struct ath_buf_state bf_state;
};
-@@ -658,11 +659,10 @@ enum sc_op_flags {
+@@ -250,9 +251,9 @@ struct ath_atx_tid {
+ int tidno;
+ int baw_head; /* first un-acked tx buffer */
+ int baw_tail; /* next unused tx buffer slot */
+- int sched;
+- int paused;
+- u8 state;
++ bool sched;
++ bool paused;
++ bool active;
+ };
+
+ struct ath_node {
+@@ -273,10 +274,6 @@ struct ath_node {
+ #endif
+ };
+
+-#define AGGR_CLEANUP BIT(1)
+-#define AGGR_ADDBA_COMPLETE BIT(2)
+-#define AGGR_ADDBA_PROGRESS BIT(3)
+-
+ struct ath_tx_control {
+ struct ath_txq *txq;
+ struct ath_node *an;
+@@ -658,11 +655,10 @@ enum sc_op_flags {
struct ath_rate_table;
struct ath9k_vif_iter_data {
int nstations; /* number of station vifs */
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -1366,7 +1366,10 @@ static bool ath9k_hw_set_reset(struct at
+@@ -1171,6 +1171,7 @@ u32 ath9k_regd_get_ctl(struct ath_regula
+ static inline void ath9k_hw_set_dma(struct ath_hw *ah)
+ {
+ struct ath_common *common = ath9k_hw_common(ah);
++ int txbuf_size;
+
+ ENABLE_REGWRITE_BUFFER(ah);
+
+@@ -1224,13 +1225,17 @@ static inline void ath9k_hw_set_dma(stru
+ * So set the usable tx buf size also to half to
+ * avoid data/delimiter underruns
+ */
+- REG_WRITE(ah, AR_PCU_TXBUF_CTRL,
+- AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE);
+- } else if (!AR_SREV_9271(ah)) {
+- REG_WRITE(ah, AR_PCU_TXBUF_CTRL,
+- AR_PCU_TXBUF_CTRL_USABLE_SIZE);
++ txbuf_size = AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE;
++ } else if (AR_SREV_9340_13_OR_LATER(ah)) {
++ /* Uses fewer entries for AR934x v1.3+ to prevent rx overruns */
++ txbuf_size = AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE;
++ } else {
++ txbuf_size = AR_PCU_TXBUF_CTRL_USABLE_SIZE;
+ }
+
++ if (!AR_SREV_9271(ah))
++ REG_WRITE(ah, AR_PCU_TXBUF_CTRL, txbuf_size);
++
+ REGWRITE_BUFFER_FLUSH(ah);
+
+ if (AR_SREV_9300_20_OR_LATER(ah))
+@@ -1305,9 +1310,13 @@ static bool ath9k_hw_set_reset(struct at
+ AR_RTC_RC_COLD_RESET | AR_RTC_RC_WARM_RESET;
+ } else {
+ tmpReg = REG_READ(ah, AR_INTR_SYNC_CAUSE);
+- if (tmpReg &
+- (AR_INTR_SYNC_LOCAL_TIMEOUT |
+- AR_INTR_SYNC_RADM_CPL_TIMEOUT)) {
++ if (AR_SREV_9340(ah))
++ tmpReg &= AR9340_INTR_SYNC_LOCAL_TIMEOUT;
++ else
++ tmpReg &= AR_INTR_SYNC_LOCAL_TIMEOUT |
++ AR_INTR_SYNC_RADM_CPL_TIMEOUT;
++
++ if (tmpReg) {
+ u32 val;
+ REG_WRITE(ah, AR_INTR_SYNC_ENABLE, 0);
+
+@@ -1366,7 +1375,10 @@ static bool ath9k_hw_set_reset(struct at
REGWRITE_BUFFER_FLUSH(ah);
REG_WRITE(ah, AR_RTC_RC, 0);
if (!ath9k_hw_wait(ah, AR_RTC_RC, AR_RTC_RC_M, 0, AH_WAIT_TIMEOUT)) {
-@@ -1377,8 +1380,12 @@ static bool ath9k_hw_set_reset(struct at
+@@ -1377,8 +1389,12 @@ static bool ath9k_hw_set_reset(struct at
if (!AR_SREV_9100(ah))
REG_WRITE(ah, AR_RC, 0);
return true;
}
-@@ -1464,7 +1471,8 @@ static bool ath9k_hw_chip_reset(struct a
+@@ -1464,7 +1480,8 @@ static bool ath9k_hw_chip_reset(struct a
reset_type = ATH9K_RESET_POWER_ON;
else
reset_type = ATH9K_RESET_COLD;
(REG_READ(ah, AR_CR) & AR_CR_RXE))
reset_type = ATH9K_RESET_COLD;
-@@ -1698,12 +1706,11 @@ static void ath9k_hw_reset_opmode(struct
+@@ -1698,12 +1715,11 @@ static void ath9k_hw_reset_opmode(struct
ENABLE_REGWRITE_BUFFER(ah);
}
static int ath9k_sta_remove(struct ieee80211_hw *hw,
+@@ -1678,6 +1687,7 @@ static int ath9k_ampdu_action(struct iee
+ u16 tid, u16 *ssn, u8 buf_size)
+ {
+ struct ath_softc *sc = hw->priv;
