X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=blobdiff_plain;f=package%2Fmac80211%2Fpatches%2F300-pending_work.patch;h=18379c09cacc816cf79f84599d12521017ffa0ac;hp=38732dc9a4780adf207e4532454cd7cc1dad8390;hb=ce57cd39656202293fb0a72c6efe8b96e1a5a189;hpb=b52f24ae32b528d5e89fc6f213b7c8c8892fbdc4 diff --git a/package/mac80211/patches/300-pending_work.patch b/package/mac80211/patches/300-pending_work.patch index 38732dc9a4..18379c09ca 100644 --- a/package/mac80211/patches/300-pending_work.patch +++ b/package/mac80211/patches/300-pending_work.patch @@ -1,82 +1,1060 @@ ---- a/drivers/net/wireless/rt2x00/rt2800lib.c -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c -@@ -5090,7 +5090,8 @@ static int rt2800_probe_hw_mode(struct r - IEEE80211_HW_SUPPORTS_PS | - IEEE80211_HW_PS_NULLFUNC_STACK | - IEEE80211_HW_AMPDU_AGGREGATION | -- IEEE80211_HW_REPORTS_TX_ACK_STATUS; -+ IEEE80211_HW_REPORTS_TX_ACK_STATUS | -+ IEEE80211_HW_TEARDOWN_AGGR_ON_BAR_FAIL; +--- a/drivers/net/wireless/ath/ath9k/ath9k.h ++++ b/drivers/net/wireless/ath/ath9k/ath9k.h +@@ -234,6 +234,7 @@ struct ath_buf { + dma_addr_t bf_daddr; /* physical addr of desc */ + dma_addr_t bf_buf_addr; /* physical addr of data buffer, for DMA */ + bool bf_stale; ++ struct ieee80211_tx_rate rates[4]; + struct ath_buf_state bf_state; + }; + +@@ -250,9 +251,9 @@ struct ath_atx_tid { + int tidno; + int baw_head; /* first un-acked tx buffer */ + int baw_tail; /* next unused tx buffer slot */ +- int sched; +- int paused; +- u8 state; ++ bool sched; ++ bool paused; ++ bool active; + }; + + struct ath_node { +@@ -273,10 +274,6 @@ struct ath_node { + #endif + }; + +-#define AGGR_CLEANUP BIT(1) +-#define AGGR_ADDBA_COMPLETE BIT(2) +-#define AGGR_ADDBA_PROGRESS BIT(3) +- + struct ath_tx_control { + struct ath_txq *txq; + struct ath_node *an; +@@ -299,6 +296,7 @@ struct ath_tx { + struct ath_txq txq[ATH9K_NUM_TX_QUEUES]; + struct ath_descdma txdma; + struct ath_txq *txq_map[IEEE80211_NUM_ACS]; ++ struct ath_txq *uapsdq; + u32 txq_max_pending[IEEE80211_NUM_ACS]; + u16 max_aggr_framelen[IEEE80211_NUM_ACS][4][32]; + }; +@@ -356,6 +354,11 @@ void ath_tx_aggr_resume(struct ath_softc + void ath_tx_aggr_wakeup(struct ath_softc *sc, struct ath_node *an); + void ath_tx_aggr_sleep(struct ieee80211_sta *sta, struct ath_softc *sc, + struct ath_node *an); ++void ath9k_release_buffered_frames(struct ieee80211_hw *hw, ++ struct ieee80211_sta *sta, ++ u16 tids, int nframes, ++ enum ieee80211_frame_release_type reason, ++ bool more_data); + + /********/ + /* VIFs */ +@@ -410,6 +413,7 @@ struct ath_beacon { + struct ath_descdma bdma; + struct ath_txq *cabq; + struct list_head bbuf; ++ int cabq_dur; + + bool tx_processed; + bool tx_last; +@@ -658,11 +662,10 @@ enum sc_op_flags { + struct ath_rate_table; + + struct ath9k_vif_iter_data { +- const u8 *hw_macaddr; /* phy's hardware address, set +- * before starting iteration for +- * valid bssid mask. +- */ ++ u8 hw_macaddr[ETH_ALEN]; /* address of the first vif */ + u8 mask[ETH_ALEN]; /* bssid mask */ ++ bool has_hw_macaddr; ++ + int naps; /* number of AP vifs */ + int nmeshes; /* number of mesh vifs */ + int nstations; /* number of station vifs */ +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -1171,6 +1171,7 @@ u32 ath9k_regd_get_ctl(struct ath_regula + static inline void ath9k_hw_set_dma(struct ath_hw *ah) + { + struct ath_common *common = ath9k_hw_common(ah); ++ int txbuf_size; + + ENABLE_REGWRITE_BUFFER(ah); + +@@ -1224,13 +1225,17 @@ static inline void ath9k_hw_set_dma(stru + * So set the usable tx buf size also to half to + * avoid data/delimiter underruns + */ +- REG_WRITE(ah, AR_PCU_TXBUF_CTRL, +- AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE); +- } else if (!AR_SREV_9271(ah)) { +- REG_WRITE(ah, AR_PCU_TXBUF_CTRL, +- AR_PCU_TXBUF_CTRL_USABLE_SIZE); ++ txbuf_size = AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE; ++ } else if (AR_SREV_9340_13_OR_LATER(ah)) { ++ /* Uses fewer entries for AR934x v1.3+ to prevent rx overruns */ ++ txbuf_size = AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE; ++ } else { ++ txbuf_size = AR_PCU_TXBUF_CTRL_USABLE_SIZE; + } + ++ if (!AR_SREV_9271(ah)) ++ REG_WRITE(ah, AR_PCU_TXBUF_CTRL, txbuf_size); ++ + REGWRITE_BUFFER_FLUSH(ah); + + if (AR_SREV_9300_20_OR_LATER(ah)) +@@ -1305,9 +1310,13 @@ static bool ath9k_hw_set_reset(struct at + AR_RTC_RC_COLD_RESET | AR_RTC_RC_WARM_RESET; + } else { + tmpReg = REG_READ(ah, AR_INTR_SYNC_CAUSE); +- if (tmpReg & +- (AR_INTR_SYNC_LOCAL_TIMEOUT | +- AR_INTR_SYNC_RADM_CPL_TIMEOUT)) { ++ if (AR_SREV_9340(ah)) ++ tmpReg &= AR9340_INTR_SYNC_LOCAL_TIMEOUT; ++ else ++ tmpReg &= AR_INTR_SYNC_LOCAL_TIMEOUT | ++ AR_INTR_SYNC_RADM_CPL_TIMEOUT; ++ ++ if (tmpReg) { + u32 val; + REG_WRITE(ah, AR_INTR_SYNC_ENABLE, 0); + +@@ -1366,7 +1375,10 @@ static bool ath9k_hw_set_reset(struct at + + REGWRITE_BUFFER_FLUSH(ah); + +- udelay(50); ++ if (AR_SREV_9100(ah)) ++ mdelay(10); ++ else ++ udelay(50); + + REG_WRITE(ah, AR_RTC_RC, 0); + if (!ath9k_hw_wait(ah, AR_RTC_RC, AR_RTC_RC_M, 0, AH_WAIT_TIMEOUT)) { +@@ -1377,8 +1389,12 @@ static bool ath9k_hw_set_reset(struct at + if (!AR_SREV_9100(ah)) + REG_WRITE(ah, AR_RC, 0); + +- if (AR_SREV_9100(ah)) ++ if (AR_SREV_9100(ah) && type != ATH9K_RESET_WARM) { ++ if (ah->external_reset) ++ ah->external_reset(); ++ + udelay(50); ++ } + + return true; + } +@@ -1464,7 +1480,8 @@ static bool ath9k_hw_chip_reset(struct a + reset_type = ATH9K_RESET_POWER_ON; + else + reset_type = ATH9K_RESET_COLD; +- } else if (ah->chip_fullsleep || REG_READ(ah, AR_Q_TXE) || ++ } else if (ah->chip_fullsleep || ++ REG_READ(ah, AR_Q_TXE) || + (REG_READ(ah, AR_CR) & AR_CR_RXE)) + reset_type = ATH9K_RESET_COLD; + +@@ -1698,12 +1715,11 @@ static void ath9k_hw_reset_opmode(struct + + ENABLE_REGWRITE_BUFFER(ah); + +- REG_WRITE(ah, AR_STA_ID0, get_unaligned_le32(common->macaddr)); +- REG_WRITE(ah, AR_STA_ID1, get_unaligned_le16(common->macaddr + 4) +- | macStaId1 ++ REG_RMW(ah, AR_STA_ID1, macStaId1 + | AR_STA_ID1_RTS_USE_DEF + | (ah->config.ack_6mb ? AR_STA_ID1_ACKCTS_6MB : 0) +- | ah->sta_id1_defaults); ++ | ah->sta_id1_defaults, ++ ~AR_STA_ID1_SADH_MASK); + ath_hw_setbssidmask(common); + REG_WRITE(ah, AR_DEF_ANTENNA, saveDefAntenna); + ath9k_hw_write_associd(ah); +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -839,10 +839,14 @@ static void ath9k_vif_iter(void *data, u + struct ath9k_vif_iter_data *iter_data = data; + int i; + +- if (iter_data->hw_macaddr) ++ if (iter_data->has_hw_macaddr) { + for (i = 0; i < ETH_ALEN; i++) + iter_data->mask[i] &= + ~(iter_data->hw_macaddr[i] ^ mac[i]); ++ } else { ++ memcpy(iter_data->hw_macaddr, mac, ETH_ALEN); ++ iter_data->has_hw_macaddr = true; ++ } + + switch (vif->type) { + case NL80211_IFTYPE_AP: +@@ -891,7 +895,6 @@ void ath9k_calculate_iter_data(struct ie + * together with the BSSID mask when matching addresses. + */ + memset(iter_data, 0, sizeof(*iter_data)); +- iter_data->hw_macaddr = common->macaddr; + memset(&iter_data->mask, 0xff, ETH_ALEN); + + if (vif) +@@ -901,6 +904,8 @@ void ath9k_calculate_iter_data(struct ie + ieee80211_iterate_active_interfaces_atomic( + sc->hw, IEEE80211_IFACE_ITER_RESUME_ALL, + ath9k_vif_iter, iter_data); ++ ++ memcpy(common->macaddr, iter_data->hw_macaddr, ETH_ALEN); + } + + /* Called with sc->mutex held. */ +@@ -1327,6 +1332,7 @@ static int ath9k_sta_add(struct ieee8021 + struct ath_common *common = ath9k_hw_common(sc->sc_ah); + struct ath_node *an = (struct ath_node *) sta->drv_priv; + struct ieee80211_key_conf ps_key = { }; ++ int key; + + ath_node_attach(sc, sta, vif); + +@@ -1334,7 +1340,9 @@ static int ath9k_sta_add(struct ieee8021 + vif->type != NL80211_IFTYPE_AP_VLAN) + return 0; + +- an->ps_key = ath_key_config(common, vif, sta, &ps_key); ++ key = ath_key_config(common, vif, sta, &ps_key); ++ if (key > 0) ++ an->ps_key = key; + + return 0; + } +@@ -1351,6 +1359,7 @@ static void ath9k_del_ps_key(struct ath_ + return; + + ath_key_delete(common, &ps_key); ++ an->ps_key = 0; + } + + static int ath9k_sta_remove(struct ieee80211_hw *hw, +@@ -1678,6 +1687,7 @@ static int ath9k_ampdu_action(struct iee + u16 tid, u16 *ssn, u8 buf_size) + { + struct ath_softc *sc = hw->priv; ++ bool flush = false; + int ret = 0; + + local_bh_disable(); +@@ -1694,12 +1704,14 @@ static int ath9k_ampdu_action(struct iee + ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid); + ath9k_ps_restore(sc); + break; +- case IEEE80211_AMPDU_TX_STOP_CONT: + case IEEE80211_AMPDU_TX_STOP_FLUSH: + case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT: ++ flush = true; ++ case IEEE80211_AMPDU_TX_STOP_CONT: + ath9k_ps_wakeup(sc); + ath_tx_aggr_stop(sc, sta, tid); +- ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); ++ if (!flush) ++ ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); + ath9k_ps_restore(sc); + break; + case IEEE80211_AMPDU_TX_OPERATIONAL: +@@ -2366,6 +2378,7 @@ struct ieee80211_ops ath9k_ops = { + .flush = ath9k_flush, + .tx_frames_pending = ath9k_tx_frames_pending, + .tx_last_beacon = ath9k_tx_last_beacon, ++ .release_buffered_frames = ath9k_release_buffered_frames, + .get_stats = ath9k_get_stats, + .set_antenna = ath9k_set_antenna, + .get_antenna = ath9k_get_antenna, +--- a/drivers/net/wireless/ath/ath9k/reg.h ++++ b/drivers/net/wireless/ath/ath9k/reg.h +@@ -798,6 +798,10 @@ + #define AR_SREV_REVISION_9485_10 0 + #define AR_SREV_REVISION_9485_11 1 + #define AR_SREV_VERSION_9340 0x300 ++#define AR_SREV_REVISION_9340_10 0 ++#define AR_SREV_REVISION_9340_11 1 ++#define AR_SREV_REVISION_9340_12 2 ++#define AR_SREV_REVISION_9340_13 3 + #define AR_SREV_VERSION_9580 0x1C0 + #define AR_SREV_REVISION_9580_10 4 /* AR9580 1.0 */ + #define AR_SREV_VERSION_9462 0x280 +@@ -897,6 +901,10 @@ + #define AR_SREV_9340(_ah) \ + (((_ah)->hw_version.macVersion == AR_SREV_VERSION_9340)) + ++#define AR_SREV_9340_13_OR_LATER(_ah) \ ++ (AR_SREV_9340((_ah)) && \ ++ ((_ah)->hw_version.macRev >= AR_SREV_REVISION_9340_13)) ++ + #define AR_SREV_9285E_20(_ah) \ + (AR_SREV_9285_12_OR_LATER(_ah) && \ + ((REG_READ(_ah, AR_AN_SYNTH9) & 0x7) == 0x1)) +@@ -1007,6 +1015,8 @@ enum { + AR_INTR_SYNC_LOCAL_TIMEOUT | + AR_INTR_SYNC_MAC_SLEEP_ACCESS), + ++ AR9340_INTR_SYNC_LOCAL_TIMEOUT = 0x00000010, ++ + AR_INTR_SYNC_SPURIOUS = 0xFFFFFFFF, + + }; +@@ -1493,9 +1503,6 @@ enum { + #define AR9271_RADIO_RF_RST 0x20 + #define AR9271_GATE_MAC_CTL 0x4000 + +-#define AR_STA_ID0 0x8000 +-#define AR_STA_ID1 0x8004 +-#define AR_STA_ID1_SADH_MASK 0x0000FFFF + #define AR_STA_ID1_STA_AP 0x00010000 + #define AR_STA_ID1_ADHOC 0x00020000 + #define AR_STA_ID1_PWR_SAV 0x00040000 +@@ -1884,6 +1891,7 @@ enum { + #define AR_PCU_TXBUF_CTRL_SIZE_MASK 0x7FF + #define AR_PCU_TXBUF_CTRL_USABLE_SIZE 0x700 + #define AR_9285_PCU_TXBUF_CTRL_USABLE_SIZE 0x380 ++#define AR_9340_PCU_TXBUF_CTRL_USABLE_SIZE 0x500 + #define AR_PCU_MISC_MODE2 0x8344 + #define AR_PCU_MISC_MODE2_MGMT_CRYPTO_ENABLE 0x00000002 +--- a/drivers/net/wireless/ath/hw.c ++++ b/drivers/net/wireless/ath/hw.c +@@ -118,6 +118,12 @@ + void ath_hw_setbssidmask(struct ath_common *common) + { + void *ah = common->ah; ++ u32 id1; ++ ++ REG_WRITE(ah, AR_STA_ID0, get_unaligned_le32(common->macaddr)); ++ id1 = REG_READ(ah, AR_STA_ID1) & ~AR_STA_ID1_SADH_MASK; ++ id1 |= get_unaligned_le16(common->macaddr + 4); ++ REG_WRITE(ah, AR_STA_ID1, id1); + + REG_WRITE(ah, AR_BSSMSKL, get_unaligned_le32(common->bssidmask)); + REG_WRITE(ah, AR_BSSMSKU, get_unaligned_le16(common->bssidmask + 4)); +--- a/drivers/net/wireless/ath/reg.h ++++ b/drivers/net/wireless/ath/reg.h +@@ -23,6 +23,10 @@ + #define AR_MIBC_CMC 0x00000004 + #define AR_MIBC_MCS 0x00000008 + ++#define AR_STA_ID0 0x8000 ++#define AR_STA_ID1 0x8004 ++#define AR_STA_ID1_SADH_MASK 0x0000ffff ++ + /* + * BSSID mask registers. See ath_hw_set_bssid_mask() + * for detailed documentation about these registers. +--- a/drivers/net/wireless/iwlegacy/4965-mac.c ++++ b/drivers/net/wireless/iwlegacy/4965-mac.c +@@ -6059,7 +6059,7 @@ il4965_mac_channel_switch(struct ieee802 + struct il_priv *il = hw->priv; + const struct il_channel_info *ch_info; + struct ieee80211_conf *conf = &hw->conf; +- struct ieee80211_channel *channel = ch_switch->channel; ++ struct ieee80211_channel *channel = ch_switch->chandef.chan; + struct il_ht_config *ht_conf = &il->current_ht_config; + u16 ch; + +@@ -6096,23 +6096,21 @@ il4965_mac_channel_switch(struct ieee802 + il->current_ht_config.smps = conf->smps_mode; + + /* Configure HT40 channels */ +- il->ht.enabled = conf_is_ht(conf); +- if (il->ht.enabled) { +- if (conf_is_ht40_minus(conf)) { +- il->ht.extension_chan_offset = +- IEEE80211_HT_PARAM_CHA_SEC_BELOW; +- il->ht.is_40mhz = true; +- } else if (conf_is_ht40_plus(conf)) { +- il->ht.extension_chan_offset = +- IEEE80211_HT_PARAM_CHA_SEC_ABOVE; +- il->ht.is_40mhz = true; +- } else { +- il->ht.extension_chan_offset = +- IEEE80211_HT_PARAM_CHA_SEC_NONE; +- il->ht.is_40mhz = false; +- } +- } else ++ switch (cfg80211_get_chandef_type(&ch_switch->chandef)) { ++ case NL80211_CHAN_NO_HT: ++ case NL80211_CHAN_HT20: + il->ht.is_40mhz = false; ++ il->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; ++ break; ++ case NL80211_CHAN_HT40MINUS: ++ il->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_BELOW; ++ il->ht.is_40mhz = true; ++ break; ++ case NL80211_CHAN_HT40PLUS: ++ il->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_ABOVE; ++ il->ht.is_40mhz = true; ++ break; ++ } + + if ((le16_to_cpu(il->staging.channel) != ch)) + il->staging.flags = 0; +--- a/drivers/net/wireless/iwlegacy/4965.c ++++ b/drivers/net/wireless/iwlegacy/4965.c +@@ -1493,7 +1493,7 @@ il4965_hw_channel_switch(struct il_priv + + cmd.band = band; + cmd.expect_beacon = 0; +- ch = ch_switch->channel->hw_value; ++ ch = ch_switch->chandef.chan->hw_value; + cmd.channel = cpu_to_le16(ch); + cmd.rxon_flags = il->staging.flags; + cmd.rxon_filter_flags = il->staging.filter_flags; +--- a/drivers/net/wireless/iwlwifi/dvm/devices.c ++++ b/drivers/net/wireless/iwlwifi/dvm/devices.c +@@ -379,7 +379,7 @@ static int iwl5000_hw_channel_switch(str + }; + + cmd.band = priv->band == IEEE80211_BAND_2GHZ; +- ch = ch_switch->channel->hw_value; ++ ch = ch_switch->chandef.chan->hw_value; + IWL_DEBUG_11H(priv, "channel switch from %d to %d\n", + ctx->active.channel, ch); + cmd.channel = cpu_to_le16(ch); +@@ -414,7 +414,8 @@ static int iwl5000_hw_channel_switch(str + } + IWL_DEBUG_11H(priv, "uCode time for the switch is 0x%x\n", + cmd.switch_time); +- cmd.expect_beacon = ch_switch->channel->flags & IEEE80211_CHAN_RADAR; ++ cmd.expect_beacon = ++ ch_switch->chandef.chan->flags & IEEE80211_CHAN_RADAR; + + return iwl_dvm_send_cmd(priv, &hcmd); + } +@@ -540,7 +541,7 @@ static int iwl6000_hw_channel_switch(str + hcmd.data[0] = cmd; + + cmd->band = priv->band == IEEE80211_BAND_2GHZ; +- ch = ch_switch->channel->hw_value; ++ ch = ch_switch->chandef.chan->hw_value; + IWL_DEBUG_11H(priv, "channel switch from %u to %u\n", + ctx->active.channel, ch); + cmd->channel = cpu_to_le16(ch); +@@ -575,7 +576,8 @@ static int iwl6000_hw_channel_switch(str + } + IWL_DEBUG_11H(priv, "uCode time for the switch is 0x%x\n", + cmd->switch_time); +- cmd->expect_beacon = ch_switch->channel->flags & IEEE80211_CHAN_RADAR; ++ cmd->expect_beacon = ++ ch_switch->chandef.chan->flags & IEEE80211_CHAN_RADAR; + + err = iwl_dvm_send_cmd(priv, &hcmd); + kfree(cmd); +--- a/drivers/net/wireless/iwlwifi/dvm/mac80211.c ++++ b/drivers/net/wireless/iwlwifi/dvm/mac80211.c +@@ -970,7 +970,7 @@ static void iwlagn_mac_channel_switch(st + { + struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); + struct ieee80211_conf *conf = &hw->conf; +- struct ieee80211_channel *channel = ch_switch->channel; ++ struct ieee80211_channel *channel = ch_switch->chandef.chan; + struct iwl_ht_config *ht_conf = &priv->current_ht_config; /* - * Don't set IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING for USB devices ---- a/drivers/net/wireless/rt2x00/rt2x00dev.c -+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c -@@ -392,10 +392,9 @@ void rt2x00lib_txdone(struct queue_entry - tx_info->flags |= IEEE80211_TX_STAT_AMPDU; - tx_info->status.ampdu_len = 1; - tx_info->status.ampdu_ack_len = success ? 1 : 0; -- /* -- * TODO: Need to tear down BA session here -- * if not successful. -- */ + * MULTI-FIXME +@@ -1008,11 +1008,21 @@ static void iwlagn_mac_channel_switch(st + priv->current_ht_config.smps = conf->smps_mode; + + /* Configure HT40 channels */ +- ctx->ht.enabled = conf_is_ht(conf); +- if (ctx->ht.enabled) +- iwlagn_config_ht40(conf, ctx); +- else ++ switch (cfg80211_get_chandef_type(&ch_switch->chandef)) { ++ case NL80211_CHAN_NO_HT: ++ case NL80211_CHAN_HT20: + ctx->ht.is_40mhz = false; ++ ctx->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; ++ break; ++ case NL80211_CHAN_HT40MINUS: ++ ctx->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_BELOW; ++ ctx->ht.is_40mhz = true; ++ break; ++ case NL80211_CHAN_HT40PLUS: ++ ctx->ht.extension_chan_offset = IEEE80211_HT_PARAM_CHA_SEC_ABOVE; ++ ctx->ht.is_40mhz = true; ++ break; ++ } + + if ((le16_to_cpu(ctx->staging.channel) != ch)) + ctx->staging.flags = 0; +--- a/drivers/net/wireless/iwlwifi/dvm/rxon.c ++++ b/drivers/net/wireless/iwlwifi/dvm/rxon.c +@@ -1160,7 +1160,7 @@ int iwlagn_commit_rxon(struct iwl_priv * + } + + void iwlagn_config_ht40(struct ieee80211_conf *conf, +- struct iwl_rxon_context *ctx) ++ struct iwl_rxon_context *ctx) + { + if (conf_is_ht40_minus(conf)) { + ctx->ht.extension_chan_offset = +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -717,9 +718,17 @@ static bool mac80211_hwsim_tx_frame_no_n + rx_status.flag |= RX_FLAG_MACTIME_START; + rx_status.freq = chan->center_freq; + rx_status.band = chan->band; +- rx_status.rate_idx = info->control.rates[0].idx; +- if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS) +- rx_status.flag |= RX_FLAG_HT; ++ if (info->control.rates[0].flags & IEEE80211_TX_RC_VHT_MCS) { ++ rx_status.rate_idx = ++ ieee80211_rate_get_vht_mcs(&info->control.rates[0]); ++ rx_status.vht_nss = ++ ieee80211_rate_get_vht_nss(&info->control.rates[0]); ++ rx_status.flag |= RX_FLAG_VHT; ++ } else { ++ rx_status.rate_idx = info->control.rates[0].idx; ++ if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS) ++ rx_status.flag |= RX_FLAG_HT; ++ } + if (info->control.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH) + rx_status.flag |= RX_FLAG_40MHZ; + if (info->control.rates[0].flags & IEEE80211_TX_RC_SHORT_GI) +@@ -1687,6 +1696,7 @@ static void mac80211_hwsim_free(void) + debugfs_remove(data->debugfs_ps); + debugfs_remove(data->debugfs); + ieee80211_unregister_hw(data->hw); ++ device_release_driver(data->dev); + device_unregister(data->dev); + ieee80211_free_hw(data->hw); + } +@@ -1695,7 +1705,9 @@ static void mac80211_hwsim_free(void) + + + static struct device_driver mac80211_hwsim_driver = { +- .name = "mac80211_hwsim" ++ .name = "mac80211_hwsim", ++ .bus = &platform_bus_type, ++ .owner = THIS_MODULE, + }; + + static const struct net_device_ops hwsim_netdev_ops = { +@@ -2187,9 +2199,15 @@ static int __init init_mac80211_hwsim(vo + spin_lock_init(&hwsim_radio_lock); + INIT_LIST_HEAD(&hwsim_radios); + ++ err = driver_register(&mac80211_hwsim_driver); ++ if (err) ++ return err; ++ + hwsim_class = class_create(THIS_MODULE, "mac80211_hwsim"); +- if (IS_ERR(hwsim_class)) +- return PTR_ERR(hwsim_class); ++ if (IS_ERR(hwsim_class)) { ++ err = PTR_ERR(hwsim_class); ++ goto failed_unregister_driver; ++ } + + memset(addr, 0, ETH_ALEN); + addr[0] = 0x02; +@@ -2211,12 +2229,20 @@ static int __init init_mac80211_hwsim(vo + "hwsim%d", i); + if (IS_ERR(data->dev)) { + printk(KERN_DEBUG +- "mac80211_hwsim: device_create " +- "failed (%ld)\n", PTR_ERR(data->dev)); ++ "mac80211_hwsim: device_create failed (%ld)\n", ++ PTR_ERR(data->dev)); + err = -ENOMEM; + goto failed_drvdata; + } + data->dev->driver = &mac80211_hwsim_driver; ++ err = device_bind_driver(data->dev); ++ if (err != 0) { ++ printk(KERN_DEBUG ++ "mac80211_hwsim: device_bind_driver failed (%d)\n", ++ err); ++ goto failed_hw; ++ } + -+ if (!success) -+ tx_info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK; + skb_queue_head_init(&data->pending); + + SET_IEEE80211_DEV(hw, data->dev); +@@ -2515,6 +2541,8 @@ failed_drvdata: + ieee80211_free_hw(hw); + failed: + mac80211_hwsim_free(); ++failed_unregister_driver: ++ driver_unregister(&mac80211_hwsim_driver); + return err; + } + module_init(init_mac80211_hwsim); +@@ -2527,5 +2555,6 @@ static void __exit exit_mac80211_hwsim(v + + mac80211_hwsim_free(); + unregister_netdev(hwsim_mon); ++ driver_unregister(&mac80211_hwsim_driver); + } + module_exit(exit_mac80211_hwsim); +--- a/drivers/net/wireless/ti/wl12xx/cmd.c ++++ b/drivers/net/wireless/ti/wl12xx/cmd.c +@@ -301,7 +301,7 @@ int wl12xx_cmd_channel_switch(struct wl1 } - if (rate_flags & IEEE80211_TX_RC_USE_RTS_CTS) { ---- a/include/net/mac80211.h -+++ b/include/net/mac80211.h -@@ -173,7 +173,7 @@ struct ieee80211_chanctx_conf { + cmd->role_id = wlvif->role_id; +- cmd->channel = ch_switch->channel->hw_value; ++ cmd->channel = ch_switch->chandef.chan->hw_value; + cmd->switch_time = ch_switch->count; + cmd->stop_tx = ch_switch->block_tx; + +--- a/drivers/net/wireless/ti/wl18xx/cmd.c ++++ b/drivers/net/wireless/ti/wl18xx/cmd.c +@@ -42,11 +42,11 @@ int wl18xx_cmd_channel_switch(struct wl1 + } + + cmd->role_id = wlvif->role_id; +- cmd->channel = ch_switch->channel->hw_value; ++ cmd->channel = ch_switch->chandef.chan->hw_value; + cmd->switch_time = ch_switch->count; + cmd->stop_tx = ch_switch->block_tx; + +- switch (ch_switch->channel->band) { ++ switch (ch_switch->chandef.chan->band) { + case IEEE80211_BAND_2GHZ: + cmd->band = WLCORE_BAND_2_4GHZ; + break; +@@ -55,7 +55,7 @@ int wl18xx_cmd_channel_switch(struct wl1 + break; + default: + wl1271_error("invalid channel switch band: %d", +- ch_switch->channel->band); ++ ch_switch->chandef.chan->band); + ret = -EINVAL; + goto out_free; + } +--- a/include/linux/ieee80211.h ++++ b/include/linux/ieee80211.h +@@ -673,6 +673,36 @@ struct ieee80211_channel_sw_ie { + } __packed; + + /** ++ * struct ieee80211_ext_chansw_ie ++ * ++ * This structure represents the "Extended Channel Switch Announcement element" ++ */ ++struct ieee80211_ext_chansw_ie { ++ u8 mode; ++ u8 new_operating_class; ++ u8 new_ch_num; ++ u8 count; ++} __packed; ++ ++/** ++ * struct ieee80211_sec_chan_offs_ie - secondary channel offset IE ++ * @sec_chan_offs: secondary channel offset, uses IEEE80211_HT_PARAM_CHA_SEC_* ++ * values here ++ * This structure represents the "Secondary Channel Offset element" ++ */ ++struct ieee80211_sec_chan_offs_ie { ++ u8 sec_chan_offs; ++} __packed; ++ ++/** ++ * struct ieee80211_wide_bw_chansw_ie - wide bandwidth channel switch IE ++ */ ++struct ieee80211_wide_bw_chansw_ie { ++ u8 new_channel_width; ++ u8 new_center_freq_seg0, new_center_freq_seg1; ++} __packed; ++ ++/** + * struct ieee80211_tim + * + * This structure refers to "Traffic Indication Map information element" +@@ -840,12 +870,15 @@ struct ieee80211_mgmt { + } __packed wme_action; + struct{ + u8 action_code; +- u8 element_id; +- u8 length; +- struct ieee80211_channel_sw_ie sw_elem; ++ u8 variable[0]; + } __packed chan_switch; + struct{ + u8 action_code; ++ struct