+ #define ADDBA_RESP_INTERVAL HZ
+@@ -265,7 +266,7 @@ struct ieee80211_tx_latency_stat {
+ * @last_rx_rate_vht_nss: rx status nss of last data packet
+ * @lock: used for locking all fields that require locking, see comments
+ * in the header file.
+- * @drv_unblock_wk: used for driver PS unblocking
++ * @drv_deliver_wk: used for delivering frames after driver PS unblocking
+ * @listen_interval: listen interval of this station, when we're acting as AP
+ * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly
+ * @ps_lock: used for powersave (when mac80211 is the AP) related locking
+@@ -278,7 +279,6 @@ struct ieee80211_tx_latency_stat {
+ * @driver_buffered_tids: bitmap of TIDs the driver has data buffered on
+ * @rx_packets: Number of MSDUs received from this STA
+ * @rx_bytes: Number of bytes received from this STA
+- * @wep_weak_iv_count: number of weak WEP IVs received from this station
+ * @last_rx: time (in jiffies) when last frame was received from this STA
+ * @last_connected: time (in seconds) when a station got connected
+ * @num_duplicates: number of duplicate frames received from this STA
+@@ -345,7 +345,7 @@ struct sta_info {
+ void *rate_ctrl_priv;
+ spinlock_t lock;
+
+- struct work_struct drv_unblock_wk;
++ struct work_struct drv_deliver_wk;
+
+ u16 listen_interval;
+
+@@ -367,7 +367,6 @@ struct sta_info {
+ /* Updated from RX path only, no locking requirements */
+ unsigned long rx_packets;
+ u64 rx_bytes;
+- unsigned long wep_weak_iv_count;
+ unsigned long last_rx;
+ long last_connected;
+ unsigned long num_duplicates;
+@@ -628,6 +627,8 @@ void sta_set_rate_info_tx(struct sta_inf
+ struct rate_info *rinfo);
+ void sta_set_rate_info_rx(struct sta_info *sta,
+ struct rate_info *rinfo);
++void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo);
++
+ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
+ unsigned long exp_time);
+ u8 sta_info_tx_streams(struct sta_info *sta);
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -469,7 +469,8 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
+ return TX_CONTINUE;
+
+ if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
+- test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
++ test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
++ test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
+ !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
+ int ac = skb_get_queue_mapping(tx->skb);
+
+@@ -486,7 +487,8 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
+ * ahead and Tx the packet.
+ */
+ if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
+- !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
++ !test_sta_flag(sta, WLAN_STA_PS_DRIVER) &&
++ !test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
+ spin_unlock(&sta->ps_lock);
+ return TX_CONTINUE;
+ }
+@@ -1618,12 +1620,12 @@ netdev_tx_t ieee80211_monitor_start_xmit
+ {
+ struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+ struct ieee80211_chanctx_conf *chanctx_conf;
+- struct ieee80211_channel *chan;
+ struct ieee80211_radiotap_header *prthdr =
+ (struct ieee80211_radiotap_header *)skb->data;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_hdr *hdr;
+ struct ieee80211_sub_if_data *tmp_sdata, *sdata;
++ struct cfg80211_chan_def *chandef;
+ u16 len_rthdr;
+ int hdrlen;
+
+@@ -1721,9 +1723,9 @@ netdev_tx_t ieee80211_monitor_start_xmit
+ }
+
+ if (chanctx_conf)
+- chan = chanctx_conf->def.chan;
++ chandef = &chanctx_conf->def;
+ else if (!local->use_chanctx)
+- chan = local->_oper_chandef.chan;
++ chandef = &local->_oper_chandef;
+ else
+ goto fail_rcu;
+
+@@ -1743,10 +1745,11 @@ netdev_tx_t ieee80211_monitor_start_xmit
+ * radar detection by itself. We can do that later by adding a
+ * monitor flag interfaces used for AP support.
+ */
+- if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)))
++ if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef,
++ sdata->vif.type))
+ goto fail_rcu;
+
+- ieee80211_xmit(sdata, skb, chan->band);
++ ieee80211_xmit(sdata, skb, chandef->chan->band);
+ rcu_read_unlock();
+
+ return NETDEV_TX_OK;
+@@ -2425,7 +2428,7 @@ static void ieee80211_set_csa(struct iee
+ u8 *beacon_data;
+ size_t beacon_data_len;
+ int i;
+- u8 count = sdata->csa_current_counter;
++ u8 count = beacon->csa_current_counter;
+
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_AP:
+@@ -2444,46 +2447,54 @@ static void ieee80211_set_csa(struct iee
+ return;
+ }
+
++ rcu_read_lock();
+ for (i = 0; i < IEEE80211_MAX_CSA_COUNTERS_NUM; ++i) {
+- u16 counter_offset_beacon =
+- sdata->csa_counter_offset_beacon[i];
+- u16 counter_offset_presp = sdata->csa_counter_offset_presp[i];
+-
+- if (counter_offset_beacon) {
+- if (WARN_ON(counter_offset_beacon >= beacon_data_len))
+- return;
+-
+- beacon_data[counter_offset_beacon] = count;
+- }
+-
+- if (sdata->vif.type == NL80211_IFTYPE_AP &&
+- counter_offset_presp) {
+- rcu_read_lock();
+- resp = rcu_dereference(sdata->u.ap.probe_resp);
++ resp = rcu_dereference(sdata->u.ap.probe_resp);
+
+- /* If nl80211 accepted the offset, this should
+- * not happen.