++ bool flush = false;
+ int ret = 0;
+
+ local_bh_disable();
+@@ -1694,12 +1704,14 @@ static int ath9k_ampdu_action(struct iee
+ ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
+ ath9k_ps_restore(sc);
+ break;
+- case IEEE80211_AMPDU_TX_STOP_CONT:
+ case IEEE80211_AMPDU_TX_STOP_FLUSH:
+ case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
++ flush = true;
++ case IEEE80211_AMPDU_TX_STOP_CONT:
+ ath9k_ps_wakeup(sc);
+ ath_tx_aggr_stop(sc, sta, tid);
+- ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
++ if (!flush)
++ ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
+ ath9k_ps_restore(sc);
+ break;
+ case IEEE80211_AMPDU_TX_OPERATIONAL:
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
-@@ -1493,9 +1493,6 @@ enum {
+@@ -798,6 +798,10 @@
+ #define AR_SREV_REVISION_9485_10 0
+ #define AR_SREV_REVISION_9485_11 1
+ #define AR_SREV_VERSION_9340 0x300
++#define AR_SREV_REVISION_9340_10 0
++#define AR_SREV_REVISION_9340_11 1
++#define AR_SREV_REVISION_9340_12 2
++#define AR_SREV_REVISION_9340_13 3
+ #define AR_SREV_VERSION_9580 0x1C0
+ #define AR_SREV_REVISION_9580_10 4 /* AR9580 1.0 */
+ #define AR_SREV_VERSION_9462 0x280
+@@ -897,6 +901,10 @@
+ #define AR_SREV_9340(_ah) \
+ (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9340))
+
++#define AR_SREV_9340_13_OR_LATER(_ah) \
++ (AR_SREV_9340((_ah)) && \
++ ((_ah)->hw_version.macRev >= AR_SREV_REVISION_9340_13))
++
+ #define AR_SREV_9285E_20(_ah) \
+ (AR_SREV_9285_12_OR_LATER(_ah) && \
+ ((REG_READ(_ah, AR_AN_SYNTH9) & 0x7) == 0x1))
+@@ -1007,6 +1015,8 @@ enum {
+ AR_INTR_SYNC_LOCAL_TIMEOUT |
+ AR_INTR_SYNC_MAC_SLEEP_ACCESS),
+
++ AR9340_INTR_SYNC_LOCAL_TIMEOUT = 0x00000010,
++
+ AR_INTR_SYNC_SPURIOUS = 0xFFFFFFFF,
+
+ };
+@@ -1493,9 +1503,6 @@ enum {
#define AR9271_RADIO_RF_RST 0x20
#define AR9271_GATE_MAC_CTL 0x4000
#define AR_STA_ID1_STA_AP 0x00010000
#define AR_STA_ID1_ADHOC 0x00020000
#define AR_STA_ID1_PWR_SAV 0x00040000
+@@ -1884,6 +1891,7 @@ enum {
+ #define AR_PCU_TXBUF_CTRL_SIZE_MASK 0x7FF
+ #define AR_PCU_TXBUF_CTRL_USABLE_SIZE 0x700
+ #define AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE 0x380
++#define AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE 0x500
+
+ #define AR_PCU_MISC_MODE2 0x8344
+ #define AR_PCU_MISC_MODE2_MGMT_CRYPTO_ENABLE 0x00000002
--- a/drivers/net/wireless/ath/hw.c
+++ b/drivers/net/wireless/ath/hw.c
@@ -118,6 +118,12 @@
struct rate_info txrate;
struct rate_info rxrate;
u32 rx_packets;
-@@ -4027,6 +4041,17 @@ bool cfg80211_reg_can_beacon(struct wiph
+@@ -954,6 +968,7 @@ enum monitor_flags {
+ MONITOR_FLAG_CONTROL = 1<<NL80211_MNTR_FLAG_CONTROL,
+ MONITOR_FLAG_OTHER_BSS = 1<<NL80211_MNTR_FLAG_OTHER_BSS,
+ MONITOR_FLAG_COOK_FRAMES = 1<<NL80211_MNTR_FLAG_COOK_FRAMES,
++ MONITOR_FLAG_ACTIVE = 1<<NL80211_MNTR_FLAG_ACTIVE,
+ };
+
+ /**
+@@ -4027,6 +4042,17 @@ bool cfg80211_reg_can_beacon(struct wiph
void cfg80211_ch_switch_notify(struct net_device *dev,
struct cfg80211_chan_def *chandef);
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -444,7 +444,7 @@ static void sta_set_sinfo(struct sta_inf
+@@ -73,16 +73,19 @@ static int ieee80211_change_iface(struct
+ struct ieee80211_local *local = sdata->local;
+
+ if (ieee80211_sdata_running(sdata)) {
++ u32 mask = MONITOR_FLAG_COOK_FRAMES |
++ MONITOR_FLAG_ACTIVE;
++
+ /*
+- * Prohibit MONITOR_FLAG_COOK_FRAMES to be
+- * changed while the interface is up.
