---- a/drivers/net/wireless/ath/ath10k/mac.c
-+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1351,12 +1351,12 @@ static int ath10k_update_channel_list(st
- ch->allow_vht = true;
-
- ch->allow_ibss =
-- !(channel->flags & IEEE80211_CHAN_NO_IBSS);
-+ !(channel->flags & IEEE80211_CHAN_NO_IR);
-
- ch->ht40plus =
- !(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
-
-- passive = channel->flags & IEEE80211_CHAN_PASSIVE_SCAN;
-+ passive = channel->flags & IEEE80211_CHAN_NO_IR;
- ch->passive = passive;
-
- ch->freq = channel->center_freq;
---- a/drivers/net/wireless/ath/ath9k/Kconfig
-+++ b/drivers/net/wireless/ath/ath9k/Kconfig
-@@ -90,7 +90,7 @@ config ATH9K_DFS_CERTIFIED
-
- config ATH9K_TX99
- bool "Atheros ath9k TX99 testing support"
-- depends on CFG80211_CERTIFICATION_ONUS
-+ depends on ATH9K_DEBUGFS && CFG80211_CERTIFICATION_ONUS
- default n
- ---help---
- Say N. This should only be enabled on systems undergoing
-@@ -108,6 +108,14 @@ config ATH9K_TX99
- be evaluated to meet the RF exposure limits set forth in the
- governmental SAR regulations.
-
-+config ATH9K_WOW
-+ bool "Wake on Wireless LAN support (EXPERIMENTAL)"
-+ depends on ATH9K && PM
-+ default n
-+ ---help---
-+ This option enables Wake on Wireless LAN support for certain cards.
-+ Currently, AR9462 is supported.
-+
- config ATH9K_LEGACY_RATE_CONTROL
- bool "Atheros ath9k rate control"
- depends on ATH9K
---- a/drivers/net/wireless/ath/ath9k/Makefile
-+++ b/drivers/net/wireless/ath/ath9k/Makefile
-@@ -13,9 +13,9 @@ ath9k-$(CPTCFG_ATH9K_PCI) += pci.o
- ath9k-$(CPTCFG_ATH9K_AHB) += ahb.o
- ath9k-$(CPTCFG_ATH9K_DEBUGFS) += debug.o
- ath9k-$(CPTCFG_ATH9K_DFS_DEBUGFS) += dfs_debug.o
--ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += \
-- dfs.o
--ath9k-$(CONFIG_PM_SLEEP) += wow.o
-+ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += dfs.o
-+ath9k-$(CPTCFG_ATH9K_TX99) += tx99.o
-+ath9k-$(CPTCFG_ATH9K_WOW) += wow.o
-
- obj-$(CPTCFG_ATH9K) += ath9k.o
-
-@@ -41,6 +41,8 @@ ath9k_hw-y:= \
- ar9003_eeprom.o \
- ar9003_paprd.o
-
-+ath9k_hw-$(CPTCFG_ATH9K_WOW) += ar9003_wow.o
+commit 82ed9e3ccc02797df2ffe4b78127c4cd5f799a41
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Tue Feb 11 15:54:13 2014 +0100
+
+ mac80211: send control port protocol frames to the VO queue
+
+ Improves reliability of wifi connections with WPA, since authentication
+ frames are prioritized over normal traffic and also typically exempt
+ from aggregation.
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+commit d4426800f71e972feaa33e04c5801fc730627bdd
+Author: Stanislaw Gruszka <stf_xl@wp.pl>
+Date: Mon Feb 10 22:38:28 2014 +0100
+
+ rtl8187: fix regression on MIPS without coherent DMA
+
+ This patch fixes regression caused by commit a16dad77634 "MIPS: Fix
+ potencial corruption". That commit fixes one corruption scenario in
+ cost of adding another one, which actually start to cause crashes
+ on Yeeloong laptop when rtl8187 driver is used.
+
+ For correct DMA read operation on machines without DMA coherence, kernel
+ have to invalidate cache, such it will refill later with new data that
+ device wrote to memory, when that data is needed to process. We can only
+ invalidate full cache line. Hence when cache line includes both dma
+ buffer and some other data (written in cache, but not yet in main
+ memory), the other data can not hit memory due to invalidation. That
+ happen on rtl8187 where struct rtl8187_priv fields are located just
+ before and after small buffers that are passed to USB layer and DMA
+ is performed on them.
+
+ To fix the problem we align buffers and reserve space after them to make
+ them match cache line.
+
+ This patch does not resolve all possible MIPS problems entirely, for
+ that we have to assure that we always map cache aligned buffers for DMA,
+ what can be complex or even not possible. But patch fixes visible and
+ reproducible regression and seems other possible corruptions do not
+ happen in practice, since Yeeloong laptop works stable without rtl8187
+ driver.
+
+ Bug report:
+ https://bugzilla.kernel.org/show_bug.cgi?id=54391
+
+ Reported-by: Petr Pisar <petr.pisar@atlas.cz>
+ Bisected-by: Tom Li <biergaizi2009@gmail.com>
+ Reported-and-tested-by: Tom Li <biergaizi2009@gmail.com>
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
+
+commit e2f141d67ad1e7fe10aaab61811e8a409dfb2442
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:55 2014 +0530
+
+ ath9k: Calculate IQ-CAL median
+
+ This patch adds a routine to calculate the median IQ correction
+ values for AR955x, which is used for outlier detection.
+ The normal method which is used for all other chips is
+ bypassed for AR955x.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit c52a6fce0820c8d0687443ab86058ae03b478c8f
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:54 2014 +0530
+
+ ath9k: Expand the IQ coefficient array
+
+ This will be used for storing data for mutiple
+ IQ calibration runs, for AR955x.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 034969ff5c2b6431d10e07c1938f0b916da85cc3
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:53 2014 +0530
+
+ ath9k: Modify IQ calibration for AR955x
+
+ IQ calibration post-processing for AR955x is different
+ from other chips - instead of just doing it as part
+ of AGC calibration once, it is triggered 3 times and
+ a median is determined. This patch adds initial support
+ for changing the calibration behavior for AR955x.
+
+ Also, to simplify things, a helper routine to issue/poll
+ AGC calibration is used.
+
+ For non-AR955x chips, the iqcal_idx (which will be used
+ in subsequent patches) is set to zero.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 9b1ed6454e6f3511f24266be99b4e403f243f6a8
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:52 2014 +0530
+
+ ath9k: Fix magnitude/phase calculation
+
+ Incorrect values are programmed in the registers
+ containing the IQ correction coefficients by the IQ-CAL
+ post-processing code. Fix this.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 36f93484f96f79171dcecb67c5ef0c3de22531a6
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:51 2014 +0530
+
+ ath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes
+
+ Use ar9003_hw_tx_iq_cal_outlier_detection instead.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 3af09a7f5d21dd5fd15b973ce6a91a575da30417
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:50 2014 +0530
+
+ ath9k: Check explicitly for IQ calibration
+
+ In chips like AR955x, the initvals contain the information
+ whether IQ calibration is to be done in the HW when an
+ AGC calibration is triggered. Check if IQ-CAL is enabled
+ in the initvals before flagging 'txiqcal_done' as true.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit cb4969634b93c4643a32cc3fbd27d2b288b25771
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Fri Feb 7 10:29:49 2014 +0530
+
+ ath9k: Fix IQ cal post processing for SoC
+
+ Calibration data is not reused for SoC chips, so
+ call ar9003_hw_tx_iq_cal_post_proc() with the correct
+ argument. The 'is_reusable' flag is currently used
+ only for PC-OEM chips, but it makes things clearer to
+ specify it explicity.
+
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit e138e0ef9560c46ce93dbb22a728a57888e94d1c
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Mon Feb 3 13:31:37 2014 +0530
+
+ ath9k: Fix TX power calculation
+
+ The commit, "ath9k_hw: Fix incorrect Tx control power in AR9003 template"
+ fixed the incorrect values in the eeprom templates, but if
+ boards have already been calibrated with incorrect values,
+ they would still be using the wrong TX power. Fix this by assigning
+ a default value in such cases.
+
+ Cc: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit b9f268b5b01331c3c82179abca551429450e9417
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jan 29 14:22:27 2014 +0100
+
+ cfg80211: consider existing DFS interfaces
+
+ It was possible to break interface combinations in
+ the following way:
+
+ combo 1: iftype = AP, num_ifaces = 2, num_chans = 2,
+ combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20
+
+ With the above interface combinations it was
+ possible to:
+
+ step 1. start AP on DFS channel by matching combo 2
+ step 2. start AP on non-DFS channel by matching combo 1
+
+ This was possible beacuse (step 2) did not consider
+ if other interfaces require radar detection.
+
+ The patch changes how cfg80211 tracks channels -
+ instead of channel itself now a complete chandef
+ is stored.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit bc9c62f5f511cc395c62dbf4cdd437f23db53b28
+Author: Antonio Quartulli <antonio@open-mesh.com>
+Date: Wed Jan 29 17:53:43 2014 +0100
+
+ cfg80211: fix channel configuration in IBSS join
+
+ When receiving an IBSS_JOINED event select the BSS object
+ based on the {bssid, channel} couple rather than the bssid
+ only.
+ With the current approach if another cell having the same
+ BSSID (but using a different channel) exists then cfg80211
+ picks up the wrong BSS object.
+ The result is a mismatching channel configuration between
+ cfg80211 and the driver, that can lead to any sort of
+ problem.
+
+ The issue can be triggered by having an IBSS sitting on
+ given channel and then asking the driver to create a new
+ cell using the same BSSID but with a different frequency.
+ By passing the channel to cfg80211_get_bss() we can solve
+ this ambiguity and retrieve/create the correct BSS object.
+ All the users of cfg80211_ibss_joined() have been changed
+ accordingly.
+
+ Moreover WARN when cfg80211_ibss_joined() gets a NULL
+ channel as argument and remove a bogus call of the same
+ function in ath6kl (it does not make sense to call
+ cfg80211_ibss_joined() with a zero BSSID on ibss-leave).
+
+ Cc: Kalle Valo <kvalo@qca.qualcomm.com>
+ Cc: Arend van Spriel <arend@broadcom.com>
+ Cc: Bing Zhao <bzhao@marvell.com>
+ Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ Cc: libertas-dev@lists.infradead.org
+ Acked-by: Kalle Valo <kvalo@qca.qualcomm.com>
+ Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
+ [minor code cleanup in ath6kl]
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 7e0c41cb41f215aba2c39b1c237bb4d42ec49a85
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 14:41:44 2014 +0100
+
+ mac80211: fix bufferable MMPDU RX handling
+
+ Action, disassoc and deauth frames are bufferable, and as such don't
+ have the PM bit in the frame control field reserved which means we
+ need to react to the bit when receiving in such a frame.
+
+ Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu()
+ and using it for the RX path that currently ignores the PM bit in
+ any non-data frames for doze->wake transitions, but listens to it in
+ all frames for wake->doze transitions, both of which are wrong.
+
+ Also use the new helper in the TX path to clean up the code.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit fc0df6d2343636e3f48a069330d5b972e3d8659d
+Author: Janusz Dziedzic <janusz.dziedzic@tieto.com>
+Date: Fri Jan 24 14:29:21 2014 +0100
+
+ cfg80211: set preset_chandef after channel switch
+
+ Set preset_chandef in channel switch notification.
+ In other case we will have old preset_chandef.
+
+ Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit cdec895e2344987ff171cece96e25d7407a3ebf6
+Author: Simon Wunderlich <simon@open-mesh.com>
+Date: Fri Jan 24 23:48:29 2014 +0100
+
+ mac80211: send ibss probe responses with noack flag
+
+ Responding to probe requests for scanning clients will often create
+ excessive retries, as it happens quite often that the scanning client
+ already left the channel. Therefore do it like hostapd and send probe
+ responses for wildcard SSID only once by using the noack flag.
+
+ Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
+ [fix typo & 'wildcard SSID' in commit log]
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 0b865d1e6b9c05052adae9315df7cb195dc60c3b
+Author: Luciano Coelho <luciano.coelho@intel.com>
+Date: Tue Jan 28 17:09:08 2014 +0200
+
+ mac80211: ibss: remove unnecessary call to release channel
+
+ The ieee80211_vif_use_channel() function calls
+ ieee80211_vif_release_channel(), so there's no need to call it
+ explicitly in __ieee80211_sta_join_ibss().
+
+ Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit e1b6c17e971f0a51ff86c2dac2584c63cd999cd7
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jan 29 07:56:21 2014 +0100
+
+ mac80211: add missing CSA locking
+
+ The patch adds a missing sdata lock and adds a few
+ lockdeps for easier maintenance.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit ad17ba7d14d225b109b73c177cd446afb8050598
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jan 29 07:56:20 2014 +0100
+
+ mac80211: fix sdata->radar_required locking
+
+ radar_required setting wasn't protected by
+ local->mtx in some places. This should prevent
+ from scanning/radar detection/roc colliding.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 5fcd5f1808813a3d9e502fd756e01bee8a79c85d
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jan 29 07:56:19 2014 +0100
+
+ mac80211: move csa_active setting in STA CSA
+
+ The sdata->vif.csa_active could be left set after,
+ e.g. channel context constraints check fail in STA
+ mode leaving the interface in a strange state for
+ a brief period of time until it is disconnected.
+ This was harmless but ugly.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit e486da4b7eed71821c6b4c1bb9ac62ffd3ab13e9
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jan 29 07:56:18 2014 +0100
+
+ mac80211: fix possible memory leak on AP CSA failure
+
+ If CSA for AP interface failed and the interface
+ was not stopped afterwards another CSA request
+ would leak sdata->u.ap.next_beacon.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 3a77ba08940682bf3d52cf14f980337324af9d4a
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Sat Feb 1 00:33:29 2014 +0100
+
+ mac80211: fix fragmentation code, particularly for encryption
+
+ The "new" fragmentation code (since my rewrite almost 5 years ago)
+ erroneously sets skb->len rather than using skb_trim() to adjust
+ the length of the first fragment after copying out all the others.
+ This leaves the skb tail pointer pointing to after where the data
+ originally ended, and thus causes the encryption MIC to be written
+ at that point, rather than where it belongs: immediately after the
+ data.
+
+ The impact of this is that if software encryption is done, then
+ a) encryption doesn't work for the first fragment, the connection
+ becomes unusable as the first fragment will never be properly
+ verified at the receiver, the MIC is practically guaranteed to
+ be wrong
+ b) we leak up to 8 bytes of plaintext (!) of the packet out into
+ the air
+
+ This is only mitigated by the fact that many devices are capable
+ of doing encryption in hardware, in which case this can't happen
+ as the tail pointer is irrelevant in that case. Additionally,
+ fragmentation is not used very frequently and would normally have
+ to be configured manually.
+
+ Fix this by using skb_trim() properly.
+
+ Cc: stable@vger.kernel.org
+ Fixes: 2de8e0d999b8 ("mac80211: rewrite fragmentation")
+ Reported-by: Jouni Malinen <j@w1.fi>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit de5f242e0c10e841017e37eb8c38974a642dbca8
+Author: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+Date: Tue Jan 28 06:21:59 2014 +0530
+
+ ath9k: Fix build error on ARM
+
+ Use mdelay instead of udelay to fix this error:
+
+ ERROR: "__bad_udelay" [drivers/net/wireless/ath/ath9k/ath9k_hw.ko] undefined!
+ make[1]: *** [__modpost] Error 1
+ make: *** [modules] Error 2
+
+ Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
+ Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
+
+commit 8e3ea7a51dfc61810fcefd947f6edcf61125252a
+Author: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Sun Jan 26 11:53:21 2014 +0100
+
+ ath9k: Fix uninitialized variable in ath9k_has_tx_pending()
+
+ drivers/net/wireless/ath/ath9k/main.c: In function ‘ath9k_has_tx_pending’:
+ drivers/net/wireless/ath/ath9k/main.c:1869: warning: ‘npend’ may be used uninitialized in this function
+
+ Introduced by commit 10e2318103f5941aa70c318afe34bc41f1b98529 ("ath9k:
+ optimize ath9k_flush").
+
+ Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit a4a634a6937ebdd827fa58e8fcdb8ca49a3769f6
+Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Mon Jan 27 11:07:42 2014 +0200
+
+ mac80211: release the channel in error path in start_ap
+
+ When the driver cannot start the AP or when the assignement
+ of the beacon goes wrong, we need to unassign the vif.
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit dfb6889a75c601aedb7450b7e606668e77da6679
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Wed Jan 22 11:14:19 2014 +0200
+
+ cfg80211: send scan results from work queue
+
+ Due to the previous commit, when a scan finishes, it is in theory
+ possible to hit the following sequence:
+ 1. interface starts being removed
+ 2. scan is cancelled by driver and cfg80211 is notified
+ 3. scan done work is scheduled
+ 4. interface is removed completely, rdev->scan_req is freed,
+ event sent to userspace but scan done work remains pending
+ 5. new scan is requested on another virtual interface
+ 6. scan done work runs, freeing the still-running scan
+
+ To fix this situation, hang on to the scan done message and block
+ new scans while that is the case, and only send the message from
+ the work function, regardless of whether the scan_req is already
+ freed from interface removal. This makes step 5 above impossible
+ and changes step 6 to be
+ 5. scan done work runs, sending the scan done message
+
+ As this can't work for wext, so we send the message immediately,
+ but this shouldn't be an issue since we still return -EBUSY.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 45b7ab41fc08627d9a8428cb413d5d84662a9707
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Wed Jan 22 11:14:18 2014 +0200
+
+ cfg80211: fix scan done race
+
+ When an interface/wdev is removed, any ongoing scan should be
+ cancelled by the driver. This will make it call cfg80211, which
+ only queues a work struct. If interface/wdev removal is quick
+ enough, this can leave the scan request pending and processed
+ only after the interface is gone, causing a use-after-free.
+
+ Fix this by making sure the scan request is not pending after
+ the interface is destroyed. We can't flush or cancel the work
+ item due to locking concerns, but when it'll run it shouldn't
+ find anything to do. This leaves a potential issue, if a new
+ scan gets requested before the work runs, it prematurely stops
+ the running scan, potentially causing another crash. I'll fix
+ that in the next patch.
+
+ This was particularly observed with P2P_DEVICE wdevs, likely
+ because freeing them is quicker than freeing netdevs.
+
+ Reported-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
+ Fixes: 4a58e7c38443 ("cfg80211: don't "leak" uncompleted scans")
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit ae04fa489ab31b5a10d3cc8399f52761175d4321
+Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Thu Jan 23 14:28:16 2014 +0200
+
+ mac80211: avoid deadlock revealed by lockdep
+
+ sdata->u.ap.request_smps_work can’t be flushed synchronously
+ under wdev_lock(wdev) since ieee80211_request_smps_ap_work
+ itself locks the same lock.
+ While at it, reset the driver_smps_mode when the ap is
+ stopped to its default: OFF.
+
+ This solves:
+
+ ======================================================
+ [ INFO: possible circular locking dependency detected ]
+ 3.12.0-ipeer+ #2 Tainted: G O
+ -------------------------------------------------------
+ rmmod/2867 is trying to acquire lock:
+ ((&sdata->u.ap.request_smps_work)){+.+...}, at: [<c105b8d0>] flush_work+0x0/0x90
+
+ but task is already holding lock:
+ (&wdev->mtx){+.+.+.}, at: [<f9b32626>] cfg80211_stop_ap+0x26/0x230 [cfg80211]
+
+ which lock already depends on the new lock.
+
+ the existing dependency chain (in reverse order) is:
+
+ -> #1 (&wdev->mtx){+.+.+.}:
+ [<c10aefa9>] lock_acquire+0x79/0xe0
+ [<c1607a1a>] mutex_lock_nested+0x4a/0x360
+ [<fb06288b>] ieee80211_request_smps_ap_work+0x2b/0x50 [mac80211]
+ [<c105cdd8>] process_one_work+0x198/0x450
+ [<c105d469>] worker_thread+0xf9/0x320
+ [<c10669ff>] kthread+0x9f/0xb0
+ [<c1613397>] ret_from_kernel_thread+0x1b/0x28
+
+ -> #0 ((&sdata->u.ap.request_smps_work)){+.+...}:
+ [<c10ae9df>] __lock_acquire+0x183f/0x1910
+ [<c10aefa9>] lock_acquire+0x79/0xe0
+ [<c105b917>] flush_work+0x47/0x90
+ [<c105d867>] __cancel_work_timer+0x67/0xe0
+ [<c105d90f>] cancel_work_sync+0xf/0x20
+ [<fb0765cc>] ieee80211_stop_ap+0x8c/0x340 [mac80211]
+ [<f9b3268c>] cfg80211_stop_ap+0x8c/0x230 [cfg80211]
+ [<f9b0d8f9>] cfg80211_leave+0x79/0x100 [cfg80211]
+ [<f9b0da72>] cfg80211_netdev_notifier_call+0xf2/0x4f0 [cfg80211]
+ [<c160f2c9>] notifier_call_chain+0x59/0x130
+ [<c106c6de>] __raw_notifier_call_chain+0x1e/0x30
+ [<c106c70f>] raw_notifier_call_chain+0x1f/0x30
+ [<c14f8213>] call_netdevice_notifiers_info+0x33/0x70
+ [<c14f8263>] call_netdevice_notifiers+0x13/0x20
+ [<c14f82a4>] __dev_close_many+0x34/0xb0
+ [<c14f83fe>] dev_close_many+0x6e/0xc0
+ [<c14f9c77>] rollback_registered_many+0xa7/0x1f0
+ [<c14f9dd4>] unregister_netdevice_many+0x14/0x60
+ [<fb06f4d9>] ieee80211_remove_interfaces+0xe9/0x170 [mac80211]
+ [<fb055116>] ieee80211_unregister_hw+0x56/0x110 [mac80211]
+ [<fa3e9396>] iwl_op_mode_mvm_stop+0x26/0xe0 [iwlmvm]
+ [<f9b9d8ca>] _iwl_op_mode_stop+0x3a/0x70 [iwlwifi]
+ [<f9b9d96f>] iwl_opmode_deregister+0x6f/0x90 [iwlwifi]
+ [<fa405179>] __exit_compat+0xd/0x19 [iwlmvm]
+ [<c10b8bf9>] SyS_delete_module+0x179/0x2b0
+ [<c1613421>] sysenter_do_call+0x12/0x32
+
+ Fixes: 687da132234f ("mac80211: implement SMPS for AP")
+ Cc: <stable@vger.kernel.org> [3.13]
+ Reported-by: Ilan Peer <ilan.peer@intel.com>
+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 178b205e96217164fd7c30113464250d0b6f5eca
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Thu Jan 23 16:32:29 2014 +0100
+
+ cfg80211: re-enable 5/10 MHz support
+
+ Unfortunately I forgot this during the merge window, but the
+ patch seems small enough to go in as a fix. The userspace API
+ bug that was the reason for disabling it has long been fixed.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 110a1c79acda14edc83b7c8dc5af9c7ddd23eb61
+Author: Pontus Fuchs <pontus.fuchs@gmail.com>
+Date: Thu Jan 16 15:00:40 2014 +0100
+
+ nl80211: Reset split_start when netlink skb is exhausted
+
+ When the netlink skb is exhausted split_start is left set. In the
+ subsequent retry, with a larger buffer, the dump is continued from the
+ failing point instead of from the beginning.
+
+ This was causing my rt28xx based USB dongle to now show up when
+ running "iw list" with an old iw version without split dump support.
+
+ Cc: stable@vger.kernel.org
+ Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps")
+ Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
+ [avoid the entire workaround when state->split is set]
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit b4c31b45ffc7ef110fa9ecc34d7878fe7c5b9da4
+Author: Eliad Peller <eliad@wizery.com>
+Date: Sun Jan 12 11:06:37 2014 +0200
+
+ mac80211: move roc cookie assignment earlier
+
+ ieee80211_start_roc_work() might add a new roc
+ to existing roc, and tell cfg80211 it has already
+ started.
+
+ However, this might happen before the roc cookie
+ was set, resulting in REMAIN_ON_CHANNEL (started)
+ event with null cookie. Consequently, it can make
+ wpa_supplicant go out of sync.
+
+ Fix it by setting the roc cookie earlier.
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Eliad Peller <eliad@wizery.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit cfdc9157bfd7bcf88ab4dae08873a9907eba984c
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 14:06:29 2014 +0100
+
+ nl80211: send event when AP operation is stopped
+
+ There are a few cases, e.g. suspend, where an AP interface is
+ stopped by the kernel rather than by userspace request, most
+ commonly when suspending. To let userspace know about this,
+ send the NL80211_CMD_STOP_AP command as an event every time
+ an AP interface is stopped. This also happens when userspace
+ did in fact request the AP stop, but that's not a problem.
+
+ For full-MAC drivers this may need to be extended to also
+ cover cases where the device stopped the AP operation for
+ some reason, this a bit more complicated because then all
+ cfg80211 state also needs to be reset; such API is not part
+ of this patch.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit d5d567eda7704f190379ca852a8f9a4112e3eee3
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Thu Jan 23 16:20:29 2014 +0100
+
+ mac80211: add length check in ieee80211_is_robust_mgmt_frame()
+
+ A few places weren't checking that the frame passed to the
+ function actually has enough data even though the function
+ clearly documents it must have a payload byte. Make this
+ safer by changing the function to take an skb and checking
+ the length inside. The old version is preserved for now as
+ the rtl* drivers use it and don't have a correct skb.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit f8f6d212a047fc65c7d3442dfc038f65517236fc
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 10:53:53 2014 +0100
+
+ nl80211: fix scheduled scan RSSI matchset attribute confusion
+
+ The scheduled scan matchsets were intended to be a list of filters,
+ with the found BSS having to pass at least one of them to be passed
+ to the host. When the RSSI attribute was added, however, this was
+ broken and currently wpa_supplicant adds that attribute in its own
+ matchset; however, it doesn't intend that to mean that anything
+ that passes the RSSI filter should be passed to the host, instead
+ it wants it to mean that everything needs to also have higher RSSI.
+
+ This is semantically problematic because we have a list of filters
+ like [ SSID1, SSID2, SSID3, RSSI ] with no real indication which
+ one should be OR'ed and which one AND'ed.
+
+ To fix this, move the RSSI filter attribute into each matchset. As
+ we need to stay backward compatible, treat a matchset with only the
+ RSSI attribute as a "default RSSI filter" for all other matchsets,
+ but only if there are other matchsets (an RSSI-only matchset by
+ itself is still desirable.)
+
+ To make driver implementation easier, keep a global min_rssi_thold
+ for the entire request as well. The only affected driver is ath6kl.
+
+ I found this when I looked into the code after Raja Mani submitted
+ a patch fixing the n_match_sets calculation to disregard the RSSI,
+ but that patch didn't address the semantic issue.
+
+ Reported-by: Raja Mani <rmani@qti.qualcomm.com>
+ Acked-by: Luciano Coelho <luciano.coelho@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit de553e8545e65a6dc4e45f43df7e1443d4291922
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Fri Jan 24 10:17:47 2014 +0100
+
+ nl80211: check nla_parse() return values
+
+ If there's a policy, then nla_parse() return values must be
+ checked, otherwise the policy is useless and there's nothing
+ that ensures the attributes are actually what we expect them
+ to be.
+
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+commit 652204a0733e9e1c54661d6f9d36e2e1e3b22bb1
+Author: Karl Beldan <karl.beldan@rivierawaves.com>
+Date: Thu Jan 23 20:06:34 2014 +0100
+
+ mac80211: send {ADD,DEL}BA on AC_VO like other mgmt frames, as per spec
+
+ ATM, {ADD,DEL}BA and BAR frames are sent on the AC matching the TID of
+ the BA parameters. In the discussion [1] about this patch, Johannes
+ recalled that it fixed some races with the DELBA and indeed this
+ behavior was introduced in [2].
+ While [2] is right for the BARs, the part queueing the {ADD,DEL}BAs on
+ their BA params TID AC violates the spec and is more a workaround for
+ some drivers. Helmut expressed some concerns wrt such drivers, in
+ particular DELBAs in rt2x00.
+
+ ATM, DELBAs are sent after a driver has called (hence "purposely")
+ ieee80211_start_tx_ba_cb_irqsafe and Johannes and Emmanuel gave some
+ details wrt intentions behind the split of the IEEE80211_AMPDU_TX_STOP_*
+ given to the driver ampdu_action supposed to call this function, which
+ could prove handy to people trying to do the right thing in faulty
+ drivers (if their fw/hw don't get in their way).
+
+ [1] http://mid.gmane.org/1390391564-18481-1-git-send-email-karl.beldan@gmail.com
+ [2] Commit: cf6bb79ad828 ("mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames")
+
+ Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
+ Cc: Helmut Schaa <helmut.schaa@googlemail.com>
+ Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
++++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
+@@ -790,7 +790,7 @@ void ath6kl_cfg80211_connect_event(struc
+ if (nw_type & ADHOC_NETWORK) {
+ ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "ad-hoc %s selected\n",
+ nw_type & ADHOC_CREATOR ? "creator" : "joiner");
+- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
++ cfg80211_ibss_joined(vif->ndev, bssid, chan, GFP_KERNEL);
+ cfg80211_put_bss(ar->wiphy, bss);
+ return;
+ }
+@@ -861,13 +861,9 @@ void ath6kl_cfg80211_disconnect_event(st
+ }
+
+ if (vif->nw_type & ADHOC_NETWORK) {
+- if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC) {
++ if (vif->wdev.iftype != NL80211_IFTYPE_ADHOC)
+ ath6kl_dbg(ATH6KL_DBG_WLAN_CFG,
+ "%s: ath6k not in ibss mode\n", __func__);
+- return;
+- }
+- memset(bssid, 0, ETH_ALEN);
+- cfg80211_ibss_joined(vif->ndev, bssid, GFP_KERNEL);
+ return;
+ }
+
+@@ -3256,6 +3252,15 @@ static int ath6kl_cfg80211_sscan_start(s
+ struct ath6kl_vif *vif = netdev_priv(dev);
+ u16 interval;
+ int ret, rssi_thold;
++ int n_match_sets = request->n_match_sets;
+
- ath9k_hw-$(CPTCFG_ATH9K_BTCOEX_SUPPORT) += btcoex.o \
- ar9003_mci.o
- obj-$(CPTCFG_ATH9K_HW) += ath9k_hw.o
---- a/drivers/net/wireless/ath/ath9k/ar9003_hw.c
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_hw.c
-@@ -581,6 +581,13 @@ static void ar9003_tx_gain_table_mode6(s
- ar9580_1p0_type6_tx_gain_table);
++ /*
++ * If there's a matchset w/o an SSID, then assume it's just for
++ * the RSSI (nothing else is currently supported) and ignore it.
++ * The device only supports a global RSSI filter that we set below.
++ */
++ if (n_match_sets == 1 && !request->match_sets[0].ssid.ssid_len)
++ n_match_sets = 0;
+
+ if (ar->state != ATH6KL_STATE_ON)
+ return -EIO;
+@@ -3268,11 +3273,11 @@ static int ath6kl_cfg80211_sscan_start(s
+ ret = ath6kl_set_probed_ssids(ar, vif, request->ssids,
+ request->n_ssids,
+ request->match_sets,
+- request->n_match_sets);
++ n_match_sets);
+ if (ret < 0)
+ return ret;
+
+- if (!request->n_match_sets) {
++ if (!n_match_sets) {
+ ret = ath6kl_wmi_bssfilter_cmd(ar->wmi, vif->fw_vif_idx,
+ ALL_BSS_FILTER, 0);
+ if (ret < 0)
+@@ -3286,12 +3291,12 @@ static int ath6kl_cfg80211_sscan_start(s
+
+ if (test_bit(ATH6KL_FW_CAPABILITY_RSSI_SCAN_THOLD,
+ ar->fw_capabilities)) {
+- if (request->rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
++ if (request->min_rssi_thold <= NL80211_SCAN_RSSI_THOLD_OFF)
+ rssi_thold = 0;
+- else if (request->rssi_thold < -127)
++ else if (request->min_rssi_thold < -127)
+ rssi_thold = -127;
+ else
+- rssi_thold = request->rssi_thold;
++ rssi_thold = request->min_rssi_thold;
+
+ ret = ath6kl_wmi_set_rssi_filter_cmd(ar->wmi, vif->fw_vif_idx,
+ rssi_thold);
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -1316,7 +1316,7 @@ static bool ath9k_hw_set_reset(struct at
+ if (AR_SREV_9300_20_OR_LATER(ah))
+ udelay(50);
+ else if (AR_SREV_9100(ah))
+- udelay(10000);
++ mdelay(10);
+ else
+ udelay(100);
+
+@@ -2051,9 +2051,8 @@ static bool ath9k_hw_set_power_awake(str
+
+ REG_SET_BIT(ah, AR_RTC_FORCE_WAKE,
+ AR_RTC_FORCE_WAKE_EN);
+-
+ if (AR_SREV_9100(ah))
+- udelay(10000);
++ mdelay(10);
+ else
+ udelay(50);
+
+--- a/drivers/net/wireless/ath/ath9k/main.c
++++ b/drivers/net/wireless/ath/ath9k/main.c
+@@ -1866,7 +1866,7 @@ static void ath9k_set_coverage_class(str
+
+ static bool ath9k_has_tx_pending(struct ath_softc *sc)
+ {
+- int i, npend;
++ int i, npend = 0;
+
+ for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
+ if (!ATH_TXQ_SETUP(sc, i))
+--- a/drivers/net/wireless/iwlwifi/mvm/scan.c
++++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
+@@ -595,6 +595,9 @@ static void iwl_scan_offload_build_ssid(
+ * config match list.
