To fix this situation, hang on to the scan done message and block + new scans while that is the case, and only send the message from + the work function, regardless of whether the scan_req is already + freed from interface removal. This makes step 5 above impossible + and changes step 6 to be + 5. scan done work runs, sending the scan done message + + As this can't work for wext, so we send the message immediately, + but this shouldn't be an issue since we still return -EBUSY. + + Signed-off-by: Johannes Berg + +commit 45b7ab41fc08627d9a8428cb413d5d84662a9707 +Author: Johannes Berg +Date: Wed Jan 22 11:14:18 2014 +0200 + + cfg80211: fix scan done race + + When an interface/wdev is removed, any ongoing scan should be + cancelled by the driver. This will make it call cfg80211, which + only queues a work struct. If interface/wdev removal is quick + enough, this can leave the scan request pending and processed + only after the interface is gone, causing a use-after-free. + + Fix this by making sure the scan request is not pending after + the interface is destroyed. We can't flush or cancel the work + item due to locking concerns, but when it'll run it shouldn't + find anything to do. This leaves a potential issue, if a new + scan gets requested before the work runs, it prematurely stops + the running scan, potentially causing another crash. I'll fix + that in the next patch. + + This was particularly observed with P2P_DEVICE wdevs, likely + because freeing them is quicker than freeing netdevs. + + Reported-by: Andrei Otcheretianski + Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans") + Signed-off-by: Johannes Berg + +commit ae04fa489ab31b5a10d3cc8399f52761175d4321 +Author: Emmanuel Grumbach +Date: Thu Jan 23 14:28:16 2014 +0200 + + mac80211: avoid deadlock revealed by lockdep + + sdata->u.ap.request_smps_work can’t be flushed synchronously + under wdev_lock(wdev) since ieee80211_request_smps_ap_work + itself locks the same lock. + While at it, reset the driver_smps_mode when the ap is + stopped to its default: OFF. + + This solves: + + ====================================================== + [ INFO: possible circular locking dependency detected ] + 3.12.0-ipeer+ #2 Tainted: G O + ------------------------------------------------------- + rmmod/2867 is trying to acquire lock: + ((&sdata->u.ap.request_smps_work)){+.+...}, at: [] flush_work+0x0/0x90 + + but task is already holding lock: + (&wdev->mtx){+.+.+.}, at: [] cfg80211_stop_ap+0x26/0x230 [cfg80211] + + which lock already depends on the new lock. + + the existing dependency chain (in reverse order) is: + + -> #1 (&wdev->mtx){+.+.+.}: + [] lock_acquire+0x79/0xe0 + [] mutex_lock_nested+0x4a/0x360 + [] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211] + [] process_one_work+0x198/0x450 + [] worker_thread+0xf9/0x320 + [] kthread+0x9f/0xb0 + [] ret_from_kernel_thread+0x1b/0x28 + + -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}: + [] __lock_acquire+0x183f/0x1910 + [] lock_acquire+0x79/0xe0 + [] flush_work+0x47/0x90 + [] __cancel_work_timer+0x67/0xe0 + [] cancel_work_sync+0xf/0x20 + [] ieee80211_stop_ap+0x8c/0x340 [mac80211] + [] cfg80211_stop_ap+0x8c/0x230 [cfg80211] + [] cfg80211_leave+0x79/0x100 [cfg80211] + [] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211] + [] notifier_call_chain+0x59/0x130 + [] __raw_notifier_call_chain+0x1e/0x30 + [] raw_notifier_call_chain+0x1f/0x30 + [] call_netdevice_notifiers_info+0x33/0x70 + [] call_netdevice_notifiers+0x13/0x20 + [] __dev_close_many+0x34/0xb0 + [] dev_close_many+0x6e/0xc0 + [] rollback_registered_many+0xa7/0x1f0 + [] unregister_netdevice_many+0x14/0x60 + [] ieee80211_remove_interfaces+0xe9/0x170 [mac80211] + [] ieee80211_unregister_hw+0x56/0x110 [mac80211] + [] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm] + [] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi] + [] iwl_opmode_deregister+0x6f/0x90 [iwlwifi] + [] __exit_compat+0xd/0x19 [iwlmvm] + [] SyS_delete_module+0x179/0x2b0 + [] sysenter_do_call+0x12/0x32 + + Fixes: 687da132234f ("mac80211: implement SMPS for AP") + Cc: [3.13] + Reported-by: Ilan Peer + Signed-off-by: Emmanuel Grumbach + Signed-off-by: Johannes Berg + +commit 178b205e96217164fd7c30113464250d0b6f5eca +Author: Johannes Berg +Date: Thu Jan 23 16:32:29 2014 +0100 + + cfg80211: re-enable 5/10 MHz support + + Unfortunately I forgot this during the merge window, but the + patch seems small enough to go in as a fix. The userspace API + bug that was the reason for disabling it has long been fixed. + + Signed-off-by: Johannes Berg + +commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61 +Author: Pontus Fuchs +Date: Thu Jan 16 15:00:40 2014 +0100 + + nl80211: Reset split_start when netlink skb is exhausted + + When the netlink skb is exhausted split_start is left set. In the + subsequent retry, with a larger buffer, the dump is continued from the + failing point instead of from the beginning. + + This was causing my rt28xx based USB dongle to now show up when + running "iw list" with an old iw version without split dump support. + + Cc: stable@vger.kernel.org + Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps") + Signed-off-by: Pontus Fuchs + [avoid the entire workaround when state->split is set] + Signed-off-by: Johannes Berg + +commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4 +Author: Eliad Peller +Date: Sun Jan 12 11:06:37 2014 +0200 + + mac80211: move roc cookie assignment earlier + + ieee80211_start_roc_work() might add a new roc + to existing roc, and tell cfg80211 it has already + started. + + However, this might happen before the roc cookie + was set, resulting in REMAIN_ON_CHANNEL (started) + event with null cookie. Consequently, it can make + wpa_supplicant go out of sync. + + Fix it by setting the roc cookie earlier. + + Cc: stable@vger.kernel.org + Signed-off-by: Eliad Peller + Signed-off-by: Johannes Berg + +commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c +Author: Johannes Berg +Date: Fri Jan 24 14:06:29 2014 +0100 + + nl80211: send event when AP operation is stopped + + There are a few cases, e.g. suspend, where an AP interface is + stopped by the kernel rather than by userspace request, most + commonly when suspending. To let userspace know about this, + send the NL80211_CMD_STOP_AP command as an event every time + an AP interface is stopped. This also happens when userspace + did in fact request the AP stop, but that's not a problem. + + For full-MAC drivers this may need to be extended to also + cover cases where the device stopped the AP operation for + some reason, this a bit more complicated because then all + cfg80211 state also needs to be reset; such API is not part + of this patch. + + Signed-off-by: Johannes Berg + +commit d5d567eda7704f190379ca852a8f9a4112e3eee3 +Author: Johannes Berg +Date: Thu Jan 23 16:20:29 2014 +0100 + + mac80211: add length check in ieee80211_is_robust_mgmt_frame() + + A few places weren't checking that the frame passed to the + function actually has enough data even though the function + clearly documents it must have a payload byte. Make this + safer by changing the function to take an skb and checking + the length inside. The old version is preserved for now as + the rtl* drivers use it and don't have a correct skb. + + Signed-off-by: Johannes Berg + +commit f8f6d212a047fc65c7d3442dfc038f65517236fc +Author: Johannes Berg +Date: Fri Jan 24 10:53:53 2014 +0100 + + nl80211: fix scheduled scan RSSI matchset attribute confusion + + The scheduled scan matchsets were intended to be a list of filters, + with the found BSS having to pass at least one of them to be passed + to the host. When the RSSI attribute was added, however, this was + broken and currently wpa_supplicant adds that attribute in its own + matchset; however, it doesn't intend that to mean that anything + that passes the RSSI filter should be passed to the host, instead + it wants it to mean that everything needs to also have higher RSSI. + + This is semantically problematic because we have a list of filters + like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which + one should be OR'ed and which one AND'ed. + + To fix this, move the RSSI filter attribute into each matchset. As + we need to stay backward compatible, treat a matchset with only the + RSSI attribute as a "default RSSI filter" for all other matchsets, + but only if there are other matchsets (an RSSI-only matchset by + itself is still desirable.) + + To make driver implementation easier, keep a global min_rssi_thold + for the entire request as well. The only affected driver is ath6kl. + + I found this when I looked into the code after Raja Mani submitted + a patch fixing the n_match_sets calculation to disregard the RSSI, + but that patch didn't address the semantic issue. + + Reported-by: Raja Mani + Acked-by: Luciano Coelho + Signed-off-by: Johannes Berg + +commit de553e8545e65a6dc4e45f43df7e1443d4291922 +Author: Johannes Berg +Date: Fri Jan 24 10:17:47 2014 +0100 + + nl80211: check nla_parse() return values + + If there's a policy, then nla_parse() return values must be + checked, otherwise the policy is useless and there's nothing + that ensures the attributes are actually what we expect them + to be. + + Signed-off-by: Johannes Berg + +commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1 +Author: Karl Beldan +Date: Thu Jan 23 20:06:34 2014 +0100 + + mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec + + ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of + the BA parameters. In the discussion [1] about this patch, Johannes + recalled that it fixed some races with the DELBA and indeed this + behavior was introduced in [2]. + While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on + their BA params TID AC violates the spec and is more a workaround for + some drivers. Helmut expressed some concerns wrt such drivers, in + particular DELBAs in rt2x00. + + ATM, DELBAs are sent after a driver has called (hence "purposely") + ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some + details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_* + given to the driver ampdu_action supposed to call this function, which + could prove handy to people trying to do the right thing in faulty + drivers (if their fw/hw don't get in their way). + + [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com + [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames") + + Signed-off-by: Karl Beldan + Cc: Helmut Schaa + Cc: Emmanuel Grumbach + Signed-off-by: Johannes Berg +--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c ++++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c +@@ -790,7 +790,7 @@ void ath6kl_cfg80211_connect_event(struc + if (nw_type & ADHOC_NETWORK) { + ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "ad-hoc %s selected\n", + nw_type & ADHOC_CREATOR ? "creator" : "joiner"); +- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(vif->ndev, bssid, chan, GFP_KERNEL); + cfg80211_put_bss(ar->wiphy, bss); + return; + } +@@ -861,13 +861,9 @@ void ath6kl_cfg80211_disconnect_event(st + } + + if (vif->nw_type & ADHOC_NETWORK) { +- if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) { ++ if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) + ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, + "%s: ath6k not in ibss mode\n", __func__); +- return; +- } +- memset(bssid, 0, ETH_ALEN); +- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL); + return; + } + +@@ -3256,6 +3252,15 @@ static int ath6kl_cfg80211_sscan_start(s + struct ath6kl_vif *vif = netdev_priv(dev); + u16 interval; + int ret, rssi_thold; ++ int n_match_sets = request->n_match_sets; + - ath9k_hw-$(CPTCFG_ATH9K_BTCOEX_SUPPORT) += btcoex.o \ - ar9003_mci.o - obj-$(CPTCFG_ATH9K_HW) += ath9k_hw.o ---- a/drivers/net/wireless/ath/ath9k/ar9003_hw.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_hw.c -@@ -581,6 +581,13 @@ static void ar9003_tx_gain_table_mode6(s - ar9580_1p0_type6_tx_gain_table); ++ /* ++ * If there's a matchset w/o an SSID, then assume it's just for ++ * the RSSI (nothing else is currently supported) and ignore it. ++ * The device only supports a global RSSI filter that we set below. ++ */ ++ if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len) ++ n_match_sets = 0; + + if (ar->state != ATH6KL_STATE_ON) + return -EIO; +@@ -3268,11 +3273,11 @@ static int ath6kl_cfg80211_sscan_start(s + ret = ath6kl_set_probed_ssids(ar, vif, request->ssids, + request->n_ssids, + request->match_sets, +- request->n_match_sets); ++ n_match_sets); + if (ret < 0) + return ret; + +- if (!request->n_match_sets) { ++ if (!n_match_sets) { + ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx, + ALL_BSS_FILTER, 0); + if (ret < 0) +@@ -3286,12 +3291,12 @@ static int ath6kl_cfg80211_sscan_start(s + + if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD, + ar->fw_capabilities)) { +- if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF) ++ if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF) + rssi_thold = 0; +- else if (request->rssi_thold < -127) ++ else if (request->min_rssi_thold < -127) + rssi_thold = -127; + else +- rssi_thold = request->rssi_thold; ++ rssi_thold = request->min_rssi_thold; + + ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx, + rssi_thold); +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at + if (AR_SREV_9300_20_OR_LATER(ah)) + udelay(50); + else if (AR_SREV_9100(ah)) +- udelay(10000); ++ mdelay(10); + else + udelay(100); + +@@ -2051,9 +2051,8 @@ static bool ath9k_hw_set_power_awake(str + + REG_SET_BIT(ah, AR_RTC_FORCE_WAKE, + AR_RTC_FORCE_WAKE_EN); +- + if (AR_SREV_9100(ah)) +- udelay(10000); ++ mdelay(10); + else + udelay(50); + +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str + + static bool ath9k_has_tx_pending(struct ath_softc *sc) + { +- int i, npend; ++ int i, npend = 0; + + for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) { + if (!ATH_TXQ_SETUP(sc, i)) +--- a/drivers/net/wireless/iwlwifi/mvm/scan.c ++++ b/drivers/net/wireless/iwlwifi/mvm/scan.c +@@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid( + * config match list. + */ + for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) { ++ /* skip empty SSID matchsets */ ++ if (!req->match_sets[i].ssid.ssid_len) ++ continue; + scan->direct_scan[i].id = WLAN_EID_SSID; + scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len; + memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid, +--- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c +@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80 + /* During testing, hdr was NULL */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c +@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80 + /* In testing, hdr was NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c +@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80 + /* during testing, hdr was NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c +@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee + /* during testing, hdr could be NULL here */ + return false; + } +- if ((ieee80211_is_robust_mgmt_frame(hdr)) && ++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) && + (ieee80211_has_protected(hdr->frame_control))) + rx_status->flag &= ~RX_FLAG_DECRYPTED; + else +--- a/include/linux/ieee80211.h ++++ b/include/linux/ieee80211.h +@@ -597,6 +597,20 @@ static inline int ieee80211_is_qos_nullf } -+static void ar9003_tx_gain_table_mode7(struct ath_hw *ah) + /** ++ * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU ++ * @fc: frame control field in little-endian byteorder ++ */ ++static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc) +{ -+ if (AR_SREV_9340(ah)) -+ INIT_INI_ARRAY(&ah->iniModesTxGain, -+ ar9340_cus227_tx_gain_table_1p0); ++ /* IEEE 802.11-2012, definition of "bufferable management frame"; ++ * note that this ignores the IBSS special case. */ ++ return ieee80211_is_mgmt(fc) && ++ (ieee80211_is_action(fc) || ++ ieee80211_is_disassoc(fc) || ++ ieee80211_is_deauth(fc)); +} + - typedef void (*ath_txgain_tab)(struct ath_hw *ah); - - static void ar9003_tx_gain_table_apply(struct ath_hw *ah) -@@ -593,6 +600,7 @@ static void ar9003_tx_gain_table_apply(s - ar9003_tx_gain_table_mode4, - ar9003_tx_gain_table_mode5, - ar9003_tx_gain_table_mode6, -+ ar9003_tx_gain_table_mode7, - }; - int idx = ar9003_hw_get_tx_gain_idx(ah); ++/** + * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set + * @seq_ctrl: frame sequence control bytes in little-endian byteorder + */ +@@ -2192,10 +2206,10 @@ static inline u8 *ieee80211_get_DA(struc + } -@@ -750,6 +758,9 @@ static void ar9003_hw_init_mode_gain_reg - static void ar9003_hw_configpcipowersave(struct ath_hw *ah, - bool power_off) + /** +- * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame ++ * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame + * @hdr: the frame (buffer must include at least the first octet of payload) + */ +-static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) ++static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { -+ unsigned int i; -+ struct ar5416IniArray *array; -+ - /* - * Increase L1 Entry Latency. Some WB222 boards don't have - * this change in eeprom/OTP. -@@ -775,18 +786,13 @@ static void ar9003_hw_configpcipowersave - * Configire PCIE after Ini init. SERDES values now come from ini file - * This enables PCIe low power mode. - */ -- if (ah->config.pcieSerDesWrite) { -- unsigned int i; -- struct ar5416IniArray *array; -- -- array = power_off ? &ah->iniPcieSerdes : -- &ah->iniPcieSerdesLowPower; -- -- for (i = 0; i < array->ia_rows; i++) { -- REG_WRITE(ah, -- INI_RA(array, i, 0), -- INI_RA(array, i, 1)); -- } -+ array = power_off ? &ah->iniPcieSerdes : -+ &ah->iniPcieSerdesLowPower; -+ -+ for (i = 0; i < array->ia_rows; i++) { -+ REG_WRITE(ah, -+ INI_RA(array, i, 0), -+ INI_RA(array, i, 1)); - } + if (ieee80211_is_disassoc(hdr->frame_control) || + ieee80211_is_deauth(hdr->frame_control)) +@@ -2224,6 +2238,17 @@ static inline bool ieee80211_is_robust_m } ---- a/drivers/net/wireless/ath/ath9k/ar9340_initvals.h -+++ b/drivers/net/wireless/ath/ath9k/ar9340_initvals.h -@@ -1447,4 +1447,106 @@ static const u32 ar9340_1p0_soc_preamble - {0x00007038, 0x000004c2}, + /** ++ * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame ++ * @skb: the skb containing the frame, length will be checked ++ */ ++static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb) ++{ ++ if (skb->len < 25) ++ return false; ++ return _ieee80211_is_robust_mgmt_frame((void *)skb->data); ++} ++ ++/** + * ieee80211_is_public_action - check if frame is a public action frame + * @hdr: the frame + * @len: length of the frame +--- a/include/net/cfg80211.h ++++ b/include/net/cfg80211.h +@@ -1395,9 +1395,11 @@ struct cfg80211_scan_request { + * struct cfg80211_match_set - sets of attributes to match + * + * @ssid: SSID to be matched ++ * @rssi_thold: don't report scan results below this threshold (in s32 dBm) + */ + struct cfg80211_match_set { + struct cfg80211_ssid ssid; ++ s32 rssi_thold; }; -+static const u32 ar9340_cus227_tx_gain_table_1p0[][5] = { -+ /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */ -+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -+ {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9}, -+ {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002}, -+ {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004}, -+ {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200}, -+ {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202}, -+ {0x0000a514, 0x1c000223, 0x1c000223, 0x11000400, 0x11000400}, -+ {0x0000a518, 0x21002220, 0x21002220, 0x15000402, 0x15000402}, -+ {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404}, -+ {0x0000a520, 0x2c022220, 0x2c022220, 0x1b000603, 0x1b000603}, -+ {0x0000a524, 0x30022222, 0x30022222, 0x1f000a02, 0x1f000a02}, -+ {0x0000a528, 0x35022225, 0x35022225, 0x23000a04, 0x23000a04}, -+ {0x0000a52c, 0x3b02222a, 0x3b02222a, 0x26000a20, 0x26000a20}, -+ {0x0000a530, 0x3f02222c, 0x3f02222c, 0x2a000e20, 0x2a000e20}, -+ {0x0000a534, 0x4202242a, 0x4202242a, 0x2e000e22, 0x2e000e22}, -+ {0x0000a538, 0x4702244a, 0x4702244a, 0x31000e24, 0x31000e24}, -+ {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x34001640, 0x34001640}, -+ {0x0000a540, 0x4e02246c, 0x4e02246c, 0x38001660, 0x38001660}, -+ {0x0000a544, 0x5302266c, 0x5302266c, 0x3b001861, 0x3b001861}, -+ {0x0000a548, 0x5702286c, 0x5702286c, 0x3e001a81, 0x3e001a81}, -+ {0x0000a54c, 0x5c02486b, 0x5c02486b, 0x42001a83, 0x42001a83}, -+ {0x0000a550, 0x61024a6c, 0x61024a6c, 0x44001c84, 0x44001c84}, -+ {0x0000a554, 0x66026a6c, 0x66026a6c, 0x48001ce3, 0x48001ce3}, -+ {0x0000a558, 0x6b026e6c, 0x6b026e6c, 0x4c001ce5, 0x4c001ce5}, -+ {0x0000a55c, 0x7002708c, 0x7002708c, 0x50001ce9, 0x50001ce9}, -+ {0x0000a560, 0x7302b08a, 0x7302b08a, 0x54001ceb, 0x54001ceb}, -+ {0x0000a564, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a568, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a56c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a570, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a574, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a578, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a57c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec}, -+ {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000}, -+ {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002}, -+ {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004}, -+ {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200}, -+ {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202}, -+ {0x0000a594, 0x1c800223, 0x1c800223, 0x11800400, 0x11800400}, -+ {0x0000a598, 0x21820220, 0x21820220, 0x15800402, 0x15800402}, -+ {0x0000a59c, 0x27820223, 0x27820223, 0x19800404, 0x19800404}, -+ {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1b800603, 0x1b800603}, -+ {0x0000a5a4, 0x2f822222, 0x2f822222, 0x1f800a02, 0x1f800a02}, -+ {0x0000a5a8, 0x34822225, 0x34822225, 0x23800a04, 0x23800a04}, -+ {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x26800a20, 0x26800a20}, -+ {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2a800e20, 0x2a800e20}, -+ {0x0000a5b4, 0x4282242a, 0x4282242a, 0x2e800e22, 0x2e800e22}, -+ {0x0000a5b8, 0x4782244a, 0x4782244a, 0x31800e24, 0x31800e24}, -+ {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x34801640, 0x34801640}, -+ {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x38801660, 0x38801660}, -+ {0x0000a5c4, 0x5382266c, 0x5382266c, 0x3b801861, 0x3b801861}, -+ {0x0000a5c8, 0x5782286c, 0x5782286c, 0x3e801a81, 0x3e801a81}, -+ {0x0000a5cc, 0x5c84286b, 0x5c84286b, 0x42801a83, 0x42801a83}, -+ {0x0000a5d0, 0x61842a6c, 0x61842a6c, 0x44801c84, 0x44801c84}, -+ {0x0000a5d4, 0x66862a6c, 0x66862a6c, 0x48801ce3, 0x48801ce3}, -+ {0x0000a5d8, 0x6b862e6c, 0x6b862e6c, 0x4c801ce5, 0x4c801ce5}, -+ {0x0000a5dc, 0x7086308c, 0x7086308c, 0x50801ce9, 0x50801ce9}, -+ {0x0000a5e0, 0x738a308a, 0x738a308a, 0x54801ceb, 0x54801ceb}, -+ {0x0000a5e4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5e8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5ec, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5f0, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5f4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5f8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a5fc, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec}, -+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -+ {0x0000a614, 0x01404000, 0x01404000, 0x01404000, 0x01404000}, -+ {0x0000a618, 0x01404501, 0x01404501, 0x01404501, 0x01404501}, -+ {0x0000a61c, 0x02008802, 0x02008802, 0x02008501, 0x02008501}, -+ {0x0000a620, 0x0300cc03, 0x0300cc03, 0x0280ca03, 0x0280ca03}, -+ {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04}, -+ {0x0000a628, 0x0300cc03, 0x0300cc03, 0x04014c04, 0x04014c04}, -+ {0x0000a62c, 0x03810c03, 0x03810c03, 0x04015005, 0x04015005}, -+ {0x0000a630, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005}, -+ {0x0000a634, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005}, -+ {0x0000a638, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005}, -+ {0x0000a63c, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005}, -+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -+ {0x00016044, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4}, -+ {0x00016048, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266}, -+ {0x00016280, 0x01000015, 0x01000015, 0x01001015, 0x01001015}, -+ {0x00016288, 0x30318000, 0x30318000, 0x00318000, 0x00318000}, -+ {0x00016444, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4}, -+ {0x00016448, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266}, -+ {0x0000a3a4, 0x00000011, 0x00000011, 0x00000011, 0x00000011}, -+ {0x0000a3a8, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c}, -+ {0x0000a3ac, 0x30303030, 0x30303030, 0x30303030, 0x30303030}, -+}; -+ - #endif /* INITVALS_9340_H */ ---- a/drivers/net/wireless/ath/ath9k/ath9k.h -+++ b/drivers/net/wireless/ath/ath9k/ath9k.h -@@ -459,6 +459,7 @@ void ath_check_ani(struct ath_softc *sc) - int ath_update_survey_stats(struct ath_softc *sc); - void ath_update_survey_nf(struct ath_softc *sc, int channel); - void ath9k_queue_reset(struct