mac80211: update to wireless-testing 2013-11-05
authorFelix Fietkau <nbd@openwrt.org>
Tue, 12 Nov 2013 22:11:33 +0000 (22:11 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Tue, 12 Nov 2013 22:11:33 +0000 (22:11 +0000)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38783

56 files changed:
package/kernel/mac80211/Makefile
package/kernel/mac80211/patches/001-fix_build.patch
package/kernel/mac80211/patches/030-rt2x00_options.patch
package/kernel/mac80211/patches/060-no_local_ssb_bcma.patch
package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch [new file with mode: 0644]
package/kernel/mac80211/patches/150-disable_addr_notifier.patch
package/kernel/mac80211/patches/300-pending_work.patch
package/kernel/mac80211/patches/301-pending_work-rt2x00.patch [deleted file]
package/kernel/mac80211/patches/310-ap_scan.patch
package/kernel/mac80211/patches/400-ath_move_debug_code.patch
package/kernel/mac80211/patches/402-ath9k-fix-invalid-mac-address-handling.patch
package/kernel/mac80211/patches/403-ath_regd_optional.patch
package/kernel/mac80211/patches/404-world_regd_fixup.patch
package/kernel/mac80211/patches/405-regd_no_assoc_hints.patch
package/kernel/mac80211/patches/410-ath9k_allow_adhoc_and_ap.patch
package/kernel/mac80211/patches/411-ath5k_allow_adhoc_and_ap.patch
package/kernel/mac80211/patches/440-ath5k_channel_bw_debugfs.patch
package/kernel/mac80211/patches/500-ath9k_eeprom_debugfs.patch
package/kernel/mac80211/patches/501-ath9k-eeprom_endianess.patch
package/kernel/mac80211/patches/502-ath9k_ahb_init.patch
package/kernel/mac80211/patches/510-ath9k_intr_mitigation_tweak.patch
package/kernel/mac80211/patches/512-ath9k_channelbw_debugfs.patch
package/kernel/mac80211/patches/513-ath9k_add_pci_ids.patch
package/kernel/mac80211/patches/520-mac80211_cur_txpower.patch
package/kernel/mac80211/patches/521-ath9k_cur_txpower.patch
package/kernel/mac80211/patches/522-ath9k_per_chain_signal_strength.patch
package/kernel/mac80211/patches/523-mac80211_configure_antenna_gain.patch
package/kernel/mac80211/patches/524-ath9k_use_configured_antenna_gain.patch
package/kernel/mac80211/patches/530-ath9k_extra_leds.patch
package/kernel/mac80211/patches/542-ath9k_debugfs_diag.patch
package/kernel/mac80211/patches/543-ath9k-allow-to-disable-bands-via-platform-data.patch
package/kernel/mac80211/patches/550-ath9k_entropy_from_adc.patch
package/kernel/mac80211/patches/602-rt2x00-introduce-rt2x00_platform_h.patch
package/kernel/mac80211/patches/603-rt2x00-introduce-rt2x00eeprom.patch
package/kernel/mac80211/patches/604-rt2x00-of_load_eeprom_filename.patch [new file with mode: 0644]
package/kernel/mac80211/patches/605-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch [new file with mode: 0644]
package/kernel/mac80211/patches/605-rt2x00-pci-eeprom.patch [deleted file]
package/kernel/mac80211/patches/607-rt2x00-allow_disabling_bands_through_platform_data.patch
package/kernel/mac80211/patches/608-add_platform_data_mac_addr.patch
package/kernel/mac80211/patches/610-rt2x00-fix-rt3352-ext-pa.patch
package/kernel/mac80211/patches/611-rt2x00-rf_vals-rt3352-xtal20.patch
package/kernel/mac80211/patches/612-rt2x00-make-wmac-loadable-via-OF-on-rt288x-305x-SoC.patch
package/kernel/mac80211/patches/614-rt2x00-of_load_eeprom_filename.patch [deleted file]
package/kernel/mac80211/patches/615-rt2x00-fix_20mhz_clk.patch
package/kernel/mac80211/patches/616-rt2x00-support-rt5350.patch
package/kernel/mac80211/patches/617-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch [deleted file]
package/kernel/mac80211/patches/618-rt2x00-msi-fix.patch [deleted file]
package/kernel/mac80211/patches/619-rt2x00-change-led-polarity-from-OF.patch
package/kernel/mac80211/patches/620-rt2x00-rt3352-rf-id.patch
package/kernel/mac80211/patches/750-rtlwifi-Align-private-space-in-rtl_priv-struct.patch [deleted file]
package/kernel/mac80211/patches/820-b43-add-antenna-control.patch
package/kernel/mac80211/patches/830-b43-workaround-pcie-bcm4716.patch
package/kernel/mac80211/patches/850-brcmsmac-remove-extra-regulation-restriction.patch [new file with mode: 0644]
package/kernel/mac80211/patches/851-brcmsmac-remove-extra-regulation-restriction.patch [deleted file]
package/kernel/mac80211/patches/860-brcmsmac-use-bcma-PCIe-up-and-down-functions.patch [deleted file]
package/kernel/mac80211/patches/861-b43-call-PCIe-up-and-down-functions.patch [deleted file]

