struct ath_tx_control {
struct ath_txq *txq;
struct ath_node *an;
-@@ -658,11 +655,10 @@ enum sc_op_flags {
+@@ -299,6 +296,7 @@ struct ath_tx {
+ struct ath_txq txq[ATH9K_NUM_TX_QUEUES];
+ struct ath_descdma txdma;
+ struct ath_txq *txq_map[IEEE80211_NUM_ACS];
++ struct ath_txq *uapsdq;
+ u32 txq_max_pending[IEEE80211_NUM_ACS];
+ u16 max_aggr_framelen[IEEE80211_NUM_ACS][4][32];
+ };
+@@ -356,6 +354,11 @@ void ath_tx_aggr_resume(struct ath_softc
+ void ath_tx_aggr_wakeup(struct ath_softc *sc, struct ath_node *an);
+ void ath_tx_aggr_sleep(struct ieee80211_sta *sta, struct ath_softc *sc,
+ struct ath_node *an);
++void ath9k_release_buffered_frames(struct ieee80211_hw *hw,
++ struct ieee80211_sta *sta,
++ u16 tids, int nframes,
++ enum ieee80211_frame_release_type reason,
++ bool more_data);
+
+ /********/
+ /* VIFs */
+@@ -410,6 +413,7 @@ struct ath_beacon {
+ struct ath_descdma bdma;
+ struct ath_txq *cabq;
+ struct list_head bbuf;
++ int cabq_dur;
+
+ bool tx_processed;
+ bool tx_last;
+@@ -658,11 +662,10 @@ enum sc_op_flags {
struct ath_rate_table;
struct ath9k_vif_iter_data {
int nstations; /* number of station vifs */
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -1366,7 +1366,10 @@ static bool ath9k_hw_set_reset(struct at
+@@ -1171,6 +1171,7 @@ u32 ath9k_regd_get_ctl(struct ath_regula
+ static inline void ath9k_hw_set_dma(struct ath_hw *ah)
+ {
+ struct ath_common *common = ath9k_hw_common(ah);
++ int txbuf_size;
+
+ ENABLE_REGWRITE_BUFFER(ah);
+
+@@ -1224,13 +1225,17 @@ static inline void ath9k_hw_set_dma(stru
+ * So set the usable tx buf size also to half to
+ * avoid data/delimiter underruns
+ */
+- REG_WRITE(ah, AR_PCU_TXBUF_CTRL,
+- AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE);
+- } else if (!AR_SREV_9271(ah)) {
+- REG_WRITE(ah, AR_PCU_TXBUF_CTRL,
+- AR_PCU_TXBUF_CTRL_USABLE_SIZE);
++ txbuf_size = AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE;
++ } else if (AR_SREV_9340_13_OR_LATER(ah)) {
++ /* Uses fewer entries for AR934x v1.3+ to prevent rx overruns */
++ txbuf_size = AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE;
++ } else {
++ txbuf_size = AR_PCU_TXBUF_CTRL_USABLE_SIZE;
+ }
+
++ if (!AR_SREV_9271(ah))
++ REG_WRITE(ah, AR_PCU_TXBUF_CTRL, txbuf_size);
++
+ REGWRITE_BUFFER_FLUSH(ah);
+
+ if (AR_SREV_9300_20_OR_LATER(ah))
+@@ -1305,9 +1310,13 @@ static bool ath9k_hw_set_reset(struct at
+ AR_RTC_RC_COLD_RESET | AR_RTC_RC_WARM_RESET;
+ } else {
+ tmpReg = REG_READ(ah, AR_INTR_SYNC_CAUSE);
+- if (tmpReg &
+- (AR_INTR_SYNC_LOCAL_TIMEOUT |
+- AR_INTR_SYNC_RADM_CPL_TIMEOUT)) {
++ if (AR_SREV_9340(ah))
++ tmpReg &= AR9340_INTR_SYNC_LOCAL_TIMEOUT;
++ else
++ tmpReg &= AR_INTR_SYNC_LOCAL_TIMEOUT |
++ AR_INTR_SYNC_RADM_CPL_TIMEOUT;
++
++ if (tmpReg) {
+ u32 val;
+ REG_WRITE(ah, AR_INTR_SYNC_ENABLE, 0);
+
+@@ -1366,7 +1375,10 @@ static bool ath9k_hw_set_reset(struct at
REGWRITE_BUFFER_FLUSH(ah);
REG_WRITE(ah, AR_RTC_RC, 0);
if (!ath9k_hw_wait(ah, AR_RTC_RC, AR_RTC_RC_M, 0, AH_WAIT_TIMEOUT)) {
-@@ -1377,8 +1380,12 @@ static bool ath9k_hw_set_reset(struct at
+@@ -1377,8 +1389,12 @@ static bool ath9k_hw_set_reset(struct at
if (!AR_SREV_9100(ah))
REG_WRITE(ah, AR_RC, 0);
return true;
}
-@@ -1464,7 +1471,8 @@ static bool ath9k_hw_chip_reset(struct a
+@@ -1464,7 +1480,8 @@ static bool ath9k_hw_chip_reset(struct a
reset_type = ATH9K_RESET_POWER_ON;
else
reset_type = ATH9K_RESET_COLD;
(REG_READ(ah, AR_CR) & AR_CR_RXE))
reset_type = ATH9K_RESET_COLD;
-@@ -1698,12 +1706,11 @@ static void ath9k_hw_reset_opmode(struct
+@@ -1698,12 +1715,11 @@ static void ath9k_hw_reset_opmode(struct
ENABLE_REGWRITE_BUFFER(ah);
ath9k_ps_restore(sc);
break;
case IEEE80211_AMPDU_TX_OPERATIONAL:
+@@ -2366,6 +2378,7 @@ struct ieee80211_ops ath9k_ops = {
+ .flush = ath9k_flush,
+ .tx_frames_pending = ath9k_tx_frames_pending,
+ .tx_last_beacon = ath9k_tx_last_beacon,
++ .release_buffered_frames = ath9k_release_buffered_frames,
+ .get_stats = ath9k_get_stats,
+ .set_antenna = ath9k_set_antenna,
+ .get_antenna = ath9k_get_antenna,
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
-@@ -1493,9 +1493,6 @@ enum {
+@@ -798,6 +798,10 @@
+ #define AR_SREV_REVISION_9485_10 0
+ #define AR_SREV_REVISION_9485_11 1
+ #define AR_SREV_VERSION_9340 0x300
++#define AR_SREV_REVISION_9340_10 0
++#define AR_SREV_REVISION_9340_11 1
++#define AR_SREV_REVISION_9340_12 2
++#define AR_SREV_REVISION_9340_13 3
+ #define AR_SREV_VERSION_9580 0x1C0
+ #define AR_SREV_REVISION_9580_10 4 /* AR9580 1.0 */
+ #define AR_SREV_VERSION_9462 0x280
+@@ -897,6 +901,10 @@
+ #define AR_SREV_9340(_ah) \
+ (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9340))
+
++#define AR_SREV_9340_13_OR_LATER(_ah) \
++ (AR_SREV_9340((_ah)) && \
++ ((_ah)->hw_version.macRev >= AR_SREV_REVISION_9340_13))
++
+ #define AR_SREV_9285E_20(_ah) \
+ (AR_SREV_9285_12_OR_LATER(_ah) && \