ieee80211_ext_chansw_ie data; ++ u8 variable[0]; ++ } __packed ext_chan_switch; ++ struct{ ++ u8 action_code; + u8 dialog_token; + u8 element_id; + u8 length; +@@ -1638,6 +1671,7 @@ enum ieee80211_eid { + + WLAN_EID_HT_CAPABILITY = 45, + WLAN_EID_HT_OPERATION = 61, ++ WLAN_EID_SECONDARY_CHANNEL_OFFSET = 62, + + WLAN_EID_RSN = 48, + WLAN_EID_MMIE = 76, +@@ -1672,6 +1706,8 @@ enum ieee80211_eid { + WLAN_EID_VHT_CAPABILITY = 191, + WLAN_EID_VHT_OPERATION = 192, + WLAN_EID_OPMODE_NOTIF = 199, ++ WLAN_EID_WIDE_BW_CHANNEL_SWITCH = 194, ++ WLAN_EID_CHANNEL_SWITCH_WRAPPER = 196, + + /* 802.11ad */ + WLAN_EID_NON_TX_BSSID_CAP = 83, +@@ -1795,6 +1831,7 @@ enum ieee80211_key_len { + + /* Public action codes */ + enum ieee80211_pub_actioncode { ++ WLAN_PUB_ACTION_EXT_CHANSW_ANN = 4, + WLAN_PUB_ACTION_TDLS_DISCOVER_RES = 14, + }; + +--- a/include/net/cfg80211.h ++++ b/include/net/cfg80211.h +@@ -753,6 +753,8 @@ int cfg80211_check_station_change(struct + * @STATION_INFO_LOCAL_PM: @local_pm filled + * @STATION_INFO_PEER_PM: @peer_pm filled + * @STATION_INFO_NONPEER_PM: @nonpeer_pm filled ++ * @STATION_INFO_CHAIN_SIGNAL: @chain_signal filled ++ * @STATION_INFO_CHAIN_SIGNAL_AVG: @chain_signal_avg filled + */ + enum station_info_flags { + STATION_INFO_INACTIVE_TIME = 1<<0, +@@ -781,6 +783,8 @@ enum station_info_flags { + STATION_INFO_NONPEER_PM = 1<<23, + STATION_INFO_RX_BYTES64 = 1<<24, + STATION_INFO_TX_BYTES64 = 1<<25, ++ STATION_INFO_CHAIN_SIGNAL = 1<<26, ++ STATION_INFO_CHAIN_SIGNAL_AVG = 1<<27, + }; - u8 rx_chains_static, rx_chains_dynamic; + /** +@@ -857,6 +861,8 @@ struct sta_bss_parameters { + u16 beacon_interval; + }; -- u8 drv_priv[0] __attribute__((__aligned__(sizeof(void *)))); -+ u8 drv_priv[0] __aligned(sizeof(void *)); ++#define IEEE80211_MAX_CHAINS 4 ++ + /** + * struct station_info - station information + * +@@ -874,6 +880,9 @@ struct sta_bss_parameters { + * For CFG80211_SIGNAL_TYPE_MBM, value is expressed in _dBm_. + * @signal_avg: Average signal strength, type depends on the wiphy's signal_type. + * For CFG80211_SIGNAL_TYPE_MBM, value is expressed in _dBm_. ++ * @chains: bitmask for filled values in @chain_signal, @chain_signal_avg ++ * @chain_signal: per-chain signal strength of last received packet in dBm ++ * @chain_signal_avg: per-chain signal strength average in dBm + * @txrate: current unicast bitrate from this station + * @rxrate: current unicast bitrate to this station + * @rx_packets: packets received from this station +@@ -909,6 +918,11 @@ struct station_info { + u8 plink_state; + s8 signal; + s8 signal_avg; ++ ++ u8 chains; ++ s8 chain_signal[IEEE80211_MAX_CHAINS]; ++ s8 chain_signal_avg[IEEE80211_MAX_CHAINS]; ++ + struct rate_info txrate; + struct rate_info rxrate; + u32 rx_packets; +@@ -954,6 +968,7 @@ enum monitor_flags { + MONITOR_FLAG_CONTROL = 1<idx = (nss << 4) | mcs; ++ WARN_ON((nss - 1) & ~0x7); ++ rate->idx = ((nss - 1) << 4) | mcs; + } + + static inline u8 +@@ -615,7 +621,7 @@ ieee80211_rate_get_vht_mcs(const struct + static inline u8 + ieee80211_rate_get_vht_nss(const struct ieee80211_tx_rate *rate) + { +- return rate->idx >> 4; ++ return (rate->idx >> 4) + 1; + } + + /** +@@ -656,7 +662,11 @@ struct ieee80211_tx_info { + struct ieee80211_tx_rate rates[ + IEEE80211_TX_MAX_RATES]; + s8 rts_cts_rate_idx; +- /* 3 bytes free */ ++ u8 use_rts:1; ++ u8 use_cts_prot:1; ++ u8 short_preamble:1; ++ u8 skip_table:1; ++ /* 2 bytes free */ + }; + /* only needed before rate control */ + unsigned long jiffies; +@@ -677,6 +687,8 @@ struct ieee80211_tx_info { + struct { + struct ieee80211_tx_rate driver_rates[ + IEEE80211_TX_MAX_RATES]; ++ u8 pad[4]; ++ + void *rate_driver_data[ + IEEE80211_TX_INFO_RATE_DRIVER_DATA_SIZE / sizeof(void *)]; + }; +@@ -840,6 +852,9 @@ enum mac80211_rx_flags { + * @signal: signal strength when receiving this frame, either in dBm, in dB or + * unspecified depending on the hardware capabilities flags + * @IEEE80211_HW_SIGNAL_* ++ * @chains: bitmask of receive chains for which separate signal strength ++ * values were filled. ++ * @chain_signal: per-chain signal strength, same format as @signal + * @antenna: antenna used + * @rate_idx: index of data rate into band's supported rates or MCS index if + * HT or VHT is used (%RX_FLAG_HT/%RX_FLAG_VHT) +@@ -871,6 +886,8 @@ struct ieee80211_rx_status { + u8 band; + u8 antenna; + s8 signal; ++ u8 chains; ++ s8 chain_signal[IEEE80211_MAX_CHAINS]; + u8 ampdu_delimiter_crc; + u8 vendor_radiotap_align; + u8 vendor_radiotap_oui[3]; +@@ -1018,13 +1035,13 @@ struct ieee80211_conf { + * the driver passed into mac80211. + * @block_tx: Indicates whether transmission must be blocked before the + * scheduled channel switch, as indicated by the AP. +- * @channel: the new channel to switch to ++ * @chandef: the new channel to switch to + * @count: the number of TBTT's until the channel switch event + */ + struct ieee80211_channel_switch { + u64 timestamp; + bool block_tx; +- struct ieee80211_channel *channel; ++ struct cfg80211_chan_def chandef; + u8 count; + }; + +@@ -1222,6 +1239,24 @@ enum ieee80211_sta_rx_bandwidth { }; /** -@@ -1369,6 +1369,10 @@ struct ieee80211_tx_control { ++ * struct ieee80211_sta_rates - station rate selection table ++ * ++ * @rcu_head: RCU head used for freeing the table on update ++ * @rates: transmit rates/flags to be used by default. ++ * Overriding entries per-packet is possible by using cb tx control. ++ */ ++struct ieee80211_sta_rates { ++ struct rcu_head rcu_head; ++ struct { ++ s8 idx; ++ u8 count; ++ u8 count_cts; ++ u8 count_rts; ++ u16 flags; ++ } rate[IEEE80211_TX_RATE_TABLE_SIZE]; ++}; ++ ++/** + * struct ieee80211_sta - station table entry + * + * A station table entry represents a station we are possibly +@@ -1248,6 +1283,7 @@ enum ieee80211_sta_rx_bandwidth { + * notifications and capabilities. The value is only valid after + * the station moves to associated state. + * @smps_mode: current SMPS mode (off, static or dynamic) ++ * @tx_rates: rate control selection table + */ + struct ieee80211_sta { + u32 supp_rates[IEEE80211_NUM_BANDS]; +@@ -1261,6 +1297,7 @@ struct ieee80211_sta { + u8 rx_nss; + enum ieee80211_sta_rx_bandwidth bandwidth; + enum ieee80211_smps_mode smps_mode; ++ struct ieee80211_sta_rates __rcu *rates; + + /* must be last */ + u8 drv_priv[0] __aligned(sizeof(void *)); +@@ -1416,6 +1453,9 @@ struct ieee80211_tx_control { + * for different virtual interfaces. See the doc section on HW queue + * control for more details. + * ++ * @IEEE80211_HW_SUPPORTS_RC_TABLE: The driver supports using a rate ++ * selection table provided by the rate control algorithm. ++ * * @IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF: Use the P2P Device address for any * P2P Interface. This will be honoured even if more than one interface * is supported. -+ * -+ * @IEEE80211_HW_TEARDOWN_AGGR_ON_BAR_FAIL: On this hardware TX BA session -+ * should be tear down once BAR frame will not be acked. -+ * - */ - enum ieee80211_hw_flags { - IEEE80211_HW_HAS_RATE_CONTROL = 1<<0, -@@ -1397,6 +1401,7 @@ enum ieee80211_hw_flags { +@@ -1448,6 +1488,7 @@ enum ieee80211_hw_flags { + IEEE80211_HW_SUPPORTS_PER_STA_GTK = 1<<21, + IEEE80211_HW_AP_LINK_PS = 1<<22, IEEE80211_HW_TX_AMPDU_SETUP_IN_HW = 1<<23, - IEEE80211_HW_SCAN_WHILE_IDLE = 1<<24, ++ IEEE80211_HW_SUPPORTS_RC_TABLE = 1<<24, IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF = 1<<25, -+ IEEE80211_HW_TEARDOWN_AGGR_ON_BAR_FAIL = 1<<26, + IEEE80211_HW_TIMING_BEACON_ONLY = 1<<26, }; +@@ -3144,6 +3185,25 @@ void ieee80211_sta_set_buffered(struct i + u8 tid, bool buffered); /** ++ * ieee80211_get_tx_rates - get the selected transmit rates for a packet ++ * ++ * Call this function in a driver with per-packet rate selection support ++ * to combine the rate info in the packet tx info with the most recent ++ * rate selection table for the station entry. ++ * ++ * @vif: &struct ieee80211_vif pointer from the add_interface callback. ++ * @sta: the receiver station to which this packet is sent. ++ * @skb: the frame to be transmitted. ++ * @dest: buffer for extracted rate/retry information ++ * @max_rates: maximum number of rates to fetch ++ */ ++void ieee80211_get_tx_rates(struct ieee80211_vif *vif, ++ struct ieee80211_sta *sta, ++ struct sk_buff *skb, ++ struct ieee80211_tx_rate *dest, ++ int max_rates); ++ ++/** + * ieee80211_tx_status - transmit status callback + * + * Call this function for all transmitted frames after they have been +@@ -4118,7 +4178,7 @@ void ieee80211_send_bar(struct ieee80211 + * (deprecated; this will be removed once drivers get updated to use + * rate_idx_mask) + * @rate_idx_mask: user-requested (legacy) rate mask +- * @rate_idx_mcs_mask: user-requested MCS rate mask ++ * @rate_idx_mcs_mask: user-requested MCS rate mask (NULL if not in use) + * @bss: whether this frame is sent out in AP or IBSS mode + */ + struct ieee80211_tx_rate_control { +@@ -4130,7 +4190,7 @@ struct ieee80211_tx_rate_control { + bool rts, short_preamble; + u8 max_rate_idx; + u32 rate_idx_mask; +- u8 rate_idx_mcs_mask[IEEE80211_HT_MCS_MASK_LEN]; ++ u8 *rate_idx_mcs_mask; + bool bss; + }; + +@@ -4219,6 +4279,22 @@ bool rate_usable_index_exists(struct iee + return false; + } + ++/** ++ * rate_control_set_rates - pass the sta rate selection to mac80211/driver ++ * ++ * When not doing a rate control probe to test rates, rate control should pass ++ * its rate selection to mac80211. If the driver supports receiving a station ++ * rate table, it will use it to ensure that frames are always sent based on ++ * the most recent rate control module decision. ++ * ++ * @hw: pointer as obtained from ieee80211_alloc_hw() ++ * @pubsta: &struct ieee80211_sta pointer to the target destination. ++ * @rates: new tx rate set to be used for this station. ++ */ ++int rate_control_set_rates(struct ieee80211_hw *hw, ++ struct ieee80211_sta *pubsta, ++ struct ieee80211_sta_rates *rates); ++ + int ieee80211_rate_control_register(struct rate_control_ops *ops); + void ieee80211_rate_control_unregister(struct rate_control_ops *ops); + --- a/net/mac80211/agg-rx.c +++ b/net/mac80211/agg-rx.c -@@ -203,6 +203,8 @@ static void ieee80211_send_addba_resp(st +@@ -204,6 +204,8 @@ static void ieee80211_send_addba_resp(st memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN); @@ -97,7 +1075,7 @@ memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); else if (sdata->vif.type == NL80211_IFTYPE_STATION) memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); -@@ -460,6 +461,7 @@ int ieee80211_start_tx_ba_session(struct +@@ -527,6 +528,7 @@ int ieee80211_start_tx_ba_session(struct sdata->vif.type != NL80211_IFTYPE_MESH_POINT && sdata->vif.type != NL80211_IFTYPE_AP_VLAN && sdata->vif.type != NL80211_IFTYPE_AP && @@ -105,14 +1083,188 @@ sdata->vif.type != NL80211_IFTYPE_ADHOC) return -EINVAL; +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -73,16 +73,19 @@ static int ieee80211_change_iface(struct + struct ieee80211_local *local = sdata->local; + + if (ieee80211_sdata_running(sdata)) { ++ u32 mask = MONITOR_FLAG_COOK_FRAMES | ++ MONITOR_FLAG_ACTIVE; ++ + /* +- * Prohibit MONITOR_FLAG_COOK_FRAMES to be +- * changed while the interface is up. ++ * Prohibit MONITOR_FLAG_COOK_FRAMES and ++ * MONITOR_FLAG_ACTIVE to be changed while the ++ * interface is up. + * Else we would need to add a lot of cruft + * to update everything: + * cooked_mntrs, monitor and all fif_* counters + * reconfigure hardware + */ +- if ((*flags & MONITOR_FLAG_COOK_FRAMES) != +- (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)) ++ if ((*flags & mask) != (sdata->u.mntr_flags & mask)) + return -EBUSY; + + ieee80211_adjust_monitor_flags(sdata, -1); +@@ -444,7 +447,7 @@ static void sta_set_sinfo(struct sta_inf + struct ieee80211_local *local = sdata->local; + struct timespec uptime; + u64 packets = 0; +- int ac; ++ int i, ac; + + sinfo->generation = sdata->local->sta_generation; + +@@ -488,6 +491,17 @@ static void sta_set_sinfo(struct sta_inf + sinfo->signal = (s8)sta->last_signal; + sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal); + } ++ if (sta->chains) { ++ sinfo->filled |= STATION_INFO_CHAIN_SIGNAL | ++ STATION_INFO_CHAIN_SIGNAL_AVG; ++ ++ sinfo->chains = sta->chains; ++ for (i = 0; i < ARRAY_SIZE(sinfo->chain_signal); i++) { ++ sinfo->chain_signal[i] = sta->chain_signal_last[i]; ++ sinfo->chain_signal_avg[i] = ++ (s8) -ewma_read(&sta->chain_signal_avg[i]); ++ } ++ } + + sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate); + sta_set_rate_info_rx(sta, &sinfo->rxrate); +@@ -1052,6 +1066,7 @@ static int ieee80211_stop_ap(struct wiph + ieee80211_free_keys(sdata); + + sdata->vif.bss_conf.enable_beacon = false; ++ sdata->vif.bss_conf.ssid_len = 0; + clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); + +@@ -2416,9 +2431,22 @@ static int ieee80211_set_bitrate_mask(st + } + + for (i = 0; i < IEEE80211_NUM_BANDS; i++) { ++ struct ieee80211_supported_band *sband = wiphy->bands[i]; ++ int j; ++ + sdata->rc_rateidx_mask[i] = mask->control[i].legacy; + memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs, + sizeof(mask->control[i].mcs)); ++ ++ sdata->rc_has_mcs_mask[i] = false; ++ if (!sband) ++ continue; ++ ++ for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) ++ if (~sdata->rc_rateidx_mcs_mask[i][j]) { ++ sdata->rc_has_mcs_mask[i] = true; ++ break; ++ } + } + + return 0; +--- a/net/mac80211/chan.c ++++ b/net/mac80211/chan.c +@@ -57,6 +57,22 @@ ieee80211_find_chanctx(struct ieee80211_ + return NULL; + } + ++static bool ieee80211_is_radar_required(struct ieee80211_local *local) ++{ ++ struct ieee80211_sub_if_data *sdata; ++ ++ rcu_read_lock(); ++ list_for_each_entry_rcu(sdata, &local->interfaces, list) { ++ if (sdata->radar_required) { ++ rcu_read_unlock(); ++ return true; ++ } ++ } ++ rcu_read_unlock(); ++ ++ return false; ++} ++ + static struct ieee80211_chanctx * + ieee80211_new_chanctx(struct ieee80211_local *local, + const struct cfg80211_chan_def *chandef, +@@ -76,6 +92,9 @@ ieee80211_new_chanctx(struct ieee80211_l + ctx->conf.rx_chains_static = 1; + ctx->conf.rx_chains_dynamic = 1; + ctx->mode = mode; ++ ctx->conf.radar_enabled = ieee80211_is_radar_required(local); ++ if (!local->use_chanctx) ++ local->hw.conf.radar_enabled = ctx->conf.radar_enabled; + + /* acquire mutex to prevent idle from changing */ + mutex_lock(&local->mtx); +@@ -110,6 +129,7 @@ ieee80211_new_chanctx(struct ieee80211_l + static void ieee80211_free_chanctx(struct ieee80211_local *local, + struct ieee80211_chanctx *ctx) + { ++ bool check_single_channel = false; + lockdep_assert_held(&local->chanctx_mtx); + + WARN_ON_ONCE(ctx->refcount != 0); +@@ -119,6 +139,14 @@ static void ieee80211_free_chanctx(struc + chandef->width = NL80211_CHAN_WIDTH_20_NOHT; + chandef->center_freq1 = chandef->chan->center_freq; + chandef->center_freq2 = 0; ++ ++ /* NOTE: Disabling radar is only valid here for ++ * single channel context. To be sure, check it ... ++ */ ++ if (local->hw.conf.radar_enabled) ++ check_single_channel = true; ++ local->hw.conf.radar_enabled = false; ++ + ieee80211_hw_config(local, 0); + } else { + drv_remove_chanctx(local, ctx); +@@ -127,6 +155,9 @@ static void ieee80211_free_chanctx(struc + list_del_rcu(&ctx->list); + kfree_rcu(ctx, rcu_head); + ++ /* throw a warning if this wasn't the only channel context. */ ++ WARN_ON(check_single_channel && !list_empty(&local->chanctx_list)); ++ + mutex_lock(&local->mtx); + ieee80211_recalc_idle(local); + mutex_unlock(&local->mtx); +@@ -238,19 +269,11 @@ static void __ieee80211_vif_release_chan + void ieee80211_recalc_radar_chanctx(struct ieee80211_local *local, + struct ieee80211_chanctx *chanctx) + { +- struct ieee80211_sub_if_data *sdata; +- bool radar_enabled = false; ++ bool radar_enabled; + + lockdep_assert_held(&local->chanctx_mtx); + +- rcu_read_lock(); +- list_for_each_entry_rcu(sdata, &local->interfaces, list) { +- if (sdata->radar_required) { +- radar_enabled = true; +- break; +- } +- } +- rcu_read_unlock(); ++ radar_enabled = ieee80211_is_radar_required(local); + + if (radar_enabled == chanctx->conf.radar_enabled) + return; --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c -@@ -65,11 +65,11 @@ static ssize_t sta_flags_read(struct fil +@@ -66,11 +66,11 @@ static ssize_t sta_flags_read(struct fil test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : "" int res = scnprintf(buf, sizeof(buf), -- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", -+ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", +- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", ++ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", TEST(AUTH), TEST(ASSOC), TEST(PS_STA), TEST(PS_DRIVER), TEST(AUTHORIZED), TEST(SHORT_PREAMBLE), @@ -123,59 +1275,188 @@ TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT), --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c -@@ -201,6 +201,20 @@ static void __ieee80211_sta_join_ibss(st +@@ -209,6 +209,8 @@ static void __ieee80211_sta_join_ibss(st + sdata->vif.bss_conf.enable_beacon = true; + sdata->vif.bss_conf.beacon_int = beacon_int; + sdata->vif.bss_conf.basic_rates = basic_rates; ++ sdata->vif.bss_conf.ssid_len = ifibss->ssid_len; ++ memcpy(sdata->vif.bss_conf.ssid, ifibss->ssid, ifibss->ssid_len); + bss_change = BSS_CHANGED_BEACON_INT; + bss_change |= ieee80211_reset_erp_info(sdata); + bss_change |= BSS_CHANGED_BSSID; +@@ -217,6 +219,7 @@ static void __ieee80211_sta_join_ibss(st bss_change |= BSS_CHANGED_BASIC_RATES; bss_change |= BSS_CHANGED_HT; bss_change |= BSS_CHANGED_IBSS; -+ -+ /* -+ * In 5 GHz/802.11a, we can always use short slot time. -+ * (IEEE 802.11-2012 18.3.8.7) -+ * -+ * In 2.4GHz, we must always use long slots in IBSS for compatibility -+ * reasons. -+ * (IEEE 802.11-2012 19.4.5) -+ * -+ * HT follows these specifications (IEEE 802.11-2012 20.3.18) -+ */ -+ sdata->vif.bss_conf.use_short_slot = chan->band == IEEE80211_BAND_5GHZ; -+ bss_change |= BSS_CHANGED_ERP_SLOT; -+ - sdata->vif.bss_conf.ibss_joined = true; - sdata->vif.bss_conf.ibss_creator = creator; - ieee80211_bss_info_change_notify(sdata, bss_change); ---- a/net/mac80211/iface.c -+++ b/net/mac80211/iface.c -@@ -508,9 +508,9 @@ static void ieee80211_del_virtual_monito - int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) - { ++ bss_change |= BSS_CHANGED_SSID; + + /* + * In 5 GHz/802.11a, we can always use short slot time. +@@ -911,7 +914,7 @@ void ieee80211_rx_mgmt_probe_beacon(stru + return; + + ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, +- &elems); ++ false, &elems); + + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + } +@@ -1159,6 +1162,7 @@ int ieee80211_ibss_leave(struct ieee8021 + sdata->vif.bss_conf.ibss_joined = false; + sdata->vif.bss_conf.ibss_creator = false; + sdata->vif.bss_conf.enable_beacon = false; ++ sdata->vif.bss_conf.ssid_len = 0; + clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | + BSS_CHANGED_IBSS); +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -156,6 +156,7 @@ struct ieee80211_tx_data { + struct ieee80211_sub_if_data *sdata; + struct sta_info *sta; + struct ieee80211_key *key; ++ struct ieee80211_tx_rate rate; + + unsigned int flags; + }; +@@ -740,6 +741,8 @@ struct ieee80211_sub_if_data { + + /* bitmap of allowed (non-MCS) rate indexes for rate control */ + u32 rc_rateidx_mask[IEEE80211_NUM_BANDS]; ++ ++ bool rc_has_mcs_mask[IEEE80211_NUM_BANDS]; + u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN]; + + union { +@@ -1025,7 +1028,7 @@ struct ieee80211_local { + enum mac80211_scan_state next_scan_state; + struct delayed_work scan_work; + struct ieee80211_sub_if_data __rcu *scan_sdata; +- struct ieee80211_channel *csa_channel; ++ struct cfg80211_chan_def csa_chandef; + /* For backward compatibility only -- do not use */ + struct cfg80211_chan_def _oper_chandef; + +@@ -1184,10 +1187,13 @@ struct ieee802_11_elems { + const u8 *perr; + const struct ieee80211_rann_ie *rann; + const struct ieee80211_channel_sw_ie *ch_switch_ie; ++ const struct ieee80211_ext_chansw_ie *ext_chansw_ie; ++ const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; + const u8 *country_elem; + const u8 *pwr_constr_elem; + const struct ieee80211_timeout_interval_ie *timeout_int; + const u8 *opmode_notif; ++ const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; + + /* length of them, respectively */ + u8 ssid_len; +@@ -1258,10 +1264,6 @@ void ieee80211_recalc_ps_vif(struct ieee + int ieee80211_max_network_latency(struct notifier_block *nb, + unsigned long data, void *dummy); + int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata); +-void +-ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, +- const struct ieee80211_channel_sw_ie *sw_elem, +- struct ieee80211_bss *bss, u64 timestamp); + void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata); + void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, + struct sk_buff *skb); +@@ -1499,13 +1501,13 @@ static inline void ieee80211_tx_skb(stru + ieee80211_tx_skb_tid(sdata, skb, 7); + } + +-u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, ++u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action, + struct ieee802_11_elems *elems, + u64 filter, u32 crc); +-static inline void ieee802_11_parse_elems(u8 *start, size_t len, ++static inline void ieee802_11_parse_elems(u8 *start, size_t len, bool action, + struct ieee802_11_elems *elems) + { +- ieee802_11_parse_elems_crc(start, len, elems, 0, 0); ++ ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0); + } + + u32 ieee80211_mandatory_rates(struct ieee80211_local *local, +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -159,7 +159,8 @@ static int ieee80211_change_mtu(struct n + return 0; + } + +-static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr) ++static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr, ++ bool check_dup) + { + struct ieee80211_sub_if_data *sdata; + u64 new, mask, tmp; +@@ -179,10 +180,13 @@ static int ieee80211_verify_mac(struct i + ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) | + ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8); + ++ if (!check_dup) ++ return ret; + + mutex_lock(&local->iflist_mtx); + list_for_each_entry(sdata, &local->interfaces, list) { +- if (sdata->vif.type == NL80211_IFTYPE_MONITOR) ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) + continue; + + m = sdata->vif.addr; +@@ -204,12 +208,17 @@ static int ieee80211_change_mac(struct n + { + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); + struct sockaddr *sa = addr; ++ bool check_dup = true; + int ret; + + if (ieee80211_sdata_running(sdata)) + return -EBUSY; + +- ret = ieee80211_verify_mac(sdata->local, sa->sa_data); ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ check_dup = false; ++ ++ ret = ieee80211_verify_mac(sdata->local, sa->sa_data, check_dup); + if (ret) + return ret; + +@@ -450,7 +459,6 @@ int ieee80211_do_open(struct wireless_de struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); -+ struct ieee80211_sub_if_data *ap_sdata; struct net_device *dev = wdev->netdev; struct ieee80211_local *local = sdata->local; - struct sta_info *sta; u32 changed = 0; int res; u32 hw_reconf_flags = 0; -@@ -587,10 +587,14 @@ int ieee80211_do_open(struct wireless_de - switch (sdata->vif.type) { - case