+ */
+ for (i = 0; i < req->n_match_sets && i < PROBE_OPTION_MAX; i++) {
++ /* skip empty SSID matchsets */
++ if (!req->match_sets[i].ssid.ssid_len)
++ continue;
+ scan->direct_scan[i].id = WLAN_EID_SSID;
+ scan->direct_scan[i].len = req->match_sets[i].ssid.ssid_len;
+ memcpy(scan->direct_scan[i].ssid, req->match_sets[i].ssid.ssid,
+--- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
+@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80
+ /* During testing, hdr was NULL */
+ return false;
+ }
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
+@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80
+ /* In testing, hdr was NULL here */
+ return false;
+ }
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
+@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80
+ /* during testing, hdr was NULL here */
+ return false;
+ }
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
+@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee
+ /* during testing, hdr could be NULL here */
+ return false;
+ }
+- if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
++ if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
+ (ieee80211_has_protected(hdr->frame_control)))
+ rx_status->flag &= ~RX_FLAG_DECRYPTED;
+ else
+--- a/include/linux/ieee80211.h
++++ b/include/linux/ieee80211.h
+@@ -597,6 +597,20 @@ static inline int ieee80211_is_qos_nullf
}
-+static void ar9003_tx_gain_table_mode7(struct ath_hw *ah)
+ /**
++ * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
++ * @fc: frame control field in little-endian byteorder
++ */
++static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc)
+{
-+ if (AR_SREV_9340(ah))
-+ INIT_INI_ARRAY(&ah->iniModesTxGain,
-+ ar9340_cus227_tx_gain_table_1p0);
++ /* IEEE 802.11-2012, definition of "bufferable management frame";
++ * note that this ignores the IBSS special case. */
++ return ieee80211_is_mgmt(fc) &&
++ (ieee80211_is_action(fc) ||
++ ieee80211_is_disassoc(fc) ||
++ ieee80211_is_deauth(fc));
+}
+
- typedef void (*ath_txgain_tab)(struct ath_hw *ah);
-
- static void ar9003_tx_gain_table_apply(struct ath_hw *ah)
-@@ -593,6 +600,7 @@ static void ar9003_tx_gain_table_apply(s
- ar9003_tx_gain_table_mode4,
- ar9003_tx_gain_table_mode5,
- ar9003_tx_gain_table_mode6,
-+ ar9003_tx_gain_table_mode7,
- };
- int idx = ar9003_hw_get_tx_gain_idx(ah);
++/**
+ * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set
+ * @seq_ctrl: frame sequence control bytes in little-endian byteorder
+ */
+@@ -2192,10 +2206,10 @@ static inline u8 *ieee80211_get_DA(struc
+ }
-@@ -750,6 +758,9 @@ static void ar9003_hw_init_mode_gain_reg
- static void ar9003_hw_configpcipowersave(struct ath_hw *ah,
- bool power_off)
+ /**
+- * ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
++ * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
+ * @hdr: the frame (buffer must include at least the first octet of payload)
+ */
+-static inline bool ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
++static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
{
-+ unsigned int i;
-+ struct ar5416IniArray *array;
-+
- /*
- * Increase L1 Entry Latency. Some WB222 boards don't have
- * this change in eeprom/OTP.
-@@ -775,18 +786,13 @@ static void ar9003_hw_configpcipowersave
- * Configire PCIE after Ini init. SERDES values now come from ini file
- * This enables PCIe low power mode.
- */
-- if (ah->config.pcieSerDesWrite) {
-- unsigned int i;
-- struct ar5416IniArray *array;
--
-- array = power_off ? &ah->iniPcieSerdes :
-- &ah->iniPcieSerdesLowPower;
--
-- for (i = 0; i < array->ia_rows; i++) {
-- REG_WRITE(ah,
-- INI_RA(array, i, 0),
-- INI_RA(array, i, 1));
-- }
-+ array = power_off ? &ah->iniPcieSerdes :
-+ &ah->iniPcieSerdesLowPower;
-+
-+ for (i = 0; i < array->ia_rows; i++) {
-+ REG_WRITE(ah,
-+ INI_RA(array, i, 0),
-+ INI_RA(array, i, 1));
- }
+ if (ieee80211_is_disassoc(hdr->frame_control) ||
+ ieee80211_is_deauth(hdr->frame_control))
+@@ -2224,6 +2238,17 @@ static inline bool ieee80211_is_robust_m
}
---- a/drivers/net/wireless/ath/ath9k/ar9340_initvals.h
-+++ b/drivers/net/wireless/ath/ath9k/ar9340_initvals.h
-@@ -1447,4 +1447,106 @@ static const u32 ar9340_1p0_soc_preamble
- {0x00007038, 0x000004c2},
+ /**
++ * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame
++ * @skb: the skb containing the frame, length will be checked
++ */
++static inline bool ieee80211_is_robust_mgmt_frame(struct sk_buff *skb)
++{
++ if (skb->len < 25)
++ return false;
++ return _ieee80211_is_robust_mgmt_frame((void *)skb->data);
++}
++
++/**
+ * ieee80211_is_public_action - check if frame is a public action frame
+ * @hdr: the frame
+ * @len: length of the frame
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1395,9 +1395,11 @@ struct cfg80211_scan_request {
+ * struct cfg80211_match_set - sets of attributes to match
+ *
+ * @ssid: SSID to be matched
++ * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
+ */
+ struct cfg80211_match_set {
+ struct cfg80211_ssid ssid;
++ s32 rssi_thold;
};
-+static const u32 ar9340_cus227_tx_gain_table_1p0[][5] = {
-+ /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
-+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352},
-+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584},
-+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800},
-+ {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
-+ {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9},
-+ {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002},
-+ {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004},
-+ {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200},
-+ {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202},
-+ {0x0000a514, 0x1c000223, 0x1c000223, 0x11000400, 0x11000400},
-+ {0x0000a518, 0x21002220, 0x21002220, 0x15000402, 0x15000402},
-+ {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404},
-+ {0x0000a520, 0x2c022220, 0x2c022220, 0x1b000603, 0x1b000603},
-+ {0x0000a524, 0x30022222, 0x30022222, 0x1f000a02, 0x1f000a02},
-+ {0x0000a528, 0x35022225, 0x35022225, 0x23000a04, 0x23000a04},
-+ {0x0000a52c, 0x3b02222a, 0x3b02222a, 0x26000a20, 0x26000a20},
-+ {0x0000a530, 0x3f02222c, 0x3f02222c, 0x2a000e20, 0x2a000e20},
-+ {0x0000a534, 0x4202242a, 0x4202242a, 0x2e000e22, 0x2e000e22},
-+ {0x0000a538, 0x4702244a, 0x4702244a, 0x31000e24, 0x31000e24},
-+ {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x34001640, 0x34001640},
-+ {0x0000a540, 0x4e02246c, 0x4e02246c, 0x38001660, 0x38001660},
-+ {0x0000a544, 0x5302266c, 0x5302266c, 0x3b001861, 0x3b001861},
-+ {0x0000a548, 0x5702286c, 0x5702286c, 0x3e001a81, 0x3e001a81},
-+ {0x0000a54c, 0x5c02486b, 0x5c02486b, 0x42001a83, 0x42001a83},
-+ {0x0000a550, 0x61024a6c, 0x61024a6c, 0x44001c84, 0x44001c84},
-+ {0x0000a554, 0x66026a6c, 0x66026a6c, 0x48001ce3, 0x48001ce3},
-+ {0x0000a558, 0x6b026e6c, 0x6b026e6c, 0x4c001ce5, 0x4c001ce5},
-+ {0x0000a55c, 0x7002708c, 0x7002708c, 0x50001ce9, 0x50001ce9},
-+ {0x0000a560, 0x7302b08a, 0x7302b08a, 0x54001ceb, 0x54001ceb},
-+ {0x0000a564, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a568, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a56c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a570, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a574, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a578, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a57c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
-+ {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000},
-+ {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002},
-+ {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004},
-+ {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200},
-+ {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202},
-+ {0x0000a594, 0x1c800223, 0x1c800223, 0x11800400, 0x11800400},
-+ {0x0000a598, 0x21820220, 0x21820220, 0x15800402, 0x15800402},
-+ {0x0000a59c, 0x27820223, 0x27820223, 0x19800404, 0x19800404},
-+ {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1b800603, 0x1b800603},
-+ {0x0000a5a4, 0x2f822222, 0x2f822222, 0x1f800a02, 0x1f800a02},
-+ {0x0000a5a8, 0x34822225, 0x34822225, 0x23800a04, 0x23800a04},
-+ {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x26800a20, 0x26800a20},
-+ {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2a800e20, 0x2a800e20},
-+ {0x0000a5b4, 0x4282242a, 0x4282242a, 0x2e800e22, 0x2e800e22},
-+ {0x0000a5b8, 0x4782244a, 0x4782244a, 0x31800e24, 0x31800e24},
-+ {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x34801640, 0x34801640},
-+ {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x38801660, 0x38801660},
-+ {0x0000a5c4, 0x5382266c, 0x5382266c, 0x3b801861, 0x3b801861},
-+ {0x0000a5c8, 0x5782286c, 0x5782286c, 0x3e801a81, 0x3e801a81},
-+ {0x0000a5cc, 0x5c84286b, 0x5c84286b, 0x42801a83, 0x42801a83},
-+ {0x0000a5d0, 0x61842a6c, 0x61842a6c, 0x44801c84, 0x44801c84},
-+ {0x0000a5d4, 0x66862a6c, 0x66862a6c, 0x48801ce3, 0x48801ce3},
-+ {0x0000a5d8, 0x6b862e6c, 0x6b862e6c, 0x4c801ce5, 0x4c801ce5},
-+ {0x0000a5dc, 0x7086308c, 0x7086308c, 0x50801ce9, 0x50801ce9},
-+ {0x0000a5e0, 0x738a308a, 0x738a308a, 0x54801ceb, 0x54801ceb},
-+ {0x0000a5e4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5e8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5ec, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5f0, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5f4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5f8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a5fc, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
-+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
-+ {0x0000a614, 0x01404000, 0x01404000, 0x01404000, 0x01404000},
-+ {0x0000a618, 0x01404501, 0x01404501, 0x01404501, 0x01404501},
-+ {0x0000a61c, 0x02008802, 0x02008802, 0x02008501, 0x02008501},
-+ {0x0000a620, 0x0300cc03, 0x0300cc03, 0x0280ca03, 0x0280ca03},
-+ {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04},
-+ {0x0000a628, 0x0300cc03, 0x0300cc03, 0x04014c04, 0x04014c04},
-+ {0x0000a62c, 0x03810c03, 0x03810c03, 0x04015005, 0x04015005},
-+ {0x0000a630, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
-+ {0x0000a634, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
-+ {0x0000a638, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
-+ {0x0000a63c, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
-+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352},
-+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584},
-+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800},
-+ {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
-+ {0x00016044, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4},
-+ {0x00016048, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266},
-+ {0x00016280, 0x01000015, 0x01000015, 0x01001015, 0x01001015},
-+ {0x00016288, 0x30318000, 0x30318000, 0x00318000, 0x00318000},
-+ {0x00016444, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4},
-+ {0x00016448, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266},
-+ {0x0000a3a4, 0x00000011, 0x00000011, 0x00000011, 0x00000011},
-+ {0x0000a3a8, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c},
-+ {0x0000a3ac, 0x30303030, 0x30303030, 0x30303030, 0x30303030},
-+};
-+
- #endif /* INITVALS_9340_H */
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -459,6 +459,7 @@ void ath_check_ani(struct ath_softc *sc)
- int ath_update_survey_stats(struct ath_softc *sc);
- void ath_update_survey_nf(struct ath_softc *sc, int channel);
- void ath9k_queue_reset(struct ath_softc *sc, enum ath_reset_type type);
-+void ath_ps_full_sleep(unsigned long data);
-
- /**********/
- /* BTCOEX */
-@@ -570,6 +571,34 @@ static inline void ath_fill_led_pin(stru
+ /**
+@@ -1420,7 +1422,8 @@ struct cfg80211_match_set {
+ * @dev: the interface
+ * @scan_start: start time of the scheduled scan
+ * @channels: channels to scan
+- * @rssi_thold: don't report scan results below this threshold (in s32 dBm)
++ * @min_rssi_thold: for drivers only supporting a single threshold, this
++ * contains the minimum over all matchsets
+ */
+ struct cfg80211_sched_scan_request {
+ struct cfg80211_ssid *ssids;
+@@ -1433,7 +1436,7 @@ struct cfg80211_sched_scan_request {
+ u32 flags;
+ struct cfg80211_match_set *match_sets;
+ int n_match_sets;
+- s32 rssi_thold;
++ s32 min_rssi_thold;
+
+ /* internal */
+ struct wiphy *wiphy;
+@@ -3130,8 +3133,8 @@ struct cfg80211_cached_keys;
+ * @identifier: (private) Identifier used in nl80211 to identify this
+ * wireless device if it has no netdev
+ * @current_bss: (private) Used by the internal configuration code
+- * @channel: (private) Used by the internal configuration code to track
+- * the user-set AP, monitor and WDS channel
++ * @chandef: (private) Used by the internal configuration code to track
++ * the user-set channel definition.
+ * @preset_chandef: (private) Used by the internal configuration code to
+ * track the channel to be used for AP later
+ * @bssid: (private) Used by the internal configuration code
+@@ -3195,9 +3198,7 @@ struct wireless_dev {
+
+ struct cfg80211_internal_bss *current_bss; /* associated / joined */
+ struct cfg80211_chan_def preset_chandef;
+-
+- /* for AP and mesh channel tracking */
+- struct ieee80211_channel *channel;
++ struct cfg80211_chan_def chandef;
+
+ bool ibss_fixed;
+ bool ibss_dfs_possible;
+@@ -3879,6 +3880,7 @@ void cfg80211_michael_mic_failure(struct
+ *
+ * @dev: network device
+ * @bssid: the BSSID of the IBSS joined
++ * @channel: the channel of the IBSS joined
+ * @gfp: allocation flags
+ *
+ * This function notifies cfg80211 that the device joined an IBSS or
+@@ -3888,7 +3890,8 @@ void cfg80211_michael_mic_failure(struct
+ * with the locally generated beacon -- this guarantees that there is
+ * always a scan result for this IBSS. cfg80211 will handle the rest.
+ */
+-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp);
++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
++ struct ieee80211_channel *channel, gfp_t gfp);
+
+ /**
+ * cfg80211_notify_new_candidate - notify cfg80211 of a new mesh peer candidate
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -2442,9 +2442,15 @@ enum nl80211_reg_rule_attr {
+ * enum nl80211_sched_scan_match_attr - scheduled scan match attributes
+ * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching,
+- * only report BSS with matching SSID.
++ * only report BSS with matching SSID.
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a
+- * BSS in scan results. Filtering is turned off if not specified.
++ * BSS in scan results. Filtering is turned off if not specified. Note that
++ * if this attribute is in a match set of its own, then it is treated as
++ * the default value for all matchsets with an SSID, rather than being a
++ * matchset of its own without an RSSI filter. This is due to problems with
++ * how this API was implemented in the past. Also, due to the same problem,
++ * the only way to create a matchset with only an RSSI filter (with this
++ * attribute) is if there's only a single matchset with the RSSI attribute.
+ * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter
+ * attribute number currently defined
+ * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use
+--- a/net/mac80211/agg-tx.c
++++ b/net/mac80211/agg-tx.c
+@@ -107,7 +107,7 @@ static void ieee80211_send_addba_request
+ mgmt->u.action.u.addba_req.start_seq_num =
+ cpu_to_le16(start_seq_num << 4);
+
+- ieee80211_tx_skb_tid(sdata, skb, tid);
++ ieee80211_tx_skb(sdata, skb);
}
- #endif
-+/************************/
-+/* Wake on Wireless LAN */
-+/************************/
-+
-+#ifdef CONFIG_ATH9K_WOW
-+void ath9k_init_wow(struct ieee80211_hw *hw);
-+int ath9k_suspend(struct ieee80211_hw *hw,
-+ struct cfg80211_wowlan *wowlan);
-+int ath9k_resume(struct ieee80211_hw *hw);
-+void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled);
-+#else
-+static inline void ath9k_init_wow(struct ieee80211_hw *hw)
-+{
-+}
-+static inline int ath9k_suspend(struct ieee80211_hw *hw,
-+ struct cfg80211_wowlan *wowlan)
-+{
-+ return 0;
-+}
-+static inline int ath9k_resume(struct ieee80211_hw *hw)
-+{
-+ return 0;
-+}
-+static inline void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
-+{
-+}
-+#endif /* CONFIG_ATH9K_WOW */
-+
- /*******************************/
- /* Antenna diversity/combining */
- /*******************************/
-@@ -723,6 +752,7 @@ struct ath_softc {
- struct work_struct hw_check_work;
- struct work_struct hw_reset_work;
- struct completion paprd_complete;
-+ wait_queue_head_t tx_wait;
-
- unsigned int hw_busy_count;
- unsigned long sc_flags;
-@@ -759,6 +789,7 @@ struct ath_softc {
- struct delayed_work tx_complete_work;
- struct delayed_work hw_pll_work;
- struct timer_list rx_poll_timer;
-+ struct timer_list sleep_timer;
-
- #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
- struct ath_btcoex btcoex;
-@@ -783,7 +814,7 @@ struct ath_softc {
- bool tx99_state;
- s16 tx99_power;
-
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ATH9K_WOW
- atomic_t wow_got_bmiss_intr;
- atomic_t wow_sleep_proc_intr; /* in the middle of WoW sleep ? */
- u32 wow_intr_before_sleep;
-@@ -946,10 +977,25 @@ struct fft_sample_ht20_40 {
- u8 data[SPECTRAL_HT20_40_NUM_BINS];
- } __packed;
-
--int ath9k_tx99_init(struct ath_softc *sc);
--void ath9k_tx99_deinit(struct ath_softc *sc);
-+/********/
-+/* TX99 */
-+/********/
-+
-+#ifdef CONFIG_ATH9K_TX99
-+void ath9k_tx99_init_debug(struct ath_softc *sc);
- int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb,
- struct ath_tx_control *txctl);
-+#else
-+static inline void ath9k_tx99_init_debug(struct ath_softc *sc)
-+{
-+}
-+static inline int ath9k_tx99_send(struct ath_softc *sc,
-+ struct sk_buff *skb,
-+ struct ath_tx_control *txctl)
-+{
-+ return 0;
-+}
-+#endif /* CONFIG_ATH9K_TX99 */
-
- void ath9k_tasklet(unsigned long data);
- int ath_cabq_update(struct ath_softc *);
-@@ -966,6 +1012,9 @@ extern bool is_ath9k_unloaded;
-
- u8 ath9k_parse_mpdudensity(u8 mpdudensity);
- irqreturn_t ath_isr(int irq, void *dev);
-+int ath_reset(struct ath_softc *sc);
-+void ath_cancel_work(struct ath_softc *sc);
-+void ath_restart_work(struct ath_softc *sc);
- int ath9k_init_device(u16 devid, struct ath_softc *sc,
- const struct ath_bus_ops *bus_ops);
- void ath9k_deinit_device(struct ath_softc *sc);
---- a/drivers/net/wireless/ath/ath9k/debug.c
-+++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -1782,111 +1782,6 @@ void ath9k_deinit_debug(struct ath_softc
+ void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -970,9 +970,9 @@ static int ieee80211_start_ap(struct wip
+ /* TODO: make hostapd tell us what it wants */
+ sdata->smps_mode = IEEE80211_SMPS_OFF;
+ sdata->needed_rx_chains = sdata->local->rx_chains;
+- sdata->radar_required = params->radar_required;
+
+ mutex_lock(&local->mtx);
++ sdata->radar_required = params->radar_required;
+ err = ieee80211_vif_use_channel(sdata, ¶ms->chandef,
+ IEEE80211_CHANCTX_SHARED);
+ mutex_unlock(&local->mtx);
+@@ -1021,8 +1021,10 @@ static int ieee80211_start_ap(struct wip
+ IEEE80211_P2P_OPPPS_ENABLE_BIT;
+
+ err = ieee80211_assign_beacon(sdata, ¶ms->beacon);
+- if (err < 0)
++ if (err < 0) {
++ ieee80211_vif_release_channel(sdata);
+ return err;
++ }
+ changed |= err;
+
+ err = drv_start_ap(sdata->local, sdata);
+@@ -1032,6 +1034,7 @@ static int ieee80211_start_ap(struct wip
+ if (old)
+ kfree_rcu(old, rcu_head);
+ RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
++ ieee80211_vif_release_channel(sdata);
+ return err;
}
- }
--static ssize_t read_file_tx99(struct file *file, char __user *user_buf,
-- size_t count, loff_t *ppos)
--{
-- struct ath_softc *sc = file->private_data;
-- char buf[3];
-- unsigned int len;
--
-- len = sprintf(buf, "%d\n", sc->tx99_state);
-- return simple_read_from_buffer(user_buf, count, ppos, buf, len);
--}
--
--static ssize_t write_file_tx99(struct file *file, const char __user *user_buf,
-- size_t count, loff_t *ppos)
--{
-- struct ath_softc *sc = file->private_data;
-- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-- char buf[32];
-- bool start;
-- ssize_t len;
-- int r;
--
-- if (sc->nvifs > 1)
-- return -EOPNOTSUPP;
--
-- len = min(count, sizeof(buf) - 1);
-- if (copy_from_user(buf, user_buf, len))
-- return -EFAULT;
--
-- if (strtobool(buf, &start))
-- return -EINVAL;
--
-- if (start == sc->tx99_state) {
-- if (!start)
-- return count;
-- ath_dbg(common, XMIT, "Resetting TX99\n");
-- ath9k_tx99_deinit(sc);
-- }
--
-- if (!start) {
-- ath9k_tx99_deinit(sc);
-- return count;
-- }
--
-- r = ath9k_tx99_init(sc);
-- if (r)
-- return r;
--
-- return count;
--}
--
--static const struct file_operations fops_tx99 = {
-- .read = read_file_tx99,
-- .write = write_file_tx99,
-- .open = simple_open,
-- .owner = THIS_MODULE,
-- .llseek = default_llseek,
--};
--
--static ssize_t read_file_tx99_power(struct file *file,
-- char __user *user_buf,
-- size_t count, loff_t *ppos)
--{
-- struct ath_softc *sc = file->private_data;
-- char buf[32];
-- unsigned int len;
--
-- len = sprintf(buf, "%d (%d dBm)\n",
-- sc->tx99_power,
-- sc->tx99_power / 2);
--
-- return simple_read_from_buffer(user_buf, count, ppos, buf, len);
--}
--
--static ssize_t write_file_tx99_power(struct file *file,
-- const char __user *user_buf,
-- size_t count, loff_t *ppos)
--{
-- struct ath_softc *sc = file->private_data;
-- int r;
-- u8 tx_power;
--
-- r = kstrtou8_from_user(user_buf, count, 0, &tx_power);
-- if (r)
-- return r;
--
-- if (tx_power > MAX_RATE_POWER)
-- return -EINVAL;
--
-- sc->tx99_power = tx_power;
--
-- ath9k_ps_wakeup(sc);
-- ath9k_hw_tx99_set_txpower(sc->sc_ah, sc->tx99_power);
-- ath9k_ps_restore(sc);
--
-- return count;
--}
--
--static const struct file_operations fops_tx99_power = {
-- .read = read_file_tx99_power,
-- .write = write_file_tx99_power,
-- .open = simple_open,
-- .owner = THIS_MODULE,
-- .llseek = default_llseek,
--};
--
- int ath9k_init_debug(struct ath_hw *ah)
- {
- struct ath_common *common = ath9k_hw_common(ah);
-@@ -1903,6 +1798,7 @@ int ath9k_init_debug(struct ath_hw *ah)
- #endif
+@@ -1053,6 +1056,7 @@ static int ieee80211_change_beacon(struc
+ int err;
- ath9k_dfs_init_debug(sc);
-+ ath9k_tx99_init_debug(sc);
+ sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++ sdata_assert_lock(sdata);
- debugfs_create_file("dma", S_IRUSR, sc->debug.debugfs_phy, sc,
- &fops_dma);
-@@ -1978,15 +1874,6 @@ int ath9k_init_debug(struct ath_hw *ah)
- debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc,
- &fops_btcoex);
- #endif
-- if (config_enabled(CPTCFG_ATH9K_TX99) &&
-- AR_SREV_9300_20_OR_LATER(ah)) {
-- debugfs_create_file("tx99", S_IRUSR | S_IWUSR,
-- sc->debug.debugfs_phy, sc,
-- &fops_tx99);
-- debugfs_create_file("tx99_power", S_IRUSR | S_IWUSR,
-- sc->debug.debugfs_phy, sc,
-- &fops_tx99_power);
-- }
+ /* don't allow changing the beacon while CSA is in place - offset
+ * of channel switch counter may change
+@@ -1080,6 +1084,8 @@ static int ieee80211_stop_ap(struct wiph
+ struct probe_resp *old_probe_resp;
+ struct cfg80211_chan_def chandef;
+
++ sdata_assert_lock(sdata);
++
+ old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata);
+ if (!old_beacon)
+ return -ENOENT;
+@@ -1090,8 +1096,6 @@ static int ieee80211_stop_ap(struct wiph
+ kfree(sdata->u.ap.next_beacon);
+ sdata->u.ap.next_beacon = NULL;
+
+- cancel_work_sync(&sdata->u.ap.request_smps_work);
+-
+ /* turn off carrier for this interface and dependent VLANs */
+ list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
+ netif_carrier_off(vlan->dev);
+@@ -1103,6 +1107,7 @@ static int ieee80211_stop_ap(struct wiph
+ kfree_rcu(old_beacon, rcu_head);
+ if (old_probe_resp)
+ kfree_rcu(old_probe_resp, rcu_head);
++ sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
+
+ __sta_info_flush(sdata, true);
+ ieee80211_free_keys(sdata, true);
+@@ -2638,6 +2643,24 @@ static int ieee80211_start_roc_work(stru
+ INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
+ INIT_LIST_HEAD(&roc->dependents);
+
++ /*
++ * cookie is either the roc cookie (for normal roc)
++ * or the SKB (for mgmt TX)
++ */
++ if (!txskb) {
++ /* local->mtx protects this */
++ local->roc_cookie_counter++;
++ roc->cookie = local->roc_cookie_counter;
++ /* wow, you wrapped 64 bits ... more likely a bug */
++ if (WARN_ON(roc->cookie == 0)) {
++ roc->cookie = 1;
++ local->roc_cookie_counter++;
++ }
++ *cookie = roc->cookie;
++ } else {
++ *cookie = (unsigned long)txskb;
++ }
++
+ /* if there's one pending or we're scanning, queue this one */
+ if (!list_empty(&local->roc_list) ||
+ local->scanning || local->radar_detect_enabled)
+@@ -2772,24 +2795,6 @@ static int ieee80211_start_roc_work(stru
+ if (!queued)
+ list_add_tail(&roc->list, &local->roc_list);
+- /*
+- * cookie is either the roc cookie (for normal roc)
+- * or the SKB (for mgmt TX)
+- */
+- if (!txskb) {
+- /* local->mtx protects this */
+- local->roc_cookie_counter++;
+- roc->cookie = local->roc_cookie_counter;
+- /* wow, you wrapped 64 bits ... more likely a bug */
+- if (WARN_ON(roc->cookie == 0)) {
+- roc->cookie = 1;
+- local->roc_cookie_counter++;
+- }
+- *cookie = roc->cookie;
+- } else {
+- *cookie = (unsigned long)txskb;
+- }
+-
return 0;
}
---- a/drivers/net/wireless/ath/ath9k/hw.c
-+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -17,6 +17,7 @@
- #include <linux/io.h>
- #include <linux/slab.h>
- #include <linux/module.h>
-+#include <linux/time.h>
- #include <asm/unaligned.h>
-
- #include "hw.h"
-@@ -454,7 +455,6 @@ static void ath9k_hw_init_config(struct
- }
- ah->config.rx_intr_mitigation = true;
-- ah->config.pcieSerDesWrite = true;
+@@ -3004,8 +3009,10 @@ void ieee80211_csa_finalize_work(struct
+ if (!ieee80211_sdata_running(sdata))
+ goto unlock;
- /*
- * We need this for PCI devices only (Cardbus, PCI, miniPCI)
-@@ -1502,8 +1502,9 @@ static bool ath9k_hw_channel_change(stru
- int r;
-
- if (pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH) {
-- band_switch = IS_CHAN_5GHZ(ah->curchan) != IS_CHAN_5GHZ(chan);
-- mode_diff = (chan->channelFlags != ah->curchan->channelFlags);
-+ u32 flags_diff = chan->channelFlags ^ ah->curchan->channelFlags;
-+ band_switch = !!(flags_diff & CHANNEL_5GHZ);
-+ mode_diff = !!(flags_diff & ~CHANNEL_HT);
- }
+- sdata->radar_required = sdata->csa_radar_required;
++ sdata_assert_lock(sdata);
++
+ mutex_lock(&local->mtx);
++ sdata->radar_required = sdata->csa_radar_required;
+ err = ieee80211_vif_change_channel(sdata, &changed);
+ mutex_unlock(&local->mtx);
+ if (WARN_ON(err < 0))
+@@ -3022,13 +3029,13 @@ void ieee80211_csa_finalize_work(struct
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_AP:
+ err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
++ kfree(sdata->u.ap.next_beacon);
++ sdata->u.ap.next_beacon = NULL;
++
+ if (err < 0)
+ goto unlock;
- for (qnum = 0; qnum < AR_NUM_QCU; qnum++) {
-@@ -1815,7 +1816,7 @@ static int ath9k_hw_do_fastcc(struct ath
- * If cross-band fcc is not supoprted, bail out if channelFlags differ.
- */
- if (!(pCap->hw_caps & ATH9K_HW_CAP_FCC_BAND_SWITCH) &&
-- chan->channelFlags != ah->curchan->channelFlags)
-+ ((chan->channelFlags ^ ah->curchan->channelFlags) & ~CHANNEL_HT))
- goto fail;
-
- if (!ath9k_hw_check_alive(ah))
-@@ -1856,10 +1857,12 @@ int ath9k_hw_reset(struct ath_hw *ah, st
- struct ath9k_hw_cal_data *caldata, bool fastcc)
- {
- struct ath_common *common = ath9k_hw_common(ah);
-+ struct timespec ts;
- u32 saveLedState;
- u32 saveDefAntenna;
- u32 macStaId1;
- u64 tsf = 0;
-+ s64 usec = 0;
- int r;
- bool start_mci_reset = false;
- bool save_fullsleep = ah->chip_fullsleep;
-@@ -1902,10 +1905,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st
-
- macStaId1 = REG_READ(ah, AR_STA_ID1) & AR_STA_ID1_BASE_RATE_11B;
-
-- /* For chips on which RTC reset is done, save TSF before it gets cleared */
-- if (AR_SREV_9100(ah) ||
-- (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL)))
-- tsf = ath9k_hw_gettsf64(ah);
-+ /* Save TSF before chip reset, a cold reset clears it */
-+ tsf = ath9k_hw_gettsf64(ah);
-+ getrawmonotonic(&ts);
-+ usec = ts.tv_sec * 1000 + ts.tv_nsec / 1000;
-
- saveLedState = REG_READ(ah, AR_CFG_LED) &
- (AR_CFG_LED_ASSOC_CTL | AR_CFG_LED_MODE_SEL |
-@@ -1938,8 +1941,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
- }
+ changed |= err;
+- kfree(sdata->u.ap.next_beacon);
+- sdata->u.ap.next_beacon = NULL;
+-
+ ieee80211_bss_info_change_notify(sdata, err);
+ break;
+ case NL80211_IFTYPE_ADHOC:
+@@ -3066,7 +3073,7 @@ int ieee80211_channel_switch(struct wiph
+ struct ieee80211_if_mesh __maybe_unused *ifmsh;
+ int err, num_chanctx;
+
+- lockdep_assert_held(&sdata->wdev.mtx);
++ sdata_assert_lock(sdata);
+
+ if (!list_empty(&local->roc_list) || local->scanning)
+ return -EBUSY;
+--- a/net/mac80211/ht.c
++++ b/net/mac80211/ht.c
+@@ -375,7 +375,7 @@ void ieee80211_send_delba(struct ieee802
+ mgmt->u.action.u.delba.params = cpu_to_le16(params);
+ mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
+
+- ieee80211_tx_skb_tid(sdata, skb, tid);
++ ieee80211_tx_skb(sdata, skb);
+ }
- /* Restore TSF */
-- if (tsf)
-- ath9k_hw_settsf64(ah, tsf);
-+ getrawmonotonic(&ts);
-+ usec = ts.tv_sec * 1000 + ts.tv_nsec / 1000 - usec;
-+ ath9k_hw_settsf64(ah, tsf + usec);
-
- if (AR_SREV_9280_20_OR_LATER(ah))
- REG_SET_BIT(ah, AR_GPIO_INPUT_EN_VAL, AR_GPIO_JTAG_DISABLE);
---- a/drivers/net/wireless/ath/ath9k/hw.h
-+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -283,7 +283,6 @@ struct ath9k_ops_config {
- int additional_swba_backoff;
- int ack_6mb;
- u32 cwm_ignore_extcca;
-- bool pcieSerDesWrite;
- u8 pcie_clock_req;
- u32 pcie_waen;
- u8 analog_shiftreg;
-@@ -920,7 +919,7 @@ struct ath_hw {
- /* Enterprise mode cap */
- u32 ent_mode;
-
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ATH9K_WOW
- u32 wow_event_mask;
- #endif
- bool is_clk_25mhz;
-@@ -1126,7 +1125,7 @@ ath9k_hw_get_btcoex_scheme(struct ath_hw
- #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */
-
-
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ATH9K_WOW
- const char *ath9k_hw_wow_event_to_string(u32 wow_event);
- void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern,
- u8 *user_mask, int pattern_count,
---- a/drivers/net/wireless/ath/ath9k/init.c
-+++ b/drivers/net/wireless/ath/ath9k/init.c
-@@ -683,6 +683,7 @@ static int ath9k_init_softc(u16 devid, s
- common = ath9k_hw_common(ah);
- sc->dfs_detector = dfs_pattern_detector_init(common, NL80211_DFS_UNSET);
- sc->tx99_power = MAX_RATE_POWER + 1;
-+ init_waitqueue_head(&sc->tx_wait);
-
- if (!pdata) {
- ah->ah_flags |= AH_USE_EEPROM;
-@@ -730,6 +731,7 @@ static int ath9k_init_softc(u16 devid, s
- tasklet_init(&sc->bcon_tasklet, ath9k_beacon_tasklet,
- (unsigned long)sc);
-
-+ setup_timer(&sc->sleep_timer, ath_ps_full_sleep, (unsigned long)sc);
- INIT_WORK(&sc->hw_reset_work, ath_reset_work);
- INIT_WORK(&sc->hw_check_work, ath_hw_check);
- INIT_WORK(&sc->paprd_work, ath_paprd_calibrate);
-@@ -845,7 +847,8 @@ static const struct ieee80211_iface_limi
- };
+ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
+@@ -466,7 +466,9 @@ void ieee80211_request_smps_ap_work(stru
+ u.ap.request_smps_work);
- static const struct ieee80211_iface_limit if_dfs_limits[] = {
-- { .max = 1, .types = BIT(NL80211_IFTYPE_AP) },
-+ { .max = 1, .types = BIT(NL80211_IFTYPE_AP) |
-+ BIT(NL80211_IFTYPE_ADHOC) },
- };
+ sdata_lock(sdata);
+- __ieee80211_request_smps_ap(sdata, sdata->u.ap.driver_smps_mode);
++ if (sdata_dereference(sdata->u.ap.beacon, sdata))
++ __ieee80211_request_smps_ap(sdata,
++ sdata->u.ap.driver_smps_mode);
+ sdata_unlock(sdata);
+ }
- static const struct ieee80211_iface_combination if_comb[] = {
-@@ -862,20 +865,11 @@ static const struct ieee80211_iface_comb
- .max_interfaces = 1,
- .num_different_channels = 1,
- .beacon_int_infra_match = true,
-- .radar_detect_widths = BIT(NL80211_CHAN_NO_HT) |
-- BIT(NL80211_CHAN_HT20),
-+ .radar_detect_widths = BIT(NL80211_CHAN_WIDTH_20_NOHT) |
-+ BIT(NL80211_CHAN_WIDTH_20),
- }
- };
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -770,12 +770,19 @@ static void ieee80211_do_stop(struct iee
--#ifdef CONFIG_PM
--static const struct wiphy_wowlan_support ath9k_wowlan_support = {
-- .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
-- .n_patterns = MAX_NUM_USER_PATTERN,
-- .pattern_min_len = 1,
-- .pattern_max_len = MAX_PATTERN_SIZE,
--};
--#endif
--
- void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw)
- {
- struct ath_hw *ah = sc->sc_ah;
-@@ -925,16 +919,6 @@ void ath9k_set_hw_capab(struct ath_softc
- hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_5_10_MHZ;
- hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
-
--#ifdef CONFIG_PM_SLEEP
-- if ((ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) &&
-- (sc->driver_data & ATH9K_PCI_WOW) &&
-- device_can_wakeup(sc->dev))
-- hw->wiphy->wowlan = &ath9k_wowlan_support;
+ ieee80211_roc_purge(local, sdata);
+
+- if (sdata->vif.type == NL80211_IFTYPE_STATION)
++ switch (sdata->vif.type) {
++ case NL80211_IFTYPE_STATION:
+ ieee80211_mgd_stop(sdata);
-
-- atomic_set(&sc->wow_sleep_proc_intr, -1);
-- atomic_set(&sc->wow_got_bmiss_intr, -1);
--#endif
+- if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
++ break;
++ case NL80211_IFTYPE_ADHOC:
+ ieee80211_ibss_stop(sdata);
-
- hw->queues = 4;
- hw->max_rates = 4;
- hw->channel_change_time = 5000;
-@@ -960,6 +944,7 @@ void ath9k_set_hw_capab(struct ath_softc
- hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
- &sc->sbands[IEEE80211_BAND_5GHZ];
-
-+ ath9k_init_wow(hw);
- ath9k_reload_chainmask_settings(sc);
-
- SET_IEEE80211_PERM_ADDR(hw, common->macaddr);
-@@ -1058,6 +1043,7 @@ static void ath9k_deinit_softc(struct at
- if (ATH_TXQ_SETUP(sc, i))
- ath_tx_cleanupq(sc, &sc->tx.txq[i]);
-
-+ del_timer_sync(&sc->sleep_timer);
- ath9k_hw_deinit(sc->sc_ah);
- if (sc->dfs_detector != NULL)
- sc->dfs_detector->exit(sc->dfs_detector);
---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -82,6 +82,22 @@ static bool ath9k_setpower(struct ath_so
- return ret;
- }
++ break;
++ case NL80211_IFTYPE_AP:
++ cancel_work_sync(&sdata->u.ap.request_smps_work);
++ break;
++ default:
++ break;
++ }
-+void ath_ps_full_sleep(unsigned long data)
-+{
-+ struct ath_softc *sc = (struct ath_softc *) data;
-+ struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-+ bool reset;
-+
-+ spin_lock(&common->cc_lock);
-+ ath_hw_cycle_counters_update(common);
-+ spin_unlock(&common->cc_lock);
-+
-+ ath9k_hw_setrxabort(sc->sc_ah, 1);
-+ ath9k_hw_stopdmarecv(sc->sc_ah, &reset);
-+
-+ ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_FULL_SLEEP);
-+}
-+
- void ath9k_ps_wakeup(struct ath_softc *sc)
- {
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-@@ -92,6 +108,7 @@ void ath9k_ps_wakeup(struct ath_softc *s
- if (++sc->ps_usecount != 1)
- goto unlock;
+ /*
+ * Remove all stations associated with this interface.