+ ((REG_READ(_ah, AR_AN_SYNTH9) & 0x7) == 0x1))
+@@ -1007,6 +1015,8 @@ enum {
+ AR_INTR_SYNC_LOCAL_TIMEOUT |
+ AR_INTR_SYNC_MAC_SLEEP_ACCESS),
+
++ AR9340_INTR_SYNC_LOCAL_TIMEOUT = 0x00000010,
++
+ AR_INTR_SYNC_SPURIOUS = 0xFFFFFFFF,
+
+ };
+@@ -1493,9 +1503,6 @@ enum {
#define AR9271_RADIO_RF_RST 0x20
#define AR9271_GATE_MAC_CTL 0x4000
#define AR_STA_ID1_STA_AP 0x00010000
#define AR_STA_ID1_ADHOC 0x00020000
#define AR_STA_ID1_PWR_SAV 0x00040000
+@@ -1884,6 +1891,7 @@ enum {
+ #define AR_PCU_TXBUF_CTRL_SIZE_MASK 0x7FF
+ #define AR_PCU_TXBUF_CTRL_USABLE_SIZE 0x700
+ #define AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE 0x380
++#define AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE 0x500
+
+ #define AR_PCU_MISC_MODE2 0x8344
+ #define AR_PCU_MISC_MODE2_MGMT_CRYPTO_ENABLE 0x00000002
--- a/drivers/net/wireless/ath/hw.c
+++ b/drivers/net/wireless/ath/hw.c
@@ -118,6 +118,12 @@
struct rate_info txrate;
struct rate_info rxrate;
u32 rx_packets;
-@@ -4027,6 +4041,17 @@ bool cfg80211_reg_can_beacon(struct wiph
+@@ -954,6 +968,7 @@ enum monitor_flags {
+ MONITOR_FLAG_CONTROL = 1<<NL80211_MNTR_FLAG_CONTROL,
+ MONITOR_FLAG_OTHER_BSS = 1<<NL80211_MNTR_FLAG_OTHER_BSS,
+ MONITOR_FLAG_COOK_FRAMES = 1<<NL80211_MNTR_FLAG_COOK_FRAMES,
++ MONITOR_FLAG_ACTIVE = 1<<NL80211_MNTR_FLAG_ACTIVE,
+ };
+
+ /**
+@@ -4027,6 +4042,17 @@ bool cfg80211_reg_can_beacon(struct wiph
void cfg80211_ch_switch_notify(struct net_device *dev,
struct cfg80211_chan_def *chandef);
* @ssid_len: Length of SSID given in @ssid.
* @hidden_ssid: The SSID of the current vif is hidden. Only valid in AP-mode.
* @txpower: TX power in dBm
-@@ -562,6 +562,9 @@ enum mac80211_rate_control_flags {
+@@ -459,6 +459,8 @@ struct ieee80211_bss_conf {
+ * @IEEE80211_TX_CTL_DONTFRAG: Don't fragment this packet even if it
+ * would be fragmented by size (this is optional, only used for
+ * monitor injection).
++ * @IEEE80211_TX_CTL_PS_RESPONSE: This frame is a response to a poll
++ * frame (PS-Poll or uAPSD).
+ *
+ * Note: If you have to add new flags to the enumeration, then don't
+ * forget to update %IEEE80211_TX_TEMPORARY_FLAGS when necessary.
+@@ -494,6 +496,7 @@ enum mac80211_tx_control_flags {
+ IEEE80211_TX_STATUS_EOSP = BIT(28),
+ IEEE80211_TX_CTL_USE_MINRATE = BIT(29),
+ IEEE80211_TX_CTL_DONTFRAG = BIT(30),
++ IEEE80211_TX_CTL_PS_RESPONSE = BIT(31),
+ };
+
+ #define IEEE80211_TX_CTL_STBC_SHIFT 23
+@@ -562,6 +565,9 @@ enum mac80211_rate_control_flags {
/* maximum number of rate stages */
#define IEEE80211_TX_MAX_RATES 4
/**
* struct ieee80211_tx_rate - rate selection/status
*
-@@ -602,8 +605,8 @@ static inline void ieee80211_rate_set_vh
+@@ -602,8 +608,8 @@ static inline void ieee80211_rate_set_vh
u8 mcs, u8 nss)
{
WARN_ON(mcs & ~0xF);
}
static inline u8
-@@ -615,7 +618,7 @@ ieee80211_rate_get_vht_mcs(const struct
+@@ -615,7 +621,7 @@ ieee80211_rate_get_vht_mcs(const struct
static inline u8
ieee80211_rate_get_vht_nss(const struct ieee80211_tx_rate *rate)
{
}
/**
-@@ -656,7 +659,11 @@ struct ieee80211_tx_info {
+@@ -656,7 +662,11 @@ struct ieee80211_tx_info {
struct ieee80211_tx_rate rates[
IEEE80211_TX_MAX_RATES];
s8 rts_cts_rate_idx;
};
/* only needed before rate control */
unsigned long jiffies;
-@@ -677,6 +684,8 @@ struct ieee80211_tx_info {
+@@ -677,6 +687,8 @@ struct ieee80211_tx_info {
struct {
struct ieee80211_tx_rate driver_rates[
IEEE80211_TX_MAX_RATES];
void *rate_driver_data[
IEEE80211_TX_INFO_RATE_DRIVER_DATA_SIZE / sizeof(void *)];
};
-@@ -840,6 +849,9 @@ enum mac80211_rx_flags {
+@@ -840,6 +852,9 @@ enum mac80211_rx_flags {
* @signal: signal strength when receiving this frame, either in dBm, in dB or
* unspecified depending on the hardware capabilities flags
* @IEEE80211_HW_SIGNAL_*
* @antenna: antenna used
* @rate_idx: index of data rate into band's supported rates or MCS index if
* HT or VHT is used (%RX_FLAG_HT/%RX_FLAG_VHT)
-@@ -871,6 +883,8 @@ struct ieee80211_rx_status {
+@@ -871,6 +886,8 @@ struct ieee80211_rx_status {
u8 band;
u8 antenna;
s8 signal;
u8 ampdu_delimiter_crc;
u8 vendor_radiotap_align;
u8 vendor_radiotap_oui[3];
-@@ -1018,13 +1032,13 @@ struct ieee80211_conf {
+@@ -1018,13 +1035,13 @@ struct ieee80211_conf {
* the driver passed into mac80211.
* @block_tx: Indicates whether transmission must be blocked before the
* scheduled channel switch, as indicated by the AP.
u8 count;
};
-@@ -1222,6 +1236,24 @@ enum ieee80211_sta_rx_bandwidth {
+@@ -1222,6 +1239,24 @@ enum ieee80211_sta_rx_bandwidth {
};
/**
* struct ieee80211_sta - station table entry
*
* A station table entry represents a station we are possibly
-@@ -1248,6 +1280,7 @@ enum ieee80211_sta_rx_bandwidth {
+@@ -1248,6 +1283,7 @@ enum ieee80211_sta_rx_bandwidth {
* notifications and capabilities. The value is only valid after
* the station moves to associated state.