NL80211_IFTYPE_AP_VLAN: - /* no need to tell driver, but set carrier */ -- if (rtnl_dereference(sdata->bss->beacon)) -- netif_carrier_on(dev); -- else -+ if (!rtnl_dereference(sdata->bss->beacon)) { - netif_carrier_off(dev); -+ break; -+ } -+ -+ ap_sdata = get_bss_sdata(sdata); -+ ieee80211_vif_copy_channel(sdata, ap_sdata); -+ netif_carrier_on(dev); +@@ -474,6 +482,9 @@ int ieee80211_do_open(struct wireless_de + master->control_port_protocol; + sdata->control_port_no_encrypt = + master->control_port_no_encrypt; ++ sdata->vif.cab_queue = master->vif.cab_queue; ++ memcpy(sdata->vif.hw_queue, master->vif.hw_queue, ++ sizeof(sdata->vif.hw_queue)); break; - case NL80211_IFTYPE_MONITOR: - if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) { -@@ -665,30 +669,8 @@ int ieee80211_do_open(struct wireless_de + } + case NL80211_IFTYPE_AP: +@@ -538,7 +549,11 @@ int ieee80211_do_open(struct wireless_de + break; + } + +- if (local->monitors == 0 && local->open_count == 0) { ++ if (sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE) { ++ res = drv_add_interface(local, sdata); ++ if (res) ++ goto err_stop; ++ } else if (local->monitors == 0 && local->open_count == 0) { + res = ieee80211_add_virtual_monitor(local); + if (res) + goto err_stop; +@@ -609,30 +624,8 @@ int ieee80211_do_open(struct wireless_de set_bit(SDATA_STATE_RUNNING, &sdata->state); @@ -207,16 +1488,42 @@ /* * set_multicast_list will be invoked by the networking core -@@ -844,6 +826,8 @@ static void ieee80211_do_stop(struct iee - switch (sdata->vif.type) { - case NL80211_IFTYPE_AP_VLAN: - list_del(&sdata->u.vlan.list); -+ netif_carrier_off(sdata->dev); -+ ieee80211_vif_release_channel(sdata); - /* no need to tell driver */ - break; - case NL80211_IFTYPE_MONITOR: -@@ -1072,6 +1056,72 @@ static void ieee80211_if_setup(struct ne +@@ -653,7 +646,11 @@ int ieee80211_do_open(struct wireless_de + + ieee80211_recalc_ps(local, -1); + +- if (dev) { ++ if (sdata->vif.type == NL80211_IFTYPE_MONITOR || ++ sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { ++ /* XXX: for AP_VLAN, actually track AP queues */ ++ netif_tx_start_all_queues(dev); ++ } else if (dev) { + unsigned long flags; + int n_acs = IEEE80211_NUM_ACS; + int ac; +@@ -916,7 +913,11 @@ static void ieee80211_do_stop(struct iee + mutex_lock(&local->mtx); + ieee80211_recalc_idle(local); + mutex_unlock(&local->mtx); +- break; ++ ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ break; ++ ++ /* fall through */ + default: + if (going_down) + drv_remove_interface(local, sdata); +@@ -1075,7 +1076,7 @@ static const struct net_device_ops ieee8 + .ndo_start_xmit = ieee80211_monitor_start_xmit, + .ndo_set_rx_mode = ieee80211_set_multicast_list, + .ndo_change_mtu = ieee80211_change_mtu, +- .ndo_set_mac_address = eth_mac_addr, ++ .ndo_set_mac_address = ieee80211_change_mac, + .ndo_select_queue = ieee80211_monitor_select_queue, + }; + +@@ -1092,6 +1093,74 @@ static void ieee80211_if_setup(struct ne dev->destructor = free_netdev; } @@ -232,10 +1539,12 @@ + u32 rates = 0; + u16 stype; + bool new = false; -+ enum ieee80211_band band = local->hw.conf.channel->band; -+ struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; ++ enum ieee80211_band band; ++ struct ieee80211_supported_band *sband; + + rx_status = IEEE80211_SKB_RXCB(skb); ++ band = rx_status->band; ++ sband = local->hw.wiphy->bands[band]; + mgmt = (struct ieee80211_mgmt *) skb->data; + stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; + @@ -247,7 +1556,7 @@ + return; + + ieee802_11_parse_elems(mgmt->u.probe_resp.variable, -+ skb->len - baselen, &elems); ++ skb->len - baselen, false, &elems); + + rates = ieee80211_sta_get_rates(local, &elems, band, NULL); + @@ -266,11 +1575,11 @@ + } + + sta->last_rx = jiffies; -+ sta->sta.supp_rates[local->hw.conf.channel->band] = rates; ++ sta->sta.supp_rates[band] = rates; + + if (elems.ht_cap_elem) + ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, -+ elems.ht_cap_elem, &sta->sta.ht_cap); ++ elems.ht_cap_elem, sta); + + if (elems.wmm_param) + set_sta_flag(sta, WLAN_STA_WME); @@ -289,7 +1598,7 @@ static void ieee80211_iface_work(struct work_struct *work) { struct ieee80211_sub_if_data *sdata = -@@ -1176,6 +1226,9 @@ static void ieee80211_iface_work(struct +@@ -1196,6 +1265,9 @@ static void ieee80211_iface_work(struct break; ieee80211_mesh_rx_queued_mgmt(sdata, skb); break; @@ -299,919 +1608,3455 @@ default: WARN(1, "frame for unexpected interface type"); break; ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -378,9 +378,6 @@ ieee80211_rx_monitor(struct ieee80211_lo - * the SKB because it has a bad FCS/PLCP checksum. - */ - -- /* room for the radiotap header based on driver features */ -- needed_headroom = ieee80211_rx_radiotap_space(local, status); -- - if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) - present_fcs_len = FCS_LEN; - -@@ -399,6 +396,9 @@ ieee80211_rx_monitor(struct ieee80211_lo - return remove_monitor_info(local, origskb); - } - -+ /* room for the radiotap header based on driver features */ -+ needed_headroom = ieee80211_rx_radiotap_space(local, status); -+ - if (should_drop_frame(origskb, present_fcs_len)) { - /* only need to expand headroom if necessary */ - skb = origskb; -@@ -2333,7 +2333,8 @@ ieee80211_rx_h_action(struct ieee80211_r - if (len < IEEE80211_MIN_ACTION_SIZE) - return RX_DROP_UNUSABLE; - -- if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) -+ if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC && -+ mgmt->u.action.category != WLAN_CATEGORY_SELF_PROTECTED) - return RX_DROP_UNUSABLE; - - if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) -@@ -2349,6 +2350,7 @@ ieee80211_rx_h_action(struct ieee80211_r - sdata->vif.type != NL80211_IFTYPE_MESH_POINT && - sdata->vif.type != NL80211_IFTYPE_AP_VLAN && - sdata->vif.type != NL80211_IFTYPE_AP && -+ sdata->vif.type != NL80211_IFTYPE_WDS && - sdata->vif.type != NL80211_IFTYPE_ADHOC) - break; - -@@ -2625,14 +2627,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_ +@@ -1718,6 +1790,15 @@ void ieee80211_remove_interfaces(struct - if (!ieee80211_vif_is_mesh(&sdata->vif) && - sdata->vif.type != NL80211_IFTYPE_ADHOC && -- sdata->vif.type != NL80211_IFTYPE_STATION) -+ sdata->vif.type != NL80211_IFTYPE_STATION && -+ sdata->vif.type != NL80211_IFTYPE_WDS) - return RX_DROP_MONITOR; + ASSERT_RTNL(); - switch (stype) { - case cpu_to_le16(IEEE80211_STYPE_AUTH): - case cpu_to_le16(IEEE80211_STYPE_BEACON): - case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): -- /* process for all: mesh, mlme, ibss */ -+ /* process for all: mesh, mlme, ibss, wds */ - break; - case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): - case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): -@@ -2957,10 +2960,16 @@ static int prepare_for_handlers(struct i - } - break; - case NL80211_IFTYPE_WDS: -- if (bssid || !ieee80211_is_data(hdr->frame_control)) -- return 0; - if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2)) - return 0; ++ /* ++ * Close all AP_VLAN interfaces first, as otherwise they ++ * might be closed while the AP interface they belong to ++ * is closed, causing unregister_netdevice_many() to crash. ++ */ ++ list_for_each_entry(sdata, &local->interfaces, list) ++ if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) ++ dev_close(sdata->dev); + -+ if (ieee80211_is_data(hdr->frame_control) || -+ ieee80211_is_action(hdr->frame_control)) { -+ if (compare_ether_addr(sdata->vif.addr, hdr->addr1)) -+ return 0; -+ } else if (!ieee80211_is_beacon(hdr->frame_control)) -+ return 0; + mutex_lock(&local->iflist_mtx); + list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { + list_del(&sdata->list); +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -674,6 +674,7 @@ int ieee80211_register_hw(struct ieee802 + int channels, max_bitrates; + bool supp_ht, supp_vht; + netdev_features_t feature_whitelist; ++ struct cfg80211_chan_def dflt_chandef = {}; + static const u32 cipher_suites[] = { + /* keep WEP first, it may be removed below */ + WLAN_CIPHER_SUITE_WEP40, +@@ -751,19 +752,19 @@ int ieee80211_register_hw(struct ieee802 + sband = local->hw.wiphy->bands[band]; + if (!sband) + continue; +- if (!local->use_chanctx && !local->_oper_chandef.chan) { + - break; - case NL80211_IFTYPE_P2P_DEVICE: - if (!ieee80211_is_public_action(hdr, skb->len) && ---- a/net/mac80211/sta_info.h -+++ b/net/mac80211/sta_info.h -@@ -32,7 +32,6 @@ - * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble - * frames. - * @WLAN_STA_WME: Station is a QoS-STA. -- * @WLAN_STA_WDS: Station is one of our WDS peers. - * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the - * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next - * frame to this station is transmitted. -@@ -64,7 +63,6 @@ enum ieee80211_sta_info_flags { - WLAN_STA_AUTHORIZED, - WLAN_STA_SHORT_PREAMBLE, - WLAN_STA_WME, -- WLAN_STA_WDS, - WLAN_STA_CLEAR_PS_FILT, - WLAN_STA_MFP, - WLAN_STA_BLOCK_BA, ---- a/net/mac80211/status.c -+++ b/net/mac80211/status.c -@@ -502,7 +502,11 @@ void ieee80211_tx_status(struct ieee8021 - IEEE80211_BAR_CTRL_TID_INFO_MASK) >> - IEEE80211_BAR_CTRL_TID_INFO_SHIFT; - -- ieee80211_set_bar_pending(sta, tid, ssn); -+ if (local->hw.flags & -+ IEEE80211_HW_TEARDOWN_AGGR_ON_BAR_FAIL) -+ ieee80211_stop_tx_ba_session(&sta->sta, tid); -+ else -+ ieee80211_set_bar_pending(sta, tid, ssn); - } ++ if (!dflt_chandef.chan) { ++ cfg80211_chandef_create(&dflt_chandef, ++ &sband->channels[0], ++ NL80211_CHAN_NO_HT); + /* init channel we're on */ +- struct cfg80211_chan_def chandef = { +- .chan = &sband->channels[0], +- .width = NL80211_CHAN_NO_HT, +- .center_freq1 = sband->channels[0].center_freq, +- .center_freq2 = 0 +- }; +- local->hw.conf.chandef = local->_oper_chandef = chandef; ++ if (!local->use_chanctx && !local->_oper_chandef.chan) { ++ local->hw.conf.chandef = dflt_chandef; ++ local->_oper_chandef = dflt_chandef; ++ } ++ local->monitor_chandef = dflt_chandef; } +- cfg80211_chandef_create(&local->monitor_chandef, +- &sband->channels[0], +- NL80211_CHAN_NO_HT); ++ + channels += sband->n_channels; ---- a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h -@@ -534,98 +534,98 @@ static const u32 ar9300_2p2_baseband_cor - - static const u32 ar9300Modes_high_power_tx_gain_table_2p2[][5] = { - /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */ -- {0x0000a2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000a2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000a2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -- {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9}, -- {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002}, -- {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004}, -- {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200}, -- {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202}, -- {0x0000a514, 0x1c000223, 0x1c000223, 0x12000400, 0x12000400}, -- {0x0000a518, 0x21002220, 0x21002220, 0x16000402, 0x16000402}, -- {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404}, -- {0x0000a520, 0x2b022220, 0x2b022220, 0x1c000603, 0x1c000603}, -- {0x0000a524, 0x2f022222, 0x2f022222, 0x21000a02, 0x21000a02}, -- {0x0000a528, 0x34022225, 0x34022225, 0x25000a04, 0x25000a04}, -- {0x0000a52c, 0x3a02222a, 0x3a02222a, 0x28000a20, 0x28000a20}, -- {0x0000a530, 0x3e02222c, 0x3e02222c, 0x2c000e20, 0x2c000e20}, -- {0x0000a534, 0x4202242a, 0x4202242a, 0x30000e22, 0x30000e22}, -- {0x0000a538, 0x4702244a, 0x4702244a, 0x34000e24, 0x34000e24}, -- {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x38001640, 0x38001640}, -- {0x0000a540, 0x4e02246c, 0x4e02246c, 0x3c001660, 0x3c001660}, -- {0x0000a544, 0x52022470, 0x52022470, 0x3f001861, 0x3f001861}, -- {0x0000a548, 0x55022490, 0x55022490, 0x43001a81, 0x43001a81}, -- {0x0000a54c, 0x59022492, 0x59022492, 0x47001a83, 0x47001a83}, -- {0x0000a550, 0x5d022692, 0x5d022692, 0x4a001c84, 0x4a001c84}, -- {0x0000a554, 0x61022892, 0x61022892, 0x4e001ce3, 0x4e001ce3}, -- {0x0000a558, 0x65024890, 0x65024890, 0x52001ce5, 0x52001ce5}, -- {0x0000a55c, 0x69024892, 0x69024892, 0x56001ce9, 0x56001ce9}, -- {0x0000a560, 0x6e024c92, 0x6e024c92, 0x5a001ceb, 0x5a001ceb}, -- {0x0000a564, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a568, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a56c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a570, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a574, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a578, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a57c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000}, -- {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002}, -- {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004}, -- {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200}, -- {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202}, -- {0x0000a594, 0x1c800223, 0x1c800223, 0x12800400, 0x12800400}, -- {0x0000a598, 0x21802220, 0x21802220, 0x16800402, 0x16800402}, -- {0x0000a59c, 0x27802223, 0x27802223, 0x19800404, 0x19800404}, -- {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1c800603, 0x1c800603}, -- {0x0000a5a4, 0x2f822222, 0x2f822222, 0x21800a02, 0x21800a02}, -- {0x0000a5a8, 0x34822225, 0x34822225, 0x25800a04, 0x25800a04}, -- {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x28800a20, 0x28800a20}, -- {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2c800e20, 0x2c800e20}, -- {0x0000a5b4, 0x4282242a, 0x4282242a, 0x30800e22, 0x30800e22}, -- {0x0000a5b8, 0x4782244a, 0x4782244a, 0x34800e24, 0x34800e24}, -- {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x38801640, 0x38801640}, -- {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x3c801660, 0x3c801660}, -- {0x0000a5c4, 0x52822470, 0x52822470, 0x3f801861, 0x3f801861}, -- {0x0000a5c8, 0x55822490, 0x55822490, 0x43801a81, 0x43801a81}, -- {0x0000a5cc, 0x59822492, 0x59822492, 0x47801a83, 0x47801a83}, -- {0x0000a5d0, 0x5d822692, 0x5d822692, 0x4a801c84, 0x4a801c84}, -- {0x0000a5d4, 0x61822892, 0x61822892, 0x4e801ce3, 0x4e801ce3}, -- {0x0000a5d8, 0x65824890, 0x65824890, 0x52801ce5, 0x52801ce5}, -- {0x0000a5dc, 0x69824892, 0x69824892, 0x56801ce9, 0x56801ce9}, -- {0x0000a5e0, 0x6e824c92, 0x6e824c92, 0x5a801ceb, 0x5a801ceb}, -- {0x0000a5e4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5e8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5ec, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f0, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5fc, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -+ {0x0000a410, 0x000050d8, 0x000050d8, 0x000050d9, 0x000050d9}, -+ {0x0000a500, 0x00002220, 0x00002220, 0x00000000, 0x00000000}, -+ {0x0000a504, 0x04002222, 0x04002222, 0x04000002, 0x04000002}, -+ {0x0000a508, 0x09002421, 0x09002421, 0x08000004, 0x08000004}, -+ {0x0000a50c, 0x0d002621, 0x0d002621, 0x0b000200, 0x0b000200}, -+ {0x0000a510, 0x13004620, 0x13004620, 0x0f000202, 0x0f000202}, -+ {0x0000a514, 0x19004a20, 0x19004a20, 0x11000400, 0x11000400}, -+ {0x0000a518, 0x1d004e20, 0x1d004e20, 0x15000402, 0x15000402}, -+ {0x0000a51c, 0x21005420, 0x21005420, 0x19000404, 0x19000404}, -+ {0x0000a520, 0x26005e20, 0x26005e20, 0x1b000603, 0x1b000603}, -+ {0x0000a524, 0x2b005e40, 0x2b005e40, 0x1f000a02, 0x1f000a02}, -+ {0x0000a528, 0x2f005e42, 0x2f005e42, 0x23000a04, 0x23000a04}, -+ {0x0000a52c, 0x33005e44, 0x33005e44, 0x26000a20, 0x26000a20}, -+ {0x0000a530, 0x38005e65, 0x38005e65, 0x2a000e20, 0x2a000e20}, -+ {0x0000a534, 0x3c005e69, 0x3c005e69, 0x2e000e22, 0x2e000e22}, -+ {0x0000a538, 0x40005e6b, 0x40005e6b, 0x31000e24, 0x31000e24}, -+ {0x0000a53c, 0x44005e6d, 0x44005e6d, 0x34001640, 0x34001640}, -+ {0x0000a540, 0x49005e72, 0x49005e72, 0x38001660, 0x38001660}, -+ {0x0000a544, 0x4e005eb2, 0x4e005eb2, 0x3b001861, 0x3b001861}, -+ {0x0000a548, 0x53005f12, 0x53005f12, 0x3e001a81, 0x3e001a81}, -+ {0x0000a54c, 0x59025eb2, 0x59025eb2, 0x42001a83, 0x42001a83}, -+ {0x0000a550, 0x5e025f12, 0x5e025f12, 0x44001c84, 0x44001c84}, -+ {0x0000a554, 0x61027f12, 0x61027f12, 0x48001ce3, 0x48001ce3}, -+ {0x0000a558, 0x6702bf12, 0x6702bf12, 0x4c001ce5, 0x4c001ce5}, -+ {0x0000a55c, 0x6b02bf14, 0x6b02bf14, 0x50001ce9, 0x50001ce9}, -+ {0x0000a560, 0x6f02bf16, 0x6f02bf16, 0x54001ceb, 0x54001ceb}, -+ {0x0000a564, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a568, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a56c, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a570, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a574, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a578, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a57c, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a580, 0x00802220, 0x00802220, 0x00800000, 0x00800000}, -+ {0x0000a584, 0x04802222, 0x04802222, 0x04800002, 0x04800002}, -+ {0x0000a588, 0x09802421, 0x09802421, 0x08800004, 0x08800004}, -+ {0x0000a58c, 0x0d802621, 0x0d802621, 0x0b800200, 0x0b800200}, -+ {0x0000a590, 0x13804620, 0x13804620, 0x0f800202, 0x0f800202}, -+ {0x0000a594, 0x19804a20, 0x19804a20, 0x11800400, 0x11800400}, -+ {0x0000a598, 0x1d804e20, 0x1d804e20, 0x15800402, 0x15800402}, -+ {0x0000a59c, 0x21805420, 0x21805420, 0x19800404, 0x19800404}, -+ {0x0000a5a0, 0x26805e20, 0x26805e20, 0x1b800603, 0x1b800603}, -+ {0x0000a5a4, 0x2b805e40, 0x2b805e40, 0x1f800a02, 0x1f800a02}, -+ {0x0000a5a8, 0x2f805e42, 0x2f805e42, 0x23800a04, 0x23800a04}, -+ {0x0000a5ac, 0x33805e44, 0x33805e44, 0x26800a20, 0x26800a20}, -+ {0x0000a5b0, 0x38805e65, 0x38805e65, 0x2a800e20, 0x2a800e20}, -+ {0x0000a5b4, 0x3c805e69, 0x3c805e69, 0x2e800e22, 0x2e800e22}, -+ {0x0000a5b8, 0x40805e6b, 0x40805e6b, 0x31800e24, 0x31800e24}, -+ {0x0000a5bc, 0x44805e6d, 0x44805e6d, 0x34801640, 0x34801640}, -+ {0x0000a5c0, 0x49805e72, 0x49805e72, 0x38801660, 0x38801660}, -+ {0x0000a5c4, 0x4e805eb2, 0x4e805eb2, 0x3b801861, 0x3b801861}, -+ {0x0000a5c8, 0x53805f12, 0x53805f12, 0x3e801a81, 0x3e801a81}, -+ {0x0000a5cc, 0x59825eb2, 0x59825eb2, 0x42801a83, 0x42801a83}, -+ {0x0000a5d0, 0x5e825f12, 0x5e825f12, 0x44801c84, 0x44801c84}, -+ {0x0000a5d4, 0x61827f12, 0x61827f12, 0x48801ce3, 0x48801ce3}, -+ {0x0000a5d8, 0x6782bf12, 0x6782bf12, 0x4c801ce5, 0x4c801ce5}, -+ {0x0000a5dc, 0x6b82bf14, 0x6b82bf14, 0x50801ce9, 0x50801ce9}, -+ {0x0000a5e0, 0x6f82bf16, 0x6f82bf16, 0x54801ceb, 0x54801ceb}, -+ {0x0000a5e4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5e8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5ec, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f0, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5fc, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, - {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a614, 0x02004000, 0x02004000, 0x01404000, 0x01404000}, -- {0x0000a618, 0x02004801, 0x02004801, 0x01404501, 0x01404501}, -- {0x0000a61c, 0x02808a02, 0x02808a02, 0x02008501, 0x02008501}, -- {0x0000a620, 0x0380ce03, 0x0380ce03, 0x0280ca03, 0x0280ca03}, -- {0x0000a624, 0x04411104, 0x04411104, 0x03010c04, 0x03010c04}, -- {0x0000a628, 0x04411104, 0x04411104, 0x04014c04, 0x04014c04}, -- {0x0000a62c, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a630, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a634, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a638, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a63c, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000b2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000b2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000b2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000a610, 0x00804000, 0x00804000, 0x00000000, 0x00000000}, -+ {0x0000a614, 0x00804201, 0x00804201, 0x01404000, 0x01404000}, -+ {0x0000a618, 0x0280c802, 0x0280c802, 0x01404501, 0x01404501}, -+ {0x0000a61c, 0x0280ca03, 0x0280ca03, 0x02008501, 0x02008501}, -+ {0x0000a620, 0x04c15104, 0x04c15104, 0x0280ca03, 0x0280ca03}, -+ {0x0000a624, 0x04c15305, 0x04c15305, 0x03010c04, 0x03010c04}, -+ {0x0000a628, 0x04c15305, 0x04c15305, 0x04014c04, 0x04014c04}, -+ {0x0000a62c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a630, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a634, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a638, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a63c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -- {0x0000c2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000c2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000c2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000c2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000c2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000c2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000c2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, - {0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4}, - {0x00016048, 0x66480001, 0x66480001, 0x66480001, 0x66480001}, ---- a/drivers/net/wireless/ath/ath9k/debug.h -+++ b/drivers/net/wireless/ath/ath9k/debug.h -@@ -242,7 +242,7 @@ struct ath_rx_stats { - - struct ath_stats { - struct ath_interrupt_stats istats; -- struct ath_tx_stats txstats[IEEE80211_NUM_ACS]; -+ struct ath_tx_stats txstats[ATH9K_NUM_TX_QUEUES]; - struct ath_rx_stats rxstats; - struct ath_dfs_stats dfs_stats; - u32 reset[__RESET_TYPE_MAX]; ---- a/drivers/net/wireless/ath/carl9170/rx.c -+++ b/drivers/net/wireless/ath/carl9170/rx.c -@@ -684,7 +684,7 @@ static int carl9170_handle_mpdu(struct a - if (!skb) - return -ENOMEM; - -- memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status)); -+ memcpy(IEEE80211_SKB_RXCB(skb), status, sizeof(*status)); - ieee80211_rx(ar->hw, skb); - return 0; - } ---- a/drivers/net/wireless/ath/ath9k/calib.c -+++ b/drivers/net/wireless/ath/ath9k/calib.c -@@ -69,6 +69,7 @@ s16 ath9k_hw_getchan_noise(struct ath_hw - - if (chan && chan->noisefloor) { - s8 delta = chan->noisefloor - -+ ATH9K_NF_CAL_NOISE_THRESH - - ath9k_hw_get_default_nf(ah, chan); - if (delta > 0) - noise += delta; ---- a/drivers/net/wireless/ath/ath9k/calib.h -+++ b/drivers/net/wireless/ath/ath9k/calib.h -@@ -21,6 +21,9 @@ - - #define AR_PHY_CCA_FILTERWINDOW_LENGTH 5 - -+/* Internal noise floor can vary by about 6db depending on the frequency */ -+#define ATH9K_NF_CAL_NOISE_THRESH 6 -+ - #define NUM_NF_READINGS 6 - #define ATH9K_NF_CAL_HIST_MAX 5 - ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -851,7 +851,7 @@ ath5k_txbuf_free_skb(struct ath5k_hw *ah + if (max_bitrates < sband->n_bitrates) +--- a/net/mac80211/mesh.c ++++ b/net/mac80211/mesh.c +@@ -838,7 +838,7 @@ ieee80211_mesh_rx_probe_req(struct ieee8 + if (baselen > len) return; - dma_unmap_single(ah->dev, bf->skbaddr, bf->skb->len, - DMA_TO_DEVICE); -- dev_kfree_skb_any(bf->skb); -+ ieee80211_free_txskb(ah->hw, bf->skb); - bf->skb = NULL; - bf->skbaddr = 0; - bf->desc->ds_data = 0; -@@ -1578,7 +1578,7 @@ ath5k_tx_queue(struct ieee80211_hw *hw, - return; - drop_packet: -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); - } +- ieee802_11_parse_elems(pos, len - baselen, &elems); ++ ieee802_11_parse_elems(pos, len - baselen, false, &elems); - static void ---- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c -+++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c -@@ -65,7 +65,7 @@ ath5k_tx(struct ieee80211_hw *hw, struct - u16 qnum = skb_get_queue_mapping(skb); - - if (WARN_ON(qnum >= ah->ah_capabilities.cap_queues.q_tx_num)) { -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); + /* 802.11-2012 10.1.4.3.2 */ + if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) && +@@ -899,7 +899,7 @@ static void ieee80211_mesh_rx_bcn_presp( return; - } ---- a/drivers/net/wireless/b43/dma.c -+++ b/drivers/net/wireless/b43/dma.c -@@ -409,7 +409,10 @@ static inline - struct b43_dmadesc_meta *meta) - { - if (meta->skb) { -- dev_kfree_skb_any(meta->skb); -+ if (ring->tx) -+ ieee80211_free_txskb(ring->dev->wl->hw, meta->skb); -+ else -+ dev_kfree_skb_any(meta->skb); - meta->skb = NULL; - } - } -@@ -1454,7 +1457,7 @@ int b43_dma_tx(struct b43_wldev *dev, st - if (unlikely(err == -ENOKEY)) { - /* Drop this packet, as we don't have the encryption key - * anymore and must not transmit it unencrypted. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(dev->wl->hw, skb); - err = 0; - goto out; - } ---- a/drivers/net/wireless/b43/main.c -+++ b/drivers/net/wireless/b43/main.c -@@ -3397,7 +3397,7 @@ static void b43_tx_work(struct work_stru - break; - } - if (unlikely(err)) -- dev_kfree_skb(skb); /* Drop it */ -+ ieee80211_free_txskb(wl->hw, skb); - err = 0; - } + ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, +- &elems); ++ false, &elems); -@@ -3419,7 +3419,7 @@ static void b43_op_tx(struct ieee80211_h + /* ignore non-mesh or secure / unsecure mismatch */ + if ((!elems.mesh_id || !elems.mesh_config) || +--- a/net/mac80211/mesh_hwmp.c ++++ b/net/mac80211/mesh_hwmp.c +@@ -880,7 +880,7 @@ void mesh_rx_path_sel_frame(struct ieee8 - if (unlikely(skb->len < 2 + 2 + 6)) { - /* Too short, this can't be a valid frame. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); + baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt; + ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, +- len - baselen, &elems); ++ len - baselen, false, &elems); + + if (elems.preq) { + if (elems.preq_len != 37) +--- a/net/mac80211/mesh_plink.c ++++ b/net/mac80211/mesh_plink.c +@@ -544,8 +544,8 @@ static void mesh_plink_timer(unsigned lo return; } - B43_WARN_ON(skb_shinfo(skb)->nr_frags); -@@ -4234,8 +4234,12 @@ redo: - - /* Drain all TX queues. */ - for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) { -- while (skb_queue_len(&wl->tx_queue[queue_num])) -- dev_kfree_skb(skb_dequeue(&wl->tx_queue[queue_num])); -+ while (skb_queue_len(&wl->tx_queue[queue_num])) { -+ struct sk_buff *skb; -+ -+ skb = skb_dequeue(&wl->tx_queue[queue_num]); -+ ieee80211_free_txskb(wl->hw, skb); -+ } + mpl_dbg(sta->sdata, +- "Mesh plink timer for %pM fired on state %d\n", +- sta->sta.addr, sta->plink_state); ++ "Mesh plink timer for %pM fired on state %s\n", ++ sta->sta.addr, mplstates[sta->plink_state]); + reason = 0; + llid = sta->llid; + plid = sta->plid; +@@ -687,7 +687,7 @@ void mesh_rx_plink_frame(struct ieee8021 + baseaddr += 4; + baselen += 4; } +- ieee802_11_parse_elems(baseaddr, len - baselen, &elems); ++ ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); - b43_mac_suspend(dev); ---- a/drivers/net/wireless/b43/pio.c -+++ b/drivers/net/wireless/b43/pio.c -@@ -196,7 +196,7 @@ static void b43_pio_cancel_tx_packets(st - for (i = 0; i < ARRAY_SIZE(q->packets); i++) { - pack = &(q->packets[i]); - if (pack->skb) { -- dev_kfree_skb_any(pack->skb); -+ ieee80211_free_txskb(q->dev->wl->hw, pack->skb); - pack->skb = NULL; - } - } -@@ -552,7 +552,7 @@ int b43_pio_tx(struct b43_wldev *dev, st - if (unlikely(err == -ENOKEY)) { - /* Drop this packet, as we don't have the encryption key - * anymore and must not transmit it unencrypted. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(dev->wl->hw, skb); - err = 0; + if (!elems.peering) { + mpl_dbg(sdata, +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -289,6 +289,8 @@ ieee80211_determine_chantype(struct ieee + } else { + /* 40 MHz (and 80 MHz) must be supported for VHT */ + ret = IEEE80211_STA_DISABLE_VHT; ++ /* also mark 40 MHz disabled */ ++ ret |= IEEE80211_STA_DISABLE_40MHZ; goto out; } ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -915,6 +915,12 @@ static int ieee80211_start_ap(struct wip - if (err) - return err; - -+ list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { -+ err = ieee80211_vif_copy_channel(vlan, sdata); -+ if (err) -+ return err; -+ } -+ - /* - * Apply control port protocol, this allows us to - * not encrypt dynamic WEP control frames. -@@ -998,8 +1004,11 @@ static int ieee80211_stop_ap(struct wiph - old_probe_resp = rtnl_dereference(sdata->u.ap.probe_resp); - - /* turn off carrier for this interface and dependent VLANs */ -- list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) -+ list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { -+ sta_info_flush(local, vlan); - netif_carrier_off(vlan->dev); -+ ieee80211_vif_release_channel(vlan); -+ } - netif_carrier_off(dev); - /* remove beacon and probe response */ ---- a/net/mac80211/chan.c -+++ b/net/mac80211/chan.c -@@ -119,14 +119,17 @@ static int ieee80211_assign_vif_chanctx( +@@ -303,12 +305,6 @@ ieee80211_determine_chantype(struct ieee + channel->band); + vht_chandef.center_freq2 = 0; - lockdep_assert_held(&local->chanctx_mtx); +- if (vht_oper->center_freq_seg2_idx) +- vht_chandef.center_freq2 = +- ieee80211_channel_to_frequency( +- vht_oper->center_freq_seg2_idx, +- channel->band); +- + switch (vht_oper->chan_width) { + case IEEE80211_VHT_CHANWIDTH_USE_HT: + vht_chandef.width = chandef->width; +@@ -321,6 +317,10 @@ ieee80211_determine_chantype(struct ieee + break; + case IEEE80211_VHT_CHANWIDTH_80P80MHZ: + vht_chandef.width = NL80211_CHAN_WIDTH_80P80; ++ vht_chandef.center_freq2 = ++ ieee80211_channel_to_frequency( ++ vht_oper->center_freq_seg2_idx, ++ channel->band); + break; + default: + if (verbose) +@@ -604,7 +604,6 @@ static void ieee80211_add_vht_ie(struct + u8 *pos; + u32 cap; + struct ieee80211_sta_vht_cap vht_cap; +- int i; -- ret = drv_assign_vif_chanctx(local, sdata, ctx); -- if (ret) -- return ret; -+ if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) { -+ ret = drv_assign_vif_chanctx(local, sdata, ctx); -+ if (ret) -+ return ret; -+ } + BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); + +@@ -632,37 +631,6 @@ static void ieee80211_add_vht_ie(struct + cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) + cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; - rcu_assign_pointer(sdata->vif.chanctx_conf, &ctx->conf); - ctx->refcount++; +- if (!(ap_vht_cap->vht_cap_info & +- cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC))) +- cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 | +- IEEE80211_VHT_CAP_RXSTBC_3 | +- IEEE80211_VHT_CAP_RXSTBC_4); +- +- for (i = 0; i < 8; i++) { +- int shift = i * 2; +- u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift; +- u16 ap_mcs, our_mcs; +- +- ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) & +- mask) >> shift; +- our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) & +- mask) >> shift; +- +- if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED) +- continue; +- +- switch (ap_mcs) { +- default: +- if (our_mcs <= ap_mcs) +- break; +- /* fall through */ +- case IEEE80211_VHT_MCS_NOT_SUPPORTED: +- vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask); +- vht_cap.vht_mcs.rx_mcs_map |= +- cpu_to_le16(ap_mcs << shift); +- } +- } +- + /* reserve and fill IE */ + pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); + ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); +@@ -998,16 +966,7 @@ static void ieee80211_chswitch_work(stru + if (!ifmgd->associated) + goto out; -- ieee80211_recalc_txpower(sdata); -+ if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) -+ ieee80211_recalc_txpower(sdata); +- /* +- * FIXME: Here we are downgrading to NL80211_CHAN_WIDTH_20_NOHT +- * and don't adjust our ht/vht settings +- * This is wrong - we should behave according to the CSA params +- */ +- local->_oper_chandef.chan = local->csa_channel; +- local->_oper_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; +- local->_oper_chandef.center_freq1 = +- local->_oper_chandef.chan->center_freq; +- local->_oper_chandef.center_freq2 = 0; ++ local->_oper_chandef = local->csa_chandef; - return 0; - } -@@ -174,7 +177,8 @@ static void ieee80211_unassign_vif_chanc - ctx->refcount--; - rcu_assign_pointer(sdata->vif.chanctx_conf, NULL); - -- drv_unassign_vif_chanctx(local, sdata, ctx); -+ if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) -+ drv_unassign_vif_chanctx(local, sdata, ctx); - - if (ctx->refcount > 0) { - ieee80211_recalc_chanctx_chantype(sdata->local, ctx); -@@ -285,6 +289,30 @@ void ieee80211_recalc_smps_chanctx(struc - drv_change_chanctx(local, chanctx, IEEE80211_CHANCTX_CHANGE_RX_CHAINS); + if (!local->ops->channel_switch) { + /* call "hw_config" only if doing sw channel switch */ +@@ -1054,56 +1013,208 @@ static void ieee80211_chswitch_timer(uns + ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); } -+int ieee80211_vif_copy_channel(struct ieee80211_sub_if_data *sdata, -+ struct ieee80211_sub_if_data *parent) -+{ +-void ++static void + ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, +- const struct ieee80211_channel_sw_ie *sw_elem, +- struct ieee80211_bss *bss, u64 timestamp) ++ u64 timestamp, struct ieee802_11_elems *elems, ++ bool beacon) + { +- struct cfg80211_bss *cbss = +- container_of((void *)bss, struct cfg80211_bss, priv); +- struct ieee80211_channel *new_ch; + struct ieee80211_local *local = sdata->local; -+ struct ieee80211_chanctx_conf *conf; -+ struct ieee80211_chanctx *ctx; + struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; +- int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, +- cbss->channel->band); ++ struct cfg80211_bss *cbss = ifmgd->associated; ++ struct ieee80211_bss *bss; + struct ieee80211_chanctx *chanctx; ++ enum ieee80211_band new_band; ++ int new_freq; ++ u8 new_chan_no; ++ u8 count; ++ u8 mode; ++ struct ieee80211_channel *new_chan; ++ struct cfg80211_chan_def new_chandef = {}; ++ struct cfg80211_chan_def new_vht_chandef = {}; ++ const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; ++ const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; ++ const struct ieee80211_ht_operation *ht_oper; ++ int secondary_channel_offset = -1; + + ASSERT_MGD_MTX(ifmgd); + +- if (!ifmgd->associated) ++ if (!cbss) ++ return; + -+ int ret; ++ if (local->scanning) + return; + +- if (sdata->local->scanning) ++ /* disregard subsequent announcements if we are already processing */ ++ if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) + return; + +- /* Disregard subsequent beacons if we are already running a timer +- processing a CSA */ ++ sec_chan_offs = elems->sec_chan_offs; ++ wide_bw_chansw_ie = elems->wide_bw_chansw_ie; ++ ht_oper = elems->ht_operation; + -+ mutex_lock(&local->chanctx_mtx); -+ conf = rcu_dereference_protected(parent->vif.chanctx_conf, -+ lockdep_is_held(&local->chanctx_mtx)); -+ if (!conf) { -+ ret = -ENOENT; -+ goto out; ++ if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | ++ IEEE80211_STA_DISABLE_40MHZ)) { ++ sec_chan_offs = NULL; ++ wide_bw_chansw_ie = NULL; ++ /* only used for bandwidth here */ ++ ht_oper = NULL; + } + +- if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) ++ if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) ++ wide_bw_chansw_ie = NULL; + -+ ctx = container_of(conf, struct ieee80211_chanctx, conf); -+ ret = ieee80211_assign_vif_chanctx(sdata, ctx); -+out: -+ mutex_unlock(&local->chanctx_mtx); -+ return ret; -+} ++ if (elems->ext_chansw_ie) { ++ if (!ieee80211_operating_class_to_band( ++ elems->ext_chansw_ie->new_operating_class, ++ &new_band)) { ++ sdata_info(sdata, ++ "cannot understand ECSA IE operating class %d, disconnecting\n", ++ elems->ext_chansw_ie->new_operating_class); ++ ieee80211_queue_work(&local->hw, ++ &ifmgd->csa_connection_drop_work); ++ } ++ new_chan_no = elems->ext_chansw_ie->new_ch_num; ++ count = elems->ext_chansw_ie->count; ++ mode = elems->ext_chansw_ie->mode; ++ } else if (elems->ch_switch_ie) { ++ new_band = cbss->channel->band; ++ new_chan_no = elems->ch_switch_ie->new_ch_num; ++ count = elems->ch_switch_ie->count; ++ mode = elems->ch_switch_ie->mode; ++ } else { ++ /* nothing here we understand */ + return; ++ } + - int ieee80211_vif_use_channel(struct ieee80211_sub_if_data *sdata, - const struct cfg80211_chan_def *chandef, - enum ieee80211_chanctx_mode mode) ---- a/net/mac80211/ieee80211_i.h -+++ b/net/mac80211/ieee80211_i.h -@@ -1633,6 +1633,8 @@ ieee80211_vif_use_channel(struct ieee802 - const struct cfg80211_chan_def *chandef, - enum ieee80211_chanctx_mode mode); - void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata); -+int ieee80211_vif_copy_channel(struct ieee80211_sub_if_data *sdata, -+ struct ieee80211_sub_if_data *parent); - - void ieee80211_recalc_smps_chanctx(struct ieee80211_local *local, - struct ieee80211_chanctx *chanctx); ---- a/include/linux/ieee80211.h -+++ b/include/linux/ieee80211.h -@@ -180,7 +180,7 @@ struct ieee80211_hdr { - u8 addr3[6]; - __le16 seq_ctrl; - u8 addr4[6]; --} __attribute__ ((packed)); -+} __packed; ++ bss = (void *)cbss->priv; - struct ieee80211_hdr_3addr { - __le16 frame_control; -@@ -189,7 +189,7 @@ struct ieee80211_hdr_3addr { - u8 addr2[6]; - u8 addr3[6]; - __le16 seq_ctrl; --} __attribute__ ((packed)); -+} __packed; +- new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); +- if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { ++ new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); ++ new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); ++ if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { + sdata_info(sdata, + "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", + ifmgd->associated->bssid, new_freq); +- ieee80211_queue_work(&sdata->local->hw, ++ ieee80211_queue_work(&local->hw, ++ &ifmgd->csa_connection_drop_work); ++ return; ++ } ++ ++ if (!beacon && sec_chan_offs) { ++ secondary_channel_offset = sec_chan_offs->sec_chan_offs; ++ } else if (beacon && ht_oper) { ++ secondary_channel_offset = ++ ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; ++ } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { ++ /* ++ * If it's not a beacon, HT is enabled and the IE not present, ++ * it's 20 MHz, 802.11-2012 8.5.2.6: ++ * This element [the Secondary Channel Offset Element] is ++ * present when switching to a 40 MHz channel. It may be ++ * present when switching to a 20 MHz channel (in which ++ * case the secondary channel offset is set to SCN). ++ */ ++ secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; ++ } ++ ++ switch (secondary_channel_offset) { ++ default: ++ /* secondary_channel_offset was present but is invalid */ ++ case IEEE80211_HT_PARAM_CHA_SEC_NONE: ++ cfg80211_chandef_create(&new_chandef, new_chan, ++ NL80211_CHAN_HT20); ++ break; ++ case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: ++ cfg80211_chandef_create(&new_chandef, new_chan, ++ NL80211_CHAN_HT40PLUS); ++ break; ++ case IEEE80211_HT_PARAM_CHA_SEC_BELOW: ++ cfg80211_chandef_create(&new_chandef, new_chan, ++ NL80211_CHAN_HT40MINUS); ++ break; ++ case -1: ++ cfg80211_chandef_create(&new_chandef, new_chan, ++ NL80211_CHAN_NO_HT); ++ break; ++ } ++ ++ if (wide_bw_chansw_ie) { ++ new_vht_chandef.chan = new_chan; ++ new_vht_chandef.center_freq1 = ++ ieee80211_channel_to_frequency( ++ wide_bw_chansw_ie->new_center_freq_seg0, ++ new_band); ++ ++ switch (wide_bw_chansw_ie->new_channel_width) { ++ default: ++ /* hmmm, ignore VHT and use HT if present */ ++ case IEEE80211_VHT_CHANWIDTH_USE_HT: ++ new_vht_chandef.chan = NULL; ++ break; ++ case IEEE80211_VHT_CHANWIDTH_80MHZ: ++ new_vht_chandef.width = NL80211_CHAN_WIDTH_80; ++ break; ++ case IEEE80211_VHT_CHANWIDTH_160MHZ: ++ new_vht_chandef.width = NL80211_CHAN_WIDTH_160; ++ break; ++ case IEEE80211_VHT_CHANWIDTH_80P80MHZ: ++ /* field is otherwise reserved */ ++ new_vht_chandef.center_freq2 = ++ ieee80211_channel_to_frequency( ++ wide_bw_chansw_ie->new_center_freq_seg1, ++ new_band); ++ new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; ++ break; ++ } ++ if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && ++ new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) ++ chandef_downgrade(&new_vht_chandef); ++ if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && ++ new_vht_chandef.width == NL80211_CHAN_WIDTH_160) ++ chandef_downgrade(&new_vht_chandef); ++ if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && ++ new_vht_chandef.width > NL80211_CHAN_WIDTH_20) ++ chandef_downgrade(&new_vht_chandef); ++ } ++ ++ /* if VHT data is there validate & use it */ ++ if (new_vht_chandef.chan) { ++ if (!cfg80211_chandef_compatible(&new_vht_chandef, ++ &new_chandef)) { ++ sdata_info(sdata, ++ "AP %pM CSA has inconsistent channel data, disconnecting\n", ++ ifmgd->associated->bssid); ++ ieee80211_queue_work(&local->hw, ++ &ifmgd->csa_connection_drop_work); ++ return; ++ } ++ new_chandef = new_vht_chandef; ++ } ++ ++ if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, ++ IEEE80211_CHAN_DISABLED)) { ++ sdata_info(sdata, ++ "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", ++ ifmgd->associated->bssid, new_freq, ++ new_chandef.width, new_chandef.center_freq1, ++ new_chandef.center_freq2); ++ ieee80211_queue_work(&local->hw, + &ifmgd->csa_connection_drop_work); + return; + } - struct ieee80211_qos_hdr { - __le16 frame_control; -@@ -199,7 +199,7 @@ struct ieee80211_qos_hdr { - u8 addr3[6]; - __le16 seq_ctrl; - __le16 qos_ctrl; --} __attribute__ ((packed)); -+} __packed; + ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; - /** - * ieee80211_has_tods - check if IEEE80211_FCTL_TODS is set -@@ -576,7 +576,7 @@ struct ieee80211s_hdr { - __le32 seqnum; - u8 eaddr1[6]; - u8 eaddr2[6]; --} __attribute__ ((packed)); -+} __packed; +- if (sdata->local->use_chanctx) { ++ if (local->use_chanctx) { + sdata_info(sdata, + "not handling channel switch with channel contexts\n"); +- ieee80211_queue_work(&sdata->local->hw, ++ ieee80211_queue_work(&local->hw, + &ifmgd->csa_connection_drop_work); + return; + } - /* Mesh flags */ - #define MESH_FLAGS_AE_A4 0x1 -@@ -614,7 +614,7 @@ struct ieee80211_quiet_ie { - u8 period; - __le16 duration; - __le16 offset; --} __attribute__ ((packed)); -+} __packed; +- mutex_lock(&sdata->local->chanctx_mtx); ++ mutex_lock(&local->chanctx_mtx); + if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { +- mutex_unlock(&sdata->local->chanctx_mtx); ++ mutex_unlock(&local->chanctx_mtx); + return; + } + chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), +@@ -1111,40 +1222,39 @@ ieee80211_sta_process_chanswitch(struct + if (chanctx->refcount > 1) { + sdata_info(sdata, + "channel switch with multiple interfaces on the same channel, disconnecting\n"); +- ieee80211_queue_work(&sdata->local->hw, ++ ieee80211_queue_work(&local->hw, + &ifmgd->csa_connection_drop_work); +- mutex_unlock(&sdata->local->chanctx_mtx); ++ mutex_unlock(&local->chanctx_mtx); + return; + } +- mutex_unlock(&sdata->local->chanctx_mtx); ++ mutex_unlock(&local->chanctx_mtx); - /** - * struct ieee80211_msrment_ie -@@ -626,7 +626,7 @@ struct ieee80211_msrment_ie { - u8 mode; - u8 type; - u8 request[0]; --} __attribute__ ((packed)); -+} __packed; +- sdata->local->csa_channel = new_ch; ++ local->csa_chandef = new_chandef; - /** - * struct ieee80211_channel_sw_ie -@@ -637,7 +637,7 @@ struct ieee80211_channel_sw_ie { - u8 mode; - u8 new_ch_num; - u8 count; --} __attribute__ ((packed)); -+} __packed; +- if (sw_elem->mode) +- ieee80211_stop_queues_by_reason(&sdata->local->hw, ++ if (mode) ++ ieee80211_stop_queues_by_reason(&local->hw, + IEEE80211_MAX_QUEUE_MAP, + IEEE80211_QUEUE_STOP_REASON_CSA); - /** - * struct ieee80211_tim -@@ -650,7 +650,7 @@ struct ieee80211_tim_ie { - u8 bitmap_ctrl; - /* variable size: 1 - 251 bytes */ - u8 virtual_map[1]; --} __attribute__ ((packed)); -+} __packed; +- if (sdata->local->ops->channel_switch) { ++ if (local->ops->channel_switch) { + /* use driver's channel switch callback */ + struct ieee80211_channel_switch ch_switch = { + .timestamp = timestamp, +- .block_tx = sw_elem->mode, +- .channel = new_ch, +- .count = sw_elem->count, ++ .block_tx = mode, ++ .chandef = new_chandef, ++ .count = count, + }; - /** - * struct ieee80211_meshconf_ie -@@ -665,7 +665,7 @@ struct ieee80211_meshconf_ie { - u8 meshconf_auth; - u8 meshconf_form; - u8 meshconf_cap; --} __attribute__ ((packed)); -+} __packed; +- drv_channel_switch(sdata->local, &ch_switch); ++ drv_channel_switch(local, &ch_switch); + return; + } - /** - * enum mesh_config_capab_flags - Mesh Configuration IE capability field flags -@@ -695,7 +695,7 @@ struct ieee80211_rann_ie { - __le32 rann_seq; - __le32 rann_interval; - __le32 rann_metric; --} __attribute__ ((packed)); -+} __packed; + /* channel switch handled in software */ +- if (sw_elem->count <= 1) +- ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); ++ if (count <= 1) ++ ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); + else + mod_timer(&ifmgd->chswitch_timer, +- TU_TO_EXP_TIME(sw_elem->count * +- cbss->beacon_interval)); ++ TU_TO_EXP_TIME(count * cbss->beacon_interval)); + } - enum ieee80211_rann_flags { - RANN_FLAG_IS_GATE = 1 << 0, -@@ -717,33 +717,33 @@ struct ieee80211_mgmt { - __le16 status_code; - /* possibly followed by Challenge text */ - u8 variable[0]; -- } __attribute__ ((packed)) auth; -+ } __packed auth; - struct { - __le16 reason_code; -- } __attribute__ ((packed)) deauth; -+ } __packed deauth; - struct { - __le16 capab_info; - __le16 listen_interval; - /* followed by SSID and Supported rates */ - u8 variable[0]; -- } __attribute__ ((packed)) assoc_req; -+ } __packed assoc_req; - struct { - __le16 capab_info; - __le16 status_code; - __le16 aid; - /* followed by Supported rates */ - u8 variable[0]; -- } __attribute__ ((packed)) assoc_resp, reassoc_resp; -+ } __packed assoc_resp, reassoc_resp; - struct { - __le16 capab_info; - __le16 listen_interval; - u8 current_ap[6]; - /* followed by SSID and Supported rates */ - u8 variable[0]; -- } __attribute__ ((packed)) reassoc_req; -+ } __packed reassoc_req; - struct { - __le16 reason_code; -- } __attribute__ ((packed)) disassoc; -+ } __packed disassoc; - struct { - __le64 timestamp; - __le16 beacon_int; -@@ -751,11 +751,11 @@ struct ieee80211_mgmt { - /* followed by some of SSID, Supported rates, - * FH Params, DS Params, CF Params, IBSS Params, TIM */ - u8 variable[0]; -- } __attribute__ ((packed)) beacon; -+ } __packed beacon; - struct { - /* only variable items: SSID, Supported rates */ - u8 variable[0]; -- } __attribute__ ((packed)) probe_req; -+ } __packed probe_req; - struct { - __le64 timestamp; - __le16 beacon_int; -@@ -763,7 +763,7 @@ struct ieee80211_mgmt { - /* followed by some of SSID, Supported rates, - * FH Params, DS Params, CF Params, IBSS Params */ - u8 variable[0]; -- } __attribute__ ((packed)) probe_resp; -+ } __packed probe_resp; - struct { - u8 category; - union { -@@ -772,55 +772,55 @@ struct ieee80211_mgmt { - u8 dialog_token; - u8 status_code; - u8 variable[0]; -- } __attribute__ ((packed)) wme_action; -+ } __packed wme_action; - struct{ - u8 action_code; - u8 element_id; - u8 length; - struct ieee80211_channel_sw_ie sw_elem; -- } __attribute__((packed)) chan_switch; -+ } __packed chan_switch; - struct{ - u8 action_code; - u8 dialog_token; - u8 element_id; - u8 length; - struct ieee80211_msrment_ie msr_elem; -- } __attribute__((packed)) measurement; -+ } __packed measurement; - struct{ - u8 action_code; - u8 dialog_token; - __le16 capab; - __le16 timeout; - __le16 start_seq_num; -- } __attribute__((packed)) addba_req; -+ } __packed addba_req; - struct{ - u8 action_code; - u8 dialog_token; - __le16 status; - __le16 capab; - __le16 timeout; -- } __attribute__((packed)) addba_resp; -+ } __packed addba_resp; - struct{ - u8 action_code; - __le16 params; - __le16 reason_code; -- } __attribute__((packed)) delba; -+ } __packed delba; - struct { - u8 action_code; - u8 variable[0]; -- } __attribute__((packed)) self_prot; -+ } __packed self_prot; - struct{ - u8 action_code; - u8 variable[0]; -- } __attribute__((packed)) mesh_action; -+ } __packed mesh_action; - struct { - u8 action; - u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN]; -- } __attribute__ ((packed)) sa_query; -+ } __packed sa_query; - struct { - u8 action; - u8 smps_control; -- } __attribute__ ((packed)) ht_smps; -+ } __packed ht_smps; - struct { - u8 action_code; - u8 dialog_token; -@@ -828,9 +828,9 @@ struct ieee80211_mgmt { - u8 variable[0]; - } __packed tdls_discover_resp; - } u; -- } __attribute__ ((packed)) action; -+ } __packed action; - } u; --} __attribute__ ((packed)); -+} __packed; + static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, +@@ -2120,7 +2230,6 @@ void ieee80211_beacon_loss(struct ieee80 + + trace_api_beacon_loss(sdata); + +- WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR); + sdata->u.mgd.connection_loss = false; + ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); + } +@@ -2170,7 +2279,7 @@ static void ieee80211_auth_challenge(str + u32 tx_flags = 0; + + pos = mgmt->u.auth.variable; +- ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); ++ ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + if (!elems.challenge) + return; + auth_data->expected_transaction = 4; +@@ -2435,7 +2544,7 @@ static bool ieee80211_assoc_success(stru + } + + pos = mgmt->u.assoc_resp.variable; +- ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); ++ ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + + if (!elems.supp_rates) { + sdata_info(sdata, "no SuppRates element in AssocResp\n"); +@@ -2604,7 +2713,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee + capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); + + pos = mgmt->u.assoc_resp.variable; +- ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); ++ ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + + if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && + elems.timeout_int && +@@ -2659,6 +2768,8 @@ static void ieee80211_rx_bss_info(struct + struct ieee80211_channel *channel; + bool need_ps = false; + ++ lockdep_assert_held(&sdata->u.mgd.mtx); ++ + if ((sdata->u.mgd.associated && + ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || + (sdata->u.mgd.assoc_data && +@@ -2689,7 +2800,8 @@ static void ieee80211_rx_bss_info(struct + if (bss) + ieee80211_rx_bss_put(local, bss); + +- if (!sdata->u.mgd.associated) ++ if (!sdata->u.mgd.associated || ++ !