index 16bfb6f..f7e3e4f 100644 (file)
@@ -10,11 +10,11 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=2013-06-27
+PKG_VERSION:=2013-11-05
 PKG_RELEASE:=1
 PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
-PKG_BACKPORT_VERSION:=.1
-PKG_MD5SUM:=73bd220c64c5c6fdc22b3bb7f180644f
+PKG_BACKPORT_VERSION:=
+PKG_MD5SUM:=5ef839d02d19c341629555a529beebee
 
 PKG_SOURCE:=compat-wireless-$(PKG_VERSION)$(PKG_BACKPORT_VERSION).tar.bz2
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/compat-wireless-$(PKG_VERSION)
@@ -24,8 +24,8 @@ PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
 
 PKG_DRIVERS = \
        adm8211 ath5k libertas-usb libertas-sd p54-common p54-pci p54-usb p54-spi \
-       rt2x00-lib rt2x00-pci rt2x00-usb rt2x00-soc rt2800-lib rt2400-pci \
-       rt2500-pci rt2500-usb rt61-pci rt73-usb rt2800-pci rt2800-usb \
+       rt2x00-lib rt2x00-pci rt2x00-usb rt2800-lib rt2400-pci rt2500-pci \
+       rt2500-usb rt61-pci rt73-usb rt2800-mmio rt2800-pci rt2800-usb rt2800-soc \
        rtl8180 rtl8187 zd1211rw mac80211-hwsim carl9170 b43 b43legacy \
        ath9k-common ath9k ath9k-htc ath10k ath net-libipw net-ipw2100 net-ipw2200 \
        mwl8k net-hermes net-hermes-pci net-hermes-plx net-hermes-pcmcia \
@@ -263,15 +263,6 @@ $(call KernelPackage/rt2x00/Default)
   AUTOLOAD:=$(call AutoProbe,rt2x00usb)
 endef
 
-define KernelPackage/rt2x00-soc
-$(call KernelPackage/rt2x00/Default)
-  DEPENDS+=@TARGET_ramips_rt305x +kmod-rt2x00-mmio +kmod-rt2x00-lib
-  HIDDEN:=1
-  TITLE+= (SoC)
-  FILES:=$(PKG_BUILD_DIR)/drivers/net/wireless/rt2x00/rt2x00soc.ko
-  AUTOLOAD:=$(call AutoProbe,rt2x00soc)
-endef
-
 define KernelPackage/rt2800-lib
 $(call KernelPackage/rt2x00/Default)
   DEPENDS+= @(PCI_SUPPORT||USB_SUPPORT||TARGET_ramips) +kmod-rt2x00-lib +kmod-lib-crc-ccitt +@DRIVER_11N_SUPPORT
@@ -320,9 +311,27 @@ define KernelPackage/rt73-usb
   AUTOLOAD:=$(call AutoProbe,rt73usb)
 endef
 