+- */
+- if (WARN_ON(!resp)) {
++ if (beacon->csa_counter_offsets[i]) {
++ if (WARN_ON_ONCE(beacon->csa_counter_offsets[i] >=
++ beacon_data_len)) {
+ rcu_read_unlock();
+ return;
+ }
+- resp->data[counter_offset_presp] = count;
+- rcu_read_unlock();
++
++ beacon_data[beacon->csa_counter_offsets[i]] = count;
+ }
++
++ if (sdata->vif.type == NL80211_IFTYPE_AP && resp &&
++ resp->csa_counter_offsets)
++ resp->data[resp->csa_counter_offsets[i]] = count;
+ }
++ rcu_read_unlock();
+ }
+
+ u8 ieee80211_csa_update_counter(struct ieee80211_vif *vif)
+ {
+ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++ struct beacon_data *beacon = NULL;
++ u8 count = 0;
++
++ rcu_read_lock();
++
++ if (sdata->vif.type == NL80211_IFTYPE_AP)
++ beacon = rcu_dereference(sdata->u.ap.beacon);
++ else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
++ beacon = rcu_dereference(sdata->u.ibss.presp);
++ else if (ieee80211_vif_is_mesh(&sdata->vif))
++ beacon = rcu_dereference(sdata->u.mesh.beacon);
++
++ if (!beacon)
++ goto unlock;
+
+- sdata->csa_current_counter--;
++ beacon->csa_current_counter--;
+
+ /* the counter should never reach 0 */
+- WARN_ON(!sdata->csa_current_counter);
++ WARN_ON_ONCE(!beacon->csa_current_counter);
++ count = beacon->csa_current_counter;
+
+- return sdata->csa_current_counter;
++unlock:
++ rcu_read_unlock();
++ return count;
+ }
+ EXPORT_SYMBOL(ieee80211_csa_update_counter);
+
+@@ -2493,7 +2504,6 @@ bool ieee80211_csa_is_complete(struct ie
+ struct beacon_data *beacon = NULL;
+ u8 *beacon_data;
+ size_t beacon_data_len;
+- int counter_beacon = sdata->csa_counter_offset_beacon[0];
+ int ret = false;
+
+ if (!ieee80211_sdata_running(sdata))
+@@ -2531,10 +2541,13 @@ bool ieee80211_csa_is_complete(struct ie
+ goto out;
+ }
+
+- if (WARN_ON(counter_beacon > beacon_data_len))
++ if (!beacon->csa_counter_offsets[0])
++ goto out;
++
++ if (WARN_ON_ONCE(beacon->csa_counter_offsets[0] > beacon_data_len))
+ goto out;
+
+- if (beacon_data[counter_beacon] == 1)
++ if (beacon_data[beacon->csa_counter_offsets[0]] == 1)
+ ret = true;
+ out:
+ rcu_read_unlock();
+@@ -2550,6 +2563,7 @@ __ieee80211_beacon_get(struct ieee80211_
+ bool is_template)
+ {
+ struct ieee80211_local *local = hw_to_local(hw);
++ struct beacon_data *beacon = NULL;
+ struct sk_buff *skb = NULL;
+ struct ieee80211_tx_info *info;
+ struct ieee80211_sub_if_data *sdata = NULL;
+@@ -2571,10 +2585,10 @@ __ieee80211_beacon_get(struct ieee80211_
+
+ if (sdata->vif.type == NL80211_IFTYPE_AP) {
+ struct ieee80211_if_ap *ap = &sdata->u.ap;
+- struct beacon_data *beacon = rcu_dereference(ap->beacon);
+
++ beacon = rcu_dereference(ap->beacon);
+ if (beacon) {
+- if (sdata->vif.csa_active) {
++ if (beacon->csa_counter_offsets[0]) {
+ if (!is_template)
+ ieee80211_csa_update_counter(vif);
+
+@@ -2615,37 +2629,37 @@ __ieee80211_beacon_get(struct ieee80211_
+ } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
+ struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
+ struct ieee80211_hdr *hdr;
+- struct beacon_data *presp = rcu_dereference(ifibss->presp);
+
+- if (!presp)
++ beacon = rcu_dereference(ifibss->presp);
++ if (!beacon)
+ goto out;
+
+- if (sdata->vif.csa_active) {
++ if (beacon->csa_counter_offsets[0]) {
+ if (!is_template)
+ ieee80211_csa_update_counter(vif);
+
+- ieee80211_set_csa(sdata, presp);
++ ieee80211_set_csa(sdata, beacon);
+ }
+
+- skb = dev_alloc_skb(local->tx_headroom + presp->head_len +
++ skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
+ local->hw.extra_beacon_tailroom);
+ if (!skb)
+ goto out;
+ skb_reserve(skb, local->tx_headroom);
+- memcpy(skb_put(skb, presp->head_len), presp->head,
+- presp->head_len);
++ memcpy(skb_put(skb, beacon->head_len), beacon->head,
++ beacon->head_len);
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
+ IEEE80211_STYPE_BEACON);
+ } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
+ struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
+- struct beacon_data *bcn = rcu_dereference(ifmsh->beacon);
+
+- if (!bcn)
++ beacon = rcu_dereference(ifmsh->beacon);
++ if (!beacon)
+ goto out;
+
+- if (sdata->vif.csa_active) {
++ if (beacon->csa_counter_offsets[0]) {
+ if (!is_template)
+ /* TODO: For mesh csa_counter is in TU, so
+ * decrementing it by one isn't correct, but
+@@ -2654,40 +2668,42 @@ __ieee80211_beacon_get(struct ieee80211_
+ */
+ ieee80211_csa_update_counter(vif);
+
+- ieee80211_set_csa(sdata, bcn);
++ ieee80211_set_csa(sdata, beacon);
+ }
+
+ if (ifmsh->sync_ops)
+- ifmsh->sync_ops->adjust_tbtt(sdata, bcn);
++ ifmsh->sync_ops->adjust_tbtt(sdata, beacon);
+
+ skb = dev_alloc_skb(local->tx_headroom +
+- bcn->head_len +
++ beacon->head_len +
+ 256 + /* TIM IE */
+- bcn->tail_len +
++ beacon->tail_len +
+ local->hw.extra_beacon_tailroom);
+ if (!skb)
+ goto out;
+ skb_reserve(skb, local->tx_headroom);
+- memcpy(skb_put(skb, bcn->head_len), bcn->head, bcn->head_len);
++ memcpy(skb_put(skb, beacon->head_len), beacon->head,
++ beacon->head_len);
+ ieee80211_beacon_add_tim(sdata, &ifmsh->ps, skb, is_template);
+
+ if (offs) {
+- offs->tim_offset = bcn->head_len;
+- offs->tim_length = skb->len - bcn->head_len;
++ offs->tim_offset = beacon->head_len;
++ offs->tim_length = skb->len - beacon->head_len;
+ }
+
+- memcpy(skb_put(skb, bcn->tail_len), bcn->tail, bcn->tail_len);
++ memcpy(skb_put(skb, beacon->tail_len), beacon->tail,
++ beacon->tail_len);
+ } else {
+ WARN_ON(1);
+ goto out;
+ }
+
+ /* CSA offsets */
+- if (offs) {
++ if (offs && beacon) {
+ int i;
+
+ for (i = 0; i < IEEE80211_MAX_CSA_COUNTERS_NUM; i++) {
+- u16 csa_off = sdata->csa_counter_offset_beacon[i];
++ u16 csa_off = beacon->csa_counter_offsets[i];
+
+ if (!csa_off)
+ continue;
+--- a/drivers/net/wireless/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/rt2x00/rt2800lib.c
+@@ -947,6 +947,40 @@ static inline u8 rt2800_get_beacon_offse
+ return BEACON_BASE_TO_OFFSET(rt2800_hw_beacon_base(rt2x00dev, index));
+ }
+
++static void rt2800_update_beacons_setup(struct rt2x00_dev *rt2x00dev)
++{
++ struct data_queue *queue = rt2x00dev->bcn;
++ struct queue_entry *entry;
++ int i, bcn_num = 0;
++ u64 off, reg = 0;
++ u32 bssid_dw1;
++
++ /*
++ * Setup offsets of all active beacons in BCN_OFFSET{0,1} registers.