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) + return; + + if (need_ps) { +@@ -2698,10 +2810,9 @@ static void ieee80211_rx_bss_info(struct + mutex_unlock(&local->iflist_mtx); + } + +- if (elems->ch_switch_ie && +- memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) +- ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie, +- bss, rx_status->mactime); ++ ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, ++ elems, true); ++ + } + + +@@ -2726,7 +2837,7 @@ static void ieee80211_rx_mgmt_probe_resp + return; + + ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, +- &elems); ++ false, &elems); + + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + +@@ -2809,7 +2920,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 + if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && + ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { + ieee802_11_parse_elems(mgmt->u.beacon.variable, +- len - baselen, &elems); ++ len - baselen, false, &elems); + + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + ifmgd->assoc_data->have_beacon = true; +@@ -2919,7 +3030,7 @@ ieee80211_rx_mgmt_beacon(struct ieee8021 + + ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); + ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, +- len - baselen, &elems, ++ len - baselen, false, &elems, + care_about_ies, ncrc); + + if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { +@@ -3066,6 +3177,8 @@ void ieee80211_sta_rx_queued_mgmt(struct + enum rx_mgmt_action rma = RX_MGMT_NONE; + u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; + u16 fc; ++ struct ieee802_11_elems elems; ++ int ies_len; + + rx_status = (struct ieee80211_rx_status *) skb->cb; + mgmt = (struct ieee80211_mgmt *) skb->data; +@@ -3095,14 +3208,48 @@ void ieee80211_sta_rx_queued_mgmt(struct + rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); + break; + case IEEE80211_STYPE_ACTION: +- switch (mgmt->u.action.category) { +- case WLAN_CATEGORY_SPECTRUM_MGMT: ++ if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { ++ ies_len = skb->len - ++ offsetof(struct ieee80211_mgmt, ++ u.action.u.chan_switch.variable); ++ ++ if (ies_len < 0) ++ break; ++ ++ ieee802_11_parse_elems( ++ mgmt->u.action.u.chan_switch.variable, ++ ies_len, true, &elems); ++ ++ if (elems.parse_error) ++ break; ++ + ieee80211_sta_process_chanswitch(sdata, +- &mgmt->u.action.u.chan_switch.sw_elem, +- (void *)ifmgd->associated->priv, +- rx_status->mactime); +- break; ++ rx_status->mactime, ++ &elems, false); ++ } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { ++ ies_len = skb->len - ++ offsetof(struct ieee80211_mgmt, ++ u.action.u.ext_chan_switch.variable); ++ ++ if (ies_len < 0) ++ break; ++ ++ ieee802_11_parse_elems( ++ mgmt->u.action.u.ext_chan_switch.variable, ++ ies_len, true, &elems); ++ ++ if (elems.parse_error) ++ break; ++ ++ /* for the handling code pretend this was also an IE */ ++ elems.ext_chansw_ie = ++ &mgmt->u.action.u.ext_chan_switch.data; ++ ++ ieee80211_sta_process_chanswitch(sdata, ++ rx_status->mactime, ++ &elems, false); + } ++ break; + } + mutex_unlock(&ifmgd->mtx); + +@@ -4197,7 +4344,7 @@ int ieee80211_mgd_deauth(struct ieee8021 + struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; + u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; + bool tx = !req->local_state_change; +- bool sent_frame = false; ++ bool report_frame = false; + + mutex_lock(&ifmgd->mtx); + +@@ -4214,7 +4361,7 @@ int ieee80211_mgd_deauth(struct ieee8021 + ieee80211_destroy_auth_data(sdata, false); + mutex_unlock(&ifmgd->mtx); + +- sent_frame = tx; ++ report_frame = true; + goto out; + } + +@@ -4222,12 +4369,12 @@ int ieee80211_mgd_deauth(struct ieee8021 + ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { + ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, + req->reason_code, tx, frame_buf); +- sent_frame = tx; ++ report_frame = true; + } + mutex_unlock(&ifmgd->mtx); + + out: +- if (sent_frame) ++ if (report_frame) + __cfg80211_send_deauth(sdata->dev, frame_buf, + IEEE80211_DEAUTH_FRAME_LEN); + +--- a/net/mac80211/pm.c ++++ b/net/mac80211/pm.c +@@ -38,8 +38,8 @@ int __ieee80211_suspend(struct ieee80211 + IEEE80211_MAX_QUEUE_MAP, + IEEE80211_QUEUE_STOP_REASON_SUSPEND); + +- /* flush out all packets */ +- synchronize_net(); ++ /* flush out all packets and station cleanup call_rcu()s */ ++ rcu_barrier(); + + ieee80211_flush_queues(local, NULL); + +--- a/net/mac80211/rate.c ++++ b/net/mac80211/rate.c +@@ -252,6 +252,25 @@ rate_lowest_non_cck_index(struct ieee802 + return 0; + } + ++static void __rate_control_send_low(struct ieee80211_hw *hw, ++ struct ieee80211_supported_band *sband, ++ struct ieee80211_sta *sta, ++ struct ieee80211_tx_info *info) ++{ ++ if ((sband->band != IEEE80211_BAND_2GHZ) || ++ !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)) ++ info->control.rates[0].idx = rate_lowest_index(sband, sta); ++ else ++ info->control.rates[0].idx = ++ rate_lowest_non_cck_index(sband, sta); ++ ++ info->control.rates[0].count = ++ (info->flags & IEEE80211_TX_CTL_NO_ACK) ? ++ 1 : hw->max_rate_tries; ++ ++ info->control.skip_table = 1; ++} ++ + + bool rate_control_send_low(struct ieee80211_sta *sta, + void *priv_sta, +@@ -262,16 +281,8 @@ bool rate_control_send_low(struct ieee80 + int mcast_rate; + + if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { +- if ((sband->band != IEEE80211_BAND_2GHZ) || +- !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)) +- info->control.rates[0].idx = +- rate_lowest_index(txrc->sband, sta); +- else +- info->control.rates[0].idx = +- rate_lowest_non_cck_index(txrc->sband, sta); +- info->control.rates[0].count = +- (info->flags & IEEE80211_TX_CTL_NO_ACK) ? +- 1 : txrc->hw->max_rate_tries; ++ __rate_control_send_low(txrc->hw, sband, sta, info); ++ + if (!sta && txrc->bss) { + mcast_rate = txrc->bss_conf->mcast_rate[sband->band]; + if (mcast_rate > 0) { +@@ -355,7 +366,8 @@ static bool rate_idx_match_mcs_mask(stru + + + static void rate_idx_match_mask(struct ieee80211_tx_rate *rate, +- struct ieee80211_tx_rate_control *txrc, ++ struct ieee80211_supported_band *sband, ++ enum nl80211_chan_width chan_width, + u32 mask, + u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN]) + { +@@ -375,27 +387,17 @@ static void rate_idx_match_mask(struct i + IEEE80211_TX_RC_USE_SHORT_PREAMBLE); + alt_rate.count = rate->count; + if (rate_idx_match_legacy_mask(&alt_rate, +- txrc->sband->n_bitrates, +- mask)) { ++ sband->n_bitrates, mask)) { + *rate = alt_rate; + return; + } + } else { +- struct sk_buff *skb = txrc->skb; +- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; +- __le16 fc; +- + /* handle legacy rates */ +- if (rate_idx_match_legacy_mask(rate, txrc->sband->n_bitrates, +- mask)) ++ if (rate_idx_match_legacy_mask(rate, sband->n_bitrates, mask)) + return; + + /* if HT BSS, and we handle a data frame, also try HT rates */ +- if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_20_NOHT) +- return; +- +- fc = hdr->frame_control; +- if (!ieee80211_is_data(fc)) ++ if (chan_width == NL80211_CHAN_WIDTH_20_NOHT) + return; + + alt_rate.idx = 0; +@@ -408,7 +410,7 @@ static void rate_idx_match_mask(struct i + + alt_rate.flags |= IEEE80211_TX_RC_MCS; + +- if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_40) ++ if (chan_width == NL80211_CHAN_WIDTH_40) + alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; + + if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) { +@@ -426,6 +428,228 @@ static void rate_idx_match_mask(struct i + */ + } + ++static void rate_fixup_ratelist(struct ieee80211_vif *vif, ++ struct ieee80211_supported_band *sband, ++ struct ieee80211_tx_info *info, ++ struct ieee80211_tx_rate *rates, ++ int max_rates) ++{ ++ struct ieee80211_rate *rate; ++ bool inval = false; ++ int i; ++ ++ /* ++ * Set up the RTS/CTS rate as the fastest basic rate ++ * that is not faster than the data rate unless there ++ * is no basic rate slower than the data rate, in which ++ * case we pick the slowest basic rate ++ * ++ * XXX: Should this check all retry rates? ++ */ ++ if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) { ++ u32 basic_rates = vif->bss_conf.basic_rates; ++ s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0; ++ ++ rate = &sband->bitrates[rates[0].idx]; ++ ++ for (i = 0; i < sband->n_bitrates; i++) { ++ /* must be a basic rate */ ++ if (!(basic_rates & BIT(i))) ++ continue; ++ /* must not be faster than the data rate */ ++ if (sband->bitrates[i].bitrate > rate->bitrate) ++ continue; ++ /* maximum */ ++ if (sband->bitrates[baserate].bitrate < ++ sband->bitrates[i].bitrate) ++ baserate = i; ++ } ++ ++ info->control.rts_cts_rate_idx = baserate; ++ } ++ ++ for (i = 0; i < max_rates; i++) { ++ /* ++ * make sure there's no valid rate following ++ * an invalid one, just in case drivers don't ++ * take the API seriously to stop at -1. ++ */ ++ if (inval) { ++ rates[i].idx = -1; ++ continue; ++ } ++ if (rates[i].idx < 0) { ++ inval = true; ++ continue; ++ } ++ ++ /* ++ * For now assume MCS is already set up correctly, this ++ * needs to be fixed. ++ */ ++ if (rates[i].flags & IEEE80211_TX_RC_MCS) { ++ WARN_ON(rates[i].idx > 76); ++ ++ if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) && ++ info->control.use_cts_prot) ++ rates[i].flags |= ++ IEEE80211_TX_RC_USE_CTS_PROTECT; ++ continue; ++ } ++ ++ if (rates[i].flags & IEEE80211_TX_RC_VHT_MCS) { ++ WARN_ON(ieee80211_rate_get_vht_mcs(&rates[i]) > 9); ++ continue; ++ } ++ ++ /* set up RTS protection if desired */ ++ if (info->control.use_rts) { ++ rates[i].flags |= IEEE80211_TX_RC_USE_RTS_CTS; ++ info->control.use_cts_prot = false; ++ } ++ ++ /* RC is busted */ ++ if (WARN_ON_ONCE(rates[i].idx >= sband->n_bitrates)) { ++ rates[i].idx = -1; ++ continue; ++ } ++ ++ rate = &sband->bitrates[rates[i].idx]; ++ ++ /* set up short preamble */ ++ if (info->control.short_preamble && ++ rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) ++ rates[i].flags |= IEEE80211_TX_RC_USE_SHORT_PREAMBLE; ++ ++ /* set up G protection */ ++ if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) && ++ info->control.use_cts_prot && ++ rate->flags & IEEE80211_RATE_ERP_G) ++ rates[i].flags |= IEEE80211_TX_RC_USE_CTS_PROTECT; ++ } ++} ++ ++ ++static void rate_control_fill_sta_table(struct ieee80211_sta *sta, ++ struct ieee80211_tx_info *info, ++ struct ieee80211_tx_rate *rates, ++ int max_rates) ++{ ++ struct ieee80211_sta_rates *ratetbl = NULL; ++ int i; ++ ++ if (sta && !info->control.skip_table) ++ ratetbl = rcu_dereference(sta->rates); ++ ++ /* Fill remaining rate slots with data from the sta rate table. */ ++ max_rates = min_t(int, max_rates, IEEE80211_TX_RATE_TABLE_SIZE); ++ for (i = 0; i < max_rates; i++) { ++ if (i < ARRAY_SIZE(info->control.rates) && ++ info->control.rates[i].idx >= 0 && ++ info->control.rates[i].count) { ++ if (rates != info->control.rates) ++ rates[i] = info->control.rates[i]; ++ } else if (ratetbl) { ++ rates[i].idx = ratetbl->rate[i].idx; ++ rates[i].flags = ratetbl->rate[i].flags; ++ if (info->control.use_rts) ++ rates[i].count = ratetbl->rate[i].count_rts; ++ else if (info->control.use_cts_prot) ++ rates[i].count = ratetbl->rate[i].count_cts; ++ else ++ rates[i].count = ratetbl->rate[i].count; ++ } else { ++ rates[i].idx = -1; ++ rates[i].count = 0; ++ } ++ ++ if (rates[i].idx < 0 || !rates[i].count) ++ break; ++ } ++} ++ ++static void rate_control_apply_mask(struct ieee80211_sub_if_data *sdata, ++ struct ieee80211_sta *sta, ++ struct ieee80211_supported_band *sband, ++ struct ieee80211_tx_info *info, ++ struct ieee80211_tx_rate *rates, ++ int max_rates) ++{ ++ enum nl80211_chan_width chan_width; ++ u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN]; ++ bool has_mcs_mask; ++ u32 mask; ++ int i; ++ ++ /* ++ * Try to enforce the rateidx mask the user wanted. skip this if the ++ * default mask (allow all rates) is used to save some processing for ++ * the common case. ++ */ ++ mask = sdata->rc_rateidx_mask[info->band]; ++ has_mcs_mask = sdata->rc_has_mcs_mask[info->band]; ++ if (mask == (1 << sband->n_bitrates) - 1 && !has_mcs_mask) ++ return; ++ ++ if (has_mcs_mask) ++ memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band], ++ sizeof(mcs_mask)); ++ else ++ memset(mcs_mask, 0xff, sizeof(mcs_mask)); ++ ++ if (sta) { ++ /* Filter out rates that the STA does not support */ ++ mask &= sta->supp_rates[info->band]; ++ for (i = 0; i < sizeof(mcs_mask); i++) ++ mcs_mask[i] &= sta->ht_cap.mcs.rx_mask[i]; ++ } ++ ++ /* ++ * Make sure the rate index selected for each TX rate is ++ * included in the configured mask and change the rate indexes ++ * if needed. ++ */ ++ chan_width = sdata->vif.bss_conf.chandef.width; ++ for (i = 0; i < max_rates; i++) { ++ /* Skip invalid rates */ ++ if (rates[i].idx < 0) ++ break; ++ ++ rate_idx_match_mask(&rates[i], sband, chan_width, mask, ++ mcs_mask); ++ } ++} ++ ++void ieee80211_get_tx_rates(struct ieee80211_vif *vif, ++ struct ieee80211_sta *sta, ++ struct sk_buff *skb, ++ struct ieee80211_tx_rate *dest, ++ int max_rates) ++{ ++ struct ieee80211_sub_if_data *sdata; ++ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; ++ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); ++ struct ieee80211_supported_band *sband; ++ ++ rate_control_fill_sta_table(sta, info, dest, max_rates); ++ ++ if (!vif) ++ return; ++ ++ sdata = vif_to_sdata(vif); ++ sband = sdata->local->hw.wiphy->bands[info->band]; ++ ++ if (ieee80211_is_data(hdr->frame_control)) ++ rate_control_apply_mask(sdata, sta, sband, info, dest, max_rates); ++ ++ if (dest[0].idx < 0) ++ __rate_control_send_low(&sdata->local->hw, sband, sta, info); ++ ++ if (sta) ++ rate_fixup_ratelist(vif, sband, info, dest, max_rates); ++} ++EXPORT_SYMBOL(ieee80211_get_tx_rates); ++ + void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, + struct sta_info *sta, + struct ieee80211_tx_rate_control *txrc) +@@ -435,8 +659,6 @@ void rate_control_get_rate(struct ieee80 + struct ieee80211_sta *ista = NULL; + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); + int i; +- u32 mask; +- u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN]; + + if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) { + ista = &sta->sta; +@@ -454,37 +676,27 @@ void rate_control_get_rate(struct ieee80 + + ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); + +- /* +- * Try to enforce the rateidx mask the user wanted. skip this if the +- * default mask (allow all rates) is used to save some processing for +- * the common case. +- */ +- mask = sdata->rc_rateidx_mask[info->band]; +- memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band], +- sizeof(mcs_mask)); +- if (mask != (1 << txrc->sband->n_bitrates) - 1) { +- if (sta) { +- /* Filter out rates that the STA does not support */ +- mask &= sta->sta.supp_rates[info->band]; +- for (i = 0; i < sizeof(mcs_mask); i++) +- mcs_mask[i] &= sta->sta.ht_cap.mcs.rx_mask[i]; +- } +- /* +- * Make sure the rate index selected for each TX rate is +- * included in the configured mask and change the rate indexes +- * if needed. +- */ +- for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { +- /* Skip invalid rates */ +- if (info->control.rates[i].idx < 0) +- break; +- rate_idx_match_mask(&info->control.rates[i], txrc, +- mask, mcs_mask); +- } +- } ++ if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_RC_TABLE) ++ return; + +- BUG_ON(info->control.rates[0].idx < 0); ++ ieee80211_get_tx_rates(&sdata->vif, ista, txrc->skb, ++ info->control.rates, ++ ARRAY_SIZE(info->control.rates)); ++} ++ ++int rate_control_set_rates(struct ieee80211_hw *hw, ++ struct ieee80211_sta *pubsta, ++ struct ieee80211_sta_rates *rates) ++{ ++ struct ieee80211_sta_rates *old = rcu_dereference(pubsta->rates); ++ ++ rcu_assign_pointer(pubsta->rates, rates); ++ if (old) ++ kfree_rcu(old, rcu_head); ++ ++ return 0; + } ++EXPORT_SYMBOL(rate_control_set_rates); + + int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, + const char *name) +--- a/net/mac80211/rc80211_minstrel.c ++++ b/net/mac80211/rc80211_minstrel.c +@@ -84,6 +84,50 @@ minstrel_sort_best_tp_rates(struct minst + } + + static void ++minstrel_set_rate(struct minstrel_sta_info *mi, struct ieee80211_sta_rates *ratetbl, ++ int offset, int idx) ++{ ++ struct minstrel_rate *r = &mi->r[idx]; ++ ++ ratetbl->rate[offset].idx = r->rix; ++ ratetbl->rate[offset].count = r->adjusted_retry_count; ++ ratetbl->rate[offset].count_cts = r->retry_count_cts; ++ ratetbl->rate[offset].count_rts = r->retry_count_rtscts; ++} ++ ++static void ++minstrel_update_rates(struct minstrel_priv *mp, struct minstrel_sta_info *mi) ++{ ++ struct ieee80211_sta_rates *ratetbl; ++ int i = 0; ++ ++ ratetbl = kzalloc(sizeof(*ratetbl), GFP_ATOMIC); ++ if (!ratetbl) ++ return; ++ ++ /* Start with max_tp_rate */ ++ minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[0]); ++ ++ if (mp->hw->max_rates >= 3) { ++ /* At least 3 tx rates supported, use max_tp_rate2 next */ ++ minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[1]); ++ } ++ ++ if (mp->hw->max_rates >= 2) { ++ /* At least 2 tx rates supported, use max_prob_rate next */ ++ minstrel_set_rate(mi, ratetbl, i++, mi->max_prob_rate); ++ } ++ ++ /* Use lowest rate last */ ++ ratetbl->rate[i].idx = mi->lowest_rix; ++ ratetbl->rate[i].count = mp->max_retry; ++ ratetbl->rate[i].count_cts = mp->max_retry; ++ ratetbl->rate[i].count_rts = mp->max_retry; ++ ++ rate_control_set_rates(mp->hw, mi->sta, ratetbl); ++} ++ ++static void + minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi) + { + u8 tmp_tp_rate[MAX_THR_RATES]; +@@ -161,6 +205,8 @@ minstrel_update_stats(struct minstrel_pr + + /* Reset update timer */ + mi->stats_update = jiffies; ++ ++ minstrel_update_rates(mp, mi); + } + + static void +@@ -209,9 +255,9 @@ minstrel_get_retry_count(struct minstrel + { + unsigned int retry = mr->adjusted_retry_count; + +- if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ++ if (info->control.use_rts) + retry = max(2U, min(mr->retry_count_rtscts, retry)); +- else if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) ++ else if (info->control.use_cts_prot) + retry = max(2U, min(mr->retry_count_cts, retry)); + return retry; + } +@@ -240,13 +286,12 @@ minstrel_get_rate(void *priv, struct iee + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); + struct minstrel_sta_info *mi = priv_sta; + struct minstrel_priv *mp = priv; +- struct ieee80211_tx_rate *ar = info->control.rates; +- unsigned int ndx, sample_ndx = 0; ++ struct ieee80211_tx_rate *rate = &info->control.rates[0]; ++ struct minstrel_rate *msr, *mr; ++ unsigned int ndx; + bool mrr_capable; +- bool indirect_rate_sampling = false; +- bool rate_sampling = false; +- int i, delta; +- int mrr_ndx[3]; ++ bool prev_sample = mi->prev_sample; ++ int delta; + int sampling_ratio; + + /* management/no-ack frames do not use rate control */ +@@ -262,107 +307,75 @@ minstrel_get_rate(void *priv, struct iee + else + sampling_ratio = mp->lookaround_rate; + +- /* init rateindex [ndx] with max throughput rate */ +- ndx = mi->max_tp_rate[0]; +- + /* increase sum packet counter */ + mi->packet_count++; + + delta = (mi->packet_count * sampling_ratio / 100) - + (mi->sample_count + mi->sample_deferred / 2); + +- /* delta > 0: sampling required */ +- if ((delta > 0) && (mrr_capable || !mi->prev_sample)) { +- struct minstrel_rate *msr; +- if (mi->packet_count >= 10000) { +- mi->sample_deferred = 0; +- mi->sample_count = 0; +- mi->packet_count = 0; +- } else if (delta > mi->n_rates * 2) { +- /* With multi-rate retry, not every planned sample +- * attempt actually gets used, due to the way the retry +- * chain is set up - [max_tp,sample,prob,lowest] for +- * sample_rate < max_tp. +- * +- * If there's too much sampling backlog and the link +- * starts getting worse, minstrel would start bursting +- * out lots of sampling frames, which would result +- * in a large throughput loss. */ +- mi->sample_count += (delta - mi->n_rates * 2); +- } ++ /* delta < 0: no sampling required */ ++ mi->prev_sample = false; ++ if (delta < 0 || (!mrr_capable && prev_sample)) ++ return; + +- /* get next random