++ * Prohibit MONITOR_FLAG_COOK_FRAMES and
++ * MONITOR_FLAG_ACTIVE to be changed while the
++ * interface is up.
+ * Else we would need to add a lot of cruft
+ * to update everything:
+ * cooked_mntrs, monitor and all fif_* counters
+ * reconfigure hardware
+ */
+- if ((*flags & MONITOR_FLAG_COOK_FRAMES) !=
+- (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
++ if ((*flags & mask) != (sdata->u.mntr_flags & mask))
+ return -EBUSY;
+
+ ieee80211_adjust_monitor_flags(sdata, -1);
+@@ -444,7 +447,7 @@ static void sta_set_sinfo(struct sta_inf
struct ieee80211_local *local = sdata->local;
struct timespec uptime;
u64 packets = 0;
sinfo->generation = sdata->local->sta_generation;
-@@ -488,6 +488,17 @@ static void sta_set_sinfo(struct sta_inf
+@@ -488,6 +491,17 @@ static void sta_set_sinfo(struct sta_inf
sinfo->signal = (s8)sta->last_signal;
sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
}
sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate);
sta_set_rate_info_rx(sta, &sinfo->rxrate);
-@@ -1052,6 +1063,7 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1052,6 +1066,7 @@ static int ieee80211_stop_ap(struct wiph
ieee80211_free_keys(sdata);
sdata->vif.bss_conf.enable_beacon = false;
clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
-@@ -2416,9 +2428,22 @@ static int ieee80211_set_bitrate_mask(st
+@@ -2416,9 +2431,22 @@ static int ieee80211_set_bitrate_mask(st
}
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -450,7 +450,6 @@ int ieee80211_do_open(struct wireless_de
+@@ -159,7 +159,8 @@ static int ieee80211_change_mtu(struct n
+ return 0;
+ }
+
+-static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr)
++static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr,
++ bool check_dup)
+ {
+ struct ieee80211_sub_if_data *sdata;
+ u64 new, mask, tmp;
+@@ -179,10 +180,13 @@ static int ieee80211_verify_mac(struct i
+ ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
+ ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
+
++ if (!check_dup)
++ return ret;
+
+ mutex_lock(&local->iflist_mtx);
+ list_for_each_entry(sdata, &local->interfaces, list) {
+- if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
+ continue;
+
+ m = sdata->vif.addr;
+@@ -204,12 +208,17 @@ static int ieee80211_change_mac(struct n
+ {
+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ struct sockaddr *sa = addr;
++ bool check_dup = true;
+ int ret;
+
+ if (ieee80211_sdata_running(sdata))
+ return -EBUSY;
+
+- ret = ieee80211_verify_mac(sdata->local, sa->sa_data);
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ check_dup = false;
++
++ ret = ieee80211_verify_mac(sdata->local, sa->sa_data, check_dup);
+ if (ret)
+ return ret;
+
+@@ -450,7 +459,6 @@ int ieee80211_do_open(struct wireless_de
struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
struct net_device *dev = wdev->netdev;
struct ieee80211_local *local = sdata->local;
u32 changed = 0;
int res;
u32 hw_reconf_flags = 0;
-@@ -609,30 +608,8 @@ int ieee80211_do_open(struct wireless_de
+@@ -474,6 +482,9 @@ int ieee80211_do_open(struct wireless_de
+ master->control_port_protocol;
+ sdata->control_port_no_encrypt =
+ master->control_port_no_encrypt;
++ sdata->vif.cab_queue = master->vif.cab_queue;
++ memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
++ sizeof(sdata->vif.hw_queue));
+ break;
+ }
+ case NL80211_IFTYPE_AP:
+@@ -538,7 +549,11 @@ int ieee80211_do_open(struct wireless_de
+ break;
+ }
+
+- if (local->monitors == 0 && local->open_count == 0) {
++ if (sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE) {
++ res = drv_add_interface(local, sdata);
++ if (res)
++ goto err_stop;
++ } else if (local->monitors == 0 && local->open_count == 0) {
+ res = ieee80211_add_virtual_monitor(local);
+ if (res)
+ goto err_stop;
+@@ -609,30 +624,8 @@ int ieee80211_do_open(struct wireless_de
set_bit(SDATA_STATE_RUNNING, &sdata->state);
/*
* set_multicast_list will be invoked by the networking core
-@@ -1092,6 +1069,74 @@ static void ieee80211_if_setup(struct ne
+@@ -653,7 +646,11 @@ int ieee80211_do_open(struct wireless_de
+
+ ieee80211_recalc_ps(local, -1);