* @smps_mode: current SMPS mode (off, static or dynamic)
*/
struct ieee80211_sta {
u32 supp_rates[IEEE80211_NUM_BANDS];
-@@ -1261,6 +1294,7 @@ struct ieee80211_sta {
+@@ -1261,6 +1297,7 @@ struct ieee80211_sta {
u8 rx_nss;
enum ieee80211_sta_rx_bandwidth bandwidth;
enum ieee80211_smps_mode smps_mode;
/* must be last */
u8 drv_priv[0] __aligned(sizeof(void *));
-@@ -1416,6 +1450,9 @@ struct ieee80211_tx_control {
+@@ -1416,6 +1453,9 @@ struct ieee80211_tx_control {
* for different virtual interfaces. See the doc section on HW queue
* control for more details.
*
* @IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF: Use the P2P Device address for any
* P2P Interface. This will be honoured even if more than one interface
* is supported.
-@@ -1448,6 +1485,7 @@ enum ieee80211_hw_flags {
+@@ -1448,6 +1488,7 @@ enum ieee80211_hw_flags {
IEEE80211_HW_SUPPORTS_PER_STA_GTK = 1<<21,
IEEE80211_HW_AP_LINK_PS = 1<<22,
IEEE80211_HW_TX_AMPDU_SETUP_IN_HW = 1<<23,
IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF = 1<<25,
IEEE80211_HW_TIMING_BEACON_ONLY = 1<<26,
};
-@@ -3144,6 +3182,25 @@ void ieee80211_sta_set_buffered(struct i
+@@ -3144,6 +3185,25 @@ void ieee80211_sta_set_buffered(struct i
u8 tid, bool buffered);
/**
* ieee80211_tx_status - transmit status callback
*
* Call this function for all transmitted frames after they have been
-@@ -4118,7 +4175,7 @@ void ieee80211_send_bar(struct ieee80211
+@@ -4118,7 +4178,7 @@ void ieee80211_send_bar(struct ieee80211
* (deprecated; this will be removed once drivers get updated to use
* rate_idx_mask)
* @rate_idx_mask: user-requested (legacy) rate mask
* @bss: whether this frame is sent out in AP or IBSS mode
*/
struct ieee80211_tx_rate_control {
-@@ -4130,7 +4187,7 @@ struct ieee80211_tx_rate_control {
+@@ -4130,7 +4190,7 @@ struct ieee80211_tx_rate_control {
bool rts, short_preamble;
u8 max_rate_idx;
u32 rate_idx_mask;
bool bss;
};
-@@ -4219,6 +4276,22 @@ bool rate_usable_index_exists(struct iee
+@@ -4219,6 +4279,22 @@ bool rate_usable_index_exists(struct iee
return false;
}
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -444,7 +444,7 @@ static void sta_set_sinfo(struct sta_inf
+@@ -73,16 +73,19 @@ static int ieee80211_change_iface(struct
+ struct ieee80211_local *local = sdata->local;
+
+ if (ieee80211_sdata_running(sdata)) {
++ u32 mask = MONITOR_FLAG_COOK_FRAMES |
++ MONITOR_FLAG_ACTIVE;
++
+ /*
+- * Prohibit MONITOR_FLAG_COOK_FRAMES to be
+- * changed while the interface is up.
++ * Prohibit MONITOR_FLAG_COOK_FRAMES and
++ * MONITOR_FLAG_ACTIVE to be changed while the
++ * interface is up.
+ * Else we would need to add a lot of cruft
+ * to update everything:
+ * cooked_mntrs, monitor and all fif_* counters
+ * reconfigure hardware
+ */
+- if ((*flags & MONITOR_FLAG_COOK_FRAMES) !=
+- (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
++ if ((*flags & mask) != (sdata->u.mntr_flags & mask))
+ return -EBUSY;
+
+ ieee80211_adjust_monitor_flags(sdata, -1);
+@@ -444,7 +447,7 @@ static void sta_set_sinfo(struct sta_inf
struct ieee80211_local *local = sdata->local;
struct timespec uptime;
u64 packets = 0;
sinfo->generation = sdata->local->sta_generation;
-@@ -488,6 +488,17 @@ static void sta_set_sinfo(struct sta_inf
+@@ -488,6 +491,17 @@ static void sta_set_sinfo(struct sta_inf
sinfo->signal = (s8)sta->last_signal;
sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
}
sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate);
sta_set_rate_info_rx(sta, &sinfo->rxrate);
-@@ -1052,6 +1063,7 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1052,6 +1066,7 @@ static int ieee80211_stop_ap(struct wiph
ieee80211_free_keys(sdata);
sdata->vif.bss_conf.enable_beacon = false;
clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
-@@ -2416,9 +2428,22 @@ static int ieee80211_set_bitrate_mask(st
+@@ -2416,9 +2431,22 @@ static int ieee80211_set_bitrate_mask(st
}
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -450,7 +450,6 @@ int ieee80211_do_open(struct wireless_de
+@@ -159,7 +159,8 @@ static int ieee80211_change_mtu(struct n
+ return 0;
+ }
+
+-static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr)
++static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr,
++ bool check_dup)
+ {
+ struct ieee80211_sub_if_data *sdata;
+ u64 new, mask, tmp;
+@@ -179,10 +180,13 @@ static int ieee80211_verify_mac(struct i
+ ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
+ ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
+
++ if (!check_dup)
++ return ret;
+
+ mutex_lock(&local->iflist_mtx);
+ list_for_each_entry(sdata, &local->interfaces, list) {
+- if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
+ continue;
+
+ m = sdata->vif.addr;
+@@ -204,12 +208,17 @@ static int ieee80211_change_mac(struct n
+ {
+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ struct sockaddr *sa = addr;
++ bool check_dup = true;
+ int ret;
+
+ if (ieee80211_sdata_running(sdata))
+ return -EBUSY;
+
+- ret = ieee80211_verify_mac(sdata->local, sa->sa_data);
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ check_dup = false;
++
++ ret = ieee80211_verify_mac(sdata->local, sa->sa_data, check_dup);
+ if (ret)
+ return ret;
+
+@@ -450,7 +459,6 @@ int ieee80211_do_open(struct wireless_de
struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
struct net_device *dev = wdev->netdev;
struct ieee80211_local *local = sdata->local;
u32 changed = 0;
int res;
u32 hw_reconf_flags = 0;
-@@ -609,30 +608,8 @@ int ieee80211_do_open(struct wireless_de
+@@ -474,6 +482,9 @@ int ieee80211_do_open(struct wireless_de
+ master->control_port_protocol;
+ sdata->control_port_no_encrypt =
+ master->control_port_no_encrypt;
++ sdata->vif.cab_queue = master->vif.cab_queue;
++ memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
++ sizeof(sdata->vif.hw_queue));
+ break;
+ }
+ case NL80211_IFTYPE_AP:
+@@ -538,7 +549,11 @@ int ieee80211_do_open(struct wireless_de
+ break;
+ }