+@@ -827,7 +834,9 @@ static void ieee80211_do_stop(struct iee
+ cancel_work_sync(&local->dynamic_ps_enable_work);
-+ del_timer_sync(&sc->sleep_timer);
- power_mode = sc->sc_ah->power_mode;
- ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_AWAKE);
+ cancel_work_sync(&sdata->recalc_smps);
++ sdata_lock(sdata);
+ sdata->vif.csa_active = false;
++ sdata_unlock(sdata);
+ cancel_work_sync(&sdata->csa_finalize_work);
-@@ -117,17 +134,17 @@ void ath9k_ps_restore(struct ath_softc *
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
- enum ath9k_power_mode mode;
- unsigned long flags;
-- bool reset;
+ cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -599,10 +599,10 @@ static int ieee80211_is_unicast_robust_m
+ {
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- spin_lock_irqsave(&sc->sc_pm_lock, flags);
- if (--sc->ps_usecount != 0)
- goto unlock;
+- if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
++ if (is_multicast_ether_addr(hdr->addr1))
+ return 0;
- if (sc->ps_idle) {
-- ath9k_hw_setrxabort(sc->sc_ah, 1);
-- ath9k_hw_stopdmarecv(sc->sc_ah, &reset);
-- mode = ATH9K_PM_FULL_SLEEP;
-- } else if (sc->ps_enabled &&
-+ mod_timer(&sc->sleep_timer, jiffies + HZ / 10);
-+ goto unlock;
-+ }
-+
-+ if (sc->ps_enabled &&
- !(sc->ps_flags & (PS_WAIT_FOR_BEACON |
- PS_WAIT_FOR_CAB |
- PS_WAIT_FOR_PSPOLL_DATA |
-@@ -163,13 +180,13 @@ static void __ath_cancel_work(struct ath
- #endif
+- return ieee80211_is_robust_mgmt_frame(hdr);
++ return ieee80211_is_robust_mgmt_frame(skb);
}
--static void ath_cancel_work(struct ath_softc *sc)
-+void ath_cancel_work(struct ath_softc *sc)
- {
- __ath_cancel_work(sc);
- cancel_work_sync(&sc->hw_reset_work);
- }
--static void ath_restart_work(struct ath_softc *sc)
-+void ath_restart_work(struct ath_softc *sc)
+@@ -610,10 +610,10 @@ static int ieee80211_is_multicast_robust
{
- ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0);
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-@@ -487,6 +504,8 @@ void ath9k_tasklet(unsigned long data)
- ath_tx_edma_tasklet(sc);
- else
- ath_tx_tasklet(sc);
-+
-+ wake_up(&sc->tx_wait);
- }
+- if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
++ if (!is_multicast_ether_addr(hdr->addr1))
+ return 0;
+
+- return ieee80211_is_robust_mgmt_frame(hdr);
++ return ieee80211_is_robust_mgmt_frame(skb);
+ }
- ath9k_btcoex_handle_interrupt(sc, status);
-@@ -579,7 +598,8 @@ irqreturn_t ath_isr(int irq, void *dev)
- goto chip_reset;
+@@ -626,7 +626,7 @@ static int ieee80211_get_mmie_keyidx(str
+ if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
+ return -1;
+
+- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
++ if (!ieee80211_is_robust_mgmt_frame(skb))
+ return -1; /* not a robust management frame */
+
+ mmie = (struct ieee80211_mmie *)
+@@ -1311,18 +1311,15 @@ ieee80211_rx_h_sta_process(struct ieee80
+ !ieee80211_has_morefrags(hdr->frame_control) &&
+ !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
+ (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
+- rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
++ rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
++ /* PM bit is only checked in frames where it isn't reserved,
++ * in AP mode it's reserved in non-bufferable management frames
++ * (cf. IEEE 802.11-2012 8.2.4.1.7 Power Management field)
++ */
++ (!ieee80211_is_mgmt(hdr->frame_control) ||
++ ieee80211_is_bufferable_mmpdu(hdr->frame_control))) {
+ if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
+- /*
+- * Ignore doze->wake transitions that are
+- * indicated by non-data frames, the standard
+- * is unclear here, but for example going to
+- * PS mode and then scanning would cause a
+- * doze->wake transition for the probe request,
+- * and that is clearly undesirable.
+- */
+- if (ieee80211_is_data(hdr->frame_control) &&
+- !ieee80211_has_pm(hdr->frame_control))
++ if (!ieee80211_has_pm(hdr->frame_control))
+ sta_ps_end(sta);
+ } else {
+ if (ieee80211_has_pm(hdr->frame_control))
+@@ -1845,8 +1842,7 @@ static int ieee80211_drop_unencrypted_mg
+ * having configured keys.
+ */
+ if (unlikely(ieee80211_is_action(fc) && !rx->key &&
+- ieee80211_is_robust_mgmt_frame(
+- (struct ieee80211_hdr *) rx->skb->data)))
++ ieee80211_is_robust_mgmt_frame(rx->skb)))
+ return -EACCES;
}
--#ifdef CONFIG_PM_SLEEP
-+
-+#ifdef CONFIG_ATH9K_WOW
- if (status & ATH9K_INT_BMISS) {
- if (atomic_read(&sc->wow_sleep_proc_intr) == 0) {
- ath_dbg(common, ANY, "during WoW we got a BMISS\n");
-@@ -588,6 +608,8 @@ irqreturn_t ath_isr(int irq, void *dev)
- }
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -452,8 +452,7 @@ static int ieee80211_use_mfp(__le16 fc,
+ if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
+ return 0;
+
+- if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
+- skb->data))
++ if (!ieee80211_is_robust_mgmt_frame(skb))
+ return 0;
+
+ return 1;
+@@ -525,9 +524,7 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t
+
+ /* only deauth, disassoc and action are bufferable MMPDUs */
+ if (ieee80211_is_mgmt(hdr->frame_control) &&
+- !ieee80211_is_deauth(hdr->frame_control) &&
+- !ieee80211_is_disassoc(hdr->frame_control) &&
+- !ieee80211_is_action(hdr->frame_control)) {
++ !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
+ if (tx->flags & IEEE80211_TX_UNICAST)
+ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
+ return TX_CONTINUE;
+@@ -567,7 +564,7 @@ ieee80211_tx_h_select_key(struct ieee802
+ tx->key = key;
+ else if (ieee80211_is_mgmt(hdr->frame_control) &&
+ is_multicast_ether_addr(hdr->addr1) &&
+- ieee80211_is_robust_mgmt_frame(hdr) &&
++ ieee80211_is_robust_mgmt_frame(tx->skb) &&
+ (key = rcu_dereference(tx->sdata->default_mgmt_key)))
+ tx->key = key;
+ else if (is_multicast_ether_addr(hdr->addr1) &&
+@@ -582,12 +579,12 @@ ieee80211_tx_h_select_key(struct ieee802
+ tx->key = NULL;
+ else if (tx->skb->protocol == tx->sdata->control_port_protocol)
+ tx->key = NULL;
+- else if (ieee80211_is_robust_mgmt_frame(hdr) &&
++ else if (ieee80211_is_robust_mgmt_frame(tx->skb) &&
+ !(ieee80211_is_action(hdr->frame_control) &&
+ tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
+ tx->key = NULL;
+ else if (ieee80211_is_mgmt(hdr->frame_control) &&
+- !ieee80211_is_robust_mgmt_frame(hdr))
++ !ieee80211_is_robust_mgmt_frame(tx->skb))
+ tx->key = NULL;
+ else {
+ I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
+@@ -878,7 +875,7 @@ static int ieee80211_fragment(struct iee
}
- #endif
-+
-+
- if (status & ATH9K_INT_SWBA)
- tasklet_schedule(&sc->bcon_tasklet);
-@@ -627,7 +649,7 @@ chip_reset:
- #undef SCHED_INTR
+ /* adjust first fragment's length */
+- skb->len = hdrlen + per_fragm;
++ skb_trim(skb, hdrlen + per_fragm);
+ return 0;
}
--static int ath_reset(struct ath_softc *sc)
-+int ath_reset(struct ath_softc *sc)
- {
- int r;
+--- a/net/mac80211/wpa.c
++++ b/net/mac80211/wpa.c
+@@ -499,7 +499,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+ hdrlen = ieee80211_hdrlen(hdr->frame_control);
+
+ if (!ieee80211_is_data(hdr->frame_control) &&
+- !ieee80211_is_robust_mgmt_frame(hdr))
++ !ieee80211_is_robust_mgmt_frame(skb))
+ return RX_CONTINUE;
+
+ data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
+--- a/net/wireless/ap.c
++++ b/net/wireless/ap.c
+@@ -27,9 +27,10 @@ static int __cfg80211_stop_ap(struct cfg
+ err = rdev_stop_ap(rdev, dev);
+ if (!err) {
+ wdev->beacon_interval = 0;
+- wdev->channel = NULL;
++ memset(&wdev->chandef, 0, sizeof(wdev->chandef));
+ wdev->ssid_len = 0;
+ rdev_set_qos_map(rdev, dev, NULL);
++ nl80211_send_ap_stopped(wdev);
+ }
-@@ -1817,13 +1839,31 @@ static void ath9k_set_coverage_class(str
- mutex_unlock(&sc->mutex);
- }
+ return err;
+--- a/net/wireless/core.c
++++ b/net/wireless/core.c
+@@ -203,8 +203,11 @@ void cfg80211_stop_p2p_device(struct cfg
-+static bool ath9k_has_tx_pending(struct ath_softc *sc)
-+{
-+ int i, npend;
-+
-+ for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
-+ if (!ATH_TXQ_SETUP(sc, i))
-+ continue;
-+
-+ if (!sc->tx.txq[i].axq_depth)
-+ continue;
-+
-+ npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]);
-+ if (npend)
-+ break;
+ rdev->opencount--;
+
+- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
+- !rdev->scan_req->notified);
++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
++ if (WARN_ON(!rdev->scan_req->notified))
++ rdev->scan_req->aborted = true;
++ ___cfg80211_scan_done(rdev, false);
+ }
-+
-+ return !!npend;
-+}
-+
- static void ath9k_flush(struct ieee80211_hw *hw, u32 queues, bool drop)
- {
- struct ath_softc *sc = hw->priv;
- struct ath_hw *ah = sc->sc_ah;
- struct ath_common *common = ath9k_hw_common(ah);
-- int timeout = 200; /* ms */
-- int i, j;
-+ int timeout = HZ / 5; /* 200 ms */
- bool drain_txq;
+ }
- mutex_lock(&sc->mutex);
-@@ -1841,25 +1881,9 @@ static void ath9k_flush(struct ieee80211
- return;
- }
+ static int cfg80211_rfkill_set_block(void *data, bool blocked)
+@@ -447,9 +450,6 @@ int wiphy_register(struct wiphy *wiphy)
+ int i;
+ u16 ifmodes = wiphy->interface_modes;
-- for (j = 0; j < timeout; j++) {
-- bool npend = false;
--
-- if (j)
-- usleep_range(1000, 2000);
+- /* support for 5/10 MHz is broken due to nl80211 API mess - disable */
+- wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_5_10_MHZ;
-
-- for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
-- if (!ATH_TXQ_SETUP(sc, i))
-- continue;
--
-- npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]);
--
-- if (npend)
-- break;
-- }
--
-- if (!npend)
-- break;
-- }
-+ if (wait_event_timeout(sc->tx_wait, !ath9k_has_tx_pending(sc),
-+ timeout) > 0)
-+ drop = false;
-
- if (drop) {
- ath9k_ps_wakeup(sc);
-@@ -2021,333 +2045,6 @@ static int ath9k_get_antenna(struct ieee
- return 0;
- }
+ /*
+ * There are major locking problems in nl80211/mac80211 for CSA,
+ * disable for all drivers until this has been reworked.
+@@ -875,8 +875,11 @@ static int cfg80211_netdev_notifier_call
+ break;
+ case NETDEV_DOWN:
+ cfg80211_update_iface_num(rdev, wdev->iftype, -1);
+- WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev &&
+- !rdev->scan_req->notified);
++ if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
++ if (WARN_ON(!rdev->scan_req->notified))
++ rdev->scan_req->aborted = true;
++ ___cfg80211_scan_done(rdev, false);
++ }
--#ifdef CONFIG_PM_SLEEP
--
--static void ath9k_wow_map_triggers(struct ath_softc *sc,
-- struct cfg80211_wowlan *wowlan,
-- u32 *wow_triggers)
--{
-- if (wowlan->disconnect)
-- *wow_triggers |= AH_WOW_LINK_CHANGE |
-- AH_WOW_BEACON_MISS;
-- if (wowlan->magic_pkt)
-- *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN;
--
-- if (wowlan->n_patterns)
-- *wow_triggers |= AH_WOW_USER_PATTERN_EN;
--
-- sc->wow_enabled = *wow_triggers;
--
--}
--
--static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc)
--{
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
-- int pattern_count = 0;
-- int i, byte_cnt;
-- u8 dis_deauth_pattern[MAX_PATTERN_SIZE];
-- u8 dis_deauth_mask[MAX_PATTERN_SIZE];
--
-- memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE);
-- memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE);
--
-- /*
-- * Create Dissassociate / Deauthenticate packet filter
-- *
-- * 2 bytes 2 byte 6 bytes 6 bytes 6 bytes
-- * +--------------+----------+---------+--------+--------+----
-- * + Frame Control+ Duration + DA + SA + BSSID +
-- * +--------------+----------+---------+--------+--------+----
-- *
-- * The above is the management frame format for disassociate/
-- * deauthenticate pattern, from this we need to match the first byte
-- * of 'Frame Control' and DA, SA, and BSSID fields
-- * (skipping 2nd byte of FC and Duration feild.
-- *
-- * Disassociate pattern
-- * --------------------
-- * Frame control = 00 00 1010
-- * DA, SA, BSSID = x:x:x:x:x:x
-- * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x
-- * | x:x:x:x:x:x -- 22 bytes
-- *
-- * Deauthenticate pattern
-- * ----------------------
-- * Frame control = 00 00 1100
-- * DA, SA, BSSID = x:x:x:x:x:x
-- * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x
-- * | x:x:x:x:x:x -- 22 bytes
-- */
--
-- /* Create Disassociate Pattern first */
--
-- byte_cnt = 0;
--
-- /* Fill out the mask with all FF's */
--
-- for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++)
-- dis_deauth_mask[i] = 0xff;
--
-- /* copy the first byte of frame control field */
-- dis_deauth_pattern[byte_cnt] = 0xa0;
-- byte_cnt++;
--
-- /* skip 2nd byte of frame control and Duration field */
-- byte_cnt += 3;
--
-- /*
-- * need not match the destination mac address, it can be a broadcast
-- * mac address or an unicast to this station
-- */
-- byte_cnt += 6;
--
-- /* copy the source mac address */
-- memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
--
-- byte_cnt += 6;
--
-- /* copy the bssid, its same as the source mac address */
--
-- memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
--
-- /* Create Disassociate pattern mask */
--
-- dis_deauth_mask[0] = 0xfe;
-- dis_deauth_mask[1] = 0x03;
-- dis_deauth_mask[2] = 0xc0;
--
-- ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n");
--
-- ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
-- pattern_count, byte_cnt);
--
-- pattern_count++;
-- /*
-- * for de-authenticate pattern, only the first byte of the frame
-- * control field gets changed from 0xA0 to 0xC0
-- */
-- dis_deauth_pattern[0] = 0xC0;
--
-- ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
-- pattern_count, byte_cnt);
--
--}
--
--static void ath9k_wow_add_pattern(struct ath_softc *sc,
-- struct cfg80211_wowlan *wowlan)
--{
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath9k_wow_pattern *wow_pattern = NULL;
-- struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
-- int mask_len;
-- s8 i = 0;
--
-- if (!wowlan->n_patterns)
-- return;
--
-- /*
-- * Add the new user configured patterns
-- */
-- for (i = 0; i < wowlan->n_patterns; i++) {
--
-- wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL);
--
-- if (!wow_pattern)
-- return;
--
-- /*
-- * TODO: convert the generic user space pattern to
-- * appropriate chip specific/802.11 pattern.
-- */
--
-- mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8);
-- memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE);
-- memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE);
-- memcpy(wow_pattern->pattern_bytes, patterns[i].pattern,
-- patterns[i].pattern_len);
-- memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len);
-- wow_pattern->pattern_len = patterns[i].pattern_len;
--
-- /*
-- * just need to take care of deauth and disssoc pattern,
-- * make sure we don't overwrite them.
-- */
--
-- ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes,
-- wow_pattern->mask_bytes,
-- i + 2,
-- wow_pattern->pattern_len);
-- kfree(wow_pattern);
--
-- }
--
--}
--
--static int ath9k_suspend(struct ieee80211_hw *hw,
-- struct cfg80211_wowlan *wowlan)
--{
-- struct ath_softc *sc = hw->priv;
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
-- u32 wow_triggers_enabled = 0;
-- int ret = 0;
--
-- mutex_lock(&sc->mutex);
--
-- ath_cancel_work(sc);
-- ath_stop_ani(sc);
-- del_timer_sync(&sc->rx_poll_timer);
--
-- if (test_bit(SC_OP_INVALID, &sc->sc_flags)) {
-- ath_dbg(common, ANY, "Device not present\n");
-- ret = -EINVAL;
-- goto fail_wow;
-- }
--
-- if (WARN_ON(!wowlan)) {
-- ath_dbg(common, WOW, "None of the WoW triggers enabled\n");
-- ret = -EINVAL;
-- goto fail_wow;
-- }
--
-- if (!device_can_wakeup(sc->dev)) {
-- ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n");
-- ret = 1;
-- goto fail_wow;
-- }
--
-- /*
-- * none of the sta vifs are associated
-- * and we are not currently handling multivif
-- * cases, for instance we have to seperately
-- * configure 'keep alive frame' for each
-- * STA.
-- */
--
-- if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) {
-- ath_dbg(common, WOW, "None of the STA vifs are associated\n");
-- ret = 1;
-- goto fail_wow;
-- }
--
-- if (sc->nvifs > 1) {
-- ath_dbg(common, WOW, "WoW for multivif is not yet supported\n");
-- ret = 1;
-- goto fail_wow;
-- }
--
-- ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled);
--
-- ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n",
-- wow_triggers_enabled);
--
-- ath9k_ps_wakeup(sc);
--
-- ath9k_stop_btcoex(sc);
--
-- /*
-- * Enable wake up on recieving disassoc/deauth
-- * frame by default.
-- */
-- ath9k_wow_add_disassoc_deauth_pattern(sc);
--
-- if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN)
-- ath9k_wow_add_pattern(sc, wowlan);
--
-- spin_lock_bh(&sc->sc_pcu_lock);
-- /*
-- * To avoid false wake, we enable beacon miss interrupt only
-- * when we go to sleep. We save the current interrupt mask
-- * so we can restore it after the system wakes up
-- */
-- sc->wow_intr_before_sleep = ah->imask;
-- ah->imask &= ~ATH9K_INT_GLOBAL;
-- ath9k_hw_disable_interrupts(ah);
-- ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL;
-- ath9k_hw_set_interrupts(ah);
-- ath9k_hw_enable_interrupts(ah);
--
-- spin_unlock_bh(&sc->sc_pcu_lock);
--
-- /*
-- * we can now sync irq and kill any running tasklets, since we already
-- * disabled interrupts and not holding a spin lock
-- */
-- synchronize_irq(sc->irq);
-- tasklet_kill(&sc->intr_tq);
--
-- ath9k_hw_wow_enable(ah, wow_triggers_enabled);
--
-- ath9k_ps_restore(sc);
-- ath_dbg(common, ANY, "WoW enabled in ath9k\n");
-- atomic_inc(&sc->wow_sleep_proc_intr);
--
--fail_wow:
-- mutex_unlock(&sc->mutex);
-- return ret;
--}
--
--static int ath9k_resume(struct ieee80211_hw *hw)
--{
-- struct ath_softc *sc = hw->priv;
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
-- u32 wow_status;
--
-- mutex_lock(&sc->mutex);
--
-- ath9k_ps_wakeup(sc);
--
-- spin_lock_bh(&sc->sc_pcu_lock);
--
-- ath9k_hw_disable_interrupts(ah);
-- ah->imask = sc->wow_intr_before_sleep;
-- ath9k_hw_set_interrupts(ah);
-- ath9k_hw_enable_interrupts(ah);
--
-- spin_unlock_bh(&sc->sc_pcu_lock);
--
-- wow_status = ath9k_hw_wow_wakeup(ah);
--
-- if (atomic_read(&sc->wow_got_bmiss_intr) == 0) {
-- /*
-- * some devices may not pick beacon miss
-- * as the reason they woke up so we add
-- * that here for that shortcoming.
-- */
-- wow_status |= AH_WOW_BEACON_MISS;
-- atomic_dec(&sc->wow_got_bmiss_intr);
-- ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n");
-- }
--
-- atomic_dec(&sc->wow_sleep_proc_intr);
--
-- if (wow_status) {
-- ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n",
-- ath9k_hw_wow_event_to_string(wow_status), wow_status);
-- }
--
-- ath_restart_work(sc);
-- ath9k_start_btcoex(sc);
--
-- ath9k_ps_restore(sc);
-- mutex_unlock(&sc->mutex);
--
-- return 0;
--}
--
--static void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
--{
-- struct ath_softc *sc = hw->priv;
--
-- mutex_lock(&sc->mutex);
-- device_init_wakeup(sc->dev, 1);
-- device_set_wakeup_enable(sc->dev, enabled);
-- mutex_unlock(&sc->mutex);
--}
--
--#endif
- static void ath9k_sw_scan_start(struct ieee80211_hw *hw)
- {
- struct ath_softc *sc = hw->priv;
-@@ -2373,134 +2070,6 @@ static void ath9k_channel_switch_beacon(
- sc->csa_vif = vif;
- }
-
--static void ath9k_tx99_stop(struct ath_softc *sc)
--{
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
--
-- ath_drain_all_txq(sc);
-- ath_startrecv(sc);
--
-- ath9k_hw_set_interrupts(ah);
-- ath9k_hw_enable_interrupts(ah);
--
-- ieee80211_wake_queues(sc->hw);
--
-- kfree_skb(sc->tx99_skb);
-- sc->tx99_skb = NULL;
-- sc->tx99_state = false;
--
-- ath9k_hw_tx99_stop(sc->sc_ah);
-- ath_dbg(common, XMIT, "TX99 stopped\n");
--}
--
--static struct sk_buff *ath9k_build_tx99_skb(struct ath_softc *sc)
--{
-- static u8 PN9Data[] = {0xff, 0x87, 0xb8, 0x59, 0xb7, 0xa1, 0xcc, 0x24,
-- 0x57, 0x5e, 0x4b, 0x9c, 0x0e, 0xe9, 0xea, 0x50,
-- 0x2a, 0xbe, 0xb4, 0x1b, 0xb6, 0xb0, 0x5d, 0xf1,
-- 0xe6, 0x9a, 0xe3, 0x45, 0xfd, 0x2c, 0x53, 0x18,
-- 0x0c, 0xca, 0xc9, 0xfb, 0x49, 0x37, 0xe5, 0xa8,
-- 0x51, 0x3b, 0x2f, 0x61, 0xaa, 0x72, 0x18, 0x84,
-- 0x02, 0x23, 0x23, 0xab, 0x63, 0x89, 0x51, 0xb3,
-- 0xe7, 0x8b, 0x72, 0x90, 0x4c, 0xe8, 0xfb, 0xc0};
-- u32 len = 1200;
-- struct ieee80211_hw *hw = sc->hw;
-- struct ieee80211_hdr *hdr;
-- struct ieee80211_tx_info *tx_info;
-- struct sk_buff *skb;
--
-- skb = alloc_skb(len, GFP_KERNEL);
-- if (!skb)
-- return NULL;
--
-- skb_put(skb, len);
--
-- memset(skb->data, 0, len);
--
-- hdr = (struct ieee80211_hdr *)skb->data;
-- hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA);
-- hdr->duration_id = 0;
--
-- memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
-- memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
-- memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
--
-- hdr->seq_ctrl |= cpu_to_le16(sc->tx.seq_no);
--
-- tx_info = IEEE80211_SKB_CB(skb);
-- memset(tx_info, 0, sizeof(*tx_info));
-- tx_info->band = hw->conf.chandef.chan->band;
-- tx_info->flags = IEEE80211_TX_CTL_NO_ACK;
-- tx_info->control.vif = sc->tx99_vif;
--
-- memcpy(skb->data + sizeof(*hdr), PN9Data, sizeof(PN9Data));
--
-- return skb;
--}
--
--void ath9k_tx99_deinit(struct ath_softc *sc)
--{
-- ath_reset(sc);
--
-- ath9k_ps_wakeup(sc);
-- ath9k_tx99_stop(sc);
-- ath9k_ps_restore(sc);
--}
--
--int ath9k_tx99_init(struct ath_softc *sc)
--{
-- struct ieee80211_hw *hw = sc->hw;
-- struct ath_hw *ah = sc->sc_ah;
-- struct ath_common *common = ath9k_hw_common(ah);
-- struct ath_tx_control txctl;
-- int r;
--
-- if (sc->sc_flags & SC_OP_INVALID) {
-- ath_err(common,
-- "driver is in invalid state unable to use TX99");
-- return -EINVAL;
-- }
--
-- sc->tx99_skb = ath9k_build_tx99_skb(sc);
-- if (!sc->tx99_skb)
-- return -ENOMEM;
--
-- memset(&txctl, 0, sizeof(txctl));
-- txctl.txq = sc->tx.txq_map[IEEE80211_AC_VO];
--
-- ath_reset(sc);
--
-- ath9k_ps_wakeup(sc);
--
-- ath9k_hw_disable_interrupts(ah);
-- atomic_set(&ah->intr_ref_cnt, -1);
-- ath_drain_all_txq(sc);
-- ath_stoprecv(sc);
--
-- sc->tx99_state = true;
--
-- ieee80211_stop_queues(hw);
--
-- if (sc->tx99_power == MAX_RATE_POWER + 1)
-- sc->tx99_power = MAX_RATE_POWER;
--
-- ath9k_hw_tx99_set_txpower(ah, sc->tx99_power);
-- r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl);
-- if (r) {
-- ath_dbg(common, XMIT, "Failed to xmit TX99 skb\n");
-- return r;
-- }
--
-- ath_dbg(common, XMIT, "TX99 xmit started using %d ( %ddBm)\n",
-- sc->tx99_power,
-- sc->tx99_power / 2);
--
-- /* We leave the harware awake as it will be chugging on */
--
-- return 0;
--}
--
- struct ieee80211_ops ath9k_ops = {
- .tx = ath9k_tx,
- .start = ath9k_start,
-@@ -2531,7 +2100,7 @@ struct ieee80211_ops ath9k_ops = {
- .set_antenna = ath9k_set_antenna,
- .get_antenna = ath9k_get_antenna,
-
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ATH9K_WOW
- .suspend = ath9k_suspend,
- .resume = ath9k_resume,
- .set_wakeup = ath9k_set_wakeup,
---- a/drivers/net/wireless/ath/ath9k/wow.c
-+++ b/drivers/net/wireless/ath/ath9k/wow.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2012 Qualcomm Atheros, Inc.
-+ * Copyright (c) 2013 Qualcomm Atheros, Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -14,409 +14,348 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
--#include <linux/export.h>
- #include "ath9k.h"
--#include "reg.h"
--#include "hw-ops.h"
-
--const char *ath9k_hw_wow_event_to_string(u32 wow_event)
-+static const struct wiphy_wowlan_support ath9k_wowlan_support = {
-+ .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
-+ .n_patterns = MAX_NUM_USER_PATTERN,
-+ .pattern_min_len = 1,
-+ .pattern_max_len = MAX_PATTERN_SIZE,
-+};
-+
-+static void ath9k_wow_map_triggers(struct ath_softc *sc,
-+ struct cfg80211_wowlan *wowlan,
-+ u32 *wow_triggers)
- {
-- if (wow_event & AH_WOW_MAGIC_PATTERN_EN)
-- return "Magic pattern";
-- if (wow_event & AH_WOW_USER_PATTERN_EN)
-- return "User pattern";
-- if (wow_event & AH_WOW_LINK_CHANGE)
-- return "Link change";
-- if (wow_event & AH_WOW_BEACON_MISS)
-- return "Beacon miss";
-+ if (wowlan->disconnect)
-+ *wow_triggers |= AH_WOW_LINK_CHANGE |
-+ AH_WOW_BEACON_MISS;
-+ if (wowlan->magic_pkt)
-+ *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN;
-+
-+ if (wowlan->n_patterns)
-+ *wow_triggers |= AH_WOW_USER_PATTERN_EN;
-+
-+ sc->wow_enabled = *wow_triggers;
-
-- return "unknown reason";
- }
--EXPORT_SYMBOL(ath9k_hw_wow_event_to_string);
-
--static void ath9k_hw_set_powermode_wow_sleep(struct ath_hw *ah)
-+static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc)
- {
-+ struct ath_hw *ah = sc->sc_ah;
- struct ath_common *common = ath9k_hw_common(ah);
-+ int pattern_count = 0;
-+ int i, byte_cnt;
-+ u8 dis_deauth_pattern[MAX_PATTERN_SIZE];
-+ u8 dis_deauth_mask[MAX_PATTERN_SIZE];
-
-- REG_SET_BIT(ah, AR_STA_ID1, AR_STA_ID1_PWR_SAV);
-+ memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE);
-+ memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE);
-
-- /* set rx disable bit */
-- REG_WRITE(ah, AR_CR, AR_CR_RXD);
-+ /*
-+ * Create Dissassociate / Deauthenticate packet filter
-+ *
-+ * 2 bytes 2 byte 6 bytes 6 bytes 6 bytes
-+ * +--------------+----------+---------+--------+--------+----
-+ * + Frame Control+ Duration + DA + SA + BSSID +
-+ * +--------------+----------+---------+--------+--------+----
-+ *
-+ * The above is the management frame format for disassociate/
-+ * deauthenticate pattern, from this we need to match the first byte
-+ * of 'Frame Control' and DA, SA, and BSSID fields
-+ * (skipping 2nd byte of FC and Duration feild.