+
+- if (dev) {
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
++ sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
++ /* XXX: for AP_VLAN, actually track AP queues */
++ netif_tx_start_all_queues(dev);
++ } else if (dev) {
+ unsigned long flags;
+ int n_acs = IEEE80211_NUM_ACS;
+ int ac;
+@@ -916,7 +913,11 @@ static void ieee80211_do_stop(struct iee
+ mutex_lock(&local->mtx);
+ ieee80211_recalc_idle(local);
+ mutex_unlock(&local->mtx);
+- break;
++
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ break;
++
++ /* fall through */
+ default:
+ if (going_down)
+ drv_remove_interface(local, sdata);
+@@ -1075,7 +1076,7 @@ static const struct net_device_ops ieee8
+ .ndo_start_xmit = ieee80211_monitor_start_xmit,
+ .ndo_set_rx_mode = ieee80211_set_multicast_list,
+ .ndo_change_mtu = ieee80211_change_mtu,
+- .ndo_set_mac_address = eth_mac_addr,
++ .ndo_set_mac_address = ieee80211_change_mac,
+ .ndo_select_queue = ieee80211_monitor_select_queue,
+ };
+
+@@ -1092,6 +1093,74 @@ static void ieee80211_if_setup(struct ne
dev->destructor = free_netdev;
}
static void ieee80211_iface_work(struct work_struct *work)
{
struct ieee80211_sub_if_data *sdata =
-@@ -1196,6 +1241,9 @@ static void ieee80211_iface_work(struct
+@@ -1196,6 +1265,9 @@ static void ieee80211_iface_work(struct
break;
ieee80211_mesh_rx_queued_mgmt(sdata, skb);
break;
default:
WARN(1, "frame for unexpected interface type");
break;
+@@ -1718,6 +1790,15 @@ void ieee80211_remove_interfaces(struct
+
+ ASSERT_RTNL();
+
++ /*
++ * Close all AP_VLAN interfaces first, as otherwise they
++ * might be closed while the AP interface they belong to
++ * is closed, causing unregister_netdevice_many() to crash.
++ */
++ list_for_each_entry(sdata, &local->interfaces, list)
++ if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
++ dev_close(sdata->dev);
++
+ mutex_lock(&local->iflist_mtx);
+ list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
+ list_del(&sdata->list);
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -674,6 +674,7 @@ int ieee80211_register_hw(struct ieee802
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
return ret;
}
-@@ -660,7 +661,7 @@ void ieee80211_queue_delayed_work(struct
+@@ -559,6 +560,9 @@ void ieee80211_iterate_active_interfaces
+ list_for_each_entry(sdata, &local->interfaces, list) {
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_MONITOR:
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ continue;
++ break;
+ case NL80211_IFTYPE_AP_VLAN:
+ continue;
+ default:
+@@ -597,6 +601,9 @@ void ieee80211_iterate_active_interfaces
+ list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_MONITOR:
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ continue;
++ break;
+ case NL80211_IFTYPE_AP_VLAN:
+ continue;
+ default:
+@@ -660,7 +667,7 @@ void ieee80211_queue_delayed_work(struct
}
EXPORT_SYMBOL(ieee80211_queue_delayed_work);
struct ieee802_11_elems *elems,
u64 filter, u32 crc)
{
-@@ -668,6 +669,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -668,6 +675,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start
u8 *pos = start;
bool calc_crc = filter != 0;
DECLARE_BITMAP(seen_elems, 256);
bitmap_zero(seen_elems, 256);
memset(elems, 0, sizeof(*elems));
-@@ -715,6 +717,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -715,6 +723,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start
case WLAN_EID_COUNTRY:
case WLAN_EID_PWR_CONSTRAINT:
case WLAN_EID_TIMEOUT_INTERVAL:
if (test_bit(id, seen_elems)) {
elems->parse_error = true;
left -= elen;
-@@ -862,6 +870,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -862,6 +876,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start
}
elems->ch_switch_ie = (void *)pos;
break;
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
+@@ -2395,6 +2401,8 @@ enum nl80211_survey_info {
+ * @NL80211_MNTR_FLAG_OTHER_BSS: disable BSSID filtering
+ * @NL80211_MNTR_FLAG_COOK_FRAMES: report frames after processing.
+ * overrides all other flags.
++ * @NL80211_MNTR_FLAG_ACTIVE: use the configured MAC address
++ * and ACK incoming unicast packets.