+
+- if (local->monitors == 0 && local->open_count == 0) {
++ if (sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE) {
++ res = drv_add_interface(local, sdata);
++ if (res)
++ goto err_stop;
++ } else if (local->monitors == 0 && local->open_count == 0) {
+ res = ieee80211_add_virtual_monitor(local);
+ if (res)
+ goto err_stop;
+@@ -609,30 +624,8 @@ int ieee80211_do_open(struct wireless_de
set_bit(SDATA_STATE_RUNNING, &sdata->state);
/*
* set_multicast_list will be invoked by the networking core
-@@ -1092,6 +1069,74 @@ static void ieee80211_if_setup(struct ne
+@@ -653,7 +646,11 @@ int ieee80211_do_open(struct wireless_de
+
+ ieee80211_recalc_ps(local, -1);
+
+- if (dev) {
++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
++ sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
++ /* XXX: for AP_VLAN, actually track AP queues */
++ netif_tx_start_all_queues(dev);
++ } else if (dev) {
+ unsigned long flags;
+ int n_acs = IEEE80211_NUM_ACS;
+ int ac;
+@@ -916,7 +913,11 @@ static void ieee80211_do_stop(struct iee
+ mutex_lock(&local->mtx);
+ ieee80211_recalc_idle(local);
+ mutex_unlock(&local->mtx);
+- break;
++
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ break;
++
++ /* fall through */
+ default:
+ if (going_down)
+ drv_remove_interface(local, sdata);
+@@ -1075,7 +1076,7 @@ static const struct net_device_ops ieee8
+ .ndo_start_xmit = ieee80211_monitor_start_xmit,
+ .ndo_set_rx_mode = ieee80211_set_multicast_list,
+ .ndo_change_mtu = ieee80211_change_mtu,
+- .ndo_set_mac_address = eth_mac_addr,
++ .ndo_set_mac_address = ieee80211_change_mac,
+ .ndo_select_queue = ieee80211_monitor_select_queue,
+ };
+
+@@ -1092,6 +1093,74 @@ static void ieee80211_if_setup(struct ne
dev->destructor = free_netdev;
}
static void ieee80211_iface_work(struct work_struct *work)
{
struct ieee80211_sub_if_data *sdata =
-@@ -1196,6 +1241,9 @@ static void ieee80211_iface_work(struct
+@@ -1196,6 +1265,9 @@ static void ieee80211_iface_work(struct
break;
ieee80211_mesh_rx_queued_mgmt(sdata, skb);
break;
default:
WARN(1, "frame for unexpected interface type");
break;
+@@ -1718,6 +1790,15 @@ void ieee80211_remove_interfaces(struct
+
+ ASSERT_RTNL();
+
++ /*
++ * Close all AP_VLAN interfaces first, as otherwise they
++ * might be closed while the AP interface they belong to
++ * is closed, causing unregister_netdevice_many() to crash.
++ */
++ list_for_each_entry(sdata, &local->interfaces, list)
++ if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
++ dev_close(sdata->dev);
++
+ mutex_lock(&local->iflist_mtx);
+ list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
+ list_del(&sdata->list);
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -674,6 +674,7 @@ int ieee80211_register_hw(struct ieee802
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
return ret;
}
-@@ -660,7 +661,7 @@ void ieee80211_queue_delayed_work(struct
+@@ -559,6 +560,9 @@ void ieee80211_iterate_active_interfaces
+ list_for_each_entry(sdata, &local->interfaces, list) {
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_MONITOR:
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ continue;
++ break;
+ case NL80211_IFTYPE_AP_VLAN:
+ continue;
+ default:
+@@ -597,6 +601,9 @@ void ieee80211_iterate_active_interfaces
+ list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_MONITOR:
++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
++ continue;
++ break;
+ case NL80211_IFTYPE_AP_VLAN:
+ continue;
+ default:
+@@ -660,7 +667,7 @@ void ieee80211_queue_delayed_work(struct
}
EXPORT_SYMBOL(ieee80211_queue_delayed_work);
struct ieee802_11_elems *elems,
u64 filter, u32 crc)
{
-@@ -668,6 +669,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -668,6 +675,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start
u8 *pos = start;
bool calc_crc = filter != 0;
DECLARE_BITMAP(seen_elems, 256);
bitmap_zero(seen_elems, 256);
memset(elems, 0, sizeof(*elems));
-@@ -715,6 +717,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -715,6 +723,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start
case WLAN_EID_COUNTRY:
case WLAN_EID_PWR_CONSTRAINT:
case WLAN_EID_TIMEOUT_INTERVAL:
if (test_bit(id, seen_elems)) {
elems->parse_error = true;
left -= elen;
-@@ -862,6 +870,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+@@ -862,6 +876,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start
}
elems->ch_switch_ie = (void *)pos;
break;
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
+@@ -2395,6 +2401,8 @@ enum nl80211_survey_info {
+ * @NL80211_MNTR_FLAG_OTHER_BSS: disable BSSID filtering
+ * @NL80211_MNTR_FLAG_COOK_FRAMES: report frames after processing.
+ * overrides all other flags.
++ * @NL80211_MNTR_FLAG_ACTIVE: use the configured MAC address
++ * and ACK incoming unicast packets.
+ *
+ * @__NL80211_MNTR_FLAG_AFTER_LAST: internal use
+ * @NL80211_MNTR_FLAG_MAX: highest possible monitor flag
+@@ -2406,6 +2414,7 @@ enum nl80211_mntr_flags {
+ NL80211_MNTR_FLAG_CONTROL,
+ NL80211_MNTR_FLAG_OTHER_BSS,
+ NL80211_MNTR_FLAG_COOK_FRAMES,
++ NL80211_MNTR_FLAG_ACTIVE,
+
+ /* keep last */
+ __NL80211_MNTR_FLAG_AFTER_LAST,
+@@ -3557,6 +3566,7 @@ enum nl80211_feature_flags {
+ NL80211_FEATURE_ADVERTISE_CHAN_LIMITS = 1 << 14,
+ NL80211_FEATURE_FULL_AP_CLIENT_STATE = 1 << 15,
+ NL80211_FEATURE_USERSPACE_MPM = 1 << 16,
++ NL80211_FEATURE_ACTIVE_MONITOR = 1 << 17,
+ };
+
+ /**
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -358,6 +358,8 @@ struct sta_info *sta_info_alloc(struct i
if (sta_prepare_rate_control(local, sta, gfp)) {
kfree(sta);
+@@ -1130,6 +1132,7 @@ static void ieee80211_send_null_response
+ * ends the poll/service period.
+ */
+ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
++ IEEE80211_TX_CTL_PS_RESPONSE |
+ IEEE80211_TX_STATUS_EOSP |
+ IEEE80211_TX_CTL_REQ_TX_STATUS;
+
+@@ -1267,7 +1270,8 @@ ieee80211_sta_ps_deliver_response(struct
+ * STA may still remain is PS mode after this frame
+ * exchange.