+define KernelPackage/rt2800-mmio
+$(call KernelPackage/rt2x00/Default)
+  TITLE += (RT28xx/RT3xxx MMIO)
+  DEPENDS += +kmod-rt2800-lib +kmod-rt2x00-mmio
+  HIDDEN:=1
+  FILES:=$(PKG_BUILD_DIR)/drivers/net/wireless/rt2x00/rt2800mmio.ko
+endef
+
+define KernelPackage/rt2800-soc
+$(call KernelPackage/rt2x00/Default)
+  DEPENDS += @TARGET_ramips_rt305x +kmod-rt2800-mmio +kmod-rt2800-lib
+  TITLE += (RT28xx/RT3xxx SoC)
+  FILES := \
+       $(PKG_BUILD_DIR)/drivers/net/wireless/rt2x00/rt2x00soc.ko \
+       $(PKG_BUILD_DIR)/drivers/net/wireless/rt2x00/rt2800soc.ko
+  AUTOLOAD:=$(call AutoProbe,rt2800soc)
+endef
+
 define KernelPackage/rt2800-pci
 $(call KernelPackage/rt2x00/Default)
-  DEPENDS+= @(PCI_SUPPORT||TARGET_ramips_rt305x) +PCI_SUPPORT:kmod-rt2x00-pci +kmod-rt2800-lib +kmod-lib-crc-ccitt +TARGET_ramips_rt305x:kmod-rt2x00-soc
+  DEPENDS+= @PCI_SUPPORT +kmod-rt2x00-pci +kmod-rt2800-lib +kmod-rt2800-mmio
   TITLE+= (RT2860 PCI)
   FILES:=$(PKG_BUILD_DIR)/drivers/net/wireless/rt2x00/rt2800pci.ko
   AUTOLOAD:=$(call AutoProbe,rt2800pci)
@@ -1365,7 +1374,6 @@ config-$(call config_package,rt2x00-lib) += RT2X00 RT2X00_LIB
 config-$(call config_package,rt2x00-pci) += RT2X00_LIB_PCI
 config-$(call config_package,rt2x00-mmio) += RT2X00_LIB_MMIO
 config-$(call config_package,rt2x00-usb) += RT2X00_LIB_USB
-config-$(call config_package,rt2x00-soc) += RT2X00_LIB_SOC
 config-$(CONFIG_PACKAGE_RT2X00_LIB_DEBUGFS) += RT2X00_LIB_DEBUGFS
 config-$(CONFIG_PACKAGE_RT2X00_DEBUG) += RT2X00_DEBUG
 
@@ -1377,6 +1385,7 @@ config-$(call config_package,rt73-usb) += RT73USB
 
 config-$(call config_package,rt2800-lib) += RT2800_LIB
 
+config-$(call config_package,rt2800-soc) += RT2800SOC
 config-$(call config_package,rt2800-pci) += RT2800PCI
 config-y += RT2800PCI_RT33XX RT2800PCI_RT35XX RT2800PCI_RT53XX RT2800PCI_RT3290
 
@@ -1748,13 +1757,14 @@ $(eval $(call KernelPackage,rt2x00-lib))
 $(eval $(call KernelPackage,rt2x00-mmio))
 $(eval $(call KernelPackage,rt2x00-pci))
 $(eval $(call KernelPackage,rt2x00-usb))
-$(eval $(call KernelPackage,rt2x00-soc))
 $(eval $(call KernelPackage,rt2800-lib))
 $(eval $(call KernelPackage,rt2400-pci))
 $(eval $(call KernelPackage,rt2500-pci))
 $(eval $(call KernelPackage,rt2500-usb))
 $(eval $(call KernelPackage,rt61-pci))
 $(eval $(call KernelPackage,rt73-usb))
+$(eval $(call KernelPackage,rt2800-mmio))
+$(eval $(call KernelPackage,rt2800-soc))
 $(eval $(call KernelPackage,rt2800-pci))
 $(eval $(call KernelPackage,rt2800-usb))
 $(eval $(call KernelPackage,rtl8180))
index c541985..26b327a 100644 (file)
 +      @$(MAKE) Kconfig.versions
        @$(MAKE) -f Makefile.real "$@"
  
- else
+ .PHONY: defconfig-help
 --- a/Makefile.real
 +++ b/Makefile.real
 @@ -54,7 +54,7 @@ defconfig-%::
index 789a77a..5ee52a2 100644 (file)
@@ -1,13 +1,20 @@
 --- a/drivers/net/wireless/rt2x00/Kconfig
 +++ b/drivers/net/wireless/rt2x00/Kconfig
-@@ -202,25 +202,28 @@ config RT2800USB_UNKNOWN
- endif
+@@ -225,36 +225,37 @@ config RT2800SOC
  
  config RT2800_LIB
 -      tristate
 +      tristate "RT2800 USB/PCI support"
        depends on m
  
+ config RT2800_LIB_MMIO
+-      tristate
++      tristate "RT2800 MMIO support"
+       depends on m
+       select RT2X00_LIB_MMIO
+       select RT2800_LIB
  config RT2X00_LIB_MMIO
 -      tristate
 +      tristate "RT2x00 MMIO support"
@@ -16,7 +23,6 @@
  config RT2X00_LIB_PCI
 -      tristate
 +      tristate "RT2x00 PCI support"
-+      depends on PCI
        depends on m
        select RT2X00_LIB
  
  config RT2X00_LIB_USB
 -      tristate
 +      tristate "RT2x00 USB support"
-+      depends on USB
        depends on m
        select RT2X00_LIB
  