+ *
+ * @__NL80211_MNTR_FLAG_AFTER_LAST: internal use
+ * @NL80211_MNTR_FLAG_MAX: highest possible monitor flag
+@@ -2406,6 +2414,7 @@ enum nl80211_mntr_flags {
+ NL80211_MNTR_FLAG_CONTROL,
+ NL80211_MNTR_FLAG_OTHER_BSS,
+ NL80211_MNTR_FLAG_COOK_FRAMES,
++ NL80211_MNTR_FLAG_ACTIVE,
+
+ /* keep last */
+ __NL80211_MNTR_FLAG_AFTER_LAST,
+@@ -3557,6 +3566,7 @@ enum nl80211_feature_flags {
+ NL80211_FEATURE_ADVERTISE_CHAN_LIMITS = 1 << 14,
+ NL80211_FEATURE_FULL_AP_CLIENT_STATE = 1 << 15,
+ NL80211_FEATURE_USERSPACE_MPM = 1 << 16,
++ NL80211_FEATURE_ACTIVE_MONITOR = 1 << 17,
+ };
+
+ /**
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -358,6 +358,8 @@ struct sta_info *sta_info_alloc(struct i
kfree(sta);
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -3367,6 +3367,32 @@ static bool nl80211_put_sta_rate(struct
+@@ -2270,6 +2270,7 @@ static const struct nla_policy mntr_flag
+ [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
+ [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
+ [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
++ [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
+ };
+
+ static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
+@@ -2381,6 +2382,10 @@ static int nl80211_set_interface(struct
+ change = true;
+ }
+
++ if ((*flags & NL80211_MNTR_FLAG_ACTIVE) &&
++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
++ return -EOPNOTSUPP;
++
+ if (change)
+ err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
+ else
+@@ -2438,6 +2443,11 @@ static int nl80211_new_interface(struct
+ err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
+ info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
+ &flags);
++
++ if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) &&
++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
++ return -EOPNOTSUPP;
++
+ wdev = rdev_add_virtual_intf(rdev,
+ nla_data(info->attrs[NL80211_ATTR_IFNAME]),
+ type, err ? NULL : &flags, ¶ms);
+@@ -3367,6 +3377,32 @@ static bool nl80211_put_sta_rate(struct
return true;
}
static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
int flags,
struct cfg80211_registered_device *rdev,
-@@ -3438,6 +3464,18 @@ static int nl80211_send_station(struct s
+@@ -3402,7 +3438,7 @@ static int nl80211_send_station(struct s
+ (u32)sinfo->rx_bytes))
+ goto nla_put_failure;
+ if ((sinfo->filled & (STATION_INFO_TX_BYTES |
+- NL80211_STA_INFO_TX_BYTES64)) &&
++ STATION_INFO_TX_BYTES64)) &&
+ nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
+ (u32)sinfo->tx_bytes))
+ goto nla_put_failure;
+@@ -3438,6 +3474,18 @@ static int nl80211_send_station(struct s
default:
break;
}
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT)
hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
+@@ -776,6 +777,8 @@ void ath9k_set_hw_capab(struct ath_softc
+ if (AR_SREV_9160_10_OR_LATER(sc->sc_ah) || ath9k_modparam_nohwcrypt)
+ hw->flags |= IEEE80211_HW_MFP_CAPABLE;
+
++ hw->wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR;
++
+ hw->wiphy->interface_modes =
+ BIT(NL80211_IFTYPE_P2P_GO) |
+ BIT(NL80211_IFTYPE_P2P_CLIENT) |
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -157,6 +157,13 @@ static void ath_send_bar(struct ath_atx_
+@@ -125,24 +125,6 @@ static void ath_tx_queue_tid(struct ath_
+ list_add_tail(&ac->list, &txq->axq_acq);
+ }
+
+-static void ath_tx_resume_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
+-{
+- struct ath_txq *txq = tid->ac->txq;
+-
+- WARN_ON(!tid->paused);
+-
+- ath_txq_lock(sc, txq);
+- tid->paused = false;
+-
+- if (skb_queue_empty(&tid->buf_q))
+- goto unlock;
+-
+- ath_tx_queue_tid(txq, tid);
+- ath_txq_schedule(sc, txq);
+-unlock:
+- ath_txq_unlock_complete(sc, txq);
+-}
+-
+ static struct ath_frame_info *get_frame_info(struct sk_buff *skb)
+ {
+ struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
+@@ -157,6 +139,13 @@ static void ath_send_bar(struct ath_atx_
seqno << IEEE80211_SEQ_SEQ_SHIFT);
}
static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
{
struct ath_txq *txq = tid->ac->txq;
-@@ -189,6 +196,7 @@ static void ath_tx_flush_tid(struct ath_
+@@ -189,15 +178,11 @@ static void ath_tx_flush_tid(struct ath_
ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
sendbar = true;
} else {
ath_tx_send_normal(sc, txq, NULL, skb);
}
}
-@@ -407,7 +415,7 @@ static void ath_tx_complete_aggr(struct
+