ath_softc *sc, enum ath_reset_type type); -+void ath_ps_full_sleep(unsigned long data); - - /**********/ - /* BTCOEX */ -@@ -570,6 +571,34 @@ static inline void ath_fill_led_pin(stru + /** +@@ -1420,7 +1422,8 @@ struct cfg80211_match_set { + * @dev: the interface + * @scan_start: start time of the scheduled scan + * @channels: channels to scan +- * @rssi_thold: don't report scan results below this threshold (in s32 dBm) ++ * @min_rssi_thold: for drivers only supporting a single threshold, this ++ * contains the minimum over all matchsets + */ + struct cfg80211_sched_scan_request { + struct cfg80211_ssid *ssids; +@@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request { + u32 flags; + struct cfg80211_match_set *match_sets; + int n_match_sets; +- s32 rssi_thold; ++ s32 min_rssi_thold; + + /* internal */ + struct wiphy *wiphy; +@@ -3130,8 +3133,8 @@ struct cfg80211_cached_keys; + * @identifier: (private) Identifier used in nl80211 to identify this + * wireless device if it has no netdev + * @current_bss: (private) Used by the internal configuration code +- * @channel: (private) Used by the internal configuration code to track +- * the user-set AP, monitor and WDS channel ++ * @chandef: (private) Used by the internal configuration code to track ++ * the user-set channel definition. + * @preset_chandef: (private) Used by the internal configuration code to + * track the channel to be used for AP later + * @bssid: (private) Used by the internal configuration code +@@ -3195,9 +3198,7 @@ struct wireless_dev { + + struct cfg80211_internal_bss *current_bss; /* associated / joined */ + struct cfg80211_chan_def preset_chandef; +- +- /* for AP and mesh channel tracking */ +- struct ieee80211_channel *channel; ++ struct cfg80211_chan_def chandef; + + bool ibss_fixed; + bool ibss_dfs_possible; +@@ -3879,6 +3880,7 @@ void cfg80211_michael_mic_failure(struct + * + * @dev: network device + * @bssid: the BSSID of the IBSS joined ++ * @channel: the channel of the IBSS joined + * @gfp: allocation flags + * + * This function notifies cfg80211 that the device joined an IBSS or +@@ -3888,7 +3890,8 @@ void cfg80211_michael_mic_failure(struct + * with the locally generated beacon -- this guarantees that there is + * always a scan result for this IBSS. cfg80211 will handle the rest. + */ +-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp); ++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel, gfp_t gfp); + + /** + * cfg80211_notify_new_candidate - notify cfg80211 of a new mesh peer candidate +--- a/include/uapi/linux/nl80211.h ++++ b/include/uapi/linux/nl80211.h +@@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr { + * enum nl80211_sched_scan_match_attr - scheduled scan match attributes + * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved + * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching, +- * only report BSS with matching SSID. ++ * only report BSS with matching SSID. + * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a +- * BSS in scan results. Filtering is turned off if not specified. ++ * BSS in scan results. Filtering is turned off if not specified. Note that ++ * if this attribute is in a match set of its own, then it is treated as ++ * the default value for all matchsets with an SSID, rather than being a ++ * matchset of its own without an RSSI filter. This is due to problems with ++ * how this API was implemented in the past. Also, due to the same problem, ++ * the only way to create a matchset with only an RSSI filter (with this ++ * attribute) is if there's only a single matchset with the RSSI attribute. + * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter + * attribute number currently defined + * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -107,7 +107,7 @@ static void ieee80211_send_addba_request + mgmt->u.action.u.addba_req.start_seq_num = + cpu_to_le16(start_seq_num << 4); + +- ieee80211_tx_skb_tid(sdata, skb, tid); ++ ieee80211_tx_skb(sdata, skb); } - #endif -+/************************/ -+/* Wake on Wireless LAN */ -+/************************/ -+ -+#ifdef CONFIG_ATH9K_WOW -+void ath9k_init_wow(struct ieee80211_hw *hw); -+int ath9k_suspend(struct ieee80211_hw *hw, -+ struct cfg80211_wowlan *wowlan); -+int ath9k_resume(struct ieee80211_hw *hw); -+void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled); -+#else -+static inline void ath9k_init_wow(struct ieee80211_hw *hw) -+{ -+} -+static inline int ath9k_suspend(struct ieee80211_hw *hw, -+ struct cfg80211_wowlan *wowlan) -+{ -+ return 0; -+} -+static inline int ath9k_resume(struct ieee80211_hw *hw) -+{ -+ return 0; -+} -+static inline void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled) -+{ -+} -+#endif /* CONFIG_ATH9K_WOW */ + void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn) +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -970,9 +970,9 @@ static int ieee80211_start_ap(struct wip + /* TODO: make hostapd tell us what it wants */ + sdata->smps_mode = IEEE80211_SMPS_OFF; + sdata->needed_rx_chains = sdata->local->rx_chains; +- sdata->radar_required = params->radar_required; + + mutex_lock(&local->mtx); ++ sdata->radar_required = params->radar_required; + err = ieee80211_vif_use_channel(sdata, ¶ms->chandef, + IEEE80211_CHANCTX_SHARED); + mutex_unlock(&local->mtx); +@@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip + IEEE80211_P2P_OPPPS_ENABLE_BIT; + + err = ieee80211_assign_beacon(sdata, ¶ms->beacon); +- if (err < 0) ++ if (err < 0) { ++ ieee80211_vif_release_channel(sdata); + return err; ++ } + changed |= err; + + err = drv_start_ap(sdata->local, sdata); +@@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip + if (old) + kfree_rcu(old, rcu_head); + RCU_INIT_POINTER(sdata->u.ap.beacon, NULL); ++ ieee80211_vif_release_channel(sdata); + return err; + } + +@@ -1053,6 +1056,7 @@ static int ieee80211_change_beacon(struc + int err; + + sdata = IEEE80211_DEV_TO_SUB_IF(dev); ++ sdata_assert_lock(sdata); + + /* don't allow changing the beacon while CSA is in place - offset + * of channel switch counter may change +@@ -1080,6 +1084,8 @@ static int ieee80211_stop_ap(struct wiph + struct probe_resp *old_probe_resp; + struct cfg80211_chan_def chandef; + ++ sdata_assert_lock(sdata); + - /*******************************/ - /* Antenna diversity/combining */ - /*******************************/ -@@ -723,6 +752,7 @@ struct ath_softc { - struct work_struct hw_check_work; - struct work_struct hw_reset_work; - struct completion paprd_complete; -+ wait_queue_head_t tx_wait; - - unsigned int hw_busy_count; - unsigned long sc_flags; -@@ -759,6 +789,7 @@ struct ath_softc { - struct delayed_work tx_complete_work; - struct delayed_work hw_pll_work; - struct timer_list rx_poll_timer; -+ struct timer_list sleep_timer; - - #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT - struct ath_btcoex btcoex; -@@ -783,7 +814,7 @@ struct ath_softc { - bool tx99_state; - s16 tx99_power; - --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ATH9K_WOW - atomic_t wow_got_bmiss_intr; - atomic_t wow_sleep_proc_intr; /* in the middle of WoW sleep ? */ - u32 wow_intr_before_sleep; -@@ -946,10 +977,25 @@ struct fft_sample_ht20_40 { - u8 data[SPECTRAL_HT20_40_NUM_BINS]; - } __packed; - --int ath9k_tx99_init(struct ath_softc *sc); --void ath9k_tx99_deinit(struct ath_softc *sc); -+/********/ -+/* TX99 */ -+/********/ + old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata); + if (!old_beacon) + return -ENOENT; +@@ -1090,8 +1096,6 @@ static int ieee80211_stop_ap(struct wiph + kfree(sdata->u.ap.next_beacon); + sdata->u.ap.next_beacon = NULL; + +- cancel_work_sync(&sdata->u.ap.request_smps_work); +- + /* turn off carrier for this interface and dependent VLANs */ + list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) + netif_carrier_off(vlan->dev); +@@ -1103,6 +1107,7 @@ static int ieee80211_stop_ap(struct wiph + kfree_rcu(old_beacon, rcu_head); + if (old_probe_resp) + kfree_rcu(old_probe_resp, rcu_head); ++ sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF; + + __sta_info_flush(sdata, true); + ieee80211_free_keys(sdata, true); +@@ -2638,6 +2643,24 @@ static int ieee80211_start_roc_work(stru + INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work); + INIT_LIST_HEAD(&roc->dependents); + ++ /* ++ * cookie is either the roc cookie (for normal roc) ++ * or the SKB (for mgmt TX) ++ */ ++ if (!txskb) { ++ /* local->mtx protects this */ ++ local->roc_cookie_counter++; ++ roc->cookie = local->roc_cookie_counter; ++ /* wow, you wrapped 64 bits ... more likely a bug */ ++ if (WARN_ON(roc->cookie == 0)) { ++ roc->cookie = 1; ++ local->roc_cookie_counter++; ++ } ++ *cookie = roc->cookie; ++ } else { ++ *cookie = (unsigned long)txskb; ++ } + -+#ifdef CONFIG_ATH9K_TX99 -+void ath9k_tx99_init_debug(struct ath_softc *sc); - int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb, - struct ath_tx_control *txctl); -+#else -+static inline void ath9k_tx99_init_debug(struct ath_softc *sc) -+{ -+} -+static inline int ath9k_tx99_send(struct ath_softc *sc, -+ struct sk_buff *skb, -+ struct ath_tx_control *txctl) -+{ -+ return 0; -+} -+#endif /* CONFIG_ATH9K_TX99 */ - - void ath9k_tasklet(unsigned long data); - int ath_cabq_update(struct ath_softc *); -@@ -966,6 +1012,9 @@ extern bool is_ath9k_unloaded; - - u8 ath9k_parse_mpdudensity(u8 mpdudensity); - irqreturn_t ath_isr(int irq, void *dev); -+int ath_reset(struct ath_softc *sc); -+void ath_cancel_work(struct ath_softc *sc); -+void ath_restart_work(struct ath_softc *sc); - int ath9k_init_device(u16 devid, struct ath_softc *sc, - const struct ath_bus_ops *bus_ops); - void ath9k_deinit_device(struct ath_softc *sc); ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -1782,111 +1782,6 @@ void ath9k_deinit_debug(struct ath_softc - } - } + /* if there's one pending or we're scanning, queue this one */ + if (!list_empty(&local->roc_list) || + local->scanning || local->radar_detect_enabled) +@@ -2772,24 +2795,6 @@ static int ieee80211_start_roc_work(stru + if (!queued) + list_add_tail(&roc->list, &local->roc_list); --static ssize_t read_file_tx99(struct file *file, char __user *user_buf, -- size_t count, loff_t *ppos) --{ -- struct ath_softc *sc = file->private_data; -- char buf[3]; -- unsigned int len; -- -- len = sprintf(buf, "%d\n", sc->tx99_state); -- return simple_read_from_buffer(user_buf, count, ppos, buf, len); --} -- --static ssize_t write_file_tx99(struct file *file, const char __user *user_buf, -- size_t count, loff_t *ppos) --{ -- struct ath_softc *sc = file->private_data; -- struct ath_common *common = ath9k_hw_common(sc->sc_ah); -- char buf[32]; -- bool start; -- ssize_t len; -- int r; -- -- if (sc->nvifs > 1) -- return -EOPNOTSUPP; -- -- len = min(count, sizeof(buf) - 1); -- if (copy_from_user(buf, user_buf, len)) -- return -EFAULT; -- -- if (strtobool(buf, &start)) -- return -EINVAL; -- -- if (start == sc->tx99_state) { -- if (!start) -- return count; -- ath_dbg(common, XMIT, "Resetting TX99\n"); -- ath9k_tx99_deinit(sc); -- } -- -- if (!start) { -- ath9k_tx99_deinit(sc); -- return count; +- /* +- * cookie is either the roc cookie (for normal roc) +- * or the SKB (for mgmt TX) +- */ +- if (!txskb) { +- /* local->mtx protects this */ +- local->roc_cookie_counter++; +- roc->cookie = local->roc_cookie_counter; +- /* wow, you wrapped 64 bits ... more likely a bug */ +- if (WARN_ON(roc->cookie == 0)) { +- roc->cookie = 1; +- local->roc_cookie_counter++; +- } +- *cookie = roc->cookie; +- } else { +- *cookie = (unsigned long)txskb; - } - -- r = ath9k_tx99_init(sc); -- if (r) -- return r; -- -- return count; --} -- --static const struct file_operations fops_tx99 = { -- .read = read_file_tx99, -- .write = write_file_tx99, -- .open = simple_open, -- .owner = THIS_MODULE, -- .llseek = default_llseek, --}; -- --static ssize_t read_file_tx99_power(struct file *file, -- char __user *user_buf, -- size_t count, loff_t *ppos) --{ -- struct ath_softc *sc = file->private_data; -- char buf[32]; -- unsigned int len; -- -- len = sprintf(buf, "%d (%d dBm)\n", -- sc->tx99_power, -- sc->tx99_power / 2); -- -- return simple_read_from_buffer(user_buf, count, ppos, buf, len); --} -- --static ssize_t write_file_tx99_power(struct file *file, -- const char __user *user_buf, -- size_t count, loff_t *ppos) --{ -- struct ath_softc *sc = file->private_data; -- int r; -- u8 tx_power; -- -- r = kstrtou8_from_user(user_buf, count, 0, &tx_power); -- if (r) -- return r; -- -- if (tx_power > MAX_RATE_POWER) -- return -EINVAL; -- -- sc->tx99_power = tx_power; -- -- ath9k_ps_wakeup(sc); -- ath9k_hw_tx99_set_txpower(sc->sc_ah, sc->tx99_power); -- ath9k_ps_restore(sc); -- -- return count; --} -- --static const struct file_operations fops_tx99_power = { -- .read = read_file_tx99_power, -- .write = write_file_tx99_power, -- .open = simple_open, -- .owner = THIS_MODULE, -- .llseek = default_llseek, --}; -- - int ath9k_init_debug(struct ath_hw *ah) - { - struct ath_common *common = ath9k_hw_common(ah); -@@ -1903,6 +1798,7 @@ int ath9k_init_debug(struct ath_hw *ah) - #endif + return 0; + } - ath9k_dfs_init_debug(sc); -+ ath9k_tx99_init_debug(sc); +@@ -3004,8 +3009,10 @@ void ieee80211_csa_finalize_work(struct + if (!ieee80211_sdata_running(sdata)) + goto unlock; - debugfs_create_file("dma", S_IRUSR, sc->debug.debugfs_phy, sc, - &fops_dma); -@@ -1978,15 +1874,6 @@ int ath9k_init_debug(struct ath_hw *ah) - debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc, - &fops_btcoex); - #endif -- if (config_enabled(CPTCFG_ATH9K_TX99) && -- AR_SREV_9300_20_OR_LATER(ah)) { -- debugfs_create_file("tx99", S_IRUSR | S_IWUSR, -- sc->debug.debugfs_phy, sc, -- &fops_tx99); -- debugfs_create_file("tx99_power", S_IRUSR | S_IWUSR, -- sc->debug.debugfs_phy, sc, -- &fops_tx99_power); -- } +- sdata->radar_required = sdata->csa_radar_required; ++ sdata_assert_lock(sdata); ++ + mutex_lock(&local->mtx); ++ sdata->radar_required = sdata->csa_radar_required; + err = ieee80211_vif_change_channel(sdata, &changed); + mutex_unlock(&local->mtx); + if (WARN_ON(err < 0)) +@@ -3022,13 +3029,13 @@ void ieee80211_csa_finalize_work(struct + switch (sdata->vif.type) { + case NL80211_IFTYPE_AP: + err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon); ++ kfree(sdata->u.ap.next_beacon); ++ sdata->u.ap.next_beacon = NULL; ++ + if (err < 0) + goto unlock; - return 0; + changed |= err; +- kfree(sdata->u.ap.next_beacon); +- sdata->u.ap.next_beacon = NULL; +- + ieee80211_bss_info_change_notify(sdata, err); + break; + case NL80211_IFTYPE_ADHOC: +@@ -3066,7 +3073,7 @@ int ieee80211_channel_switch(struct wiph + struct ieee80211_if_mesh __maybe_unused *ifmsh; + int err, num_chanctx; + +- lockdep_assert_held(&sdata->wdev.mtx); ++ sdata_assert_lock(sdata); + + if (!list_empty(&local->roc_list) || local->scanning) + return -EBUSY; +--- a/net/mac80211/ht.c ++++ b/net/mac80211/ht.c +@@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802 + mgmt->u.action.u.delba.params = cpu_to_le16(params); + mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code); + +- ieee80211_tx_skb_tid(sdata, skb, tid); ++ ieee80211_tx_skb(sdata, skb); + } + + void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, +@@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru + u.ap.request_smps_work); + + sdata_lock(sdata); +- __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode); ++ if (sdata_dereference(sdata->u.ap.beacon, sdata)) ++ __ieee80211_request_smps_ap(sdata, ++ sdata->u.ap.driver_smps_mode); + sdata_unlock(sdata); } ---- a/drivers/net/wireless/ath/ath9k/hw.c -+++ b/drivers/net/wireless/ath/ath9k/hw.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - #include - - #include "hw.h" -@@ -454,7 +455,6 @@ static void ath9k_hw_init_config(struct - } - ah->config.rx_intr_mitigation = true; -- ah->config.pcieSerDesWrite = true; +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee + + ieee80211_roc_purge(local, sdata); + +- if (sdata->vif.type == NL80211_IFTYPE_STATION) ++ switch (sdata->vif.type) { ++ case NL80211_IFTYPE_STATION: + ieee80211_mgd_stop(sdata); +- +- if (sdata->vif.type == NL80211_IFTYPE_ADHOC) ++ break; ++ case NL80211_IFTYPE_ADHOC: + ieee80211_ibss_stop(sdata); +- ++ break; ++ case NL80211_IFTYPE_AP: ++ cancel_work_sync(&sdata->u.ap.request_smps_work); ++ break; ++ default: ++ break; ++ } /* - * We need this for PCI devices only (Cardbus, PCI, miniPCI) -@@ -1502,8 +1502,9 @@ static bool ath9k_hw_channel_change(stru - int r; - - if (pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH) { -- band_switch = IS_CHAN_5GHZ(ah->curchan) != IS_CHAN_5GHZ(chan); -- mode_diff = (chan->channelFlags != ah->curchan->channelFlags); -+ u32 flags_diff = chan->channelFlags ^ ah->curchan->channelFlags; -+ band_switch = !!(flags_diff & CHANNEL_5GHZ); -+ mode_diff = !!(flags_diff & ~CHANNEL_HT); - } + * Remove all stations associated with this interface. +@@ -827,7 +834,9 @@ static void ieee80211_do_stop(struct iee + cancel_work_sync(&local->dynamic_ps_enable_work); - for (qnum = 0; qnum < AR_NUM_QCU; qnum++) { -@@ -1815,7 +1816,7 @@ static int ath9k_hw_do_fastcc(struct ath - * If cross-band fcc is not supoprted, bail out if channelFlags differ. - */ - if (!(pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH) && -- chan->channelFlags != ah->curchan->channelFlags) -+ ((chan->channelFlags ^ ah->curchan->channelFlags) & ~CHANNEL_HT)) - goto fail; - - if (!ath9k_hw_check_alive(ah)) -@@ -1856,10 +1857,12 @@ int ath9k_hw_reset(struct ath_hw *ah, st - struct ath9k_hw_cal_data *caldata, bool fastcc) + cancel_work_sync(&sdata->recalc_smps); ++ sdata_lock(sdata); + sdata->vif.csa_active = false; ++ sdata_unlock(sdata); + cancel_work_sync(&sdata->csa_finalize_work); + + cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m { - struct ath_common *common = ath9k_hw_common(ah); -+ struct timespec ts; - u32 saveLedState; - u32 saveDefAntenna; - u32 macStaId1; - u64 tsf = 0; -+ s64 usec = 0; - int r; - bool start_mci_reset = false; - bool save_fullsleep = ah->chip_fullsleep; -@@ -1902,10 +1905,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st - - macStaId1 = REG_READ(ah, AR_STA_ID1) & AR_STA_ID1_BASE_RATE_11B; - -- /* For chips on which RTC reset is done, save TSF before it gets cleared */ -- if (AR_SREV_9100(ah) || -- (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL))) -- tsf = ath9k_hw_gettsf64(ah); -+ /* Save TSF before chip reset, a cold reset clears it */ -+ tsf = ath9k_hw_gettsf64(ah); -+ getrawmonotonic(&ts); -+ usec = ts.tv_sec * 1000 + ts.tv_nsec / 1000; - - saveLedState = REG_READ(ah, AR_CFG_LED) & - (AR_CFG_LED_ASSOC_CTL | AR_CFG_LED_MODE_SEL | -@@ -1938,8 +1941,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st - } + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; - /* Restore TSF */ -- if (tsf) -- ath9k_hw_settsf64(ah, tsf); -+ getrawmonotonic(&ts); -+ usec = ts.tv_sec * 1000 + ts.tv_nsec / 1000 - usec; -+ ath9k_hw_settsf64(ah, tsf + usec); - - if (AR_SREV_9280_20_OR_LATER(ah)) - REG_SET_BIT(ah, AR_GPIO_INPUT_EN_VAL, AR_GPIO_JTAG_DISABLE); ---- a/drivers/net/wireless/ath/ath9k/hw.h -+++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -283,7 +283,6 @@ struct ath9k_ops_config { - int additional_swba_backoff; - int ack_6mb; - u32 cwm_ignore_extcca; -- bool pcieSerDesWrite; - u8 pcie_clock_req; - u32 pcie_waen; - u8 analog_shiftreg; -@@ -920,7 +919,7 @@ struct ath_hw { - /* Enterprise mode cap */ - u32 ent_mode; - --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ATH9K_WOW - u32 wow_event_mask; - #endif - bool is_clk_25mhz; -@@ -1126,7 +1125,7 @@ ath9k_hw_get_btcoex_scheme(struct ath_hw - #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */ - - --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ATH9K_WOW - const char *ath9k_hw_wow_event_to_string(u32 wow_event); - void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern, - u8 *user_mask, int pattern_count, ---- a/drivers/net/wireless/ath/ath9k/init.c -+++ b/drivers/net/wireless/ath/ath9k/init.c -@@ -683,6 +683,7 @@ static int ath9k_init_softc(u16 devid, s - common = ath9k_hw_common(ah); - sc->dfs_detector = dfs_pattern_detector_init(common, NL80211_DFS_UNSET); - sc->tx99_power = MAX_RATE_POWER + 1; -+ init_waitqueue_head(&sc->tx_wait); - - if (!pdata) { - ah->ah_flags |= AH_USE_EEPROM; -@@ -730,6 +731,7 @@ static int ath9k_init_softc(u16 devid, s - tasklet_init(&sc->bcon_tasklet, ath9k_beacon_tasklet, - (unsigned long)sc); - -+ setup_timer(&sc->sleep_timer, ath_ps_full_sleep, (unsigned long)sc); - INIT_WORK(&sc->hw_reset_work, ath_reset_work); - INIT_WORK(&sc->hw_check_work, ath_hw_check); - INIT_WORK(&sc->paprd_work, ath_paprd_calibrate); -@@ -845,7 +847,8 @@ static const struct ieee80211_iface_limi - }; +- if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1)) ++ if (is_multicast_ether_addr(hdr->addr1)) + return 0; - static const struct ieee80211_iface_limit if_dfs_limits[] = { -- { .max = 1, .types = BIT(NL80211_IFTYPE_AP) }, -+ { .max = 1, .types = BIT(NL80211_IFTYPE_AP) | -+ BIT(NL80211_IFTYPE_ADHOC) }, - }; +- return ieee80211_is_robust_mgmt_frame(hdr); ++ return ieee80211_is_robust_mgmt_frame(skb); + } - static const struct ieee80211_iface_combination if_comb[] = { -@@ -862,20 +865,11 @@ static const struct ieee80211_iface_comb - .max_interfaces = 1, - .num_different_channels = 1, - .beacon_int_infra_match = true, -- .radar_detect_widths = BIT(NL80211_CHAN_NO_HT) | -- BIT(NL80211_CHAN_HT20), -+ .radar_detect_widths = BIT(NL80211_CHAN_WIDTH_20_NOHT) | -+ BIT(NL80211_CHAN_WIDTH_20), - } - }; --#ifdef CONFIG_PM --static const struct wiphy_wowlan_support ath9k_wowlan_support = { -- .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT, -- .n_patterns = MAX_NUM_USER_PATTERN, -- .pattern_min_len = 1, -- .pattern_max_len = MAX_PATTERN_SIZE, --}; --#endif -- - void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw) +@@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust { - struct ath_hw *ah = sc->sc_ah; -@@ -925,16 +919,6 @@ void ath9k_set_hw_capab(struct ath_softc - hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_5_10_MHZ; - hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH; - --#ifdef CONFIG_PM_SLEEP -- if ((ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) && -- (sc->driver_data & ATH9K_PCI_WOW) && -- device_can_wakeup(sc->dev)) -- hw->wiphy->wowlan = &ath9k_wowlan_support; -- -- atomic_set(&sc->wow_sleep_proc_intr, -1); -- atomic_set(&sc->wow_got_bmiss_intr, -1); --#endif -- - hw->queues = 4; - hw->max_rates = 4; - hw->channel_change_time = 5000; -@@ -960,6 +944,7 @@ void ath9k_set_hw_capab(struct ath_softc - hw->wiphy->bands[IEEE80211_BAND_5GHZ] = - &sc->sbands[IEEE80211_BAND_5GHZ]; - -+ ath9k_init_wow(hw); - ath9k_reload_chainmask_settings(sc); - - SET_IEEE80211_PERM_ADDR(hw, common->macaddr); -@@ -1058,6 +1043,7 @@ static void ath9k_deinit_softc(struct at - if (ATH_TXQ_SETUP(sc, i)) - ath_tx_cleanupq(sc, &sc->tx.txq[i]); - -+ del_timer_sync(&sc->sleep_timer); - ath9k_hw_deinit(sc->sc_ah); - if (sc->dfs_detector != NULL) - sc->dfs_detector->exit(sc->dfs_detector); ---- a/drivers/net/wireless/ath/ath9k/main.c -+++ b/drivers/net/wireless/ath/ath9k/main.c -@@ -82,6 +82,22 @@ static bool ath9k_setpower(struct ath_so - return ret; + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; + +- if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1)) ++ if (!is_multicast_ether_addr(hdr->addr1)) + return 0; + +- return ieee80211_is_robust_mgmt_frame(hdr); ++ return ieee80211_is_robust_mgmt_frame(skb); } -+void ath_ps_full_sleep(unsigned long data) -+{ -+ struct ath_softc *sc = (struct ath_softc *) data; -+ struct ath_common *common = ath9k_hw_common(sc->sc_ah); -+ bool reset; -+ -+ spin_lock(&common->cc_lock); -+ ath_hw_cycle_counters_update(common); -+ spin_unlock(&common->cc_lock); -+ -+ ath9k_hw_setrxabort(sc->sc_ah, 1); -+ ath9k_hw_stopdmarecv(sc->sc_ah, &reset); -+ -+ ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_FULL_SLEEP); -+} -+ - void ath9k_ps_wakeup(struct ath_softc *sc) - { - struct ath_common *common = ath9k_hw_common(sc->sc_ah); -@@ -92,6 +108,7 @@ void ath9k_ps_wakeup(struct ath_softc *s - if (++sc->ps_usecount != 1) - goto unlock; -+ del_timer_sync(&sc->sleep_timer); - power_mode = sc->sc_ah->power_mode; - ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_AWAKE); +@@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str + if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da)) + return -1; + +- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr)) ++ if (!ieee80211_is_robust_mgmt_frame(skb)) + return -1; /* not a robust management frame */ + + mmie = (struct ieee80211_mmie *) +@@ -1311,18 +1311,15 @@ ieee80211_rx_h_sta_process(struct ieee80 + !ieee80211_has_morefrags(hdr->frame_control) && + !