++ */
++ for (i = 0; i < queue->limit; i++) {
++ entry = &queue->entries[i];
++ if (!test_bit(ENTRY_BCN_ENABLED, &entry->flags))
++ continue;
++ off = rt2800_get_beacon_offset(rt2x00dev, entry->entry_idx);
++ reg |= off << (8 * bcn_num);
++ bcn_num++;
++ }
++
++ WARN_ON_ONCE(bcn_num != rt2x00dev->intf_beaconing);
++
++ rt2800_register_write(rt2x00dev, BCN_OFFSET0, (u32) reg);
++ rt2800_register_write(rt2x00dev, BCN_OFFSET1, (u32) (reg >> 32));
++
++ /*
++ * H/W sends up to MAC_BSSID_DW1_BSS_BCN_NUM + 1 consecutive beacons.
++ */
++ rt2800_register_read(rt2x00dev, MAC_BSSID_DW1, &bssid_dw1);
++ rt2x00_set_field32(&bssid_dw1, MAC_BSSID_DW1_BSS_BCN_NUM,
++ bcn_num > 0 ? bcn_num - 1 : 0);
++ rt2800_register_write(rt2x00dev, MAC_BSSID_DW1, bssid_dw1);
++}
++
+ void rt2800_write_beacon(struct queue_entry *entry, struct txentry_desc *txdesc)
+ {
+ struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
+@@ -1003,6 +1037,12 @@ void rt2800_write_beacon(struct queue_en
+
+ rt2800_register_multiwrite(rt2x00dev, beacon_base, entry->skb->data,
+ entry->skb->len + padding_len);
++ __set_bit(ENTRY_BCN_ENABLED, &entry->flags);
++
++ /*
++ * Change global beacons settings.
++ */
++ rt2800_update_beacons_setup(rt2x00dev);
+
+ /*
+ * Restore beaconing state.
+@@ -1053,8 +1093,13 @@ void rt2800_clear_beacon(struct queue_en
+ * Clear beacon.
+ */
+ rt2800_clear_beacon_register(rt2x00dev, entry->entry_idx);
++ __clear_bit(ENTRY_BCN_ENABLED, &entry->flags);
+
+ /*
++ * Change global beacons settings.
++ */
++ rt2800_update_beacons_setup(rt2x00dev);
++ /*
+ * Restore beaconing state.
+ */
+ rt2800_register_write(rt2x00dev, BCN_TIME_CFG, orig_reg);
+@@ -1556,7 +1601,7 @@ void rt2800_config_intf(struct rt2x00_de
+ if (!is_zero_ether_addr((const u8 *)conf->bssid)) {
+ reg = le32_to_cpu(conf->bssid[1]);
+ rt2x00_set_field32(®, MAC_BSSID_DW1_BSS_ID_MASK, 3);
+- rt2x00_set_field32(®, MAC_BSSID_DW1_BSS_BCN_NUM, 7);
++ rt2x00_set_field32(®, MAC_BSSID_DW1_BSS_BCN_NUM, 0);
+ conf->bssid[1] = cpu_to_le32(reg);
+ }
+
+@@ -4517,28 +4562,6 @@ static int rt2800_init_registers(struct
+ if (ret)
+ return ret;
+
+- rt2800_register_read(rt2x00dev, BCN_OFFSET0, ®);
+- rt2x00_set_field32(®, BCN_OFFSET0_BCN0,
+- rt2800_get_beacon_offset(rt2x00dev, 0));
+- rt2x00_set_field32(®, BCN_OFFSET0_BCN1,
+- rt2800_get_beacon_offset(rt2x00dev, 1));
+- rt2x00_set_field32(®, BCN_OFFSET0_BCN2,
+- rt2800_get_beacon_offset(rt2x00dev, 2));
+- rt2x00_set_field32(®, BCN_OFFSET0_BCN3,
+- rt2800_get_beacon_offset(rt2x00dev, 3));
+- rt2800_register_write(rt2x00dev, BCN_OFFSET0, reg);
+-
+- rt2800_register_read(rt2x00dev, BCN_OFFSET1, ®);
+- rt2x00_set_field32(®, BCN_OFFSET1_BCN4,
+- rt2800_get_beacon_offset(rt2x00dev, 4));
+- rt2x00_set_field32(®, BCN_OFFSET1_BCN5,
+- rt2800_get_beacon_offset(rt2x00dev, 5));
+- rt2x00_set_field32(®, BCN_OFFSET1_BCN6,
+- rt2800_get_beacon_offset(rt2x00dev, 6));
+- rt2x00_set_field32(®, BCN_OFFSET1_BCN7,
+- rt2800_get_beacon_offset(rt2x00dev, 7));
+- rt2800_register_write(rt2x00dev, BCN_OFFSET1, reg);
+-
+ rt2800_register_write(rt2x00dev, LEGACY_BASIC_RATE, 0x0000013f);
+ rt2800_register_write(rt2x00dev, HT_BASIC_RATE, 0x00008003);
+
+--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
+@@ -141,8 +141,11 @@ static void rt2x00lib_intf_scheduled_ite
+ if (!test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
+ return;
+
+- if (test_and_clear_bit(DELAYED_UPDATE_BEACON, &intf->delayed_flags))
++ if (test_and_clear_bit(DELAYED_UPDATE_BEACON, &intf->delayed_flags)) {
++ mutex_lock(&intf->beacon_skb_mutex);
+ rt2x00queue_update_beacon(rt2x00dev, vif);
++ mutex_unlock(&intf->beacon_skb_mutex);
++ }
+ }
+
+ static void rt2x00lib_intf_scheduled(struct work_struct *work)
+@@ -216,7 +219,7 @@ static void rt2x00lib_beaconupdate_iter(
+ * never be called for USB devices.