-+ *
-+ * Disassociate pattern
-+ * --------------------
-+ * Frame control = 00 00 1010
-+ * DA, SA, BSSID = x:x:x:x:x:x
-+ * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x
-+ * | x:x:x:x:x:x -- 22 bytes
-+ *
-+ * Deauthenticate pattern
-+ * ----------------------
-+ * Frame control = 00 00 1100
-+ * DA, SA, BSSID = x:x:x:x:x:x
-+ * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x
-+ * | x:x:x:x:x:x -- 22 bytes
-+ */
-
-- if (!ath9k_hw_wait(ah, AR_CR, AR_CR_RXE, 0, AH_WAIT_TIMEOUT)) {
-- ath_err(common, "Failed to stop Rx DMA in 10ms AR_CR=0x%08x AR_DIAG_SW=0x%08x\n",
-- REG_READ(ah, AR_CR), REG_READ(ah, AR_DIAG_SW));
-- return;
-- }
-+ /* Create Disassociate Pattern first */
-
-- REG_WRITE(ah, AR_RTC_FORCE_WAKE, AR_RTC_FORCE_WAKE_ON_INT);
--}
-+ byte_cnt = 0;
-
--static void ath9k_wow_create_keep_alive_pattern(struct ath_hw *ah)
--{
-- struct ath_common *common = ath9k_hw_common(ah);
-- u8 sta_mac_addr[ETH_ALEN], ap_mac_addr[ETH_ALEN];
-- u32 ctl[13] = {0};
-- u32 data_word[KAL_NUM_DATA_WORDS];
-- u8 i;
-- u32 wow_ka_data_word0;
--
-- memcpy(sta_mac_addr, common->macaddr, ETH_ALEN);
-- memcpy(ap_mac_addr, common->curbssid, ETH_ALEN);
--
-- /* set the transmit buffer */
-- ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16));
-- ctl[1] = 0;
-- ctl[3] = 0xb; /* OFDM_6M hardware value for this rate */
-- ctl[4] = 0;
-- ctl[7] = (ah->txchainmask) << 2;
-- ctl[2] = 0xf << 16; /* tx_tries 0 */
--
-- for (i = 0; i < KAL_NUM_DESC_WORDS; i++)
-- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
--
-- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
--
-- data_word[0] = (KAL_FRAME_TYPE << 2) | (KAL_FRAME_SUB_TYPE << 4) |
-- (KAL_TO_DS << 8) | (KAL_DURATION_ID << 16);
-- data_word[1] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
-- (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
-- data_word[2] = (sta_mac_addr[1] << 24) | (sta_mac_addr[0] << 16) |
-- (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
-- data_word[3] = (sta_mac_addr[5] << 24) | (sta_mac_addr[4] << 16) |
-- (sta_mac_addr[3] << 8) | (sta_mac_addr[2]);
-- data_word[4] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
-- (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
-- data_word[5] = (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
--
-- if (AR_SREV_9462_20(ah)) {
-- /* AR9462 2.0 has an extra descriptor word (time based
-- * discard) compared to other chips */
-- REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + (12 * 4)), 0);
-- wow_ka_data_word0 = AR_WOW_TXBUF(13);
-- } else {
-- wow_ka_data_word0 = AR_WOW_TXBUF(12);
-- }
-+ /* Fill out the mask with all FF's */
-
-- for (i = 0; i < KAL_NUM_DATA_WORDS; i++)
-- REG_WRITE(ah, (wow_ka_data_word0 + i*4), data_word[i]);
-+ for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++)
-+ dis_deauth_mask[i] = 0xff;
-
--}
-+ /* copy the first byte of frame control field */
-+ dis_deauth_pattern[byte_cnt] = 0xa0;
-+ byte_cnt++;
-
--void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern,
-- u8 *user_mask, int pattern_count,
-- int pattern_len)
--{
-- int i;
-- u32 pattern_val, mask_val;
-- u32 set, clr;
-+ /* skip 2nd byte of frame control and Duration field */
-+ byte_cnt += 3;
-
-- /* FIXME: should check count by querying the hardware capability */
-- if (pattern_count >= MAX_NUM_PATTERN)
-- return;
-+ /*
-+ * need not match the destination mac address, it can be a broadcast
-+ * mac address or an unicast to this station
-+ */
-+ byte_cnt += 6;
-
-- REG_SET_BIT(ah, AR_WOW_PATTERN, BIT(pattern_count));
-+ /* copy the source mac address */
-+ memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
-
-- /* set the registers for pattern */
-- for (i = 0; i < MAX_PATTERN_SIZE; i += 4) {
-- memcpy(&pattern_val, user_pattern, 4);
-- REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i),
-- pattern_val);
-- user_pattern += 4;
-- }
-+ byte_cnt += 6;
-
-- /* set the registers for mask */
-- for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) {
-- memcpy(&mask_val, user_mask, 4);
-- REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val);
-- user_mask += 4;
-- }
-+ /* copy the bssid, its same as the source mac address */
-
-- /* set the pattern length to be matched
-- *
-- * AR_WOW_LENGTH1_REG1
-- * bit 31:24 pattern 0 length
-- * bit 23:16 pattern 1 length
-- * bit 15:8 pattern 2 length
-- * bit 7:0 pattern 3 length
-- *
-- * AR_WOW_LENGTH1_REG2
-- * bit 31:24 pattern 4 length
-- * bit 23:16 pattern 5 length
-- * bit 15:8 pattern 6 length
-- * bit 7:0 pattern 7 length
-- *
-- * the below logic writes out the new
-- * pattern length for the corresponding
-- * pattern_count, while masking out the
-- * other fields
-- */
-+ memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
-
-- ah->wow_event_mask |= BIT(pattern_count + AR_WOW_PAT_FOUND_SHIFT);
-+ /* Create Disassociate pattern mask */
-
-- if (pattern_count < 4) {
-- /* Pattern 0-3 uses AR_WOW_LENGTH1 register */
-- set = (pattern_len & AR_WOW_LENGTH_MAX) <<
-- AR_WOW_LEN1_SHIFT(pattern_count);
-- clr = AR_WOW_LENGTH1_MASK(pattern_count);
-- REG_RMW(ah, AR_WOW_LENGTH1, set, clr);
-- } else {
-- /* Pattern 4-7 uses AR_WOW_LENGTH2 register */
-- set = (pattern_len & AR_WOW_LENGTH_MAX) <<
-- AR_WOW_LEN2_SHIFT(pattern_count);
-- clr = AR_WOW_LENGTH2_MASK(pattern_count);
-- REG_RMW(ah, AR_WOW_LENGTH2, set, clr);
-- }
-+ dis_deauth_mask[0] = 0xfe;
-+ dis_deauth_mask[1] = 0x03;
-+ dis_deauth_mask[2] = 0xc0;
-
--}
--EXPORT_SYMBOL(ath9k_hw_wow_apply_pattern);
-+ ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n");
-
--u32 ath9k_hw_wow_wakeup(struct ath_hw *ah)
--{
-- u32 wow_status = 0;
-- u32 val = 0, rval;
-+ ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
-+ pattern_count, byte_cnt);
-
-+ pattern_count++;
- /*
-- * read the WoW status register to know
-- * the wakeup reason
-+ * for de-authenticate pattern, only the first byte of the frame
-+ * control field gets changed from 0xA0 to 0xC0
- */
-- rval = REG_READ(ah, AR_WOW_PATTERN);
-- val = AR_WOW_STATUS(rval);
-+ dis_deauth_pattern[0] = 0xC0;
-
-- /*
-- * mask only the WoW events that we have enabled. Sometimes
-- * we have spurious WoW events from the AR_WOW_PATTERN
-- * register. This mask will clean it up.
-- */
-+ ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
-+ pattern_count, byte_cnt);
-
-- val &= ah->wow_event_mask;
-+}
-
-- if (val) {
-- if (val & AR_WOW_MAGIC_PAT_FOUND)
-- wow_status |= AH_WOW_MAGIC_PATTERN_EN;
-- if (AR_WOW_PATTERN_FOUND(val))
-- wow_status |= AH_WOW_USER_PATTERN_EN;
-- if (val & AR_WOW_KEEP_ALIVE_FAIL)
-- wow_status |= AH_WOW_LINK_CHANGE;
-- if (val & AR_WOW_BEACON_FAIL)
-- wow_status |= AH_WOW_BEACON_MISS;
-- }
-+static void ath9k_wow_add_pattern(struct ath_softc *sc,
-+ struct cfg80211_wowlan *wowlan)
-+{
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath9k_wow_pattern *wow_pattern = NULL;
-+ struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
-+ int mask_len;
-+ s8 i = 0;
-+
-+ if (!wowlan->n_patterns)
-+ return;
-
- /*
-- * set and clear WOW_PME_CLEAR registers for the chip to
-- * generate next wow signal.
-- * disable D3 before accessing other registers ?
-+ * Add the new user configured patterns
- */
-+ for (i = 0; i < wowlan->n_patterns; i++) {
-
-- /* do we need to check the bit value 0x01000000 (7-10) ?? */
-- REG_RMW(ah, AR_PCIE_PM_CTRL, AR_PMCTRL_WOW_PME_CLR,
-- AR_PMCTRL_PWR_STATE_D1D3);
-+ wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL);
-
-- /*
-- * clear all events
-- */
-- REG_WRITE(ah, AR_WOW_PATTERN,
-- AR_WOW_CLEAR_EVENTS(REG_READ(ah, AR_WOW_PATTERN)));
-+ if (!wow_pattern)
-+ return;
-
-- /*
-- * restore the beacon threshold to init value
-- */
-- REG_WRITE(ah, AR_RSSI_THR, INIT_RSSI_THR);
-+ /*
-+ * TODO: convert the generic user space pattern to
-+ * appropriate chip specific/802.11 pattern.
-+ */
-
-- /*
-- * Restore the way the PCI-E reset, Power-On-Reset, external
-- * PCIE_POR_SHORT pins are tied to its original value.
-- * Previously just before WoW sleep, we untie the PCI-E
-- * reset to our Chip's Power On Reset so that any PCI-E
-- * reset from the bus will not reset our chip
-- */
-- if (ah->is_pciexpress)
-- ath9k_hw_configpcipowersave(ah, false);
-+ mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8);
-+ memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE);
-+ memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE);
-+ memcpy(wow_pattern->pattern_bytes, patterns[i].pattern,
-+ patterns[i].pattern_len);
-+ memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len);
-+ wow_pattern->pattern_len = patterns[i].pattern_len;
-+
-+ /*
-+ * just need to take care of deauth and disssoc pattern,
-+ * make sure we don't overwrite them.
-+ */
-+
-+ ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes,
-+ wow_pattern->mask_bytes,
-+ i + 2,
-+ wow_pattern->pattern_len);
-+ kfree(wow_pattern);
-
-- ah->wow_event_mask = 0;
-+ }
-
-- return wow_status;
- }
--EXPORT_SYMBOL(ath9k_hw_wow_wakeup);
-
--void ath9k_hw_wow_enable(struct ath_hw *ah, u32 pattern_enable)
-+int ath9k_suspend(struct ieee80211_hw *hw,
-+ struct cfg80211_wowlan *wowlan)
- {
-- u32 wow_event_mask;
-- u32 set, clr;
-+ struct ath_softc *sc = hw->priv;
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+ u32 wow_triggers_enabled = 0;
-+ int ret = 0;
-
-- /*
-- * wow_event_mask is a mask to the AR_WOW_PATTERN register to
-- * indicate which WoW events we have enabled. The WoW events
-- * are from the 'pattern_enable' in this function and
-- * 'pattern_count' of ath9k_hw_wow_apply_pattern()
-- */
-- wow_event_mask = ah->wow_event_mask;
-+ mutex_lock(&sc->mutex);
-
-- /*
-- * Untie Power-on-Reset from the PCI-E-Reset. When we are in
-- * WOW sleep, we do want the Reset from the PCI-E to disturb
-- * our hw state
-- */
-- if (ah->is_pciexpress) {
-- /*
-- * we need to untie the internal POR (power-on-reset)
-- * to the external PCI-E reset. We also need to tie
-- * the PCI-E Phy reset to the PCI-E reset.
-- */
-- set = AR_WA_RESET_EN | AR_WA_POR_SHORT;
-- clr = AR_WA_UNTIE_RESET_EN | AR_WA_D3_L1_DISABLE;
-- REG_RMW(ah, AR_WA, set, clr);
-+ ath_cancel_work(sc);
-+ ath_stop_ani(sc);
-+ del_timer_sync(&sc->rx_poll_timer);
-+
-+ if (test_bit(SC_OP_INVALID, &sc->sc_flags)) {
-+ ath_dbg(common, ANY, "Device not present\n");
-+ ret = -EINVAL;
-+ goto fail_wow;
- }
-
-- /*
-- * set the power states appropriately and enable PME
-- */
-- set = AR_PMCTRL_HOST_PME_EN | AR_PMCTRL_PWR_PM_CTRL_ENA |
-- AR_PMCTRL_AUX_PWR_DET | AR_PMCTRL_WOW_PME_CLR;
-+ if (WARN_ON(!wowlan)) {
-+ ath_dbg(common, WOW, "None of the WoW triggers enabled\n");
-+ ret = -EINVAL;
-+ goto fail_wow;
-+ }
-
-- /*
-- * set and clear WOW_PME_CLEAR registers for the chip
-- * to generate next wow signal.
-- */
-- REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
-- clr = AR_PMCTRL_WOW_PME_CLR;
-- REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
-+ if (!device_can_wakeup(sc->dev)) {
-+ ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n");
-+ ret = 1;
-+ goto fail_wow;
-+ }
-
- /*
-- * Setup for:
-- * - beacon misses
-- * - magic pattern
-- * - keep alive timeout
-- * - pattern matching
-+ * none of the sta vifs are associated
-+ * and we are not currently handling multivif
-+ * cases, for instance we have to seperately
-+ * configure 'keep alive frame' for each
-+ * STA.
- */
-
-- /*
-- * Program default values for pattern backoff, aifs/slot/KAL count,
-- * beacon miss timeout, KAL timeout, etc.
-- */
-- set = AR_WOW_BACK_OFF_SHIFT(AR_WOW_PAT_BACKOFF);
-- REG_SET_BIT(ah, AR_WOW_PATTERN, set);
-+ if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) {
-+ ath_dbg(common, WOW, "None of the STA vifs are associated\n");
-+ ret = 1;
-+ goto fail_wow;
-+ }
-+
-+ if (sc->nvifs > 1) {
-+ ath_dbg(common, WOW, "WoW for multivif is not yet supported\n");
-+ ret = 1;
-+ goto fail_wow;
-+ }
-
-- set = AR_WOW_AIFS_CNT(AR_WOW_CNT_AIFS_CNT) |
-- AR_WOW_SLOT_CNT(AR_WOW_CNT_SLOT_CNT) |
-- AR_WOW_KEEP_ALIVE_CNT(AR_WOW_CNT_KA_CNT);
-- REG_SET_BIT(ah, AR_WOW_COUNT, set);
--
-- if (pattern_enable & AH_WOW_BEACON_MISS)
-- set = AR_WOW_BEACON_TIMO;
-- /* We are not using beacon miss, program a large value */
-- else
-- set = AR_WOW_BEACON_TIMO_MAX;
-+ ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled);
-
-- REG_WRITE(ah, AR_WOW_BCN_TIMO, set);
-+ ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n",
-+ wow_triggers_enabled);
-
-- /*
-- * Keep alive timo in ms except AR9280
-- */
-- if (!pattern_enable)
-- set = AR_WOW_KEEP_ALIVE_NEVER;
-- else
-- set = KAL_TIMEOUT * 32;
-+ ath9k_ps_wakeup(sc);
-
-- REG_WRITE(ah, AR_WOW_KEEP_ALIVE_TIMO, set);
-+ ath9k_stop_btcoex(sc);
-
- /*
-- * Keep alive delay in us. based on 'power on clock',
-- * therefore in usec
-+ * Enable wake up on recieving disassoc/deauth
-+ * frame by default.
- */
-- set = KAL_DELAY * 1000;
-- REG_WRITE(ah, AR_WOW_KEEP_ALIVE_DELAY, set);
-+ ath9k_wow_add_disassoc_deauth_pattern(sc);
-
-- /*
-- * Create keep alive pattern to respond to beacons
-- */
-- ath9k_wow_create_keep_alive_pattern(ah);
-+ if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN)
-+ ath9k_wow_add_pattern(sc, wowlan);
-
-+ spin_lock_bh(&sc->sc_pcu_lock);
- /*
-- * Configure MAC WoW Registers
-+ * To avoid false wake, we enable beacon miss interrupt only
-+ * when we go to sleep. We save the current interrupt mask
-+ * so we can restore it after the system wakes up
- */
-- set = 0;
-- /* Send keep alive timeouts anyway */
-- clr = AR_WOW_KEEP_ALIVE_AUTO_DIS;
--
-- if (pattern_enable & AH_WOW_LINK_CHANGE)
-- wow_event_mask |= AR_WOW_KEEP_ALIVE_FAIL;
-- else
-- set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
-+ sc->wow_intr_before_sleep = ah->imask;
-+ ah->imask &= ~ATH9K_INT_GLOBAL;
-+ ath9k_hw_disable_interrupts(ah);
-+ ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL;
-+ ath9k_hw_set_interrupts(ah);
-+ ath9k_hw_enable_interrupts(ah);
-
-- set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
-- REG_RMW(ah, AR_WOW_KEEP_ALIVE, set, clr);
-+ spin_unlock_bh(&sc->sc_pcu_lock);
-
- /*
-- * we are relying on a bmiss failure. ensure we have
-- * enough threshold to prevent false positives
-+ * we can now sync irq and kill any running tasklets, since we already
-+ * disabled interrupts and not holding a spin lock
- */
-- REG_RMW_FIELD(ah, AR_RSSI_THR, AR_RSSI_THR_BM_THR,
-- AR_WOW_BMISSTHRESHOLD);
-+ synchronize_irq(sc->irq);
-+ tasklet_kill(&sc->intr_tq);
-+
-+ ath9k_hw_wow_enable(ah, wow_triggers_enabled);
-
-- set = 0;
-- clr = 0;
-+ ath9k_ps_restore(sc);
-+ ath_dbg(common, ANY, "WoW enabled in ath9k\n");
-+ atomic_inc(&sc->wow_sleep_proc_intr);
-
-- if (pattern_enable & AH_WOW_BEACON_MISS) {
-- set = AR_WOW_BEACON_FAIL_EN;
-- wow_event_mask |= AR_WOW_BEACON_FAIL;
-- } else {
-- clr = AR_WOW_BEACON_FAIL_EN;
-+fail_wow:
-+ mutex_unlock(&sc->mutex);
-+ return ret;
-+}
-+
-+int ath9k_resume(struct ieee80211_hw *hw)
-+{
-+ struct ath_softc *sc = hw->priv;
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+ u32 wow_status;
-+
-+ mutex_lock(&sc->mutex);
-+
-+ ath9k_ps_wakeup(sc);
-+
-+ spin_lock_bh(&sc->sc_pcu_lock);
-+
-+ ath9k_hw_disable_interrupts(ah);
-+ ah->imask = sc->wow_intr_before_sleep;
-+ ath9k_hw_set_interrupts(ah);
-+ ath9k_hw_enable_interrupts(ah);
-+
-+ spin_unlock_bh(&sc->sc_pcu_lock);
-+
-+ wow_status = ath9k_hw_wow_wakeup(ah);
-+
-+ if (atomic_read(&sc->wow_got_bmiss_intr) == 0) {
-+ /*
-+ * some devices may not pick beacon miss
-+ * as the reason they woke up so we add
-+ * that here for that shortcoming.
-+ */
-+ wow_status |= AH_WOW_BEACON_MISS;
-+ atomic_dec(&sc->wow_got_bmiss_intr);
-+ ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n");
- }
-
-- REG_RMW(ah, AR_WOW_BCN_EN, set, clr);
-+ atomic_dec(&sc->wow_sleep_proc_intr);
-
-- set = 0;
-- clr = 0;
-- /*
-- * Enable the magic packet registers
-- */
-- if (pattern_enable & AH_WOW_MAGIC_PATTERN_EN) {
-- set = AR_WOW_MAGIC_EN;
-- wow_event_mask |= AR_WOW_MAGIC_PAT_FOUND;
-- } else {
-- clr = AR_WOW_MAGIC_EN;
-+ if (wow_status) {
-+ ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n",
-+ ath9k_hw_wow_event_to_string(wow_status), wow_status);
- }
-- set |= AR_WOW_MAC_INTR_EN;
-- REG_RMW(ah, AR_WOW_PATTERN, set, clr);
-
-- REG_WRITE(ah, AR_WOW_PATTERN_MATCH_LT_256B,
-- AR_WOW_PATTERN_SUPPORTED);
-+ ath_restart_work(sc);
-+ ath9k_start_btcoex(sc);
-
-- /*
-- * Set the power states appropriately and enable PME
-- */
-- clr = 0;
-- set = AR_PMCTRL_PWR_STATE_D1D3 | AR_PMCTRL_HOST_PME_EN |
-- AR_PMCTRL_PWR_PM_CTRL_ENA;
-+ ath9k_ps_restore(sc);
-+ mutex_unlock(&sc->mutex);
-
-- clr = AR_PCIE_PM_CTRL_ENA;
-- REG_RMW(ah, AR_PCIE_PM_CTRL, set, clr);
-+ return 0;
-+}
-
-- /*
-- * this is needed to prevent the chip waking up
-- * the host within 3-4 seconds with certain
-- * platform/BIOS. The fix is to enable
-- * D1 & D3 to match original definition and
-- * also match the OTP value. Anyway this
-- * is more related to SW WOW.
-- */
-- clr = AR_PMCTRL_PWR_STATE_D1D3;
-- REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
-+void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
-+{
-+ struct ath_softc *sc = hw->priv;
-
-- set = AR_PMCTRL_PWR_STATE_D1D3_REAL;
-- REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
-+ mutex_lock(&sc->mutex);
-+ device_init_wakeup(sc->dev, 1);
-+ device_set_wakeup_enable(sc->dev, enabled);
-+ mutex_unlock(&sc->mutex);
-+}
-
-- REG_CLR_BIT(ah, AR_STA_ID1, AR_STA_ID1_PRESERVE_SEQNUM);
-+void ath9k_init_wow(struct ieee80211_hw *hw)
-+{
-+ struct ath_softc *sc = hw->priv;
-
-- /* to bring down WOW power low margin */
-- set = BIT(13);
-- REG_SET_BIT(ah, AR_PCIE_PHY_REG3, set);
-- /* HW WoW */
-- clr = BIT(5);
-- REG_CLR_BIT(ah, AR_PCU_MISC_MODE3, clr);
-+ if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) &&
-+ (sc->driver_data & ATH9K_PCI_WOW) &&
-+ device_can_wakeup(sc->dev))
-+ hw->wiphy->wowlan = &ath9k_wowlan_support;
-
-- ath9k_hw_set_powermode_wow_sleep(ah);
-- ah->wow_event_mask = wow_event_mask;
-+ atomic_set(&sc->wow_sleep_proc_intr, -1);
-+ atomic_set(&sc->wow_got_bmiss_intr, -1);
- }
--EXPORT_SYMBOL(ath9k_hw_wow_enable);
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -1786,6 +1786,9 @@ bool ath_drain_all_txq(struct ath_softc
- if (!ATH_TXQ_SETUP(sc, i))
- continue;
-
-+ if (!sc->tx.txq[i].axq_depth)
-+ continue;
-+
- if (ath9k_hw_numtxpending(ah, sc->tx.txq[i].axq_qnum))
- npend |= BIT(i);
- }
-@@ -2749,6 +2752,8 @@ void ath_tx_node_cleanup(struct ath_soft
- }
- }
-
-+#ifdef CONFIG_ATH9K_TX99
-+
- int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb,
- struct ath_tx_control *txctl)
- {
-@@ -2791,3 +2796,5 @@ int ath9k_tx99_send(struct ath_softc *sc
-
- return 0;
- }
-+
-+#endif /* CONFIG_ATH9K_TX99 */
---- a/drivers/net/wireless/ath/regd.c
-+++ b/drivers/net/wireless/ath/regd.c
-@@ -37,17 +37,17 @@ static int __ath_regd_init(struct ath_re
-
- /* We enable active scan on these a case by case basis by regulatory domain */
- #define ATH9K_2GHZ_CH12_13 REG_RULE(2467-10, 2472+10, 40, 0, 20,\
-- NL80211_RRF_PASSIVE_SCAN)
-+ NL80211_RRF_NO_IR)
- #define ATH9K_2GHZ_CH14 REG_RULE(2484-10, 2484+10, 40, 0, 20,\
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_OFDM)
-+ NL80211_RRF_NO_IR | NL80211_RRF_NO_OFDM)
-
- /* We allow IBSS on these on a case by case basis by regulatory domain */
- #define ATH9K_5GHZ_5150_5350 REG_RULE(5150-10, 5350+10, 80, 0, 30,\
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
- #define ATH9K_5GHZ_5470_5850 REG_RULE(5470-10, 5850+10, 80, 0, 30,\
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
- #define ATH9K_5GHZ_5725_5850 REG_RULE(5725-10, 5850+10, 80, 0, 30,\
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- #define ATH9K_2GHZ_ALL ATH9K_2GHZ_CH01_11, \
- ATH9K_2GHZ_CH12_13, \
-@@ -224,17 +224,16 @@ ath_reg_apply_beaconing_flags(struct wip
- * regulatory_hint().
- */
- if (!(reg_rule->flags &
-- NL80211_RRF_NO_IBSS))
-+ NL80211_RRF_NO_IR))
- ch->flags &=
-- ~IEEE80211_CHAN_NO_IBSS;
-+ ~IEEE80211_CHAN_NO_IR;
- if (!(reg_rule->flags &
-- NL80211_RRF_PASSIVE_SCAN))
-+ NL80211_RRF_NO_IR))
- ch->flags &=
-- ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ ~IEEE80211_CHAN_NO_IR;
- } else {
- if (ch->beacon_found)
-- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN);
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
- }
- }
-@@ -260,11 +259,11 @@ ath_reg_apply_active_scan_flags(struct w
- */
- if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) {
- ch = &sband->channels[11]; /* CH 12 */
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- ch = &sband->channels[12]; /* CH 13 */
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- return;
- }
-
-@@ -278,17 +277,17 @@ ath_reg_apply_active_scan_flags(struct w
- ch = &sband->channels[11]; /* CH 12 */
- reg_rule = freq_reg_info(wiphy, ch->center_freq);
- if (!IS_ERR(reg_rule)) {
-- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (!(reg_rule->flags & NL80211_RRF_NO_IR))
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
-
- ch = &sband->channels[12]; /* CH 13 */
- reg_rule = freq_reg_info(wiphy, ch->center_freq);
- if (!IS_ERR(reg_rule)) {
-- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (!(reg_rule->flags & NL80211_RRF_NO_IR))
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
- }
-
-@@ -320,8 +319,8 @@ static void ath_reg_apply_radar_flags(st
- */
- if (!(ch->flags & IEEE80211_CHAN_DISABLED))
- ch->flags |= IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR;
- }
- }
-
---- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
-+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
-@@ -812,7 +812,7 @@ static s32 brcmf_p2p_run_escan(struct br
- struct ieee80211_channel *chan = request->channels[i];
-
- if (chan->flags & (IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_PASSIVE_SCAN))
-+ IEEE80211_CHAN_NO_IR))
- continue;
-
- chanspecs[i] = channel_to_chanspec(&p2p->cfg->d11inf,
---- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
-+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
-@@ -202,9 +202,9 @@ static struct ieee80211_supported_band _
-
- /* This is to override regulatory domains defined in cfg80211 module (reg.c)
- * By default world regulatory domain defined in reg.c puts the flags
-- * NL80211_RRF_PASSIVE_SCAN and NL80211_RRF_NO_IBSS for 5GHz channels (for
-- * 36..48 and 149..165). With respect to these flags, wpa_supplicant doesn't
-- * start p2p operations on 5GHz channels. All the changes in world regulatory
-+ * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
-+ * With respect to these flags, wpa_supplicant doesn't * start p2p
-+ * operations on 5GHz channels. All the changes in world regulatory
- * domain are to be done here.
- */
- static const struct ieee80211_regdomain brcmf_regdom = {
-@@ -5197,10 +5197,10 @@ static s32 brcmf_construct_reginfo(struc
- if (channel & WL_CHAN_RADAR)
- band_chan_arr[index].flags |=
- (IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_NO_IBSS);
-+ IEEE80211_CHAN_NO_IR);
- if (channel & WL_CHAN_PASSIVE)
- band_chan_arr[index].flags |=
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR;
- }
- }
- if (!update)
---- a/drivers/net/wireless/brcm80211/brcmsmac/channel.c
-+++ b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
-@@ -59,23 +59,20 @@
-
- #define BRCM_2GHZ_2412_2462 REG_RULE(2412-10, 2462+10, 40, 0, 19, 0)
- #define BRCM_2GHZ_2467_2472 REG_RULE(2467-10, 2472+10, 20, 0, 19, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- #define BRCM_5GHZ_5180_5240 REG_RULE(5180-10, 5240+10, 40, 0, 21, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
- #define BRCM_5GHZ_5260_5320 REG_RULE(5260-10, 5320+10, 40, 0, 21, \
-- NL80211_RRF_PASSIVE_SCAN | \
-+ NL80211_RRF_NO_IR | \
- NL80211_RRF_DFS | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
- #define BRCM_5GHZ_5500_5700 REG_RULE(5500-10, 5700+10, 40, 0, 21, \
-- NL80211_RRF_PASSIVE_SCAN | \
-+ NL80211_RRF_NO_IR | \
- NL80211_RRF_DFS | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
- #define BRCM_5GHZ_5745_5825 REG_RULE(5745-10, 5825+10, 40, 0, 21, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- static const struct ieee80211_regdomain brcms_regdom_x2 = {
- .n_reg_rules = 6,
-@@ -395,7 +392,7 @@ brcms_c_channel_set_chanspec(struct brcm
- brcms_c_set_gmode(wlc, wlc->protection->gmode_user, false);
-
- brcms_b_set_chanspec(wlc->hw, chanspec,
-- !!(ch->flags & IEEE80211_CHAN_PASSIVE_SCAN),
-+ !!(ch->flags & IEEE80211_CHAN_NO_IR),
- &txpwr);
- }
-
-@@ -657,8 +654,8 @@ static void brcms_reg_apply_radar_flags(
- */
- if (!(ch->flags & IEEE80211_CHAN_DISABLED))
- ch->flags |= IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR;
- }
- }
-
-@@ -688,14 +685,13 @@ brcms_reg_apply_beaconing_flags(struct w
- if (IS_ERR(rule))
- continue;
-
-- if (!(rule->flags & NL80211_RRF_NO_IBSS))
-- ch->flags &= ~IEEE80211_CHAN_NO_IBSS;
-- if (!(rule->flags & NL80211_RRF_PASSIVE_SCAN))
-+ if (!(rule->flags & NL80211_RRF_NO_IR))
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
-+ if (!(rule->flags & NL80211_RRF_NO_IR))
- ch->flags &=
-- ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ ~IEEE80211_CHAN_NO_IR;
- } else if (ch->beacon_found) {
-- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN);
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
- }
- }
---- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
-+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
-@@ -125,13 +125,13 @@ static struct ieee80211_channel brcms_2g
- CHAN2GHZ(10, 2457, IEEE80211_CHAN_NO_HT40PLUS),
- CHAN2GHZ(11, 2462, IEEE80211_CHAN_NO_HT40PLUS),
- CHAN2GHZ(12, 2467,
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
-+ IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_NO_HT40PLUS),
- CHAN2GHZ(13, 2472,
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
-+ IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_NO_HT40PLUS),
- CHAN2GHZ(14, 2484,
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
-+ IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS |
- IEEE80211_CHAN_NO_OFDM)
- };
-@@ -144,51 +144,51 @@ static struct ieee80211_channel brcms_5g
- CHAN5GHZ(48, IEEE80211_CHAN_NO_HT40PLUS),
- /* UNII-2 */
- CHAN5GHZ(52,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(56,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(60,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(64,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- /* MID */
- CHAN5GHZ(100,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(104,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(108,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(112,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(116,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(120,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(124,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(128,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(132,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
- CHAN5GHZ(136,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
- CHAN5GHZ(140,
-- IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS |
-+ IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS |
- IEEE80211_CHAN_NO_HT40MINUS),
- /* UNII-3 */
- CHAN5GHZ(149, IEEE80211_CHAN_NO_HT40MINUS),
---- a/drivers/net/wireless/cw1200/scan.c
-+++ b/drivers/net/wireless/cw1200/scan.c
-@@ -197,9 +197,9 @@ void cw1200_scan_work(struct work_struct
- if ((*it)->band != first->band)
- break;
- if (((*it)->flags ^ first->flags) &
-- IEEE80211_CHAN_PASSIVE_SCAN)
-+ IEEE80211_CHAN_NO_IR)
- break;
-- if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
-+ if (!(first->flags & IEEE80211_CHAN_NO_IR) &&
- (*it)->max_power != first->max_power)
- break;
- }
-@@ -210,7 +210,7 @@ void cw1200_scan_work(struct work_struct
- else
- scan.max_tx_rate = WSM_TRANSMIT_RATE_1;
- scan.num_probes =
-- (first->flags & IEEE80211_CHAN_PASSIVE_SCAN) ? 0 : 2;
-+ (first->flags & IEEE80211_CHAN_NO_IR) ? 0 : 2;
- scan.num_ssids = priv->scan.n_ssids;
- scan.ssids = &priv->scan.ssids[0];
- scan.num_channels = it - priv->scan.curr;
-@@ -233,7 +233,7 @@ void cw1200_scan_work(struct work_struct
- }
- for (i = 0; i < scan.num_channels; ++i) {
- scan.ch[i].number = priv->scan.curr[i]->hw_value;
-- if (priv->scan.curr[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN) {
-+ if (priv->scan.curr[i]->flags & IEEE80211_CHAN_NO_IR) {
- scan.ch[i].min_chan_time = 50;
- scan.ch[i].max_chan_time = 100;
- } else {
-@@ -241,7 +241,7 @@ void cw1200_scan_work(struct work_struct
- scan.ch[i].max_chan_time = 25;
- }
- }
-- if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
-+ if (!(first->flags & IEEE80211_CHAN_NO_IR) &&
- priv->scan.output_power != first->max_power) {
- priv->scan.output_power = first->max_power;
- wsm_set_output_power(priv,
---- a/drivers/net/wireless/ipw2x00/ipw2100.c
-+++ b/drivers/net/wireless/ipw2x00/ipw2100.c
-@@ -1934,10 +1934,10 @@ static int ipw2100_wdev_init(struct net_
- bg_band->channels[i].max_power = geo->bg[i].max_power;
- if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
- bg_band->channels[i].flags |=
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
- bg_band->channels[i].flags |=
-- IEEE80211_CHAN_NO_IBSS;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
- bg_band->channels[i].flags |=
- IEEE80211_CHAN_RADAR;
---- a/drivers/net/wireless/ipw2x00/ipw2200.c
-+++ b/drivers/net/wireless/ipw2x00/ipw2200.c
-@@ -11472,10 +11472,10 @@ static int ipw_wdev_init(struct net_devi
- bg_band->channels[i].max_power = geo->bg[i].max_power;
- if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
- bg_band->channels[i].flags |=
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
- bg_band->channels[i].flags |=
-- IEEE80211_CHAN_NO_IBSS;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
- bg_band->channels[i].flags |=
- IEEE80211_CHAN_RADAR;
-@@ -11511,10 +11511,10 @@ static int ipw_wdev_init(struct net_devi
- a_band->channels[i].max_power = geo->a[i].max_power;
- if (geo->a[i].flags & LIBIPW_CH_PASSIVE_ONLY)
- a_band->channels[i].flags |=
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->a[i].flags & LIBIPW_CH_NO_IBSS)
- a_band->channels[i].flags |=
-- IEEE80211_CHAN_NO_IBSS;
-+ IEEE80211_CHAN_NO_IR;
- if (geo->a[i].flags & LIBIPW_CH_RADAR_DETECT)
- a_band->channels[i].flags |=
- IEEE80211_CHAN_RADAR;
---- a/drivers/net/wireless/iwlegacy/3945-mac.c
-+++ b/drivers/net/wireless/iwlegacy/3945-mac.c
-@@ -1595,7 +1595,7 @@ il3945_get_channels_for_scan(struct il_p
- * and use long active_dwell time.