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && + (rx->sdata->vif.type == NL80211_IFTYPE_AP || +- rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { ++ rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && ++ /* PM bit is only checked in frames where it isn't reserved, ++ * in AP mode it's reserved in non-bufferable management frames ++ * (cf. IEEE 802.11-2012 8.2.4.1.7 Power Management field) ++ */ ++ (!ieee80211_is_mgmt(hdr->frame_control) || ++ ieee80211_is_bufferable_mmpdu(hdr->frame_control))) { + if (test_sta_flag(sta, WLAN_STA_PS_STA)) { +- /* +- * Ignore doze->wake transitions that are +- * indicated by non-data frames, the standard +- * is unclear here, but for example going to +- * PS mode and then scanning would cause a +- * doze->wake transition for the probe request, +- * and that is clearly undesirable. +- */ +- if (ieee80211_is_data(hdr->frame_control) && +- !ieee80211_has_pm(hdr->frame_control)) ++ if (!ieee80211_has_pm(hdr->frame_control)) + sta_ps_end(sta); + } else { + if (ieee80211_has_pm(hdr->frame_control)) +@@ -1845,8 +1842,7 @@ static int ieee80211_drop_unencrypted_mg + * having configured keys. + */ + if (unlikely(ieee80211_is_action(fc) && !rx->key && +- ieee80211_is_robust_mgmt_frame( +- (struct ieee80211_hdr *) rx->skb->data))) ++ ieee80211_is_robust_mgmt_frame(rx->skb))) + return -EACCES; + } -@@ -117,17 +134,17 @@ void ath9k_ps_restore(struct ath_softc * - struct ath_common *common = ath9k_hw_common(sc->sc_ah); - enum ath9k_power_mode mode; - unsigned long flags; -- bool reset; +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc, + if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP)) + return 0; + +- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) +- skb->data)) ++ if (!ieee80211_is_robust_mgmt_frame(skb)) + return 0; + + return 1; +@@ -525,9 +524,7 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t + + /* only deauth, disassoc and action are bufferable MMPDUs */ + if (ieee80211_is_mgmt(hdr->frame_control) && +- !ieee80211_is_deauth(hdr->frame_control) && +- !ieee80211_is_disassoc(hdr->frame_control) && +- !ieee80211_is_action(hdr->frame_control)) { ++ !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) { + if (tx->flags & IEEE80211_TX_UNICAST) + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; + return TX_CONTINUE; +@@ -567,7 +564,7 @@ ieee80211_tx_h_select_key(struct ieee802 + tx->key = key; + else if (ieee80211_is_mgmt(hdr->frame_control) && + is_multicast_ether_addr(hdr->addr1) && +- ieee80211_is_robust_mgmt_frame(hdr) && ++ ieee80211_is_robust_mgmt_frame(tx->skb) && + (key = rcu_dereference(tx->sdata->default_mgmt_key))) + tx->key = key; + else if (is_multicast_ether_addr(hdr->addr1) && +@@ -582,12 +579,12 @@ ieee80211_tx_h_select_key(struct ieee802 + tx->key = NULL; + else if (tx->skb->protocol == tx->sdata->control_port_protocol) + tx->key = NULL; +- else if (ieee80211_is_robust_mgmt_frame(hdr) && ++ else if (ieee80211_is_robust_mgmt_frame(tx->skb) && + !(ieee80211_is_action(hdr->frame_control) && + tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP))) + tx->key = NULL; + else if (ieee80211_is_mgmt(hdr->frame_control) && +- !ieee80211_is_robust_mgmt_frame(hdr)) ++ !ieee80211_is_robust_mgmt_frame(tx->skb)) + tx->key = NULL; + else { + I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); +@@ -878,7 +875,7 @@ static int ieee80211_fragment(struct iee + } - spin_lock_irqsave(&sc->sc_pm_lock, flags); - if (--sc->ps_usecount != 0) - goto unlock; + /* adjust first fragment's length */ +- skb->len = hdrlen + per_fragm; ++ skb_trim(skb, hdrlen + per_fragm); + return 0; + } + +--- a/net/mac80211/wpa.c ++++ b/net/mac80211/wpa.c +@@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee + hdrlen = ieee80211_hdrlen(hdr->frame_control); + + if (!ieee80211_is_data(hdr->frame_control) && +- !ieee80211_is_robust_mgmt_frame(hdr)) ++ !ieee80211_is_robust_mgmt_frame(skb)) + return RX_CONTINUE; + + data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - +--- a/net/wireless/ap.c ++++ b/net/wireless/ap.c +@@ -27,9 +27,10 @@ static int __cfg80211_stop_ap(struct cfg + err = rdev_stop_ap(rdev, dev); + if (!err) { + wdev->beacon_interval = 0; +- wdev->channel = NULL; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + wdev->ssid_len = 0; + rdev_set_qos_map(rdev, dev, NULL); ++ nl80211_send_ap_stopped(wdev); + } - if (sc->ps_idle) { -- ath9k_hw_setrxabort(sc->sc_ah, 1); -- ath9k_hw_stopdmarecv(sc->sc_ah, &reset); -- mode = ATH9K_PM_FULL_SLEEP; -- } else if (sc->ps_enabled && -+ mod_timer(&sc->sleep_timer, jiffies + HZ / 10); -+ goto unlock; + return err; +--- a/net/wireless/core.c ++++ b/net/wireless/core.c +@@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg + + rdev->opencount--; + +- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev && +- !rdev->scan_req->notified); ++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) { ++ if (WARN_ON(!rdev->scan_req->notified)) ++ rdev->scan_req->aborted = true; ++ ___cfg80211_scan_done(rdev, false); + } -+ -+ if (sc->ps_enabled && - !(sc->ps_flags & (PS_WAIT_FOR_BEACON | - PS_WAIT_FOR_CAB | - PS_WAIT_FOR_PSPOLL_DATA | -@@ -163,13 +180,13 @@ static void __ath_cancel_work(struct ath - #endif } --static void ath_cancel_work(struct ath_softc *sc) -+void ath_cancel_work(struct ath_softc *sc) - { - __ath_cancel_work(sc); - cancel_work_sync(&sc->hw_reset_work); - } + static int cfg80211_rfkill_set_block(void *data, bool blocked) +@@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy) + int i; + u16 ifmodes = wiphy->interface_modes; --static void ath_restart_work(struct ath_softc *sc) -+void ath_restart_work(struct ath_softc *sc) - { - ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0); +- /* support for 5/10 MHz is broken due to nl80211 API mess - disable */ +- wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ; +- + /* + * There are major locking problems in nl80211/mac80211 for CSA, + * disable for all drivers until this has been reworked. +@@ -875,8 +875,11 @@ static int cfg80211_netdev_notifier_call + break; + case NETDEV_DOWN: + cfg80211_update_iface_num(rdev, wdev->iftype, -1); +- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev && +- !rdev->scan_req->notified); ++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) { ++ if (WARN_ON(!rdev->scan_req->notified)) ++ rdev->scan_req->aborted = true; ++ ___cfg80211_scan_done(rdev, false); ++ } -@@ -487,6 +504,8 @@ void ath9k_tasklet(unsigned long data) - ath_tx_edma_tasklet(sc); - else - ath_tx_tasklet(sc); -+ -+ wake_up(&sc->tx_wait); + if (WARN_ON(rdev->sched_scan_req && + rdev->sched_scan_req->dev == wdev->netdev)) { +--- a/net/wireless/core.h ++++ b/net/wireless/core.h +@@ -62,6 +62,7 @@ struct cfg80211_registered_device { + struct rb_root bss_tree; + u32 bss_generation; + struct cfg80211_scan_request *scan_req; /* protected by RTNL */ ++ struct sk_buff *scan_msg; + struct cfg80211_sched_scan_request *sched_scan_req; + unsigned long suspend_at; + struct work_struct scan_done_wk; +@@ -210,6 +211,7 @@ struct cfg80211_event { + } dc; + struct { + u8 bssid[ETH_ALEN]; ++ struct ieee80211_channel *channel; + } ij; + }; + }; +@@ -257,7 +259,8 @@ int __cfg80211_leave_ibss(struct cfg8021 + struct net_device *dev, bool nowext); + int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, + struct net_device *dev, bool nowext); +-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid); ++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel); + int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev, + struct wireless_dev *wdev); + +@@ -361,7 +364,8 @@ int cfg80211_validate_key_settings(struc + struct key_params *params, int key_idx, + bool pairwise, const u8 *mac_addr); + void __cfg80211_scan_done(struct work_struct *wk); +-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev); ++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, ++ bool send_message); + void __cfg80211_sched_scan_results(struct work_struct *wk); + int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, + bool driver_initiated); +@@ -441,7 +445,8 @@ static inline unsigned int elapsed_jiffi + void + cfg80211_get_chan_state(struct wireless_dev *wdev, + struct ieee80211_channel **chan, +- enum cfg80211_chan_mode *chanmode); ++ enum cfg80211_chan_mode *chanmode, ++ u8 *radar_detect); + + int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev, + struct cfg80211_chan_def *chandef); +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_ + * We can then retry with the larger buffer. + */ + if ((ret == -ENOBUFS || ret == -EMSGSIZE) && +- !skb->len && ++ !skb->len && !state->split && + cb->min_dump_alloc < 4096) { + cb->min_dump_alloc = 4096; ++ state->split_start = 0; + rtnl_unlock(); + return 1; + } +@@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b + nla_for_each_nested(nl_txq_params, + info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], + rem_txq_params) { +- nla_parse(tb, NL80211_TXQ_ATTR_MAX, +- nla_data(nl_txq_params), +- nla_len(nl_txq_params), +- txq_params_policy); ++ result = nla_parse(tb, NL80211_TXQ_ATTR_MAX, ++ nla_data(nl_txq_params), ++ nla_len(nl_txq_params), ++ txq_params_policy); ++ if (result) ++ goto bad_res; + result = parse_txq_params(tb, &txq_params); + if (result) + goto bad_res; +@@ -3289,7 +3292,7 @@ static int nl80211_start_ap(struct sk_bu + if (!err) { + wdev->preset_chandef = params.chandef; + wdev->beacon_interval = params.beacon_interval; +- wdev->channel = params.chandef.chan; ++ wdev->chandef = params.chandef; + wdev->ssid_len = params.ssid_len; + memcpy(wdev->ssid, params.ssid, wdev->ssid_len); } - - ath9k_btcoex_handle_interrupt(sc, status); -@@ -579,7 +598,8 @@ irqreturn_t ath_isr(int irq, void *dev) - - goto chip_reset; +@@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf + + nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], + rem_reg_rules) { +- nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, +- nla_data(nl_reg_rule), nla_len(nl_reg_rule), +- reg_rule_policy); ++ r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, ++ nla_data(nl_reg_rule), nla_len(nl_reg_rule), ++ reg_rule_policy); ++ if (r) ++ goto bad_reg; + r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); + if (r) + goto bad_reg; +@@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s + if (!rdev->ops->scan) + return -EOPNOTSUPP; + +- if (rdev->scan_req) { ++ if (rdev->scan_req || rdev->scan_msg) { + err = -EBUSY; + goto unlock; } --#ifdef CONFIG_PM_SLEEP +@@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru + enum ieee80211_band band; + size_t ie_len; + struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; ++ s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; + + if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || + !rdev->ops->sched_scan_start) +@@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru + if (n_ssids > wiphy->max_sched_scan_ssids) + return -EINVAL; + +- if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) ++ /* ++ * First, count the number of 'real' matchsets. Due to an issue with ++ * the old implementation, matchsets containing only the RSSI attribute ++ * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' ++ * RSSI for all matchsets, rather than their own matchset for reporting ++ * all APs with a strong RSSI. This is needed to be compatible with ++ * older userspace that treated a matchset with only the RSSI as the ++ * global RSSI for all other matchsets - if there are other matchsets. ++ */ ++ if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { + nla_for_each_nested(attr, + info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], +- tmp) +- n_match_sets++; ++ tmp) { ++ struct nlattr *rssi; ++ ++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, ++ nla_data(attr), nla_len(attr), ++ nl80211_match_policy); ++ if (err) ++ return err; ++ /* add other standalone attributes here */ ++ if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) { ++ n_match_sets++; ++ continue; ++ } ++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; ++ if (rssi) ++ default_match_rssi = nla_get_s32(rssi); ++ } ++ } + -+#ifdef CONFIG_ATH9K_WOW - if (status & ATH9K_INT_BMISS) { - if (atomic_read(&sc->wow_sleep_proc_intr) == 0) { - ath_dbg(common, ANY, "during WoW we got a BMISS\n"); -@@ -588,6 +608,8 @@ irqreturn_t ath_isr(int irq, void *dev) ++ /* However, if there's no other matchset, add the RSSI one */ ++ if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) ++ n_match_sets = 1; + + if (n_match_sets > wiphy->max_match_sets) + return -EINVAL; +@@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru + tmp) { + struct nlattr *ssid, *rssi; + +- nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, +- nla_data(attr), nla_len(attr), +- nl80211_match_policy); ++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, ++ nla_data(attr), nla_len(attr), ++ nl80211_match_policy); ++ if (err) ++ goto out_free; + ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; + if (ssid) { ++ if (WARN_ON(i >= n_match_sets)) { ++ /* this indicates a programming error, ++ * the loop above should have verified ++ * things properly ++ */ ++ err = -EINVAL; ++ goto out_free; ++ } ++ + if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { + err = -EINVAL; + goto out_free; +@@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru + nla_data(ssid), nla_len(ssid)); + request->match_sets[i].ssid.ssid_len = + nla_len(ssid); ++ /* special attribute - old implemenation w/a */ ++ request->match_sets[i].rssi_thold = ++ default_match_rssi; ++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; ++ if (rssi) ++ request->match_sets[i].rssi_thold = ++ nla_get_s32(rssi); + } +- rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; +- if (rssi) +- request->rssi_thold = nla_get_u32(rssi); +- else +- request->rssi_thold = +- NL80211_SCAN_RSSI_THOLD_OFF; + i++; } - } - #endif + ++ /* there was no other matchset, so the RSSI one is alone */ ++ if (i == 0) ++ request->match_sets[0].rssi_thold = default_match_rssi; + - if (status & ATH9K_INT_SWBA) - tasklet_schedule(&sc->bcon_tasklet); ++ request->min_rssi_thold = INT_MAX; ++ for (i = 0; i < n_match_sets; i++) ++ request->min_rssi_thold = ++ min(request->match_sets[i].rssi_thold, ++ request->min_rssi_thold); ++ } else { ++ request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; + } -@@ -627,7 +649,7 @@ chip_reset: - #undef SCHED_INTR + if (info->attrs[NL80211_ATTR_IE]) { +@@ -5751,7 +5810,7 @@ static int nl80211_start_radar_detection + + err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef); + if (!err) { +- wdev->channel = chandef.chan; ++ wdev->chandef = chandef; + wdev->cac_started = true; + wdev->cac_start_time = jiffies; + } +@@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s + * directly to the enum ieee80211_band values used in cfg80211. + */ + BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); +- nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) +- { ++ nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) { + enum ieee80211_band band = nla_type(tx_rates); ++ int err; ++ + if (band < 0 || band >= IEEE80211_NUM_BANDS) + return -EINVAL; + sband = rdev->wiphy.bands[band]; + if (sband == NULL) + return -EINVAL; +- nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), +- nla_len(tx_rates), nl80211_txattr_policy); ++ err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), ++ nla_len(tx_rates), nl80211_txattr_policy); ++ if (err) ++ return err; + if (tb[NL80211_TXRATE_LEGACY]) { + mask.control[band].legacy = rateset_to_mask( + sband, +@@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8 + NL80211_MCGRP_SCAN, GFP_KERNEL); } --static int ath_reset(struct ath_softc *sc) -+int ath_reset(struct ath_softc *sc) +-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev) ++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, ++ struct wireless_dev *wdev, bool aborted) { - int r; + struct sk_buff *msg; + + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) +- return; ++ return NULL; + + if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, +- NL80211_CMD_NEW_SCAN_RESULTS) < 0) { ++ aborted ? NL80211_CMD_SCAN_ABORTED : ++ NL80211_CMD_NEW_SCAN_RESULTS) < 0) { + nlmsg_free(msg); +- return; ++ return NULL; + } -@@ -1817,13 +1839,31 @@ static void ath9k_set_coverage_class(str - mutex_unlock(&sc->mutex); +- genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, +- NL80211_MCGRP_SCAN, GFP_KERNEL); ++ return msg; } -+static bool ath9k_has_tx_pending(struct ath_softc *sc) -+{ -+ int i, npend; -+ -+ for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) { -+ if (!ATH_TXQ_SETUP(sc, i)) -+ continue; -+ -+ if (!sc->tx.txq[i].axq_depth) -+ continue; -+ -+ npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]); -+ if (npend) -+ break; -+ } -+ -+ return !!npend; -+} -+ - static void ath9k_flush(struct ieee80211_hw *hw, u32 queues, bool drop) +-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev) ++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, ++ struct sk_buff *msg) { - struct ath_softc *sc = hw->priv; - struct ath_hw *ah = sc->sc_ah; - struct ath_common *common = ath9k_hw_common(ah); -- int timeout = 200; /* ms */ -- int i, j; -+ int timeout = HZ / 5; /* 200 ms */ - bool drain_txq; - - mutex_lock(&sc->mutex); -@@ -1841,25 +1881,9 @@ static void ath9k_flush(struct ieee80211 - return; - } - -- for (j = 0; j < timeout; j++) { -- bool npend = false; -- -- if (j) -- usleep_range(1000, 2000); -- -- for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) { -- if (!ATH_TXQ_SETUP(sc, i)) -- continue; -- -- npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]); -- -- if (npend) -- break; -- } +- struct sk_buff *msg; - -- if (!npend) -- break; -- } -+ if (wait_event_timeout(sc->tx_wait, !ath9k_has_tx_pending(sc), -+ timeout) > 0) -+ drop = false; - - if (drop) { - ath9k_ps_wakeup(sc); -@@ -2021,333 +2045,6 @@ static int ath9k_get_antenna(struct ieee - return 0; - } +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) + return; --#ifdef CONFIG_PM_SLEEP -- --static void ath9k_wow_map_triggers(struct ath_softc *sc, -- struct cfg80211_wowlan *wowlan, -- u32 *wow_triggers) --{ -- if (wowlan->disconnect) -- *wow_triggers |= AH_WOW_LINK_CHANGE | -- AH_WOW_BEACON_MISS; -- if (wowlan->magic_pkt) -- *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN; -- -- if (wowlan->n_patterns) -- *wow_triggers |= AH_WOW_USER_PATTERN_EN; -- -- sc->wow_enabled = *wow_triggers; -- --} -- --static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc) --{ -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- int pattern_count = 0; -- int i, byte_cnt; -- u8 dis_deauth_pattern[MAX_PATTERN_SIZE]; -- u8 dis_deauth_mask[MAX_PATTERN_SIZE]; -- -- memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE); -- memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE); -- -- /* -- * Create Dissassociate / Deauthenticate packet filter -- * -- * 2 bytes 2 byte 6 bytes 6 bytes 6 bytes -- * +--------------+----------+---------+--------+--------+---- -- * + Frame Control+ Duration + DA + SA + BSSID + -- * +--------------+----------+---------+--------+--------+---- -- * -- * The above is the management frame format for disassociate/ -- * deauthenticate pattern, from this we need to match the first byte -- * of 'Frame Control' and DA, SA, and BSSID fields -- * (skipping 2nd byte of FC and Duration feild. -- * -- * Disassociate pattern -- * -------------------- -- * Frame control = 00 00 1010 -- * DA, SA, BSSID = x:x:x:x:x:x -- * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x -- * | x:x:x:x:x:x -- 22 bytes -- * -- * Deauthenticate pattern -- * ---------------------- -- * Frame control = 00 00 1100 -- * DA, SA, BSSID = x:x:x:x:x:x -- * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x -- * | x:x:x:x:x:x -- 22 bytes -- */ -- -- /* Create Disassociate Pattern first */ -- -- byte_cnt = 0; -- -- /* Fill out the mask with all FF's */ -- -- for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++) -- dis_deauth_mask[i] = 0xff; -- -- /* copy the first byte of frame control field */ -- dis_deauth_pattern[byte_cnt] = 0xa0; -- byte_cnt++; -- -- /* skip 2nd byte of frame control and Duration field */ -- byte_cnt += 3; -- -- /* -- * need not match the destination mac address, it can be a broadcast -- * mac address or an unicast to this station -- */ -- byte_cnt += 6; -- -- /* copy the source mac address */ -- memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN); -- -- byte_cnt += 6; -- -- /* copy the bssid, its same as the source mac address */ -- -- memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN); -- -- /* Create Disassociate pattern mask */ -- -- dis_deauth_mask[0] = 0xfe; -- dis_deauth_mask[1] = 0x03; -- dis_deauth_mask[2] = 0xc0; -- -- ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n"); -- -- ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask, -- pattern_count, byte_cnt); -- -- pattern_count++; -- /* -- * for de-authenticate pattern, only the first byte of the frame -- * control field gets changed from 0xA0 to 0xC0 -- */ -- dis_deauth_pattern[0] = 0xC0; -- -- ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask, -- pattern_count, byte_cnt); -- --} -- --static void ath9k_wow_add_pattern(struct ath_softc *sc, -- struct cfg80211_wowlan *wowlan) --{ -- struct ath_hw *ah = sc->sc_ah; -- struct ath9k_wow_pattern *wow_pattern = NULL; -- struct cfg80211_pkt_pattern *patterns = wowlan->patterns; -- int mask_len; -- s8 i = 0; -- -- if (!wowlan->n_patterns) +- if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, +- NL80211_CMD_SCAN_ABORTED) < 0) { +- nlmsg_free(msg); - return; -- -- /* -- * Add the new user configured patterns -- */ -- for (i = 0; i < wowlan->n_patterns; i++) { -- -- wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL); -- -- if (!wow_pattern) -- return; -- -- /* -- * TODO: convert the generic user space pattern to -- * appropriate chip specific/802.11 pattern. -- */ -- -- mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8); -- memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE); -- memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE); -- memcpy(wow_pattern->pattern_bytes, patterns[i].pattern, -- patterns[i].pattern_len); -- memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len); -- wow_pattern->pattern_len = patterns[i].pattern_len; -- -- /* -- * just need to take care of deauth and disssoc pattern, -- * make sure we don't overwrite them. -- */ -- -- ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes, -- wow_pattern->mask_bytes, -- i + 2, -- wow_pattern->pattern_len); -- kfree(wow_pattern); -- -- } -- --} -- --static int ath9k_suspend(struct ieee80211_hw *hw, -- struct cfg80211_wowlan *wowlan) --{ -- struct ath_softc *sc = hw->priv; -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- u32 wow_triggers_enabled = 0; -- int ret = 0; -- -- mutex_lock(&sc->mutex); -- -- ath_cancel_work(sc); -- ath_stop_ani(sc); -- del_timer_sync(&sc->rx_poll_timer); -- -- if (test_bit(SC_OP_INVALID, &sc->sc_flags)) { -- ath_dbg(common, ANY, "Device not present\n"); -- ret = -EINVAL; -- goto fail_wow; -- } -- -- if (WARN_ON(!wowlan)) { -- ath_dbg(common, WOW, "None of the WoW triggers enabled\n"); -- ret = -EINVAL; -- goto fail_wow; -- } -- -- if (!device_can_wakeup(sc->dev)) { -- ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n"); -- ret = 1; -- goto fail_wow; -- } -- -- /* -- * none of the sta vifs are associated -- * and we are not currently handling multivif -- * cases, for instance we have to seperately -- * configure 'keep alive frame' for each -- * STA. -- */ -- -- if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) { -- ath_dbg(common, WOW, "None of the STA vifs are associated\n"); -- ret = 1; -- goto fail_wow; -- } -- -- if (sc->nvifs > 1) { -- ath_dbg(common, WOW, "WoW for multivif is not yet supported\n"); -- ret = 1; -- goto fail_wow; -- } -- -- ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled); -- -- ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n", -- wow_triggers_enabled); -- -- ath9k_ps_wakeup(sc); -- -- ath9k_stop_btcoex(sc); -- -- /* -- * Enable wake up on recieving disassoc/deauth -- * frame by default. -- */ -- ath9k_wow_add_disassoc_deauth_pattern(sc); -- -- if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN) -- ath9k_wow_add_pattern(sc, wowlan); -- -- spin_lock_bh(&sc->sc_pcu_lock); -- /* -- * To avoid false wake, we enable beacon miss interrupt only -- * when we go to sleep. We save the current interrupt mask -- * so we can restore it after the system wakes up -- */ -- sc->wow_intr_before_sleep = ah->imask; -- ah->imask &= ~ATH9K_INT_GLOBAL; -- ath9k_hw_disable_interrupts(ah); -- ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL; -- ath9k_hw_set_interrupts(ah); -- ath9k_hw_enable_interrupts(ah); -- -- spin_unlock_bh(&sc->sc_pcu_lock); -- -- /* -- * we can now sync irq and kill any running tasklets, since we already -- * disabled interrupts and not holding a spin lock -- */ -- synchronize_irq(sc->irq); -- tasklet_kill(&sc->intr_tq); -- -- ath9k_hw_wow_enable(ah, wow_triggers_enabled); -- -- ath9k_ps_restore(sc); -- ath_dbg(common, ANY, "WoW enabled in ath9k\n"); -- atomic_inc(&sc->wow_sleep_proc_intr); -- --fail_wow: -- mutex_unlock(&sc->mutex); -- return ret; --} -- --static int ath9k_resume(struct ieee80211_hw *hw) --{ -- struct ath_softc *sc = hw->priv; -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- u32 wow_status; -- -- mutex_lock(&sc->mutex); -- -- ath9k_ps_wakeup(sc); -- -- spin_lock_bh(&sc->sc_pcu_lock); -- -- ath9k_hw_disable_interrupts(ah); -- ah->imask = sc->wow_intr_before_sleep; -- ath9k_hw_set_interrupts(ah); -- ath9k_hw_enable_interrupts(ah); -- -- spin_unlock_bh(&sc->sc_pcu_lock); -- -- wow_status = ath9k_hw_wow_wakeup(ah); -- -- if (atomic_read(&sc->wow_got_bmiss_intr) == 0) { -- /* -- * some devices may not pick beacon miss -- * as the reason they woke up so we add -- * that here for that shortcoming. -- */ -- wow_status |= AH_WOW_BEACON_MISS; -- atomic_dec(&sc->wow_got_bmiss_intr); -- ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n"); -- } -- -- atomic_dec(&sc->wow_sleep_proc_intr); -- -- if (wow_status) { -- ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n", -- ath9k_hw_wow_event_to_string(wow_status), wow_status); - } - -- ath_restart_work(sc); -- ath9k_start_btcoex(sc); -- -- ath9k_ps_restore(sc); -- mutex_unlock(&sc->mutex); -- -- return 0; --} -- --static void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled) --{ -- struct ath_softc *sc = hw->priv; -- -- mutex_lock(&sc->mutex); -- device_init_wakeup(sc->dev, 1); -- device_set_wakeup_enable(sc->dev, enabled); -- mutex_unlock(&sc->mutex); --} -- --#endif - static void ath9k_sw_scan_start(struct ieee80211_hw *hw) - { - struct ath_softc *sc = hw->priv; -@@ -2373,134 +2070,6 @@ static void ath9k_channel_switch_beacon( - sc->csa_vif = vif; + genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, + NL80211_MCGRP_SCAN, GFP_KERNEL); } +@@ -11158,7 +11211,8 @@ void cfg80211_ch_switch_notify(struct ne + wdev->iftype != NL80211_IFTYPE_MESH_POINT)) + return; --static void ath9k_tx99_stop(struct ath_softc *sc) --{ -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- -- ath_drain_all_txq(sc); -- ath_startrecv(sc); -- -- ath9k_hw_set_interrupts(ah); -- ath9k_hw_enable_interrupts(ah); -- -- ieee80211_wake_queues(sc->hw); -- -- kfree_skb(sc->tx99_skb); -- sc->tx99_skb = NULL; -- sc->tx99_state = false; -- -- ath9k_hw_tx99_stop(sc->sc_ah); -- ath_dbg(common, XMIT, "TX99 stopped\n"); --} -- --static struct sk_buff *ath9k_build_tx99_skb(struct ath_softc *sc) --{ -- static u8 PN9Data[] = {0xff, 0x87, 0xb8, 0x59, 0xb7, 0xa1, 0xcc, 0x24, -- 0x57, 0x5e, 0x4b, 0x9c, 0x0e, 0xe9, 0xea, 0x50, -- 0x2a, 0xbe, 0xb4, 0x1b, 0xb6, 0xb0, 0x5d, 0xf1, -- 0xe6, 0x9a, 0xe3, 0x45, 0xfd, 0x2c, 0x53, 0x18, -- 0x0c, 0xca, 0xc9, 0xfb, 0x49, 0x37, 0xe5, 0xa8, -- 0x51, 0x3b, 0x2f, 0x61, 0xaa, 0x72, 0x18, 0x84, -- 0x02, 0x23, 0x23, 0xab, 0x63, 0x89, 0x51, 0xb3, -- 0xe7, 0x8b, 0x72, 0x90, 0x4c, 0xe8, 0xfb, 0xc0}; -- u32 len = 1200; -- struct ieee80211_hw *hw = sc->hw; -- struct ieee80211_hdr *hdr; -- struct ieee80211_tx_info *tx_info; -- struct sk_buff *skb; -- -- skb = alloc_skb(len, GFP_KERNEL); -- if (!skb) -- return NULL; -- -- skb_put(skb, len); -- -- memset(skb->data, 0, len); -- -- hdr = (struct ieee80211_hdr *)skb->data; -- hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA); -- hdr->duration_id = 0; -- -- memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN); -- memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN); -- memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN); -- -- hdr->seq_ctrl |= cpu_to_le16(sc->tx.seq_no); -- -- tx_info = IEEE80211_SKB_CB(skb); -- memset(tx_info, 0, sizeof(*tx_info)); -- tx_info->band = hw->conf.chandef.chan->band; -- tx_info->flags = IEEE80211_TX_CTL_NO_ACK; -- tx_info->control.vif = sc->tx99_vif; -- -- memcpy(skb->data + sizeof(*hdr), PN9Data, sizeof(PN9Data)); -- -- return skb; --} -- --void ath9k_tx99_deinit(struct ath_softc *sc) --{ -- ath_reset(sc); -- -- ath9k_ps_wakeup(sc); -- ath9k_tx99_stop(sc); -- ath9k_ps_restore(sc); --} -- --int ath9k_tx99_init(struct ath_softc *sc) --{ -- struct ieee80211_hw *hw = sc->hw; -- struct ath_hw *ah = sc->sc_ah; -- struct ath_common *common = ath9k_hw_common(ah); -- struct ath_tx_control txctl; -- int r; -- -- if (sc->sc_flags & SC_OP_INVALID) { -- ath_err(common, -- "driver is in invalid state unable to use TX99"); -- return -EINVAL; -- } -- -- sc->tx99_skb = ath9k_build_tx99_skb(sc); -- if (!sc->tx99_skb) -- return -ENOMEM; -- -- memset(&txctl, 0, sizeof(txctl)); -- txctl.txq = sc->tx.txq_map[IEEE80211_AC_VO]; -- -- ath_reset(sc); -- -- ath9k_ps_wakeup(sc); -- -- ath9k_hw_disable_interrupts(ah); -- atomic_set(&ah->intr_ref_cnt, -1); -- ath_drain_all_txq(sc); -- ath_stoprecv(sc); -- -- sc->tx99_state = true; -- -- ieee80211_stop_queues(hw); -- -- if (sc->tx99_power == MAX_RATE_POWER + 1) -- sc->tx99_power = MAX_RATE_POWER; -- -- ath9k_hw_tx99_set_txpower(ah, sc->tx99_power); -- r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl); -- if (r) { -- ath_dbg(common, XMIT, "Failed to xmit TX99 skb\n"); -- return r; -- } -- -- ath_dbg(common, XMIT, "TX99 xmit started using %d ( %ddBm)\n", -- sc->tx99_power, -- sc->tx99_power / 2); -- -- /* We leave the harware awake as it will be chugging on */ -- -- return 0; --} -- - struct ieee80211_ops ath9k_ops = { - .tx = ath9k_tx, - .start = ath9k_start, -@@ -2531,7 +2100,7 @@ struct ieee80211_ops ath9k_ops = { - .set_antenna = ath9k_set_antenna, - .get_antenna = ath9k_get_antenna, - --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ATH9K_WOW - .suspend = ath9k_suspend, - .resume = ath9k_resume, - .set_wakeup = ath9k_set_wakeup, ---- a/drivers/net/wireless/ath/ath9k/wow.c -+++ b/drivers/net/wireless/ath/ath9k/wow.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2012 Qualcomm Atheros, Inc. -+ * Copyright (c) 2013 Qualcomm Atheros, Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -14,409 +14,348 @@ - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ +- wdev->channel = chandef->chan; ++ wdev->chandef = *chandef; ++ wdev->preset_chandef = *chandef; + nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL); + } + EXPORT_SYMBOL(cfg80211_ch_switch_notify); +@@ -11673,6 +11727,35 @@ void cfg80211_crit_proto_stopped(struct + } + EXPORT_SYMBOL(cfg80211_crit_proto_stopped); --#include - #include "ath9k.h" --#include "reg.h" --#include "hw-ops.h" - --const char *ath9k_hw_wow_event_to_string(u32 wow_event) -+static const struct wiphy_wowlan_support ath9k_wowlan_support = { -+ .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT, -+ .n_patterns = MAX_NUM_USER_PATTERN, -+ .pattern_min_len = 1, -+ .pattern_max_len = MAX_PATTERN_SIZE, -+}; ++void nl80211_send_ap_stopped(struct wireless_dev *wdev) ++{ ++ struct wiphy *wiphy = wdev->wiphy; ++ struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); ++ struct sk_buff *msg; ++ void *hdr; + -+static void ath9k_wow_map_triggers(struct ath_softc *sc, -+ struct cfg80211_wowlan *wowlan, -+ u32 *wow_triggers) - { -- if (wow_event & AH_WOW_MAGIC_PATTERN_EN) -- return "Magic pattern"; -- if (wow_event & AH_WOW_USER_PATTERN_EN) -- return "User pattern"; -- if (wow_event & AH_WOW_LINK_CHANGE) -- return "Link change"; -- if (wow_event & AH_WOW_BEACON_MISS) -- return "Beacon miss"; -+ if (wowlan->disconnect) -+ *wow_triggers |= AH_WOW_LINK_CHANGE | -+ AH_WOW_BEACON_MISS; -+ if (wowlan->magic_pkt) -+ *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN; ++ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); ++ if (!msg) ++ return; + -+ if (wowlan->n_patterns) -+ *wow_triggers |= AH_WOW_USER_PATTERN_EN; ++ hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); ++ if (!hdr) ++ goto out; + -+ sc->wow_enabled = *wow_triggers; ++ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || ++ nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || ++ nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) ++ goto out; ++ ++ genlmsg_end(msg, hdr); ++ ++ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, ++ NL80211_MCGRP_MLME, GFP_KERNEL); ++ return; ++ out: ++ nlmsg_free(msg); ++} ++ + /* initialisation/exit functions */ + + int nl80211_init(void) +--- a/net/wireless/nl80211.h ++++ b/net/wireless/nl80211.h +@@ -8,10 +8,10 @@ void nl80211_exit(void); + void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev); + void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, + struct wireless_dev *wdev); +-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev); +-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, +- struct wireless_dev *wdev); ++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, ++ struct wireless_dev *wdev, bool aborted); ++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, ++ struct sk_buff *msg); + void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, + struct net_device *netdev, u32 cmd); + void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, +@@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg + enum nl80211_radar_event event, + struct net_device *netdev, gfp_t gfp); + ++void nl80211_send_ap_stopped(struct wireless_dev *wdev); ++ + void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev); -- return "unknown reason"; + #endif /* __NET_WIRELESS_NL80211_H */ +--- a/net/wireless/scan.c ++++ b/net/wireless/scan.c +@@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct + dev->bss_generation++; } --EXPORT_SYMBOL(ath9k_hw_wow_event_to_string); --static void ath9k_hw_set_powermode_wow_sleep(struct ath_hw *ah) -+static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc) +-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev) ++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, ++ bool send_message) { -+ struct ath_hw *ah = sc->sc_ah; - struct ath_common *common = ath9k_hw_common(ah); -+ int pattern_count = 0; -+ int i, byte_cnt; -+ u8 dis_deauth_pattern[MAX_PATTERN_SIZE]; -+ u8 dis_deauth_mask[MAX_PATTERN_SIZE]; - -- REG_SET_BIT(ah, AR_STA_ID1, AR_STA_ID1_PWR_SAV); -+ memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE); -+ memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE); - -- /* set rx disable bit */ -- REG_WRITE(ah, AR_CR, AR_CR_RXD); -+ /* -+ * Create Dissassociate / Deauthenticate packet filter -+ * -+ * 2 bytes 2 byte 6 bytes 6 bytes 6 bytes -+ * +--------------+----------+---------+--------+--------+---- -+ * + Frame Control+ Duration + DA + SA + BSSID + -+ * +--------------+----------+---------+--------+--------+---- -+ * -+ * The above is the management frame format for disassociate/ -+ * deauthenticate pattern, from this we need to match the first byte -+ * of 'Frame Control' and DA, SA, and BSSID fields -+ * (skipping 2nd byte of FC and Duration feild. -+ * -+ * Disassociate pattern -+ * -------------------- -+ * Frame control = 00 00 1010 -+ * DA, SA, BSSID = x:x:x:x:x:x -+ * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x -+ * | x:x:x:x:x:x -- 22 bytes -+ * -+ * Deauthenticate pattern -+ * ---------------------- -+ * Frame control = 00 00 1100 -+ * DA, SA, BSSID = x:x:x:x:x:x -+ * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x -+ * | x:x:x:x:x:x -- 22 bytes -+ */ + struct cfg80211_scan_request *request; + struct wireless_dev *wdev; ++ struct sk_buff *msg; + #ifdef CPTCFG_CFG80211_WEXT + union iwreq_data wrqu; + #endif -- if (!ath9k_hw_wait(ah, AR_CR, AR_CR_RXE, 0, AH_WAIT_TIMEOUT)) { -- ath_err(common, "Failed to stop Rx DMA in 10ms AR_CR=0x%08x AR_DIAG_SW=0x%08x\n", -- REG_READ(ah, AR_CR), REG_READ(ah, AR_DIAG_SW)); -- return; -- } -+ /* Create Disassociate Pattern first */ - -- REG_WRITE(ah, AR_RTC_FORCE_WAKE, AR_RTC_FORCE_WAKE_ON_INT); --} -+ byte_cnt = 0; - --static void ath9k_wow_create_keep_alive_pattern(struct ath_hw *ah) --{ -- struct ath_common *common = ath9k_hw_common(ah); -- u8 sta_mac_addr[ETH_ALEN], ap_mac_addr[ETH_ALEN]; -- u32 ctl[13] = {0}; -- u32 data_word[KAL_NUM_DATA_WORDS]; -- u8 i; -- u32 wow_ka_data_word0; -- -- memcpy(sta_mac_addr, common->macaddr, ETH_ALEN); -- memcpy(ap_mac_addr, common->curbssid, ETH_ALEN); -- -- /* set the transmit buffer */ -- ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16)); -- ctl[1] = 0; -- ctl[3] = 0xb; /* OFDM_6M hardware value for this rate */ -- ctl[4] = 0; -- ctl[7] = (ah->txchainmask) << 2; -- ctl[2] = 0xf << 16; /* tx_tries 0 */ -- -- for (i = 0; i < KAL_NUM_DESC_WORDS; i++) -- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]); -- -- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]); -- -- data_word[0] = (KAL_FRAME_TYPE << 2) | (KAL_FRAME_SUB_TYPE << 4) | -- (KAL_TO_DS << 8) | (KAL_DURATION_ID << 16); -- data_word[1] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) | -- (ap_mac_addr[1] << 8) | (ap_mac_addr[0]); -- data_word[2] = (sta_mac_addr[1] << 24) | (sta_mac_addr[0] << 16) | -- (ap_mac_addr[5] << 8) | (ap_mac_addr[4]); -- data_word[3] = (sta_mac_addr[5] << 24) | (sta_mac_addr[4] << 16) | -- (sta_mac_addr[3] << 8) | (sta_mac_addr[2]); -- data_word[4] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) | -- (ap_mac_addr[1] << 8) | (ap_mac_addr[0]); -- data_word[5] = (ap_mac_addr[5] << 8) | (ap_mac_addr[4]); -- -- if (AR_SREV_9462_20(ah)) { -- /* AR9462 2.0 has an extra descriptor word (time based -- * discard) compared to other chips */ -- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + (12 * 4)), 0); -- wow_ka_data_word0 = AR_WOW_TXBUF(13); -- } else { -- wow_ka_data_word0 = AR_WOW_TXBUF(12); -- } -+ /* Fill out the mask with all FF's */ - -- for (i = 0; i < KAL_NUM_DATA_WORDS; i++) -- REG_WRITE(ah, (wow_ka_data_word0 + i*4), data_word[i]); -+ for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++) -+ dis_deauth_mask[i] = 0xff; - --} -+ /* copy the first byte of frame control field */ -+ dis_deauth_pattern[byte_cnt] = 0xa0; -+ byte_cnt++; - --void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern, -- u8 *user_mask, int pattern_count, -- int pattern_len) --{ -- int i; -- u32 pattern_val, mask_val; -- u32 set, clr; -+ /* skip 2nd byte of frame control and Duration field */ -+ byte_cnt += 3; - -- /* FIXME: should check count by querying the hardware capability */ -- if (pattern_count >= MAX_NUM_PATTERN) -- return; -+ /* -+ * need not match the destination mac address, it can be a broadcast -+ * mac address or an unicast to this station -+ */ -+ byte_cnt += 6; - -- REG_SET_BIT(ah, AR_WOW_PATTERN, BIT(pattern_count)); -+ /* copy the source mac address */ -+ memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN); - -- /* set the registers for pattern */ -- for (i = 0; i < MAX_PATTERN_SIZE; i += 4) { -- memcpy(&pattern_val, user_pattern, 4); -- REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i), -- pattern_val); -- user_pattern += 4; -- } -+ byte_cnt += 6; + ASSERT_RTNL(); -- /* set the registers for mask */ -- for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) { -- memcpy(&mask_val, user_mask, 4); -- REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val); -- user_mask += 4; -- } -+ /* copy the bssid, its same as the source mac address */ - -- /* set the pattern length to be matched -- * -- * AR_WOW_LENGTH1_REG1 -- * bit 31:24 pattern 0 length -- * bit 23:16 pattern 1 length -- * bit 15:8 pattern 2 length -- * bit 7:0 pattern 3 length -- * -- * AR_WOW_LENGTH1_REG2 -- * bit 31:24 pattern 4 length -- * bit 23:16 pattern 5 length -- * bit 15:8 pattern 6 length -- * bit 7:0 pattern 7 length -- * -- * the below logic writes out the new -- * pattern length for the corresponding -- * pattern_count, while masking out the -- * other fields -- */ -+ memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN); +- request = rdev->scan_req; ++ if (rdev->scan_msg) { ++ nl80211_send_scan_result(rdev, rdev->scan_msg); ++ rdev->scan_msg = NULL; ++ return; ++ } -- ah->wow_event_mask |= BIT(pattern_count + AR_WOW_PAT_FOUND_SHIFT); -+ /* Create Disassociate pattern mask */ ++ request = rdev->scan_req; + if (!request) + return; -- if (pattern_count < 4) { -- /* Pattern 0-3 uses AR_WOW_LENGTH1 register */ -- set = (pattern_len & AR_WOW_LENGTH_MAX) << -- AR_WOW_LEN1_SHIFT(pattern_count); -- clr = AR_WOW_LENGTH1_MASK(pattern_count); -- REG_RMW(ah, AR_WOW_LENGTH1, set, clr); -- } else { -- /* Pattern 4-7 uses AR_WOW_LENGTH2 register */ -- set = (pattern_len & AR_WOW_LENGTH_MAX) << -- AR_WOW_LEN2_SHIFT(pattern_count); -- clr = AR_WOW_LENGTH2_MASK(pattern_count); -- REG_RMW(ah, AR_WOW_LENGTH2, set, clr); -- } -+ dis_deauth_mask[0] = 0xfe; -+ dis_deauth_mask[1] = 0x03; -+ dis_deauth_mask[2] = 0xc0; - --} --EXPORT_SYMBOL(ath9k_hw_wow_apply_pattern); -+ ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n"); - --u32 ath9k_hw_wow_wakeup(struct ath_hw *ah) --{ -- u32 wow_status = 0; -- u32 val = 0, rval; -+ ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask, -+ pattern_count, byte_cnt); - -+ pattern_count++; - /* -- * read the WoW status register to know -- * the wakeup reason -+ * for de-authenticate pattern, only the first byte of the frame -+ * control field gets changed from 0xA0 to 0xC0 - */ -- rval = REG_READ(ah, AR_WOW_PATTERN); -- val = AR_WOW_STATUS(rval); -+ dis_deauth_pattern[0] = 0xC0; +@@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802 + if (wdev->netdev) + cfg80211_sme_scan_done(wdev->netdev); -- /* -- * mask only the WoW events that we have enabled. Sometimes -- * we have spurious WoW events from the AR_WOW_PATTERN -- * register. This mask will clean it up. -- */ -+ ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask, -+ pattern_count, byte_cnt); +- if (request->aborted) { +- nl80211_send_scan_aborted(rdev, wdev); +- } else { +- if (request->flags & NL80211_SCAN_FLAG_FLUSH) { +- /* flush entries from previous scans */ +- spin_lock_bh(&rdev->bss_lock); +- __cfg80211_bss_expire(rdev, request->scan_start); +- spin_unlock_bh(&rdev->bss_lock); +- } +- nl80211_send_scan_done(rdev, wdev); ++ if (!request->aborted && ++ request->flags & NL80211_SCAN_FLAG_FLUSH) { ++ /* flush entries from previous scans */ ++ spin_lock_bh(&rdev->bss_lock); ++ __cfg80211_bss_expire(rdev, request->scan_start); ++ spin_unlock_bh(&rdev->bss_lock); + } -- val &= ah->wow_event_mask; -+} ++ msg = nl80211_build_scan_msg(rdev, wdev, request->aborted); ++ + #ifdef CPTCFG_CFG80211_WEXT + if (wdev->netdev && !request->aborted) { + memset(&wrqu, 0, sizeof(wrqu)); +@@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802 -- if (val) { -- if (val & AR_WOW_MAGIC_PAT_FOUND) -- wow_status |= AH_WOW_MAGIC_PATTERN_EN; -- if (AR_WOW_PATTERN_FOUND(val)) -- wow_status |= AH_WOW_USER_PATTERN_EN; -- if (val & AR_WOW_KEEP_ALIVE_FAIL) -- wow_status |= AH_WOW_LINK_CHANGE; -- if (val & AR_WOW_BEACON_FAIL) -- wow_status |= AH_WOW_BEACON_MISS; -- } -+static void ath9k_wow_add_pattern(struct ath_softc *sc, -+ struct cfg80211_wowlan *wowlan) -+{ -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath9k_wow_pattern *wow_pattern = NULL; -+ struct cfg80211_pkt_pattern *patterns = wowlan->patterns; -+ int mask_len; -+ s8 i = 0; + rdev->scan_req = NULL; + kfree(request); + -+ if (!wowlan->n_patterns) -+ return; ++ if (!send_message) ++ rdev->scan_msg = msg; ++ else ++ nl80211_send_scan_result(rdev, msg); + } - /* -- * set and clear WOW_PME_CLEAR registers for the chip to -- * generate next wow signal. -- * disable D3 before accessing other registers ? -+ * Add the new user configured patterns - */ -+ for (i = 0; i < wowlan->n_patterns; i++) { + void __cfg80211_scan_done(struct work_struct *wk) +@@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st + scan_done_wk); -- /* do we need to check the bit value 0x01000000 (7-10) ?? */ -- REG_RMW(ah, AR_PCIE_PM_CTRL, AR_PMCTRL_WOW_PME_CLR, -- AR_PMCTRL_PWR_STATE_D1D3); -+ wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL); + rtnl_lock(); +- ___cfg80211_scan_done(rdev); ++ ___cfg80211_scan_done(rdev, true); + rtnl_unlock(); + } -- /* -- * clear all events -- */ -- REG_WRITE(ah, AR_WOW_PATTERN, -- AR_WOW_CLEAR_EVENTS(REG_READ(ah, AR_WOW_PATTERN))); -+ if (!wow_pattern) -+ return; +@@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev + if (IS_ERR(rdev)) + return PTR_ERR(rdev); -- /* -- * restore the beacon threshold to init value -- */ -- REG_WRITE(ah, AR_RSSI_THR, INIT_RSSI_THR); -+ /* -+ * TODO: convert the generic user space pattern to -+ * appropriate chip specific/802.11 pattern. -+ */ +- if (rdev->scan_req) { ++ if (rdev->scan_req || rdev->scan_msg) { + err = -EBUSY; + goto out; + } +@@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev + if (IS_ERR(rdev)) + return PTR_ERR(rdev); + +- if (rdev->scan_req) ++ if (rdev->scan_req || rdev->scan_msg) + return -EAGAIN; + + res = ieee80211_scan_results(rdev, info, extra, data->length); +--- a/net/wireless/sme.c ++++ b/net/wireless/sme.c +@@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir + ASSERT_RDEV_LOCK(rdev); + ASSERT_WDEV_LOCK(wdev); + +- if (rdev->scan_req) ++ if (rdev->scan_req || rdev->scan_msg) + return -EBUSY; + + if (wdev->conn->params.channel) +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -1001,7 +1001,6 @@ ieee80211_sta_process_chanswitch(struct + } -- /* -- * Restore the way the PCI-E reset, Power-On-Reset, external -- * PCIE_POR_SHORT pins are tied to its original value. -- * Previously just before WoW sleep, we untie the PCI-E -- * reset to our Chip's Power On Reset so that any PCI-E -- * reset from the bus will not reset our chip -- */ -- if (ah->is_pciexpress) -- ath9k_hw_configpcipowersave(ah, false); -+ mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8); -+ memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE); -+ memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE); -+ memcpy(wow_pattern->pattern_bytes, patterns[i].pattern, -+ patterns[i].pattern_len); -+ memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len); -+ wow_pattern->pattern_len = patterns[i].pattern_len; -+ -+ /* -+ * just need to take care of deauth and disssoc pattern, -+ * make sure we don't overwrite them. -+ */ -+ -+ ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes, -+ wow_pattern->mask_bytes, -+ i + 2, -+ wow_pattern->pattern_len); -+ kfree(wow_pattern); + ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; +- sdata->vif.csa_active = true; -- ah->wow_event_mask = 0; -+ } + mutex_lock(&local->chanctx_mtx); + if (local->use_chanctx) { +@@ -1039,6 +1038,7 @@ ieee80211_sta_process_chanswitch(struct + mutex_unlock(&local->chanctx_mtx); -- return wow_status; - } --EXPORT_SYMBOL(ath9k_hw_wow_wakeup); + sdata->csa_chandef = csa_ie.chandef; ++ sdata->vif.csa_active = true; --void ath9k_hw_wow_enable(struct ath_hw *ah, u32 pattern_enable) -+int ath9k_suspend(struct ieee80211_hw *hw, -+ struct cfg80211_wowlan *wowlan) + if (csa_ie.mode) + ieee80211_stop_queues_by_reason(&local->hw, +--- a/net/mac80211/chan.c ++++ b/net/mac80211/chan.c +@@ -196,6 +196,8 @@ static bool ieee80211_is_radar_required( { -- u32 wow_event_mask; -- u32 set, clr; -+ struct ath_softc *sc = hw->priv; -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ u32 wow_triggers_enabled = 0; -+ int ret = 0; - -- /* -- * wow_event_mask is a mask to the AR_WOW_PATTERN register to -- * indicate which WoW events we have enabled. The WoW events -- * are from the 'pattern_enable' in this function and -- * 'pattern_count' of ath9k_hw_wow_apply_pattern() -- */ -- wow_event_mask = ah->wow_event_mask; -+ mutex_lock(&sc->mutex); + struct ieee80211_sub_if_data *sdata; -- /* -- * Untie Power-on-Reset from the PCI-E-Reset. When we are in -- * WOW sleep, we do want the Reset from the PCI-E to disturb -- * our hw state -- */ -- if (ah->is_pciexpress) { -- /* -- * we need to untie the internal POR (power-on-reset) -- * to the external PCI-E reset. We also need to tie -- * the PCI-E Phy reset to the PCI-E reset. -- */ -- set = AR_WA_RESET_EN | AR_WA_POR_SHORT; -- clr = AR_WA_UNTIE_RESET_EN | AR_WA_D3_L1_DISABLE; -- REG_RMW(ah, AR_WA, set, clr); -+ ath_cancel_work(sc); -+ ath_stop_ani(sc); -+ del_timer_sync(&sc->rx_poll_timer); ++ lockdep_assert_held(&local->mtx); + -+ if (test_bit(SC_OP_INVALID, &sc->sc_flags)) { -+ ath_dbg(common, ANY, "Device not present\n"); -+ ret = -EINVAL; -+ goto fail_wow; + rcu_read_lock(); + list_for_each_entry_rcu(sdata, &local->interfaces, list) { + if (sdata->radar_required) { +--- a/net/mac80211/ibss.c ++++ b/net/mac80211/ibss.c +@@ -294,7 +294,6 @@ static void __ieee80211_sta_join_ibss(st } -- /* -- * set the power states appropriately and enable PME -- */ -- set = AR_PMCTRL_HOST_PME_EN | AR_PMCTRL_PWR_PM_CTRL_ENA | -- AR_PMCTRL_AUX_PWR_DET | AR_PMCTRL_WOW_PME_CLR; -+ if (WARN_ON(!wowlan)) { -+ ath_dbg(common, WOW, "None of the WoW triggers enabled\n"); -+ ret = -EINVAL; -+ goto fail_wow; -+ } - -- /* -- * set and clear WOW_PME_CLEAR registers for the chip -- * to generate next wow signal. -- */ -- REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set); -- clr = AR_PMCTRL_WOW_PME_CLR; -- REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr); -+ if (!device_can_wakeup(sc->dev)) { -+ ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n"); -+ ret = 1; -+ goto fail_wow; -+ } + mutex_lock(&local->mtx); +- ieee80211_vif_release_channel(sdata); + if (ieee80211_vif_use_channel(sdata, &chandef, + ifibss->fixed_channel ? + IEEE80211_CHANCTX_SHARED : +@@ -303,6 +302,7 @@ static void __ieee80211_sta_join_ibss(st + mutex_unlock(&local->mtx); + return; + } ++ sdata->radar_required = radar_required; + mutex_unlock(&local->mtx); + + memcpy(ifibss->bssid, bssid, ETH_ALEN); +@@ -318,7 +318,6 @@ static void __ieee80211_sta_join_ibss(st + rcu_assign_pointer(ifibss->presp, presp); + mgmt = (void *)presp->head; + +- sdata->radar_required = radar_required; + sdata->vif.bss_conf.enable_beacon = true; + sdata->vif.bss_conf.beacon_int = beacon_int; + sdata->vif.bss_conf.basic_rates = basic_rates; +@@ -386,7 +385,7 @@ static void __ieee80211_sta_join_ibss(st + presp->head_len, 