+ config RT2X00_LIB
+-      tristate
++      tristate "RT2x00 support"
+       depends on m
+       select BACKPORT_AVERAGE
index 5e8d421..2893571 100644 (file)
@@ -1,6 +1,6 @@
 --- a/.local-symbols
 +++ b/.local-symbols
-@@ -363,42 +363,6 @@ USB_CDC_PHONET=
+@@ -382,42 +382,6 @@ USB_CDC_PHONET=
  USB_IPHETH=
  USB_SIERRA_NET=
  USB_VL600=
@@ -77,7 +77,7 @@
        return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
  #else
        return bus->chipco.dev;
-@@ -4735,7 +4735,7 @@ static int b43_wireless_core_init(struct
+@@ -4736,7 +4736,7 @@ static int b43_wireless_core_init(struct
        }
        if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
                hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
diff --git a/package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch b/package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch
new file mode 100644 (file)
index 0000000..8268bbd
--- /dev/null
@@ -0,0 +1,347 @@
+--- a/net/mac80211/Kconfig
++++ b/net/mac80211/Kconfig
+@@ -5,7 +5,6 @@ config MAC80211
+       depends on CRYPTO
+       depends on CRYPTO_ARC4
+       depends on CRYPTO_AES
+-      depends on CRYPTO_CCM
+       depends on CRC32
+       select BACKPORT_AVERAGE
+       ---help---
+--- a/net/mac80211/aes_ccm.c
++++ b/net/mac80211/aes_ccm.c
+@@ -2,8 +2,6 @@
+  * Copyright 2003-2004, Instant802 Networks, Inc.
+  * Copyright 2005-2006, Devicescape Software, Inc.
+  *
+- * Rewrite: Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>
+- *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License version 2 as
+  * published by the Free Software Foundation.
+@@ -19,75 +17,134 @@
+ #include "key.h"
+ #include "aes_ccm.h"
+-void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+-                             u8 *data, size_t data_len, u8 *mic)
++static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a)
+ {
+-      struct scatterlist assoc, pt, ct[2];
+-      struct {
+-              struct aead_request     req;
+-              u8                      priv[crypto_aead_reqsize(tfm)];
+-      } aead_req;
+-
+-      memset(&aead_req, 0, sizeof(aead_req));
+-
+-      sg_init_one(&pt, data, data_len);
+-      sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
+-      sg_init_table(ct, 2);
+-      sg_set_buf(&ct[0], data, data_len);
+-      sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
+-
+-      aead_request_set_tfm(&aead_req.req, tfm);
+-      aead_request_set_assoc(&aead_req.req, &assoc, assoc.length);
+-      aead_request_set_crypt(&aead_req.req, &pt, ct, data_len, b_0);
++      int i;
++      u8 *b_0, *aad, *b, *s_0;
+-      crypto_aead_encrypt(&aead_req.req);
++      b_0 = scratch + 3 * AES_BLOCK_SIZE;
++      aad = scratch + 4 * AES_BLOCK_SIZE;
++      b = scratch;
++      s_0 = scratch + AES_BLOCK_SIZE;
++
++      crypto_cipher_encrypt_one(tfm, b, b_0);
++
++      /* Extra Authenticate-only data (always two AES blocks) */
++      for (i = 0; i < AES_BLOCK_SIZE; i++)
++              aad[i] ^= b[i];
++      crypto_cipher_encrypt_one(tfm, b, aad);
++
++      aad += AES_BLOCK_SIZE;
++
++      for (i = 0; i < AES_BLOCK_SIZE; i++)
++              aad[i] ^= b[i];
++      crypto_cipher_encrypt_one(tfm, a, aad);
++
++      /* Mask out bits from auth-only-b_0 */
++      b_0[0] &= 0x07;
++
++      /* S_0 is used to encrypt T (= MIC) */
++      b_0[14] = 0;
++      b_0[15] = 0;
++      crypto_cipher_encrypt_one(tfm, s_0, b_0);
+ }
+-int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+-                            u8 *data, size_t data_len, u8 *mic)
++
++void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
++                             u8 *data, size_t data_len,
++                             u8 *cdata, u8 *mic)
+ {
+-      struct scatterlist assoc, pt, ct[2];
+-      struct {
+-              struct aead_request     req;
+-              u8                      priv[crypto_aead_reqsize(tfm)];
+-      } aead_req;
+-
+-      memset(&aead_req, 0, sizeof(aead_req));
+-
+-      sg_init_one(&pt, data, data_len);
+-      sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
+-      sg_init_table(ct, 2);
+-      sg_set_buf(&ct[0], data, data_len);
+-      sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
+-
+-      aead_request_set_tfm(&aead_req.req, tfm);
+-      aead_request_set_assoc(&aead_req.req, &assoc, assoc.length);
+-      aead_request_set_crypt(&aead_req.req, ct, &pt,
+-                             data_len + IEEE80211_CCMP_MIC_LEN, b_0);
++      int i, j, last_len, num_blocks;
++      u8 *pos, *cpos, *b, *s_0, *e, *b_0;
++
++      b = scratch;