+ */
+- info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
++ IEEE80211_TX_CTL_PS_RESPONSE;
+
+ /*
+ * Use MoreData flag to indicate whether there are
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -3367,6 +3367,32 @@ static bool nl80211_put_sta_rate(struct
+@@ -2270,6 +2270,7 @@ static const struct nla_policy mntr_flag
+ [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
+ [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
+ [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
++ [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
+ };
+
+ static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
+@@ -2381,6 +2382,10 @@ static int nl80211_set_interface(struct
+ change = true;
+ }
+
++ if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) &&
++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
++ return -EOPNOTSUPP;
++
+ if (change)
+ err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
+ else
+@@ -2438,6 +2443,11 @@ static int nl80211_new_interface(struct
+ err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
+ info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
+ &flags);
++
++ if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) &&
++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
++ return -EOPNOTSUPP;
++
+ wdev = rdev_add_virtual_intf(rdev,
+ nla_data(info->attrs[NL80211_ATTR_IFNAME]),
+ type, err ? NULL : &flags, ¶ms);
+@@ -3367,6 +3377,32 @@ static bool nl80211_put_sta_rate(struct
return true;
}
static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
int flags,
struct cfg80211_registered_device *rdev,
-@@ -3438,6 +3464,18 @@ static int nl80211_send_station(struct s
+@@ -3402,7 +3438,7 @@ static int nl80211_send_station(struct s
+ (u32)sinfo->rx_bytes))
+ goto nla_put_failure;
+ if ((sinfo->filled & (STATION_INFO_TX_BYTES |
+- NL80211_STA_INFO_TX_BYTES64)) &&
++ STATION_INFO_TX_BYTES64)) &&
+ nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
+ (u32)sinfo->tx_bytes))
+ goto nla_put_failure;
+@@ -3438,6 +3474,18 @@ static int nl80211_send_station(struct s
default:
break;
}
NL80211_STA_INFO_TX_BITRATE))
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
-@@ -768,7 +768,8 @@ void ath9k_set_hw_capab(struct ath_softc
+@@ -433,6 +433,8 @@ static int ath9k_init_queues(struct ath_
+ sc->config.cabqReadytime = ATH_CABQ_READY_TIME;
+ ath_cabq_update(sc);
+
++ sc->tx.uapsdq = ath_txq_setup(sc, ATH9K_TX_QUEUE_UAPSD, 0);
++
+ for (i = 0; i < IEEE80211_NUM_ACS; i++) {
+ sc->tx.txq_map[i] = ath_txq_setup(sc, ATH9K_TX_QUEUE_DATA, i);
+ sc->tx.txq_map[i]->mac80211_qnum = i;
+@@ -768,7 +770,8 @@ void ath9k_set_hw_capab(struct ath_softc
IEEE80211_HW_SUPPORTS_PS |
IEEE80211_HW_PS_NULLFUNC_STACK |
IEEE80211_HW_SPECTRUM_MGMT |
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT)
hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
+@@ -776,6 +779,8 @@ void ath9k_set_hw_capab(struct ath_softc
+ if (AR_SREV_9160_10_OR_LATER(sc->sc_ah) || ath9k_modparam_nohwcrypt)
+ hw->flags |= IEEE80211_HW_MFP_CAPABLE;
+
++ hw->wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR;
++
+ hw->wiphy->interface_modes =
+ BIT(NL80211_IFTYPE_P2P_GO) |
+ BIT(NL80211_IFTYPE_P2P_CLIENT) |
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -125,24 +125,6 @@ static void ath_tx_queue_tid(struct ath_
/*
* complete the acked-ones/xretried ones; update
* block-ack window
-@@ -593,9 +576,6 @@ static void ath_tx_complete_aggr(struct
+@@ -535,6 +518,10 @@ static void ath_tx_complete_aggr(struct
+ ath_tx_complete_buf(sc, bf, txq, &bf_head, ts,
+ !txfail);
+ } else {
++ if (tx_info->flags & IEEE80211_TX_STATUS_EOSP) {
++ tx_info->flags &= ~IEEE80211_TX_STATUS_EOSP;
++ ieee80211_sta_eosp(sta);
++ }
+ /* retry the un-acked ones */
+ if (bf->bf_next == NULL && bf_last->bf_stale) {
+ struct ath_buf *tbf;
+@@ -593,9 +580,6 @@ static void ath_tx_complete_aggr(struct
ath_txq_lock(sc, txq);
}
rcu_read_unlock();
if (needreset)
-@@ -612,6 +592,7 @@ static void ath_tx_process_buffer(struct
+@@ -612,6 +596,7 @@ static void ath_tx_process_buffer(struct
struct ath_tx_status *ts, struct ath_buf *bf,
struct list_head *bf_head)
{
bool txok, flush;
txok = !(ts->ts_status & ATH9K_TXERR_MASK);
-@@ -623,8 +604,12 @@ static void ath_tx_process_buffer(struct
+@@ -623,8 +608,12 @@ static void ath_tx_process_buffer(struct
txq->axq_ampdu_depth--;
if (!bf_isampdu(bf)) {
ath_tx_complete_buf(sc, bf, txq, bf_head, ts, txok);
} else
ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok);
-@@ -668,7 +653,7 @@ static u32 ath_lookup_rate(struct ath_so
+@@ -668,7 +657,7 @@ static u32 ath_lookup_rate(struct ath_so
skb = bf->bf_mpdu;
tx_info = IEEE80211_SKB_CB(skb);
/*
* Find the lowest frame length among the rate series that will have a
-@@ -736,8 +721,6 @@ static int ath_compute_num_delims(struct
+@@ -736,8 +725,6 @@ static int ath_compute_num_delims(struct
bool first_subfrm)
{
#define FIRST_DESC_NDELIMS 60
u32 nsymbits, nsymbols;
u16 minlen;
u8 flags, rix;
-@@ -778,8 +761,8 @@ static int ath_compute_num_delims(struct
+@@ -778,8 +765,8 @@ static int ath_compute_num_delims(struct
if (tid->an->mpdudensity == 0)
return ndelim;
width = (flags & IEEE80211_TX_RC_40_MHZ_WIDTH) ? 1 : 0;
half_gi = (flags & IEEE80211_TX_RC_SHORT_GI) ? 1 : 0;
-@@ -858,6 +841,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_
+@@ -803,25 +790,20 @@ static int ath_compute_num_delims(struct
+ return ndelim;
+ }
+
+-static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
+- struct ath_txq *txq,
+- struct ath_atx_tid *tid,
+- struct list_head *bf_q,