- */
- if (!is_active || il_is_channel_passive(ch_info) ||
-- (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)) {
-+ (chan->flags & IEEE80211_CHAN_NO_IR)) {
- scan_ch->type = 0; /* passive */
- if (IL_UCODE_API(il->ucode_ver) == 1)
- scan_ch->active_dwell =
---- a/drivers/net/wireless/iwlegacy/4965-mac.c
-+++ b/drivers/net/wireless/iwlegacy/4965-mac.c
-@@ -805,7 +805,7 @@ il4965_get_channels_for_scan(struct il_p
- }
-
- if (!is_active || il_is_channel_passive(ch_info) ||
-- (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
-+ (chan->flags & IEEE80211_CHAN_NO_IR))
- scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
- else
- scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
---- a/drivers/net/wireless/iwlegacy/common.c
-+++ b/drivers/net/wireless/iwlegacy/common.c
-@@ -3447,10 +3447,10 @@ il_init_geos(struct il_priv *il)
-
- if (il_is_channel_valid(ch)) {
- if (!(ch->flags & EEPROM_CHANNEL_IBSS))
-- geo_ch->flags |= IEEE80211_CHAN_NO_IBSS;
-+ geo_ch->flags |= IEEE80211_CHAN_NO_IR;
-
- if (!(ch->flags & EEPROM_CHANNEL_ACTIVE))
-- geo_ch->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
-+ geo_ch->flags |= IEEE80211_CHAN_NO_IR;
-
- if (ch->flags & EEPROM_CHANNEL_RADAR)
- geo_ch->flags |= IEEE80211_CHAN_RADAR;
---- a/drivers/net/wireless/iwlegacy/debug.c
-+++ b/drivers/net/wireless/iwlegacy/debug.c
-@@ -567,12 +567,12 @@ il_dbgfs_channels_read(struct file *file
- flags & IEEE80211_CHAN_RADAR ?
- " (IEEE 802.11h required)" : "",
- ((channels[i].
-- flags & IEEE80211_CHAN_NO_IBSS) ||
-+ flags & IEEE80211_CHAN_NO_IR) ||
- (channels[i].
- flags & IEEE80211_CHAN_RADAR)) ? "" :
- ", IBSS",
- channels[i].
-- flags & IEEE80211_CHAN_PASSIVE_SCAN ?
-+ flags & IEEE80211_CHAN_NO_IR ?
- "passive only" : "active/passive");
- }
- supp_band = il_get_hw_mode(il, IEEE80211_BAND_5GHZ);
-@@ -594,12 +594,12 @@ il_dbgfs_channels_read(struct file *file
- flags & IEEE80211_CHAN_RADAR ?
- " (IEEE 802.11h required)" : "",
- ((channels[i].
-- flags & IEEE80211_CHAN_NO_IBSS) ||
-+ flags & IEEE80211_CHAN_NO_IR) ||
- (channels[i].
- flags & IEEE80211_CHAN_RADAR)) ? "" :
- ", IBSS",
- channels[i].
-- flags & IEEE80211_CHAN_PASSIVE_SCAN ?
-+ flags & IEEE80211_CHAN_NO_IR ?
- "passive only" : "active/passive");
- }
- ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
---- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-@@ -352,12 +352,12 @@ static ssize_t iwl_dbgfs_channels_read(s
- channels[i].max_power,
- channels[i].flags & IEEE80211_CHAN_RADAR ?
- " (IEEE 802.11h required)" : "",
-- ((channels[i].flags & IEEE80211_CHAN_NO_IBSS)
-+ ((channels[i].flags & IEEE80211_CHAN_NO_IR)
- || (channels[i].flags &
- IEEE80211_CHAN_RADAR)) ? "" :
- ", IBSS",
- channels[i].flags &
-- IEEE80211_CHAN_PASSIVE_SCAN ?
-+ IEEE80211_CHAN_NO_IR ?
- "passive only" : "active/passive");
- }
- supp_band = iwl_get_hw_mode(priv, IEEE80211_BAND_5GHZ);
-@@ -375,12 +375,12 @@ static ssize_t iwl_dbgfs_channels_read(s
- channels[i].max_power,
- channels[i].flags & IEEE80211_CHAN_RADAR ?
- " (IEEE 802.11h required)" : "",
-- ((channels[i].flags & IEEE80211_CHAN_NO_IBSS)
-+ ((channels[i].flags & IEEE80211_CHAN_NO_IR)
- || (channels[i].flags &
- IEEE80211_CHAN_RADAR)) ? "" :
- ", IBSS",
- channels[i].flags &
-- IEEE80211_CHAN_PASSIVE_SCAN ?
-+ IEEE80211_CHAN_NO_IR ?
- "passive only" : "active/passive");
- }
- ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
---- a/drivers/net/wireless/iwlwifi/dvm/scan.c
-+++ b/drivers/net/wireless/iwlwifi/dvm/scan.c
-@@ -544,7 +544,7 @@ static int iwl_get_channels_for_scan(str
- channel = chan->hw_value;
- scan_ch->channel = cpu_to_le16(channel);
-
-- if (!is_active || (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
-+ if (!is_active || (chan->flags & IEEE80211_CHAN_NO_IR))
- scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
- else
- scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
---- a/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
-+++ b/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
-@@ -614,10 +614,10 @@ static int iwl_init_channel_map(struct d
- channel->flags = IEEE80211_CHAN_NO_HT40;
-
- if (!(eeprom_ch->flags & EEPROM_CHANNEL_IBSS))
-- channel->flags |= IEEE80211_CHAN_NO_IBSS;
-+ channel->flags |= IEEE80211_CHAN_NO_IR;
-
- if (!(eeprom_ch->flags & EEPROM_CHANNEL_ACTIVE))
-- channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
-+ channel->flags |= IEEE80211_CHAN_NO_IR;
-
- if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR)
- channel->flags |= IEEE80211_CHAN_RADAR;
---- a/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
-+++ b/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
-@@ -223,10 +223,10 @@ static int iwl_init_channel_map(struct d
- channel->flags |= IEEE80211_CHAN_NO_160MHZ;
-
- if (!(ch_flags & NVM_CHANNEL_IBSS))
-- channel->flags |= IEEE80211_CHAN_NO_IBSS;
-+ channel->flags |= IEEE80211_CHAN_NO_IR;
-
- if (!(ch_flags & NVM_CHANNEL_ACTIVE))
-- channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
-+ channel->flags |= IEEE80211_CHAN_NO_IR;
-
- if (ch_flags & NVM_CHANNEL_RADAR)
- channel->flags |= IEEE80211_CHAN_RADAR;
---- a/drivers/net/wireless/iwlwifi/mvm/scan.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
-@@ -192,7 +192,7 @@ static void iwl_mvm_scan_fill_channels(s
- for (i = 0; i < cmd->channel_count; i++) {
- chan->channel = cpu_to_le16(req->channels[i]->hw_value);
- chan->type = cpu_to_le32(type);
-- if (req->channels[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-+ if (req->channels[i]->flags & IEEE80211_CHAN_NO_IR)
- chan->type &= cpu_to_le32(~SCAN_CHANNEL_TYPE_ACTIVE);
- chan->active_dwell = cpu_to_le16(active_dwell);
- chan->passive_dwell = cpu_to_le16(passive_dwell);
-@@ -642,7 +642,7 @@ static void iwl_build_channel_cfg(struct
- channels->iter_count[index] = cpu_to_le16(1);
- channels->iter_interval[index] = 0;
-
-- if (!(s_band->channels[i].flags & IEEE80211_CHAN_PASSIVE_SCAN))
-+ if (!(s_band->channels[i].flags & IEEE80211_CHAN_NO_IR))
- channels->type[index] |=
- cpu_to_le32(IWL_SCAN_OFFLOAD_CHANNEL_ACTIVE);
-
---- a/drivers/net/wireless/mac80211_hwsim.c
-+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -159,7 +159,7 @@ static const struct ieee80211_regdomain
- .reg_rules = {
- REG_RULE(2412-10, 2462+10, 40, 0, 20, 0),
- REG_RULE(5725-10, 5850+10, 40, 0, 30,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
- }
- };
-
-@@ -1485,7 +1485,7 @@ static void hw_scan_work(struct work_str
- req->channels[hwsim->scan_chan_idx]->center_freq);
-
- hwsim->tmp_chan = req->channels[hwsim->scan_chan_idx];
-- if (hwsim->tmp_chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
-+ if (hwsim->tmp_chan->flags & IEEE80211_CHAN_NO_IR ||
- !req->n_ssids) {
- dwell = 120;
- } else {
---- a/drivers/net/wireless/mwifiex/cfg80211.c
-+++ b/drivers/net/wireless/mwifiex/cfg80211.c
-@@ -50,24 +50,24 @@ static const struct ieee80211_regdomain
- REG_RULE(2412-10, 2462+10, 40, 3, 20, 0),
- /* Channel 12 - 13 */
- REG_RULE(2467-10, 2472+10, 20, 3, 20,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
- /* Channel 14 */
- REG_RULE(2484-10, 2484+10, 20, 3, 20,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_NO_OFDM),
- /* Channel 36 - 48 */
- REG_RULE(5180-10, 5240+10, 40, 3, 20,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
- /* Channel 149 - 165 */
- REG_RULE(5745-10, 5825+10, 40, 3, 20,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
- /* Channel 52 - 64 */
- REG_RULE(5260-10, 5320+10, 40, 3, 30,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_DFS),
- /* Channel 100 - 140 */
- REG_RULE(5500-10, 5700+10, 40, 3, 30,
-- NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_DFS),
- }
- };
-@@ -1968,7 +1968,7 @@ mwifiex_cfg80211_scan(struct wiphy *wiph
- user_scan_cfg->chan_list[i].chan_number = chan->hw_value;
- user_scan_cfg->chan_list[i].radio_type = chan->band;
-
-- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-+ if (chan->flags & IEEE80211_CHAN_NO_IR)
- user_scan_cfg->chan_list[i].scan_type =
- MWIFIEX_SCAN_TYPE_PASSIVE;
- else
---- a/drivers/net/wireless/mwifiex/scan.c
-+++ b/drivers/net/wireless/mwifiex/scan.c
-@@ -515,14 +515,14 @@ mwifiex_scan_create_channel_list(struct
- scan_chan_list[chan_idx].max_scan_time =
- cpu_to_le16((u16) user_scan_in->
- chan_list[0].scan_time);
-- else if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-+ else if (ch->flags & IEEE80211_CHAN_NO_IR)
- scan_chan_list[chan_idx].max_scan_time =
- cpu_to_le16(adapter->passive_scan_time);
- else
- scan_chan_list[chan_idx].max_scan_time =
- cpu_to_le16(adapter->active_scan_time);
-
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
- scan_chan_list[chan_idx].chan_scan_mode_bitmap
- |= MWIFIEX_PASSIVE_SCAN;
- else
---- a/drivers/net/wireless/rt2x00/rt2x00lib.h
-+++ b/drivers/net/wireless/rt2x00/rt2x00lib.h
-@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_
- * @local: frame is not from mac80211
- */
- int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
-- bool local);
-+ struct ieee80211_sta *sta, bool local);
-
- /**
- * rt2x00queue_update_beacon - Send new beacon from mac80211
---- a/drivers/net/wireless/rt2x00/rt2x00mac.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
-@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct r
- frag_skb->data, data_length, tx_info,
- (struct ieee80211_rts *)(skb->data));
-
-- retval = rt2x00queue_write_tx_frame(queue, skb, true);
-+ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true);
- if (retval) {
- dev_kfree_skb_any(skb);
- rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n");
-@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *h
- goto exit_fail;
- }
-
-- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false)))
-+ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false)))
- goto exit_fail;
-
- /*
---- a/drivers/net/wireless/rt2x00/rt2x00queue.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct
- }
-
- int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
-- bool local)
-+ struct ieee80211_sta *sta, bool local)
- {
- struct ieee80211_tx_info *tx_info;
- struct queue_entry *entry;
-@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct da
- * after that we are free to use the skb->cb array
- * for our information.
- */
-- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL);
-+ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta);
-
- /*
- * All information is retrieved from the skb->cb array,
---- a/drivers/net/wireless/rtl818x/rtl8187/dev.c
-+++ b/drivers/net/wireless/rtl818x/rtl8187/dev.c
-@@ -416,7 +416,7 @@ static int rtl8187_init_urbs(struct ieee
- struct rtl8187_rx_info *info;
- int ret = 0;
-
-- while (skb_queue_len(&priv->rx_queue) < 16) {
-+ while (skb_queue_len(&priv->rx_queue) < 32) {
- skb = __dev_alloc_skb(RTL8187_MAX_RX, GFP_KERNEL);
- if (!skb) {
- ret = -ENOMEM;
---- a/drivers/net/wireless/rtlwifi/base.c
-+++ b/drivers/net/wireless/rtlwifi/base.c
-@@ -1078,8 +1078,8 @@ u8 rtl_is_special_data(struct ieee80211_
-
- ip = (struct iphdr *)((u8 *) skb->data + mac_hdr_len +
- SNAP_SIZE + PROTOC_TYPE_SIZE);
-- ether_type = *(u16 *) ((u8 *) skb->data + mac_hdr_len + SNAP_SIZE);
-- /* ether_type = ntohs(ether_type); */
-+ ether_type = be16_to_cpu(*(__be16 *)((u8 *)skb->data + mac_hdr_len +
-+ SNAP_SIZE));
-
- if (ETH_P_IP == ether_type) {
- if (IPPROTO_UDP == ip->protocol) {
---- a/drivers/net/wireless/rtlwifi/regd.c
-+++ b/drivers/net/wireless/rtlwifi/regd.c
-@@ -59,30 +59,27 @@ static struct country_code_to_enum_rd al
- */
- #define RTL819x_2GHZ_CH12_13 \
- REG_RULE(2467-10, 2472+10, 40, 0, 20,\
-- NL80211_RRF_PASSIVE_SCAN)
-+ NL80211_RRF_NO_IR)
-
- #define RTL819x_2GHZ_CH14 \
- REG_RULE(2484-10, 2484+10, 40, 0, 20, \
-- NL80211_RRF_PASSIVE_SCAN | \
-+ NL80211_RRF_NO_IR | \
- NL80211_RRF_NO_OFDM)
-
- /* 5G chan 36 - chan 64*/
- #define RTL819x_5GHZ_5150_5350 \
- REG_RULE(5150-10, 5350+10, 40, 0, 30, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- /* 5G chan 100 - chan 165*/
- #define RTL819x_5GHZ_5470_5850 \
- REG_RULE(5470-10, 5850+10, 40, 0, 30, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- /* 5G chan 149 - chan 165*/
- #define RTL819x_5GHZ_5725_5850 \
- REG_RULE(5725-10, 5850+10, 40, 0, 30, \
-- NL80211_RRF_PASSIVE_SCAN | \
-- NL80211_RRF_NO_IBSS)
-+ NL80211_RRF_NO_IR)
-
- #define RTL819x_5GHZ_ALL \
- (RTL819x_5GHZ_5150_5350, RTL819x_5GHZ_5470_5850)
-@@ -185,16 +182,15 @@ static void _rtl_reg_apply_beaconing_fla
- *regulatory_hint().
- */
-
-- if (!(reg_rule->flags & NL80211_RRF_NO_IBSS))
-- ch->flags &= ~IEEE80211_CHAN_NO_IBSS;
-+ if (!(reg_rule->flags & NL80211_RRF_NO_IR))
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- if (!(reg_rule->
-- flags & NL80211_RRF_PASSIVE_SCAN))
-+ flags & NL80211_RRF_NO_IR))
- ch->flags &=
-- ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ ~IEEE80211_CHAN_NO_IR;
- } else {
- if (ch->beacon_found)
-- ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN);
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
- }
- }
-@@ -219,11 +215,11 @@ static void _rtl_reg_apply_active_scan_f
- */
- if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) {
- ch = &sband->channels[11]; /* CH 12 */
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- ch = &sband->channels[12]; /* CH 13 */
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- return;
- }
-
-@@ -237,17 +233,17 @@ static void _rtl_reg_apply_active_scan_f
- ch = &sband->channels[11]; /* CH 12 */
- reg_rule = freq_reg_info(wiphy, ch->center_freq);
- if (!IS_ERR(reg_rule)) {
-- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (!(reg_rule->flags & NL80211_RRF_NO_IR))
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
-
- ch = &sband->channels[12]; /* CH 13 */
- reg_rule = freq_reg_info(wiphy, ch->center_freq);
- if (!IS_ERR(reg_rule)) {
-- if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
-- if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-- ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-+ if (!(reg_rule->flags & NL80211_RRF_NO_IR))
-+ if (ch->flags & IEEE80211_CHAN_NO_IR)
-+ ch->flags &= ~IEEE80211_CHAN_NO_IR;
- }
- }
-
-@@ -284,8 +280,8 @@ static void _rtl_reg_apply_radar_flags(s
- */
- if (!(ch->flags & IEEE80211_CHAN_DISABLED))
- ch->flags |= IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_NO_IR;
- }
- }
-
---- a/drivers/net/wireless/ti/wl12xx/scan.c
-+++ b/drivers/net/wireless/ti/wl12xx/scan.c
-@@ -47,7 +47,7 @@ static int wl1271_get_scan_channels(stru
- * In active scans, we only scan channels not
- * marked as passive.
- */
-- (passive || !(flags & IEEE80211_CHAN_PASSIVE_SCAN))) {
-+ (passive || !(flags & IEEE80211_CHAN_NO_IR))) {
- wl1271_debug(DEBUG_SCAN, "band %d, center_freq %d ",
- req->channels[i]->band,
- req->channels[i]->center_freq);
---- a/drivers/net/wireless/ti/wlcore/cmd.c
-+++ b/drivers/net/wireless/ti/wlcore/cmd.c
-@@ -1688,7 +1688,7 @@ int wlcore_cmd_regdomain_config_locked(s
-
- if (channel->flags & (IEEE80211_CHAN_DISABLED |
- IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_PASSIVE_SCAN))
-+ IEEE80211_CHAN_NO_IR))
- continue;
-
- ch_bit_idx = wlcore_get_reg_conf_ch_idx(b, ch);
---- a/drivers/net/wireless/ti/wlcore/main.c
-+++ b/drivers/net/wireless/ti/wlcore/main.c
-@@ -91,8 +91,7 @@ static void wl1271_reg_notify(struct wip
- continue;
-
- if (ch->flags & IEEE80211_CHAN_RADAR)
-- ch->flags |= IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN;
-+ ch->flags |= IEEE80211_CHAN_NO_IR;
-
- }
-
---- a/drivers/net/wireless/ti/wlcore/scan.c
-+++ b/drivers/net/wireless/ti/wlcore/scan.c
-@@ -189,14 +189,14 @@ wlcore_scan_get_channels(struct wl1271 *
- flags = req_channels[i]->flags;
-
- if (force_passive)
-- flags |= IEEE80211_CHAN_PASSIVE_SCAN;
-+ flags |= IEEE80211_CHAN_NO_IR;
-
- if ((req_channels[i]->band == band) &&
- !(flags & IEEE80211_CHAN_DISABLED) &&
- (!!(flags & IEEE80211_CHAN_RADAR) == radar) &&
- /* if radar is set, we ignore the passive flag */
- (radar ||
-- !!(flags & IEEE80211_CHAN_PASSIVE_SCAN) == passive)) {
-+ !!(flags & IEEE80211_CHAN_NO_IR) == passive)) {
-
-
- if (flags & IEEE80211_CHAN_RADAR) {
-@@ -221,7 +221,7 @@ wlcore_scan_get_channels(struct wl1271 *
- (band == IEEE80211_BAND_2GHZ) &&
- (channels[j].channel >= 12) &&
- (channels[j].channel <= 14) &&
-- (flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
-+ (flags & IEEE80211_CHAN_NO_IR) &&
- !force_passive) {
- /* pactive channels treated as DFS */
- channels[j].flags = SCAN_CHANNEL_FLAGS_DFS;
-@@ -244,7 +244,7 @@ wlcore_scan_get_channels(struct wl1271 *
- max_dwell_time_active,
- flags & IEEE80211_CHAN_RADAR ?
- ", DFS" : "",
-- flags & IEEE80211_CHAN_PASSIVE_SCAN ?
-+ flags & IEEE80211_CHAN_NO_IR ?
- ", PASSIVE" : "");
- j++;
- }
---- a/include/net/cfg80211.h
-+++ b/include/net/cfg80211.h
-@@ -91,9 +91,8 @@ enum ieee80211_band {
- * Channel flags set by the regulatory control code.
- *
- * @IEEE80211_CHAN_DISABLED: This channel is disabled.
-- * @IEEE80211_CHAN_PASSIVE_SCAN: Only passive scanning is permitted
-- * on this channel.
-- * @IEEE80211_CHAN_NO_IBSS: IBSS is not allowed on this channel.
-+ * @IEEE80211_CHAN_NO_IR: do not initiate radiation, this includes
-+ * sending probe requests or beaconing.
- * @IEEE80211_CHAN_RADAR: Radar detection is required on this channel.
- * @IEEE80211_CHAN_NO_HT40PLUS: extension channel above this channel
- * is not permitted.
-@@ -113,8 +112,8 @@ enum ieee80211_band {
- */
- enum ieee80211_channel_flags {
- IEEE80211_CHAN_DISABLED = 1<<0,
-- IEEE80211_CHAN_PASSIVE_SCAN = 1<<1,
-- IEEE80211_CHAN_NO_IBSS = 1<<2,
-+ IEEE80211_CHAN_NO_IR = 1<<1,
-+ /* hole at 1<<2 */
- IEEE80211_CHAN_RADAR = 1<<3,
- IEEE80211_CHAN_NO_HT40PLUS = 1<<4,
- IEEE80211_CHAN_NO_HT40MINUS = 1<<5,
-@@ -4149,6 +4148,7 @@ void cfg80211_radar_event(struct wiphy *
- /**
- * cfg80211_cac_event - Channel availability check (CAC) event
- * @netdev: network device
-+ * @chandef: chandef for the current channel
- * @event: type of event
- * @gfp: context flags
- *
-@@ -4157,6 +4157,7 @@ void cfg80211_radar_event(struct wiphy *
- * also by full-MAC drivers.
- */
- void cfg80211_cac_event(struct net_device *netdev,
-+ const struct cfg80211_chan_def *chandef,
- enum nl80211_radar_event event, gfp_t gfp);
-
-
---- a/include/uapi/linux/nl80211.h
-+++ b/include/uapi/linux/nl80211.h
-@@ -1508,6 +1508,9 @@ enum nl80211_commands {
- * to react to radar events, e.g. initiate a channel switch or leave the
- * IBSS network.
- *
-+ * @NL80211_ATTR_SUPPORT_5_10_MHZ: A flag indicating that the device supports
-+ * 5 MHz and 10 MHz channel bandwidth.
-+ *
- * @NL80211_ATTR_MAX: highest attribute number currently defined
- * @__NL80211_ATTR_AFTER_LAST: internal use
- */
-@@ -1824,6 +1827,8 @@ enum nl80211_attrs {
-
- NL80211_ATTR_HANDLE_DFS,
-
-+ NL80211_ATTR_SUPPORT_5_10_MHZ,
-+
- /* add attributes here, update the policy in nl80211.c */
-
- __NL80211_ATTR_AFTER_LAST,
-@@ -2224,10 +2229,9 @@ enum nl80211_band_attr {
- * @NL80211_FREQUENCY_ATTR_FREQ: Frequency in MHz
- * @NL80211_FREQUENCY_ATTR_DISABLED: Channel is disabled in current
- * regulatory domain.
-- * @NL80211_FREQUENCY_ATTR_PASSIVE_SCAN: Only passive scanning is
-- * permitted on this channel in current regulatory domain.
-- * @NL80211_FREQUENCY_ATTR_NO_IBSS: IBSS networks are not permitted
-- * on this channel in current regulatory domain.
-+ * @NL80211_FREQUENCY_ATTR_NO_IR: no mechanisms that initiate radiation
-+ * are permitted on this channel, this includes sending probe
-+ * requests, or modes of operation that require beaconing.
- * @NL80211_FREQUENCY_ATTR_RADAR: Radar detection is mandatory
- * on this channel in current regulatory domain.
- * @NL80211_FREQUENCY_ATTR_MAX_TX_POWER: Maximum transmission power in mBm
-@@ -2254,8 +2258,8 @@ enum nl80211_frequency_attr {
- __NL80211_FREQUENCY_ATTR_INVALID,
- NL80211_FREQUENCY_ATTR_FREQ,
- NL80211_FREQUENCY_ATTR_DISABLED,
-- NL80211_FREQUENCY_ATTR_PASSIVE_SCAN,
-- NL80211_FREQUENCY_ATTR_NO_IBSS,
-+ NL80211_FREQUENCY_ATTR_NO_IR,
-+ __NL80211_FREQUENCY_ATTR_NO_IBSS,
- NL80211_FREQUENCY_ATTR_RADAR,
- NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
- NL80211_FREQUENCY_ATTR_DFS_STATE,
-@@ -2271,6 +2275,9 @@ enum nl80211_frequency_attr {
- };
-
- #define NL80211_FREQUENCY_ATTR_MAX_TX_POWER NL80211_FREQUENCY_ATTR_MAX_TX_POWER
-+#define NL80211_FREQUENCY_ATTR_PASSIVE_SCAN NL80211_FREQUENCY_ATTR_NO_IR
-+#define NL80211_FREQUENCY_ATTR_NO_IBSS NL80211_FREQUENCY_ATTR_NO_IR
-+#define NL80211_FREQUENCY_ATTR_NO_IR NL80211_FREQUENCY_ATTR_NO_IR
-
- /**
- * enum nl80211_bitrate_attr - bitrate attributes
-@@ -2413,8 +2420,9 @@ enum nl80211_sched_scan_match_attr {
- * @NL80211_RRF_DFS: DFS support is required to be used
- * @NL80211_RRF_PTP_ONLY: this is only for Point To Point links
- * @NL80211_RRF_PTMP_ONLY: this is only for Point To Multi Point links
-- * @NL80211_RRF_PASSIVE_SCAN: passive scan is required
-- * @NL80211_RRF_NO_IBSS: no IBSS is allowed
-+ * @NL80211_RRF_NO_IR: no mechanisms that initiate radiation are allowed,
-+ * this includes probe requests or modes of operation that require
-+ * beaconing.
- */
- enum nl80211_reg_rule_flags {
- NL80211_RRF_NO_OFDM = 1<<0,
-@@ -2424,10 +2432,17 @@ enum nl80211_reg_rule_flags {
- NL80211_RRF_DFS = 1<<4,
- NL80211_RRF_PTP_ONLY = 1<<5,
- NL80211_RRF_PTMP_ONLY = 1<<6,
-- NL80211_RRF_PASSIVE_SCAN = 1<<7,
-- NL80211_RRF_NO_IBSS = 1<<8,
-+ NL80211_RRF_NO_IR = 1<<7,
-+ __NL80211_RRF_NO_IBSS = 1<<8,
- };
-
-+#define NL80211_RRF_PASSIVE_SCAN NL80211_RRF_NO_IR
-+#define NL80211_RRF_NO_IBSS NL80211_RRF_NO_IR
-+#define NL80211_RRF_NO_IR NL80211_RRF_NO_IR
-+
-+/* For backport compatibility with older userspace */
-+#define NL80211_RRF_NO_IR_ALL (NL80211_RRF_NO_IR | __NL80211_RRF_NO_IBSS)
-+
- /**
- * enum nl80211_dfs_regions - regulatory DFS regions
- *
---- a/net/mac80211/cfg.c
-+++ b/net/mac80211/cfg.c
-@@ -1050,6 +1050,7 @@ static int ieee80211_stop_ap(struct wiph
- struct ieee80211_local *local = sdata->local;
- struct beacon_data *old_beacon;
- struct probe_resp *old_probe_resp;
-+ struct cfg80211_chan_def chandef;
-
- old_beacon = rtnl_dereference(sdata->u.ap.beacon);
- if (!old_beacon)
-@@ -1091,8 +1092,10 @@ static int ieee80211_stop_ap(struct wiph
- ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
-
- if (sdata->wdev.cac_started) {
-+ chandef = sdata->vif.bss_conf.chandef;
- cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
-- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED,
-+ cfg80211_cac_event(sdata->dev, &chandef,
-+ NL80211_RADAR_CAC_ABORTED,
- GFP_KERNEL);
- }
-
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -749,6 +749,7 @@ static void ieee80211_do_stop(struct iee
- u32 hw_reconf_flags = 0;
- int i, flushed;
- struct ps_data *ps;
-+ struct cfg80211_chan_def chandef;
-
- clear_bit(SDATA_STATE_RUNNING, &sdata->state);
-
-@@ -828,11 +829,13 @@ static void ieee80211_do_stop(struct iee
- cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
-
- if (sdata->wdev.cac_started) {
-+ chandef = sdata->vif.bss_conf.chandef;
- WARN_ON(local->suspended);
- mutex_lock(&local->iflist_mtx);
- ieee80211_vif_release_channel(sdata);
- mutex_unlock(&local->iflist_mtx);
-- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED,
-+ cfg80211_cac_event(sdata->dev, &chandef,
-+ NL80211_RADAR_CAC_ABORTED,
- GFP_KERNEL);
- }
-
-@@ -1340,7 +1343,6 @@ static void ieee80211_setup_sdata(struct
- sdata->vif.bss_conf.bssid = NULL;
- break;
- case NL80211_IFTYPE_AP_VLAN:
-- break;
- case NL80211_IFTYPE_P2P_DEVICE:
- sdata->vif.bss_conf.bssid = sdata->vif.addr;
- break;
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -1398,10 +1398,12 @@ void ieee80211_dfs_cac_timer_work(struct
- struct ieee80211_sub_if_data *sdata =
- container_of(delayed_work, struct ieee80211_sub_if_data,
- dfs_cac_timer_work);
-+ struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
-
- ieee80211_vif_release_channel(sdata);
--
-- cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
-+ cfg80211_cac_event(sdata->dev, &chandef,
-+ NL80211_RADAR_CAC_FINISHED,
-+ GFP_KERNEL);
- }
-
- /* MLME */
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -729,9 +729,7 @@ static void ieee80211_release_reorder_fr
- lockdep_assert_held(&tid_agg_rx->reorder_lock);
-
- while (ieee80211_sn_less(tid_agg_rx->head_seq_num, head_seq_num)) {
-- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
-- tid_agg_rx->ssn) %
-- tid_agg_rx->buf_size;
-+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
- ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
- frames);
- }
-@@ -757,8 +755,7 @@ static void ieee80211_sta_reorder_releas
- lockdep_assert_held(&tid_agg_rx->reorder_lock);
-
- /* release the buffer until next missing frame */
-- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
-- tid_agg_rx->ssn) % tid_agg_rx->buf_size;
-+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
- if (!tid_agg_rx->reorder_buf[index] &&
- tid_agg_rx->stored_mpdu_num) {
- /*
-@@ -793,15 +790,11 @@ static void ieee80211_sta_reorder_releas
- } else while (tid_agg_rx->reorder_buf[index]) {
- ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
- frames);
-- index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
-- tid_agg_rx->ssn) %
-- tid_agg_rx->buf_size;
-+ index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
- }
-
- if (tid_agg_rx->stored_mpdu_num) {
-- j = index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
-- tid_agg_rx->ssn) %
-- tid_agg_rx->buf_size;
-+ j = index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
-
- for (; j != (index - 1) % tid_agg_rx->buf_size;
- j = (j + 1) % tid_agg_rx->buf_size) {
-@@ -861,8 +854,7 @@ static bool ieee80211_sta_manage_reorder
-
- /* Now the new frame is always in the range of the reordering buffer */
-
-- index = ieee80211_sn_sub(mpdu_seq_num,
-- tid_agg_rx->ssn) % tid_agg_rx->buf_size;
-+ index = mpdu_seq_num % tid_agg_rx->buf_size;
-
- /* check if we already stored this frame */
- if (tid_agg_rx->reorder_buf[index]) {
---- a/net/mac80211/scan.c
-+++ b/net/mac80211/scan.c
-@@ -526,7 +526,7 @@ static int __ieee80211_start_scan(struct
- ieee80211_hw_config(local, 0);
-
- if ((req->channels[0]->flags &
-- IEEE80211_CHAN_PASSIVE_SCAN) ||
-+ IEEE80211_CHAN_NO_IR) ||
- !local->scan_req->n_ssids) {
- next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
- } else {
-@@ -572,7 +572,7 @@ ieee80211_scan_get_channel_time(struct i
- * TODO: channel switching also consumes quite some time,
- * add that delay as well to get a better estimation
- */
-- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
-+ if (chan->flags & IEEE80211_CHAN_NO_IR)
- return IEEE80211_PASSIVE_CHANNEL_TIME;
- return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
- }
-@@ -696,7 +696,7 @@ static void ieee80211_scan_state_set_cha
- *
- * In any case, it is not necessary for a passive scan.
- */
-- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
-+ if (chan->flags & IEEE80211_CHAN_NO_IR ||
- !local->scan_req->n_ssids) {
- *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
- local->next_scan_state = SCAN_DECISION;
-@@ -881,7 +881,7 @@ int ieee80211_request_ibss_scan(struct i
- struct ieee80211_channel *tmp_ch =
- &local->hw.wiphy->bands[band]->channels[i];
-
-- if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS |
-+ if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_DISABLED))
- continue;
-
-@@ -895,7 +895,7 @@ int ieee80211_request_ibss_scan(struct i
-
- local->int_scan_req->n_channels = n_ch;
- } else {
-- if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS |
-+ if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_DISABLED)))
- goto unlock;
-
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -1728,8 +1728,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
- * radar detection by itself. We can do that later by adding a
- * monitor flag interfaces used for AP support.