++      s_0 = scratch + AES_BLOCK_SIZE;
++      e = scratch + 2 * AES_BLOCK_SIZE;
++      b_0 = scratch + 3 * AES_BLOCK_SIZE;
++
++      num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
++      last_len = data_len % AES_BLOCK_SIZE;
++      aes_ccm_prepare(tfm, scratch, b);
++
++      /* Process payload blocks */
++      pos = data;
++      cpos = cdata;
++      for (j = 1; j <= num_blocks; j++) {
++              int blen = (j == num_blocks && last_len) ?
++                      last_len : AES_BLOCK_SIZE;
++
++              /* Authentication followed by encryption */
++              for (i = 0; i < blen; i++)
++                      b[i] ^= pos[i];
++              crypto_cipher_encrypt_one(tfm, b, b);
++
++              b_0[14] = (j >> 8) & 0xff;
++              b_0[15] = j & 0xff;
++              crypto_cipher_encrypt_one(tfm, e, b_0);
++              for (i = 0; i < blen; i++)
++                      *cpos++ = *pos++ ^ e[i];
++      }
+-      return crypto_aead_decrypt(&aead_req.req);
++      for (i = 0; i < IEEE80211_CCMP_MIC_LEN; i++)
++              mic[i] = b[i] ^ s_0[i];
+ }
+-struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[])
++
++int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
++                            u8 *cdata, size_t data_len, u8 *mic, u8 *data)
+ {
+-      struct crypto_aead *tfm;
+-      int err;
++      int i, j, last_len, num_blocks;
++      u8 *pos, *cpos, *b, *s_0, *a, *b_0;
+-      tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC);
+-      if (IS_ERR(tfm))
+-              return tfm;
+-
+-      err = crypto_aead_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
+-      if (!err)
+-              err = crypto_aead_setauthsize(tfm, IEEE80211_CCMP_MIC_LEN);
+-      if (!err)
+-              return tfm;
++      b = scratch;
++      s_0 = scratch + AES_BLOCK_SIZE;
++      a = scratch + 2 * AES_BLOCK_SIZE;
++      b_0 = scratch + 3 * AES_BLOCK_SIZE;
++
++      num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
++      last_len = data_len % AES_BLOCK_SIZE;
++      aes_ccm_prepare(tfm, scratch, a);
++
++      /* Process payload blocks */
++      cpos = cdata;
++      pos = data;
++      for (j = 1; j <= num_blocks; j++) {
++              int blen = (j == num_blocks && last_len) ?
++                      last_len : AES_BLOCK_SIZE;
++
++              /* Decryption followed by authentication */
++              b_0[14] = (j >> 8) & 0xff;
++              b_0[15] = j & 0xff;
++              crypto_cipher_encrypt_one(tfm, b, b_0);
++              for (i = 0; i < blen; i++) {
++                      *pos = *cpos++ ^ b[i];
++                      a[i] ^= *pos++;
++              }
++              crypto_cipher_encrypt_one(tfm, a, a);
++      }
++
++      for (i = 0; i < IEEE80211_CCMP_MIC_LEN; i++) {
++              if ((mic[i] ^ s_0[i]) != a[i])
++                      return -1;
++      }
+-      crypto_free_aead(tfm);
+-      return ERR_PTR(err);
++      return 0;
+ }
+-void ieee80211_aes_key_free(struct crypto_aead *tfm)
++
++struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
++{
++      struct crypto_cipher *tfm;
++
++      tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
++      if (!IS_ERR(tfm))
++              crypto_cipher_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
++
++      return tfm;
++}
++
++
++void ieee80211_aes_key_free(struct crypto_cipher *tfm)
+ {
+-      crypto_free_aead(tfm);
++      crypto_free_cipher(tfm);
+ }
+--- a/net/mac80211/aes_ccm.h
++++ b/net/mac80211/aes_ccm.h
+@@ -12,11 +12,13 @@
+ #include <linux/crypto.h>
+-struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[]);
+-void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+-                             u8 *data, size_t data_len, u8 *mic);
+-int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+-                            u8 *data, size_t data_len, u8 *mic);
+-void ieee80211_aes_key_free(struct crypto_aead *tfm);
++struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]);
++void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
++                             u8 *data, size_t data_len,
++                             u8 *cdata, u8 *mic);
++int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
++                            u8 *cdata, size_t data_len,
++                            u8 *mic, u8 *data);
++void ieee80211_aes_key_free(struct crypto_cipher *tfm);
+ #endif /* AES_CCM_H */
+--- a/net/mac80211/key.h
++++ b/net/mac80211/key.h
+@@ -83,7 +83,7 @@ struct ieee80211_key {
+                        * Management frames.
+                        */