rate sample */ +- sample_ndx = minstrel_get_next_sample(mi); +- msr = &mi->r[sample_ndx]; +- rate_sampling = true; +- +- /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage) +- * rate sampling method should be used. +- * Respect such rates that are not sampled for 20 interations. +- */ +- if (mrr_capable && +- msr->perfect_tx_time > mi->r[ndx].perfect_tx_time && +- msr->sample_skipped < 20) +- indirect_rate_sampling = true; +- +- if (!indirect_rate_sampling) { +- if (msr->sample_limit != 0) { +- ndx = sample_ndx; +- mi->sample_count++; +- if (msr->sample_limit > 0) +- msr->sample_limit--; +- } else +- rate_sampling = false; +- } else { +- /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark +- * packets that have the sampling rate deferred to the +- * second MRR stage. Increase the sample counter only +- * if the deferred sample rate was actually used. +- * Use the sample_deferred counter to make sure that +- * the sampling is not done in large bursts */ +- info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; +- mi->sample_deferred++; +- } ++ if (mi->packet_count >= 10000) { ++ mi->sample_deferred = 0; ++ mi->sample_count = 0; ++ mi->packet_count = 0; ++ } else if (delta > mi->n_rates * 2) { ++ /* With multi-rate retry, not every planned sample ++ * attempt actually gets used, due to the way the retry ++ * chain is set up - [max_tp,sample,prob,lowest] for ++ * sample_rate < max_tp. ++ * ++ * If there's too much sampling backlog and the link ++ * starts getting worse, minstrel would start bursting ++ * out lots of sampling frames, which would result ++ * in a large throughput loss. */ ++ mi->sample_count += (delta - mi->n_rates * 2); ++ } ++ ++ /* get next random rate sample */ ++ ndx = minstrel_get_next_sample(mi); ++ msr = &mi->r[ndx]; ++ mr = &mi->r[mi->max_tp_rate[0]]; ++ ++ /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage) ++ * rate sampling method should be used. ++ * Respect such rates that are not sampled for 20 interations. ++ */ ++ if (mrr_capable && ++ msr->perfect_tx_time > mr->perfect_tx_time && ++ msr->sample_skipped < 20) { ++ /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark ++ * packets that have the sampling rate deferred to the ++ * second MRR stage. Increase the sample counter only ++ * if the deferred sample rate was actually used. ++ * Use the sample_deferred counter to make sure that ++ * the sampling is not done in large bursts */ ++ info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; ++ rate++; ++ mi->sample_deferred++; ++ } else { ++ if (!msr->sample_limit != 0) ++ return; ++ ++ mi->sample_count++; ++ if (msr->sample_limit > 0) ++ msr->sample_limit--; + } +- mi->prev_sample = rate_sampling; + + /* If we're not using MRR and the sampling rate already + * has a probability of >95%, we shouldn't be attempting + * to use it, as this only wastes precious airtime */ +- if (!mrr_capable && rate_sampling && ++ if (!mrr_capable && + (mi->r[ndx].probability > MINSTREL_FRAC(95, 100))) +- ndx = mi->max_tp_rate[0]; +- +- /* mrr setup for 1st stage */ +- ar[0].idx = mi->r[ndx].rix; +- ar[0].count = minstrel_get_retry_count(&mi->r[ndx], info); +- +- /* non mrr setup for 2nd stage */ +- if (!mrr_capable) { +- if (!rate_sampling) +- ar[0].count = mp->max_retry; +- ar[1].idx = mi->lowest_rix; +- ar[1].count = mp->max_retry; + return; +- } + +- /* mrr setup for 2nd stage */ +- if (rate_sampling) { +- if (indirect_rate_sampling) +- mrr_ndx[0] = sample_ndx; +- else +- mrr_ndx[0] = mi->max_tp_rate[0]; +- } else { +- mrr_ndx[0] = mi->max_tp_rate[1]; +- } ++ mi->prev_sample = true; + +- /* mrr setup for 3rd & 4th stage */ +- mrr_ndx[1] = mi->max_prob_rate; +- mrr_ndx[2] = 0; +- for (i = 1; i < 4; i++) { +- ar[i].idx = mi->r[mrr_ndx[i - 1]].rix; +- ar[i].count = mi->r[mrr_ndx[i - 1]].adjusted_retry_count; +- } ++ rate->idx = mi->r[ndx].rix; ++ rate->count = minstrel_get_retry_count(&mi->r[ndx], info); + } + + +@@ -412,12 +425,16 @@ minstrel_rate_init(void *priv, struct ie + unsigned int i, n = 0; + unsigned int t_slot = 9; /* FIXME: get real slot time */ + ++ mi->sta = sta; + mi->lowest_rix = rate_lowest_index(sband, sta); + ctl_rate = &sband->bitrates[mi->lowest_rix]; + mi->sp_ack_dur = ieee80211_frame_duration(sband->band, 10, + ctl_rate->bitrate, + !!(ctl_rate->flags & IEEE80211_RATE_ERP_G), 1); + ++ memset(mi->max_tp_rate, 0, sizeof(mi->max_tp_rate)); ++ mi->max_prob_rate = 0; ++ + for (i = 0; i < sband->n_bitrates; i++) { + struct minstrel_rate *mr = &mi->r[n]; + unsigned int tx_time = 0, tx_time_cts = 0, tx_time_rtscts = 0; +@@ -460,6 +477,8 @@ minstrel_rate_init(void *priv, struct ie + } while ((tx_time < mp->segment_size) && + (++mr->retry_count < mp->max_retry)); + mr->adjusted_retry_count = mr->retry_count; ++ if (!(sband->bitrates[i].flags & IEEE80211_RATE_ERP_G)) ++ mr->retry_count_cts = mr->retry_count; + } + + for (i = n; i < sband->n_bitrates; i++) { +@@ -471,6 +490,7 @@ minstrel_rate_init(void *priv, struct ie + mi->stats_update = jiffies; + + init_sample_table(mi); ++ minstrel_update_rates(mp, mi); + } + + static void * +--- a/net/mac80211/rc80211_minstrel.h ++++ b/net/mac80211/rc80211_minstrel.h +@@ -9,7 +9,8 @@ + #ifndef __RC_MINSTREL_H + #define __RC_MINSTREL_H + +-#define EWMA_LEVEL 75 /* ewma weighting factor [%] */ ++#define EWMA_LEVEL 96 /* ewma weighting factor [/EWMA_DIV] */ ++#define EWMA_DIV 128 + #define SAMPLE_COLUMNS 10 /* number of columns in sample table */ + + +@@ -27,7 +28,7 @@ + static inline int + minstrel_ewma(int old, int new, int weight) + { +- return (new * (100 - weight) + old * weight) / 100; ++ return (new * (EWMA_DIV - weight) + old * weight) / EWMA_DIV; + } + + +@@ -62,6 +63,8 @@ struct minstrel_rate { + }; + + struct minstrel_sta_info { ++ struct ieee80211_sta *sta; ++ + unsigned long stats_update; + unsigned int sp_ack_dur; + unsigned int rate_avg; +--- a/net/mac80211/rc80211_minstrel_debugfs.c ++++ b/net/mac80211/rc80211_minstrel_debugfs.c +@@ -68,7 +68,7 @@ minstrel_stats_open(struct inode *inode, + + file->private_data = ms; + p = ms->buf; +- p += sprintf(p, "rate throughput ewma prob this prob " ++ p += sprintf(p, "rate throughput ewma prob this prob " + "this succ/attempt success attempts\n"); + for (i = 0; i < mi->n_rates; i++) { + struct minstrel_rate *mr = &mi->r[i]; +@@ -86,7 +86,7 @@ minstrel_stats_open(struct inode *inode, + eprob = MINSTREL_TRUNC(mr->probability * 1000); + + p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u " +- "%3u(%3u) %8llu %8llu\n", ++ " %3u(%3u) %8llu %8llu\n", + tp / 10, tp % 10, + eprob / 10, eprob % 10, + prob / 10, prob % 10, +--- a/net/mac80211/rc80211_minstrel_ht.c ++++ b/net/mac80211/rc80211_minstrel_ht.c +@@ -126,6 +126,9 @@ const struct mcs_group minstrel_mcs_grou + + static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES]; + ++static void ++minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi); ++ + /* + * Look up an MCS group index based on mac80211 rate information + */ +@@ -244,6 +247,7 @@ minstrel_ht_update_stats(struct minstrel + struct minstrel_rate_stats *mr; + int cur_prob, cur_prob_tp, cur_tp, cur_tp2; + int group, i, index; ++ bool mi_rates_valid = false; + + if (mi->ampdu_packets > 0) { + mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len, +@@ -254,11 +258,10 @@ minstrel_ht_update_stats(struct minstrel + + mi->sample_slow = 0; + mi->sample_count = 0; +- mi->max_tp_rate = 0; +- mi->max_tp_rate2 = 0; +- mi->max_prob_rate = 0; + + for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) { ++ bool mg_rates_valid = false; ++ + cur_prob = 0; + cur_prob_tp = 0; + cur_tp = 0; +@@ -268,15 +271,24 @@ minstrel_ht_update_stats(struct minstrel + if (!mg->supported) + continue; + +- mg->max_tp_rate = 0; +- mg->max_tp_rate2 = 0; +- mg->max_prob_rate = 0; + mi->sample_count++; + + for (i = 0; i < MCS_GROUP_RATES; i++) { + if (!(mg->supported & BIT(i))) + continue; + ++ /* initialize rates selections starting indexes */ ++ if (!mg_rates_valid) { ++ mg->max_tp_rate = mg->max_tp_rate2 = ++ mg->max_prob_rate = i; ++ if (!mi_rates_valid) { ++ mi->max_tp_rate = mi->max_tp_rate2 = ++ mi->max_prob_rate = i; ++ mi_rates_valid = true; ++ } ++ mg_rates_valid = true; ++ } ++ + mr = &mg->rates[i]; + mr->retry_updated = false; + index = MCS_GROUP_RATES * group + i; +@@ -456,7 +468,7 @@ minstrel_ht_tx_status(void *priv, struct + struct ieee80211_tx_rate *ar = info->status.rates; + struct minstrel_rate_stats *rate, *rate2; + struct minstrel_priv *mp = priv; +- bool last; ++ bool last, update = false; + int i; + + if (!msp->is_ht) +@@ -505,21 +517,29 @@ minstrel_ht_tx_status(void *priv, struct + rate = minstrel_get_ratestats(mi, mi->max_tp_rate); + if (rate->attempts > 30 && + MINSTREL_FRAC(rate->success, rate->attempts) < +- MINSTREL_FRAC(20, 100)) ++ MINSTREL_FRAC(20, 100)) { + minstrel_downgrade_rate(mi, &mi->max_tp_rate, true); ++ update = true; ++ } + + rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2); + if (rate2->attempts > 30 && + MINSTREL_FRAC(rate2->success, rate2->attempts) < +- MINSTREL_FRAC(20, 100)) ++ MINSTREL_FRAC(20, 100)) { + minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false); ++ update = true; ++ } + + if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) { ++ update = true; + minstrel_ht_update_stats(mp, mi); + if (!(info->flags & IEEE80211_TX_CTL_AMPDU) && + mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP) + minstrel_aggr_check(sta, skb); + } ++ ++ if (update) ++ minstrel_ht_update_rates(mp, mi); + } + + static void +@@ -580,39 +600,73 @@ minstrel_calc_retransmit(struct minstrel + (++mr->retry_count < mp->max_retry)); + } + +- + static void + minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi, +- struct ieee80211_tx_rate *rate, int index, +- bool sample, bool rtscts) ++ struct ieee80211_sta_rates *ratetbl, int offset, int index) + { + const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES]; + struct minstrel_rate_stats *mr; ++ u8 idx; ++ u16 flags; + + mr = minstrel_get_ratestats(mi, index); + if (!mr->retry_updated) + minstrel_calc_retransmit(mp, mi, index); + +- if (sample) +- rate->count = 1; +- else if (mr->probability < MINSTREL_FRAC(20, 100)) +- rate->count = 2; +- else if (rtscts) +- rate->count = mr->retry_count_rtscts; +- else +- rate->count = mr->retry_count; +- +- rate->flags = 0; +- if (rtscts) +- rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS; ++ if (mr->probability < MINSTREL_FRAC(20, 100) || !mr->retry_count) { ++ ratetbl->rate[offset].count = 2; ++ ratetbl->rate[offset].count_rts = 2; ++ ratetbl->rate[offset].count_cts = 2; ++ } else { ++ ratetbl->rate[offset].count = mr->retry_count; ++ ratetbl->rate[offset].count_cts = mr->retry_count; ++ ratetbl->rate[offset].count_rts = mr->retry_count_rtscts; ++ } + + if (index / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) { +- rate->idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)]; ++ idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)]; ++ flags = 0; ++ } else { ++ idx = index % MCS_GROUP_RATES + ++ (group->streams - 1) * MCS_GROUP_RATES; ++ flags = IEEE80211_TX_RC_MCS | group->flags; ++ } ++ ++ if (offset > 0) { ++ ratetbl->rate[offset].count = ratetbl->rate[offset].count_rts; ++ flags |= IEEE80211_TX_RC_USE_RTS_CTS; ++ } ++ ++ ratetbl->rate[offset].idx = idx; ++ ratetbl->rate[offset].flags = flags; ++} ++ ++static void ++minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi) ++{ ++ struct ieee80211_sta_rates *rates; ++ int i = 0; ++ ++ rates = kzalloc(sizeof(*rates), GFP_ATOMIC); ++ if (!rates) + return; ++ ++ /* Start with max_tp_rate */ ++ minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate); ++ ++ if (mp->hw->max_rates >= 3) { ++ /* At least 3 tx rates supported, use max_tp_rate2 next */ ++ minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate2); ++ } ++ ++ if (mp->hw->max_rates >= 2) { ++ /* ++ * At least 2 tx rates supported, use max_prob_rate next */ ++ minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_prob_rate); + } + +- rate->flags |= IEEE80211_TX_RC_MCS | group->flags; +- rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES; ++ rates->rate[i].idx = -1; ++ rate_control_set_rates(mp->hw, mi->sta, rates); + } + + static inline int +@@ -702,13 +756,13 @@ static void + minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta, + struct ieee80211_tx_rate_control *txrc) + { ++ const struct mcs_group *sample_group; + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); +- struct ieee80211_tx_rate *ar = info->status.rates; ++ struct ieee80211_tx_rate *rate = &info->status.rates[0]; + struct minstrel_ht_sta_priv *msp = priv_sta; + struct minstrel_ht_sta *mi = &msp->ht; + struct minstrel_priv *mp = priv; + int sample_idx; +- bool sample = false; + + if (rate_control_send_low(sta, priv_sta, txrc)) + return; +@@ -736,51 +790,6 @@ minstrel_ht_get_rate(void *priv, struct + } + #endif + +- if (sample_idx >= 0) { +- sample = true; +- minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx, +- true, false); +- info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; +- } else { +- minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate, +- false, false); +- } +- +- if (mp->hw->max_rates >= 3) { +- /* +- * At least 3 tx rates supported, use +- * sample_rate -> max_tp_rate -> max_prob_rate for sampling and +- * max_tp_rate -> max_tp_rate2 -> max_prob_rate by default. +- */ +- if (sample_idx >= 0) +- minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate, +- false, false); +- else +- minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2, +- false, true); +- +- minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate, +- false, !sample); +- +- ar[3].count = 0; +- ar[3].idx = -1; +- } else if (mp->hw->max_rates == 2) { +- /* +- * Only 2 tx rates supported, use +- * sample_rate -> max_prob_rate for sampling and +- * max_tp_rate -> max_prob_rate by default. +- */ +- minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_prob_rate, +- false, !sample); +- +- ar[2].count = 0; +- ar[2].idx = -1; +- } else { +- /* Not using MRR, only use the first rate */ +- ar[1].count = 0; +- ar[1].idx = -1; +- } +- + mi->total_packets++; + + /* wraparound */ +@@ -788,6 +797,16 @@ minstrel_ht_get_rate(void *priv, struct + mi->total_packets = 0; + mi->sample_packets = 0; + } ++ ++ if (sample_idx < 0) ++ return; ++ ++ sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES]; ++ info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; ++ rate->idx = sample_idx % MCS_GROUP_RATES + ++ (sample_group->streams - 1) * MCS_GROUP_RATES; ++ rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags; ++ rate->count = 1; + } + + static void +@@ -837,6 +856,8 @@ minstrel_ht_update_caps(void *priv, stru + + msp->is_ht = true; + memset(mi, 0, sizeof(*mi)); ++ ++ mi->sta = sta; + mi->stats_update = jiffies; + + ack_dur = ieee80211_frame_duration(sband->band, 10, 60, 1, 1); +@@ -898,6 +919,9 @@ minstrel_ht_update_caps(void *priv, stru + if (!n_supported) + goto use_legacy; + ++ minstrel_ht_update_stats(mp, mi); ++ minstrel_ht_update_rates(mp, mi); ++ + return; + + use_legacy: +--- a/net/mac80211/rc80211_minstrel_ht.h ++++ b/net/mac80211/rc80211_minstrel_ht.h +@@ -65,6 +65,8 @@ struct minstrel_mcs_group_data { + }; + + struct minstrel_ht_sta { ++ struct ieee80211_sta *sta; ++ + /* ampdu length (average, per sampling interval) */ + unsigned int ampdu_len; + unsigned int ampdu_packets; +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -1372,6 +1372,7 @@ ieee80211_rx_h_sta_process(struct ieee80 + struct sk_buff *skb = rx->skb; + struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; ++ int i; + + if (!sta) + return RX_CONTINUE; +@@ -1422,6 +1423,19 @@ ieee80211_rx_h_sta_process(struct ieee80 + ewma_add(&sta->avg_signal, -status->signal); + } + ++ if (status->chains) { ++ sta->chains = status->chains; ++ for (i = 0; i < ARRAY_SIZE(status->chain_signal); i++) { ++ int signal = status->chain_signal[i]; ++ ++ if (!(status->chains & BIT(i))) ++ continue; ++ ++ sta->chain_signal_last[i] = signal; ++ ewma_add(&sta->chain_signal_avg[i], -signal); ++ } ++ } ++ + /* + * Change STA power saving mode only at the end of a frame + * exchange sequence. +@@ -2085,6 +2099,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80 + } + + fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; ++ fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY); + info = IEEE80211_SKB_CB(fwd_skb); + memset(info, 0, sizeof(*info)); + info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; +@@ -2356,6 +2371,7 @@ ieee80211_rx_h_action(struct ieee80211_r + sdata->vif.type != NL80211_IFTYPE_MESH_POINT && + sdata->vif.type != NL80211_IFTYPE_AP_VLAN && + sdata->vif.type != NL80211_IFTYPE_AP && ++ sdata->vif.type != NL80211_IFTYPE_WDS && + sdata->vif.type != NL80211_IFTYPE_ADHOC) + break; + +@@ -2423,6 +2439,22 @@ ieee80211_rx_h_action(struct ieee80211_r + } + + break; ++ case WLAN_CATEGORY_PUBLIC: ++ if (len < IEEE80211_MIN_ACTION_SIZE + 1) ++ goto invalid; ++ if (sdata->vif.type != NL80211_IFTYPE_STATION) ++ break; ++ if (!rx->sta) ++ break; ++ if (!ether_addr_equal(mgmt->bssid, sdata->u.mgd.bssid)) ++ break; ++ if (mgmt->u.action.u.ext_chan_switch.action_code != ++ WLAN_PUB_ACTION_EXT_CHANSW_ANN) ++ break; ++ if (len < offsetof(struct ieee80211_mgmt, ++ u.action.u.ext_chan_switch.variable)) ++ goto invalid; ++ goto queue; + case WLAN_CATEGORY_VHT: + if (sdata->vif.type != NL80211_IFTYPE_STATION && + sdata->vif.type != NL80211_IFTYPE_MESH_POINT && +@@ -2506,10 +2538,6 @@ ieee80211_rx_h_action(struct ieee80211_r + ieee80211_process_measurement_req(sdata, mgmt, len); + goto handled; + case WLAN_ACTION_SPCT_CHL_SWITCH: +- if (len < (IEEE80211_MIN_ACTION_SIZE + +- sizeof(mgmt->u.action.u.chan_switch))) +- break; +- + if (sdata->vif.type != NL80211_IFTYPE_STATION) + break; + +@@ -2695,14 +2723,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_ + + if (!ieee80211_vif_is_mesh(&sdata->vif) && + sdata->vif.type != NL80211_IFTYPE_ADHOC && +- sdata->vif.type != NL80211_IFTYPE_STATION) ++ sdata->vif.type != NL80211_IFTYPE_STATION && ++ sdata->vif.type != NL80211_IFTYPE_WDS) + return RX_DROP_MONITOR; + + switch (stype) { + case cpu_to_le16(IEEE80211_STYPE_AUTH): + case cpu_to_le16(IEEE80211_STYPE_BEACON): + case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): +- /* process for all: mesh, mlme, ibss */ ++ /* process for all: mesh, mlme, ibss, wds */ + break; + case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): + case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): +@@ -3023,6 +3052,9 @@ static int prepare_for_handlers(struct i + * and location updates. Note that mac80211 + * itself never looks at these frames. + */ ++ if (!multicast && ++ !ether_addr_equal(sdata->vif.addr, hdr->addr1)) ++ return 0; + if (ieee80211_is_public_action(hdr, skb->len)) + return 1; + if (!ieee80211_is_beacon(hdr->frame_control)) +@@ -3031,10 +3063,16 @@ static int prepare_for_handlers(struct i + } + break; + case NL80211_IFTYPE_WDS: +- if (bssid || !ieee80211_is_data(hdr->frame_control)) +- return 0; + if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2)) + return 0; ++ ++ if (ieee80211_is_data(hdr->frame_control) || ++ ieee80211_is_action(hdr->frame_control)) { ++ if (compare_ether_addr(sdata->vif.addr, hdr->addr1)) ++ return 0; ++ } else if (!ieee80211_is_beacon(hdr->frame_control)) ++ return 0; ++ + break; + case NL80211_IFTYPE_P2P_DEVICE: + if (!ieee80211_is_public_action(hdr, skb->len) && +--- a/net/mac80211/scan.c ++++ b/net/mac80211/scan.c +@@ -181,7 +181,7 @@ void ieee80211_scan_rx(struct ieee80211_ + if (baselen > skb->len) + return; + +- ieee802_11_parse_elems(elements, skb->len - baselen, &elems); ++ ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems); + + channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); + +--- a/net/mac80211/sta_info.h ++++ b/net/mac80211/sta_info.h +@@ -32,7 +32,6 @@ + * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble + * frames. + * @WLAN_STA_WME: Station is a QoS-STA. +- * @WLAN_STA_WDS: Station is one of our WDS peers. + * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the + * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next + * frame to this station is transmitted. +@@ -66,7 +65,6 @@ enum ieee80211_sta_info_flags { + WLAN_STA_AUTHORIZED, + WLAN_STA_SHORT_PREAMBLE, + WLAN_STA_WME, +- WLAN_STA_WDS, + WLAN_STA_CLEAR_PS_FILT, + WLAN_STA_MFP, + WLAN_STA_BLOCK_BA, +@@ -344,6 +342,11 @@ struct sta_info { + int last_signal; + struct ewma avg_signal; + int last_ack_signal; ++ ++ u8 chains; ++ s8 chain_signal_last[IEEE80211_MAX_CHAINS]; ++ struct ewma chain_signal_avg[IEEE80211_MAX_CHAINS]; ++ + /* Plus 1 for non-QoS frames */ + __le16 last_seq_ctrl[IEEE80211_NUM_TIDS + 1]; + +--- a/net/mac80211/trace.h ++++ b/net/mac80211/trace.h +@@ -990,23 +990,23 @@ TRACE_EVENT(drv_channel_switch, + + TP_STRUCT__entry( + LOCAL_ENTRY ++ CHANDEF_ENTRY + __field(u64, timestamp) + __field(bool, block_tx) +- __field(u16, freq) + __field(u8, count) + ), + + TP_fast_assign( + LOCAL_ASSIGN; ++ CHANDEF_ASSIGN(&ch_switch->chandef) + __entry->timestamp = ch_switch->timestamp; + __entry->block_tx = ch_switch->block_tx; +- __entry->freq = ch_switch->channel->center_freq; + __entry->count = ch_switch->count; + ), + + TP_printk( +- LOCAL_PR_FMT " new freq:%u count:%d", +- LOCAL_PR_ARG, __entry->freq, __entry->count ++ LOCAL_PR_FMT " new " CHANDEF_PR_FMT " count:%d", ++ LOCAL_PR_ARG, CHANDEF_PR_ARG, __entry->count + ) + ); + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -48,15 +48,15 @@ static __le16 ieee80211_duration(struct + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); + + /* assume HW handles this */ +- if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS) ++ if (tx->rate.flags & IEEE80211_TX_RC_MCS) + return 0; + + /* uh huh? */ +- if (WARN_ON_ONCE(info->control.rates[0].idx < 0)) ++ if (WARN_ON_ONCE(tx->rate.idx < 0)) + return 0; + + sband = local->hw.wiphy->bands[info->band]; +- txrate = &sband->bitrates[info->control.rates[0].idx]; ++ txrate = &sband->bitrates[tx->rate.idx]; + + erp = txrate->flags & IEEE80211_RATE_ERP_G; + +@@ -617,11 +617,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021 + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); + struct ieee80211_hdr *hdr = (void *)tx->skb->data; + struct ieee80211_supported_band *sband; +- struct ieee80211_rate *rate; +- int i; + u32 len; +- bool inval = false, rts = false, short_preamble = false; + struct ieee80211_tx_rate_control txrc; ++ struct ieee80211_sta_rates *ratetbl = NULL; + bool assoc = false; + + memset(&txrc, 0, sizeof(txrc)); +@@ -642,18 +640,23 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021 + txrc.max_rate_idx = -1; + else + txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; +- memcpy(txrc.rate_idx_mcs_mask, +- tx->sdata->rc_rateidx_mcs_mask[info->band], +- sizeof(txrc.rate_idx_mcs_mask)); ++ ++ if (tx->sdata->rc_has_mcs_mask[info->band]) ++ txrc.rate_idx_mcs_mask = ++ tx->sdata->rc_rateidx_mcs_mask[info->band]; ++ + txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || + tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || + tx->sdata->vif.type == NL80211_IFTYPE_ADHOC); + + /* set up RTS protection if desired */ + if (len > tx->local->hw.wiphy->rts_threshold) { +- txrc.rts = rts = true; ++ txrc.rts = true; + } + ++ info->control.use_rts = txrc.rts; ++ info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot; ++ + /* + * Use short preamble if the BSS can handle it, but not for + * management frames unless we know the receiver can handle +@@ -663,7 +666,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021 + if (tx->sdata->vif.bss_conf.use_short_preamble && + (ieee80211_is_data(hdr->frame_control) || + (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE)))) +- txrc.short_preamble = short_preamble = true; ++ txrc.short_preamble = true; ++ ++ info->control.short_preamble = txrc.short_preamble; + + if (tx->sta) + assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC); +@@ -687,16 +692,38 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021 + */ + rate_control_get_rate(tx->sdata, tx->sta, &txrc); + +- if (unlikely(info->control.rates[0].idx < 0)) +- return TX_DROP; ++ if (tx->sta && !info->control.skip_table) ++ ratetbl = rcu_dereference(tx->sta->sta.rates); ++ ++ if (unlikely(info->control.rates[0].idx < 0)) { ++ if (ratetbl) { ++ struct ieee80211_tx_rate rate = { ++ .idx = ratetbl->rate[0].idx, ++ .flags = ratetbl->rate[0].flags, ++ .count = ratetbl->rate[0].count ++ }; ++ ++ if (ratetbl->rate[0].idx < 0) ++ return TX_DROP; ++ ++ tx->rate = rate; ++ } else { ++ return TX_DROP; ++ } ++ } else { ++ tx->rate = info->control.rates[0]; ++ } + + if (txrc.reported_rate.idx < 0) { +- txrc.reported_rate = info->control.rates[0]; ++ txrc.reported_rate = tx->rate; + if (tx->sta && ieee80211_is_data(hdr->frame_control)) + tx->sta->last_tx_rate = txrc.reported_rate; + } else if (tx->sta) + tx->sta->last_tx_rate = txrc.reported_rate; + ++ if (ratetbl) ++ return TX_CONTINUE; ++ + if (unlikely(!info->control.rates[0].count)) + info->control.rates[0].count = 1; + +@@ -704,91 +731,6 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021 + (info->flags & IEEE80211_TX_CTL_NO_ACK))) + info->control.rates[0].count = 1; + +- if (is_multicast_ether_addr(hdr->addr1)) { +- /* +- * XXX: verify the rate is in the basic rateset +- */ +- return TX_CONTINUE; +- } +- +- /* +- * set up the RTS/CTS rate as the fastest basic rate +- * that is not faster than the data rate +- * +- * XXX: Should this check all retry rates? +- */ +- if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) { +- s8 baserate = 0; +- +- rate = &sband->bitrates[info->control.rates[0].idx]; +- +- for (i = 0; i < sband->n_bitrates; i++) { +- /* must be a basic rate */ +- if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i))) +- continue; +- /* must not be faster than the data rate */ +- if (sband->bitrates[i].bitrate > rate->bitrate) +- continue; +- /* maximum */ +- if (sband->bitrates[baserate].bitrate < +- sband->bitrates[i].bitrate) +- baserate = i; +- } +- +- info->control.rts_cts_rate_idx = baserate; +- } +- +- for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { +- /* +- * make sure there's no valid rate following +- * an invalid one, just in case drivers don't +- * take the API seriously to stop at -1. +- */ +- if (inval) { +- info->control.rates[i].idx = -1; +- continue; +- } +- if (info->control.rates[i].idx < 0) { +- inval = true; +- continue; +- } +- +- /* +- * For now assume MCS is already set up correctly, this +- * needs to be fixed. +- */ +- if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) { +- WARN_ON(info->control.rates[i].idx > 76); +- continue; +- } +- +- /* set up RTS protection if desired */ +- if (rts) +- info->control.rates[i].flags |= +- IEEE80211_TX_RC_USE_RTS_CTS; +- +- /* RC is busted */ +- if (WARN_ON_ONCE(info->control.rates[i].idx >= +- sband->n_bitrates)) { +- info->control.rates[i].idx = -1; +- continue; +- } +- +- rate = &sband->bitrates[info->control.rates[i].idx]; +- +- /* set up short preamble */ +- if (short_preamble && +- rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) +- info->control.rates[i].flags |= +- IEEE80211_TX_RC_USE_SHORT_PREAMBLE; +- +- /* set up G protection */ +- if (!rts && tx->sdata->vif.bss_conf.use_cts_prot && +- rate->flags & IEEE80211_RATE_ERP_G) +- info->control.rates[i].flags |= +- IEEE80211_TX_RC_USE_CTS_PROTECT; +- } +- + return TX_CONTINUE; + } + +@@ -2508,8 +2450,6 @@ struct sk_buff *ieee80211_beacon_get_tim + txrc.max_rate_idx = -1; + else + txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; +- memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band], +- sizeof(txrc.rate_idx_mcs_mask)); + txrc.bss = true; + rate_control_get_rate(sdata, NULL, &txrc); + +--- a/net/mac80211/util.c ++++ b/net/mac80211/util.c +@@ -485,7 +485,8 @@ int ieee80211_queue_stopped(struct ieee8 + return true; + + spin_lock_irqsave(&local->queue_stop_reason_lock, flags); +- ret = !!local->queue_stop_reasons[queue]; ++ ret = test_bit(IEEE80211_QUEUE_STOP_REASON_DRIVER, ++ &local->queue_stop_reasons[queue]); + spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + return ret; + } +@@ -559,6 +560,9 @@ void ieee80211_iterate_active_interfaces + list_for_each_entry(sdata, &local->interfaces, list) { + switch (sdata->vif.type) { + case NL80211_IFTYPE_MONITOR: ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ continue; ++ break; + case NL80211_IFTYPE_AP_VLAN: + continue; + default: +@@ -597,6 +601,9 @@ void ieee80211_iterate_active_interfaces + list_for_each_entry_rcu(sdata, &local->interfaces, list) { + switch (sdata->vif.type) { + case NL80211_IFTYPE_MONITOR: ++ if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)) ++ continue; ++ break; + case NL80211_IFTYPE_AP_VLAN: + continue; + default: +@@ -660,7 +667,7 @@ void ieee80211_queue_delayed_work(struct + } + EXPORT_SYMBOL(ieee80211_queue_delayed_work); + +-u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, ++u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action, + struct ieee802_11_elems *elems, + u64 filter, u32 crc) + { +@@ -668,6 +675,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start + u8 *pos = start; + bool calc_crc = filter != 0; + DECLARE_BITMAP(seen_elems, 256); ++ const u8 *ie; + + bitmap_zero(seen_elems, 256); + memset(elems, 0, sizeof(*elems)); +@@ -715,6 +723,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start + case WLAN_EID_COUNTRY: + case WLAN_EID_PWR_CONSTRAINT: + case WLAN_EID_TIMEOUT_INTERVAL: ++ case WLAN_EID_SECONDARY_CHANNEL_OFFSET: ++ case WLAN_EID_WIDE_BW_CHANNEL_SWITCH: ++ /* ++ * not listing WLAN_EID_CHANNEL_SWITCH_WRAPPER -- it seems possible ++ * that if the content gets bigger it might be needed more than once ++ */ + if (test_bit(id, seen_elems)) { + elems->parse_error = true; + left -= elen; +@@ -862,6 +876,48 @@ u32 ieee802_11_parse_elems_crc(u8 *start + } + elems->ch_switch_ie = (void *)pos; + break; ++ case WLAN_EID_EXT_CHANSWITCH_ANN: ++ if (elen != sizeof(struct ieee80211_ext_chansw_ie)) { ++ elem_parse_failed = true; ++ break; ++ } ++ elems->ext_chansw_ie = (void *)pos; ++ break; ++ case WLAN_EID_SECONDARY_CHANNEL_OFFSET: ++ if (elen != sizeof(struct ieee80211_sec_chan_offs_ie)) { ++ elem_parse_failed = true; ++ break; ++ } ++ elems->sec_chan_offs = (void *)pos; ++ break; ++ case WLAN_EID_WIDE_BW_CHANNEL_SWITCH: ++ if (!action || ++ elen != sizeof(*elems->wide_bw_chansw_ie)) { ++ elem_parse_failed = true; ++ break; ++ } ++ elems->wide_bw_chansw_ie = (void *)pos; ++ break; ++ case WLAN_EID_CHANNEL_SWITCH_WRAPPER: ++ if (action) { ++ elem_parse_failed = true; ++ break; ++ } ++ /* ++ * This is a bit tricky, but as we only care about ++ * the wide bandwidth channel switch element, so ++ * just parse it out manually. ++ */ ++ ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH, ++ pos, elen); ++ if (ie) { ++ if (ie[1] == sizeof(*elems->wide_bw_chansw_ie)) ++ elems->wide_bw_chansw_ie = ++ (void *)(ie + 2); ++ else ++ elem_parse_failed = true; ++ } ++ break; + case WLAN_EID_COUNTRY: + elems->country_elem = pos; + elems->country_elem_len = elen; +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -857,7 +857,7 @@ static void handle_channel(struct wiphy + return; + + REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); +- chan->flags = IEEE80211_CHAN_DISABLED; ++ chan->flags |= IEEE80211_CHAN_DISABLED; + return; + } + +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -1156,6 +1156,26 @@ int cfg80211_get_p2p_attr(const u8 *ies, + } + EXPORT_SYMBOL(cfg80211_get_p2p_attr); + ++bool ieee80211_operating_class_to_band(u8 operating_class, ++ enum ieee80211_band *band) ++{ ++ switch (operating_class) { ++ case 112: ++ case 115 ... 127: ++ *band = IEEE80211_BAND_5GHZ; ++ return true; ++ case 81: ++ case 82: ++ case 83: ++ case 84: ++ *band = IEEE80211_BAND_2GHZ; ++ return true; ++ } ++ ++ return false; ++} ++EXPORT_SYMBOL(ieee80211_operating_class_to_band); ++ + int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev, + u32 beacon_int) + { +--- a/include/uapi/linux/nl80211.h ++++ b/include/uapi/linux/nl80211.h +@@ -1973,6 +1973,10 @@ enum nl80211_sta_bss_param { + * @NL80211_STA_INFO_PEER_PM: peer mesh STA link-specific power mode + * @NL80211_STA_INFO_NONPEER_PM: neighbor mesh STA power save mode towards + * non-peer STA ++ * @NL80211_STA_INFO_CHAIN_SIGNAL: per-chain signal strength of last PPDU ++ * Contains a nested array of signal strength attributes (u8, dBm) ++ * @NL80211_STA_INFO_CHAIN_SIGNAL_AVG: per-chain signal strength average ++ * Same format as NL80211_STA_INFO_CHAIN_SIGNAL. + * @__NL80211_STA_INFO_AFTER_LAST: internal + * @NL80211_STA_INFO_MAX: highest possible station info attribute + */ +@@ -2002,6 +2006,8 @@ enum nl80211_sta_info { + NL80211_STA_INFO_NONPEER_PM, + NL80211_STA_INFO_RX_BYTES64, + NL80211_STA_INFO_TX_BYTES64, ++ NL80211_STA_INFO_CHAIN_SIGNAL, ++ NL80211_STA_INFO_CHAIN_SIGNAL_AVG, + + /* keep last */ + __NL80211_STA_INFO_AFTER_LAST, +@@ -2395,6 +2401,8 @@ enum nl80211_survey_info { + * @NL80211_MNTR_FLAG_OTHER_BSS: disable BSSID filtering + * @NL80211_MNTR_FLAG_COOK_FRAMES: report frames after processing. + * overrides all other flags. ++ * @NL80211_MNTR_FLAG_ACTIVE: use the configured MAC address ++ * and ACK incoming unicast packets. + * + * @__NL80211_MNTR_FLAG_AFTER_LAST: internal use + * @NL80211_MNTR_FLAG_MAX: highest possible monitor flag +@@ -2406,6 +2414,7 @@ enum nl80211_mntr_flags { + NL80211_MNTR_FLAG_CONTROL, + NL80211_MNTR_FLAG_OTHER_BSS, + NL80211_MNTR_FLAG_COOK_FRAMES, ++ NL80211_MNTR_FLAG_ACTIVE, + + /* keep last */ + __NL80211_MNTR_FLAG_AFTER_LAST, +@@ -3557,6 +3566,7 @@ enum nl80211_feature_flags { + NL80211_FEATURE_ADVERTISE_CHAN_LIMITS = 1 << 14, + NL80211_FEATURE_FULL_AP_CLIENT_STATE = 1 << 15, + NL80211_FEATURE_USERSPACE_MPM = 1 << 16, ++ NL80211_FEATURE_ACTIVE_MONITOR = 1 << 17, + }; + + /** +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -358,6 +358,8 @@ struct sta_info *sta_info_alloc(struct i + do_posix_clock_monotonic_gettime(&uptime); + sta->last_connected = uptime.tv_sec; + ewma_init(&sta->avg_signal, 1024, 8); ++ for (i = 0; i < ARRAY_SIZE(sta->chain_signal_avg); i++) ++ ewma_init(&sta->chain_signal_avg[i], 1024, 8); + + if (sta_prepare_rate_control(local, sta, gfp)) { + kfree(sta); +@@ -1130,6 +1132,7 @@ static void ieee80211_send_null_response + * ends the poll/service period. + */ + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER | ++ IEEE80211_TX_CTL_PS_RESPONSE | + IEEE80211_TX_STATUS_EOSP | + IEEE80211_TX_CTL_REQ_TX_STATUS; + +@@ -1267,7 +1270,8 @@ ieee80211_sta_ps_deliver_response(struct + * STA may still remain is PS mode after this frame + * exchange. + */ +- info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; ++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER | ++ IEEE80211_TX_CTL_PS_RESPONSE; + + /* + * Use MoreData flag to indicate whether there are +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -2270,6 +2270,7 @@ static const struct nla_policy mntr_flag + [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, + [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, + [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, ++ [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, + }; + + static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) +@@ -2381,6 +2382,10 @@ static int nl80211_set_interface(struct + change = true; + } + ++ if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) && ++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) ++ return -EOPNOTSUPP; ++ + if (change) + err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); + else +@@ -2438,6 +2443,11 @@ static int nl80211_new_interface(struct + err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? + info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, + &flags); ++ ++ if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) && ++ !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) ++ return -EOPNOTSUPP; ++ + wdev = rdev_add_virtual_intf(rdev, + nla_data(info->attrs[NL80211_ATTR_IFNAME]), + type, err ? NULL : &flags, ¶ms); +@@ -3367,6 +3377,32 @@ static bool nl80211_put_sta_rate(struct + return true; + } + ++static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, ++ int id) ++{ ++ void *attr; ++ int i = 0; ++ ++ if (!mask) ++ return true; ++ ++ attr = nla_nest_start(msg, id); ++ if (!attr) ++ return false; ++ ++ for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { ++ if (!(mask & BIT(i))) ++ continue; ++ ++ if (nla_put_u8(msg, i, signal[i])) ++ return false; ++ } ++ ++ nla_nest_end(msg, attr); ++ ++ return true; ++} ++ + static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, + int flags, + struct cfg80211_registered_device *rdev, +@@ -3402,7 +3438,7 @@ static int nl80211_send_station(struct s + (u32)sinfo->rx_bytes)) + goto nla_put_failure; + if ((sinfo->filled & (STATION_INFO_TX_BYTES | +- NL80211_STA_INFO_TX_BYTES64)) && ++ STATION_INFO_TX_BYTES64)) && + nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, + (u32)sinfo->tx_bytes)) + goto nla_put_failure; +@@ -3438,6 +3474,18 @@ static int nl80211_send_station(struct s + default: + break; + } ++ if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) { ++ if (!nl80211_put_signal(msg, sinfo->chains, ++ sinfo->chain_signal, ++ NL80211_STA_INFO_CHAIN_SIGNAL)) ++ goto nla_put_failure; ++ } ++ if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) { ++ if (!nl80211_put_signal(msg, sinfo->chains, ++ sinfo->chain_signal_avg, ++ NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) ++ goto nla_put_failure; ++ } + if (sinfo->filled & STATION_INFO_TX_BITRATE) { + if (!nl80211_put_sta_rate(msg, &sinfo->txrate, + NL80211_STA_INFO_TX_BITRATE)) +--- a/drivers/net/wireless/ath/ath9k/init.c ++++ b/drivers/net/wireless/ath/ath9k/init.c +@@ -433,6 +433,8 @@ static int ath9k_init_queues(struct ath_ + sc->config.cabqReadytime = ATH_CABQ_READY_TIME; + ath_cabq_update(sc); - /* Supported Rates value encodings in 802.11n-2009 7.3.2.2 */ - #define BSS_MEMBERSHIP_SELECTOR_HT_PHY 127 -@@ -846,7 +846,7 @@ struct ieee80211_mmie { - __le16 key_id; - u8 sequence_number[6]; - u8 mic[8]; --} __attribute__ ((packed)); -+} __packed; ++ sc->tx.uapsdq = ath_txq_setup(sc, ATH9K_TX_QUEUE_UAPSD, 0); ++ + for (i = 0; i < IEEE80211_NUM_ACS; i++) { + sc->tx.txq_map[i] = ath_txq_setup(sc, ATH9K_TX_QUEUE_DATA, i); + sc->tx.txq_map[i]->mac80211_qnum = i; +@@ -768,7 +770,8 @@ void ath9k_set_hw_capab(struct ath_softc + IEEE80211_HW_SUPPORTS_PS | + IEEE80211_HW_PS_NULLFUNC_STACK | + IEEE80211_HW_SPECTRUM_MGMT | +- IEEE80211_HW_REPORTS_TX_ACK_STATUS; ++ IEEE80211_HW_REPORTS_TX_ACK_STATUS | ++ IEEE80211_HW_SUPPORTS_RC_TABLE; - struct ieee80211_vendor_ie { - u8 element_id; -@@ -861,20 +861,20 @@ struct ieee80211_rts { - __le16 duration; - u8 ra[6]; - u8 ta[6]; --} __attribute__ ((packed)); -+} __packed; + if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) + hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION; +@@ -776,6 +779,8 @@ void ath9k_set_hw_capab(struct ath_softc + if (AR_SREV_9160_10_OR_LATER(sc->sc_ah) || ath9k_modparam_nohwcrypt) + hw->flags |= IEEE80211_HW_MFP_CAPABLE; - struct ieee80211_cts { - __le16 frame_control; - __le16 duration; - u8 ra[6]; --} __attribute__ ((packed)); -+} __packed; ++ hw->wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR; ++ + hw->wiphy->interface_modes = + BIT(NL80211_IFTYPE_P2P_GO) | + BIT(NL80211_IFTYPE_P2P_CLIENT) | +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -125,24 +125,6 @@ static void ath_tx_queue_tid(struct ath_ + list_add_tail(&ac->list, &txq->axq_acq); + } - struct ieee80211_pspoll { - __le16 frame_control; - __le16 aid; - u8 bssid[6]; - u8 ta[6]; --} __attribute__ ((packed)); -+} __packed; +-static void ath_tx_resume_tid(struct ath_softc *sc, struct ath_atx_tid *tid) +-{ +- struct ath_txq *txq = tid->ac->txq; +- +- WARN_ON(!tid->paused); +- +- ath_txq_lock(sc, txq); +- tid->paused = false; +- +- if (skb_queue_empty(&tid->buf_q)) +- goto unlock; +- +- ath_tx_queue_tid(txq, tid); +- ath_txq_schedule(sc, txq); +-unlock: +- ath_txq_unlock_complete(sc, txq); +-} +- + static struct ath_frame_info *get_frame_info(struct sk_buff *skb) + { + struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); +@@ -157,6 +139,13 @@ static void ath_send_bar(struct ath_atx_ + seqno << IEEE80211_SEQ_SEQ_SHIFT); + } - /* TDLS */ ++static void ath_set_rates(struct ieee80211_vif *vif, struct ieee80211_sta *sta, ++ struct ath_buf *bf) ++{ ++ ieee80211_get_tx_rates(vif, sta, bf->bf_mpdu, bf->rates, ++ ARRAY_SIZE(bf->rates)); ++} ++ + static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid) + { + struct ath_txq *txq = tid->ac->txq; +@@ -189,15 +178,11 @@ static void ath_tx_flush_tid(struct ath_ + ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); + sendbar = true; + } else { ++ ath_set_rates(tid->an->vif, tid->an->sta, bf); + ath_tx_send_normal(sc, txq, NULL, skb); + } + } -@@ -967,7 +967,7 @@ struct ieee80211_bar { - __u8 ta[6]; - __le16 control; - __le16 start_seq_num; --} __attribute__((packed)); -+} __packed; +- if (tid->baw_head == tid->baw_tail) { +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_CLEANUP; +- } +- + if (sendbar) { + ath_txq_unlock(sc, txq); + ath_send_bar(tid, tid->seq_start); +@@ -269,9 +254,7 @@ static void ath_tid_drain(struct ath_sof - /* 802.11 BAR control masks */ - #define IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL 0x0000 -@@ -992,7 +992,7 @@ struct ieee80211_mcs_info { - __le16 rx_highest; - u8 tx_params; - u8 reserved[3]; --} __attribute__((packed)); -+} __packed; + list_add_tail(&bf->list, &bf_head); - /* 802.11n HT capability MSC set */ - #define IEEE80211_HT_MCS_RX_HIGHEST_MASK 0x3ff -@@ -1031,7 +1031,7 @@ struct ieee80211_ht_cap { - __le16 extended_ht_cap_info; - __le32 tx_BF_cap_info; - u8 antenna_selection_info; --} __attribute__ ((packed)); -+} __packed; +- if (fi->retries) +- ath_tx_update_baw(sc, tid, bf->bf_state.seqno); +- ++ ath_tx_update_baw(sc, tid, bf->bf_state.seqno); + ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0); + } - /* 802.11n HT capabilities masks (for cap_info) */ - #define IEEE80211_HT_CAP_LDPC_CODING 0x0001 -@@ -1102,7 +1102,7 @@ struct ieee80211_ht_operation { - __le16 operation_mode; - __le16 stbc_param; - u8 basic_set[16]; --} __attribute__ ((packed)); -+} __packed; +@@ -407,7 +390,7 @@ static void ath_tx_complete_aggr(struct - /* for ht_param */ - #define IEEE80211_HT_PARAM_CHA_SEC_OFFSET 0x03 -@@ -1832,14 +1832,14 @@ struct ieee80211_country_ie_triplet { - u8 first_channel; - u8 num_channels; - s8 max_power; -- } __attribute__ ((packed)) chans; -+ } __packed chans; - struct { - u8 reg_extension_id; - u8 reg_class; - u8 coverage_class; -- } __attribute__ ((packed)) ext; -+ } __packed ext; - }; --} __attribute__ ((packed)); -+} __packed; + tx_info = IEEE80211_SKB_CB(skb); - enum ieee80211_timeout_interval_type { - WLAN_TIMEOUT_REASSOC_DEADLINE = 1 /* 802.11r */, ---- a/include/net/cfg80211.h -+++ b/include/net/cfg80211.h -@@ -1256,7 +1256,7 @@ struct cfg80211_bss { +- memcpy(rates, tx_info->control.rates, sizeof(rates)); ++ memcpy(rates, bf->rates, sizeof(rates)); - u8 bssid[ETH_ALEN]; + retries = ts->ts_longretry + 1; + for (i = 0; i < ts->ts_rateindex; i++) +@@ -483,19 +466,19 @@ static void ath_tx_complete_aggr(struct + tx_info = IEEE80211_SKB_CB(skb); + fi = get_frame_info(skb); -- u8 priv[0] __attribute__((__aligned__(sizeof(void *)))); -+ u8 priv[0] __aligned(sizeof(void *)); - }; +- if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) { ++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) { ++ /* ++ * Outside of the current BlockAck window, ++ * maybe part of a previous session ++ */ ++ txfail = 1; ++ } else if (ATH_BA_ISSET(ba, ATH_BA_INDEX(seq_st, seqno))) { + /* transmit completion, subframe is + * acked by block ack */ + acked_cnt++; + } else if (!isaggr && txok) { + /* transmit completion */ + acked_cnt++; +- } else if (tid->state & AGGR_CLEANUP) { +- /* +- * cleanup in progress, just fail +- * the un-acked sub-frames +- */ +- txfail = 1; + } else if (flush) { + txpending = 1; + } else if (fi->retries < ATH_MAX_SW_RETRIES) { +@@ -519,7 +502,7 @@ static void ath_tx_complete_aggr(struct + if (bf_next != NULL || !bf_last->bf_stale) + list_move_tail(&bf->list, &bf_head); - /** -@@ -2395,7 +2395,7 @@ struct wiphy { - const struct iw_handler_def *wext; +- if (!txpending || (tid->state & AGGR_CLEANUP)) { ++ if (!txpending) { + /* + * complete the acked-ones/xretried ones; update + * block-ack window +@@ -535,6 +518,10 @@ static void ath_tx_complete_aggr(struct + ath_tx_complete_buf(sc, bf, txq, &bf_head, ts, + !txfail); + } else { ++ if (tx_info->flags & IEEE80211_TX_STATUS_EOSP) { ++ tx_info->flags &= ~IEEE80211_TX_STATUS_EOSP; ++ ieee80211_sta_eosp(sta); ++ } + /* retry the un-acked ones */ + if (bf->bf_next == NULL && bf_last->bf_stale) { + struct ath_buf *tbf; +@@ -593,9 +580,6 @@ static void ath_tx_complete_aggr(struct + ath_txq_lock(sc, txq); + } + +- if (tid->state & AGGR_CLEANUP) +- ath_tx_flush_tid(sc, tid); +- + rcu_read_unlock(); + + if (needreset) +@@ -612,6 +596,7 @@ static void ath_tx_process_buffer(struct + struct ath_tx_status *ts, struct ath_buf *bf, + struct list_head *bf_head) + { ++ struct ieee80211_tx_info *info; + bool txok, flush; + + txok = !(ts->ts_status & ATH9K_TXERR_MASK); +@@ -623,8 +608,12 @@ static void ath_tx_process_buffer(struct + txq->axq_ampdu_depth--; + + if (!bf_isampdu(bf)) { +- if (!flush) ++ if (!flush) { ++ info = IEEE80211_SKB_CB(bf->bf_mpdu); ++ memcpy(info->control.rates, bf->rates, ++ sizeof(info->control.rates)); + ath_tx_rc_status(sc, bf, ts, 1, txok ? 0 : 1, txok); ++ } + ath_tx_complete_buf(sc, bf, txq, bf_head, ts, txok); + } else + ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok); +@@ -668,7 +657,7 @@ static u32 ath_lookup_rate(struct ath_so + + skb = bf->bf_mpdu; + tx_info = IEEE80211_SKB_CB(skb); +- rates = tx_info->control.rates; ++ rates = bf->rates; + + /* + * Find the lowest frame length among the rate series that will have a +@@ -736,8 +725,6 @@ static int ath_compute_num_delims(struct + bool first_subfrm) + { + #define FIRST_DESC_NDELIMS 60 +- struct sk_buff *skb = bf->bf_mpdu; +- struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); + u32 nsymbits, nsymbols; + u16 minlen; + u8 flags, rix; +@@ -778,8 +765,8 @@ static int ath_compute_num_delims(struct + if (tid->an->mpdudensity == 0) + return ndelim; + +- rix = tx_info->control.rates[0].idx; +- flags = tx_info->control.rates[0].flags; ++ rix = bf->rates[0].idx; ++ flags = bf->rates[0].flags; + width = (flags & IEEE80211_TX_RC_40_MHZ_WIDTH) ? 