+ */
+ WARN_ON(rt2x00_is_usb(rt2x00dev));
+- rt2x00queue_update_beacon_locked(rt2x00dev, vif);
++ rt2x00queue_update_beacon(rt2x00dev, vif);
+ }
+
+ void rt2x00lib_beacondone(struct rt2x00_dev *rt2x00dev)
+--- a/drivers/net/wireless/rt2x00/rt2x00mac.c
++++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
+@@ -487,6 +487,8 @@ int rt2x00mac_set_key(struct ieee80211_h
+ crypto.cipher = rt2x00crypto_key_to_cipher(key);
+ if (crypto.cipher == CIPHER_NONE)
+ return -EOPNOTSUPP;
++ if (crypto.cipher == CIPHER_TKIP && rt2x00_is_usb(rt2x00dev))
++ return -EOPNOTSUPP;
+
+ crypto.cmd = cmd;
+
+@@ -624,25 +626,24 @@ void rt2x00mac_bss_info_changed(struct i
+ * Start/stop beaconing.
+ */
+ if (changes & BSS_CHANGED_BEACON_ENABLED) {
++ mutex_lock(&intf->beacon_skb_mutex);
+ if (!bss_conf->enable_beacon && intf->enable_beacon) {
+ rt2x00dev->intf_beaconing--;
+ intf->enable_beacon = false;
+- /*
+- * Clear beacon in the H/W for this vif. This is needed
+- * to disable beaconing on this particular interface
+- * and keep it running on other interfaces.
+- */
+- rt2x00queue_clear_beacon(rt2x00dev, vif);
+
+ if (rt2x00dev->intf_beaconing == 0) {
+ /*
+ * Last beaconing interface disabled
+ * -> stop beacon queue.
+ */
+- mutex_lock(&intf->beacon_skb_mutex);
+ rt2x00queue_stop_queue(rt2x00dev->bcn);
+- mutex_unlock(&intf->beacon_skb_mutex);
+ }
++ /*
++ * Clear beacon in the H/W for this vif. This is needed
++ * to disable beaconing on this particular interface
++ * and keep it running on other interfaces.
++ */
++ rt2x00queue_clear_beacon(rt2x00dev, vif);
+ } else if (bss_conf->enable_beacon && !intf->enable_beacon) {
+ rt2x00dev->intf_beaconing++;
+ intf->enable_beacon = true;
+@@ -658,11 +659,10 @@ void rt2x00mac_bss_info_changed(struct i
+ * First beaconing interface enabled
+ * -> start beacon queue.
+ */
+- mutex_lock(&intf->beacon_skb_mutex);
+ rt2x00queue_start_queue(rt2x00dev->bcn);
+- mutex_unlock(&intf->beacon_skb_mutex);
+ }
+ }
++ mutex_unlock(&intf->beacon_skb_mutex);
+ }
+
+ /*
+--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
+@@ -754,8 +754,6 @@ int rt2x00queue_clear_beacon(struct rt2x
+ if (unlikely(!intf->beacon))
+ return -ENOBUFS;
+
+- mutex_lock(&intf->beacon_skb_mutex);
+-
+ /*
+ * Clean up the beacon skb.