+- int *aggr_len)
++static struct ath_buf *
++ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq,
++ struct ath_atx_tid *tid)
+ {
+-#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4)
+- struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL;
+- int rl = 0, nframes = 0, ndelim, prev_al = 0;
+- u16 aggr_limit = 0, al = 0, bpad = 0,
+- al_delta, h_baw = tid->baw_size / 2;
+- enum ATH_AGGR_STATUS status = ATH_AGGR_DONE;
+- struct ieee80211_tx_info *tx_info;
+ struct ath_frame_info *fi;
+ struct sk_buff *skb;
++ struct ath_buf *bf;
+ u16 seqno;
+
+- do {
++ while (1) {
+ skb = skb_peek(&tid->buf_q);
++ if (!skb)
++ break;
++
+ fi = get_frame_info(skb);
+ bf = fi->bf;
+ if (!fi->bf)
+@@ -837,10 +819,8 @@ static enum ATH_AGGR_STATUS ath_tx_form_
+ seqno = bf->bf_state.seqno;
+
+ /* do not step over block-ack window */
+- if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) {
+- status = ATH_AGGR_BAW_CLOSED;
++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno))
+ break;
+- }
+
+ if (tid->bar_index > ATH_BA_INDEX(tid->seq_start, seqno)) {
+ struct ath_tx_status ts = {};
+@@ -854,10 +834,45 @@ static enum ATH_AGGR_STATUS ath_tx_form_
+ continue;
+ }
+
++ bf->bf_next = NULL;
++ bf->bf_lastbf = bf;
++ return bf;
++ }
++
++ return NULL;
++}
++
++static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
++ struct ath_txq *txq,
++ struct ath_atx_tid *tid,
++ struct list_head *bf_q,
++ int *aggr_len)
++{
++#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4)
++ struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL;
++ int rl = 0, nframes = 0, ndelim, prev_al = 0;
++ u16 aggr_limit = 0, al = 0, bpad = 0,
++ al_delta, h_baw = tid->baw_size / 2;
++ enum ATH_AGGR_STATUS status = ATH_AGGR_DONE;
++ struct ieee80211_tx_info *tx_info;
++ struct ath_frame_info *fi;
++ struct sk_buff *skb;
++
++ do {
++ bf = ath_tx_get_tid_subframe(sc, txq, tid);
++ if (!bf) {
++ status = ATH_AGGR_BAW_CLOSED;
++ break;
++ }
++
++ skb = bf->bf_mpdu;
++ fi = get_frame_info(skb);
++
+ if (!bf_first)
bf_first = bf;
if (!rl) {
aggr_limit = ath_lookup_rate(sc, bf, tid);
rl = 1;
}
-@@ -998,14 +982,14 @@ static void ath_buf_set_rate(struct ath_
+@@ -898,7 +913,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_
+
+ /* link buffers of this frame to the aggregate */
+ if (!fi->retries)
+- ath_tx_addto_baw(sc, tid, seqno);
++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
+ bf->bf_state.ndelim = ndelim;
+
+ __skb_unlink(skb, &tid->buf_q);
+@@ -998,14 +1013,14 @@ static void ath_buf_set_rate(struct ath_
skb = bf->bf_mpdu;
tx_info = IEEE80211_SKB_CB(skb);
bool is_40, is_sgi, is_sp;
int phy;
-@@ -1224,9 +1208,6 @@ int ath_tx_aggr_start(struct ath_softc *
+@@ -1106,10 +1121,8 @@ static void ath_tx_fill_desc(struct ath_
+ struct ath_txq *txq, int len)
+ {
+ struct ath_hw *ah = sc->sc_ah;
+- struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
+- struct ath_buf *bf_first = bf;
++ struct ath_buf *bf_first = NULL;
+ struct ath_tx_info info;
+- bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR);
+
+ memset(&info, 0, sizeof(info));
+ info.is_first = true;
+@@ -1117,24 +1130,14 @@ static void ath_tx_fill_desc(struct ath_
+ info.txpower = MAX_RATE_POWER;
+ info.qcu = txq->axq_qnum;
+
+- info.flags = ATH9K_TXDESC_INTREQ;
+- if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK)
+- info.flags |= ATH9K_TXDESC_NOACK;
+- if (tx_info->flags & IEEE80211_TX_CTL_LDPC)
+- info.flags |= ATH9K_TXDESC_LDPC;
+-
+- ath_buf_set_rate(sc, bf, &info, len);
+-
+- if (tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
+- info.flags |= ATH9K_TXDESC_CLRDMASK;
+-
+ if (bf->bf_state.bfs_paprd)
+ info.flags |= (u32) bf->bf_state.bfs_paprd << ATH9K_TXDESC_PAPRD_S;
+
+-
+ while (bf) {
+ struct sk_buff *skb = bf->bf_mpdu;
++ struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
+ struct ath_frame_info *fi = get_frame_info(skb);
++ bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR);
+
+ info.type = get_hw_packet_type(skb);
+ if (bf->bf_next)
+@@ -1142,6 +1145,25 @@ static void ath_tx_fill_desc(struct ath_
+ else
+ info.link = 0;
+
++ if (!bf_first) {
++ bf_first = bf;
++
++ info.flags = ATH9K_TXDESC_INTREQ;
++ if ((tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) ||
++ txq == sc->tx.uapsdq)
++ info.flags |= ATH9K_TXDESC_CLRDMASK;
++
++ if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK)
++ info.flags |= ATH9K_TXDESC_NOACK;
++ if (tx_info->flags & IEEE80211_TX_CTL_LDPC)
++ info.flags |= ATH9K_TXDESC_LDPC;
++
++ ath_buf_set_rate(sc, bf, &info, len);
++
++ if (txq == sc->beacon.cabq)
++ sc->beacon.cabq_dur += info.rates[0].PktDuration;
++ }
++
+ info.buf_addr[0] = bf->bf_buf_addr;
+ info.buf_len[0] = skb->len;
+ info.pkt_len = fi->framelen;
+@@ -1151,7 +1173,7 @@ static void ath_tx_fill_desc(struct ath_
+ if (aggr) {
+ if (bf == bf_first)
+ info.aggr = AGGR_BUF_FIRST;
+- else if (!bf->bf_next)
++ else if (bf == bf_first->bf_lastbf)
+ info.aggr = AGGR_BUF_LAST;
+ else
+ info.aggr = AGGR_BUF_MIDDLE;
+@@ -1160,6 +1182,9 @@ static void ath_tx_fill_desc(struct ath_
+ info.aggr_len = len;
+ }
+
++ if (bf == bf_first->bf_lastbf)
++ bf_first = NULL;
++
+ ath9k_hw_set_txdesc(ah, bf->bf_desc, &info);
+ bf = bf->bf_next;
+ }
+@@ -1224,9 +1249,6 @@ int ath_tx_aggr_start(struct ath_softc *
an = (struct ath_node *)sta->drv_priv;
txtid = ATH_AN_2_TID(an, tid);
/* update ampdu factor/density, they may have changed. This may happen
* in HT IBSS when a beacon with HT-info is received after the station
* has already been added.