0, GFP_KERNEL); + cfg80211_put_bss(local->hw.wiphy, bss); + netif_carrier_on(sdata->dev); +- cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(sdata->dev, ifibss->bssid, chan, GFP_KERNEL); + } - /* -- * Setup for: -- * - beacon misses -- * - magic pattern -- * - keep alive timeout -- * - pattern matching -+ * none of the sta vifs are associated -+ * and we are not currently handling multivif -+ * cases, for instance we have to seperately -+ * configure 'keep alive frame' for each -+ * STA. - */ + static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata, +@@ -802,6 +801,8 @@ ieee80211_ibss_process_chanswitch(struct + int err; + u32 sta_flags; -- /* -- * Program default values for pattern backoff, aifs/slot/KAL count, -- * beacon miss timeout, KAL timeout, etc. -- */ -- set = AR_WOW_BACK_OFF_SHIFT(AR_WOW_PAT_BACKOFF); -- REG_SET_BIT(ah, AR_WOW_PATTERN, set); -+ if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) { -+ ath_dbg(common, WOW, "None of the STA vifs are associated\n"); -+ ret = 1; -+ goto fail_wow; -+ } ++ sdata_assert_lock(sdata); + -+ if (sc->nvifs > 1) { -+ ath_dbg(common, WOW, "WoW for multivif is not yet supported\n"); -+ ret = 1; -+ goto fail_wow; -+ } - -- set = AR_WOW_AIFS_CNT(AR_WOW_CNT_AIFS_CNT) | -- AR_WOW_SLOT_CNT(AR_WOW_CNT_SLOT_CNT) | -- AR_WOW_KEEP_ALIVE_CNT(AR_WOW_CNT_KA_CNT); -- REG_SET_BIT(ah, AR_WOW_COUNT, set); -- -- if (pattern_enable & AH_WOW_BEACON_MISS) -- set = AR_WOW_BEACON_TIMO; -- /* We are not using beacon miss, program a large value */ -- else -- set = AR_WOW_BEACON_TIMO_MAX; -+ ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled); - -- REG_WRITE(ah, AR_WOW_BCN_TIMO, set); -+ ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n", -+ wow_triggers_enabled); + sta_flags = IEEE80211_STA_DISABLE_VHT; + switch (ifibss->chandef.width) { + case NL80211_CHAN_WIDTH_5: +@@ -1471,6 +1472,11 @@ static void ieee80211_rx_mgmt_probe_req( + memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN); + ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa); + IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; ++ ++ /* avoid excessive retries for probe request to wildcard SSIDs */ ++ if (pos[1] == 0) ++ IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_NO_ACK; ++ + ieee80211_tx_skb(sdata, skb); + } -- /* -- * Keep alive timo in ms except AR9280 -- */ -- if (!pattern_enable) -- set = AR_WOW_KEEP_ALIVE_NEVER; -- else -- set = KAL_TIMEOUT * 32; -+ ath9k_ps_wakeup(sc); +--- a/net/mac80211/mesh.c ++++ b/net/mac80211/mesh.c +@@ -872,6 +872,8 @@ ieee80211_mesh_process_chnswitch(struct + if (!ifmsh->mesh_id) + return false; -- REG_WRITE(ah, AR_WOW_KEEP_ALIVE_TIMO, set); -+ ath9k_stop_btcoex(sc); - - /* -- * Keep alive delay in us. based on 'power on clock', -- * therefore in usec -+ * Enable wake up on recieving disassoc/deauth -+ * frame by default. - */ -- set = KAL_DELAY * 1000; -- REG_WRITE(ah, AR_WOW_KEEP_ALIVE_DELAY, set); -+ ath9k_wow_add_disassoc_deauth_pattern(sc); - -- /* -- * Create keep alive pattern to respond to beacons -- */ -- ath9k_wow_create_keep_alive_pattern(ah); -+ if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN) -+ ath9k_wow_add_pattern(sc, wowlan); - -+ spin_lock_bh(&sc->sc_pcu_lock); - /* -- * Configure MAC WoW Registers -+ * To avoid false wake, we enable beacon miss interrupt only -+ * when we go to sleep. We save the current interrupt mask -+ * so we can restore it after the system wakes up - */ -- set = 0; -- /* Send keep alive timeouts anyway */ -- clr = AR_WOW_KEEP_ALIVE_AUTO_DIS; -- -- if (pattern_enable & AH_WOW_LINK_CHANGE) -- wow_event_mask |= AR_WOW_KEEP_ALIVE_FAIL; -- else -- set = AR_WOW_KEEP_ALIVE_FAIL_DIS; -+ sc->wow_intr_before_sleep = ah->imask; -+ ah->imask &= ~ATH9K_INT_GLOBAL; -+ ath9k_hw_disable_interrupts(ah); -+ ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL; -+ ath9k_hw_set_interrupts(ah); -+ ath9k_hw_enable_interrupts(ah); - -- set = AR_WOW_KEEP_ALIVE_FAIL_DIS; -- REG_RMW(ah, AR_WOW_KEEP_ALIVE, set, clr); -+ spin_unlock_bh(&sc->sc_pcu_lock); - - /* -- * we are relying on a bmiss failure. ensure we have -- * enough threshold to prevent false positives -+ * we can now sync irq and kill any running tasklets, since we already -+ * disabled interrupts and not holding a spin lock - */ -- REG_RMW_FIELD(ah, AR_RSSI_THR, AR_RSSI_THR_BM_THR, -- AR_WOW_BMISSTHRESHOLD); -+ synchronize_irq(sc->irq); -+ tasklet_kill(&sc->intr_tq); -+ -+ ath9k_hw_wow_enable(ah, wow_triggers_enabled); - -- set = 0; -- clr = 0; -+ ath9k_ps_restore(sc); -+ ath_dbg(common, ANY, "WoW enabled in ath9k\n"); -+ atomic_inc(&sc->wow_sleep_proc_intr); - -- if (pattern_enable & AH_WOW_BEACON_MISS) { -- set = AR_WOW_BEACON_FAIL_EN; -- wow_event_mask |= AR_WOW_BEACON_FAIL; -- } else { -- clr = AR_WOW_BEACON_FAIL_EN; -+fail_wow: -+ mutex_unlock(&sc->mutex); -+ return ret; -+} -+ -+int ath9k_resume(struct ieee80211_hw *hw) -+{ -+ struct ath_softc *sc = hw->priv; -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ u32 wow_status; -+ -+ mutex_lock(&sc->mutex); -+ -+ ath9k_ps_wakeup(sc); -+ -+ spin_lock_bh(&sc->sc_pcu_lock); -+ -+ ath9k_hw_disable_interrupts(ah); -+ ah->imask = sc->wow_intr_before_sleep; -+ ath9k_hw_set_interrupts(ah); -+ ath9k_hw_enable_interrupts(ah); ++ sdata_assert_lock(sdata); + -+ spin_unlock_bh(&sc->sc_pcu_lock); -+ -+ wow_status = ath9k_hw_wow_wakeup(ah); -+ -+ if (atomic_read(&sc->wow_got_bmiss_intr) == 0) { -+ /* -+ * some devices may not pick beacon miss -+ * as the reason they woke up so we add -+ * that here for that shortcoming. -+ */ -+ wow_status |= AH_WOW_BEACON_MISS; -+ atomic_dec(&sc->wow_got_bmiss_intr); -+ ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n"); - } - -- REG_RMW(ah, AR_WOW_BCN_EN, set, clr); -+ atomic_dec(&sc->wow_sleep_proc_intr); - -- set = 0; -- clr = 0; -- /* -- * Enable the magic packet registers -- */ -- if (pattern_enable & AH_WOW_MAGIC_PATTERN_EN) { -- set = AR_WOW_MAGIC_EN; -- wow_event_mask |= AR_WOW_MAGIC_PAT_FOUND; -- } else { -- clr = AR_WOW_MAGIC_EN; -+ if (wow_status) { -+ ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n", -+ ath9k_hw_wow_event_to_string(wow_status), wow_status); - } -- set |= AR_WOW_MAC_INTR_EN; -- REG_RMW(ah, AR_WOW_PATTERN, set, clr); - -- REG_WRITE(ah, AR_WOW_PATTERN_MATCH_LT_256B, -- AR_WOW_PATTERN_SUPPORTED); -+ ath_restart_work(sc); -+ ath9k_start_btcoex(sc); - -- /* -- * Set the power states appropriately and enable PME -- */ -- clr = 0; -- set = AR_PMCTRL_PWR_STATE_D1D3 | AR_PMCTRL_HOST_PME_EN | -- AR_PMCTRL_PWR_PM_CTRL_ENA; -+ ath9k_ps_restore(sc); -+ mutex_unlock(&sc->mutex); - -- clr = AR_PCIE_PM_CTRL_ENA; -- REG_RMW(ah, AR_PCIE_PM_CTRL, set, clr); -+ return 0; -+} - -- /* -- * this is needed to prevent the chip waking up -- * the host within 3-4 seconds with certain -- * platform/BIOS. The fix is to enable -- * D1 & D3 to match original definition and -- * also match the OTP value. Anyway this -- * is more related to SW WOW. -- */ -- clr = AR_PMCTRL_PWR_STATE_D1D3; -- REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr); -+void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled) -+{ -+ struct ath_softc *sc = hw->priv; - -- set = AR_PMCTRL_PWR_STATE_D1D3_REAL; -- REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set); -+ mutex_lock(&sc->mutex); -+ device_init_wakeup(sc->dev, 1); -+ device_set_wakeup_enable(sc->dev, enabled); -+ mutex_unlock(&sc->mutex); -+} + sta_flags = IEEE80211_STA_DISABLE_VHT; + switch (sdata->vif.bss_conf.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: +--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c ++++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c +@@ -4658,6 +4658,7 @@ brcmf_notify_connect_status(struct brcmf + struct brcmf_cfg80211_info *cfg = ifp->drvr->config; + struct net_device *ndev = ifp->ndev; + struct brcmf_cfg80211_profile *profile = &ifp->vif->profile; ++ struct ieee80211_channel *chan; + s32 err = 0; + + if (ifp->vif->mode == WL_MODE_AP) { +@@ -4665,9 +4666,10 @@ brcmf_notify_connect_status(struct brcmf + } else if (brcmf_is_linkup(e)) { + brcmf_dbg(CONN, "Linkup\n"); + if (brcmf_is_ibssmode(ifp->vif)) { ++ chan = ieee80211_get_channel(cfg->wiphy, cfg->channel); + memcpy(profile->bssid, e->addr, ETH_ALEN); + wl_inform_ibss(cfg, ndev, e->addr); +- cfg80211_ibss_joined(ndev, e->addr, GFP_KERNEL); ++ cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL); + clear_bit(BRCMF_VIF_STATUS_CONNECTING, + &ifp->vif->sme_state); + set_bit(BRCMF_VIF_STATUS_CONNECTED, +--- a/drivers/net/wireless/libertas/cfg.c ++++ b/drivers/net/wireless/libertas/cfg.c +@@ -1766,7 +1766,8 @@ static void lbs_join_post(struct lbs_pri + memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); + priv->wdev->ssid_len = params->ssid_len; + +- cfg80211_ibss_joined(priv->dev, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, ++ GFP_KERNEL); + + /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ + priv->connect_status = LBS_CONNECTED; +--- a/drivers/net/wireless/mwifiex/cfg80211.c ++++ b/drivers/net/wireless/mwifiex/cfg80211.c +@@ -1881,7 +1881,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy + params->privacy); + done: + if (!ret) { +- cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, ++ params->chandef.chan, GFP_KERNEL); + dev_dbg(priv->adapter->dev, + "info: joined/created adhoc network with bssid" + " %pM successfully\n", priv->cfg_bssid); +--- a/drivers/net/wireless/rndis_wlan.c ++++ b/drivers/net/wireless/rndis_wlan.c +@@ -2835,7 +2835,9 @@ static void rndis_wlan_do_link_up_work(s + bssid, req_ie, req_ie_len, + resp_ie, resp_ie_len, GFP_KERNEL); + } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC) +- cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL); ++ cfg80211_ibss_joined(usbdev->net, bssid, ++ get_current_channel(usbdev, NULL), ++ GFP_KERNEL); + + kfree(info); -- REG_CLR_BIT(ah, AR_STA_ID1, AR_STA_ID1_PRESERVE_SEQNUM); -+void ath9k_init_wow(struct ieee80211_hw *hw) -+{ -+ struct ath_softc *sc = hw->priv; - -- /* to bring down WOW power low margin */ -- set = BIT(13); -- REG_SET_BIT(ah, AR_PCIE_PHY_REG3, set); -- /* HW WoW */ -- clr = BIT(5); -- REG_CLR_BIT(ah, AR_PCU_MISC_MODE3, clr); -+ if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) && -+ (sc->driver_data & ATH9K_PCI_WOW) && -+ device_can_wakeup(sc->dev)) -+ hw->wiphy->wowlan = &ath9k_wowlan_support; - -- ath9k_hw_set_powermode_wow_sleep(ah); -- ah->wow_event_mask = wow_event_mask; -+ atomic_set(&sc->wow_sleep_proc_intr, -1); -+ atomic_set(&sc->wow_got_bmiss_intr, -1); - } --EXPORT_SYMBOL(ath9k_hw_wow_enable); ---- a/drivers/net/wireless/ath/ath9k/xmit.c -+++ b/drivers/net/wireless/ath/ath9k/xmit.c -@@ -1786,6 +1786,9 @@ bool ath_drain_all_txq(struct ath_softc - if (!ATH_TXQ_SETUP(sc, i)) - continue; +--- a/net/wireless/ibss.c ++++ b/net/wireless/ibss.c +@@ -14,7 +14,8 @@ + #include "rdev-ops.h" -+ if (!sc->tx.txq[i].axq_depth) -+ continue; -+ - if (ath9k_hw_numtxpending(ah, sc->tx.txq[i].axq_qnum)) - npend |= BIT(i); - } -@@ -2749,6 +2752,8 @@ void ath_tx_node_cleanup(struct ath_soft - } - } -+#ifdef CONFIG_ATH9K_TX99 -+ - int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb, - struct ath_tx_control *txctl) +-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid) ++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel) { -@@ -2791,3 +2796,5 @@ int ath9k_tx99_send(struct ath_softc *sc - - return 0; - } -+ -+#endif /* CONFIG_ATH9K_TX99 */ ---- a/drivers/net/wireless/ath/regd.c -+++ b/drivers/net/wireless/ath/regd.c -@@ -37,17 +37,17 @@ static int __ath_regd_init(struct ath_re - - /* We enable active scan on these a case by case basis by regulatory domain */ - #define ATH9K_2GHZ_CH12_13 REG_RULE(2467-10, 2472+10, 40, 0, 20,\ -- NL80211_RRF_PASSIVE_SCAN) -+ NL80211_RRF_NO_IR) - #define ATH9K_2GHZ_CH14 REG_RULE(2484-10, 2484+10, 40, 0, 20,\ -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_OFDM) -+ NL80211_RRF_NO_IR | NL80211_RRF_NO_OFDM) - - /* We allow IBSS on these on a case by case basis by regulatory domain */ - #define ATH9K_5GHZ_5150_5350 REG_RULE(5150-10, 5350+10, 80, 0, 30,\ -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - #define ATH9K_5GHZ_5470_5850 REG_RULE(5470-10, 5850+10, 80, 0, 30,\ -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - #define ATH9K_5GHZ_5725_5850 REG_RULE(5725-10, 5850+10, 80, 0, 30,\ -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - #define ATH9K_2GHZ_ALL ATH9K_2GHZ_CH01_11, \ - ATH9K_2GHZ_CH12_13, \ -@@ -224,17 +224,16 @@ ath_reg_apply_beaconing_flags(struct wip - * regulatory_hint(). - */ - if (!(reg_rule->flags & -- NL80211_RRF_NO_IBSS)) -+ NL80211_RRF_NO_IR)) - ch->flags &= -- ~IEEE80211_CHAN_NO_IBSS; -+ ~IEEE80211_CHAN_NO_IR; - if (!(reg_rule->flags & -- NL80211_RRF_PASSIVE_SCAN)) -+ NL80211_RRF_NO_IR)) - ch->flags &= -- ~IEEE80211_CHAN_PASSIVE_SCAN; -+ ~IEEE80211_CHAN_NO_IR; - } else { - if (ch->beacon_found) -- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN); -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } - } - } -@@ -260,11 +259,11 @@ ath_reg_apply_active_scan_flags(struct w - */ - if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) { - ch = &sband->channels[11]; /* CH 12 */ -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - ch = &sband->channels[12]; /* CH 13 */ -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; + struct wireless_dev *wdev = dev->ieee80211_ptr; + struct cfg80211_bss *bss; +@@ -28,8 +29,7 @@ void __cfg80211_ibss_joined(struct net_d + if (!wdev->ssid_len) return; - } -@@ -278,17 +277,17 @@ ath_reg_apply_active_scan_flags(struct w - ch = &sband->channels[11]; /* CH 12 */ - reg_rule = freq_reg_info(wiphy, ch->center_freq); - if (!IS_ERR(reg_rule)) { -- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN)) -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (!(reg_rule->flags & NL80211_RRF_NO_IR)) -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } +- bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, +- wdev->ssid, wdev->ssid_len, ++ bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, NULL, 0, + WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_IBSS); - ch = &sband->channels[12]; /* CH 13 */ - reg_rule = freq_reg_info(wiphy, ch->center_freq); - if (!IS_ERR(reg_rule)) { -- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN)) -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (!(reg_rule->flags & NL80211_RRF_NO_IR)) -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } + if (WARN_ON(!bss)) +@@ -54,21 +54,26 @@ void __cfg80211_ibss_joined(struct net_d + #endif } -@@ -320,8 +319,8 @@ static void ath_reg_apply_radar_flags(st - */ - if (!(ch->flags & IEEE80211_CHAN_DISABLED)) - ch->flags |= IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR; - } - } +-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp) ++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, ++ struct ieee80211_channel *channel, gfp_t gfp) + { + struct wireless_dev *wdev = dev->ieee80211_ptr; + struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); + struct cfg80211_event *ev; + unsigned long flags; ---- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c -+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c -@@ -812,7 +812,7 @@ static s32 brcmf_p2p_run_escan(struct br - struct ieee80211_channel *chan = request->channels[i]; +- trace_cfg80211_ibss_joined(dev, bssid); ++ trace_cfg80211_ibss_joined(dev, bssid, channel); ++ ++ if (WARN_ON(!channel)) ++ return; - if (chan->flags & (IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_PASSIVE_SCAN)) -+ IEEE80211_CHAN_NO_IR)) - continue; + ev = kzalloc(sizeof(*ev), gfp); + if (!ev) + return; - chanspecs[i] = channel_to_chanspec(&p2p->cfg->d11inf, ---- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c -+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c -@@ -202,9 +202,9 @@ static struct ieee80211_supported_band _ - - /* This is to override regulatory domains defined in cfg80211 module (reg.c) - * By default world regulatory domain defined in reg.c puts the flags -- * NL80211_RRF_PASSIVE_SCAN and NL80211_RRF_NO_IBSS for 5GHz channels (for -- * 36..48 and 149..165). With respect to these flags, wpa_supplicant doesn't -- * start p2p operations on 5GHz channels. All the changes in world regulatory -+ * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165). -+ * With respect to these flags, wpa_supplicant doesn't * start p2p -+ * operations on 5GHz channels. All the changes in world regulatory - * domain are to be done here. - */ - static const struct ieee80211_regdomain brcmf_regdom = { -@@ -5197,10 +5197,10 @@ static s32 brcmf_construct_reginfo(struc - if (channel & WL_CHAN_RADAR) - band_chan_arr[index].flags |= - (IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_NO_IBSS); -+ IEEE80211_CHAN_NO_IR); - if (channel & WL_CHAN_PASSIVE) - band_chan_arr[index].flags |= -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR; - } - } - if (!update) ---- a/drivers/net/wireless/brcm80211/brcmsmac/channel.c -+++ b/drivers/net/wireless/brcm80211/brcmsmac/channel.c -@@ -59,23 +59,20 @@ - - #define BRCM_2GHZ_2412_2462 REG_RULE(2412-10, 2462+10, 40, 0, 19, 0) - #define BRCM_2GHZ_2467_2472 REG_RULE(2467-10, 2472+10, 20, 0, 19, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - #define BRCM_5GHZ_5180_5240 REG_RULE(5180-10, 5240+10, 40, 0, 21, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - #define BRCM_5GHZ_5260_5320 REG_RULE(5260-10, 5320+10, 40, 0, 21, \ -- NL80211_RRF_PASSIVE_SCAN | \ -+ NL80211_RRF_NO_IR | \ - NL80211_RRF_DFS | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - #define BRCM_5GHZ_5500_5700 REG_RULE(5500-10, 5700+10, 40, 0, 21, \ -- NL80211_RRF_PASSIVE_SCAN | \ -+ NL80211_RRF_NO_IR | \ - NL80211_RRF_DFS | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - #define BRCM_5GHZ_5745_5825 REG_RULE(5745-10, 5825+10, 40, 0, 21, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - static const struct ieee80211_regdomain brcms_regdom_x2 = { - .n_reg_rules = 6, -@@ -395,7 +392,7 @@ brcms_c_channel_set_chanspec(struct brcm - brcms_c_set_gmode(wlc, wlc->protection->gmode_user, false); - - brcms_b_set_chanspec(wlc->hw, chanspec, -- !!(ch->flags & IEEE80211_CHAN_PASSIVE_SCAN), -+ !!(ch->flags & IEEE80211_CHAN_NO_IR), - &txpwr); - } + ev->type = EVENT_IBSS_JOINED; +- memcpy(ev->cr.bssid, bssid, ETH_ALEN); ++ memcpy(ev->ij.bssid, bssid, ETH_ALEN); ++ ev->ij.channel = channel; -@@ -657,8 +654,8 @@ static void brcms_reg_apply_radar_flags( - */ - if (!(ch->flags & IEEE80211_CHAN_DISABLED)) - ch->flags |= IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR; - } - } + spin_lock_irqsave(&wdev->event_lock, flags); + list_add_tail(&ev->list, &wdev->event_list); +@@ -117,6 +122,7 @@ int __cfg80211_join_ibss(struct cfg80211 -@@ -688,14 +685,13 @@ brcms_reg_apply_beaconing_flags(struct w - if (IS_ERR(rule)) - continue; - -- if (!(rule->flags & NL80211_RRF_NO_IBSS)) -- ch->flags &= ~IEEE80211_CHAN_NO_IBSS; -- if (!(rule->flags & NL80211_RRF_PASSIVE_SCAN)) -+ if (!(rule->flags & NL80211_RRF_NO_IR)) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; -+ if (!(rule->flags & NL80211_RRF_NO_IR)) - ch->flags &= -- ~IEEE80211_CHAN_PASSIVE_SCAN; -+ ~IEEE80211_CHAN_NO_IR; - } else if (ch->beacon_found) { -- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN); -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } - } - } ---- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -@@ -125,13 +125,13 @@ static struct ieee80211_channel brcms_2g - CHAN2GHZ(10, 2457, IEEE80211_CHAN_NO_HT40PLUS), - CHAN2GHZ(11, 2462, IEEE80211_CHAN_NO_HT40PLUS), - CHAN2GHZ(12, 2467, -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS | -+ IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_NO_HT40PLUS), - CHAN2GHZ(13, 2472, -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS | -+ IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_NO_HT40PLUS), - CHAN2GHZ(14, 2484, -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS | -+ IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS | - IEEE80211_CHAN_NO_OFDM) - }; -@@ -144,51 +144,51 @@ static struct ieee80211_channel brcms_5g - CHAN5GHZ(48, IEEE80211_CHAN_NO_HT40PLUS), - /* UNII-2 */ - CHAN5GHZ(52, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(56, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(60, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(64, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - /* MID */ - CHAN5GHZ(100, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(104, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(108, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(112, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(116, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(120, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(124, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(128, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(132, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS), - CHAN5GHZ(136, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS), -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS), - CHAN5GHZ(140, -- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS | -+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS | - IEEE80211_CHAN_NO_HT40MINUS), - /* UNII-3 */ - CHAN5GHZ(149, IEEE80211_CHAN_NO_HT40MINUS), ---- a/drivers/net/wireless/cw1200/scan.c -+++ b/drivers/net/wireless/cw1200/scan.c -@@ -197,9 +197,9 @@ void cw1200_scan_work(struct work_struct - if ((*it)->band != first->band) - break; - if (((*it)->flags ^ first->flags) & -- IEEE80211_CHAN_PASSIVE_SCAN) -+ IEEE80211_CHAN_NO_IR) - break; -- if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) && -+ if (!(first->flags & IEEE80211_CHAN_NO_IR) && - (*it)->max_power != first->max_power) - break; - } -@@ -210,7 +210,7 @@ void cw1200_scan_work(struct work_struct - else - scan.max_tx_rate = WSM_TRANSMIT_RATE_1; - scan.num_probes = -- (first->flags & IEEE80211_CHAN_PASSIVE_SCAN) ? 0 : 2; -+ (first->flags & IEEE80211_CHAN_NO_IR) ? 0 : 2; - scan.num_ssids = priv->scan.n_ssids; - scan.ssids = &priv->scan.ssids[0]; - scan.num_channels = it - priv->scan.curr; -@@ -233,7 +233,7 @@ void cw1200_scan_work(struct work_struct - } - for (i = 0; i < scan.num_channels; ++i) { - scan.ch[i].number = priv->scan.curr[i]->hw_value; -- if (priv->scan.curr[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN) { -+ if (priv->scan.curr[i]->flags & IEEE80211_CHAN_NO_IR) { - scan.ch[i].min_chan_time = 50; - scan.ch[i].max_chan_time = 100; - } else { -@@ -241,7 +241,7 @@ void cw1200_scan_work(struct work_struct - scan.ch[i].max_chan_time = 25; - } + wdev->ibss_fixed = params->channel_fixed; + wdev->ibss_dfs_possible = params->userspace_handles_dfs; ++ wdev->chandef = params->chandef; + #ifdef CPTCFG_CFG80211_WEXT + wdev->wext.ibss.chandef = params->chandef; + #endif +@@ -200,6 +206,7 @@ static void __cfg80211_clear_ibss(struct + + wdev->current_bss = NULL; + wdev->ssid_len = 0; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + #ifdef CPTCFG_CFG80211_WEXT + if (!nowext) + wdev->wext.ibss.ssid_len = 0; +--- a/net/wireless/trace.h ++++ b/net/wireless/trace.h +@@ -2278,11 +2278,6 @@ DECLARE_EVENT_CLASS(cfg80211_rx_evt, + TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT, NETDEV_PR_ARG, MAC_PR_ARG(addr)) + ); + +-DEFINE_EVENT(cfg80211_rx_evt, cfg80211_ibss_joined, +- TP_PROTO(struct net_device *netdev, const u8 *addr), +- TP_ARGS(netdev, addr) +-); +- + DEFINE_EVENT(cfg80211_rx_evt, cfg80211_rx_spurious_frame, + TP_PROTO(struct net_device *netdev, const u8 *addr), + TP_ARGS(netdev, addr) +@@ -2293,6 +2288,24 @@ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_r + TP_ARGS(netdev, addr) + ); + ++TRACE_EVENT(cfg80211_ibss_joined, ++ TP_PROTO(struct net_device *netdev, const u8 *bssid, ++ struct ieee80211_channel *channel), ++ TP_ARGS(netdev, bssid, channel), ++ TP_STRUCT__entry( ++ NETDEV_ENTRY ++ MAC_ENTRY(bssid) ++ CHAN_ENTRY ++ ), ++ TP_fast_assign( ++ NETDEV_ASSIGN; ++ MAC_ASSIGN(bssid, bssid); ++ CHAN_ASSIGN(channel); ++ ), ++ TP_printk(NETDEV_PR_FMT ", bssid: " MAC_PR_FMT ", " CHAN_PR_FMT, ++ NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG) ++); ++ + TRACE_EVENT(cfg80211_probe_status, + TP_PROTO(struct net_device *netdev, const u8 *addr, u64 cookie, + bool acked), +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -820,7 +820,8 @@ void cfg80211_process_wdev_events(struct + ev->dc.reason, true); + break; + case EVENT_IBSS_JOINED: +- __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid); ++ __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid, ++ ev->ij.channel); + break; } -- if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) && -+ if (!