+ */
+@@ -768,13 +766,11 @@ int rt2x00queue_clear_beacon(struct rt2x
+ if (rt2x00dev->ops->lib->clear_beacon)
+ rt2x00dev->ops->lib->clear_beacon(intf->beacon);
+
+- mutex_unlock(&intf->beacon_skb_mutex);
+-
+ return 0;
+ }
+
+-int rt2x00queue_update_beacon_locked(struct rt2x00_dev *rt2x00dev,
+- struct ieee80211_vif *vif)
++int rt2x00queue_update_beacon(struct rt2x00_dev *rt2x00dev,
++ struct ieee80211_vif *vif)
+ {
+ struct rt2x00_intf *intf = vif_to_intf(vif);
+ struct skb_frame_desc *skbdesc;
+@@ -815,19 +811,6 @@ int rt2x00queue_update_beacon_locked(str
+
+ }
+
+-int rt2x00queue_update_beacon(struct rt2x00_dev *rt2x00dev,
+- struct ieee80211_vif *vif)
+-{
+- struct rt2x00_intf *intf = vif_to_intf(vif);
+- int ret;
+-
+- mutex_lock(&intf->beacon_skb_mutex);
+- ret = rt2x00queue_update_beacon_locked(rt2x00dev, vif);
+- mutex_unlock(&intf->beacon_skb_mutex);
+-
+- return ret;
+-}
+-
+ bool rt2x00queue_for_each_entry(struct data_queue *queue,
+ enum queue_index start,
+ enum queue_index end,
+--- a/drivers/net/wireless/rt2x00/rt2x00queue.h
++++ b/drivers/net/wireless/rt2x00/rt2x00queue.h
+@@ -353,6 +353,7 @@ struct txentry_desc {
+ */
+ enum queue_entry_flags {
+ ENTRY_BCN_ASSIGNED,
++ ENTRY_BCN_ENABLED,
+ ENTRY_OWNER_DEVICE_DATA,
+ ENTRY_DATA_PENDING,
+ ENTRY_DATA_IO_FAILED,
+--- a/drivers/net/wireless/ath/ath9k/main.c
++++ b/drivers/net/wireless/ath/ath9k/main.c
+@@ -1757,7 +1757,6 @@ out:
+ void ath9k_update_p2p_ps(struct ath_softc *sc, struct ieee80211_vif *vif)
+ {
+ struct ath_vif *avp = (void *)vif->drv_priv;
+- unsigned long flags;
+ u32 tsf;
+
+ if (!sc->p2p_ps_timer)
+@@ -1767,14 +1766,9 @@ void ath9k_update_p2p_ps(struct ath_soft
+ return;
+
+ sc->p2p_ps_vif = avp;
+-
+- spin_lock_irqsave(&sc->sc_pm_lock, flags);
+- if (!(sc->ps_flags & PS_BEACON_SYNC)) {
+- tsf = ath9k_hw_gettsf32(sc->sc_ah);
+- ieee80211_parse_p2p_noa(&vif->bss_conf.p2p_noa_attr, &avp->noa, tsf);
+- ath9k_update_p2p_ps_timer(sc, avp);
+- }
+- spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
++ tsf = ath9k_hw_gettsf32(sc->sc_ah);
++ ieee80211_parse_p2p_noa(&vif->bss_conf.p2p_noa_attr, &avp->noa, tsf);
++ ath9k_update_p2p_ps_timer(sc, avp);
+ }
+
+ static void ath9k_bss_info_changed(struct ieee80211_hw *hw,
+@@ -1791,6 +1785,7 @@ static void ath9k_bss_info_changed(struc
+ struct ath_hw *ah = sc->sc_ah;
+ struct ath_common *common = ath9k_hw_common(ah);
+ struct ath_vif *avp = (void *)vif->drv_priv;
++ unsigned long flags;
+ int slottime;
+
+ ath9k_ps_wakeup(sc);
+@@ -1853,7 +1848,10 @@ static void ath9k_bss_info_changed(struc
+
+ if (changed & BSS_CHANGED_P2P_PS) {
+ spin_lock_bh(&sc->sc_pcu_lock);
+- ath9k_update_p2p_ps(sc, vif);
++ spin_lock_irqsave(&sc->sc_pm_lock, flags);
++ if (!(sc->ps_flags & PS_BEACON_SYNC))
++ ath9k_update_p2p_ps(sc, vif);
++ spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
+ spin_unlock_bh(&sc->sc_pcu_lock);
+ }
+
+@@ -2232,14 +2230,6 @@ static void ath9k_sw_scan_complete(struc
+ clear_bit(ATH_OP_SCANNING, &common->op_flags);
+ }
+
+-static void ath9k_channel_switch_beacon(struct ieee80211_hw *hw,
+- struct ieee80211_vif *vif,
+- struct cfg80211_chan_def *chandef)
+-{
+- /* depend on vif->csa_active only */
+- return;
+-}
+-
+ struct ieee80211_ops ath9k_ops = {
+ .tx = ath9k_tx,
+ .start = ath9k_start,
+@@ -2287,5 +2277,4 @@ struct ieee80211_ops ath9k_ops = {
+ #endif
+ .sw_scan_start = ath9k_sw_scan_start,
+ .sw_scan_complete = ath9k_sw_scan_complete,
+- .channel_switch_beacon = ath9k_channel_switch_beacon,
+ };
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -4142,14 +4142,6 @@ static int ath10k_set_bitrate_mask(struc
+ fixed_nss, force_sgi);
+ }
+
+-static void ath10k_channel_switch_beacon(struct ieee80211_hw *hw,
+- struct ieee80211_vif *vif,
+- struct cfg80211_chan_def *chandef)
+-{
+- /* there's no need to do anything here. vif->csa_active is enough */
+- return;
+-}
+-
+ static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+@@ -4256,7 +4248,6 @@ static const struct ieee80211_ops ath10k
+ .restart_complete = ath10k_restart_complete,
+ .get_survey = ath10k_get_survey,
+ .set_bitrate_mask = ath10k_set_bitrate_mask,
+- .channel_switch_beacon = ath10k_channel_switch_beacon,
+ .sta_rc_update = ath10k_sta_rc_update,
+ .get_tsf = ath10k_get_tsf,
+ #ifdef CONFIG_PM
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -468,327 +468,6 @@ void sta_set_rate_info_rx(struct sta_inf
+ rinfo->flags |= RATE_INFO_FLAGS_160_MHZ_WIDTH;
+ }
+
+-static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
+-{
+- struct ieee80211_sub_if_data *sdata = sta->sdata;
+- struct ieee80211_local *local = sdata->local;
+- struct rate_control_ref *ref = local->rate_ctrl;
+- struct timespec uptime;
+- u64 packets = 0;
+- u32 thr = 0;
+- int i, ac;
+-
+- sinfo->generation = sdata->local->sta_generation;
+-
+- sinfo->filled = STATION_INFO_INACTIVE_TIME |
+- STATION_INFO_RX_BYTES64 |
+- STATION_INFO_TX_BYTES64 |
+- STATION_INFO_RX_PACKETS |
+- STATION_INFO_TX_PACKETS |
+- STATION_INFO_TX_RETRIES |
+- STATION_INFO_TX_FAILED |
+- STATION_INFO_TX_BITRATE |
+- STATION_INFO_RX_BITRATE |
+- STATION_INFO_RX_DROP_MISC |
+- STATION_INFO_BSS_PARAM |
+- STATION_INFO_CONNECTED_TIME |
+- STATION_INFO_STA_FLAGS |
+- STATION_INFO_BEACON_LOSS_COUNT;
+-
+- do_posix_clock_monotonic_gettime(&uptime);
+- sinfo->connected_time = uptime.tv_sec - sta->last_connected;
+-
+- sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx);
+- sinfo->tx_bytes = 0;
+- for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
+- sinfo->tx_bytes += sta->tx_bytes[ac];
+- packets += sta->tx_packets[ac];
+- }
+- sinfo->tx_packets = packets;
+- sinfo->rx_bytes = sta->rx_bytes;