- */
-- if ((chan->flags & (IEEE80211_CHAN_NO_IBSS | IEEE80211_CHAN_RADAR |
-- IEEE80211_CHAN_PASSIVE_SCAN)))
-+ if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)))
- goto fail_rcu;
-
- ieee80211_xmit(sdata, skb, chan->band);
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -2259,14 +2259,17 @@ u64 ieee80211_calculate_rx_timestamp(str
- void ieee80211_dfs_cac_cancel(struct ieee80211_local *local)
- {
- struct ieee80211_sub_if_data *sdata;
-+ struct cfg80211_chan_def chandef;
-
- mutex_lock(&local->iflist_mtx);
- list_for_each_entry(sdata, &local->interfaces, list) {
- cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
-
- if (sdata->wdev.cac_started) {
-+ chandef = sdata->vif.bss_conf.chandef;
- ieee80211_vif_release_channel(sdata);
- cfg80211_cac_event(sdata->dev,
-+ &chandef,
- NL80211_RADAR_CAC_ABORTED,
- GFP_KERNEL);
- }
---- a/net/wireless/chan.c
-+++ b/net/wireless/chan.c
-@@ -277,6 +277,32 @@ void cfg80211_set_dfs_state(struct wiphy
- width, dfs_state);
- }
-
-+static u32 cfg80211_get_start_freq(u32 center_freq,
-+ u32 bandwidth)
-+{
-+ u32 start_freq;
-+
-+ if (bandwidth <= 20)
-+ start_freq = center_freq;
-+ else
-+ start_freq = center_freq - bandwidth/2 + 10;
-+
-+ return start_freq;
-+}
-+
-+static u32 cfg80211_get_end_freq(u32 center_freq,
-+ u32 bandwidth)
-+{
-+ u32 end_freq;
-+
-+ if (bandwidth <= 20)
-+ end_freq = center_freq;
-+ else
-+ end_freq = center_freq + bandwidth/2 - 10;
-+
-+ return end_freq;
-+}
-+
- static int cfg80211_get_chans_dfs_required(struct wiphy *wiphy,
- u32 center_freq,
- u32 bandwidth)
-@@ -284,13 +310,8 @@ static int cfg80211_get_chans_dfs_requir
- struct ieee80211_channel *c;
- u32 freq, start_freq, end_freq;
-
-- if (bandwidth <= 20) {
-- start_freq = center_freq;
-- end_freq = center_freq;
-- } else {
-- start_freq = center_freq - bandwidth/2 + 10;
-- end_freq = center_freq + bandwidth/2 - 10;
-- }
-+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
-+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
-
- for (freq = start_freq; freq <= end_freq; freq += 20) {
- c = ieee80211_get_channel(wiphy, freq);
-@@ -330,33 +351,159 @@ int cfg80211_chandef_dfs_required(struct
- }
- EXPORT_SYMBOL(cfg80211_chandef_dfs_required);
-
--static bool cfg80211_secondary_chans_ok(struct wiphy *wiphy,
-- u32 center_freq, u32 bandwidth,
-- u32 prohibited_flags)
-+static int cfg80211_get_chans_dfs_usable(struct wiphy *wiphy,
-+ u32 center_freq,
-+ u32 bandwidth)
- {
- struct ieee80211_channel *c;
- u32 freq, start_freq, end_freq;
-+ int count = 0;
-
-- if (bandwidth <= 20) {
-- start_freq = center_freq;
-- end_freq = center_freq;
-- } else {
-- start_freq = center_freq - bandwidth/2 + 10;
-- end_freq = center_freq + bandwidth/2 - 10;
-+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
-+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
-+
-+ /*
-+ * Check entire range of channels for the bandwidth.
-+ * Check all channels are DFS channels (DFS_USABLE or
-+ * DFS_AVAILABLE). Return number of usable channels
-+ * (require CAC). Allow DFS and non-DFS channel mix.
-+ */
-+ for (freq = start_freq; freq <= end_freq; freq += 20) {
-+ c = ieee80211_get_channel(wiphy, freq);
-+ if (!c)
-+ return -EINVAL;
-+
-+ if (c->flags & IEEE80211_CHAN_DISABLED)
-+ return -EINVAL;
-+
-+ if (c->flags & IEEE80211_CHAN_RADAR) {
-+ if (c->dfs_state == NL80211_DFS_UNAVAILABLE)
-+ return -EINVAL;
-+
-+ if (c->dfs_state == NL80211_DFS_USABLE)
-+ count++;
-+ }
-+ }
-+
-+ return count;
-+}
-+
-+bool cfg80211_chandef_dfs_usable(struct wiphy *wiphy,
-+ const struct cfg80211_chan_def *chandef)
-+{
-+ int width;
-+ int r1, r2 = 0;
-+
-+ if (WARN_ON(!cfg80211_chandef_valid(chandef)))
-+ return false;
-+
-+ width = cfg80211_chandef_get_width(chandef);
-+ if (width < 0)
-+ return false;
-+
-+ r1 = cfg80211_get_chans_dfs_usable(wiphy, chandef->center_freq1,
-+ width);
-+
-+ if (r1 < 0)
-+ return false;
-+
-+ switch (chandef->width) {
-+ case NL80211_CHAN_WIDTH_80P80:
-+ WARN_ON(!chandef->center_freq2);
-+ r2 = cfg80211_get_chans_dfs_usable(wiphy,
-+ chandef->center_freq2,
-+ width);
-+ if (r2 < 0)
-+ return false;
-+ break;
-+ default:
-+ WARN_ON(chandef->center_freq2);
-+ break;
- }
-
-+ return (r1 + r2 > 0);
-+}
-+
-+
-+static bool cfg80211_get_chans_dfs_available(struct wiphy *wiphy,
-+ u32 center_freq,
-+ u32 bandwidth)
-+{
-+ struct ieee80211_channel *c;
-+ u32 freq, start_freq, end_freq;
-+
-+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
-+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
-+
-+ /*
-+ * Check entire range of channels for the bandwidth.
-+ * If any channel in between is disabled or has not
-+ * had gone through CAC return false
-+ */
- for (freq = start_freq; freq <= end_freq; freq += 20) {
- c = ieee80211_get_channel(wiphy, freq);
- if (!c)
- return false;
-
-- /* check for radar flags */
-- if ((prohibited_flags & c->flags & IEEE80211_CHAN_RADAR) &&
-+ if (c->flags & IEEE80211_CHAN_DISABLED)
-+ return false;
-+
-+ if ((c->flags & IEEE80211_CHAN_RADAR) &&
- (c->dfs_state != NL80211_DFS_AVAILABLE))
- return false;
-+ }
-+
-+ return true;
-+}
-+
-+static bool cfg80211_chandef_dfs_available(struct wiphy *wiphy,
-+ const struct cfg80211_chan_def *chandef)
-+{
-+ int width;
-+ int r;
-+
-+ if (WARN_ON(!cfg80211_chandef_valid(chandef)))
-+ return false;
-
-- /* check for the other flags */
-- if (c->flags & prohibited_flags & ~IEEE80211_CHAN_RADAR)
-+ width = cfg80211_chandef_get_width(chandef);
-+ if (width < 0)
-+ return false;
-+
-+ r = cfg80211_get_chans_dfs_available(wiphy, chandef->center_freq1,
-+ width);
-+
-+ /* If any of channels unavailable for cf1 just return */
-+ if (!r)
-+ return r;
-+
-+ switch (chandef->width) {
-+ case NL80211_CHAN_WIDTH_80P80:
-+ WARN_ON(!chandef->center_freq2);
-+ r = cfg80211_get_chans_dfs_available(wiphy,
-+ chandef->center_freq2,
-+ width);
-+ default:
-+ WARN_ON(chandef->center_freq2);
-+ break;
-+ }
-+
-+ return r;
-+}
-+
-+
-+static bool cfg80211_secondary_chans_ok(struct wiphy *wiphy,
-+ u32 center_freq, u32 bandwidth,
-+ u32 prohibited_flags)
-+{
-+ struct ieee80211_channel *c;
-+ u32 freq, start_freq, end_freq;
-+
-+ start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
-+ end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
-+
-+ for (freq = start_freq; freq <= end_freq; freq += 20) {
-+ c = ieee80211_get_channel(wiphy, freq);
-+ if (!c || c->flags & prohibited_flags)
- return false;
- }
-
-@@ -462,14 +609,19 @@ bool cfg80211_reg_can_beacon(struct wiph
- struct cfg80211_chan_def *chandef)
- {
- bool res;
-+ u32 prohibited_flags = IEEE80211_CHAN_DISABLED |
-+ IEEE80211_CHAN_NO_IR |
-+ IEEE80211_CHAN_RADAR;
-
- trace_cfg80211_reg_can_beacon(wiphy, chandef);
-
-- res = cfg80211_chandef_usable(wiphy, chandef,
-- IEEE80211_CHAN_DISABLED |
-- IEEE80211_CHAN_PASSIVE_SCAN |
-- IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_RADAR);
-+ if (cfg80211_chandef_dfs_required(wiphy, chandef) > 0 &&
-+ cfg80211_chandef_dfs_available(wiphy, chandef)) {
-+ /* We can skip IEEE80211_CHAN_NO_IR if chandef dfs available */
-+ prohibited_flags = IEEE80211_CHAN_DISABLED;
-+ }
-+
-+ res = cfg80211_chandef_usable(wiphy, chandef, prohibited_flags);
-
- trace_cfg80211_return_bool(res);
- return res;
---- a/net/wireless/core.h
-+++ b/net/wireless/core.h
-@@ -382,6 +382,19 @@ int cfg80211_can_use_iftype_chan(struct
- enum cfg80211_chan_mode chanmode,
- u8 radar_detect);
-
-+/**
-+ * cfg80211_chandef_dfs_usable - checks if chandef is DFS usable
-+ * @wiphy: the wiphy to validate against
-+ * @chandef: the channel definition to check
-+ *
-+ * Checks if chandef is usable and we can/need start CAC on such channel.
-+ *
-+ * Return: Return true if all channels available and at least
-+ * one channel require CAC (NL80211_DFS_USABLE)
-+ */
-+bool cfg80211_chandef_dfs_usable(struct wiphy *wiphy,
-+ const struct cfg80211_chan_def *chandef);
-+
- void cfg80211_set_dfs_state(struct wiphy *wiphy,
- const struct cfg80211_chan_def *chandef,
- enum nl80211_dfs_state dfs_state);
---- a/net/wireless/genregdb.awk
-+++ b/net/wireless/genregdb.awk
-@@ -107,10 +107,13 @@ active && /^[ \t]*\(/ {
- } else if (flagarray[arg] == "PTMP-ONLY") {
- flags = flags "\n\t\t\tNL80211_RRF_PTMP_ONLY | "
- } else if (flagarray[arg] == "PASSIVE-SCAN") {
-- flags = flags "\n\t\t\tNL80211_RRF_PASSIVE_SCAN | "
-+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | "
- } else if (flagarray[arg] == "NO-IBSS") {
-- flags = flags "\n\t\t\tNL80211_RRF_NO_IBSS | "
-+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | "
-+ } else if (flagarray[arg] == "NO-IR") {
-+ flags = flags "\n\t\t\tNL80211_RRF_NO_IR | "
- }
-+
- }
- flags = flags "0"
- printf "\t\tREG_RULE(%d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, flags
---- a/net/wireless/ibss.c
-+++ b/net/wireless/ibss.c
-@@ -274,7 +274,7 @@ int cfg80211_ibss_wext_join(struct cfg80
-
- for (i = 0; i < sband->n_channels; i++) {
- chan = &sband->channels[i];
-- if (chan->flags & IEEE80211_CHAN_NO_IBSS)
-+ if (chan->flags & IEEE80211_CHAN_NO_IR)
- continue;
- if (chan->flags & IEEE80211_CHAN_DISABLED)
- continue;
-@@ -345,7 +345,7 @@ int cfg80211_ibss_wext_siwfreq(struct ne
- chan = ieee80211_get_channel(wdev->wiphy, freq);
- if (!chan)
- return -EINVAL;
-- if (chan->flags & IEEE80211_CHAN_NO_IBSS ||
-+ if (chan->flags & IEEE80211_CHAN_NO_IR ||
- chan->flags & IEEE80211_CHAN_DISABLED)
- return -EINVAL;
- }
---- a/net/wireless/mesh.c
-+++ b/net/wireless/mesh.c
-@@ -141,8 +141,7 @@ int __cfg80211_join_mesh(struct cfg80211
-
- for (i = 0; i < sband->n_channels; i++) {
- chan = &sband->channels[i];
-- if (chan->flags & (IEEE80211_CHAN_NO_IBSS |
-- IEEE80211_CHAN_PASSIVE_SCAN |
-+ if (chan->flags & (IEEE80211_CHAN_NO_IR |
- IEEE80211_CHAN_DISABLED |
- IEEE80211_CHAN_RADAR))
- continue;
---- a/net/wireless/mlme.c
-+++ b/net/wireless/mlme.c
-@@ -763,12 +763,12 @@ void cfg80211_radar_event(struct wiphy *
- EXPORT_SYMBOL(cfg80211_radar_event);
-
- void cfg80211_cac_event(struct net_device *netdev,
-+ const struct cfg80211_chan_def *chandef,
- enum nl80211_radar_event event, gfp_t gfp)
- {
- struct wireless_dev *wdev = netdev->ieee80211_ptr;
- struct wiphy *wiphy = wdev->wiphy;
- struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
-- struct cfg80211_chan_def chandef;
- unsigned long timeout;
-
- trace_cfg80211_cac_event(netdev, event);
-@@ -779,14 +779,12 @@ void cfg80211_cac_event(struct net_devic
- if (WARN_ON(!wdev->channel))
- return;
-
-- cfg80211_chandef_create(&chandef, wdev->channel, NL80211_CHAN_NO_HT);
--
- switch (event) {
- case NL80211_RADAR_CAC_FINISHED:
- timeout = wdev->cac_start_time +
- msecs_to_jiffies(IEEE80211_DFS_MIN_CAC_TIME_MS);
- WARN_ON(!time_after_eq(jiffies, timeout));
-- cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_AVAILABLE);
-+ cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
- break;
- case NL80211_RADAR_CAC_ABORTED:
- break;
-@@ -796,6 +794,6 @@ void cfg80211_cac_event(struct net_devic
- }
- wdev->cac_started = false;
-
-- nl80211_radar_notify(rdev, &chandef, event, netdev, gfp);
-+ nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
- }
- EXPORT_SYMBOL(cfg80211_cac_event);
+ if (WARN_ON(rdev->sched_scan_req &&
+ rdev->sched_scan_req->dev == wdev->netdev)) {
+--- a/net/wireless/core.h
++++ b/net/wireless/core.h
+@@ -62,6 +62,7 @@ struct cfg80211_registered_device {
+ struct rb_root bss_tree;
+ u32 bss_generation;
+ struct cfg80211_scan_request *scan_req; /* protected by RTNL */
++ struct sk_buff *scan_msg;
+ struct cfg80211_sched_scan_request *sched_scan_req;
+ unsigned long suspend_at;
+ struct work_struct scan_done_wk;
+@@ -210,6 +211,7 @@ struct cfg80211_event {
+ } dc;
+ struct {
+ u8 bssid[ETH_ALEN];
++ struct ieee80211_channel *channel;
+ } ij;
+ };
+ };
+@@ -257,7 +259,8 @@ int __cfg80211_leave_ibss(struct cfg8021
+ struct net_device *dev, bool nowext);
+ int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
+ struct net_device *dev, bool nowext);
+-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid);
++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
++ struct ieee80211_channel *channel);
+ int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
+ struct wireless_dev *wdev);
+
+@@ -361,7 +364,8 @@ int cfg80211_validate_key_settings(struc
+ struct key_params *params, int key_idx,
+ bool pairwise, const u8 *mac_addr);
+ void __cfg80211_scan_done(struct work_struct *wk);
+-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev);
++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
++ bool send_message);
+ void __cfg80211_sched_scan_results(struct work_struct *wk);
+ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
+ bool driver_initiated);
+@@ -441,7 +445,8 @@ static inline unsigned int elapsed_jiffi
+ void
+ cfg80211_get_chan_state(struct wireless_dev *wdev,
+ struct ieee80211_channel **chan,
+- enum cfg80211_chan_mode *chanmode);
++ enum cfg80211_chan_mode *chanmode,
++ u8 *radar_detect);
+
+ int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
+ struct cfg80211_chan_def *chandef);
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -545,12 +545,12 @@ static int nl80211_msg_put_channel(struc
- if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
- nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
- goto nla_put_failure;
-- if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
-- nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
-- goto nla_put_failure;
-- if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
-- nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
-- goto nla_put_failure;
-+ if (chan->flags & IEEE80211_CHAN_NO_IR) {
-+ if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
-+ goto nla_put_failure;
-+ if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
-+ goto nla_put_failure;
-+ }
- if (chan->flags & IEEE80211_CHAN_RADAR) {
- if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
- goto nla_put_failure;
-@@ -1229,7 +1229,7 @@ static int nl80211_send_wiphy(struct cfg
- nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
- goto nla_put_failure;
- if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
-- nla_put_flag(msg, WIPHY_FLAG_SUPPORTS_5_10_MHZ))
-+ nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_10_MHZ))
- goto nla_put_failure;
-
- state->split_start++;
-@@ -2170,7 +2170,7 @@ static inline u64 wdev_id(struct wireles
- }
-
- static int nl80211_send_chandef(struct sk_buff *msg,
-- struct cfg80211_chan_def *chandef)
-+ const struct cfg80211_chan_def *chandef)
- {
- WARN_ON(!cfg80211_chandef_valid(chandef));
-
-@@ -5653,7 +5653,7 @@ static int nl80211_start_radar_detection
- if (err == 0)
- return -EINVAL;
-
-- if (chandef.chan->dfs_state != NL80211_DFS_USABLE)
-+ if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
- return -EINVAL;
-
- if (!rdev->ops->start_radar_detection)
-@@ -10882,7 +10882,7 @@ EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
-
- void
- nl80211_radar_notify(struct cfg80211_registered_device *rdev,
-- struct cfg80211_chan_def *chandef,
-+ const struct cfg80211_chan_def *chandef,
- enum nl80211_radar_event event,
- struct net_device *netdev, gfp_t gfp)
- {
---- a/net/wireless/nl80211.h
-+++ b/net/wireless/nl80211.h
-@@ -70,7 +70,7 @@ int nl80211_send_mgmt(struct cfg80211_re
-
- void
- nl80211_radar_notify(struct cfg80211_registered_device *rdev,
-- struct cfg80211_chan_def *chandef,
-+ const struct cfg80211_chan_def *chandef,
- enum nl80211_radar_event event,
- struct net_device *netdev, gfp_t gfp);
-
---- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
-@@ -163,35 +163,29 @@ static const struct ieee80211_regdomain
- REG_RULE(2412-10, 2462+10, 40, 6, 20, 0),
- /* IEEE 802.11b/g, channels 12..13. */
- REG_RULE(2467-10, 2472+10, 40, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
- /* IEEE 802.11 channel 14 - Only JP enables
- * this and for 802.11b only */
- REG_RULE(2484-10, 2484+10, 20, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_NO_OFDM),
- /* IEEE 802.11a, channel 36..48 */
- REG_RULE(5180-10, 5240+10, 160, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
-
- /* IEEE 802.11a, channel 52..64 - DFS required */
- REG_RULE(5260-10, 5320+10, 160, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_DFS),
-
- /* IEEE 802.11a, channel 100..144 - DFS required */
- REG_RULE(5500-10, 5720+10, 160, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS |
-+ NL80211_RRF_NO_IR |
- NL80211_RRF_DFS),
-
- /* IEEE 802.11a, channel 149..165 */
- REG_RULE(5745-10, 5825+10, 80, 6, 20,
-- NL80211_RRF_PASSIVE_SCAN |
-- NL80211_RRF_NO_IBSS),
-+ NL80211_RRF_NO_IR),
-
- /* IEEE 802.11ad (60gHz), channels 1..3 */
- REG_RULE(56160+2160*1-1080, 56160+2160*3+1080, 2160, 0, 0, 0),
-@@ -698,10 +692,8 @@ regdom_intersect(const struct ieee80211_
- static u32 map_regdom_flags(u32 rd_flags)
- {
- u32 channel_flags = 0;
-- if (rd_flags & NL80211_RRF_PASSIVE_SCAN)
-- channel_flags |= IEEE80211_CHAN_PASSIVE_SCAN;
-- if (rd_flags & NL80211_RRF_NO_IBSS)
-- channel_flags |= IEEE80211_CHAN_NO_IBSS;
-+ if (rd_flags & NL80211_RRF_NO_IR_ALL)
-+ channel_flags |= IEEE80211_CHAN_NO_IR;
- if (rd_flags & NL80211_RRF_DFS)
- channel_flags |= IEEE80211_CHAN_RADAR;
- if (rd_flags & NL80211_RRF_NO_OFDM)
-@@ -1066,13 +1058,8 @@ static void handle_reg_beacon(struct wip
- chan_before.center_freq = chan->center_freq;
- chan_before.flags = chan->flags;
-
-- if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) {
-- chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
-- channel_changed = true;
-- }
--
-- if (chan->flags & IEEE80211_CHAN_NO_IBSS) {
-- chan->flags &= ~IEEE80211_CHAN_NO_IBSS;
-+ if (chan->flags & IEEE80211_CHAN_NO_IR) {
-+ chan->flags &= ~IEEE80211_CHAN_NO_IR;
- channel_changed = true;
- }
-
---- /dev/null
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_wow.c
-@@ -0,0 +1,422 @@
-+/*
-+ * Copyright (c) 2012 Qualcomm Atheros, Inc.
-+ *
-+ * Permission to use, copy, modify, and/or distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+#include <linux/export.h>
-+#include "ath9k.h"
-+#include "reg.h"
-+#include "hw-ops.h"
-+
-+const char *ath9k_hw_wow_event_to_string(u32 wow_event)
-+{
-+ if (wow_event & AH_WOW_MAGIC_PATTERN_EN)
-+ return "Magic pattern";
-+ if (wow_event & AH_WOW_USER_PATTERN_EN)
-+ return "User pattern";
-+ if (wow_event & AH_WOW_LINK_CHANGE)
-+ return "Link change";
-+ if (wow_event & AH_WOW_BEACON_MISS)
-+ return "Beacon miss";
-+
-+ return "unknown reason";
-+}
-+EXPORT_SYMBOL(ath9k_hw_wow_event_to_string);
-+
-+static void ath9k_hw_set_powermode_wow_sleep(struct ath_hw *ah)
-+{
-+ struct ath_common *common = ath9k_hw_common(ah);
-+
-+ REG_SET_BIT(ah, AR_STA_ID1, AR_STA_ID1_PWR_SAV);
-+
-+ /* set rx disable bit */
-+ REG_WRITE(ah, AR_CR, AR_CR_RXD);
-+
-+ if (!ath9k_hw_wait(ah, AR_CR, AR_CR_RXE, 0, AH_WAIT_TIMEOUT)) {
-+ ath_err(common, "Failed to stop Rx DMA in 10ms AR_CR=0x%08x AR_DIAG_SW=0x%08x\n",
-+ REG_READ(ah, AR_CR), REG_READ(ah, AR_DIAG_SW));
-+ return;
-+ }
-+
-+ REG_WRITE(ah, AR_RTC_FORCE_WAKE, AR_RTC_FORCE_WAKE_ON_INT);
-+}
-+
-+static void ath9k_wow_create_keep_alive_pattern(struct ath_hw *ah)
-+{
-+ struct ath_common *common = ath9k_hw_common(ah);
-+ u8 sta_mac_addr[ETH_ALEN], ap_mac_addr[ETH_ALEN];
-+ u32 ctl[13] = {0};
-+ u32 data_word[KAL_NUM_DATA_WORDS];
-+ u8 i;
-+ u32 wow_ka_data_word0;
-+
-+ memcpy(sta_mac_addr, common->macaddr, ETH_ALEN);
-+ memcpy(ap_mac_addr, common->curbssid, ETH_ALEN);
-+
-+ /* set the transmit buffer */
-+ ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16));
-+ ctl[1] = 0;
-+ ctl[3] = 0xb; /* OFDM_6M hardware value for this rate */
-+ ctl[4] = 0;
-+ ctl[7] = (ah->txchainmask) << 2;
-+ ctl[2] = 0xf << 16; /* tx_tries 0 */
-+
-+ for (i = 0; i < KAL_NUM_DESC_WORDS; i++)
-+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
-+
-+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
-+
-+ data_word[0] = (KAL_FRAME_TYPE << 2) | (KAL_FRAME_SUB_TYPE << 4) |
-+ (KAL_TO_DS << 8) | (KAL_DURATION_ID << 16);
-+ data_word[1] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
-+ (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
-+ data_word[2] = (sta_mac_addr[1] << 24) | (sta_mac_addr[0] << 16) |
-+ (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
-+ data_word[3] = (sta_mac_addr[5] << 24) | (sta_mac_addr[4] << 16) |
-+ (sta_mac_addr[3] << 8) | (sta_mac_addr[2]);
-+ data_word[4] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
-+ (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
-+ data_word[5] = (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
-+
-+ if (AR_SREV_9462_20(ah)) {
-+ /* AR9462 2.0 has an extra descriptor word (time based
-+ * discard) compared to other chips */
-+ REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + (12 * 4)), 0);
-+ wow_ka_data_word0 = AR_WOW_TXBUF(13);
-+ } else {
-+ wow_ka_data_word0 = AR_WOW_TXBUF(12);
-+ }
-+
-+ for (i = 0; i < KAL_NUM_DATA_WORDS; i++)
-+ REG_WRITE(ah, (wow_ka_data_word0 + i*4), data_word[i]);
-+
-+}
-+
-+void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern,
-+ u8 *user_mask, int pattern_count,
-+ int pattern_len)
-+{
-+ int i;
-+ u32 pattern_val, mask_val;
-+ u32 set, clr;
-+
-+ /* FIXME: should check count by querying the hardware capability */
-+ if (pattern_count >= MAX_NUM_PATTERN)
-+ return;
-+
-+ REG_SET_BIT(ah, AR_WOW_PATTERN, BIT(pattern_count));
-+
-+ /* set the registers for pattern */
-+ for (i = 0; i < MAX_PATTERN_SIZE; i += 4) {
-+ memcpy(&pattern_val, user_pattern, 4);
-+ REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i),
-+ pattern_val);
-+ user_pattern += 4;
-+ }
-+
-+ /* set the registers for mask */
-+ for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) {
-+ memcpy(&mask_val, user_mask, 4);
-+ REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val);
-+ user_mask += 4;
-+ }
-+
-+ /* set the pattern length to be matched
-+ *
-+ * AR_WOW_LENGTH1_REG1
-+ * bit 31:24 pattern 0 length
-+ * bit 23:16 pattern 1 length
-+ * bit 15:8 pattern 2 length
-+ * bit 7:0 pattern 3 length
-+ *
-+ * AR_WOW_LENGTH1_REG2
-+ * bit 31:24 pattern 4 length
-+ * bit 23:16 pattern 5 length
-+ * bit 15:8 pattern 6 length
-+ * bit 7:0 pattern 7 length
-+ *
-+ * the below logic writes out the new
-+ * pattern length for the corresponding
-+ * pattern_count, while masking out the
-+ * other fields
-+ */
-+
-+ ah->wow_event_mask |= BIT(pattern_count + AR_WOW_PAT_FOUND_SHIFT);
-+
-+ if (pattern_count < 4) {
-+ /* Pattern 0-3 uses AR_WOW_LENGTH1 register */
-+ set = (pattern_len & AR_WOW_LENGTH_MAX) <<
-+ AR_WOW_LEN1_SHIFT(pattern_count);
-+ clr = AR_WOW_LENGTH1_MASK(pattern_count);
-+ REG_RMW(ah, AR_WOW_LENGTH1, set, clr);
-+ } else {
-+ /* Pattern 4-7 uses AR_WOW_LENGTH2 register */
-+ set = (pattern_len & AR_WOW_LENGTH_MAX) <<
-+ AR_WOW_LEN2_SHIFT(pattern_count);
-+ clr = AR_WOW_LENGTH2_MASK(pattern_count);
-+ REG_RMW(ah, AR_WOW_LENGTH2, set, clr);
-+ }
-+
-+}
-+EXPORT_SYMBOL(ath9k_hw_wow_apply_pattern);
-+
-+u32 ath9k_hw_wow_wakeup(struct ath_hw *ah)
-+{
-+ u32 wow_status = 0;
-+ u32 val = 0, rval;
-+
-+ /*
-+ * read the WoW status register to know
-+ * the wakeup reason
-+ */
-+ rval = REG_READ(ah, AR_WOW_PATTERN);
-+ val = AR_WOW_STATUS(rval);
-+
-+ /*
-+ * mask only the WoW events that we have enabled. Sometimes
-+ * we have spurious WoW events from the AR_WOW_PATTERN
-+ * register. This mask will clean it up.
-+ */
-+
-+ val &= ah->wow_event_mask;
-+
-+ if (val) {
-+ if (val & AR_WOW_MAGIC_PAT_FOUND)
-+ wow_status |= AH_WOW_MAGIC_PATTERN_EN;
-+ if (AR_WOW_PATTERN_FOUND(val))
-+ wow_status |= AH_WOW_USER_PATTERN_EN;
-+ if (val & AR_WOW_KEEP_ALIVE_FAIL)
-+ wow_status |= AH_WOW_LINK_CHANGE;
-+ if (val & AR_WOW_BEACON_FAIL)
-+ wow_status |= AH_WOW_BEACON_MISS;
-+ }
-+
-+ /*
-+ * set and clear WOW_PME_CLEAR registers for the chip to
-+ * generate next wow signal.
-+ * disable D3 before accessing other registers ?
-+ */
-+
-+ /* do we need to check the bit value 0x01000000 (7-10) ?? */
-+ REG_RMW(ah, AR_PCIE_PM_CTRL, AR_PMCTRL_WOW_PME_CLR,
-+ AR_PMCTRL_PWR_STATE_D1D3);
-+
-+ /*
-+ * clear all events
-+ */
-+ REG_WRITE(ah, AR_WOW_PATTERN,
-+ AR_WOW_CLEAR_EVENTS(REG_READ(ah, AR_WOW_PATTERN)));
-+
-+ /*
-+ * restore the beacon threshold to init value
-+ */
-+ REG_WRITE(ah, AR_RSSI_THR, INIT_RSSI_THR);
-+
-+ /*
-+ * Restore the way the PCI-E reset, Power-On-Reset, external
-+ * PCIE_POR_SHORT pins are tied to its original value.
-+ * Previously just before WoW sleep, we untie the PCI-E
-+ * reset to our Chip's Power On Reset so that any PCI-E
-+ * reset from the bus will not reset our chip
-+ */
-+ if (ah->is_pciexpress)
-+ ath9k_hw_configpcipowersave(ah, false);
-+
-+ ah->wow_event_mask = 0;
-+
-+ return wow_status;
-+}
-+EXPORT_SYMBOL(ath9k_hw_wow_wakeup);
-+
-+void ath9k_hw_wow_enable(struct ath_hw *ah, u32 pattern_enable)
-+{
-+ u32 wow_event_mask;
-+ u32 set, clr;
-+
-+ /*
-+ * wow_event_mask is a mask to the AR_WOW_PATTERN register to
-+ * indicate which WoW events we have enabled. The WoW events
-+ * are from the 'pattern_enable' in this function and
-+ * 'pattern_count' of ath9k_hw_wow_apply_pattern()
-+ */
-+ wow_event_mask = ah->wow_event_mask;
-+
-+ /*
-+ * Untie Power-on-Reset from the PCI-E-Reset. When we are in
-+ * WOW sleep, we do want the Reset from the PCI-E to disturb
-+ * our hw state
-+ */
-+ if (ah->is_pciexpress) {
-+ /*
-+ * we need to untie the internal POR (power-on-reset)
-+ * to the external PCI-E reset. We also need to tie
-+ * the PCI-E Phy reset to the PCI-E reset.
-+ */
-+ set = AR_WA_RESET_EN | AR_WA_POR_SHORT;
-+ clr = AR_WA_UNTIE_RESET_EN | AR_WA_D3_L1_DISABLE;
-+ REG_RMW(ah, AR_WA, set, clr);
-+ }
-+
-+ /*
-+ * set the power states appropriately and enable PME
-+ */
-+ set = AR_PMCTRL_HOST_PME_EN | AR_PMCTRL_PWR_PM_CTRL_ENA |
-+ AR_PMCTRL_AUX_PWR_DET | AR_PMCTRL_WOW_PME_CLR;
-+
-+ /*
-+ * set and clear WOW_PME_CLEAR registers for the chip
-+ * to generate next wow signal.
-+ */
-+ REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
-+ clr = AR_PMCTRL_WOW_PME_CLR;
-+ REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
-+
-+ /*
-+ * Setup for:
-+ * - beacon misses
-+ * - magic pattern
-+ * - keep alive timeout
-+ * - pattern matching
-+ */
-+
-+ /*
-+ * Program default values for pattern backoff, aifs/slot/KAL count,
-+ * beacon miss timeout, KAL timeout, etc.