(first->flags & IEEE80211_CHAN_NO_IR) && - priv->scan.output_power != first->max_power) { - priv->scan.output_power = first->max_power; - wsm_set_output_power(priv, ---- a/drivers/net/wireless/ipw2x00/ipw2100.c -+++ b/drivers/net/wireless/ipw2x00/ipw2100.c -@@ -1934,10 +1934,10 @@ static int ipw2100_wdev_init(struct net_ - bg_band->channels[i].max_power = geo->bg[i].max_power; - if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY) - bg_band->channels[i].flags |= -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR; - if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS) - bg_band->channels[i].flags |= -- IEEE80211_CHAN_NO_IBSS; -+ IEEE80211_CHAN_NO_IR; - if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT) - bg_band->channels[i].flags |= - IEEE80211_CHAN_RADAR; ---- a/drivers/net/wireless/ipw2x00/ipw2200.c -+++ b/drivers/net/wireless/ipw2x00/ipw2200.c -@@ -11472,10 +11472,10 @@ static int ipw_wdev_init(struct net_devi - bg_band->channels[i].max_power = geo->bg[i].max_power; - if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY) - bg_band->channels[i].flags |= -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR; - if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS) - bg_band->channels[i].flags |= -- IEEE80211_CHAN_NO_IBSS; -+ IEEE80211_CHAN_NO_IR; - if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT) - bg_band->channels[i].flags |= - IEEE80211_CHAN_RADAR; -@@ -11511,10 +11511,10 @@ static int ipw_wdev_init(struct net_devi - a_band->channels[i].max_power = geo->a[i].max_power; - if (geo->a[i].flags & LIBIPW_CH_PASSIVE_ONLY) - a_band->channels[i].flags |= -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR; - if (geo->a[i].flags & LIBIPW_CH_NO_IBSS) - a_band->channels[i].flags |= -- IEEE80211_CHAN_NO_IBSS; -+ IEEE80211_CHAN_NO_IR; - if (geo->a[i].flags & LIBIPW_CH_RADAR_DETECT) - a_band->channels[i].flags |= - IEEE80211_CHAN_RADAR; ---- a/drivers/net/wireless/iwlegacy/3945-mac.c -+++ b/drivers/net/wireless/iwlegacy/3945-mac.c -@@ -1595,7 +1595,7 @@ il3945_get_channels_for_scan(struct il_p - * and use long active_dwell time. + wdev_unlock(wdev); +@@ -1356,7 +1357,7 @@ int cfg80211_can_use_iftype_chan(struct */ - if (!is_active || il_is_channel_passive(ch_info) || -- (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)) { -+ (chan->flags & IEEE80211_CHAN_NO_IR)) { - scan_ch->type = 0; /* passive */ - if (IL_UCODE_API(il->ucode_ver) == 1) - scan_ch->active_dwell = ---- a/drivers/net/wireless/iwlegacy/4965-mac.c -+++ b/drivers/net/wireless/iwlegacy/4965-mac.c -@@ -805,7 +805,7 @@ il4965_get_channels_for_scan(struct il_p - } - - if (!is_active || il_is_channel_passive(ch_info) || -- (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)) -+ (chan->flags & IEEE80211_CHAN_NO_IR)) - scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE; - else - scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE; ---- a/drivers/net/wireless/iwlegacy/common.c -+++ b/drivers/net/wireless/iwlegacy/common.c -@@ -3447,10 +3447,10 @@ il_init_geos(struct il_priv *il) - - if (il_is_channel_valid(ch)) { - if (!(ch->flags & EEPROM_CHANNEL_IBSS)) -- geo_ch->flags |= IEEE80211_CHAN_NO_IBSS; -+ geo_ch->flags |= IEEE80211_CHAN_NO_IR; - - if (!(ch->flags & EEPROM_CHANNEL_ACTIVE)) -- geo_ch->flags |= IEEE80211_CHAN_PASSIVE_SCAN; -+ geo_ch->flags |= IEEE80211_CHAN_NO_IR; - - if (ch->flags & EEPROM_CHANNEL_RADAR) - geo_ch->flags |= IEEE80211_CHAN_RADAR; ---- a/drivers/net/wireless/iwlegacy/debug.c -+++ b/drivers/net/wireless/iwlegacy/debug.c -@@ -567,12 +567,12 @@ il_dbgfs_channels_read(struct file *file - flags & IEEE80211_CHAN_RADAR ? - " (IEEE 802.11h required)" : "", - ((channels[i]. -- flags & IEEE80211_CHAN_NO_IBSS) || -+ flags & IEEE80211_CHAN_NO_IR) || - (channels[i]. - flags & IEEE80211_CHAN_RADAR)) ? "" : - ", IBSS", - channels[i]. -- flags & IEEE80211_CHAN_PASSIVE_SCAN ? -+ flags & IEEE80211_CHAN_NO_IR ? - "passive only" : "active/passive"); - } - supp_band = il_get_hw_mode(il, IEEE80211_BAND_5GHZ); -@@ -594,12 +594,12 @@ il_dbgfs_channels_read(struct file *file - flags & IEEE80211_CHAN_RADAR ? - " (IEEE 802.11h required)" : "", - ((channels[i]. -- flags & IEEE80211_CHAN_NO_IBSS) || -+ flags & IEEE80211_CHAN_NO_IR) || - (channels[i]. - flags & IEEE80211_CHAN_RADAR)) ? "" : - ", IBSS", - channels[i]. -- flags & IEEE80211_CHAN_PASSIVE_SCAN ? -+ flags & IEEE80211_CHAN_NO_IR ? - "passive only" : "active/passive"); - } - ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); ---- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c -+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -@@ -352,12 +352,12 @@ static ssize_t iwl_dbgfs_channels_read(s - channels[i].max_power, - channels[i].flags & IEEE80211_CHAN_RADAR ? - " (IEEE 802.11h required)" : "", -- ((channels[i].flags & IEEE80211_CHAN_NO_IBSS) -+ ((channels[i].flags & IEEE80211_CHAN_NO_IR) - || (channels[i].flags & - IEEE80211_CHAN_RADAR)) ? "" : - ", IBSS", - channels[i].flags & -- IEEE80211_CHAN_PASSIVE_SCAN ? -+ IEEE80211_CHAN_NO_IR ? - "passive only" : "active/passive"); - } - supp_band = iwl_get_hw_mode(priv, IEEE80211_BAND_5GHZ); -@@ -375,12 +375,12 @@ static ssize_t iwl_dbgfs_channels_read(s - channels[i].max_power, - channels[i].flags & IEEE80211_CHAN_RADAR ? - " (IEEE 802.11h required)" : "", -- ((channels[i].flags & IEEE80211_CHAN_NO_IBSS) -+ ((channels[i].flags & IEEE80211_CHAN_NO_IR) - || (channels[i].flags & - IEEE80211_CHAN_RADAR)) ? "" : - ", IBSS", - channels[i].flags & -- IEEE80211_CHAN_PASSIVE_SCAN ? -+ IEEE80211_CHAN_NO_IR ? - "passive only" : "active/passive"); - } - ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); ---- a/drivers/net/wireless/iwlwifi/dvm/scan.c -+++ b/drivers/net/wireless/iwlwifi/dvm/scan.c -@@ -544,7 +544,7 @@ static int iwl_get_channels_for_scan(str - channel = chan->hw_value; - scan_ch->channel = cpu_to_le16(channel); - -- if (!is_active || (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)) -+ if (!is_active || (chan->flags & IEEE80211_CHAN_NO_IR)) - scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE; - else - scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE; ---- a/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c -+++ b/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c -@@ -614,10 +614,10 @@ static int iwl_init_channel_map(struct d - channel->flags = IEEE80211_CHAN_NO_HT40; - - if (!(eeprom_ch->flags & EEPROM_CHANNEL_IBSS)) -- channel->flags |= IEEE80211_CHAN_NO_IBSS; -+ channel->flags |= IEEE80211_CHAN_NO_IR; - - if (!(eeprom_ch->flags & EEPROM_CHANNEL_ACTIVE)) -- channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN; -+ channel->flags |= IEEE80211_CHAN_NO_IR; - - if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR) - channel->flags |= IEEE80211_CHAN_RADAR; ---- a/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c -+++ b/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c -@@ -223,10 +223,10 @@ static int iwl_init_channel_map(struct d - channel->flags |= IEEE80211_CHAN_NO_160MHZ; - - if (!(ch_flags & NVM_CHANNEL_IBSS)) -- channel->flags |= IEEE80211_CHAN_NO_IBSS; -+ channel->flags |= IEEE80211_CHAN_NO_IR; - - if (!(ch_flags & NVM_CHANNEL_ACTIVE)) -- channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN; -+ channel->flags |= IEEE80211_CHAN_NO_IR; - - if (ch_flags & NVM_CHANNEL_RADAR) - channel->flags |= IEEE80211_CHAN_RADAR; ---- a/drivers/net/wireless/iwlwifi/mvm/scan.c -+++ b/drivers/net/wireless/iwlwifi/mvm/scan.c -@@ -192,7 +192,7 @@ static void iwl_mvm_scan_fill_channels(s - for (i = 0; i < cmd->channel_count; i++) { - chan->channel = cpu_to_le16(req->channels[i]->hw_value); - chan->type = cpu_to_le32(type); -- if (req->channels[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN) -+ if (req->channels[i]->flags & IEEE80211_CHAN_NO_IR) - chan->type &= cpu_to_le32(~SCAN_CHANNEL_TYPE_ACTIVE); - chan->active_dwell = cpu_to_le16(active_dwell); - chan->passive_dwell = cpu_to_le16(passive_dwell); -@@ -642,7 +642,7 @@ static void iwl_build_channel_cfg(struct - channels->iter_count[index] = cpu_to_le16(1); - channels->iter_interval[index] = 0; - -- if (!(s_band->channels[i].flags & IEEE80211_CHAN_PASSIVE_SCAN)) -+ if (!(s_band->channels[i].flags & IEEE80211_CHAN_NO_IR)) - channels->type[index] |= - cpu_to_le32(IWL_SCAN_OFFLOAD_CHANNEL_ACTIVE); - ---- a/drivers/net/wireless/mac80211_hwsim.c -+++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -159,7 +159,7 @@ static const struct ieee80211_regdomain - .reg_rules = { - REG_RULE(2412-10, 2462+10, 40, 0, 20, 0), - REG_RULE(5725-10, 5850+10, 40, 0, 30, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - } - }; - -@@ -1485,7 +1485,7 @@ static void hw_scan_work(struct work_str - req->channels[hwsim->scan_chan_idx]->center_freq); - - hwsim->tmp_chan = req->channels[hwsim->scan_chan_idx]; -- if (hwsim->tmp_chan->flags & IEEE80211_CHAN_PASSIVE_SCAN || -+ if (hwsim->tmp_chan->flags & IEEE80211_CHAN_NO_IR || - !req->n_ssids) { - dwell = 120; - } else { ---- a/drivers/net/wireless/mwifiex/cfg80211.c -+++ b/drivers/net/wireless/mwifiex/cfg80211.c -@@ -50,24 +50,24 @@ static const struct ieee80211_regdomain - REG_RULE(2412-10, 2462+10, 40, 3, 20, 0), - /* Channel 12 - 13 */ - REG_RULE(2467-10, 2472+10, 20, 3, 20, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - /* Channel 14 */ - REG_RULE(2484-10, 2484+10, 20, 3, 20, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_NO_OFDM), - /* Channel 36 - 48 */ - REG_RULE(5180-10, 5240+10, 40, 3, 20, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - /* Channel 149 - 165 */ - REG_RULE(5745-10, 5825+10, 40, 3, 20, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - /* Channel 52 - 64 */ - REG_RULE(5260-10, 5320+10, 40, 3, 30, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_DFS), - /* Channel 100 - 140 */ - REG_RULE(5500-10, 5700+10, 40, 3, 30, -- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_DFS), - } - }; -@@ -1968,7 +1968,7 @@ mwifiex_cfg80211_scan(struct wiphy *wiph - user_scan_cfg->chan_list[i].chan_number = chan->hw_value; - user_scan_cfg->chan_list[i].radio_type = chan->band; - -- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) -+ if (chan->flags & IEEE80211_CHAN_NO_IR) - user_scan_cfg->chan_list[i].scan_type = - MWIFIEX_SCAN_TYPE_PASSIVE; - else ---- a/drivers/net/wireless/mwifiex/scan.c -+++ b/drivers/net/wireless/mwifiex/scan.c -@@ -515,14 +515,14 @@ mwifiex_scan_create_channel_list(struct - scan_chan_list[chan_idx].max_scan_time = - cpu_to_le16((u16) user_scan_in-> - chan_list[0].scan_time); -- else if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -+ else if (ch->flags & IEEE80211_CHAN_NO_IR) - scan_chan_list[chan_idx].max_scan_time = - cpu_to_le16(adapter->passive_scan_time); - else - scan_chan_list[chan_idx].max_scan_time = - cpu_to_le16(adapter->active_scan_time); - -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -+ if (ch->flags & IEEE80211_CHAN_NO_IR) - scan_chan_list[chan_idx].chan_scan_mode_bitmap - |= MWIFIEX_PASSIVE_SCAN; - else ---- a/drivers/net/wireless/rt2x00/rt2x00lib.h -+++ b/drivers/net/wireless/rt2x00/rt2x00lib.h -@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_ - * @local: frame is not from mac80211 - */ - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, -- bool local); -+ struct ieee80211_sta *sta, bool local); - - /** - * rt2x00queue_update_beacon - Send new beacon from mac80211 ---- a/drivers/net/wireless/rt2x00/rt2x00mac.c -+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c -@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct r - frag_skb->data, data_length, tx_info, - (struct ieee80211_rts *)(skb->data)); - -- retval = rt2x00queue_write_tx_frame(queue, skb, true); -+ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true); - if (retval) { - dev_kfree_skb_any(skb); - rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n"); -@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *h - goto exit_fail; - } + mutex_lock_nested(&wdev_iter->mtx, 1); + __acquire(wdev_iter->mtx); +- cfg80211_get_chan_state(wdev_iter, &ch, &chmode); ++ cfg80211_get_chan_state(wdev_iter, &ch, &chmode, &radar_detect); + wdev_unlock(wdev_iter); -- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false))) -+ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false))) - goto exit_fail; - - /* ---- a/drivers/net/wireless/rt2x00/rt2x00queue.c -+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct - } - - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, -- bool local) -+ struct ieee80211_sta *sta, bool local) + switch (chmode) { +--- a/net/wireless/chan.c ++++ b/net/wireless/chan.c +@@ -642,7 +642,8 @@ int cfg80211_set_monitor_channel(struct + void + cfg80211_get_chan_state(struct wireless_dev *wdev, + struct ieee80211_channel **chan, +- enum cfg80211_chan_mode *chanmode) ++ enum cfg80211_chan_mode *chanmode, ++ u8 *radar_detect) { - struct ieee80211_tx_info *tx_info; - struct queue_entry *entry; -@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct da - * after that we are free to use the skb->cb array - * for our information. - */ -- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL); -+ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta); - - /* - * All information is retrieved from the skb->cb array, ---- a/drivers/net/wireless/rtl818x/rtl8187/dev.c -+++ b/drivers/net/wireless/rtl818x/rtl8187/dev.c -@@ -416,7 +416,7 @@ static int rtl8187_init_urbs(struct ieee - struct rtl8187_rx_info *info; - int ret = 0; - -- while (skb_queue_len(&priv->rx_queue) < 16) { -+ while (skb_queue_len(&priv->rx_queue) < 32) { - skb = __dev_alloc_skb(RTL8187_MAX_RX, GFP_KERNEL); - if (!skb) { - ret = -ENOMEM; ---- a/drivers/net/wireless/rtlwifi/base.c -+++ b/drivers/net/wireless/rtlwifi/base.c -@@ -1078,8 +1078,8 @@ u8 rtl_is_special_data(struct ieee80211_ - - ip = (struct iphdr *)((u8 *) skb->data + mac_hdr_len + - SNAP_SIZE + PROTOC_TYPE_SIZE); -- ether_type = *(u16 *) ((u8 *) skb->data + mac_hdr_len + SNAP_SIZE); -- /* ether_type = ntohs(ether_type); */ -+ ether_type = be16_to_cpu(*(__be16 *)((u8 *)skb->data + mac_hdr_len + -+ SNAP_SIZE)); - - if (ETH_P_IP == ether_type) { - if (IPPROTO_UDP == ip->protocol) { ---- a/drivers/net/wireless/rtlwifi/regd.c -+++ b/drivers/net/wireless/rtlwifi/regd.c -@@ -59,30 +59,27 @@ static struct country_code_to_enum_rd al - */ - #define RTL819x_2GHZ_CH12_13 \ - REG_RULE(2467-10, 2472+10, 40, 0, 20,\ -- NL80211_RRF_PASSIVE_SCAN) -+ NL80211_RRF_NO_IR) - - #define RTL819x_2GHZ_CH14 \ - REG_RULE(2484-10, 2484+10, 40, 0, 20, \ -- NL80211_RRF_PASSIVE_SCAN | \ -+ NL80211_RRF_NO_IR | \ - NL80211_RRF_NO_OFDM) - - /* 5G chan 36 - chan 64*/ - #define RTL819x_5GHZ_5150_5350 \ - REG_RULE(5150-10, 5350+10, 40, 0, 30, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - /* 5G chan 100 - chan 165*/ - #define RTL819x_5GHZ_5470_5850 \ - REG_RULE(5470-10, 5850+10, 40, 0, 30, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - /* 5G chan 149 - chan 165*/ - #define RTL819x_5GHZ_5725_5850 \ - REG_RULE(5725-10, 5850+10, 40, 0, 30, \ -- NL80211_RRF_PASSIVE_SCAN | \ -- NL80211_RRF_NO_IBSS) -+ NL80211_RRF_NO_IR) - - #define RTL819x_5GHZ_ALL \ - (RTL819x_5GHZ_5150_5350, RTL819x_5GHZ_5470_5850) -@@ -185,16 +182,15 @@ static void _rtl_reg_apply_beaconing_fla - *regulatory_hint(). - */ - -- if (!(reg_rule->flags & NL80211_RRF_NO_IBSS)) -- ch->flags &= ~IEEE80211_CHAN_NO_IBSS; -+ if (!(reg_rule->flags & NL80211_RRF_NO_IR)) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - if (!(reg_rule-> -- flags & NL80211_RRF_PASSIVE_SCAN)) -+ flags & NL80211_RRF_NO_IR)) - ch->flags &= -- ~IEEE80211_CHAN_PASSIVE_SCAN; -+ ~IEEE80211_CHAN_NO_IR; - } else { - if (ch->beacon_found) -- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN); -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } + *chan = NULL; + *chanmode = CHAN_MODE_UNDEFINED; +@@ -660,6 +661,11 @@ cfg80211_get_chan_state(struct wireless_ + !wdev->ibss_dfs_possible) + ? CHAN_MODE_SHARED + : CHAN_MODE_EXCLUSIVE; ++ ++ /* consider worst-case - IBSS can try to return to the ++ * original user-specified channel as creator */ ++ if (wdev->ibss_dfs_possible) ++ *radar_detect |= BIT(wdev->chandef.width); + return; + } + break; +@@ -674,17 +680,26 @@ cfg80211_get_chan_state(struct wireless_ + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + if (wdev->cac_started) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ *radar_detect |= BIT(wdev->chandef.width); + } else if (wdev->beacon_interval) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ ++ if (cfg80211_chandef_dfs_required(wdev->wiphy, ++ &wdev->chandef)) ++ *radar_detect |= BIT(wdev->chandef.width); } - } -@@ -219,11 +215,11 @@ static void _rtl_reg_apply_active_scan_f - */ - if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) { - ch = &sband->channels[11]; /* CH 12 */ -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - ch = &sband->channels[12]; /* CH 13 */ -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; return; - } - -@@ -237,17 +233,17 @@ static void _rtl_reg_apply_active_scan_f - ch = &sband->channels[11]; /* CH 12 */ - reg_rule = freq_reg_info(wiphy, ch->center_freq); - if (!IS_ERR(reg_rule)) { -- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN)) -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (!(reg_rule->flags & NL80211_RRF_NO_IR)) -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } - - ch = &sband->channels[12]; /* CH 13 */ - reg_rule = freq_reg_info(wiphy, ch->center_freq); - if (!IS_ERR(reg_rule)) { -- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN)) -- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN) -- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -+ if (!(reg_rule->flags & NL80211_RRF_NO_IR)) -+ if (ch->flags & IEEE80211_CHAN_NO_IR) -+ ch->flags &= ~IEEE80211_CHAN_NO_IR; - } - } - -@@ -284,8 +280,8 @@ static void _rtl_reg_apply_radar_flags(s - */ - if (!(ch->flags & IEEE80211_CHAN_DISABLED)) - ch->flags |= IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN; -+ IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_NO_IR; - } - } - ---- a/drivers/net/wireless/ti/wl12xx/scan.c -+++ b/drivers/net/wireless/ti/wl12xx/scan.c -@@ -47,7 +47,7 @@ static int wl1271_get_scan_channels(stru - * In active scans, we only scan channels not - * marked as passive. - */ -- (passive || !(flags & IEEE80211_CHAN_PASSIVE_SCAN))) { -+ (passive || !(flags & IEEE80211_CHAN_NO_IR))) { - wl1271_debug(DEBUG_SCAN, "band %d, center_freq %d ", - req->channels[i]->band, - req->channels[i]->center_freq); ---- a/drivers/net/wireless/ti/wlcore/cmd.c -+++ b/drivers/net/wireless/ti/wlcore/cmd.c -@@ -1688,7 +1688,7 @@ int wlcore_cmd_regdomain_config_locked(s - - if (channel->flags & (IEEE80211_CHAN_DISABLED | - IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_PASSIVE_SCAN)) -+ IEEE80211_CHAN_NO_IR)) - continue; - - ch_bit_idx = wlcore_get_reg_conf_ch_idx(b, ch); ---- a/drivers/net/wireless/ti/wlcore/main.c -+++ b/drivers/net/wireless/ti/wlcore/main.c -@@ -91,8 +91,7 @@ static void wl1271_reg_notify(struct wip - continue; - - if (ch->flags & IEEE80211_CHAN_RADAR) -- ch->flags |= IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN; -+ ch->flags |= IEEE80211_CHAN_NO_IR; - - } - ---- a/drivers/net/wireless/ti/wlcore/scan.c -+++ b/drivers/net/wireless/ti/wlcore/scan.c -@@ -189,14 +189,14 @@ wlcore_scan_get_channels(struct wl1271 * - flags = req_channels[i]->flags; - - if (force_passive) -- flags |= IEEE80211_CHAN_PASSIVE_SCAN; -+ flags |= IEEE80211_CHAN_NO_IR; - - if ((req_channels[i]->band == band) && - !(flags & IEEE80211_CHAN_DISABLED) && - (!!(flags & IEEE80211_CHAN_RADAR) == radar) && - /* if radar is set, we ignore the passive flag */ - (radar || -- !!(flags & IEEE80211_CHAN_PASSIVE_SCAN) == passive)) { -+ !!(flags & IEEE80211_CHAN_NO_IR) == passive)) { - - - if (flags & IEEE80211_CHAN_RADAR) { -@@ -221,7 +221,7 @@ wlcore_scan_get_channels(struct wl1271 * - (band == IEEE80211_BAND_2GHZ) && - (channels[j].channel >= 12) && - (channels[j].channel <= 14) && -- (flags & IEEE80211_CHAN_PASSIVE_SCAN) && -+ (flags & IEEE80211_CHAN_NO_IR) && - !force_passive) { - /* pactive channels treated as DFS */ - channels[j].flags = SCAN_CHANNEL_FLAGS_DFS; -@@ -244,7 +244,7 @@ wlcore_scan_get_channels(struct wl1271 * - max_dwell_time_active, - flags & IEEE80211_CHAN_RADAR ? - ", DFS" : "", -- flags & IEEE80211_CHAN_PASSIVE_SCAN ? -+ flags & IEEE80211_CHAN_NO_IR ? - ", PASSIVE" : ""); - j++; + case NL80211_IFTYPE_MESH_POINT: + if (wdev->mesh_id_len) { +- *chan = wdev->channel; ++ *chan = wdev->chandef.chan; + *chanmode = CHAN_MODE_SHARED; ++ ++ if (cfg80211_chandef_dfs_required(wdev->wiphy, ++ &wdev->chandef)) ++ *radar_detect |= BIT(wdev->chandef.width); } ---- a/include/net/cfg80211.h -+++ b/include/net/cfg80211.h -@@ -91,9 +91,8 @@ enum ieee80211_band { - * Channel flags set by the regulatory control code. - * - * @IEEE80211_CHAN_DISABLED: This channel is disabled. -- * @IEEE80211_CHAN_PASSIVE_SCAN: Only passive scanning is permitted -- * on this channel. -- * @IEEE80211_CHAN_NO_IBSS: IBSS is not allowed on this channel. -+ * @IEEE80211_CHAN_NO_IR: do not initiate radiation, this includes -+ * sending probe requests or beaconing. - * @IEEE80211_CHAN_RADAR: Radar detection is required on this channel. - * @IEEE80211_CHAN_NO_HT40PLUS: extension channel above this channel - * is not permitted. -@@ -113,8 +112,8 @@ enum ieee80211_band { - */ - enum ieee80211_channel_flags { - IEEE80211_CHAN_DISABLED = 1<<0, -- IEEE80211_CHAN_PASSIVE_SCAN = 1<<1, -- IEEE80211_CHAN_NO_IBSS = 1<<2, -+ IEEE80211_CHAN_NO_IR = 1<<1, -+ /* hole at 1<<2 */ - IEEE80211_CHAN_RADAR = 1<<3, - IEEE80211_CHAN_NO_HT40PLUS = 1<<4, - IEEE80211_CHAN_NO_HT40MINUS = 1<<5, -@@ -4149,6 +4148,7 @@ void cfg80211_radar_event(struct wiphy * - /** - * cfg80211_cac_event - Channel availability check (CAC) event - * @netdev: network device -+ * @chandef: chandef for the current channel - * @event: type of event - * @gfp: context flags - * -@@ -4157,6 +4157,7 @@ void cfg80211_radar_event(struct wiphy * - * also by full-MAC drivers. - */ - void cfg80211_cac_event(struct net_device *netdev, -+ const struct cfg80211_chan_def *chandef, - enum nl80211_radar_event event, gfp_t gfp); - - ---- a/include/uapi/linux/nl80211.h -+++ b/include/uapi/linux/nl80211.h -@@ -1508,6 +1508,9 @@ enum nl80211_commands { - * to react to radar events, e.g. initiate a channel switch or leave the - * IBSS network. - * -+ * @NL80211_ATTR_SUPPORT_5_10_MHZ: A flag indicating that the device supports -+ * 5 MHz and 10 MHz channel bandwidth. -+ * - * @NL80211_ATTR_MAX: highest attribute number currently defined - * @__NL80211_ATTR_AFTER_LAST: internal use - */ -@@ -1824,6 +1827,8 @@ enum nl80211_attrs { - - NL80211_ATTR_HANDLE_DFS, - -+ NL80211_ATTR_SUPPORT_5_10_MHZ, -+ - /* add attributes here, update the policy in nl80211.c */ - - __NL80211_ATTR_AFTER_LAST, -@@ -2224,10 +2229,9 @@ enum nl80211_band_attr { - * @NL80211_FREQUENCY_ATTR_FREQ: Frequency in MHz - * @NL80211_FREQUENCY_ATTR_DISABLED: Channel is disabled in current - * regulatory domain. -- * @NL80211_FREQUENCY_ATTR_PASSIVE_SCAN: Only passive scanning is -- * permitted on this channel in current regulatory domain. -- * @NL80211_FREQUENCY_ATTR_NO_IBSS: IBSS networks are not permitted -- * on this channel in current regulatory domain. -+ * @NL80211_FREQUENCY_ATTR_NO_IR: no mechanisms that initiate radiation -+ * are permitted on this channel, this includes sending probe -+ * requests, or modes of operation that require beaconing. - * @NL80211_FREQUENCY_ATTR_RADAR: Radar detection is mandatory - * on this channel in current regulatory domain. - * @NL80211_FREQUENCY_ATTR_MAX_TX_POWER: Maximum transmission power in mBm -@@ -2254,8 +2258,8 @@ enum nl80211_frequency_attr { - __NL80211_FREQUENCY_ATTR_INVALID, - NL80211_FREQUENCY_ATTR_FREQ, - NL80211_FREQUENCY_ATTR_DISABLED, -- NL80211_FREQUENCY_ATTR_PASSIVE_SCAN, -- NL80211_FREQUENCY_ATTR_NO_IBSS, -+ NL80211_FREQUENCY_ATTR_NO_IR, -+ __NL80211_FREQUENCY_ATTR_NO_IBSS, - NL80211_FREQUENCY_ATTR_RADAR, - NL80211_FREQUENCY_ATTR_MAX_TX_POWER, - NL80211_FREQUENCY_ATTR_DFS_STATE, -@@ -2271,6 +2275,9 @@ enum nl80211_frequency_attr { - }; - - #define NL80211_FREQUENCY_ATTR_MAX_TX_POWER NL80211_FREQUENCY_ATTR_MAX_TX_POWER -+#define NL80211_FREQUENCY_ATTR_PASSIVE_SCAN NL80211_FREQUENCY_ATTR_NO_IR -+#define NL80211_FREQUENCY_ATTR_NO_IBSS NL80211_FREQUENCY_ATTR_NO_IR -+#define NL80211_FREQUENCY_ATTR_NO_IR NL80211_FREQUENCY_ATTR_NO_IR - - /** - * enum nl80211_bitrate_attr - bitrate attributes -@@ -2413,8 +2420,9 @@ enum nl80211_sched_scan_match_attr { - * @NL80211_RRF_DFS: DFS support is required to be used - * @NL80211_RRF_PTP_ONLY: this is only for Point To Point links - * @NL80211_RRF_PTMP_ONLY: this is only for Point To Multi Point links -- * @NL80211_RRF_PASSIVE_SCAN: passive scan is required -- * @NL80211_RRF_NO_IBSS: no IBSS is allowed -+ * @NL80211_RRF_NO_IR: no mechanisms that initiate radiation are allowed, -+ * this includes probe requests or modes of operation that require -+ * beaconing. - */ - enum nl80211_reg_rule_flags { - NL80211_RRF_NO_OFDM = 1<<0, -@@ -2424,10 +2432,17 @@ enum nl80211_reg_rule_flags { - NL80211_RRF_DFS = 1<<4, - NL80211_RRF_PTP_ONLY = 1<<5, - NL80211_RRF_PTMP_ONLY = 1<<6, -- NL80211_RRF_PASSIVE_SCAN = 1<<7, -- NL80211_RRF_NO_IBSS = 1<<8, -+ NL80211_RRF_NO_IR = 1<<7, -+ __NL80211_RRF_NO_IBSS = 1<<8, - }; - -+#define NL80211_RRF_PASSIVE_SCAN NL80211_RRF_NO_IR -+#define NL80211_RRF_NO_IBSS NL80211_RRF_NO_IR -+#define NL80211_RRF_NO_IR NL80211_RRF_NO_IR -+ -+/* For backport compatibility with older userspace */ -+#define NL80211_RRF_NO_IR_ALL (NL80211_RRF_NO_IR | __NL80211_RRF_NO_IBSS) -+ - /** - * enum nl80211_dfs_regions - regulatory DFS regions - * ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -1050,6 +1050,7 @@ static int ieee80211_stop_ap(struct wiph - struct