+- if (tid->baw_head == tid->baw_tail) {
+- tid->state &= ~AGGR_ADDBA_COMPLETE;
+- tid->state &= ~AGGR_CLEANUP;
+- }
+-
+ if (sendbar) {
+ ath_txq_unlock(sc, txq);
+ ath_send_bar(tid, tid->seq_start);
+@@ -269,9 +254,7 @@ static void ath_tid_drain(struct ath_sof
+
+ list_add_tail(&bf->list, &bf_head);
+
+- if (fi->retries)
+- ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
+-
++ ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
+ ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
+ }
+
+@@ -407,7 +390,7 @@ static void ath_tx_complete_aggr(struct
tx_info = IEEE80211_SKB_CB(skb);
retries = ts->ts_longretry + 1;
for (i = 0; i < ts->ts_rateindex; i++)
-@@ -736,8 +744,6 @@ static int ath_compute_num_delims(struct
+@@ -483,19 +466,19 @@ static void ath_tx_complete_aggr(struct
+ tx_info = IEEE80211_SKB_CB(skb);
+ fi = get_frame_info(skb);
+
+- if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) {
++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) {
++ /*
++ * Outside of the current BlockAck window,
++ * maybe part of a previous session
++ */
++ txfail = 1;
++ } else if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) {
+ /* transmit completion, subframe is
+ * acked by block ack */
+ acked_cnt++;
+ } else if (!isaggr && txok) {
+ /* transmit completion */
+ acked_cnt++;
+- } else if (tid->state & AGGR_CLEANUP) {
+- /*
+- * cleanup in progress, just fail
+- * the un-acked sub-frames
+- */
+- txfail = 1;
+ } else if (flush) {
+ txpending = 1;
+ } else if (fi->retries < ATH_MAX_SW_RETRIES) {
+@@ -519,7 +502,7 @@ static void ath_tx_complete_aggr(struct
+ if (bf_next != NULL || !bf_last->bf_stale)
+ list_move_tail(&bf->list, &bf_head);
+
+- if (!txpending || (tid->state & AGGR_CLEANUP)) {
++ if (!txpending) {
+ /*
+ * complete the acked-ones/xretried ones; update
+ * block-ack window
+@@ -593,9 +576,6 @@ static void ath_tx_complete_aggr(struct
+ ath_txq_lock(sc, txq);
+ }
+
+- if (tid->state & AGGR_CLEANUP)
+- ath_tx_flush_tid(sc, tid);
+-
+ rcu_read_unlock();
+
+ if (needreset)
+@@ -612,6 +592,7 @@ static void ath_tx_process_buffer(struct
+ struct ath_tx_status *ts, struct ath_buf *bf,
+ struct list_head *bf_head)
+ {
++ struct ieee80211_tx_info *info;
+ bool txok, flush;
+
+ txok = !(ts->ts_status & ATH9K_TXERR_MASK);
+@@ -623,8 +604,12 @@ static void ath_tx_process_buffer(struct
+ txq->axq_ampdu_depth--;
+
+ if (!bf_isampdu(bf)) {
+- if (!flush)
++ if (!flush) {
++ info = IEEE80211_SKB_CB(bf->bf_mpdu);
++ memcpy(info->control.rates, bf->rates,
++ sizeof(info->control.rates));
+ ath_tx_rc_status(sc, bf, ts, 1, txok ? 0 : 1, txok);
++ }
+ ath_tx_complete_buf(sc, bf, txq, bf_head, ts, txok);
+ } else
+ ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok);
+@@ -668,7 +653,7 @@ static u32 ath_lookup_rate(struct ath_so
+
+ skb = bf->bf_mpdu;
+ tx_info = IEEE80211_SKB_CB(skb);
+- rates = tx_info->control.rates;
++ rates = bf->rates;
+
+ /*
+ * Find the lowest frame length among the rate series that will have a
+@@ -736,8 +721,6 @@ static int ath_compute_num_delims(struct
bool first_subfrm)
{
#define FIRST_DESC_NDELIMS 60
u32 nsymbits, nsymbols;
u16 minlen;
u8 flags, rix;
-@@ -778,8 +784,8 @@ static int ath_compute_num_delims(struct
+@@ -778,8 +761,8 @@ static int ath_compute_num_delims(struct
if (tid->an->mpdudensity == 0)
return ndelim;
width = (flags & IEEE80211_TX_RC_40_MHZ_WIDTH) ? 1 : 0;
half_gi = (flags & IEEE80211_TX_RC_SHORT_GI) ? 1 : 0;
-@@ -858,6 +864,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_
+@@ -858,6 +841,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_
bf_first = bf;
if (!rl) {
aggr_limit = ath_lookup_rate(sc, bf, tid);
rl = 1;
}
-@@ -998,14 +1005,14 @@ static void ath_buf_set_rate(struct ath_
+@@ -998,14 +982,14 @@ static void ath_buf_set_rate(struct ath_
skb = bf->bf_mpdu;
tx_info = IEEE80211_SKB_CB(skb);
bool is_40, is_sgi, is_sp;
int phy;
-@@ -1743,6 +1750,7 @@ static void ath_tx_send_ampdu(struct ath
+@@ -1224,9 +1208,6 @@ int ath_tx_aggr_start(struct ath_softc *
+ an = (struct ath_node *)sta->drv_priv;
+ txtid = ATH_AN_2_TID(an, tid);
+
+- if (txtid->state & (AGGR_CLEANUP | AGGR_ADDBA_COMPLETE))
+- return -EAGAIN;
+-
+ /* update ampdu factor/density, they may have changed. This may happen
+ * in HT IBSS when a beacon with HT-info is received after the station
+ * has already been added.