-@@ -1238,7 +1219,7 @@ int ath_tx_aggr_start(struct ath_softc *
+@@ -1238,7 +1260,7 @@ int ath_tx_aggr_start(struct ath_softc *
an->mpdudensity = density;
}
txtid->paused = true;
*ssn = txtid->seq_start = txtid->seq_next;
txtid->bar_index = -1;
-@@ -1255,28 +1236,9 @@ void ath_tx_aggr_stop(struct ath_softc *
+@@ -1255,28 +1277,9 @@ void ath_tx_aggr_stop(struct ath_softc *
struct ath_atx_tid *txtid = ATH_AN_2_TID(an, tid);
struct ath_txq *txq = txtid->ac->txq;
ath_tx_flush_tid(sc, txtid);
ath_txq_unlock_complete(sc, txq);
}
-@@ -1342,18 +1304,28 @@ void ath_tx_aggr_wakeup(struct ath_softc
+@@ -1342,18 +1345,92 @@ void ath_tx_aggr_wakeup(struct ath_softc
}
}
+ }
+
+ ath_txq_unlock_complete(sc, txq);
++}
++
++void ath9k_release_buffered_frames(struct ieee80211_hw *hw,
++ struct ieee80211_sta *sta,
++ u16 tids, int nframes,
++ enum ieee80211_frame_release_type reason,
++ bool more_data)
++{
++ struct ath_softc *sc = hw->priv;
++ struct ath_node *an = (struct ath_node *)sta->drv_priv;
++ struct ath_txq *txq = sc->tx.uapsdq;
++ struct ieee80211_tx_info *info;
++ struct list_head bf_q;
++ struct ath_buf *bf_tail = NULL, *bf;
++ int sent = 0;
++ int i;
++
++ INIT_LIST_HEAD(&bf_q);
++ for (i = 0; tids && nframes; i++, tids >>= 1) {
++ struct ath_atx_tid *tid;
++
++ if (!(tids & 1))
++ continue;
++
++ tid = ATH_AN_2_TID(an, i);
++ if (tid->paused)
++ continue;
++
++ ath_txq_lock(sc, tid->ac->txq);
++ while (!skb_queue_empty(&tid->buf_q) && nframes > 0) {
++ bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid);
++ if (!bf)
++ break;
++
++ __skb_unlink(bf->bf_mpdu, &tid->buf_q);
++ list_add_tail(&bf->list, &bf_q);
++ ath_set_rates(tid->an->vif, tid->an->sta, bf);
++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
++ bf->bf_state.bf_type &= ~BUF_AGGR;
++ if (bf_tail)
++ bf_tail->bf_next = bf;
++
++ bf_tail = bf;
++ nframes--;
++ sent++;
++ TX_STAT_INC(txq->axq_qnum, a_queued_hw);
++
++ if (skb_queue_empty(&tid->buf_q))
++ ieee80211_sta_set_buffered(an->sta, i, false);
++ }
++ ath_txq_unlock_complete(sc, tid->ac->txq);
++ }
++
++ if (list_empty(&bf_q))
++ return;
++
++ info = IEEE80211_SKB_CB(bf_tail->bf_mpdu);
++ info->flags |= IEEE80211_TX_STATUS_EOSP;
++
++ bf = list_first_entry(&bf_q, struct ath_buf, list);
++ ath_txq_lock(sc, txq);
++ ath_tx_fill_desc(sc, bf, txq, 0);
++ ath_tx_txqaddbuf(sc, txq, &bf_q, false);
++ ath_txq_unlock(sc, txq);
}
/********************/
-@@ -1743,6 +1715,7 @@ static void ath_tx_send_ampdu(struct ath
+@@ -1709,8 +1786,9 @@ static void ath_tx_txqaddbuf(struct ath_
+ }
+ }
+
+-static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid,
+- struct sk_buff *skb, struct ath_tx_control *txctl)
++static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq,
++ struct ath_atx_tid *tid, struct sk_buff *skb,
++ struct ath_tx_control *txctl)
+ {
+ struct ath_frame_info *fi = get_frame_info(skb);
+ struct list_head bf_head;
+@@ -1723,26 +1801,28 @@ static void ath_tx_send_ampdu(struct ath
+ * - seqno is not within block-ack window
+ * - h/w queue depth exceeds low water mark
+ */
+- if (!skb_queue_empty(&tid->buf_q) || tid->paused ||
+- !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) ||
+- txctl->txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) {
++ if ((!skb_queue_empty(&tid->buf_q) || tid->paused ||
++ !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) ||
++ txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) &&
++ txq != sc->tx.uapsdq) {
+ /*
+ * Add this frame to software queue for scheduling later
+ * for aggregation.
+ */
+- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_sw);
++ TX_STAT_INC(txq->axq_qnum, a_queued_sw);
+ __skb_queue_tail(&tid->buf_q, skb);
+ if (!txctl->an || !txctl->an->sleeping)
+- ath_tx_queue_tid(txctl->txq, tid);
++ ath_tx_queue_tid(txq, tid);
+ return;
+ }
+
+- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
++ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
+ if (!bf) {
+ ieee80211_free_txskb(sc->hw, skb);
return;
}
bf->bf_state.bf_type = BUF_AMPDU;
INIT_LIST_HEAD(&bf_head);
list_add(&bf->list, &bf_head);
-@@ -1892,49 +1865,6 @@ static struct ath_buf *ath_tx_setup_buff
+@@ -1751,10 +1831,10 @@ static void ath_tx_send_ampdu(struct ath
+ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
+
+ /* Queue to h/w without aggregation */
+- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_hw);
++ TX_STAT_INC(txq->axq_qnum, a_queued_hw);
+ bf->bf_lastbf = bf;
+- ath_tx_fill_desc(sc, bf, txctl->txq, fi->framelen);
+- ath_tx_txqaddbuf(sc, txctl->txq, &bf_head, false);
++ ath_tx_fill_desc(sc, bf, txq, fi->framelen);
++ ath_tx_txqaddbuf(sc, txq, &bf_head, false);
+ }
+
+ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
+@@ -1892,49 +1972,6 @@ static struct ath_buf *ath_tx_setup_buff
return bf;
}
/* Upon failure caller should free skb */
int ath_tx_start(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ath_tx_control *txctl)
-@@ -1945,8 +1875,11 @@ int ath_tx_start(struct ieee80211_hw *hw
+@@ -1945,8 +1982,11 @@ int ath_tx_start(struct ieee80211_hw *hw
struct ieee80211_vif *vif = info->control.vif;
struct ath_softc *sc = hw->priv;
struct ath_txq *txq = txctl->txq;
int q;
/* NOTE: sta can be NULL according to net/mac80211.h */
-@@ -2002,8 +1935,41 @@ int ath_tx_start(struct ieee80211_hw *hw
+@@ -2002,8 +2042,47 @@ int ath_tx_start(struct ieee80211_hw *hw
txq->stopped = true;
}
- ath_tx_start_dma(sc, skb, txctl);
++ if (info->flags & IEEE80211_TX_CTL_PS_RESPONSE) {
++ ath_txq_unlock(sc, txq);
++ txq = sc->tx.uapsdq;
++ ath_txq_lock(sc, txq);
++ }
+
+ if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) {
+ tidno = ieee80211_get_qos_ctl(hdr)[0] &
+ IEEE80211_QOS_CTL_TID_MASK;
+ tid = ATH_AN_2_TID(txctl->an, tidno);
-
++
+ WARN_ON(tid->ac->txq != txctl->txq);
+ }
+
+ * Try aggregation if it's a unicast data frame
+ * and the destination is HT capable.