+                       u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_CCMP_PN_LEN];
+-                      struct crypto_aead *tfm;
++                      struct crypto_cipher *tfm;
+                       u32 replays; /* dot11RSNAStatsCCMPReplays */
+               } ccmp;
+               struct {
+--- a/net/mac80211/wpa.c
++++ b/net/mac80211/wpa.c
+@@ -301,16 +301,22 @@ ieee80211_crypto_tkip_decrypt(struct iee
+ }
+-static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
++static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
+                               int encrypted)
+ {
+       __le16 mask_fc;
+       int a4_included, mgmt;
+       u8 qos_tid;
+-      u16 len_a;
++      u8 *b_0, *aad;
++      u16 data_len, len_a;
+       unsigned int hdrlen;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
++      memset(scratch, 0, 6 * AES_BLOCK_SIZE);
++
++      b_0 = scratch + 3 * AES_BLOCK_SIZE;
++      aad = scratch + 4 * AES_BLOCK_SIZE;
++
+       /*
+        * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
+        * Retry, PwrMgt, MoreData; set Protected
+@@ -332,21 +338,20 @@ static void ccmp_special_blocks(struct s
+       else
+               qos_tid = 0;
+-      /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
+-       * mode authentication are not allowed to collide, yet both are derived
+-       * from this vector b_0. We only set L := 1 here to indicate that the
+-       * data size can be represented in (L+1) bytes. The CCM layer will take
+-       * care of storing the data length in the top (L+1) bytes and setting
+-       * and clearing the other bits as is required to derive the two IVs.
+-       */
+-      b_0[0] = 0x1;
++      data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN;
++      if (encrypted)
++              data_len -= IEEE80211_CCMP_MIC_LEN;
++      /* First block, b_0 */
++      b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
+       /* Nonce: Nonce Flags | A2 | PN
+        * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
+        */
+       b_0[1] = qos_tid | (mgmt << 4);
+       memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
+       memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
++      /* l(m) */
++      put_unaligned_be16(data_len, &b_0[14]);
+       /* AAD (extra authenticate-only data) / masked 802.11 header
+        * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
+@@ -402,8 +407,7 @@ static int ccmp_encrypt_skb(struct ieee8
+       u8 *pos;
+       u8 pn[6];
+       u64 pn64;
+-      u8 aad[2 * AES_BLOCK_SIZE];
+-      u8 b_0[AES_BLOCK_SIZE];
++      u8 scratch[6 * AES_BLOCK_SIZE];
+       if (info->control.hw_key &&
+           !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
+@@ -456,9 +460,9 @@ static int ccmp_encrypt_skb(struct ieee8
+               return 0;
+       pos += IEEE80211_CCMP_HDR_LEN;
+-      ccmp_special_blocks(skb, pn, b_0, aad, 0);
+-      ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
+-                                skb_put(skb, IEEE80211_CCMP_MIC_LEN));
++      ccmp_special_blocks(skb, pn, scratch, 0);
++      ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
++                                pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN));
+       return 0;
+ }
+@@ -521,16 +525,16 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+       }
+       if (!(status->flag & RX_FLAG_DECRYPTED)) {
+-              u8 aad[2 * AES_BLOCK_SIZE];
+-              u8 b_0[AES_BLOCK_SIZE];
++              u8 scratch[6 * AES_BLOCK_SIZE];
+               /* hardware didn't decrypt/verify MIC */
+-              ccmp_special_blocks(skb, pn, b_0, aad, 1);
++              ccmp_special_blocks(skb, pn, scratch, 1);
+               if (ieee80211_aes_ccm_decrypt(
+-                          key->u.ccmp.tfm, b_0, aad,
++                          key->u.ccmp.tfm, scratch,
+                           skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
+                           data_len,
+-                          skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
++                          skb->data + skb->len - IEEE80211_CCMP_MIC_LEN,
++                          skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN))
+                       return RX_DROP_UNUSABLE;
+       }
index 92c1909..3a00786 100644 (file)
@@ -1,6 +1,6 @@
 --- a/net/mac80211/main.c
 +++ b/net/mac80211/main.c
-@@ -300,7 +300,7 @@ void ieee80211_restart_hw(struct ieee802
+@@ -291,7 +291,7 @@ void ieee80211_restart_hw(struct ieee802
  }
  EXPORT_SYMBOL(ieee80211_restart_hw);
  