-+ */
-+ set = AR_WOW_BACK_OFF_SHIFT(AR_WOW_PAT_BACKOFF);
-+ REG_SET_BIT(ah, AR_WOW_PATTERN, set);
-+
-+ set = AR_WOW_AIFS_CNT(AR_WOW_CNT_AIFS_CNT) |
-+ AR_WOW_SLOT_CNT(AR_WOW_CNT_SLOT_CNT) |
-+ AR_WOW_KEEP_ALIVE_CNT(AR_WOW_CNT_KA_CNT);
-+ REG_SET_BIT(ah, AR_WOW_COUNT, set);
-+
-+ if (pattern_enable & AH_WOW_BEACON_MISS)
-+ set = AR_WOW_BEACON_TIMO;
-+ /* We are not using beacon miss, program a large value */
-+ else
-+ set = AR_WOW_BEACON_TIMO_MAX;
-+
-+ REG_WRITE(ah, AR_WOW_BCN_TIMO, set);
-+
-+ /*
-+ * Keep alive timo in ms except AR9280
-+ */
-+ if (!pattern_enable)
-+ set = AR_WOW_KEEP_ALIVE_NEVER;
-+ else
-+ set = KAL_TIMEOUT * 32;
-+
-+ REG_WRITE(ah, AR_WOW_KEEP_ALIVE_TIMO, set);
-+
-+ /*
-+ * Keep alive delay in us. based on 'power on clock',
-+ * therefore in usec
-+ */
-+ set = KAL_DELAY * 1000;
-+ REG_WRITE(ah, AR_WOW_KEEP_ALIVE_DELAY, set);
-+
-+ /*
-+ * Create keep alive pattern to respond to beacons
-+ */
-+ ath9k_wow_create_keep_alive_pattern(ah);
-+
-+ /*
-+ * Configure MAC WoW Registers
-+ */
-+ set = 0;
-+ /* Send keep alive timeouts anyway */
-+ clr = AR_WOW_KEEP_ALIVE_AUTO_DIS;
-+
-+ if (pattern_enable & AH_WOW_LINK_CHANGE)
-+ wow_event_mask |= AR_WOW_KEEP_ALIVE_FAIL;
-+ else
-+ set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
-+
-+ set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
-+ REG_RMW(ah, AR_WOW_KEEP_ALIVE, set, clr);
-+
-+ /*
-+ * we are relying on a bmiss failure. ensure we have
-+ * enough threshold to prevent false positives
-+ */
-+ REG_RMW_FIELD(ah, AR_RSSI_THR, AR_RSSI_THR_BM_THR,
-+ AR_WOW_BMISSTHRESHOLD);
-+
-+ set = 0;
-+ clr = 0;
-+
-+ if (pattern_enable & AH_WOW_BEACON_MISS) {
-+ set = AR_WOW_BEACON_FAIL_EN;
-+ wow_event_mask |= AR_WOW_BEACON_FAIL;
-+ } else {
-+ clr = AR_WOW_BEACON_FAIL_EN;
-+ }
-+
-+ REG_RMW(ah, AR_WOW_BCN_EN, set, clr);
-+
-+ set = 0;
-+ clr = 0;
-+ /*
-+ * Enable the magic packet registers
-+ */
-+ if (pattern_enable & AH_WOW_MAGIC_PATTERN_EN) {
-+ set = AR_WOW_MAGIC_EN;
-+ wow_event_mask |= AR_WOW_MAGIC_PAT_FOUND;
-+ } else {
-+ clr = AR_WOW_MAGIC_EN;
-+ }
-+ set |= AR_WOW_MAC_INTR_EN;
-+ REG_RMW(ah, AR_WOW_PATTERN, set, clr);
-+
-+ REG_WRITE(ah, AR_WOW_PATTERN_MATCH_LT_256B,
-+ AR_WOW_PATTERN_SUPPORTED);
-+
-+ /*
-+ * Set the power states appropriately and enable PME
-+ */
-+ clr = 0;
-+ set = AR_PMCTRL_PWR_STATE_D1D3 | AR_PMCTRL_HOST_PME_EN |
-+ AR_PMCTRL_PWR_PM_CTRL_ENA;
-+
-+ clr = AR_PCIE_PM_CTRL_ENA;
-+ REG_RMW(ah, AR_PCIE_PM_CTRL, set, clr);
-+
-+ /*
-+ * this is needed to prevent the chip waking up
-+ * the host within 3-4 seconds with certain
-+ * platform/BIOS. The fix is to enable
-+ * D1 & D3 to match original definition and
-+ * also match the OTP value. Anyway this
-+ * is more related to SW WOW.
-+ */
-+ clr = AR_PMCTRL_PWR_STATE_D1D3;
-+ REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
-+
-+ set = AR_PMCTRL_PWR_STATE_D1D3_REAL;
-+ REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
-+
-+ REG_CLR_BIT(ah, AR_STA_ID1, AR_STA_ID1_PRESERVE_SEQNUM);
-+
-+ /* to bring down WOW power low margin */
-+ set = BIT(13);
-+ REG_SET_BIT(ah, AR_PCIE_PHY_REG3, set);
-+ /* HW WoW */
-+ clr = BIT(5);
-+ REG_CLR_BIT(ah, AR_PCU_MISC_MODE3, clr);
-+
-+ ath9k_hw_set_powermode_wow_sleep(ah);
-+ ah->wow_event_mask = wow_event_mask;
-+}
-+EXPORT_SYMBOL(ath9k_hw_wow_enable);
---- /dev/null
-+++ b/drivers/net/wireless/ath/ath9k/tx99.c
-@@ -0,0 +1,263 @@
-+/*
-+ * Copyright (c) 2013 Qualcomm Atheros, Inc.
-+ *
-+ * Permission to use, copy, modify, and/or distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+#include "ath9k.h"
-+
-+static void ath9k_tx99_stop(struct ath_softc *sc)
-+{
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+
-+ ath_drain_all_txq(sc);
-+ ath_startrecv(sc);
-+
-+ ath9k_hw_set_interrupts(ah);
-+ ath9k_hw_enable_interrupts(ah);
-+
-+ ieee80211_wake_queues(sc->hw);
-+
-+ kfree_skb(sc->tx99_skb);
-+ sc->tx99_skb = NULL;
-+ sc->tx99_state = false;
-+
-+ ath9k_hw_tx99_stop(sc->sc_ah);
-+ ath_dbg(common, XMIT, "TX99 stopped\n");
-+}
-+
-+static struct sk_buff *ath9k_build_tx99_skb(struct ath_softc *sc)
-+{
-+ static u8 PN9Data[] = {0xff, 0x87, 0xb8, 0x59, 0xb7, 0xa1, 0xcc, 0x24,
-+ 0x57, 0x5e, 0x4b, 0x9c, 0x0e, 0xe9, 0xea, 0x50,
-+ 0x2a, 0xbe, 0xb4, 0x1b, 0xb6, 0xb0, 0x5d, 0xf1,
-+ 0xe6, 0x9a, 0xe3, 0x45, 0xfd, 0x2c, 0x53, 0x18,
-+ 0x0c, 0xca, 0xc9, 0xfb, 0x49, 0x37, 0xe5, 0xa8,
-+ 0x51, 0x3b, 0x2f, 0x61, 0xaa, 0x72, 0x18, 0x84,
-+ 0x02, 0x23, 0x23, 0xab, 0x63, 0x89, 0x51, 0xb3,
-+ 0xe7, 0x8b, 0x72, 0x90, 0x4c, 0xe8, 0xfb, 0xc0};
-+ u32 len = 1200;
-+ struct ieee80211_hw *hw = sc->hw;
-+ struct ieee80211_hdr *hdr;
-+ struct ieee80211_tx_info *tx_info;
-+ struct sk_buff *skb;
-+
-+ skb = alloc_skb(len, GFP_KERNEL);
-+ if (!skb)
-+ return NULL;
-+
-+ skb_put(skb, len);
-+
-+ memset(skb->data, 0, len);
-+
-+ hdr = (struct ieee80211_hdr *)skb->data;
-+ hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA);
-+ hdr->duration_id = 0;
-+
-+ memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
-+ memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
-+ memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
-+
-+ hdr->seq_ctrl |= cpu_to_le16(sc->tx.seq_no);
-+
-+ tx_info = IEEE80211_SKB_CB(skb);
-+ memset(tx_info, 0, sizeof(*tx_info));
-+ tx_info->band = hw->conf.chandef.chan->band;
-+ tx_info->flags = IEEE80211_TX_CTL_NO_ACK;
-+ tx_info->control.vif = sc->tx99_vif;
-+
-+ memcpy(skb->data + sizeof(*hdr), PN9Data, sizeof(PN9Data));
-+
-+ return skb;
-+}
-+
-+static void ath9k_tx99_deinit(struct ath_softc *sc)
-+{
-+ ath_reset(sc);
-+
-+ ath9k_ps_wakeup(sc);
-+ ath9k_tx99_stop(sc);
-+ ath9k_ps_restore(sc);
-+}
-+
-+static int ath9k_tx99_init(struct ath_softc *sc)
-+{
-+ struct ieee80211_hw *hw = sc->hw;
-+ struct ath_hw *ah = sc->sc_ah;
-+ struct ath_common *common = ath9k_hw_common(ah);
-+ struct ath_tx_control txctl;
-+ int r;
-+
-+ if (test_bit(SC_OP_INVALID, &sc->sc_flags)) {
-+ ath_err(common,
-+ "driver is in invalid state unable to use TX99");
-+ return -EINVAL;
-+ }
-+
-+ sc->tx99_skb = ath9k_build_tx99_skb(sc);
-+ if (!sc->tx99_skb)
-+ return -ENOMEM;
-+
-+ memset(&txctl, 0, sizeof(txctl));
-+ txctl.txq = sc->tx.txq_map[IEEE80211_AC_VO];
-+
-+ ath_reset(sc);
-+
-+ ath9k_ps_wakeup(sc);
-+
-+ ath9k_hw_disable_interrupts(ah);
-+ atomic_set(&ah->intr_ref_cnt, -1);
-+ ath_drain_all_txq(sc);
-+ ath_stoprecv(sc);
-+
-+ sc->tx99_state = true;
-+
-+ ieee80211_stop_queues(hw);
-+
-+ if (sc->tx99_power == MAX_RATE_POWER + 1)
-+ sc->tx99_power = MAX_RATE_POWER;
-+
-+ ath9k_hw_tx99_set_txpower(ah, sc->tx99_power);
-+ r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl);
-+ if (r) {
-+ ath_dbg(common, XMIT, "Failed to xmit TX99 skb\n");
-+ return r;
-+ }
-+
-+ ath_dbg(common, XMIT, "TX99 xmit started using %d ( %ddBm)\n",
-+ sc->tx99_power,
-+ sc->tx99_power / 2);
-+
-+ /* We leave the harware awake as it will be chugging on */
-+
-+ return 0;
-+}
-+
-+static ssize_t read_file_tx99(struct file *file, char __user *user_buf,
-+ size_t count, loff_t *ppos)
-+{
-+ struct ath_softc *sc = file->private_data;
-+ char buf[3];
-+ unsigned int len;
-+
-+ len = sprintf(buf, "%d\n", sc->tx99_state);
-+ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
-+}
-+
-+static ssize_t write_file_tx99(struct file *file, const char __user *user_buf,
-+ size_t count, loff_t *ppos)
-+{
-+ struct ath_softc *sc = file->private_data;
-+ struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-+ char buf[32];
-+ bool start;
-+ ssize_t len;
-+ int r;
-+
-+ if (sc->nvifs > 1)
-+ return -EOPNOTSUPP;
-+
-+ len = min(count, sizeof(buf) - 1);
-+ if (copy_from_user(buf, user_buf, len))
-+ return -EFAULT;
-+
-+ if (strtobool(buf, &start))
-+ return -EINVAL;
-+
-+ if (start == sc->tx99_state) {
-+ if (!start)
-+ return count;
-+ ath_dbg(common, XMIT, "Resetting TX99\n");
-+ ath9k_tx99_deinit(sc);
-+ }
-+
-+ if (!start) {
-+ ath9k_tx99_deinit(sc);
-+ return count;
+@@ -1723,9 +1723,10 @@ static int nl80211_dump_wiphy(struct sk_
+ * We can then retry with the larger buffer.
+ */
+ if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
+- !skb->len &&
++ !skb->len && !state->split &&
+ cb->min_dump_alloc < 4096) {
+ cb->min_dump_alloc = 4096;
++ state->split_start = 0;
+ rtnl_unlock();
+ return 1;
+ }
+@@ -2047,10 +2048,12 @@ static int nl80211_set_wiphy(struct sk_b
+ nla_for_each_nested(nl_txq_params,
+ info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
+ rem_txq_params) {
+- nla_parse(tb, NL80211_TXQ_ATTR_MAX,
+- nla_data(nl_txq_params),
+- nla_len(nl_txq_params),
+- txq_params_policy);
++ result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
++ nla_data(nl_txq_params),
++ nla_len(nl_txq_params),
++ txq_params_policy);
++ if (result)
++ goto bad_res;
+ result = parse_txq_params(tb, &txq_params);
+ if (result)
+ goto bad_res;
+@@ -3289,7 +3292,7 @@ static int nl80211_start_ap(struct sk_bu
+ if (!err) {
+ wdev->preset_chandef = params.chandef;
+ wdev->beacon_interval = params.beacon_interval;
+- wdev->channel = params.chandef.chan;
++ wdev->chandef = params.chandef;
+ wdev->ssid_len = params.ssid_len;
+ memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
+ }
+@@ -5210,9 +5213,11 @@ static int nl80211_set_reg(struct sk_buf
+
+ nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
+ rem_reg_rules) {
+- nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
+- nla_data(nl_reg_rule), nla_len(nl_reg_rule),
+- reg_rule_policy);
++ r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
++ nla_data(nl_reg_rule), nla_len(nl_reg_rule),
++ reg_rule_policy);
++ if (r)
++ goto bad_reg;
+ r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
+ if (r)
+ goto bad_reg;
+@@ -5277,7 +5282,7 @@ static int nl80211_trigger_scan(struct s
+ if (!rdev->ops->scan)
+ return -EOPNOTSUPP;
+
+- if (rdev->scan_req) {
++ if (rdev->scan_req || rdev->scan_msg) {
+ err = -EBUSY;
+ goto unlock;
+ }
+@@ -5475,6 +5480,7 @@ static int nl80211_start_sched_scan(stru
+ enum ieee80211_band band;
+ size_t ie_len;
+ struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
++ s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
+
+ if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
+ !rdev->ops->sched_scan_start)
+@@ -5509,11 +5515,40 @@ static int nl80211_start_sched_scan(stru
+ if (n_ssids > wiphy->max_sched_scan_ssids)
+ return -EINVAL;
+
+- if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
++ /*
++ * First, count the number of 'real' matchsets. Due to an issue with
++ * the old implementation, matchsets containing only the RSSI attribute
++ * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
++ * RSSI for all matchsets, rather than their own matchset for reporting
++ * all APs with a strong RSSI. This is needed to be compatible with
++ * older userspace that treated a matchset with only the RSSI as the
++ * global RSSI for all other matchsets - if there are other matchsets.
++ */
++ if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
+ nla_for_each_nested(attr,
+ info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
+- tmp)
+- n_match_sets++;
++ tmp) {
++ struct nlattr *rssi;
++
++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
++ nla_data(attr), nla_len(attr),
++ nl80211_match_policy);
++ if (err)
++ return err;
++ /* add other standalone attributes here */
++ if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
++ n_match_sets++;
++ continue;
++ }
++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
++ if (rssi)
++ default_match_rssi = nla_get_s32(rssi);
++ }
+ }
+
-+ r = ath9k_tx99_init(sc);
-+ if (r)
-+ return r;
-+
-+ return count;
-+}
-+
-+static const struct file_operations fops_tx99 = {
-+ .read = read_file_tx99,
-+ .write = write_file_tx99,
-+ .open = simple_open,
-+ .owner = THIS_MODULE,
-+ .llseek = default_llseek,
-+};
-+
-+static ssize_t read_file_tx99_power(struct file *file,
-+ char __user *user_buf,
-+ size_t count, loff_t *ppos)
-+{
-+ struct ath_softc *sc = file->private_data;
-+ char buf[32];
-+ unsigned int len;
-+
-+ len = sprintf(buf, "%d (%d dBm)\n",
-+ sc->tx99_power,
-+ sc->tx99_power / 2);
++ /* However, if there's no other matchset, add the RSSI one */
++ if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
++ n_match_sets = 1;
+
+ if (n_match_sets > wiphy->max_match_sets)
+ return -EINVAL;
+@@ -5634,11 +5669,22 @@ static int nl80211_start_sched_scan(stru
+ tmp) {
+ struct nlattr *ssid, *rssi;
+
+- nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
+- nla_data(attr), nla_len(attr),
+- nl80211_match_policy);
++ err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
++ nla_data(attr), nla_len(attr),
++ nl80211_match_policy);
++ if (err)
++ goto out_free;
+ ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
+ if (ssid) {
++ if (WARN_ON(i >= n_match_sets)) {
++ /* this indicates a programming error,
++ * the loop above should have verified
++ * things properly
++ */
++ err = -EINVAL;
++ goto out_free;
++ }
++
+ if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
+ err = -EINVAL;
+ goto out_free;
+@@ -5647,15 +5693,28 @@ static int nl80211_start_sched_scan(stru
+ nla_data(ssid), nla_len(ssid));
+ request->match_sets[i].ssid.ssid_len =
+ nla_len(ssid);
++ /* special attribute - old implemenation w/a */
++ request->match_sets[i].rssi_thold =
++ default_match_rssi;
++ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
++ if (rssi)
++ request->match_sets[i].rssi_thold =
++ nla_get_s32(rssi);
+ }
+- rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
+- if (rssi)
+- request->rssi_thold = nla_get_u32(rssi);
+- else
+- request->rssi_thold =
+- NL80211_SCAN_RSSI_THOLD_OFF;
+ i++;
+ }
+
-+ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
-+}
++ /* there was no other matchset, so the RSSI one is alone */
++ if (i == 0)
++ request->match_sets[0].rssi_thold = default_match_rssi;
+
-+static ssize_t write_file_tx99_power(struct file *file,
-+ const char __user *user_buf,
-+ size_t count, loff_t *ppos)
++ request->min_rssi_thold = INT_MAX;
++ for (i = 0; i < n_match_sets; i++)
++ request->min_rssi_thold =
++ min(request->match_sets[i].rssi_thold,
++ request->min_rssi_thold);
++ } else {
++ request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
+ }
+
+ if (info->attrs[NL80211_ATTR_IE]) {
+@@ -5751,7 +5810,7 @@ static int nl80211_start_radar_detection
+
+ err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
+ if (!err) {
+- wdev->channel = chandef.chan;
++ wdev->chandef = chandef;
+ wdev->cac_started = true;
+ wdev->cac_start_time = jiffies;
+ }
+@@ -7502,16 +7561,19 @@ static int nl80211_set_tx_bitrate_mask(s
+ * directly to the enum ieee80211_band values used in cfg80211.
+ */
+ BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
+- nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
+- {
++ nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
+ enum ieee80211_band band = nla_type(tx_rates);
++ int err;
++
+ if (band < 0 || band >= IEEE80211_NUM_BANDS)
+ return -EINVAL;
+ sband = rdev->wiphy.bands[band];
+ if (sband == NULL)
+ return -EINVAL;
+- nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
+- nla_len(tx_rates), nl80211_txattr_policy);
++ err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
++ nla_len(tx_rates), nl80211_txattr_policy);
++ if (err)
++ return err;
+ if (tb[NL80211_TXRATE_LEGACY]) {
+ mask.control[band].legacy = rateset_to_mask(
+ sband,
+@@ -10054,40 +10116,31 @@ void nl80211_send_scan_start(struct cfg8
+ NL80211_MCGRP_SCAN, GFP_KERNEL);
+ }
+
+-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev)
++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
++ struct wireless_dev *wdev, bool aborted)
+ {
+ struct sk_buff *msg;
+
+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!msg)
+- return;
++ return NULL;
+
+ if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
+- NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
++ aborted ? NL80211_CMD_SCAN_ABORTED :
++ NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
+ nlmsg_free(msg);
+- return;
++ return NULL;
+ }
+
+- genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
+- NL80211_MCGRP_SCAN, GFP_KERNEL);
++ return msg;
+ }
+
+-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev)
++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
++ struct sk_buff *msg)
+ {
+- struct sk_buff *msg;
+-
+- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!msg)
+ return;
+
+- if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
+- NL80211_CMD_SCAN_ABORTED) < 0) {
+- nlmsg_free(msg);
+- return;
+- }
+-
+ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
+ NL80211_MCGRP_SCAN, GFP_KERNEL);
+ }
+@@ -11158,7 +11211,8 @@ void cfg80211_ch_switch_notify(struct ne
+ wdev->iftype != NL80211_IFTYPE_MESH_POINT))
+ return;
+
+- wdev->channel = chandef->chan;
++ wdev->chandef = *chandef;
++ wdev->preset_chandef = *chandef;
+ nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
+ }
+ EXPORT_SYMBOL(cfg80211_ch_switch_notify);
+@@ -11673,6 +11727,35 @@ void cfg80211_crit_proto_stopped(struct
+ }
+ EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
+
++void nl80211_send_ap_stopped(struct wireless_dev *wdev)
+{
-+ struct ath_softc *sc = file->private_data;
-+ int r;
-+ u8 tx_power;
++ struct wiphy *wiphy = wdev->wiphy;
++ struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
++ struct sk_buff *msg;
++ void *hdr;
+
-+ r = kstrtou8_from_user(user_buf, count, 0, &tx_power);
-+ if (r)
-+ return r;
++ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
++ if (!msg)
++ return;
+
-+ if (tx_power > MAX_RATE_POWER)
-+ return -EINVAL;
++ hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
++ if (!hdr)
++ goto out;
+
-+ sc->tx99_power = tx_power;
++ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
++ nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
++ nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
++ goto out;
+
-+ ath9k_ps_wakeup(sc);
-+ ath9k_hw_tx99_set_txpower(sc->sc_ah, sc->tx99_power);
-+ ath9k_ps_restore(sc);
++ genlmsg_end(msg, hdr);
+
-+ return count;
++ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
++ NL80211_MCGRP_MLME, GFP_KERNEL);
++ return;
++ out:
++ nlmsg_free(msg);
+}
+
-+static const struct file_operations fops_tx99_power = {
-+ .read = read_file_tx99_power,
-+ .write = write_file_tx99_power,
-+ .open = simple_open,
-+ .owner = THIS_MODULE,
-+ .llseek = default_llseek,
-+};
+ /* initialisation/exit functions */
+
+ int nl80211_init(void)
+--- a/net/wireless/nl80211.h
++++ b/net/wireless/nl80211.h
+@@ -8,10 +8,10 @@ void nl80211_exit(void);
+ void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
+ void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
+ struct wireless_dev *wdev);
+-void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev);
+-void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
+- struct wireless_dev *wdev);
++struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
++ struct wireless_dev *wdev, bool aborted);
++void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
++ struct sk_buff *msg);
+ void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
+ struct net_device *netdev, u32 cmd);
+ void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
+@@ -74,6 +74,8 @@ nl80211_radar_notify(struct cfg80211_reg
+ enum nl80211_radar_event event,
+ struct net_device *netdev, gfp_t gfp);
+
++void nl80211_send_ap_stopped(struct wireless_dev *wdev);
+
-+void ath9k_tx99_init_debug(struct ath_softc *sc)
-+{
-+ if (!AR_SREV_9300_20_OR_LATER(sc->sc_ah))
+ void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev);
+
+ #endif /* __NET_WIRELESS_NL80211_H */
+--- a/net/wireless/scan.c
++++ b/net/wireless/scan.c
+@@ -161,18 +161,25 @@ static void __cfg80211_bss_expire(struct
+ dev->bss_generation++;
+ }
+
+-void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev)
++void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
++ bool send_message)
+ {
+ struct cfg80211_scan_request *request;
+ struct wireless_dev *wdev;
++ struct sk_buff *msg;
+ #ifdef CPTCFG_CFG80211_WEXT
+ union iwreq_data wrqu;
+ #endif
+
+ ASSERT_RTNL();
+
+- request = rdev->scan_req;
++ if (rdev->scan_msg) {
++ nl80211_send_scan_result(rdev, rdev->scan_msg);
++ rdev->scan_msg = NULL;
+ return;
-+
-+ debugfs_create_file("tx99", S_IRUSR | S_IWUSR,
-+ sc->debug.debugfs_phy, sc,
-+ &fops_tx99);
-+ debugfs_create_file("tx99_power", S_IRUSR | S_IWUSR,
-+ sc->debug.debugfs_phy, sc,
-+ &fops_tx99_power);
-+}
---- a/drivers/net/wireless/ath/ath9k/dfs_debug.c
-+++ b/drivers/net/wireless/ath/ath9k/dfs_debug.c
-@@ -44,14 +44,20 @@ static ssize_t read_file_dfs(struct file
- if (buf == NULL)
- return -ENOMEM;
-
-- if (sc->dfs_detector)
-- dfs_pool_stats = sc->dfs_detector->get_stats(sc->dfs_detector);
--
- len += scnprintf(buf + len, size - len, "DFS support for "
- "macVersion = 0x%x, macRev = 0x%x: %s\n",
- hw_ver->macVersion, hw_ver->macRev,
- (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_DFS) ?
- "enabled" : "disabled");
-+
-+ if (!sc->dfs_detector) {
-+ len += scnprintf(buf + len, size - len,
-+ "DFS detector not enabled\n");
-+ goto exit;
+ }
-+
-+ dfs_pool_stats = sc->dfs_detector->get_stats(sc->dfs_detector);
-+
- len += scnprintf(buf + len, size - len, "Pulse detector statistics:\n");
- ATH9K_DFS_STAT("pulse events reported ", pulses_total);
- ATH9K_DFS_STAT("invalid pulse events ", pulses_no_dfs);
-@@ -76,6 +82,7 @@ static ssize_t read_file_dfs(struct file
- ATH9K_DFS_POOL_STAT("Seqs. alloc error ", pseq_alloc_error);
- ATH9K_DFS_POOL_STAT("Seqs. in use ", pseq_used);
-
-+exit:
- if (len > size)
- len = size;
-
---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
-@@ -641,11 +641,12 @@ static void ar9003_hw_override_ini(struc
- else
- ah->enabled_cals &= ~TX_IQ_CAL;
-- if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE)
-- ah->enabled_cals |= TX_CL_CAL;
-- else
-- ah->enabled_cals &= ~TX_CL_CAL;
++ request = rdev->scan_req;
+ if (!request)
+ return;
+
+@@ -186,18 +193,16 @@ void ___cfg80211_scan_done(struct cfg802
+ if (wdev->netdev)
+ cfg80211_sme_scan_done(wdev->netdev);
+
+- if (request->aborted) {
+- nl80211_send_scan_aborted(rdev, wdev);
+- } else {
+- if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
+- /* flush entries from previous scans */
+- spin_lock_bh(&rdev->bss_lock);
+- __cfg80211_bss_expire(rdev, request->scan_start);
+- spin_unlock_bh(&rdev->bss_lock);
+- }
+- nl80211_send_scan_done(rdev, wdev);
++ if (!request->aborted &&
++ request->flags & NL80211_SCAN_FLAG_FLUSH) {
++ /* flush entries from previous scans */
++ spin_lock_bh(&rdev->bss_lock);
++ __cfg80211_bss_expire(rdev, request->scan_start);
++ spin_unlock_bh(&rdev->bss_lock);
}
+
++ msg = nl80211_build_scan_msg(rdev, wdev, request->aborted);
++
+ #ifdef CPTCFG_CFG80211_WEXT
+ if (wdev->netdev && !request->aborted) {
+ memset(&wrqu, 0, sizeof(wrqu));
+@@ -211,6 +216,11 @@ void ___cfg80211_scan_done(struct cfg802
+
+ rdev->scan_req = NULL;
+ kfree(request);
+
-+ if (REG_READ(ah, AR_PHY_CL_CAL_CTL) & AR_PHY_CL_CAL_ENABLE)
-+ ah->enabled_cals |= TX_CL_CAL;
++ if (!send_message)
++ rdev->scan_msg = msg;
+ else
-+ ah->enabled_cals &= ~TX_CL_CAL;
++ nl80211_send_scan_result(rdev, msg);
}
- static void ar9003_hw_prog_ini(struct ath_hw *ah,
-@@ -701,6 +702,54 @@ static int ar9550_hw_get_modes_txgain_in
- return ret;
+ void __cfg80211_scan_done(struct work_struct *wk)
+@@ -221,7 +231,7 @@ void __cfg80211_scan_done(struct work_st
+ scan_done_wk);
+
+ rtnl_lock();
+- ___cfg80211_scan_done(rdev);
++ ___cfg80211_scan_done(rdev, true);
+ rtnl_unlock();
}
-+static void ar9003_doubler_fix(struct ath_hw *ah)
-+{
-+ if (AR_SREV_9300(ah) || AR_SREV_9580(ah) || AR_SREV_9550(ah)) {
-+ REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
-+ REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
-+ REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
-+
-+ udelay(200);
-+
-+ REG_CLR_BIT(ah, AR_PHY_65NM_CH0_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
-+ REG_CLR_BIT(ah, AR_PHY_65NM_CH1_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
-+ REG_CLR_BIT(ah, AR_PHY_65NM_CH2_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
-+
-+ udelay(1);
+@@ -1079,7 +1089,7 @@ int cfg80211_wext_siwscan(struct net_dev
+ if (IS_ERR(rdev))
+ return PTR_ERR(rdev);
+
+- if (rdev->scan_req) {
++ if (rdev->scan_req || rdev->scan_msg) {
+ err = -EBUSY;
+ goto out;
+ }
+@@ -1481,7 +1491,7 @@ int cfg80211_wext_giwscan(struct net_dev
+ if (IS_ERR(rdev))
+ return PTR_ERR(rdev);
+
+- if (rdev->scan_req)
++ if (rdev->scan_req || rdev->scan_msg)
+ return -EAGAIN;
+
+ res = ieee80211_scan_results(rdev, info, extra, data->length);
+--- a/net/wireless/sme.c
++++ b/net/wireless/sme.c
+@@ -67,7 +67,7 @@ static int cfg80211_conn_scan(struct wir
+ ASSERT_RDEV_LOCK(rdev);
+ ASSERT_WDEV_LOCK(wdev);
+
+- if (rdev->scan_req)
++ if (rdev->scan_req || rdev->scan_msg)
+ return -EBUSY;
+
+ if (wdev->conn->params.channel)
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -1001,7 +1001,6 @@ ieee80211_sta_process_chanswitch(struct
+ }
+
+ ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
+- sdata->vif.csa_active = true;
+
+ mutex_lock(&local->chanctx_mtx);
+ if (local->use_chanctx) {
+@@ -1039,6 +1038,7 @@ ieee80211_sta_process_chanswitch(struct
+ mutex_unlock(&local->chanctx_mtx);
+
+ sdata->csa_chandef = csa_ie.chandef;
++ sdata->vif.csa_active = true;
+
+ if (csa_ie.mode)
+ ieee80211_stop_queues_by_reason(&local->hw,
+--- a/net/mac80211/chan.c
++++ b/net/mac80211/chan.c
+@@ -196,6 +196,8 @@ static bool ieee80211_is_radar_required(
+ {
+ struct ieee80211_sub_if_data *sdata;
+
++ lockdep_assert_held(&local->mtx);
+
-+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
-+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH1_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
-+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH2_RXTX2,
-+ AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
+ rcu_read_lock();
+ list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+ if (sdata->radar_required) {
+--- a/net/mac80211/ibss.c
++++ b/net/mac80211/ibss.c
+@@ -294,7 +294,6 @@ static void __ieee80211_sta_join_ibss(st
+ }
+
+ mutex_lock(&local->mtx);
+- ieee80211_vif_release_channel(sdata);
+ if (ieee80211_vif_use_channel(sdata, &chandef,
+ ifibss->fixed_channel ?
+ IEEE80211_CHANCTX_SHARED :
+@@ -303,6 +302,7 @@ static void __ieee80211_sta_join_ibss(st
+ mutex_unlock(&local->mtx);
+ return;
+ }
++ sdata->radar_required = radar_required;
+ mutex_unlock(&local->mtx);
+
+ memcpy(ifibss->bssid, bssid, ETH_ALEN);
+@@ -318,7 +318,6 @@ static void __ieee80211_sta_join_ibss(st
+ rcu_assign_pointer(ifibss->presp, presp);
+ mgmt = (void *)presp->head;
+
+- sdata->radar_required = radar_required;
+ sdata->vif.bss_conf.enable_beacon = true;
+ sdata->vif.bss_conf.beacon_int = beacon_int;
+ sdata->vif.bss_conf.basic_rates = basic_rates;
+@@ -386,7 +385,7 @@ static void __ieee80211_sta_join_ibss(st
+ presp->head_len, 0, GFP_KERNEL);
+ cfg80211_put_bss(local->hw.wiphy, bss);
+ netif_carrier_on(sdata->dev);
+- cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL);
++ cfg80211_ibss_joined(sdata->dev, ifibss->bssid, chan, GFP_KERNEL);
+ }
+
+ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
+@@ -802,6 +801,8 @@ ieee80211_ibss_process_chanswitch(struct
+ int err;
+ u32 sta_flags;
+
++ sdata_assert_lock(sdata);
+
-+ udelay(200);
+ sta_flags = IEEE80211_STA_DISABLE_VHT;
+ switch (ifibss->chandef.width) {
+ case NL80211_CHAN_WIDTH_5:
+@@ -1471,6 +1472,11 @@ static void ieee80211_rx_mgmt_probe_req(
+ memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN);
+ ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa);
+ IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
+
-+ REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_SYNTH12,
-+ AR_PHY_65NM_CH0_SYNTH12_VREFMUL3, 0xf);
++ /* avoid excessive retries for probe request to wildcard SSIDs */
++ if (pos[1] == 0)
++ IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_NO_ACK;
+
-+ REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2, 0,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
-+ REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2, 0,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
-+ REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2, 0,
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
-+ 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
-+ }
-+}
+ ieee80211_tx_skb(sdata, skb);
+ }
+
+--- a/net/mac80211/mesh.c
++++ b/net/mac80211/mesh.c
+@@ -872,6 +872,8 @@ ieee80211_mesh_process_chnswitch(struct
+ if (!ifmsh->mesh_id)
+ return false;
+
++ sdata_assert_lock(sdata);
+
- static int ar9003_hw_process_ini(struct ath_hw *ah,
- struct ath9k_channel *chan)
+ sta_flags = IEEE80211_STA_DISABLE_VHT;
+ switch (sdata->vif.bss_conf.chandef.width) {
+ case NL80211_CHAN_WIDTH_20_NOHT:
+--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+@@ -4658,6 +4658,7 @@ brcmf_notify_connect_status(struct brcmf
+ struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
+ struct net_device *ndev = ifp->ndev;
+ struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
++ struct ieee80211_channel *chan;
+ s32 err = 0;
+
+ if (ifp->vif->mode == WL_MODE_AP) {
+@@ -4665,9 +4666,10 @@ brcmf_notify_connect_status(struct brcmf
+ } else if (brcmf_is_linkup(e)) {
+ brcmf_dbg(CONN, "Linkup\n");
+ if (brcmf_is_ibssmode(ifp->vif)) {
++ chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
+ memcpy(profile->bssid, e->addr, ETH_ALEN);
+ wl_inform_ibss(cfg, ndev, e->addr);
+- cfg80211_ibss_joined(ndev, e->addr, GFP_KERNEL);
++ cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
+ clear_bit(BRCMF_VIF_STATUS_CONNECTING,
+ &ifp->vif->sme_state);
+ set_bit(BRCMF_VIF_STATUS_CONNECTED,
+--- a/drivers/net/wireless/libertas/cfg.c
++++ b/drivers/net/wireless/libertas/cfg.c
+@@ -1766,7 +1766,8 @@ static void lbs_join_post(struct lbs_pri
+ memcpy(priv->wdev->ssid, params->ssid, params->ssid_len);
+ priv->wdev->ssid_len = params->ssid_len;
+
+- cfg80211_ibss_joined(priv->dev, bssid, GFP_KERNEL);
++ cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
++ GFP_KERNEL);
+
+ /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
+ priv->connect_status = LBS_CONNECTED;
+--- a/drivers/net/wireless/mwifiex/cfg80211.c
++++ b/drivers/net/wireless/mwifiex/cfg80211.c
+@@ -1881,7 +1881,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy
+ params->privacy);
+ done:
+ if (!ret) {
+- cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid, GFP_KERNEL);
++ cfg80211_ibss_joined(priv->netdev, priv->cfg_bssid,
++ params->chandef.chan, GFP_KERNEL);
+ dev_dbg(priv->adapter->dev,
+ "info: joined/created adhoc network with bssid"
+ " %pM successfully\n", priv->cfg_bssid);
+--- a/drivers/net/wireless/rndis_wlan.c
++++ b/drivers/net/wireless/rndis_wlan.c
+@@ -2835,7 +2835,9 @@ static void rndis_wlan_do_link_up_work(s
+ bssid, req_ie, req_ie_len,
+ resp_ie, resp_ie_len, GFP_KERNEL);
+ } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
+- cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL);
++ cfg80211_ibss_joined(usbdev->net, bssid,
++ get_current_channel(usbdev, NULL),
++ GFP_KERNEL);
+
+ kfree(info);
+
+--- a/net/wireless/ibss.c
++++ b/net/wireless/ibss.c
+@@ -14,7 +14,8 @@
+ #include "rdev-ops.h"
+
+
+-void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid)
++void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
++ struct ieee80211_channel *channel)
{
-@@ -726,6 +775,8 @@ static int ar9003_hw_process_ini(struct
- modesIndex);
- }
+ struct wireless_dev *wdev = dev->ieee80211_ptr;
+ struct cfg80211_bss *bss;
+@@ -28,8 +29,7 @@ void __cfg80211_ibss_joined(struct net_d
+ if (!wdev->ssid_len)
+ return;
-+ ar9003_doubler_fix(ah);
-+
- /*
- * RXGAIN initvals.