+- sinfo->rx_packets = sta->rx_packets;
+- sinfo->tx_retries = sta->tx_retry_count;
+- sinfo->tx_failed = sta->tx_retry_failed;
+- sinfo->rx_dropped_misc = sta->rx_dropped;
+- sinfo->beacon_loss_count = sta->beacon_loss_count;
+-
+- if ((sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) ||
+- (sta->local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)) {
+- sinfo->filled |= STATION_INFO_SIGNAL | STATION_INFO_SIGNAL_AVG;
+- if (!local->ops->get_rssi ||
+- drv_get_rssi(local, sdata, &sta->sta, &sinfo->signal))
+- sinfo->signal = (s8)sta->last_signal;
+- sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
+- }
+- if (sta->chains) {
+- sinfo->filled |= STATION_INFO_CHAIN_SIGNAL |
+- STATION_INFO_CHAIN_SIGNAL_AVG;
+-
+- sinfo->chains = sta->chains;
+- for (i = 0; i < ARRAY_SIZE(sinfo->chain_signal); i++) {
+- sinfo->chain_signal[i] = sta->chain_signal_last[i];
+- sinfo->chain_signal_avg[i] =
+- (s8) -ewma_read(&sta->chain_signal_avg[i]);
+- }
+- }
+-
+- sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate);
+- sta_set_rate_info_rx(sta, &sinfo->rxrate);
+-
+- if (ieee80211_vif_is_mesh(&sdata->vif)) {
+-#ifdef CPTCFG_MAC80211_MESH
+- sinfo->filled |= STATION_INFO_LLID |
+- STATION_INFO_PLID |
+- STATION_INFO_PLINK_STATE |
+- STATION_INFO_LOCAL_PM |
+- STATION_INFO_PEER_PM |
+- STATION_INFO_NONPEER_PM;
+-
+- sinfo->llid = sta->llid;
+- sinfo->plid = sta->plid;
+- sinfo->plink_state = sta->plink_state;
+- if (test_sta_flag(sta, WLAN_STA_TOFFSET_KNOWN)) {
+- sinfo->filled |= STATION_INFO_T_OFFSET;
+- sinfo->t_offset = sta->t_offset;
+- }
+- sinfo->local_pm = sta->local_pm;
+- sinfo->peer_pm = sta->peer_pm;
+- sinfo->nonpeer_pm = sta->nonpeer_pm;
+-#endif
+- }
+-
+- sinfo->bss_param.flags = 0;
+- if (sdata->vif.bss_conf.use_cts_prot)
+- sinfo->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
+- if (sdata->vif.bss_conf.use_short_preamble)
+- sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
+- if (sdata->vif.bss_conf.use_short_slot)
+- sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
+- sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period;
+- sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
+-
+- sinfo->sta_flags.set = 0;
+- sinfo->sta_flags.mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
+- BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
+- BIT(NL80211_STA_FLAG_WME) |
+- BIT(NL80211_STA_FLAG_MFP) |
+- BIT(NL80211_STA_FLAG_AUTHENTICATED) |
+- BIT(NL80211_STA_FLAG_ASSOCIATED) |
+- BIT(NL80211_STA_FLAG_TDLS_PEER);
+- if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
+- if (test_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
+- if (test_sta_flag(sta, WLAN_STA_WME))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_WME);
+- if (test_sta_flag(sta, WLAN_STA_MFP))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_MFP);
+- if (test_sta_flag(sta, WLAN_STA_AUTH))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
+- if (test_sta_flag(sta, WLAN_STA_ASSOC))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
+- if (test_sta_flag(sta, WLAN_STA_TDLS_PEER))
+- sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
+-
+- /* check if the driver has a SW RC implementation */
+- if (ref && ref->ops->get_expected_throughput)
+- thr = ref->ops->get_expected_throughput(sta->rate_ctrl_priv);
+- else
+- thr = drv_get_expected_throughput(local, &sta->sta);
+-
+- if (thr != 0) {
+- sinfo->filled |= STATION_INFO_EXPECTED_THROUGHPUT;
+- sinfo->expected_throughput = thr;
+- }
+-}
+-
+-static const char ieee80211_gstrings_sta_stats[][ETH_GSTRING_LEN] = {
+- "rx_packets", "rx_bytes", "wep_weak_iv_count",
+- "rx_duplicates", "rx_fragments", "rx_dropped",
+- "tx_packets", "tx_bytes", "tx_fragments",
+- "tx_filtered", "tx_retry_failed", "tx_retries",
+- "beacon_loss", "sta_state", "txrate", "rxrate", "signal",
+- "channel", "noise", "ch_time", "ch_time_busy",
+- "ch_time_ext_busy", "ch_time_rx", "ch_time_tx"
+-};
+-#define STA_STATS_LEN ARRAY_SIZE(ieee80211_gstrings_sta_stats)
+-
+-static int ieee80211_get_et_sset_count(struct wiphy *wiphy,
+- struct net_device *dev,
+- int sset)
+-{
+- struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+- int rv = 0;
+-
+- if (sset == ETH_SS_STATS)
+- rv += STA_STATS_LEN;
+-
+- rv += drv_get_et_sset_count(sdata, sset);
+-
+- if (rv == 0)
+- return -EOPNOTSUPP;
+- return rv;
+-}
+-
+-static void ieee80211_get_et_stats(struct wiphy *wiphy,
+- struct net_device *dev,
+- struct ethtool_stats *stats,
+- u64 *data)
+-{
+- struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+- struct ieee80211_chanctx_conf *chanctx_conf;
+- struct ieee80211_channel *channel;
+- struct sta_info *sta;
+- struct ieee80211_local *local = sdata->local;
+- struct station_info sinfo;
+- struct survey_info survey;
+- int i, q;
+-#define STA_STATS_SURVEY_LEN 7
+-
+- memset(data, 0, sizeof(u64) * STA_STATS_LEN);
+-
+-#define ADD_STA_STATS(sta) \
+- do { \
+- data[i++] += sta->rx_packets; \
+- data[i++] += sta->rx_bytes; \
+- data[i++] += sta->wep_weak_iv_count; \
+- data[i++] += sta->num_duplicates; \
+- data[i++] += sta->rx_fragments; \
+- data[i++] += sta->rx_dropped; \
+- \
+- data[i++] += sinfo.tx_packets; \
+- data[i++] += sinfo.tx_bytes; \
+- data[i++] += sta->tx_fragments; \
+- data[i++] += sta->tx_filtered_count; \
+- data[i++] += sta->tx_retry_failed; \
+- data[i++] += sta->tx_retry_count; \
+- data[i++] += sta->beacon_loss_count; \
+- } while (0)
+-
+- /* For Managed stations, find the single station based on BSSID
+- * and use that. For interface types, iterate through all available
+- * stations and add stats for any station that is assigned to this
+- * network device.