@@ -9,7 +9,7 @@
  static int ieee80211_ifa_changed(struct notifier_block *nb,
                                 unsigned long data, void *arg)
  {
-@@ -359,7 +359,7 @@ static int ieee80211_ifa_changed(struct 
+@@ -350,7 +350,7 @@ static int ieee80211_ifa_changed(struct 
  }
  #endif
  
@@ -18,7 +18,7 @@
  static int ieee80211_ifa6_changed(struct notifier_block *nb,
                                  unsigned long data, void *arg)
  {
-@@ -990,14 +990,14 @@ int ieee80211_register_hw(struct ieee802
+@@ -978,14 +978,14 @@ int ieee80211_register_hw(struct ieee802
                goto fail_pm_qos;
        }
  
@@ -35,7 +35,7 @@
        local->ifa6_notifier.notifier_call = ieee80211_ifa6_changed;
        result = register_inet6addr_notifier(&local->ifa6_notifier);
        if (result)
-@@ -1006,13 +1006,13 @@ int ieee80211_register_hw(struct ieee802
+@@ -994,13 +994,13 @@ int ieee80211_register_hw(struct ieee802
  
        return 0;
  
@@ -52,7 +52,7 @@
   fail_ifa:
        pm_qos_remove_notifier(PM_QOS_NETWORK_LATENCY,
                               &local->network_latency_notifier);
-@@ -1045,10 +1045,10 @@ void ieee80211_unregister_hw(struct ieee
+@@ -1033,10 +1033,10 @@ void ieee80211_unregister_hw(struct ieee
  
        pm_qos_remove_notifier(PM_QOS_NETWORK_LATENCY,
                               &local->network_latency_notifier);
index 81f03c5..71a2d6b 100644 (file)
---- a/net/mac80211/agg-rx.c
-+++ b/net/mac80211/agg-rx.c
-@@ -204,6 +204,8 @@ static void ieee80211_send_addba_resp(st
-               memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
-       else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
-               memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
-+      else if (sdata->vif.type == NL80211_IFTYPE_WDS)
-+              memcpy(mgmt->bssid, da, ETH_ALEN);
-       mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
-                                         IEEE80211_STYPE_ACTION);
---- a/net/mac80211/agg-tx.c
-+++ b/net/mac80211/agg-tx.c
-@@ -81,7 +81,8 @@ static void ieee80211_send_addba_request
-       memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
-       if (sdata->vif.type == NL80211_IFTYPE_AP ||
-           sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
--          sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
-+          sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
-+          sdata->vif.type == NL80211_IFTYPE_WDS)
-               memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
-       else if (sdata->vif.type == NL80211_IFTYPE_STATION)
-               memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
-@@ -527,6 +528,7 @@ int ieee80211_start_tx_ba_session(struct
-           sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
-           sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
-           sdata->vif.type != NL80211_IFTYPE_AP &&
-+          sdata->vif.type != NL80211_IFTYPE_WDS &&
-           sdata->vif.type != NL80211_IFTYPE_ADHOC)
-               return -EINVAL;
---- a/net/mac80211/debugfs_sta.c
-+++ b/net/mac80211/debugfs_sta.c
-@@ -66,11 +66,11 @@ static ssize_t sta_flags_read(struct fil
-       test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
-       int res = scnprintf(buf, sizeof(buf),
--                          "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
-+                          "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
-                           TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
-                           TEST(PS_DRIVER), TEST(AUTHORIZED),
-                           TEST(SHORT_PREAMBLE),
--                          TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
-+                          TEST(WME), TEST(CLEAR_PS_FILT),
-                           TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
-                           TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
-                           TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT),
-@@ -455,6 +455,15 @@ void ieee80211_sta_debugfs_add(struct st
-       DEBUGFS_ADD_COUNTER(tx_retry_count, tx_retry_count);
-       DEBUGFS_ADD_COUNTER(wep_weak_iv_count, wep_weak_iv_count);
-+      if (sizeof(sta->driver_buffered_tids) == sizeof(u32))
-+              debugfs_create_x32("driver_buffered_tids", 0400,
-+                                 sta->debugfs.dir,
-+                                 (u32 *)&sta->driver_buffered_tids);
-+      else
-+              debugfs_create_x64("driver_buffered_tids", 0400,
-+                                 sta->debugfs.dir,
-+                                 (u64 *)&sta->driver_buffered_tids);
-+
-       drv_sta_add_debugfs(local, sdata, &sta->sta, sta->debugfs.dir);
- }
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -274,6 +274,12 @@ static int ieee80211_check_concurrent_if
-                       if (iftype == NL80211_IFTYPE_ADHOC &&
-                           nsdata->vif.type == NL80211_IFTYPE_ADHOC)
-                               return -EBUSY;
-+                      /*
-+                       * will not add another interface while any channel
-+                       * switch is active.
-+                       */
-+                      if (nsdata->vif.csa_active)
-+                              return -EBUSY;
-                       /*
-                        * The remaining checks are only performed for interfaces
-@@ -463,7 +469,6 @@ int ieee80211_do_open(struct wireless_de
-       struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
-       struct net_device *dev = wdev->netdev;
-       struct ieee80211_local *local = sdata->local;
--      struct sta_info *sta;
-       u32 changed = 0;
-       int res;
-       u32 hw_reconf_flags = 0;
-@@ -629,30 +634,8 @@ int ieee80211_do_open(struct wireless_de
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -1351,12 +1351,12 @@ static int ath10k_update_channel_list(st
+                       ch->allow_vht = true;
  