- */
---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
-@@ -656,13 +656,24 @@
- #define AR_PHY_SYNTH4_LONG_SHIFT_SELECT ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x00000001 : 0x00000002)
- #define AR_PHY_SYNTH4_LONG_SHIFT_SELECT_S ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0 : 1)
- #define AR_PHY_65NM_CH0_SYNTH7 0x16098
-+#define AR_PHY_65NM_CH0_SYNTH12 0x160ac
- #define AR_PHY_65NM_CH0_BIAS1 0x160c0
- #define AR_PHY_65NM_CH0_BIAS2 0x160c4
- #define AR_PHY_65NM_CH0_BIAS4 0x160cc
-+#define AR_PHY_65NM_CH0_RXTX2 0x16104
-+#define AR_PHY_65NM_CH1_RXTX2 0x16504
-+#define AR_PHY_65NM_CH2_RXTX2 0x16904
- #define AR_PHY_65NM_CH0_RXTX4 0x1610c
- #define AR_PHY_65NM_CH1_RXTX4 0x1650c
- #define AR_PHY_65NM_CH2_RXTX4 0x1690c
-
-+#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3 0x00780000
-+#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3_S 19
-+#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK 0x00000004
-+#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S 2
-+#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK 0x00000008
-+#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S 3
+- bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
+- wdev->ssid, wdev->ssid_len,
++ bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, NULL, 0,
+ WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_IBSS);
+
+ if (WARN_ON(!bss))
+@@ -54,21 +54,26 @@ void __cfg80211_ibss_joined(struct net_d
+ #endif
+ }
+
+-void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp)
++void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid,
++ struct ieee80211_channel *channel, gfp_t gfp)
+ {
+ struct wireless_dev *wdev = dev->ieee80211_ptr;
+ struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
+ struct cfg80211_event *ev;
+ unsigned long flags;
+
+- trace_cfg80211_ibss_joined(dev, bssid);
++ trace_cfg80211_ibss_joined(dev, bssid, channel);
+
- #define AR_CH0_TOP (AR_SREV_9300(ah) ? 0x16288 : \
- (((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x1628c : 0x16280)))
- #define AR_CH0_TOP_XPABIASLVL (AR_SREV_9550(ah) ? 0x3c0 : 0x300)
---- a/drivers/net/wireless/rt2x00/rt2x00dev.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
-@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct
- static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
- struct ieee80211_vif *vif)
++ if (WARN_ON(!channel))
++ return;
+
+ ev = kzalloc(sizeof(*ev), gfp);
+ if (!ev)
+ return;
+
+ ev->type = EVENT_IBSS_JOINED;
+- memcpy(ev->cr.bssid, bssid, ETH_ALEN);
++ memcpy(ev->ij.bssid, bssid, ETH_ALEN);
++ ev->ij.channel = channel;
+
+ spin_lock_irqsave(&wdev->event_lock, flags);
+ list_add_tail(&ev->list, &wdev->event_list);
+@@ -117,6 +122,7 @@ int __cfg80211_join_ibss(struct cfg80211
+
+ wdev->ibss_fixed = params->channel_fixed;
+ wdev->ibss_dfs_possible = params->userspace_handles_dfs;
++ wdev->chandef = params->chandef;
+ #ifdef CPTCFG_CFG80211_WEXT
+ wdev->wext.ibss.chandef = params->chandef;
+ #endif
+@@ -200,6 +206,7 @@ static void __cfg80211_clear_ibss(struct
+
+ wdev->current_bss = NULL;
+ wdev->ssid_len = 0;
++ memset(&wdev->chandef, 0, sizeof(wdev->chandef));
+ #ifdef CPTCFG_CFG80211_WEXT
+ if (!nowext)
+ wdev->wext.ibss.ssid_len = 0;
+--- a/net/wireless/trace.h
++++ b/net/wireless/trace.h
+@@ -2278,11 +2278,6 @@ DECLARE_EVENT_CLASS(cfg80211_rx_evt,
+ TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT, NETDEV_PR_ARG, MAC_PR_ARG(addr))
+ );
+
+-DEFINE_EVENT(cfg80211_rx_evt, cfg80211_ibss_joined,
+- TP_PROTO(struct net_device *netdev, const u8 *addr),
+- TP_ARGS(netdev, addr)
+-);
+-
+ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_rx_spurious_frame,
+ TP_PROTO(struct net_device *netdev, const u8 *addr),
+ TP_ARGS(netdev, addr)
+@@ -2293,6 +2288,24 @@ DEFINE_EVENT(cfg80211_rx_evt, cfg80211_r
+ TP_ARGS(netdev, addr)
+ );
+
++TRACE_EVENT(cfg80211_ibss_joined,
++ TP_PROTO(struct net_device *netdev, const u8 *bssid,
++ struct ieee80211_channel *channel),
++ TP_ARGS(netdev, bssid, channel),
++ TP_STRUCT__entry(
++ NETDEV_ENTRY
++ MAC_ENTRY(bssid)
++ CHAN_ENTRY
++ ),
++ TP_fast_assign(
++ NETDEV_ASSIGN;
++ MAC_ASSIGN(bssid, bssid);
++ CHAN_ASSIGN(channel);
++ ),
++ TP_printk(NETDEV_PR_FMT ", bssid: " MAC_PR_FMT ", " CHAN_PR_FMT,
++ NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG)
++);
++
+ TRACE_EVENT(cfg80211_probe_status,
+ TP_PROTO(struct net_device *netdev, const u8 *addr, u64 cookie,
+ bool acked),
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -820,7 +820,8 @@ void cfg80211_process_wdev_events(struct
+ ev->dc.reason, true);
+ break;
+ case EVENT_IBSS_JOINED:
+- __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid);
++ __cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid,
++ ev->ij.channel);
+ break;
+ }
+ wdev_unlock(wdev);
+@@ -1356,7 +1357,7 @@ int cfg80211_can_use_iftype_chan(struct
+ */
+ mutex_lock_nested(&wdev_iter->mtx, 1);
+ __acquire(wdev_iter->mtx);
+- cfg80211_get_chan_state(wdev_iter, &ch, &chmode);
++ cfg80211_get_chan_state(wdev_iter, &ch, &chmode, &radar_detect);
+ wdev_unlock(wdev_iter);
+
+ switch (chmode) {
+--- a/net/wireless/chan.c
++++ b/net/wireless/chan.c
+@@ -642,7 +642,8 @@ int cfg80211_set_monitor_channel(struct
+ void
+ cfg80211_get_chan_state(struct wireless_dev *wdev,
+ struct ieee80211_channel **chan,
+- enum cfg80211_chan_mode *chanmode)
++ enum cfg80211_chan_mode *chanmode,
++ u8 *radar_detect)
{
-+ struct ieee80211_tx_control control = {};
- struct rt2x00_dev *rt2x00dev = data;
- struct sk_buff *skb;
+ *chan = NULL;
+ *chanmode = CHAN_MODE_UNDEFINED;
+@@ -660,6 +661,11 @@ cfg80211_get_chan_state(struct wireless_
+ !wdev->ibss_dfs_possible)
+ ? CHAN_MODE_SHARED
+ : CHAN_MODE_EXCLUSIVE;
++
++ /* consider worst-case - IBSS can try to return to the
++ * original user-specified channel as creator */
++ if (wdev->ibss_dfs_possible)
++ *radar_detect |= BIT(wdev->chandef.width);
+ return;
+ }
+ break;
+@@ -674,17 +680,26 @@ cfg80211_get_chan_state(struct wireless_
+ case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_P2P_GO:
+ if (wdev->cac_started) {
+- *chan = wdev->channel;
++ *chan = wdev->chandef.chan;
+ *chanmode = CHAN_MODE_SHARED;
++ *radar_detect |= BIT(wdev->chandef.width);
+ } else if (wdev->beacon_interval) {
+- *chan = wdev->channel;
++ *chan = wdev->chandef.chan;
+ *chanmode = CHAN_MODE_SHARED;
++
++ if (cfg80211_chandef_dfs_required(wdev->wiphy,
++ &wdev->chandef))
++ *radar_detect |= BIT(wdev->chandef.width);
+ }
+ return;
+ case NL80211_IFTYPE_MESH_POINT:
+ if (wdev->mesh_id_len) {
+- *chan = wdev->channel;
++ *chan = wdev->chandef.chan;
+ *chanmode = CHAN_MODE_SHARED;
++
++ if (cfg80211_chandef_dfs_required(wdev->wiphy,
++ &wdev->chandef))
++ *radar_detect |= BIT(wdev->chandef.width);
+ }
+ return;
+ case NL80211_IFTYPE_MONITOR:
+--- a/net/wireless/mesh.c
++++ b/net/wireless/mesh.c
+@@ -195,7 +195,7 @@ int __cfg80211_join_mesh(struct cfg80211
+ if (!err) {
+ memcpy(wdev->ssid, setup->mesh_id, setup->mesh_id_len);
+ wdev->mesh_id_len = setup->mesh_id_len;
+- wdev->channel = setup->chandef.chan;
++ wdev->chandef = setup->chandef;
+ }
-@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(voi
- */
- skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
- while (skb) {
-- rt2x00mac_tx(rt2x00dev->hw, NULL, skb);
-+ rt2x00mac_tx(rt2x00dev->hw, &control, skb);
- skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
+ return err;
+@@ -244,7 +244,7 @@ int cfg80211_set_mesh_channel(struct cfg
+ err = rdev_libertas_set_mesh_channel(rdev, wdev->netdev,
+ chandef->chan);
+ if (!err)
+- wdev->channel = chandef->chan;
++ wdev->chandef = *chandef;
+
+ return err;
+ }
+@@ -276,7 +276,7 @@ static int __cfg80211_leave_mesh(struct
+ err = rdev_leave_mesh(rdev, dev);
+ if (!err) {
+ wdev->mesh_id_len = 0;
+- wdev->channel = NULL;
++ memset(&wdev->chandef, 0, sizeof(wdev->chandef));
+ rdev_set_qos_map(rdev, dev, NULL);
+ }
+
+--- a/net/wireless/mlme.c
++++ b/net/wireless/mlme.c
+@@ -772,7 +772,7 @@ void cfg80211_cac_event(struct net_devic
+ if (WARN_ON(!wdev->cac_started))
+ return;
+
+- if (WARN_ON(!wdev->channel))
++ if (WARN_ON(!wdev->chandef.chan))
+ return;
+
+ switch (event) {
+--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+@@ -5065,6 +5065,10 @@ static u16 ar9003_hw_get_max_edge_power(
+ break;
+ }
}
++
++ if (is2GHz && !twiceMaxEdgePower)
++ twiceMaxEdgePower = 60;
++
+ return twiceMaxEdgePower;
}
+
--- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c
-@@ -1040,8 +1040,8 @@ static void ar9003_hw_cl_cal_post_proc(s
+@@ -23,10 +23,11 @@
+ #define MAX_MEASUREMENT MAX_IQCAL_MEASUREMENT
+ #define MAX_MAG_DELTA 11
+ #define MAX_PHS_DELTA 10
++#define MAXIQCAL 3
+
+ struct coeff {
+- int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
+- int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT];
++ int mag_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
++ int phs_coeff[AR9300_MAX_CHAINS][MAX_MEASUREMENT][MAXIQCAL];
+ int iqc_coeff[2];
+ };
+
+@@ -800,7 +801,7 @@ static bool ar9003_hw_calc_iq_corr(struc
+ if (q_q_coff > 63)
+ q_q_coff = 63;
+
+- iqc_coeff[0] = (q_q_coff * 128) + q_i_coff;
++ iqc_coeff[0] = (q_q_coff * 128) + (0x7f & q_i_coff);
+
+ ath_dbg(common, CALIBRATE, "tx chain %d: iq corr coeff=%x\n",
+ chain_idx, iqc_coeff[0]);
+@@ -831,7 +832,7 @@ static bool ar9003_hw_calc_iq_corr(struc
+ if (q_q_coff > 63)
+ q_q_coff = 63;
+
+- iqc_coeff[1] = (q_q_coff * 128) + q_i_coff;
++ iqc_coeff[1] = (q_q_coff * 128) + (0x7f & q_i_coff);
+
+ ath_dbg(common, CALIBRATE, "rx chain %d: iq corr coeff=%x\n",
+ chain_idx, iqc_coeff[1]);
+@@ -839,7 +840,8 @@ static bool ar9003_hw_calc_iq_corr(struc
+ return true;
+ }
+
+-static void ar9003_hw_detect_outlier(int *mp_coeff, int nmeasurement,
++static void ar9003_hw_detect_outlier(int mp_coeff[][MAXIQCAL],
++ int nmeasurement,
+ int max_delta)
+ {
+ int mp_max = -64, max_idx = 0;
+@@ -848,20 +850,20 @@ static void ar9003_hw_detect_outlier(int
+
+ /* find min/max mismatch across all calibrated gains */
+ for (i = 0; i < nmeasurement; i++) {
+- if (mp_coeff[i] > mp_max) {
+- mp_max = mp_coeff[i];
++ if (mp_coeff[i][0] > mp_max) {
++ mp_max = mp_coeff[i][0];
+ max_idx = i;
+- } else if (mp_coeff[i] < mp_min) {
+- mp_min = mp_coeff[i];
++ } else if (mp_coeff[i][0] < mp_min) {
++ mp_min = mp_coeff[i][0];
+ min_idx = i;
+ }
+ }
+
+ /* find average (exclude max abs value) */
+ for (i = 0; i < nmeasurement; i++) {
+- if ((abs(mp_coeff[i]) < abs(mp_max)) ||
+- (abs(mp_coeff[i]) < abs(mp_min))) {
+- mp_avg += mp_coeff[i];
++ if ((abs(mp_coeff[i][0]) < abs(mp_max)) ||
++ (abs(mp_coeff[i][0]) < abs(mp_min))) {
++ mp_avg += mp_coeff[i][0];
+ mp_count++;
+ }
+ }
+@@ -873,7 +875,7 @@ static void ar9003_hw_detect_outlier(int
+ if (mp_count)
+ mp_avg /= mp_count;
+ else
+- mp_avg = mp_coeff[nmeasurement - 1];
++ mp_avg = mp_coeff[nmeasurement - 1][0];
+
+ /* detect outlier */
+ if (abs(mp_max - mp_min) > max_delta) {
+@@ -882,15 +884,16 @@ static void ar9003_hw_detect_outlier(int
+ else
+ outlier_idx = min_idx;
+
+- mp_coeff[outlier_idx] = mp_avg;
++ mp_coeff[outlier_idx][0] = mp_avg;
}
}
--static bool ar9003_hw_init_cal(struct ath_hw *ah,
-- struct ath9k_channel *chan)
-+static bool ar9003_hw_init_cal_pcoem(struct ath_hw *ah,
-+ struct ath9k_channel *chan)
+-static void ar9003_hw_tx_iqcal_load_avg_2_passes(struct ath_hw *ah,
+- struct coeff *coeff,
+- bool is_reusable)
++static void ar9003_hw_tx_iq_cal_outlier_detection(struct ath_hw *ah,
++ struct coeff *coeff,
++ bool is_reusable)
{
- struct ath_common *common = ath9k_hw_common(ah);
+ int i, im, nmeasurement;
++ int magnitude, phase;
+ u32 tx_corr_coeff[MAX_MEASUREMENT][AR9300_MAX_CHAINS];
struct ath9k_hw_cal_data *caldata = ah->caldata;
-@@ -1228,13 +1228,109 @@ skip_tx_iqcal:
+
+@@ -920,21 +923,30 @@ static void ar9003_hw_tx_iqcal_load_avg_
+ if (nmeasurement > MAX_MEASUREMENT)
+ nmeasurement = MAX_MEASUREMENT;
+
+- /* detect outlier only if nmeasurement > 1 */
+- if (nmeasurement > 1) {
+- /* Detect magnitude outlier */
+- ar9003_hw_detect_outlier(coeff->mag_coeff[i],
+- nmeasurement, MAX_MAG_DELTA);
+-
+- /* Detect phase outlier */
+- ar9003_hw_detect_outlier(coeff->phs_coeff[i],
+- nmeasurement, MAX_PHS_DELTA);
++ /*
++ * Skip normal outlier detection for AR9550.
++ */
++ if (!AR_SREV_9550(ah)) {
++ /* detect outlier only if nmeasurement > 1 */
++ if (nmeasurement > 1) {
++ /* Detect magnitude outlier */
++ ar9003_hw_detect_outlier(coeff->mag_coeff[i],
++ nmeasurement,
++ MAX_MAG_DELTA);
++
++ /* Detect phase outlier */
++ ar9003_hw_detect_outlier(coeff->phs_coeff[i],
++ nmeasurement,
++ MAX_PHS_DELTA);
++ }
+ }
+
+ for (im = 0; im < nmeasurement; im++) {
++ magnitude = coeff->mag_coeff[i][im][0];
++ phase = coeff->phs_coeff[i][im][0];
+
+- coeff->iqc_coeff[0] = (coeff->mag_coeff[i][im] & 0x7f) |
+- ((coeff->phs_coeff[i][im] & 0x7f) << 7);
++ coeff->iqc_coeff[0] =
++ (phase & 0x7f) | ((magnitude & 0x7f) << 7);
+
+ if ((im % 2) == 0)
+ REG_RMW_FIELD(ah, tx_corr_coeff[im][i],
+@@ -991,7 +1003,63 @@ static bool ar9003_hw_tx_iq_cal_run(stru
return true;
}
-+static bool ar9003_hw_init_cal_soc(struct ath_hw *ah,
-+ struct ath9k_channel *chan)
+-static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah, bool is_reusable)
++static void __ar955x_tx_iq_cal_sort(struct ath_hw *ah,
++ struct coeff *coeff,
++ int i, int nmeasurement)
+{
+ struct ath_common *common = ath9k_hw_common(ah);
-+ struct ath9k_hw_cal_data *caldata = ah->caldata;
-+ bool txiqcal_done = false;
-+ bool is_reusable = true, status = true;
-+ bool run_agc_cal = false, sep_iq_cal = false;
-+
-+ /* Use chip chainmask only for calibration */
-+ ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask);
++ int im, ix, iy, temp;
++
++ for (im = 0; im < nmeasurement; im++) {
++ for (ix = 0; ix < MAXIQCAL - 1; ix++) {
++ for (iy = ix + 1; iy <= MAXIQCAL - 1; iy++) {
++ if (coeff->mag_coeff[i][im][iy] <
++ coeff->mag_coeff[i][im][ix]) {
++ temp = coeff->mag_coeff[i][im][ix];
++ coeff->mag_coeff[i][im][ix] =
++ coeff->mag_coeff[i][im][iy];
++ coeff->mag_coeff[i][im][iy] = temp;
++ }
++ if (coeff->phs_coeff[i][im][iy] <
++ coeff->phs_coeff[i][im][ix]) {
++ temp = coeff->phs_coeff[i][im][ix];
++ coeff->phs_coeff[i][im][ix] =
++ coeff->phs_coeff[i][im][iy];
++ coeff->phs_coeff[i][im][iy] = temp;
++ }
++ }
++ }
++ coeff->mag_coeff[i][im][0] = coeff->mag_coeff[i][im][MAXIQCAL / 2];
++ coeff->phs_coeff[i][im][0] = coeff->phs_coeff[i][im][MAXIQCAL / 2];
+
-+ if (ah->enabled_cals & TX_CL_CAL) {
-+ REG_SET_BIT(ah, AR_PHY_CL_CAL_CTL, AR_PHY_CL_CAL_ENABLE);
-+ run_agc_cal = true;
++ ath_dbg(common, CALIBRATE,
++ "IQCAL: Median [ch%d][gain%d]: mag = %d phase = %d\n",
++ i, im,
++ coeff->mag_coeff[i][im][0],
++ coeff->phs_coeff[i][im][0]);
+ }
++}
+
-+ if (IS_CHAN_HALF_RATE(chan) || IS_CHAN_QUARTER_RATE(chan))
-+ goto skip_tx_iqcal;
++static bool ar955x_tx_iq_cal_median(struct ath_hw *ah,
++ struct coeff *coeff,
++ int iqcal_idx,
++ int nmeasurement)
++{
++ int i;
+
-+ /* Do Tx IQ Calibration */
-+ REG_RMW_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_1,
-+ AR_PHY_TX_IQCAL_CONTROL_1_IQCORR_I_Q_COFF_DELPT,
-+ DELPT);
++ if ((iqcal_idx + 1) != MAXIQCAL)
++ return false;
+
-+ /*
-+ * For AR9485 or later chips, TxIQ cal runs as part of
-+ * AGC calibration. Specifically, AR9550 in SoC chips.
-+ */
-+ if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) {
-+ txiqcal_done = true;
-+ run_agc_cal = true;
-+ } else {
-+ sep_iq_cal = true;
-+ run_agc_cal = true;
++ for (i = 0; i < AR9300_MAX_CHAINS; i++) {
++ __ar955x_tx_iq_cal_sort(ah, coeff, i, nmeasurement);
+ }
+
-+ /*
-+ * In the SoC family, this will run for AR9300, AR9331 and AR9340.
-+ */
-+ if (sep_iq_cal) {
-+ txiqcal_done = ar9003_hw_tx_iq_cal_run(ah);
-+ REG_WRITE(ah, AR_PHY_ACTIVE, AR_PHY_ACTIVE_DIS);
-+ udelay(5);
-+ REG_WRITE(ah, AR_PHY_ACTIVE, AR_PHY_ACTIVE_EN);
-+ }
++ return true;
++}
+
-+skip_tx_iqcal:
-+ if (run_agc_cal || !(ah->ah_flags & AH_FASTCC)) {
-+ /* Calibrate the AGC */
-+ REG_WRITE(ah, AR_PHY_AGC_CONTROL,
-+ REG_READ(ah, AR_PHY_AGC_CONTROL) |
-+ AR_PHY_AGC_CONTROL_CAL);
++static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah,
++ int iqcal_idx,
++ bool is_reusable)
+ {
+ struct ath_common *common = ath9k_hw_common(ah);
+ const u32 txiqcal_status[AR9300_MAX_CHAINS] = {
+@@ -1004,10 +1072,11 @@ static void ar9003_hw_tx_iq_cal_post_pro
+ AR_PHY_CHAN_INFO_TAB_1,
+ AR_PHY_CHAN_INFO_TAB_2,
+ };
+- struct coeff coeff;
++ static struct coeff coeff;
+ s32 iq_res[6];
+ int i, im, j;
+- int nmeasurement;
++ int nmeasurement = 0;
++ bool outlier_detect = true;
+
+ for (i = 0; i < AR9300_MAX_CHAINS; i++) {
+ if (!(ah->txchainmask & (1 << i)))
+@@ -1065,17 +1134,23 @@ static void ar9003_hw_tx_iq_cal_post_pro
+ goto tx_iqcal_fail;
+ }
+
+- coeff.mag_coeff[i][im] = coeff.iqc_coeff[0] & 0x7f;
+- coeff.phs_coeff[i][im] =
++ coeff.phs_coeff[i][im][iqcal_idx] =
++ coeff.iqc_coeff[0] & 0x7f;
++ coeff.mag_coeff[i][im][iqcal_idx] =
+ (coeff.iqc_coeff[0] >> 7) & 0x7f;
+
+- if (coeff.mag_coeff[i][im] > 63)
+- coeff.mag_coeff[i][im] -= 128;
+- if (coeff.phs_coeff[i][im] > 63)
+- coeff.phs_coeff[i][im] -= 128;
++ if (coeff.mag_coeff[i][im][iqcal_idx] > 63)
++ coeff.mag_coeff[i][im][iqcal_idx] -= 128;
++ if (coeff.phs_coeff[i][im][iqcal_idx] > 63)
++ coeff.phs_coeff[i][im][iqcal_idx] -= 128;
+ }
+ }
+- ar9003_hw_tx_iqcal_load_avg_2_passes(ah, &coeff, is_reusable);
+
-+ /* Poll for offset calibration complete */
-+ status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
-+ AR_PHY_AGC_CONTROL_CAL,
-+ 0, AH_WAIT_TIMEOUT);
-+ }
++ if (AR_SREV_9550(ah))
++ outlier_detect = ar955x_tx_iq_cal_median(ah, &coeff,
++ iqcal_idx, nmeasurement);
++ if (outlier_detect)
++ ar9003_hw_tx_iq_cal_outlier_detection(ah, &coeff, is_reusable);
+
+ return;
+
+@@ -1409,7 +1484,7 @@ skip_tx_iqcal:
+ }
+
+ if (txiqcal_done)
+- ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
++ ar9003_hw_tx_iq_cal_post_proc(ah, 0, is_reusable);
+ else if (caldata && test_bit(TXIQCAL_DONE, &caldata->cal_flags))
+ ar9003_hw_tx_iq_cal_reload(ah);
+
+@@ -1455,14 +1530,38 @@ skip_tx_iqcal:
+ return true;
+ }
+
++static bool do_ar9003_agc_cal(struct ath_hw *ah)
++{
++ struct ath_common *common = ath9k_hw_common(ah);
++ bool status;
++
++ REG_WRITE(ah, AR_PHY_AGC_CONTROL,
++ REG_READ(ah, AR_PHY_AGC_CONTROL) |
++ AR_PHY_AGC_CONTROL_CAL);
+
++ status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
++ AR_PHY_AGC_CONTROL_CAL,
++ 0, AH_WAIT_TIMEOUT);
+ if (!status) {
+ ath_dbg(common, CALIBRATE,
-+ "offset calibration failed to complete in %d ms; noisy environment?\n",
++ "offset calibration failed to complete in %d ms,"
++ "noisy environment?\n",
+ AH_WAIT_TIMEOUT / 1000);
+ return false;
+ }
+
-+ if (txiqcal_done)
-+ ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
-+
-+ /* Revert chainmask to runtime parameters */
-+ ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask);
-+
-+ /* Initialize list pointers */
-+ ah->cal_list = ah->cal_list_last = ah->cal_list_curr = NULL;
-+
-+ INIT_CAL(&ah->iq_caldata);
-+ INSERT_CAL(ah, &ah->iq_caldata);
-+ ath_dbg(common, CALIBRATE, "enabling IQ Calibration\n");
-+
-+ /* Initialize current pointer to first element in list */
-+ ah->cal_list_curr = ah->cal_list;
-+
-+ if (ah->cal_list_curr)
-+ ath9k_hw_reset_calibration(ah, ah->cal_list_curr);
-+
-+ if (caldata)
-+ caldata->CalValid = 0;
-+
+ return true;
+}
+
- void ar9003_hw_attach_calib_ops(struct ath_hw *ah)
+ static bool ar9003_hw_init_cal_soc(struct ath_hw *ah,
+ struct ath9k_channel *chan)
{
- struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah);
- struct ath_hw_ops *ops = ath9k_hw_ops(ah);
+ struct ath_common *common = ath9k_hw_common(ah);
+ struct ath9k_hw_cal_data *caldata = ah->caldata;
+ bool txiqcal_done = false;
+- bool is_reusable = true, status = true;
++ bool status = true;
+ bool run_agc_cal = false, sep_iq_cal = false;
++ int i = 0;
+
+ /* Use chip chainmask only for calibration */
+ ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask);
+@@ -1485,7 +1584,12 @@ static bool ar9003_hw_init_cal_soc(struc
+ * AGC calibration. Specifically, AR9550 in SoC chips.
+ */
+ if (ah->enabled_cals & TX_IQ_ON_AGC_CAL) {
+- txiqcal_done = true;
++ if (REG_READ_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_0,
++ AR_PHY_TX_IQCAL_CONTROL_0_ENABLE_TXIQ_CAL)) {
++ txiqcal_done = true;
++ } else {
++ txiqcal_done = false;
++ }
+ run_agc_cal = true;
+ } else {
+ sep_iq_cal = true;
+@@ -1512,27 +1616,37 @@ skip_tx_iqcal:
+ if (AR_SREV_9330_11(ah))
+ ar9003_hw_manual_peak_cal(ah, 0, IS_CHAN_2GHZ(chan));
+
+- /* Calibrate the AGC */
+- REG_WRITE(ah, AR_PHY_AGC_CONTROL,
+- REG_READ(ah, AR_PHY_AGC_CONTROL) |
+- AR_PHY_AGC_CONTROL_CAL);
+-
+- /* Poll for offset calibration complete */
+- status = ath9k_hw_wait(ah, AR_PHY_AGC_CONTROL,
+- AR_PHY_AGC_CONTROL_CAL,
+- 0, AH_WAIT_TIMEOUT);
+- }
++ /*
++ * For non-AR9550 chips, we just trigger AGC calibration
++ * in the HW, poll for completion and then process
++ * the results.
++ *
++ * For AR955x, we run it multiple times and use
++ * median IQ correction.
++ */
++ if (!AR_SREV_9550(ah)) {
++ status = do_ar9003_agc_cal(ah);
++ if (!status)
++ return false;
+
+- if (!status) {
+- ath_dbg(common, CALIBRATE,
+- "offset calibration failed to complete in %d ms; noisy environment?\n",
+- AH_WAIT_TIMEOUT / 1000);
+- return false;
++ if (txiqcal_done)
++ ar9003_hw_tx_iq_cal_post_proc(ah, 0, false);
++ } else {
++ if (!txiqcal_done) {
++ status = do_ar9003_agc_cal(ah);
++ if (!status)
++ return false;
++ } else {
++ for (i = 0; i < MAXIQCAL; i++) {
++ status = do_ar9003_agc_cal(ah);
++ if (!status)
++ return false;
++ ar9003_hw_tx_iq_cal_post_proc(ah, i, false);
++ }
++ }
++ }
+ }
-+ if (AR_SREV_9485(ah) || AR_SREV_9462(ah) || AR_SREV_9565(ah))
-+ priv_ops->init_cal = ar9003_hw_init_cal_pcoem;
-+ else
-+ priv_ops->init_cal = ar9003_hw_init_cal_soc;
+- if (txiqcal_done)
+- ar9003_hw_tx_iq_cal_post_proc(ah, is_reusable);
+-
+ /* Revert chainmask to runtime parameters */
+ ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask);
+
+--- a/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h
++++ b/drivers/net/wireless/rtl818x/rtl8187/rtl8187.h
+@@ -15,6 +15,8 @@
+ #ifndef RTL8187_H
+ #define RTL8187_H
+
++#include <linux/cache.h>
++
+ #include "rtl818x.h"
+ #include "leds.h"
+
+@@ -139,7 +141,10 @@ struct rtl8187_priv {
+ u8 aifsn[4];
+ u8 rfkill_mask;
+ struct {
+- __le64 buf;
++ union {
++ __le64 buf;
++ u8 dummy1[L1_CACHE_BYTES];
++ } ____cacheline_aligned;
+ struct sk_buff_head queue;
+ } b_tx_status; /* This queue is used by both -b and non-b devices */
+ struct mutex io_mutex;
+@@ -147,7 +152,8 @@ struct rtl8187_priv {
+ u8 bits8;
+ __le16 bits16;
+ __le32 bits32;
+- } *io_dmabuf;
++ u8 dummy2[L1_CACHE_BYTES];
++ } *io_dmabuf ____cacheline_aligned;
+ bool rfkill_off;
+ u16 seqno;
+ };
+--- a/net/mac80211/wme.c
++++ b/net/mac80211/wme.c
+@@ -154,6 +154,11 @@ u16 ieee80211_select_queue(struct ieee80
+ return IEEE80211_AC_BE;
+ }
+
++ if (skb->protocol == sdata->control_port_protocol) {
++ skb->priority = 7;
++ return ieee80211_downgrade_queue(sdata, skb);
++ }
+
- priv_ops->init_cal_settings = ar9003_hw_init_cal_settings;
-- priv_ops->init_cal = ar9003_hw_init_cal;
- priv_ops->setup_calibration = ar9003_hw_setup_calibration;
-
- ops->calibrate = ar9003_hw_calibrate;
---- a/drivers/net/wireless/ath/ath9k/common.c
-+++ b/drivers/net/wireless/ath/ath9k/common.c
-@@ -98,10 +98,8 @@ struct ath9k_channel *ath9k_cmn_get_chan
- {
- struct ieee80211_channel *curchan = chandef->chan;
- struct ath9k_channel *channel;
-- u8 chan_idx;
-
-- chan_idx = curchan->hw_value;
-- channel = &ah->channels[chan_idx];
-+ channel = &ah->channels[curchan->hw_value];
- ath9k_cmn_update_ichannel(channel, chandef);
-
- return channel;
---- a/net/mac80211/rc80211_minstrel_ht.c
-+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -226,7 +226,7 @@ minstrel_ht_calc_tp(struct minstrel_ht_s
- nsecs = 1000 * mi->overhead / MINSTREL_TRUNC(mi->avg_ampdu_len);
-
- nsecs += minstrel_mcs_groups[group].duration[rate];
-- tp = 1000000 * ((mr->probability * 1000) / nsecs);
-+ tp = 1000000 * ((prob * 1000) / nsecs);
-
- mr->cur_tp = MINSTREL_TRUNC(tp);
- }
+ /* use the data classifier to determine what 802.1d tag the
+ * data frame has */
+ rcu_read_lock();