+- */
+-
+- mutex_lock(&local->sta_mtx);
+-
+- if (sdata->vif.type == NL80211_IFTYPE_STATION) {
+- sta = sta_info_get_bss(sdata, sdata->u.mgd.bssid);
+-
+- if (!(sta && !WARN_ON(sta->sdata->dev != dev)))
+- goto do_survey;
+-
+- sinfo.filled = 0;
+- sta_set_sinfo(sta, &sinfo);
+-
+- i = 0;
+- ADD_STA_STATS(sta);
+-
+- data[i++] = sta->sta_state;
+-
+-
+- if (sinfo.filled & STATION_INFO_TX_BITRATE)
+- data[i] = 100000 *
+- cfg80211_calculate_bitrate(&sinfo.txrate);
+- i++;
+- if (sinfo.filled & STATION_INFO_RX_BITRATE)
+- data[i] = 100000 *
+- cfg80211_calculate_bitrate(&sinfo.rxrate);
+- i++;
+-
+- if (sinfo.filled & STATION_INFO_SIGNAL_AVG)
+- data[i] = (u8)sinfo.signal_avg;
+- i++;
+- } else {
+- list_for_each_entry(sta, &local->sta_list, list) {
+- /* Make sure this station belongs to the proper dev */
+- if (sta->sdata->dev != dev)
+- continue;
+-
+- sinfo.filled = 0;
+- sta_set_sinfo(sta, &sinfo);
+- i = 0;
+- ADD_STA_STATS(sta);
+- }
+- }
+-
+-do_survey:
+- i = STA_STATS_LEN - STA_STATS_SURVEY_LEN;
+- /* Get survey stats for current channel */
+- survey.filled = 0;
+-
+- rcu_read_lock();
+- chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
+- if (chanctx_conf)
+- channel = chanctx_conf->def.chan;
+- else
+- channel = NULL;
+- rcu_read_unlock();
+-
+- if (channel) {
+- q = 0;
+- do {
+- survey.filled = 0;
+- if (drv_get_survey(local, q, &survey) != 0) {
+- survey.filled = 0;
+- break;
+- }
+- q++;
+- } while (channel != survey.channel);
+- }
+-
+- if (survey.filled)
+- data[i++] = survey.channel->center_freq;
+- else
+- data[i++] = 0;
+- if (survey.filled & SURVEY_INFO_NOISE_DBM)
+- data[i++] = (u8)survey.noise;
+- else
+- data[i++] = -1LL;
+- if (survey.filled & SURVEY_INFO_CHANNEL_TIME)
+- data[i++] = survey.channel_time;
+- else
+- data[i++] = -1LL;
+- if (survey.filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
+- data[i++] = survey.channel_time_busy;
+- else
+- data[i++] = -1LL;
+- if (survey.filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
+- data[i++] = survey.channel_time_ext_busy;
+- else
+- data[i++] = -1LL;
+- if (survey.filled & SURVEY_INFO_CHANNEL_TIME_RX)
+- data[i++] = survey.channel_time_rx;
+- else
+- data[i++] = -1LL;
+- if (survey.filled & SURVEY_INFO_CHANNEL_TIME_TX)
+- data[i++] = survey.channel_time_tx;
+- else
+- data[i++] = -1LL;
+-
+- mutex_unlock(&local->sta_mtx);
+-
+- if (WARN_ON(i != STA_STATS_LEN))
+- return;
+-
+- drv_get_et_stats(sdata, stats, &(data[STA_STATS_LEN]));
+-}
+-
+-static void ieee80211_get_et_strings(struct wiphy *wiphy,
+- struct net_device *dev,
+- u32 sset, u8 *data)
+-{
+- struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+- int sz_sta_stats = 0;
+-
+- if (sset == ETH_SS_STATS) {
+- sz_sta_stats = sizeof(ieee80211_gstrings_sta_stats);
+- memcpy(data, ieee80211_gstrings_sta_stats, sz_sta_stats);
+- }
+- drv_get_et_strings(sdata, sset, &(data[sz_sta_stats]));
+-}
+-
+ static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
+ int idx, u8 *mac, struct station_info *sinfo)
+ {
+@@ -875,7 +554,8 @@ static int ieee80211_set_monitor_channel
+ }
+
+ static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
+- const u8 *resp, size_t resp_len)
++ const u8 *resp, size_t resp_len,
++ const struct ieee80211_csa_settings *csa)
+ {
+ struct probe_resp *new, *old;
+
+@@ -891,6 +571,11 @@ static int ieee80211_set_probe_resp(stru
+ new->len = resp_len;
+ memcpy(new->data, resp, resp_len);
+
++ if (csa)
++ memcpy(new->csa_counter_offsets, csa->counter_offsets_presp,
++ csa->n_counter_offsets_presp *
++ sizeof(new->csa_counter_offsets[0]));
++
+ rcu_assign_pointer(sdata->u.ap.probe_resp, new);
+ if (old)
+ kfree_rcu(old, rcu_head);
+@@ -899,7 +584,8 @@ static int ieee80211_set_probe_resp(stru
+ }
+
+ static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
+- struct cfg80211_beacon_data *params)
++ struct cfg80211_beacon_data *params,
++ const struct ieee80211_csa_settings *csa)
+ {
+ struct beacon_data *new, *old;
+ int new_head_len, new_tail_len;
+@@ -943,6 +629,13 @@ static int ieee80211_assign_beacon(struc
+ new->head_len = new_head_len;
+ new->tail_len = new_tail_len;
+
++ if (csa) {
++ new->csa_current_counter = csa->count;