+@@ -1238,7 +1219,7 @@ int ath_tx_aggr_start(struct ath_softc *
+ an->mpdudensity = density;
+ }
+
+- txtid->state |= AGGR_ADDBA_PROGRESS;
++ txtid->active = true;
+ txtid->paused = true;
+ *ssn = txtid->seq_start = txtid->seq_next;
+ txtid->bar_index = -1;
+@@ -1255,28 +1236,9 @@ void ath_tx_aggr_stop(struct ath_softc *
+ struct ath_atx_tid *txtid = ATH_AN_2_TID(an, tid);
+ struct ath_txq *txq = txtid->ac->txq;
+
+- if (txtid->state & AGGR_CLEANUP)
+- return;
+-
+- if (!(txtid->state & AGGR_ADDBA_COMPLETE)) {
+- txtid->state &= ~AGGR_ADDBA_PROGRESS;
+- return;
+- }
+-
+ ath_txq_lock(sc, txq);
++ txtid->active = false;
+ txtid->paused = true;
+-
+- /*
+- * If frames are still being transmitted for this TID, they will be
+- * cleaned up during tx completion. To prevent race conditions, this
+- * TID can only be reused after all in-progress subframes have been
+- * completed.
+- */
+- if (txtid->baw_head != txtid->baw_tail)
+- txtid->state |= AGGR_CLEANUP;
+- else
+- txtid->state &= ~AGGR_ADDBA_COMPLETE;
+-
+ ath_tx_flush_tid(sc, txtid);
+ ath_txq_unlock_complete(sc, txq);
+ }
+@@ -1342,18 +1304,28 @@ void ath_tx_aggr_wakeup(struct ath_softc
+ }
+ }
+
+-void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid)
++void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta,
++ u16 tidno)
+ {
+- struct ath_atx_tid *txtid;
++ struct ath_atx_tid *tid;
+ struct ath_node *an;
++ struct ath_txq *txq;
+
+ an = (struct ath_node *)sta->drv_priv;
++ tid = ATH_AN_2_TID(an, tidno);
++ txq = tid->ac->txq;
+
+- txtid = ATH_AN_2_TID(an, tid);
+- txtid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor;
+- txtid->state |= AGGR_ADDBA_COMPLETE;
+- txtid->state &= ~AGGR_ADDBA_PROGRESS;
+- ath_tx_resume_tid(sc, txtid);
++ ath_txq_lock(sc, txq);
++
++ tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor;
++ tid->paused = false;
++
++ if (!skb_queue_empty(&tid->buf_q)) {
++ ath_tx_queue_tid(txq, tid);
++ ath_txq_schedule(sc, txq);
++ }
++
++ ath_txq_unlock_complete(sc, txq);
+ }
+
+ /********************/
+@@ -1743,6 +1715,7 @@ static void ath_tx_send_ampdu(struct ath
return;
}
bf->bf_state.bf_type = BUF_AMPDU;
INIT_LIST_HEAD(&bf_head);
list_add(&bf->list, &bf_head);
-@@ -1892,49 +1900,6 @@ static struct ath_buf *ath_tx_setup_buff
+@@ -1892,49 +1865,6 @@ static struct ath_buf *ath_tx_setup_buff
return bf;
}
/* Upon failure caller should free skb */
int ath_tx_start(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ath_tx_control *txctl)
-@@ -1945,8 +1910,11 @@ int ath_tx_start(struct ieee80211_hw *hw
+@@ -1945,8 +1875,11 @@ int ath_tx_start(struct ieee80211_hw *hw
struct ieee80211_vif *vif = info->control.vif;
struct ath_softc *sc = hw->priv;
struct ath_txq *txq = txctl->txq;
int q;
/* NOTE: sta can be NULL according to net/mac80211.h */
-@@ -2002,8 +1970,41 @@ int ath_tx_start(struct ieee80211_hw *hw
+@@ -2002,8 +1935,41 @@ int ath_tx_start(struct ieee80211_hw *hw
txq->stopped = true;
}
+ tidno = ieee80211_get_qos_ctl(hdr)[0] &
+ IEEE80211_QOS_CTL_TID_MASK;
+ tid = ATH_AN_2_TID(txctl->an, tidno);
-+
+
+ WARN_ON(tid->ac->txq != txctl->txq);
+ }
+
+
+ ath_set_rates(vif, sta, bf);
+ ath_tx_send_normal(sc, txctl->txq, tid, skb);
-
++
+out:
ath_txq_unlock(sc, txq);
return 0;
+@@ -2408,12 +2374,10 @@ void ath_tx_node_init(struct ath_softc *
+ tid->baw_head = tid->baw_tail = 0;
+ tid->sched = false;
+ tid->paused = false;
+- tid->state &= ~AGGR_CLEANUP;
++ tid->active = false;