ieee80211_local *local = sdata->local; - struct beacon_data *old_beacon; - struct probe_resp *old_probe_resp; -+ struct cfg80211_chan_def chandef; - - old_beacon = rtnl_dereference(sdata->u.ap.beacon); - if (!old_beacon) -@@ -1091,8 +1092,10 @@ static int ieee80211_stop_ap(struct wiph - ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); - - if (sdata->wdev.cac_started) { -+ chandef = sdata->vif.bss_conf.chandef; - cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); -- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED, -+ cfg80211_cac_event(sdata->dev, &chandef, -+ NL80211_RADAR_CAC_ABORTED, - GFP_KERNEL); - } - ---- a/net/mac80211/iface.c -+++ b/net/mac80211/iface.c -@@ -749,6 +749,7 @@ static void ieee80211_do_stop(struct iee - u32 hw_reconf_flags = 0; - int i, flushed; - struct ps_data *ps; -+ struct cfg80211_chan_def chandef; - - clear_bit(SDATA_STATE_RUNNING, &sdata->state); - -@@ -828,11 +829,13 @@ static void ieee80211_do_stop(struct iee - cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); - - if (sdata->wdev.cac_started) { -+ chandef = sdata->vif.bss_conf.chandef; - WARN_ON(local->suspended); - mutex_lock(&local->iflist_mtx); - ieee80211_vif_release_channel(sdata); - mutex_unlock(&local->iflist_mtx); -- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED, -+ cfg80211_cac_event(sdata->dev, &chandef, -+ NL80211_RADAR_CAC_ABORTED, - GFP_KERNEL); + return; + case NL80211_IFTYPE_MONITOR: +--- a/net/wireless/mesh.c ++++ b/net/wireless/mesh.c +@@ -195,7 +195,7 @@ int __cfg80211_join_mesh(struct cfg80211 + if (!err) { + memcpy(wdev->ssid, setup->mesh_id, setup->mesh_id_len); + wdev->mesh_id_len = setup->mesh_id_len; +- wdev->channel = setup->chandef.chan; ++ wdev->chandef = setup->chandef; } -@@ -1340,7 +1343,6 @@ static void ieee80211_setup_sdata(struct - sdata->vif.bss_conf.bssid = NULL; - break; - case NL80211_IFTYPE_AP_VLAN: -- break; - case NL80211_IFTYPE_P2P_DEVICE: - sdata->vif.bss_conf.bssid = sdata->vif.addr; - break; ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -1398,10 +1398,12 @@ void ieee80211_dfs_cac_timer_work(struct - struct ieee80211_sub_if_data *sdata = - container_of(delayed_work, struct ieee80211_sub_if_data, - dfs_cac_timer_work); -+ struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; - - ieee80211_vif_release_channel(sdata); -- -- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); -+ cfg80211_cac_event(sdata->dev, &chandef, -+ NL80211_RADAR_CAC_FINISHED, -+ GFP_KERNEL); - } + return err; +@@ -244,7 +244,7 @@ int cfg80211_set_mesh_channel(struct cfg + err = rdev_libertas_set_mesh_channel(rdev, wdev->netdev, + chandef->chan); + if (!err) +- wdev->channel = chandef->chan; ++ wdev->chandef = *chandef; - /* MLME */ ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -729,9 +729,7 @@ static void ieee80211_release_reorder_fr - lockdep_assert_held(&tid_agg_rx->reorder_lock); - - while (ieee80211_sn_less(tid_agg_rx->head_seq_num, head_seq_num)) { -- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num, -- tid_agg_rx->ssn) % -- tid_agg_rx->buf_size; -+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; - ieee80211_release_reorder_frame(sdata, tid_agg_rx, index, - frames); + return err; } -@@ -757,8 +755,7 @@ static void ieee80211_sta_reorder_releas - lockdep_assert_held(&tid_agg_rx->reorder_lock); - - /* release the buffer until next missing frame */ -- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num, -- tid_agg_rx->ssn) % tid_agg_rx->buf_size; -+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; - if (!tid_agg_rx->reorder_buf[index] && - tid_agg_rx->stored_mpdu_num) { - /* -@@ -793,15 +790,11 @@ static void ieee80211_sta_reorder_releas - } else while (tid_agg_rx->reorder_buf[index]) { - ieee80211_release_reorder_frame(sdata, tid_agg_rx, index, - frames); -- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num, -- tid_agg_rx->ssn) % -- tid_agg_rx->buf_size; -+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; +@@ -276,7 +276,7 @@ static int __cfg80211_leave_mesh(struct + err = rdev_leave_mesh(rdev, dev); + if (!err) { + wdev->mesh_id_len = 0; +- wdev->channel = NULL; ++ memset(&wdev->chandef, 0, sizeof(wdev->chandef)); + rdev_set_qos_map(rdev, dev, NULL); } - if (tid_agg_rx->stored_mpdu_num) { -- j = index = ieee80211_sn_sub(tid_agg_rx->head_seq_num, -- tid_agg_rx->ssn) % -- tid_agg_rx->buf_size; -+ j = index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; - - for (; j != (index - 1) % tid_agg_rx->buf_size; - j = (j + 1) % tid_agg_rx->buf_size) { -@@ -861,8 +854,7 @@ static bool ieee80211_sta_manage_reorder - - /* Now the new frame is always in the range of the reordering buffer */ - -- index = ieee80211_sn_sub(mpdu_seq_num, -- tid_agg_rx->ssn) % tid_agg_rx->buf_size; -+ index = mpdu_seq_num % tid_agg_rx->buf_size; - - /* check if we already stored this frame */ - if (tid_agg_rx->reorder_buf[index]) { ---- a/net/mac80211/scan.c -+++ b/net/mac80211/scan.c -@@ -526,7 +526,7 @@ static int __ieee80211_start_scan(struct - ieee80211_hw_config(local, 0); - - if ((req->channels[0]->flags & -- IEEE80211_CHAN_PASSIVE_SCAN) || -+ IEEE80211_CHAN_NO_IR) || - !local->scan_req->n_ssids) { - next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; - } else { -@@ -572,7 +572,7 @@ ieee80211_scan_get_channel_time(struct i - * TODO: channel switching also consumes quite some time, - * add that delay as well to get a better estimation - */ -- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) -+ if (chan->flags & IEEE80211_CHAN_NO_IR) - return IEEE80211_PASSIVE_CHANNEL_TIME; - return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; - } -@@ -696,7 +696,7 @@ static void ieee80211_scan_state_set_cha - * - * In any case, it is not necessary for a passive scan. - */ -- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN || -+ if (chan->flags & IEEE80211_CHAN_NO_IR || - !local->scan_req->n_ssids) { - *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; - local->next_scan_state = SCAN_DECISION; -@@ -881,7 +881,7 @@ int ieee80211_request_ibss_scan(struct i - struct ieee80211_channel *tmp_ch = - &local->hw.wiphy->bands[band]->channels[i]; - -- if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS | -+ if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_DISABLED)) - continue; - -@@ -895,7 +895,7 @@ int ieee80211_request_ibss_scan(struct i - - local->int_scan_req->n_channels = n_ch; - } else { -- if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS | -+ if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_DISABLED))) - goto unlock; - ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -1728,8 +1728,7 @@ netdev_tx_t ieee80211_monitor_start_xmit - * radar detection by itself. We can do that later by adding a - * monitor flag interfaces used for AP support. - */ -- if ((chan->flags & (IEEE80211_CHAN_NO_IBSS | IEEE80211_CHAN_RADAR | -- IEEE80211_CHAN_PASSIVE_SCAN))) -+ if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))) - goto fail_rcu; - - ieee80211_xmit(sdata, skb, chan->band); ---- a/net/mac80211/util.c -+++ b/net/mac80211/util.c -@@ -2259,14 +2259,17 @@ u64 ieee80211_calculate_rx_timestamp(str - void ieee80211_dfs_cac_cancel(struct ieee80211_local *local) - { - struct ieee80211_sub_if_data *sdata; -+ struct cfg80211_chan_def chandef; - - mutex_lock(&local->iflist_mtx); - list_for_each_entry(sdata, &local->interfaces, list) { - cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); - - if (sdata->wdev.cac_started) { -+ chandef = sdata->vif.bss_conf.chandef; - ieee80211_vif_release_channel(sdata); - cfg80211_cac_event(sdata->dev, -+ &chandef, - NL80211_RADAR_CAC_ABORTED, - GFP_KERNEL); - } ---- a/net/wireless/chan.c -+++ b/net/wireless/chan.c -@@ -277,6 +277,32 @@ void cfg80211_set_dfs_state(struct wiphy - width, dfs_state); - } - -+static u32 cfg80211_get_start_freq(u32 center_freq, -+ u32 bandwidth) -+{ -+ u32 start_freq; -+ -+ if (bandwidth <= 20) -+ start_freq = center_freq; -+ else -+ start_freq = center_freq - bandwidth/2 + 10; -+ -+ return start_freq; -+} -+ -+static u32 cfg80211_get_end_freq(u32 center_freq, -+ u32 bandwidth) -+{ -+ u32 end_freq; -+ -+ if (bandwidth <= 20) -+ end_freq = center_freq; -+ else -+ end_freq = center_freq + bandwidth/2 - 10; -+ -+ return end_freq; -+} -+ - static int cfg80211_get_chans_dfs_required(struct wiphy *wiphy, - u32 center_freq, - u32 bandwidth) -@@ -284,13 +310,8 @@ static int cfg80211_get_chans_dfs_requir - struct ieee80211_channel *c; - u32 freq, start_freq, end_freq; - -- if (bandwidth <= 20) { -- start_freq = center_freq; -- end_freq = center_freq; -- } else { -- start_freq = center_freq - bandwidth/2 + 10; -- end_freq = center_freq + bandwidth/2 - 10; -- } -+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth); -+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth); +--- a/net/wireless/mlme.c ++++ b/net/wireless/mlme.c +@@ -772,7 +772,7 @@ void cfg80211_cac_event(struct net_devic + if (WARN_ON(!wdev->cac_started)) + return; - for (freq = start_freq; freq <= end_freq; freq += 20) { - c = ieee80211_get_channel(wiphy, freq); -@@ -330,33 +351,159 @@ int cfg80211_chandef_dfs_required(struct - } - EXPORT_SYMBOL(cfg80211_chandef_dfs_required); - --static bool cfg80211_secondary_chans_ok(struct wiphy *wiphy, -- u32 center_freq, u32 bandwidth, -- u32 prohibited_flags) -+static int cfg80211_get_chans_dfs_usable(struct wiphy *wiphy, -+ u32 center_freq, -+ u32 bandwidth) - { - struct ieee80211_channel *c; - u32 freq, start_freq, end_freq; -+ int count = 0; +- if (WARN_ON(!wdev->channel)) ++ if (WARN_ON(!wdev->chandef.chan)) + return; -- if (bandwidth <= 20) { -- start_freq = center_freq; -- end_freq = center_freq; -- } else { -- start_freq = center_freq - bandwidth/2 + 10; -- end_freq = center_freq + bandwidth/2 - 10; -+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth); -+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth); -+ -+ /* -+ * Check entire range of channels for the bandwidth. -+ * Check all channels are DFS channels (DFS_USABLE or -+ * DFS_AVAILABLE). Return number of usable channels -+ * (require CAC). Allow DFS and non-DFS channel mix. -+ */ -+ for (freq = start_freq; freq <= end_freq; freq += 20) { -+ c = ieee80211_get_channel(wiphy, freq); -+ if (!c) -+ return -EINVAL; -+ -+ if (c->flags & IEEE80211_CHAN_DISABLED) -+ return -EINVAL; -+ -+ if (c->flags & IEEE80211_CHAN_RADAR) { -+ if (c->dfs_state == NL80211_DFS_UNAVAILABLE) -+ return -EINVAL; -+ -+ if (c->dfs_state == NL80211_DFS_USABLE) -+ count++; -+ } -+ } -+ -+ return count; -+} -+ -+bool cfg80211_chandef_dfs_usable(struct wiphy *wiphy, -+ const struct cfg80211_chan_def *chandef) -+{ -+ int width; -+ int r1, r2 = 0; -+ -+ if (WARN_ON(!cfg80211_chandef_valid(chandef))) -+ return false; -+ -+ width = cfg80211_chandef_get_width(chandef); -+ if (width < 0) -+ return false; -+ -+ r1 = cfg80211_get_chans_dfs_usable(wiphy, chandef->center_freq1, -+ width); -+ -+ if (r1 < 0) -+ return false; -+ -+ switch (chandef->width) { -+ case NL80211_CHAN_WIDTH_80P80: -+ WARN_ON(!chandef->center_freq2); -+ r2 = cfg80211_get_chans_dfs_usable(wiphy, -+ chandef->center_freq2, -+ width); -+ if (r2 < 0) -+ return false; -+ break; -+ default: -+ WARN_ON(chandef->center_freq2); -+ break; - } - -+ return (r1 + r2 > 0); -+} -+ -+ -+static bool cfg80211_get_chans_dfs_available(struct wiphy *wiphy, -+ u32 center_freq, -+ u32 bandwidth) -+{ -+ struct ieee80211_channel *c; -+ u32 freq, start_freq, end_freq; -+ -+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth); -+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth); -+ -+ /* -+ * Check entire range of channels for the bandwidth. -+ * If any channel in between is disabled or has not -+ * had gone through CAC return false -+ */ - for (freq = start_freq; freq <= end_freq; freq += 20) { - c = ieee80211_get_channel(wiphy, freq); - if (!c) - return false; - -- /* check for radar flags */ -- if ((prohibited_flags & c->flags & IEEE80211_CHAN_RADAR) && -+ if (c->flags & IEEE80211_CHAN_DISABLED) -+ return false; -+ -+ if ((c->flags & IEEE80211_CHAN_RADAR) && - (c->dfs_state != NL80211_DFS_AVAILABLE)) - return false; -+ } -+ -+ return true; -+} -+ -+static bool cfg80211_chandef_dfs_available(struct wiphy *wiphy, -+ const struct cfg80211_chan_def *chandef) -+{ -+ int width; -+ int r; -+ -+ if (WARN_ON(!cfg80211_chandef_valid(chandef))) -+ return false; - -- /* check for the other flags */ -- if (c->flags & prohibited_flags & ~IEEE80211_CHAN_RADAR) -+ width = cfg80211_chandef_get_width(chandef); -+ if (width < 0) -+ return false; -+ -+ r = cfg80211_get_chans_dfs_available(wiphy, chandef->center_freq1, -+ width); -+ -+ /* If any of channels unavailable for cf1 just return */ -+ if (!r) -+ return r; -+ -+ switch (chandef->width) { -+ case NL80211_CHAN_WIDTH_80P80: -+ WARN_ON(!chandef->center_freq2); -+ r = cfg80211_get_chans_dfs_available(wiphy, -+ chandef->center_freq2, -+ width); -+ default: -+ WARN_ON(chandef->center_freq2); -+ break; -+ } -+ -+ return r; -+} -+ -+ -+static bool cfg80211_secondary_chans_ok(struct wiphy *wiphy, -+ u32 center_freq, u32 bandwidth, -+ u32 prohibited_flags) -+{ -+ struct ieee80211_channel *c; -+ u32 freq, start_freq, end_freq; -+ -+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth); -+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth); -+ -+ for (freq = start_freq; freq <= end_freq; freq += 20) { -+ c = ieee80211_get_channel(wiphy, freq); -+ if (!c || c->flags & prohibited_flags) - return false; - } - -@@ -462,14 +609,19 @@ bool cfg80211_reg_can_beacon(struct wiph - struct cfg80211_chan_def *chandef) - { - bool res; -+ u32 prohibited_flags = IEEE80211_CHAN_DISABLED | -+ IEEE80211_CHAN_NO_IR | -+ IEEE80211_CHAN_RADAR; - - trace_cfg80211_reg_can_beacon(wiphy, chandef); - -- res = cfg80211_chandef_usable(wiphy, chandef, -- IEEE80211_CHAN_DISABLED | -- IEEE80211_CHAN_PASSIVE_SCAN | -- IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_RADAR); -+ if (cfg80211_chandef_dfs_required(wiphy, chandef) > 0 && -+ cfg80211_chandef_dfs_available(wiphy, chandef)) { -+ /* We can skip IEEE80211_CHAN_NO_IR if chandef dfs available */ -+ prohibited_flags = IEEE80211_CHAN_DISABLED; -+ } -+ -+ res = cfg80211_chandef_usable(wiphy, chandef, prohibited_flags); - - trace_cfg80211_return_bool(res); - return res; ---- a/net/wireless/core.h -+++ b/net/wireless/core.h -@@ -382,6 +382,19 @@ int cfg80211_can_use_iftype_chan(struct - enum cfg80211_chan_mode chanmode, - u8 radar_detect); - -+/** -+ * cfg80211_chandef_dfs_usable - checks if chandef is DFS usable -+ * @wiphy: the wiphy to validate against -+ * @chandef: the channel definition to check -+ * -+ * Checks if chandef is usable and we can/need start CAC on such channel. -+ * -+ * Return: Return true if all channels available and at least -+ * one channel require CAC (NL80211_DFS_USABLE) -+ */ -+bool cfg80211_chandef_dfs_usable(struct wiphy *wiphy, -+ const struct cfg80211_chan_def *chandef); -+ - void cfg80211_set_dfs_state(struct wiphy *wiphy, - const struct cfg80211_chan_def *chandef, - enum nl80211_dfs_state dfs_state); ---- a/net/wireless/genregdb.awk -+++ b/net/wireless/genregdb.awk -@@ -107,10 +107,13 @@ active && /^[ \t]*\(/ { - } else if (flagarray[arg] == "PTMP-ONLY") { - flags = flags "\n\t\t\tNL80211_RRF_PTMP_ONLY | " - } else if (flagarray[arg] == "PASSIVE-SCAN") { -- flags = flags "\n\t\t\tNL80211_RRF_PASSIVE_SCAN | " -+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | " - } else if (flagarray[arg] == "NO-IBSS") { -- flags = flags "\n\t\t\tNL80211_RRF_NO_IBSS | " -+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | " -+ } else if (flagarray[arg] == "NO-IR") { -+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | " - } -+ - } - flags = flags "0" - printf "\t\tREG_RULE(%d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, flags ---- a/net/wireless/ibss.c -+++ b/net/wireless/ibss.c -@@ -274,7 +274,7 @@ int cfg80211_ibss_wext_join(struct cfg80 - - for (i = 0; i < sband->n_channels; i++) { - chan = &sband->channels[i]; -- if (chan->flags & IEEE80211_CHAN_NO_IBSS) -+ if (chan->flags & IEEE80211_CHAN_NO_IR) - continue; - if (chan->flags & IEEE80211_CHAN_DISABLED) - continue; -@@ -345,7 +345,7 @@ int cfg80211_ibss_wext_siwfreq(struct ne - chan = ieee80211_get_channel(wdev->wiphy, freq); - if (!chan) - return -EINVAL; -- if (chan->flags & IEEE80211_CHAN_NO_IBSS || -+ if (chan->flags & IEEE80211_CHAN_NO_IR || - chan->flags & IEEE80211_CHAN_DISABLED) - return -EINVAL; - } ---- a/net/wireless/mesh.c -+++ b/net/wireless/mesh.c -@@ -141,8 +141,7 @@ int __cfg80211_join_mesh(struct cfg80211 - - for (i = 0; i < sband->n_channels; i++) { - chan = &sband->channels[i]; -- if (chan->flags & (IEEE80211_CHAN_NO_IBSS | -- IEEE80211_CHAN_PASSIVE_SCAN | -+ if (chan->flags & (IEEE80211_CHAN_NO_IR | - IEEE80211_CHAN_DISABLED | - IEEE80211_CHAN_RADAR)) - continue; ---- a/net/wireless/mlme.c -+++ b/net/wireless/mlme.c -@@ -763,12 +763,12 @@ void cfg80211_radar_event(struct wiphy * - EXPORT_SYMBOL(cfg80211_radar_event); - - void cfg80211_cac_event(struct net_device *netdev, -+ const struct cfg80211_chan_def *chandef, - enum nl80211_radar_event event, gfp_t gfp) - { - struct wireless_dev *wdev = netdev->ieee80211_ptr; - struct wiphy *wiphy = wdev->wiphy; - struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); -- struct cfg80211_chan_def chandef; - unsigned long timeout; - - trace_cfg80211_cac_event(netdev, event); -@@ -779,14 +779,12 @@ void cfg80211_cac_event(struct net_devic - if (WARN_ON(!wdev->channel)) - return; - -- cfg80211_chandef_create(&chandef, wdev->channel, NL80211_CHAN_NO_HT); -- switch (event) { - case NL80211_RADAR_CAC_FINISHED: - timeout = wdev->cac_start_time + - msecs_to_jiffies(IEEE80211_DFS_MIN_CAC_TIME_MS); - WARN_ON(!time_after_eq(jiffies, timeout)); -- cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_AVAILABLE); -+ cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); - break; - case NL80211_RADAR_CAC_ABORTED: - break; -@@ -796,6 +794,6 @@ void cfg80211_cac_event(struct net_devic - } - wdev->cac_started = false; - -- nl80211_radar_notify(rdev, &chandef, event, netdev, gfp); -+ nl80211_radar_notify(rdev, chandef, event, netdev, gfp); - } - EXPORT_SYMBOL(cfg80211_cac_event); ---- a/net/wireless/nl80211.c -+++ b/net/wireless/nl80211.c -@@ -545,12 +545,12 @@ static int nl80211_msg_put_channel(struc - if ((chan->flags & IEEE80211_CHAN_DISABLED) && - nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) - goto nla_put_failure; -- if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && -- nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) -- goto nla_put_failure; -- if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && -- nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) -- goto nla_put_failure; -+ if (chan->flags & IEEE80211_CHAN_NO_IR) { -+ if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) -+ goto nla_put_failure; -+ if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) -+ goto nla_put_failure; -+ } - if (chan->flags & IEEE80211_CHAN_RADAR) { - if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) - goto nla_put_failure; -@@ -1229,7 +1229,7 @@ static int nl80211_send_wiphy(struct cfg - nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) - goto nla_put_failure; - if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && -- nla_put_flag(msg, WIPHY_FLAG_SUPPORTS_5_10_MHZ)) -+ nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_10_MHZ)) - goto nla_put_failure; - - state->split_start++; -@@ -2170,7 +2170,7 @@ static inline u64 wdev_id(struct wireles - } - - static int nl80211_send_chandef(struct sk_buff *msg, -- struct cfg80211_chan_def *chandef) -+ const struct cfg80211_chan_def *chandef) - { - WARN_ON(!cfg80211_chandef_valid(chandef)); - -@@ -5653,7 +5653,7 @@ static int nl80211_start_radar_detection - if (err == 0) - return -EINVAL; - -- if (chandef.chan->dfs_state != NL80211_DFS_USABLE) -+ if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef)) - return -EINVAL; - - if (!rdev->ops->start_radar_detection) -@@ -10882,7 +10882,7 @@ EXPORT_SYMBOL(cfg80211_cqm_txe_notify); - - void - nl80211_radar_notify(struct cfg80211_registered_device *rdev, -- struct cfg80211_chan_def *chandef, -+ const struct cfg80211_chan_def *chandef, - enum nl80211_radar_event event, - struct net_device *netdev, gfp_t gfp) - { ---- a/net/wireless/nl80211.h -+++ b/net/wireless/nl80211.h -@@ -70,7 +70,7 @@ int nl80211_send_mgmt(struct cfg80211_re - - void - nl80211_radar_notify(struct cfg80211_registered_device *rdev, -- struct cfg80211_chan_def *chandef, -+ const struct cfg80211_chan_def *chandef, - enum nl80211_radar_event event, - struct net_device *netdev, gfp_t gfp); - ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -163,35 +163,29 @@ static const struct ieee80211_regdomain - REG_RULE(2412-10, 2462+10, 40, 6, 20, 0), - /* IEEE 802.11b/g, channels 12..13. */ - REG_RULE(2467-10, 2472+10, 40, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - /* IEEE 802.11 channel 14 - Only JP enables - * this and for 802.11b only */ - REG_RULE(2484-10, 2484+10, 20, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_NO_OFDM), - /* IEEE 802.11a, channel 36..48 */ - REG_RULE(5180-10, 5240+10, 160, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - - /* IEEE 802.11a, channel 52..64 - DFS required */ - REG_RULE(5260-10, 5320+10, 160, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_DFS), - - /* IEEE 802.11a, channel 100..144 - DFS required */ - REG_RULE(5500-10, 5720+10, 160, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS | -+ NL80211_RRF_NO_IR | - NL80211_RRF_DFS), - - /* IEEE 802.11a, channel 149..165 */ - REG_RULE(5745-10, 5825+10, 80, 6, 20, -- NL80211_RRF_PASSIVE_SCAN | -- NL80211_RRF_NO_IBSS), -+ NL80211_RRF_NO_IR), - - /* IEEE 802.11ad (60gHz), channels 1..3 */ - REG_RULE(56160+2160*1-1080, 56160+2160*3+1080, 2160, 0, 0, 0), -@@ -698,10 +692,8 @@ regdom_intersect(const struct ieee80211_ - static u32 map_regdom_flags(u32 rd_flags) - { - u32 channel_flags = 0; -- if (rd_flags & NL80211_RRF_PASSIVE_SCAN) -- channel_flags |= IEEE80211_CHAN_PASSIVE_SCAN; -- if (rd_flags & NL80211_RRF_NO_IBSS) -- channel_flags |= IEEE80211_CHAN_NO_IBSS; -+ if (rd_flags & NL80211_RRF_NO_IR_ALL) -+ channel_flags |= IEEE80211_CHAN_NO_IR; - if (rd_flags & NL80211_RRF_DFS) - channel_flags |= IEEE80211_CHAN_RADAR; - if (rd_flags & NL80211_RRF_NO_OFDM) -@@ -1066,13 +1058,8 @@ static void handle_reg_beacon(struct wip - chan_before.center_freq = chan->center_freq; - chan_before.flags = chan->flags; - -- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) { -- chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; -- channel_changed = true; -- } -- -- if (chan->flags & IEEE80211_CHAN_NO_IBSS) { -- chan->flags &= ~IEEE80211_CHAN_NO_IBSS; -+ if (chan->flags & IEEE80211_CHAN_NO_IR) { -+ chan->flags &= ~IEEE80211_CHAN_NO_IR; - channel_changed = true; - } - ---- /dev/null -+++ b/drivers/net/wireless/ath/ath9k/ar9003_wow.c -@@ -0,0 +1,422 @@ -+/* -+ * Copyright (c) 2012 Qualcomm Atheros, Inc. -+ * -+ * Permission to use, copy, modify, and/or distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include -+#include "ath9k.h" -+#include "reg.h" -+#include "hw-ops.h" -+ -+const char *ath9k_hw_wow_event_to_string(u32 wow_event) -+{ -+ if (wow_event & AH_WOW_MAGIC_PATTERN_EN) -+ return "Magic pattern"; -+ if (wow_event & AH_WOW_USER_PATTERN_EN) -+ return "User pattern"; -+ if (wow_event & AH_WOW_LINK_CHANGE) -+ return "Link change"; -+ if (wow_event & AH_WOW_BEACON_MISS) -+ return "Beacon miss"; -+ -+ return "unknown reason"; -+} -+EXPORT_SYMBOL(ath9k_hw_wow_event_to_string); -+ -+static void ath9k_hw_set_powermode_wow_sleep(struct ath_hw *ah) -+{ -+ struct ath_common *common = ath9k_hw_common(ah); -+ -+ REG_SET_BIT(ah, AR_STA_ID1, AR_STA_ID1_PWR_SAV); -+ -+ /* set rx disable bit */ -+ REG_WRITE(ah, AR_CR, AR_CR_RXD); -+ -+ if (!ath9k_hw_wait(ah, AR_CR, AR_CR_RXE, 0, AH_WAIT_TIMEOUT)) { -+ ath_err(common, "Failed to stop Rx DMA in 10ms AR_CR=0x%08x AR_DIAG_SW=0x%08x\n", -+ REG_READ(ah, AR_CR), REG_READ(ah, AR_DIAG_SW)); -+ return; -+ } -+ -+ REG_WRITE(ah, AR_RTC_FORCE_WAKE, AR_RTC_FORCE_WAKE_ON_INT); -+} -+ -+static void ath9k_wow_create_keep_alive_pattern(struct ath_hw *ah) -+{ -+ struct ath_common *common = ath9k_hw_common(ah); -+ u8 sta_mac_addr[ETH_ALEN], ap_mac_addr[ETH_ALEN]; -+ u32 ctl[13] = {0}; -+ u32 data_word[KAL_NUM_DATA_WORDS]; -+ u8 i; -+ u32 wow_ka_data_word0; -+ -+ memcpy(sta_mac_addr, common->macaddr, ETH_ALEN); -+ memcpy(ap_mac_addr, common->curbssid, ETH_ALEN); -+ -+ /* set the transmit buffer */ -+ ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16)); -+ ctl[1] = 0; -+ ctl[3] = 0xb; /* OFDM_6M hardware value for this rate */ -+ ctl[4] = 0; -+ ctl[7] = (ah->txchainmask) << 2; -+ ctl[2] = 0xf << 16; /* tx_tries 0 */ -+ -+ for (i = 0; i < KAL_NUM_DESC_WORDS; i++) -+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]); -+ -+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]); -+ -+ data_word[0] = (KAL_FRAME_TYPE << 2) | (KAL_FRAME_SUB_TYPE << 4) | -+ (KAL_TO_DS << 8) | (KAL_DURATION_ID << 16); -+ data_word[1] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) | -+ (ap_mac_addr[1] << 8) | (ap_mac_addr[0]); -+ data_word[2] = (sta_mac_addr[1] << 