++ memcpy(new->csa_counter_offsets, csa->counter_offsets_beacon,
++ csa->n_counter_offsets_beacon *
++ sizeof(new->csa_counter_offsets[0]));
++ }
++
+ /* copy in head */
+ if (params->head)
+ memcpy(new->head, params->head, new_head_len);
+@@ -957,7 +650,7 @@ static int ieee80211_assign_beacon(struc
+ memcpy(new->tail, old->tail, new_tail_len);
+
+ err = ieee80211_set_probe_resp(sdata, params->probe_resp,
+- params->probe_resp_len);
++ params->probe_resp_len, csa);
+ if (err < 0)
+ return err;
+ if (err == 0)
+@@ -1042,7 +735,7 @@ static int ieee80211_start_ap(struct wip
+ sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
+ IEEE80211_P2P_OPPPS_ENABLE_BIT;
+
+- err = ieee80211_assign_beacon(sdata, ¶ms->beacon);
++ err = ieee80211_assign_beacon(sdata, ¶ms->beacon, NULL);
+ if (err < 0) {
+ ieee80211_vif_release_channel(sdata);
+ return err;
+@@ -1090,7 +783,7 @@ static int ieee80211_change_beacon(struc
+ if (!old)
+ return -ENOENT;
+
+- err = ieee80211_assign_beacon(sdata, params);
++ err = ieee80211_assign_beacon(sdata, params, NULL);
+ if (err < 0)
+ return err;
+ ieee80211_bss_info_change_notify(sdata, err);
+@@ -3073,7 +2766,8 @@ static int ieee80211_set_after_csa_beaco
+
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_AP:
+- err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
++ err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
++ NULL);
+ kfree(sdata->u.ap.next_beacon);
+ sdata->u.ap.next_beacon = NULL;
+
+@@ -3176,6 +2870,7 @@ static int ieee80211_set_csa_beacon(stru
+ struct cfg80211_csa_settings *params,
+ u32 *changed)
+ {
++ struct ieee80211_csa_settings csa = {};
+ int err;
+
+ switch (sdata->vif.type) {
+@@ -3210,20 +2905,13 @@ static int ieee80211_set_csa_beacon(stru
+ IEEE80211_MAX_CSA_COUNTERS_NUM))
+ return -EINVAL;
+
+- /* make sure we don't have garbage in other counters */
+- memset(sdata->csa_counter_offset_beacon, 0,
+- sizeof(sdata->csa_counter_offset_beacon));
+- memset(sdata->csa_counter_offset_presp, 0,
+- sizeof(sdata->csa_counter_offset_presp));
+-
+- memcpy(sdata->csa_counter_offset_beacon,
+- params->counter_offsets_beacon,
+- params->n_counter_offsets_beacon * sizeof(u16));
+- memcpy(sdata->csa_counter_offset_presp,
+- params->counter_offsets_presp,
+- params->n_counter_offsets_presp * sizeof(u16));
++ csa.counter_offsets_beacon = params->counter_offsets_beacon;
++ csa.counter_offsets_presp = params->counter_offsets_presp;
++ csa.n_counter_offsets_beacon = params->n_counter_offsets_beacon;
++ csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
++ csa.count = params->count;
+
+- err = ieee80211_assign_beacon(sdata, ¶ms->beacon_csa);
++ err = ieee80211_assign_beacon(sdata, ¶ms->beacon_csa, &csa);
+ if (err < 0) {
+ kfree(sdata->u.ap.next_beacon);
+ return err;
+@@ -3367,7 +3055,6 @@ __ieee80211_channel_switch(struct wiphy
+ sdata->csa_radar_required = params->radar_required;
+ sdata->csa_chandef = params->chandef;
+ sdata->csa_block_tx = params->block_tx;
+- sdata->csa_current_counter = params->count;
+ sdata->vif.csa_active = true;
+
+ if (sdata->csa_block_tx)
+@@ -3515,10 +3202,23 @@ static int ieee80211_mgmt_tx(struct wiph
+ sdata->vif.type == NL80211_IFTYPE_ADHOC) &&
+ params->n_csa_offsets) {
+ int i;
+- u8 c = sdata->csa_current_counter;
++ struct beacon_data *beacon = NULL;
++
++ rcu_read_lock();
+
+- for (i = 0; i < params->n_csa_offsets; i++)
+- data[params->csa_offsets[i]] = c;
++ if (sdata->vif.type == NL80211_IFTYPE_AP)
++ beacon = rcu_dereference(sdata->u.ap.beacon);
++ else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
++ beacon = rcu_dereference(sdata->u.ibss.presp);
++ else if (ieee80211_vif_is_mesh(&sdata->vif))
++ beacon = rcu_dereference(sdata->u.mesh.beacon);
++
++ if (beacon)
++ for (i = 0; i < params->n_csa_offsets; i++)
++ data[params->csa_offsets[i]] =
++ beacon->csa_current_counter;
++
++ rcu_read_unlock();
+ }
+
+ IEEE80211_SKB_CB(skb)->flags = flags;
+@@ -3598,21 +3298,6 @@ static int ieee80211_get_antenna(struct
+ return drv_get_antenna(local, tx_ant, rx_ant);
+ }
+
+-static int ieee80211_set_ringparam(struct wiphy *wiphy, u32 tx, u32 rx)
+-{
+- struct ieee80211_local *local = wiphy_priv(wiphy);