+ __skb_queue_head_init(&tid->buf_q);
+ acno = TID_TO_WME_AC(tidno);
+ tid->ac = &an->ac[acno];
+- tid->state &= ~AGGR_ADDBA_COMPLETE;
+- tid->state &= ~AGGR_ADDBA_PROGRESS;
+ }
+
+ for (acno = 0, ac = &an->ac[acno];
+@@ -2450,9 +2414,9 @@ void ath_tx_node_cleanup(struct ath_soft
+ }
+
+ ath_tid_drain(sc, txq, tid);
+- tid->state &= ~AGGR_ADDBA_COMPLETE;
+- tid->state &= ~AGGR_CLEANUP;
++ tid->active = false;
+
+ ath_txq_unlock(sc, txq);
+ }
+ }
++
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -124,7 +124,7 @@ static bool ath_rx_edma_buf_link(struct
if (wdev->sme_state == CFG80211_SME_CONNECTED)
__cfg80211_disconnected(dev, NULL, 0, 0, false);
else if (wdev->sme_state == CFG80211_SME_CONNECTING)
+--- a/drivers/net/wireless/ath/ath9k/rc.c
++++ b/drivers/net/wireless/ath/ath9k/rc.c
+@@ -1227,10 +1227,7 @@ static bool ath_tx_aggr_check(struct ath
+ return false;
+
+ txtid = ATH_AN_2_TID(an, tidno);
+-
+- if (!(txtid->state & (AGGR_ADDBA_COMPLETE | AGGR_ADDBA_PROGRESS)))
+- return true;
+- return false;
++ return !txtid->active;
+ }
+
+
+--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
+@@ -334,7 +334,8 @@ static void ar9003_hw_spur_ofdm(struct a
+ REG_RMW_FIELD(ah, AR_PHY_SPUR_REG,
+ AR_PHY_SPUR_REG_EN_VIT_SPUR_RSSI, 1);
+
+- if (REG_READ_FIELD(ah, AR_PHY_MODE,
++ if (!AR_SREV_9340(ah) &&
++ REG_READ_FIELD(ah, AR_PHY_MODE,
+ AR_PHY_MODE_DYNAMIC) == 0x1)
+ REG_RMW_FIELD(ah, AR_PHY_SPUR_REG,
+ AR_PHY_SPUR_REG_ENABLE_NF_RSSI_SPUR_MIT, 1);
+--- a/drivers/net/wireless/ath/ath9k/mac.c
++++ b/drivers/net/wireless/ath/ath9k/mac.c
+@@ -410,7 +410,7 @@ bool ath9k_hw_resettxqueue(struct ath_hw
+
+ REG_WRITE(ah, AR_QMISC(q), AR_Q_MISC_DCU_EARLY_TERM_REQ);
+
+- if (AR_SREV_9340(ah))
++ if (AR_SREV_9340(ah) && !AR_SREV_9340_13_OR_LATER(ah))
+ REG_WRITE(ah, AR_DMISC(q),
+ AR_D_MISC_CW_BKOFF_EN | AR_D_MISC_FRAG_WAIT_EN | 0x1);
+ else
+--- a/net/mac80211/driver-ops.h
++++ b/net/mac80211/driver-ops.h
+@@ -146,7 +146,8 @@ static inline int drv_add_interface(stru
+
+ if (WARN_ON(sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
+ (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
+- !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))))
++ !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF) &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))))
+ return -EINVAL;
+
+ trace_drv_add_interface(local, sdata);
+--- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
+@@ -454,6 +454,8 @@ static bool create_pa_curve(u32 *data_L,
+ if (accum_cnt <= thresh_accum_cnt)
+ continue;
+
++ max_index++;
++
+ /* sum(tx amplitude) */
+ accum_tx = ((data_L[i] >> 16) & 0xffff) |
+ ((data_U[i] & 0x7ff) << 16);
+@@ -468,20 +470,21 @@ static bool create_pa_curve(u32 *data_L,
+
+ accum_tx <<= scale_factor;
+ accum_rx <<= scale_factor;
+- x_est[i + 1] = (((accum_tx + accum_cnt) / accum_cnt) + 32) >>
+- scale_factor;
++ x_est[max_index] =
++ (((accum_tx + accum_cnt) / accum_cnt) + 32) >>
++ scale_factor;
+
+- Y[i + 1] = ((((accum_rx + accum_cnt) / accum_cnt) + 32) >>
++ Y[max_index] =
++ ((((accum_rx + accum_cnt) / accum_cnt) + 32) >>
+ scale_factor) +
+- (1 << scale_factor) * max_index + 16;
++ (1 << scale_factor) * i + 16;
+
+ if (accum_ang >= (1 << 26))
+ accum_ang -= 1 << 27;
+
+- theta[i + 1] = ((accum_ang * (1 << scale_factor)) + accum_cnt) /
+- accum_cnt;
+-
+- max_index++;
++ theta[max_index] =
++ ((accum_ang * (1 << scale_factor)) + accum_cnt) /
++ accum_cnt;
+ }
+
+ /*