24) | (sta_mac_addr[0] << 16) | -+ (ap_mac_addr[5] << 8) | (ap_mac_addr[4]); -+ data_word[3] = (sta_mac_addr[5] << 24) | (sta_mac_addr[4] << 16) | -+ (sta_mac_addr[3] << 8) | (sta_mac_addr[2]); -+ data_word[4] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) | -+ (ap_mac_addr[1] << 8) | (ap_mac_addr[0]); -+ data_word[5] = (ap_mac_addr[5] << 8) | (ap_mac_addr[4]); -+ -+ if (AR_SREV_9462_20(ah)) { -+ /* AR9462 2.0 has an extra descriptor word (time based -+ * discard) compared to other chips */ -+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + (12 * 4)), 0); -+ wow_ka_data_word0 = AR_WOW_TXBUF(13); -+ } else { -+ wow_ka_data_word0 = AR_WOW_TXBUF(12); -+ } -+ -+ for (i = 0; i < KAL_NUM_DATA_WORDS; i++) -+ REG_WRITE(ah, (wow_ka_data_word0 + i*4), data_word[i]); -+ -+} -+ -+void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern, -+ u8 *user_mask, int pattern_count, -+ int pattern_len) -+{ -+ int i; -+ u32 pattern_val, mask_val; -+ u32 set, clr; -+ -+ /* FIXME: should check count by querying the hardware capability */ -+ if (pattern_count >= MAX_NUM_PATTERN) -+ return; -+ -+ REG_SET_BIT(ah, AR_WOW_PATTERN, BIT(pattern_count)); -+ -+ /* set the registers for pattern */ -+ for (i = 0; i < MAX_PATTERN_SIZE; i += 4) { -+ memcpy(&pattern_val, user_pattern, 4); -+ REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i), -+ pattern_val); -+ user_pattern += 4; -+ } -+ -+ /* set the registers for mask */ -+ for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) { -+ memcpy(&mask_val, user_mask, 4); -+ REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val); -+ user_mask += 4; -+ } -+ -+ /* set the pattern length to be matched -+ * -+ * AR_WOW_LENGTH1_REG1 -+ * bit 31:24 pattern 0 length -+ * bit 23:16 pattern 1 length -+ * bit 15:8 pattern 2 length -+ * bit 7:0 pattern 3 length -+ * -+ * AR_WOW_LENGTH1_REG2 -+ * bit 31:24 pattern 4 length -+ * bit 23:16 pattern 5 length -+ * bit 15:8 pattern 6 length -+ * bit 7:0 pattern 7 length -+ * -+ * the below logic writes out the new -+ * pattern length for the corresponding -+ * pattern_count, while masking out the -+ * other fields -+ */ -+ -+ ah->wow_event_mask |= BIT(pattern_count + AR_WOW_PAT_FOUND_SHIFT); -+ -+ if (pattern_count < 4) { -+ /* Pattern 0-3 uses AR_WOW_LENGTH1 register */ -+ set = (pattern_len & AR_WOW_LENGTH_MAX) << -+ AR_WOW_LEN1_SHIFT(pattern_count); -+ clr = AR_WOW_LENGTH1_MASK(pattern_count); -+ REG_RMW(ah, AR_WOW_LENGTH1, set, clr); -+ } else { -+ /* Pattern 4-7 uses AR_WOW_LENGTH2 register */ -+ set = (pattern_len & AR_WOW_LENGTH_MAX) << -+ AR_WOW_LEN2_SHIFT(pattern_count); -+ clr = AR_WOW_LENGTH2_MASK(pattern_count); -+ REG_RMW(ah, AR_WOW_LENGTH2, set, clr); -+ } -+ -+} -+EXPORT_SYMBOL(ath9k_hw_wow_apply_pattern); -+ -+u32 ath9k_hw_wow_wakeup(struct ath_hw *ah) -+{ -+ u32 wow_status = 0; -+ u32 val = 0, rval; -+ -+ /* -+ * read the WoW status register to know -+ * the wakeup reason -+ */ -+ rval = REG_READ(ah, AR_WOW_PATTERN); -+ val = AR_WOW_STATUS(rval); -+ -+ /* -+ * mask only the WoW events that we have enabled. Sometimes -+ * we have spurious WoW events from the AR_WOW_PATTERN -+ * register. This mask will clean it up. -+ */ -+ -+ val &= ah->wow_event_mask; -+ -+ if (val) { -+ if (val & AR_WOW_MAGIC_PAT_FOUND) -+ wow_status |= AH_WOW_MAGIC_PATTERN_EN; -+ if (AR_WOW_PATTERN_FOUND(val)) -+ wow_status |= AH_WOW_USER_PATTERN_EN; -+ if (val & AR_WOW_KEEP_ALIVE_FAIL) -+ wow_status |= AH_WOW_LINK_CHANGE; -+ if (val & AR_WOW_BEACON_FAIL) -+ wow_status |= AH_WOW_BEACON_MISS; -+ } -+ -+ /* -+ * set and clear WOW_PME_CLEAR registers for the chip to -+ * generate next wow signal. -+ * disable D3 before accessing other registers ? -+ */ -+ -+ /* do we need to check the bit value 0x01000000 (7-10) ?? */ -+ REG_RMW(ah, AR_PCIE_PM_CTRL, AR_PMCTRL_WOW_PME_CLR, -+ AR_PMCTRL_PWR_STATE_D1D3); -+ -+ /* -+ * clear all events -+ */ -+ REG_WRITE(ah, AR_WOW_PATTERN, -+ AR_WOW_CLEAR_EVENTS(REG_READ(ah, AR_WOW_PATTERN))); -+ -+ /* -+ * restore the beacon threshold to init value -+ */ -+ REG_WRITE(ah, AR_RSSI_THR, INIT_RSSI_THR); -+ -+ /* -+ * Restore the way the PCI-E reset, Power-On-Reset, external -+ * PCIE_POR_SHORT pins are tied to its original value. -+ * Previously just before WoW sleep, we untie the PCI-E -+ * reset to our Chip's Power On Reset so that any PCI-E -+ * reset from the bus will not reset our chip -+ */ -+ if (ah->is_pciexpress) -+ ath9k_hw_configpcipowersave(ah, false); -+ -+ ah->wow_event_mask = 0; -+ -+ return wow_status; -+} -+EXPORT_SYMBOL(ath9k_hw_wow_wakeup); -+ -+void ath9k_hw_wow_enable(struct ath_hw *ah, u32 pattern_enable) -+{ -+ u32 wow_event_mask; -+ u32 set, clr; -+ -+ /* -+ * wow_event_mask is a mask to the AR_WOW_PATTERN register to -+ * indicate which WoW events we have enabled. The WoW events -+ * are from the 'pattern_enable' in this function and -+ * 'pattern_count' of ath9k_hw_wow_apply_pattern() -+ */ -+ wow_event_mask = ah->wow_event_mask; -+ -+ /* -+ * Untie Power-on-Reset from the PCI-E-Reset. When we are in -+ * WOW sleep, we do want the Reset from the PCI-E to disturb -+ * our hw state -+ */ -+ if (ah->is_pciexpress) { -+ /* -+ * we need to untie the internal POR (power-on-reset) -+ * to the external PCI-E reset. We also need to tie -+ * the PCI-E Phy reset to the PCI-E reset. -+ */ -+ set = AR_WA_RESET_EN | AR_WA_POR_SHORT; -+ clr = AR_WA_UNTIE_RESET_EN | AR_WA_D3_L1_DISABLE; -+ REG_RMW(ah, AR_WA, set, clr); -+ } -+ -+ /* -+ * set the power states appropriately and enable PME -+ */ -+ set = AR_PMCTRL_HOST_PME_EN | AR_PMCTRL_PWR_PM_CTRL_ENA | -+ AR_PMCTRL_AUX_PWR_DET | AR_PMCTRL_WOW_PME_CLR; -+ -+ /* -+ * set and clear WOW_PME_CLEAR registers for the chip -+ * to generate next wow signal. -+ */ -+ REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set); -+ clr = AR_PMCTRL_WOW_PME_CLR; -+ REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr); -+ -+ /* -+ * Setup for: -+ * - beacon misses -+ * - magic pattern -+ * - keep alive timeout -+ * - pattern matching -+ */ -+ -+ /* -+ * Program default values for pattern backoff, aifs/slot/KAL count, -+ * beacon miss timeout, KAL timeout, etc. -+ */ -+ set = AR_WOW_BACK_OFF_SHIFT(AR_WOW_PAT_BACKOFF); -+ REG_SET_BIT(ah, AR_WOW_PATTERN, set); -+ -+ set = AR_WOW_AIFS_CNT(AR_WOW_CNT_AIFS_CNT) | -+ AR_WOW_SLOT_CNT(AR_WOW_CNT_SLOT_CNT) | -+ AR_WOW_KEEP_ALIVE_CNT(AR_WOW_CNT_KA_CNT); -+ REG_SET_BIT(ah, AR_WOW_COUNT, set); -+ -+ if (pattern_enable & AH_WOW_BEACON_MISS) -+ set = AR_WOW_BEACON_TIMO; -+ /* We are not using beacon miss, program a large value */ -+ else -+ set = AR_WOW_BEACON_TIMO_MAX; -+ -+ REG_WRITE(ah, AR_WOW_BCN_TIMO, set); -+ -+ /* -+ * Keep alive timo in ms except AR9280 -+ */ -+ if (!pattern_enable) -+ set = AR_WOW_KEEP_ALIVE_NEVER; -+ else -+ set = KAL_TIMEOUT * 32; -+ -+ REG_WRITE(ah, AR_WOW_KEEP_ALIVE_TIMO, set); -+ -+ /* -+ * Keep alive delay in us. based on 'power on clock', -+ * therefore in usec -+ */ -+ set = KAL_DELAY * 1000; -+ REG_WRITE(ah, AR_WOW_KEEP_ALIVE_DELAY, set); -+ -+ /* -+ * Create keep alive pattern to respond to beacons -+ */ -+ ath9k_wow_create_keep_alive_pattern(ah); -+ -+ /* -+ * Configure MAC WoW Registers -+ */ -+ set = 0; -+ /* Send keep alive timeouts anyway */ -+ clr = AR_WOW_KEEP_ALIVE_AUTO_DIS; -+ -+ if (pattern_enable & AH_WOW_LINK_CHANGE) -+ wow_event_mask |= AR_WOW_KEEP_ALIVE_FAIL; -+ else -+ set = AR_WOW_KEEP_ALIVE_FAIL_DIS; -+ -+ set = AR_WOW_KEEP_ALIVE_FAIL_DIS; -+ REG_RMW(ah, AR_WOW_KEEP_ALIVE, set, clr); -+ -+ /* -+ * we are relying on a bmiss failure. ensure we have -+ * enough threshold to prevent false positives -+ */ -+ REG_RMW_FIELD(ah, AR_RSSI_THR, AR_RSSI_THR_BM_THR, -+ AR_WOW_BMISSTHRESHOLD); -+ -+ set = 0; -+ clr = 0; -+ -+ if (pattern_enable & AH_WOW_BEACON_MISS) { -+ set = AR_WOW_BEACON_FAIL_EN; -+ wow_event_mask |= AR_WOW_BEACON_FAIL; -+ } else { -+ clr = AR_WOW_BEACON_FAIL_EN; -+ } -+ -+ REG_RMW(ah, AR_WOW_BCN_EN, set, clr); -+ -+ set = 0; -+ clr = 0; -+ /* -+ * Enable the magic packet registers -+ */ -+ if (pattern_enable & AH_WOW_MAGIC_PATTERN_EN) { -+ set = AR_WOW_MAGIC_EN; -+ wow_event_mask |= AR_WOW_MAGIC_PAT_FOUND; -+ } else { -+ clr = AR_WOW_MAGIC_EN; -+ } -+ set |= AR_WOW_MAC_INTR_EN; -+ REG_RMW(ah, AR_WOW_PATTERN, set, clr); -+ -+ REG_WRITE(ah, AR_WOW_PATTERN_MATCH_LT_256B, -+ AR_WOW_PATTERN_SUPPORTED); -+ -+ /* -+ * Set the power states appropriately and enable PME -+ */ -+ clr = 0; -+ set = AR_PMCTRL_PWR_STATE_D1D3 | AR_PMCTRL_HOST_PME_EN | -+ AR_PMCTRL_PWR_PM_CTRL_ENA; -+ -+ clr = AR_PCIE_PM_CTRL_ENA; -+ REG_RMW(ah, AR_PCIE_PM_CTRL, set, clr); -+ -+ /* -+ * this is needed to prevent the chip waking up -+ * the host within 3-4 seconds with certain -+ * platform/BIOS. The fix is to enable -+ * D1 & D3 to match original definition and -+ * also match the OTP value. Anyway this -+ * is more related to SW WOW. -+ */ -+ clr = AR_PMCTRL_PWR_STATE_D1D3; -+ REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr); -+ -+ set = AR_PMCTRL_PWR_STATE_D1D3_REAL; -+ REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set); -+ -+ REG_CLR_BIT(ah, AR_STA_ID1, AR_STA_ID1_PRESERVE_SEQNUM); -+ -+ /* to bring down WOW power low margin */ -+ set = BIT(13); -+ REG_SET_BIT(ah, AR_PCIE_PHY_REG3, set); -+ /* HW WoW */ -+ clr = BIT(5); -+ REG_CLR_BIT(ah, AR_PCU_MISC_MODE3, clr); -+ -+ ath9k_hw_set_powermode_wow_sleep(ah); -+ ah->wow_event_mask = wow_event_mask; -+} -+EXPORT_SYMBOL(ath9k_hw_wow_enable); ---- /dev/null -+++ b/drivers/net/wireless/ath/ath9k/tx99.c -@@ -0,0 +1,263 @@ -+/* -+ * Copyright (c) 2013 Qualcomm Atheros, Inc. -+ * -+ * Permission to use, copy, modify, and/or distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include "ath9k.h" -+ -+static void ath9k_tx99_stop(struct ath_softc *sc) -+{ -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ -+ ath_drain_all_txq(sc); -+ ath_startrecv(sc); -+ -+ ath9k_hw_set_interrupts(ah); -+ ath9k_hw_enable_interrupts(ah); -+ -+ ieee80211_wake_queues(sc->hw); -+ -+ kfree_skb(sc->tx99_skb); -+ sc->tx99_skb = NULL; -+ sc->tx99_state = false; -+ -+ ath9k_hw_tx99_stop(sc->sc_ah); -+ ath_dbg(common, XMIT, "TX99 stopped\n"); -+} -+ -+static struct sk_buff *ath9k_build_tx99_skb(struct ath_softc *sc) -+{ -+ static u8 PN9Data[] = {0xff, 0x87, 0xb8, 0x59, 0xb7, 0xa1, 0xcc, 0x24, -+ 0x57, 0x5e, 0x4b, 0x9c, 0x0e, 0xe9, 0xea, 0x50, -+ 0x2a, 0xbe, 0xb4, 0x1b, 0xb6, 0xb0, 0x5d, 0xf1, -+ 0xe6, 0x9a, 0xe3, 0x45, 0xfd, 0x2c, 0x53, 0x18, -+ 0x0c, 0xca, 0xc9, 0xfb, 0x49, 0x37, 0xe5, 0xa8, -+ 0x51, 0x3b, 0x2f, 0x61, 0xaa, 0x72, 0x18, 0x84, -+ 0x02, 0x23, 0x23, 0xab, 0x63, 0x89, 0x51, 0xb3, -+ 0xe7, 0x8b, 0x72, 0x90, 0x4c, 0xe8, 0xfb, 0xc0}; -+ u32 len = 1200; -+ struct ieee80211_hw *hw = sc->hw; -+ struct ieee80211_hdr *hdr; -+ struct ieee80211_tx_info *tx_info; -+ struct sk_buff *skb; -+ -+ skb = alloc_skb(len, GFP_KERNEL); -+ if (!skb) -+ return NULL; -+ -+ skb_put(skb, len); -+ -+ memset(skb->data, 0, len); -+ -+ hdr = (struct ieee80211_hdr *)skb->data; -+ hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA); -+ hdr->duration_id = 0; -+ -+ memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN); -+ memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN); -+ memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN); -+ -+ hdr->seq_ctrl |= cpu_to_le16(sc->tx.seq_no); -+ -+ tx_info = IEEE80211_SKB_CB(skb); -+ memset(tx_info, 0, sizeof(*tx_info)); -+ tx_info->band = hw->conf.chandef.chan->band; -+ tx_info->flags = IEEE80211_TX_CTL_NO_ACK; -+ tx_info->control.vif = sc->tx99_vif; -+ -+ memcpy(skb->data + sizeof(*hdr), PN9Data, sizeof(PN9Data)); -+ -+ return skb; -+} -+ -+static void ath9k_tx99_deinit(struct ath_softc *sc) -+{ -+ ath_reset(sc); -+ -+ ath9k_ps_wakeup(sc); -+ ath9k_tx99_stop(sc); -+ ath9k_ps_restore(sc); -+} -+ -+static int ath9k_tx99_init(struct ath_softc *sc) -+{ -+ struct ieee80211_hw *hw = sc->hw; -+ struct ath_hw *ah = sc->sc_ah; -+ struct ath_common *common = ath9k_hw_common(ah); -+ struct ath_tx_control txctl; -+ int r; -+ -+ if (test_bit(SC_OP_INVALID, &sc->sc_flags)) { -+ ath_err(common, -+ "driver is in invalid state unable to use TX99"); -+ return -EINVAL; -+ } -+ -+ sc->tx99_skb = ath9k_build_tx99_skb(sc); -+ if (!sc->tx99_skb) -+ return -ENOMEM; -+ -+ memset(&txctl, 0, sizeof(txctl)); -+ txctl.txq = sc->tx.txq_map[IEEE80211_AC_VO]; -+ -+ ath_reset(sc); -+ -+ ath9k_ps_wakeup(sc); -+ -+ ath9k_hw_disable_interrupts(ah); -+ atomic_set(&ah->intr_ref_cnt, -1); -+ ath_drain_all_txq(sc); -+ ath_stoprecv(sc); -+ -+ sc->tx99_state = true; -+ -+ ieee80211_stop_queues(hw); -+ -+ if (sc->tx99_power == MAX_RATE_POWER + 1) -+ sc->tx99_power = MAX_RATE_POWER; -+ -+ ath9k_hw_tx99_set_txpower(ah, sc->tx99_power); -+ r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl); -+ if (r) { -+ ath_dbg(common, XMIT, "Failed to xmit TX99 skb\n"); -+ return r; -+ } -+ -+ ath_dbg(common, XMIT, "TX99 xmit started using %d ( %ddBm)\n", -+ sc->tx99_power, -+ sc->tx99_power / 2); -+ -+ /* We leave the harware awake as it will be chugging on */ -+ -+ return 0; -+} -+ -+static ssize_t read_file_tx99(struct file *file, char __user *user_buf, -+ size_t count, loff_t *ppos) -+{ -+ struct ath_softc *sc = file->private_data; -+ char buf[3]; -+ unsigned int len; -+ -+ len = sprintf(buf, "%d\n", sc->tx99_state); -+ return simple_read_from_buffer(user_buf, count, ppos, buf, len); -+} -+ -+static ssize_t write_file_tx99(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) -+{ -+ struct ath_softc *sc = file->private_data; -+ struct ath_common *common = ath9k_hw_common(sc->sc_ah); -+ char buf[32]; -+ bool start; -+ ssize_t len; -+ int r; -+ -+ if (sc->nvifs > 1) -+ return -EOPNOTSUPP; -+ -+ len = min(count, sizeof(buf) - 1); -+ if (copy_from_user(buf, user_buf, len)) -+ return -EFAULT; -+ -+ if (strtobool(buf, &start)) -+ return -EINVAL; -+ -+ if (start == sc->tx99_state) { -+ if (!start) -+ return count; -+ ath_dbg(common, XMIT, "Resetting TX99\n"); -+ ath9k_tx99_deinit(sc); -+ } -+ -+ if (!start) { -+ ath9k_tx99_deinit(sc); -+ return count; -+ } -+ -+ r = ath9k_tx99_init(sc); -+ if (r) -+ return r; -+ -+ return count; -+} -+ -+static const struct file_operations fops_tx99 = { -+ .read = read_file_tx99, -+ .write = write_file_tx99, -+ .open = simple_open, -+ .owner = THIS_MODULE, -+ .llseek = default_llseek, -+}; -+ -+static ssize_t read_file_tx99_power(struct file *file, -+ char __user *user_buf, -+ size_t count, loff_t *ppos) -+{ -+ struct ath_softc *sc = file->private_data; -+ char buf[32]; -+ unsigned int len; -+ -+ len = sprintf(buf, "%d (%d dBm)\n", -+ sc->tx99_power, -+ sc->tx99_power / 2); -+ -+ return simple_read_from_buffer(user_buf, count, ppos, buf, len); -+} -+ -+static ssize_t write_file_tx99_power(struct file *file, -+ const char __user *user_buf, -+ size_t count, loff_t *ppos) -+{ -+ struct ath_softc *sc = file->private_data; -+ int r; -+ u8 tx_power; -+ -+ r = kstrtou8_from_user(user_buf, count, 0, &tx_power); -+ if (r) -+ return r; -+ -+ if (tx_power > MAX_RATE_POWER) -+ return -EINVAL; -+ -+ sc->tx99_power = tx_power; -+ -+ ath9k_ps_wakeup(sc); -+ ath9k_hw_tx99_set_txpower(sc->sc_ah, sc->tx99_power); -+ ath9k_ps_restore(sc); -+ -+ return count; -+} -+ -+static const struct file_operations fops_tx99_power = { -+ .read = read_file_tx99_power, -+ .write = write_file_tx99_power, -+ .open = simple_open, -+ .owner = THIS_MODULE, -+ .llseek = default_llseek, -+}; -+ -+void ath9k_tx99_init_debug(struct ath_softc *sc) -+{ -+ if (!AR_SREV_9300_20_OR_LATER(sc->sc_ah)) -+ return; -+ -+ debugfs_create_file("tx99", S_IRUSR | S_IWUSR, -+ sc->debug.debugfs_phy, sc, -+ &fops_tx99); -+ debugfs_create_file("tx99_power", S_IRUSR | S_IWUSR, -+ sc->debug.debugfs_phy, sc, -+ &fops_tx99_power); -+} ---- a/drivers/net/wireless/ath/ath9k/dfs_debug.c -+++ b/drivers/net/wireless/ath/ath9k/dfs_debug.c -@@ -44,14 +44,20 @@ static ssize_t read_file_dfs(struct file - if (buf == NULL) - return -ENOMEM; - -- if (sc->dfs_detector) -- dfs_pool_stats = sc->dfs_detector->get_stats(sc->dfs_detector); -- - len += scnprintf(buf + len, size - len, "DFS support for " - "macVersion = 0x%x, macRev = 0x%x: %s\n", - hw_ver->macVersion, hw_ver->macRev, - (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_DFS) ? - "enabled" : "disabled"); -+ -+ if (!sc->dfs_detector) { -+ len += scnprintf(buf + len, size - len, -+ "DFS detector not enabled\n"); -+ goto exit; -+ } -+ -+ dfs_pool_stats = sc->dfs_detector->get_stats(sc->dfs_detector); -+ - len += scnprintf(buf + len, size - len, "Pulse detector statistics:\n"); - ATH9K_DFS_STAT("pulse events reported ", pulses_total); - ATH9K_DFS_STAT("invalid pulse events ", pulses_no_dfs); -@@ -76,6 +82,7 @@ static ssize_t read_file_dfs(struct file - ATH9K_DFS_POOL_STAT("Seqs. alloc error ", pseq_alloc_error); - ATH9K_DFS_POOL_STAT("Seqs. in use ", pseq_used); - -+exit: - if (len > size) - len = size; - ---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c -@@ -641,11 +641,12 @@ static void ar9003_hw_override_ini(struc - else - ah->enabled_cals &= ~TX_IQ_CAL; - -- if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE) -- ah->enabled_cals |= TX_CL_CAL; -- else -- ah->enabled_cals &= ~TX_CL_CAL; - } -+ -+ if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE) -+ ah->enabled_cals |= TX_CL_CAL; -+ else -+ ah->enabled_cals &= ~TX_CL_CAL; - } - - static void ar9003_hw_prog_ini(struct ath_hw *ah, -@@ -701,6 +702,54 @@ static int ar9550_hw_get_modes_txgain_in - return ret; - } - -+static void ar9003_doubler_fix(struct ath_hw *ah) -+{ -+ if (AR_SREV_9300(ah) || AR_SREV_9580(ah) || AR_SREV_9550(ah)) { -+ REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0); -+ REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0); -+ REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0); -+ -+ udelay(200); -+ -+ REG_CLR_BIT(ah, AR_PHY_65NM_CH0_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK); -+ REG_CLR_BIT(ah, AR_PHY_65NM_CH1_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK); -+ REG_CLR_BIT(ah, AR_PHY_65NM_CH2_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK); -+ -+ udelay(1); -+ -+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1); -+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH1_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1); -+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH2_RXTX2, -+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1); -+ -+ udelay(200); -+ -+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_SYNTH12, -+ AR_PHY_65NM_CH0_SYNTH12_VREFMUL3, 0xf); -+ -+ REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2, 0, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S); -+ REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2, 0, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S); -+ REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2, 0, -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S | -+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S); -+ } -+} -+ - static int ar9003_hw_process_ini(struct ath_hw *ah, - struct ath9k_channel *chan) - { -@@ -726,6 +775,8 @@ static int ar9003_hw_process_ini(struct - modesIndex); - } - -+ ar9003_doubler_fix(ah); -+ - /* - * RXGAIN initvals. - */ ---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h -@@ -656,13 +656,24 @@ - #define AR_PHY_SYNTH4_LONG_SHIFT_SELECT ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x00000001 : 0x00000002) - #define AR_PHY_SYNTH4_LONG_SHIFT_SELECT_S ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0 : 1) - #define AR_PHY_65NM_CH0_SYNTH7 0x16098 -+#define AR_PHY_65NM_CH0_SYNTH12 0x160ac - #define AR_PHY_65NM_CH0_BIAS1 0x160c0 - #define AR_PHY_65NM_CH0_BIAS2 0x160c4 - #define AR_PHY_65NM_CH0_BIAS4 0x160cc -+#define AR_PHY_65NM_CH0_RXTX2 0x16104 -+#define AR_PHY_65NM_CH1_RXTX2 0x16504 -+#define AR_PHY_65NM_CH2_RXTX2 0x16904 - #define AR_PHY_65NM_CH0_RXTX4 0x1610c - #define AR_PHY_65NM_CH1_RXTX4 0x1650c - #define AR_PHY_65NM_CH2_RXTX4 0x1690c - -+#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3 0x00780000 -+#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3_S 19 -+#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK 0x00000004 -+#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S 2 -+#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK 0x00000008 -+#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S 3 -+ - #define AR_CH0_TOP (AR_SREV_9300(ah) ? 0x16288 : \ - (((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x1628c : 0x16280))) - #define AR_CH0_TOP_XPABIASLVL (AR_SREV_9550(ah) ? 0x3c0 : 0x300) ---- a/drivers/net/wireless/rt2x00/rt2x00dev.c -+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c -@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct - static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, - struct ieee80211_vif *vif) - { -+ struct ieee80211_tx_control control = {}; - struct rt2x00_dev *rt2x00dev = data; - struct sk_buff *skb; - -@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(voi - */ - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); - while (skb) { -- rt2x00mac_tx(rt2x00dev->hw, NULL, skb); -+ rt2x00mac_tx(rt2x00dev->hw, &control, skb); - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); - } - } ---- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c -@@ -1040,8 +1040,8 @@ static void ar9003_hw_cl_cal_post_proc(s - } - } - --static bool ar9003_hw_init_cal(struct ath_hw *ah, -- struct ath9k_channel *chan) -+static bool ar9003_hw_init_cal_pcoem(struct ath_hw *ah, -+ struct ath9k_channel *chan) - { - struct ath_common *common = ath9k_hw_common(ah); - struct ath9k_hw_cal_data *caldata = ah->caldata; -@@ -1228,13 +1228,109 @@ skip_tx_iqcal: - return true; - } - -+static bool ar9003_hw_init_cal_soc(struct ath_hw *ah, -+ struct ath9k_channel *chan) -+{ -+ struct ath_common *common = ath9k_hw_common(ah); -+ struct ath9k_hw_cal_data *caldata = ah->caldata; -+ bool txiqcal_done = false; -+ bool is_reusable = true, status = true; -+ bool run_agc_cal = false, sep_iq_cal = false; -+ -+ /* Use chip chainmask only for calibration */ -+ ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask); -+ -+ if (ah->enabled_cals & TX_CL_CAL) { -+ REG_SET_BIT(ah, AR_PHY_CL_CAL_CTL, AR_PHY_CL_CAL_ENABLE); -+ run_agc_cal = true; -+ } -+ -+ if (IS_CHAN_HALF_RATE(chan) || IS_CHAN_QUARTER_RATE(chan)) -+ goto skip_tx_iqcal; -+ -+ /* Do Tx IQ Calibration */ -+ REG_RMW_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_1, -+ AR_PHY_TX_IQCAL_CONTROL_1_IQCORR_I_Q_COFF_DELPT, -+ DELPT); -+ -+ /* -+ * For AR9485 or later chips, TxIQ cal runs as part of -+ * AGC calibration. Specifically, AR9550 in SoC chips. -+ */ -+ if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) { -+ txiqcal_done = true; -+ run_agc_cal = true; -+ } else { -+ sep_iq_cal = true; -+ run_agc_cal = true; -+ } -+ -+ /* -+ * In the SoC family, this will run for AR9300, AR9331 and AR9340. -+ */ -+ if (sep_iq_cal) { -+ txiqcal_done = ar9003_hw_tx_iq_cal_run(ah); -+ REG_WRITE(ah, AR_PHY_ACTIVE, AR_PHY_ACTIVE_DIS); -+ udelay(5); -+ REG_WRITE(ah, AR_PHY_ACTIVE, AR_PHY_ACTIVE_EN); -+ } -+ -+skip_tx_iqcal: -+ if (run_agc_cal || !(ah->ah_flags & AH_FASTCC)) { -+ /* Calibrate the AGC */ -+ REG_WRITE(ah, AR_PHY_AGC_CONTROL, -+ REG_READ(ah, AR_PHY_AGC_CONTROL) | -+ AR_PHY_AGC_CONTROL_CAL); -+ -+ /* Poll for offset calibration complete */ -+ status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL, -+ AR_PHY_AGC_CONTROL_CAL, -+ 0, AH_WAIT_TIMEOUT); -+ } -+ -+ if (!status) { -+ ath_dbg(common, CALIBRATE, -+ "offset calibration failed to complete in %d ms; noisy environment?\n", -+ AH_WAIT_TIMEOUT / 1000); -+ return false; -+ } -+ -+ if (txiqcal_done) -+ ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable); -+ -+ /* Revert chainmask to runtime parameters */ -+ ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask); -+ -+ /* Initialize list pointers */ -+ ah->cal_list = ah->cal_list_last = ah->cal_list_curr = NULL; -+ -+ INIT_CAL(&ah->iq_caldata); -+ INSERT_CAL(ah, &ah->iq_caldata); -+ ath_dbg(common, CALIBRATE, "enabling IQ Calibration\n"); -+ -+ /* Initialize current pointer to first element in list */ -+ ah->cal_list_curr = ah->cal_list; -+ -+ if (ah->cal_list_curr) -+ ath9k_hw_reset_calibration(ah, ah->cal_list_curr); -+ -+ if (caldata) -+ caldata->CalValid = 0; -+ -+ return true; -+} -+ - void ar9003_hw_attach_calib_ops(struct ath_hw *ah) - { - struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah); - struct ath_hw_ops *ops = ath9k_hw_ops(ah); - -+ if (AR_SREV_9485(ah) || AR_SREV_9462(ah) || AR_SREV_9565(ah)) -+ priv_ops->init_cal = ar9003_hw_init_cal_pcoem; -+ else -+ priv_ops->init_cal = ar9003_hw_init_cal_soc; -+ - priv_ops->init_cal_settings = ar9003_hw_init_cal_settings; -- priv_ops->init_cal = ar9003_hw_init_cal; - priv_ops->setup_calibration = ar9003_hw_setup_calibration; - - ops->calibrate = ar9003_hw_calibrate; ---- a/drivers/net/wireless/ath/ath9k/common.c -+++ b/drivers/net/wireless/ath/ath9k/common.c -@@ -98,10 +98,8 @@ struct ath9k_channel *ath9k_cmn_get_chan - { - struct ieee80211_channel *curchan = chandef->chan; - struct ath9k_channel *channel; -- u8 chan_idx; - -- chan_idx = curchan->hw_value; -- channel = &ah->channels[chan_idx]; -+ channel = &ah->channels[curchan->hw_value]; - ath9k_cmn_update_ichannel(channel, chandef); - - return channel;