1 : 0; + half_gi = (flags & IEEE80211_TX_RC_SHORT_GI) ? 1 : 0; + +@@ -803,25 +790,20 @@ static int ath_compute_num_delims(struct + return ndelim; + } + +-static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, +- struct ath_txq *txq, +- struct ath_atx_tid *tid, +- struct list_head *bf_q, +- int *aggr_len) ++static struct ath_buf * ++ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq, ++ struct ath_atx_tid *tid) + { +-#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4) +- struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL; +- int rl = 0, nframes = 0, ndelim, prev_al = 0; +- u16 aggr_limit = 0, al = 0, bpad = 0, +- al_delta, h_baw = tid->baw_size / 2; +- enum ATH_AGGR_STATUS status = ATH_AGGR_DONE; +- struct ieee80211_tx_info *tx_info; + struct ath_frame_info *fi; + struct sk_buff *skb; ++ struct ath_buf *bf; + u16 seqno; + +- do { ++ while (1) { + skb = skb_peek(&tid->buf_q); ++ if (!skb) ++ break; ++ + fi = get_frame_info(skb); + bf = fi->bf; + if (!fi->bf) +@@ -837,10 +819,8 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + seqno = bf->bf_state.seqno; + + /* do not step over block-ack window */ +- if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) { +- status = ATH_AGGR_BAW_CLOSED; ++ if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) + break; +- } + + if (tid->bar_index > ATH_BA_INDEX(tid->seq_start, seqno)) { + struct ath_tx_status ts = {}; +@@ -854,10 +834,45 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + continue; + } + ++ bf->bf_next = NULL; ++ bf->bf_lastbf = bf; ++ return bf; ++ } ++ ++ return NULL; ++} ++ ++static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, ++ struct ath_txq *txq, ++ struct ath_atx_tid *tid, ++ struct list_head *bf_q, ++ int *aggr_len) ++{ ++#define PADBYTES(_len) ((4 - ((_len) % 4)) % 4) ++ struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL; ++ int rl = 0, nframes = 0, ndelim, prev_al = 0; ++ u16 aggr_limit = 0, al = 0, bpad = 0, ++ al_delta, h_baw = tid->baw_size / 2; ++ enum ATH_AGGR_STATUS status = ATH_AGGR_DONE; ++ struct ieee80211_tx_info *tx_info; ++ struct ath_frame_info *fi; ++ struct sk_buff *skb; ++ ++ do { ++ bf = ath_tx_get_tid_subframe(sc, txq, tid); ++ if (!bf) { ++ status = ATH_AGGR_BAW_CLOSED; ++ break; ++ } ++ ++ skb = bf->bf_mpdu; ++ fi = get_frame_info(skb); ++ + if (!bf_first) + bf_first = bf; + + if (!rl) { ++ ath_set_rates(tid->an->vif, tid->an->sta, bf); + aggr_limit = ath_lookup_rate(sc, bf, tid); + rl = 1; + } +@@ -898,7 +913,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_ + + /* link buffers of this frame to the aggregate */ + if (!fi->retries) +- ath_tx_addto_baw(sc, tid, seqno); ++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); + bf->bf_state.ndelim = ndelim; + + __skb_unlink(skb, &tid->buf_q); +@@ -998,14 +1013,14 @@ static void ath_buf_set_rate(struct ath_ + + skb = bf->bf_mpdu; + tx_info = IEEE80211_SKB_CB(skb); +- rates = tx_info->control.rates; ++ rates = bf->rates; + hdr = (struct ieee80211_hdr *)skb->data; + + /* set dur_update_en for l-sig computation except for PS-Poll frames */ + info->dur_update = !ieee80211_is_pspoll(hdr->frame_control); + info->rtscts_rate = fi->rtscts_rate; + +- for (i = 0; i < 4; i++) { ++ for (i = 0; i < ARRAY_SIZE(bf->rates); i++) { + bool is_40, is_sgi, is_sp; + int phy; + +@@ -1107,9 +1122,8 @@ static void ath_tx_fill_desc(struct ath_ + { + struct ath_hw *ah = sc->sc_ah; + struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(bf->bf_mpdu); +- struct ath_buf *bf_first = bf; ++ struct ath_buf *bf_first = NULL; + struct ath_tx_info info; +- bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR); + + memset(&info, 0, sizeof(info)); + info.is_first = true; +@@ -1117,24 +1131,17 @@ static void ath_tx_fill_desc(struct ath_ + info.txpower = MAX_RATE_POWER; + info.qcu = txq->axq_qnum; + +- info.flags = ATH9K_TXDESC_INTREQ; +- if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK) +- info.flags |= ATH9K_TXDESC_NOACK; +- if (tx_info->flags & IEEE80211_TX_CTL_LDPC) +- info.flags |= ATH9K_TXDESC_LDPC; +- +- ath_buf_set_rate(sc, bf, &info, len); +- +- if (tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) ++ if ((tx_info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT) || ++ txq == sc->tx.uapsdq) + info.flags |= ATH9K_TXDESC_CLRDMASK; + + if (bf->bf_state.bfs_paprd) + info.flags |= (u32) bf->bf_state.bfs_paprd << ATH9K_TXDESC_PAPRD_S; + +- + while (bf) { + struct sk_buff *skb = bf->bf_mpdu; + struct ath_frame_info *fi = get_frame_info(skb); ++ bool aggr = !!(bf->bf_state.bf_type & BUF_AGGR); + + info.type = get_hw_packet_type(skb); + if (bf->bf_next) +@@ -1142,6 +1149,21 @@ static void ath_tx_fill_desc(struct ath_ + else + info.link = 0; + ++ if (!bf_first) { ++ bf_first = bf; ++ ++ info.flags = ATH9K_TXDESC_INTREQ; ++ if (tx_info->flags & IEEE80211_TX_CTL_NO_ACK) ++ info.flags |= ATH9K_TXDESC_NOACK; ++ if (tx_info->flags & IEEE80211_TX_CTL_LDPC) ++ info.flags |= ATH9K_TXDESC_LDPC; ++ ++ ath_buf_set_rate(sc, bf, &info, len); ++ ++ if (txq == sc->beacon.cabq) ++ sc->beacon.cabq_dur += info.rates[0].PktDuration; ++ } ++ + info.buf_addr[0] = bf->bf_buf_addr; + info.buf_len[0] = skb->len; + info.pkt_len = fi->framelen; +@@ -1151,7 +1173,7 @@ static void ath_tx_fill_desc(struct ath_ + if (aggr) { + if (bf == bf_first) + info.aggr = AGGR_BUF_FIRST; +- else if (!bf->bf_next) ++ else if (bf == bf_first->bf_lastbf) + info.aggr = AGGR_BUF_LAST; + else + info.aggr = AGGR_BUF_MIDDLE; +@@ -1160,6 +1182,9 @@ static void ath_tx_fill_desc(struct ath_ + info.aggr_len = len; + } + ++ if (bf == bf_first->bf_lastbf) ++ bf_first = NULL; ++ + ath9k_hw_set_txdesc(ah, bf->bf_desc, &info); + bf = bf->bf_next; + } +@@ -1224,9 +1249,6 @@ int ath_tx_aggr_start(struct ath_softc * + an = (struct ath_node *)sta->drv_priv; + txtid = ATH_AN_2_TID(an, tid); + +- if (txtid->state & (AGGR_CLEANUP | AGGR_ADDBA_COMPLETE)) +- return -EAGAIN; +- + /* update ampdu factor/density, they may have changed. This may happen + * in HT IBSS when a beacon with HT-info is received after the station + * has already been added. +@@ -1238,7 +1260,7 @@ int ath_tx_aggr_start(struct ath_softc * + an->mpdudensity = density; + } + +- txtid->state |= AGGR_ADDBA_PROGRESS; ++ txtid->active = true; + txtid->paused = true; + *ssn = txtid->seq_start = txtid->seq_next; + txtid->bar_index = -1; +@@ -1255,28 +1277,9 @@ void ath_tx_aggr_stop(struct ath_softc * + struct ath_atx_tid *txtid = ATH_AN_2_TID(an, tid); + struct ath_txq *txq = txtid->ac->txq; + +- if (txtid->state & AGGR_CLEANUP) +- return; +- +- if (!(txtid->state & AGGR_ADDBA_COMPLETE)) { +- txtid->state &= ~AGGR_ADDBA_PROGRESS; +- return; +- } +- + ath_txq_lock(sc, txq); ++ txtid->active = false; + txtid->paused = true; +- +- /* +- * If frames are still being transmitted for this TID, they will be +- * cleaned up during tx completion. To prevent race conditions, this +- * TID can only be reused after all in-progress subframes have been +- * completed. +- */ +- if (txtid->baw_head != txtid->baw_tail) +- txtid->state |= AGGR_CLEANUP; +- else +- txtid->state &= ~AGGR_ADDBA_COMPLETE; +- + ath_tx_flush_tid(sc, txtid); + ath_txq_unlock_complete(sc, txq); + } +@@ -1342,18 +1345,92 @@ void ath_tx_aggr_wakeup(struct ath_softc + } + } + +-void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid) ++void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, ++ u16 tidno) + { +- struct ath_atx_tid *txtid; ++ struct ath_atx_tid *tid; + struct ath_node *an; ++ struct ath_txq *txq; + + an = (struct ath_node *)sta->drv_priv; ++ tid = ATH_AN_2_TID(an, tidno); ++ txq = tid->ac->txq; + +- txtid = ATH_AN_2_TID(an, tid); +- txtid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor; +- txtid->state |= AGGR_ADDBA_COMPLETE; +- txtid->state &= ~AGGR_ADDBA_PROGRESS; +- ath_tx_resume_tid(sc, txtid); ++ ath_txq_lock(sc, txq); ++ ++ tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor; ++ tid->paused = false; ++ ++ if (!skb_queue_empty(&tid->buf_q)) { ++ ath_tx_queue_tid(txq, tid); ++ ath_txq_schedule(sc, txq); ++ } ++ ++ ath_txq_unlock_complete(sc, txq); ++} ++ ++void ath9k_release_buffered_frames(struct ieee80211_hw *hw, ++ struct ieee80211_sta *sta, ++ u16 tids, int nframes, ++ enum ieee80211_frame_release_type reason, ++ bool more_data) ++{ ++ struct ath_softc *sc = hw->priv; ++ struct ath_node *an = (struct ath_node *)sta->drv_priv; ++ struct ath_txq *txq = sc->tx.uapsdq; ++ struct ieee80211_tx_info *info; ++ struct list_head bf_q; ++ struct ath_buf *bf_tail = NULL, *bf; ++ int sent = 0; ++ int i; ++ ++ INIT_LIST_HEAD(&bf_q); ++ for (i = 0; tids && nframes; i++, tids >>= 1) { ++ struct ath_atx_tid *tid; ++ ++ if (!(tids & 1)) ++ continue; ++ ++ tid = ATH_AN_2_TID(an, i); ++ if (tid->paused) ++ continue; ++ ++ ath_txq_lock(sc, tid->ac->txq); ++ while (!skb_queue_empty(&tid->buf_q) && nframes > 0) { ++ bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid); ++ if (!bf) ++ break; ++ ++ __skb_unlink(bf->bf_mpdu, &tid->buf_q); ++ list_add_tail(&bf->list, &bf_q); ++ ath_set_rates(tid->an->vif, tid->an->sta, bf); ++ ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); ++ bf->bf_state.bf_type &= ~BUF_AGGR; ++ if (bf_tail) ++ bf_tail->bf_next = bf; ++ ++ bf_tail = bf; ++ nframes--; ++ sent++; ++ TX_STAT_INC(txq->axq_qnum, a_queued_hw); ++ ++ if (skb_queue_empty(&tid->buf_q)) ++ ieee80211_sta_set_buffered(an->sta, i, false); ++ } ++ ath_txq_unlock_complete(sc, tid->ac->txq); ++ } ++ ++ if (list_empty(&bf_q)) ++ return; ++ ++ info = IEEE80211_SKB_CB(bf_tail->bf_mpdu); ++ info->flags |= IEEE80211_TX_STATUS_EOSP; ++ ++ bf = list_first_entry(&bf_q, struct ath_buf, list); ++ ath_txq_lock(sc, txq); ++ ath_tx_fill_desc(sc, bf, txq, 0); ++ ath_tx_txqaddbuf(sc, txq, &bf_q, false); ++ ath_txq_unlock(sc, txq); + } + + /********************/ +@@ -1709,8 +1786,9 @@ static void ath_tx_txqaddbuf(struct ath_ + } + } + +-static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid, +- struct sk_buff *skb, struct ath_tx_control *txctl) ++static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq, ++ struct ath_atx_tid *tid, struct sk_buff *skb, ++ struct ath_tx_control *txctl) + { + struct ath_frame_info *fi = get_frame_info(skb); + struct list_head bf_head; +@@ -1723,26 +1801,28 @@ static void ath_tx_send_ampdu(struct ath + * - seqno is not within block-ack window + * - h/w queue depth exceeds low water mark + */ +- if (!skb_queue_empty(&tid->buf_q) || tid->paused || +- !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) || +- txctl->txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) { ++ if ((!skb_queue_empty(&tid->buf_q) || tid->paused || ++ !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) || ++ txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) && ++ txq != sc->tx.uapsdq) { + /* + * Add this frame to software queue for scheduling later + * for aggregation. + */ +- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_sw); ++ TX_STAT_INC(txq->axq_qnum, a_queued_sw); + __skb_queue_tail(&tid->buf_q, skb); + if (!txctl->an || !txctl->an->sleeping) +- ath_tx_queue_tid(txctl->txq, tid); ++ ath_tx_queue_tid(txq, tid); + return; + } + +- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb); + if (!bf) { + ieee80211_free_txskb(sc->hw, skb); + return; + } + ++ ath_set_rates(tid->an->vif, tid->an->sta, bf); + bf->bf_state.bf_type = BUF_AMPDU; + INIT_LIST_HEAD(&bf_head); + list_add(&bf->list, &bf_head); +@@ -1751,10 +1831,10 @@ static void ath_tx_send_ampdu(struct ath + ath_tx_addto_baw(sc, tid, bf->bf_state.seqno); + + /* Queue to h/w without aggregation */ +- TX_STAT_INC(txctl->txq->axq_qnum, a_queued_hw); ++ TX_STAT_INC(txq->axq_qnum, a_queued_hw); + bf->bf_lastbf = bf; +- ath_tx_fill_desc(sc, bf, txctl->txq, fi->framelen); +- ath_tx_txqaddbuf(sc, txctl->txq, &bf_head, false); ++ ath_tx_fill_desc(sc, bf, txq, fi->framelen); ++ ath_tx_txqaddbuf(sc, txq, &bf_head, false); + } + + static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq, +@@ -1892,49 +1972,6 @@ static struct ath_buf *ath_tx_setup_buff + return bf; + } + +-/* FIXME: tx power */ +-static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb, +- struct ath_tx_control *txctl) +-{ +- struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); +- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; +- struct ath_atx_tid *tid = NULL; +- struct ath_buf *bf; +- u8 tidno; +- +- if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) { +- tidno = ieee80211_get_qos_ctl(hdr)[0] & +- IEEE80211_QOS_CTL_TID_MASK; +- tid = ATH_AN_2_TID(txctl->an, tidno); +- +- WARN_ON(tid->ac->txq != txctl->txq); +- } +- +- if ((tx_info->flags & IEEE80211_TX_CTL_AMPDU) && tid) { +- /* +- * Try aggregation if it's a unicast data frame +- * and the destination is HT capable. +- */ +- ath_tx_send_ampdu(sc, tid, skb, txctl); +- } else { +- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); +- if (!bf) { +- if (txctl->paprd) +- dev_kfree_skb_any(skb); +- else +- ieee80211_free_txskb(sc->hw, skb); +- return; +- } +- +- bf->bf_state.bfs_paprd = txctl->paprd; +- +- if (txctl->paprd) +- bf->bf_state.bfs_paprd_timestamp = jiffies; +- +- ath_tx_send_normal(sc, txctl->txq, tid, skb); +- } +-} +- + /* Upon failure caller should free skb */ + int ath_tx_start(struct ieee80211_hw *hw, struct sk_buff *skb, + struct ath_tx_control *txctl) +@@ -1945,8 +1982,11 @@ int ath_tx_start(struct ieee80211_hw *hw + struct ieee80211_vif *vif = info->control.vif; + struct ath_softc *sc = hw->priv; + struct ath_txq *txq = txctl->txq; ++ struct ath_atx_tid *tid = NULL; ++ struct ath_buf *bf; + int padpos, padsize; + int frmlen = skb->len + FCS_LEN; ++ u8 tidno; + int q; + + /* NOTE: sta can be NULL according to net/mac80211.h */ +@@ -2002,8 +2042,47 @@ int ath_tx_start(struct ieee80211_hw *hw + txq->stopped = true; + } + +- ath_tx_start_dma(sc, skb, txctl); ++ if (info->flags & IEEE80211_TX_CTL_PS_RESPONSE) { ++ ath_txq_unlock(sc, txq); ++ txq = sc->tx.uapsdq; ++ ath_txq_lock(sc, txq); ++ } ++ ++ if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) { ++ tidno = ieee80211_get_qos_ctl(hdr)[0] & ++ IEEE80211_QOS_CTL_TID_MASK; ++ tid = ATH_AN_2_TID(txctl->an, tidno); ++ ++ WARN_ON(tid->ac->txq != txctl->txq); ++ } ++ ++ if ((info->flags & IEEE80211_TX_CTL_AMPDU) && tid) { ++ /* ++ * Try aggregation if it's a unicast data frame ++ * and the destination is HT capable. ++ */ ++ ath_tx_send_ampdu(sc, txq, tid, skb, txctl); ++ goto out; ++ } ++ ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb); ++ if (!bf) { ++ if (txctl->paprd) ++ dev_kfree_skb_any(skb); ++ else ++ ieee80211_free_txskb(sc->hw, skb); ++ goto out; ++ } ++ ++ bf->bf_state.bfs_paprd = txctl->paprd; ++ ++ if (txctl->paprd) ++ bf->bf_state.bfs_paprd_timestamp = jiffies; ++ ++ ath_set_rates(vif, sta, bf); ++ ath_tx_send_normal(sc, txq, tid, skb); + ++out: + ath_txq_unlock(sc, txq); + + return 0; +@@ -2054,7 +2133,12 @@ static void ath_tx_complete(struct ath_s + } + spin_unlock_irqrestore(&sc->sc_pm_lock, flags); + ++ __skb_queue_tail(&txq->complete_q, skb); ++ + q = skb_get_queue_mapping(skb); ++ if (txq == sc->tx.uapsdq) ++ txq = sc->tx.txq_map[q]; ++ + if (txq == sc->tx.txq_map[q]) { + if (WARN_ON(--txq->pending_frames < 0)) + txq->pending_frames = 0; +@@ -2065,8 +2149,6 @@ static void ath_tx_complete(struct ath_s + txq->stopped = false; + } + } +- +- __skb_queue_tail(&txq->complete_q, skb); + } + + static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf, +@@ -2408,12 +2490,10 @@ void ath_tx_node_init(struct ath_softc * + tid->baw_head = tid->baw_tail = 0; + tid->sched = false; + tid->paused = false; +- tid->state &= ~AGGR_CLEANUP; ++ tid->active = false; + __skb_queue_head_init(&tid->buf_q); + acno = TID_TO_WME_AC(tidno); + tid->ac = &an->ac[acno]; +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_ADDBA_PROGRESS; + } + + for (acno = 0, ac = &an->ac[acno]; +@@ -2450,9 +2530,9 @@ void ath_tx_node_cleanup(struct ath_soft + } + + ath_tid_drain(sc, txq, tid); +- tid->state &= ~AGGR_ADDBA_COMPLETE; +- tid->state &= ~AGGR_CLEANUP; ++ tid->active = false; + + ath_txq_unlock(sc, txq); + } + } ++ +--- a/drivers/net/wireless/ath/ath9k/recv.c ++++ b/drivers/net/wireless/ath/ath9k/recv.c +@@ -124,7 +124,7 @@ static bool ath_rx_edma_buf_link(struct + + SKB_CB_ATHBUF(skb) = bf; + ath9k_hw_addrxbuf_edma(ah, bf->bf_buf_addr, qtype); +- skb_queue_tail(&rx_edma->rx_fifo, skb); ++ __skb_queue_tail(&rx_edma->rx_fifo, skb); + + return true; + } +@@ -155,7 +155,7 @@ static void ath_rx_remove_buffer(struct + + rx_edma = &sc->rx.rx_edma[qtype]; + +- while ((skb = skb_dequeue(&rx_edma->rx_fifo)) != NULL) { ++ while ((skb = __skb_dequeue(&rx_edma->rx_fifo)) != NULL) { + bf = SKB_CB_ATHBUF(skb); + BUG_ON(!bf); + list_add_tail(&bf->list, &sc->rx.rxbuf); +@@ -1287,13 +1287,13 @@ int ath_rx_tasklet(struct ath_softc *sc, + goto requeue_drop_frag; + } + +- bf->bf_mpdu = requeue_skb; +- bf->bf_buf_addr = new_buf_addr; +- + /* Unmap the frame */ + dma_unmap_single(sc->dev, bf->bf_buf_addr, + common->rx_bufsize, dma_type); + ++ bf->bf_mpdu = requeue_skb; ++ bf->bf_buf_addr = new_buf_addr; ++ + skb_put(skb, rs.rs_datalen + ah->caps.rx_status_len); + if (ah->caps.rx_status_len) + skb_pull(skb, ah->caps.rx_status_len); +--- a/net/wireless/core.c ++++ b/net/wireless/core.c +@@ -885,7 +885,6 @@ void cfg80211_leave(struct cfg80211_regi #endif + __cfg80211_disconnect(rdev, dev, + WLAN_REASON_DEAUTH_LEAVING, true); +- cfg80211_mlme_down(rdev, dev); + wdev_unlock(wdev); + break; + case NL80211_IFTYPE_MESH_POINT: +--- a/net/wireless/sme.c ++++ b/net/wireless/sme.c +@@ -961,7 +961,7 @@ int __cfg80211_disconnect(struct cfg8021 + /* was it connected by userspace SME? */ + if (!wdev->conn) { + cfg80211_mlme_down(rdev, dev); +- return 0; ++ goto disconnect; + } -- char priv[0] __attribute__((__aligned__(NETDEV_ALIGN))); -+ char priv[0] __aligned(NETDEV_ALIGN); - }; + if (wdev->sme_state == CFG80211_SME_CONNECTING && +@@ -987,6 +987,7 @@ int __cfg80211_disconnect(struct cfg8021 + return err; + } - static inline struct net *wiphy_net(struct wiphy *wiphy) ---- a/net/wireless/core.h -+++ b/net/wireless/core.h -@@ -86,7 +86,7 @@ struct cfg80211_registered_device { ++ disconnect: + if (wdev->sme_state == CFG80211_SME_CONNECTED) + __cfg80211_disconnected(dev, NULL, 0, 0, false); + else if (wdev->sme_state == CFG80211_SME_CONNECTING) +--- a/drivers/net/wireless/ath/ath9k/rc.c ++++ b/drivers/net/wireless/ath/ath9k/rc.c +@@ -1227,10 +1227,7 @@ static bool ath_tx_aggr_check(struct ath + return false; - /* must be last because of the way we do wiphy_priv(), - * and it should at least be aligned to NETDEV_ALIGN */ -- struct wiphy wiphy __attribute__((__aligned__(NETDEV_ALIGN))); -+ struct wiphy wiphy __aligned(NETDEV_ALIGN); - }; + txtid = ATH_AN_2_TID(an, tidno); +- +- if (!(txtid->state & (AGGR_ADDBA_COMPLETE | AGGR_ADDBA_PROGRESS))) +- return true; +- return false; ++ return !txtid->active; + } - static inline ---- a/drivers/net/wireless/ath/ath9k/hw.c -+++ b/drivers/net/wireless/ath/ath9k/hw.c -@@ -2578,7 +2578,7 @@ int ath9k_hw_fill_cap_info(struct ath_hw - if (AR_SREV_9300_20_OR_LATER(ah)) { - ah->enabled_cals |= TX_IQ_CAL; -- if (AR_SREV_9485_OR_LATER(ah)) -+ if (AR_SREV_9485_OR_LATER(ah) && !AR_SREV_9340(ah)) - ah->enabled_cals |= TX_IQ_ON_AGC_CAL; +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +@@ -334,7 +334,8 @@ static void ar9003_hw_spur_ofdm(struct a + REG_RMW_FIELD(ah, AR_PHY_SPUR_REG, + AR_PHY_SPUR_REG_EN_VIT_SPUR_RSSI, 1); + +- if (REG_READ_FIELD(ah, AR_PHY_MODE, ++ if (!AR_SREV_9340(ah) && ++ REG_READ_FIELD(ah, AR_PHY_MODE, + AR_PHY_MODE_DYNAMIC) == 0x1) + REG_RMW_FIELD(ah, AR_PHY_SPUR_REG, + AR_PHY_SPUR_REG_ENABLE_NF_RSSI_SPUR_MIT, 1); +--- a/drivers/net/wireless/ath/ath9k/mac.c ++++ b/drivers/net/wireless/ath/ath9k/mac.c +@@ -410,7 +410,7 @@ bool ath9k_hw_resettxqueue(struct ath_hw + + REG_WRITE(ah, AR_QMISC(q), AR_Q_MISC_DCU_EARLY_TERM_REQ); + +- if (AR_SREV_9340(ah)) ++ if (AR_SREV_9340(ah) && !AR_SREV_9340_13_OR_LATER(ah)) + REG_WRITE(ah, AR_DMISC(q), + AR_D_MISC_CW_BKOFF_EN | AR_D_MISC_FRAG_WAIT_EN | 0x1); + else +--- a/net/mac80211/driver-ops.h ++++ b/net/mac80211/driver-ops.h +@@ -146,7 +146,8 @@ static inline int drv_add_interface(stru + + if (WARN_ON(sdata->vif.type == NL80211_IFTYPE_AP_VLAN || + (sdata->vif.type == NL80211_IFTYPE_MONITOR && +- !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)))) ++ !(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF) && ++ !(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE)))) + return -EINVAL; + + trace_drv_add_interface(local, sdata); +--- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c +@@ -454,6 +454,8 @@ static bool create_pa_curve(u32 *data_L, + if (accum_cnt <= thresh_accum_cnt) + continue; + ++ max_index++; ++ + /* sum(tx amplitude) */ + accum_tx = ((data_L[i] >> 16) & 0xffff) | + ((data_U[i] & 0x7ff) << 16); +@@ -468,20 +470,21 @@ static bool create_pa_curve(u32 *data_L, + + accum_tx <<= scale_factor; + accum_rx <<= scale_factor; +- x_est[i + 1] = (((accum_tx + accum_cnt) / accum_cnt) + 32) >> +- scale_factor; ++ x_est[max_index] = ++ (((accum_tx + accum_cnt) / accum_cnt) + 32) >> ++ scale_factor; + +- Y[i + 1] = ((((accum_rx + accum_cnt) / accum_cnt) + 32) >> ++ Y[max_index] = ++ ((((accum_rx + accum_cnt) / accum_cnt) + 32) >> + scale_factor) + +- (1 << scale_factor) * max_index + 16; ++ (1 << scale_factor) * i + 16; + + if (accum_ang >= (1 << 26)) + accum_ang -= 1 << 27; + +- theta[i + 1] = ((accum_ang * (1 << scale_factor)) + accum_cnt) / +- accum_cnt; +- +- max_index++; ++ theta[max_index] = ++ ((accum_ang * (1 << scale_factor)) + accum_cnt) / ++ accum_cnt; + } + + /* +--- a/drivers/net/wireless/ath/ath9k/beacon.c ++++ b/drivers/net/wireless/ath/ath9k/beacon.c +@@ -204,9 +204,15 @@ static struct ath_buf *ath9k_beacon_gene + } + + ath9k_beacon_setup(sc, vif, bf, info->control.rates[0].idx); ++ sc->beacon.cabq_dur = 0; + + while (skb) { + ath9k_tx_cabq(hw, skb); ++ ++ if (sc->beacon.cabq_dur / 1000 - 1 > ++ sc->cur_beacon_conf.beacon_interval / ATH_BCBUF) ++ break; ++ + skb = ieee80211_get_buffered_bc(hw, vif); } +--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h ++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h +@@ -68,13 +68,16 @@ + #define AR9300_BASE_ADDR 0x3ff + #define AR9300_BASE_ADDR_512 0x1ff + +-#define AR9300_OTP_BASE (AR_SREV_9340(ah) ? 0x30000 : 0x14000) +-#define AR9300_OTP_STATUS (AR_SREV_9340(ah) ? 0x30018 : 0x15f18) ++#define AR9300_OTP_BASE \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30000 : 0x14000) ++#define AR9300_OTP_STATUS \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x30018 : 0x15f18) + #define AR9300_OTP_STATUS_TYPE 0x7 + #define AR9300_OTP_STATUS_VALID 0x4 + #define AR9300_OTP_STATUS_ACCESS_BUSY 0x2 + #define AR9300_OTP_STATUS_SM_BUSY 0x1 +-#define AR9300_OTP_READ_DATA (AR_SREV_9340(ah) ? 0x3001c : 0x15f1c) ++#define AR9300_OTP_READ_DATA \ ++ ((AR_SREV_9340(ah) || AR_SREV_9550(ah)) ? 0x3001c : 0x15f1c) + + enum targetPowerHTRates { + HT_TARGET_RATE_0_8_16,