+ */
-+ ath_tx_send_ampdu(sc, tid, skb, txctl);
++ ath_tx_send_ampdu(sc, txq, tid, skb, txctl);
+ goto out;
+ }
+
-+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
++ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
+ if (!bf) {
+ if (txctl->paprd)
+ dev_kfree_skb_any(skb);
+ bf->bf_state.bfs_paprd_timestamp = jiffies;
+
+ ath_set_rates(vif, sta, bf);
-+ ath_tx_send_normal(sc, txctl->txq, tid, skb);
++ ath_tx_send_normal(sc, txq, tid, skb);
+
+out:
ath_txq_unlock(sc, txq);
return 0;
-@@ -2408,12 +2374,10 @@ void ath_tx_node_init(struct ath_softc *
+@@ -2054,7 +2133,12 @@ static void ath_tx_complete(struct ath_s
+ }
+ spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
+
++ __skb_queue_tail(&txq->complete_q, skb);
++
+ q = skb_get_queue_mapping(skb);
++ if (txq == sc->tx.uapsdq)
++ txq = sc->tx.txq_map[q];
++
+ if (txq == sc->tx.txq_map[q]) {
+ if (WARN_ON(--txq->pending_frames < 0))
+ txq->pending_frames = 0;
+@@ -2065,8 +2149,6 @@ static void ath_tx_complete(struct ath_s
+ txq->stopped = false;
+ }
+ }
+-
+- __skb_queue_tail(&txq->complete_q, skb);
+ }
+
+ static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf,
+@@ -2408,12 +2490,10 @@ void ath_tx_node_init(struct ath_softc *
tid->baw_head = tid->baw_tail = 0;
tid->sched = false;
tid->paused = false;
}
for (acno = 0, ac = &an->ac[acno];
-@@ -2450,9 +2414,9 @@ void ath_tx_node_cleanup(struct ath_soft
+@@ -2450,9 +2530,9 @@ void ath_tx_node_cleanup(struct ath_soft
}
ath_tid_drain(sc, txq, tid);
}
+--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
+@@ -334,7 +334,8 @@ static void ar9003_hw_spur_ofdm(struct a
+ REG_RMW_FIELD(ah, AR_PHY_SPUR_REG,
+ AR_PHY_SPUR_REG_EN_VIT_SPUR_RSSI, 1);
+
+- if (REG_READ_FIELD(ah, AR_PHY_MODE,
++ if (!AR_SREV_9340(ah) &&
++ REG_READ_FIELD(ah, AR_PHY_MODE,
+ AR_PHY_MODE_DYNAMIC) == 0x1)
+ REG_RMW_FIELD(ah, AR_PHY_SPUR_REG,
+ AR_PHY_SPUR_REG_ENABLE_NF_RSSI_SPUR_MIT, 1);
+--- a/drivers/net/wireless/ath/ath9k/mac.c
++++ b/drivers/net/wireless/ath/ath9k/mac.c
+@@ -410,7 +410,7 @@ bool ath9k_hw_resettxqueue(struct ath_hw
+
+ REG_WRITE(ah, AR_QMISC(q), AR_Q_MISC_DCU_EARLY_TERM_REQ);
+
+- if (AR_SREV_9340(ah))
++ if (AR_SREV_9340(ah) && !AR_SREV_9340_13_OR_LATER(ah))
+ REG_WRITE(ah, AR_DMISC(q),
+ AR_D_MISC_CW_BKOFF_EN | AR_D_MISC_FRAG_WAIT_EN | 0x1);
+ else
+--- a/net/mac80211/driver-ops.h
++++ b/net/mac80211/driver-ops.h
+@@ -146,7 +146,8 @@ static inline int drv_add_interface(stru
+
+ if (WARN_ON(sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
+ (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
+- !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))))
++ !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF) &&
++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))))
+ return -EINVAL;
+
+ trace_drv_add_interface(local, sdata);
+--- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
+@@ -454,6 +454,8 @@ static bool create_pa_curve(u32 *data_L,
+ if (accum_cnt <= thresh_accum_cnt)
+ continue;
+
++ max_index++;
++
+ /* sum(tx amplitude) */
+ accum_tx = ((data_L[i] >> 16) & 0xffff) |
+ ((data_U[i] & 0x7ff) << 16);
+@@ -468,20 +470,21 @@ static bool create_pa_curve(u32 *data_L,
+
+ accum_tx <<= scale_factor;
+ accum_rx <<= scale_factor;
+- x_est[i + 1] = (((accum_tx + accum_cnt) / accum_cnt) + 32) >>
+- scale_factor;
++ x_est[max_index] =
++ (((accum_tx + accum_cnt) / accum_cnt) + 32) >>
++ scale_factor;
+
+- Y[i + 1] = ((((accum_rx + accum_cnt) / accum_cnt) + 32) >>
++ Y[max_index] =
++ ((((accum_rx + accum_cnt) / accum_cnt) + 32) >>
+ scale_factor) +
+- (1 << scale_factor) * max_index + 16;
++ (1 << scale_factor) * i + 16;
+
+ if (accum_ang >= (1 << 26))
+ accum_ang -= 1 << 27;
+
+- theta[i + 1] = ((accum_ang * (1 << scale_factor)) + accum_cnt) /
+- accum_cnt;
+-
+- max_index++;
++ theta[max_index] =
++ ((accum_ang * (1 << scale_factor)) + accum_cnt) /
++ accum_cnt;
+ }
+
+ /*
+--- a/drivers/net/wireless/ath/ath9k/beacon.c
++++ b/drivers/net/wireless/ath/ath9k/beacon.c
+@@ -204,9 +204,15 @@ static struct ath_buf *ath9k_beacon_gene
+ }
+
+ ath9k_beacon_setup(sc, vif, bf, info->control.rates[0].idx);
++ sc->beacon.cabq_dur = 0;
+
+ while (skb) {
+ ath9k_tx_cabq(hw, skb);
++
++ if (sc->beacon.cabq_dur / 1000 - 1 >
++ sc->cur_beacon_conf.beacon_interval / ATH_BCBUF)
++ break;
++
+ skb = ieee80211_get_buffered_bc(hw, vif);
+ }
+
+--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h
++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h
+@@ -68,13 +68,16 @@
+ #define AR9300_BASE_ADDR 0x3ff
+ #define AR9300_BASE_ADDR_512 0x1ff
+
+-#define AR9300_OTP_BASE (AR_SREV_9340(ah) ? 0x30000 : 0x14000)
+-#define AR9300_OTP_STATUS (AR_SREV_9340(ah) ? 0x30018 : 0x15f18)
++#define AR9300_OTP_BASE \
++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30000 : 0x14000)
++#define AR9300_OTP_STATUS \
++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30018 : 0x15f18)
+ #define AR9300_OTP_STATUS_TYPE 0x7
+ #define AR9300_OTP_STATUS_VALID 0x4
+ #define AR9300_OTP_STATUS_ACCESS_BUSY 0x2
+ #define AR9300_OTP_STATUS_SM_BUSY 0x1
+-#define AR9300_OTP_READ_DATA (AR_SREV_9340(ah) ? 0x3001c : 0x15f1c)
++#define AR9300_OTP_READ_DATA \
++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x3001c : 0x15f1c)
+
+ enum targetPowerHTRates {
+ HT_TARGET_RATE_0_8_16,