-       set_bit(SDATA_STATE_RUNNING, &sdata->state);
--      if (sdata->vif.type == NL80211_IFTYPE_WDS) {
--              /* Create STA entry for the WDS peer */
--              sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
--                                   GFP_KERNEL);
--              if (!sta) {
--                      res = -ENOMEM;
--                      goto err_del_interface;
--              }
--
--              sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
--              sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
--              sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
--
--              res = sta_info_insert(sta);
--              if (res) {
--                      /* STA has been freed */
--                      goto err_del_interface;
--              }
--
--              rate_control_rate_init(sta);
--              netif_carrier_on(dev);
--      } else if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
-+      if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
-               rcu_assign_pointer(local->p2p_sdata, sdata);
--      }
+                       ch->allow_ibss =
+-                              !(channel->flags & IEEE80211_CHAN_NO_IBSS);
++                              !(channel->flags & IEEE80211_CHAN_NO_IR);
  
-       /*
-        * set_multicast_list will be invoked by the networking core
-@@ -809,6 +792,8 @@ static void ieee80211_do_stop(struct iee
-       cancel_work_sync(&local->dynamic_ps_enable_work);
+                       ch->ht40plus =
+                               !(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
  
-       cancel_work_sync(&sdata->recalc_smps);
-+      sdata->vif.csa_active = false;
-+      cancel_work_sync(&sdata->csa_finalize_work);
+-                      passive = channel->flags & IEEE80211_CHAN_PASSIVE_SCAN;
++                      passive = channel->flags & IEEE80211_CHAN_NO_IR;
+                       ch->passive = passive;
  
-       cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+                       ch->freq = channel->center_freq;
+--- a/drivers/net/wireless/ath/ath9k/Kconfig
++++ b/drivers/net/wireless/ath/ath9k/Kconfig
+@@ -90,7 +90,7 @@ config ATH9K_DFS_CERTIFIED
  
-@@ -1116,6 +1101,74 @@ static void ieee80211_if_setup(struct ne
-       dev->destructor = free_netdev;
+ config ATH9K_TX99
+       bool "Atheros ath9k TX99 testing support"
+-      depends on CFG80211_CERTIFICATION_ONUS
++      depends on ATH9K_DEBUGFS && CFG80211_CERTIFICATION_ONUS
+       default n
+       ---help---
+         Say N. This should only be enabled on systems undergoing
+@@ -108,6 +108,14 @@ config ATH9K_TX99
+         be evaluated to meet the RF exposure limits set forth in the
+         governmental SAR regulations.
++config ATH9K_WOW
++      bool "Wake on Wireless LAN support (EXPERIMENTAL)"
++      depends on ATH9K && PM
++      default n
++      ---help---
++        This option enables Wake on Wireless LAN support for certain cards.
++        Currently, AR9462 is supported.
++
+ config ATH9K_LEGACY_RATE_CONTROL
+       bool "Atheros ath9k rate control"
+       depends on ATH9K
+--- a/drivers/net/wireless/ath/ath9k/Makefile
++++ b/drivers/net/wireless/ath/ath9k/Makefile
+@@ -13,9 +13,9 @@ ath9k-$(CPTCFG_ATH9K_PCI) += pci.o
+ ath9k-$(CPTCFG_ATH9K_AHB) += ahb.o
+ ath9k-$(CPTCFG_ATH9K_DEBUGFS) += debug.o
+ ath9k-$(CPTCFG_ATH9K_DFS_DEBUGFS) += dfs_debug.o
+-ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += \
+-              dfs.o
+-ath9k-$(CONFIG_PM_SLEEP) += wow.o
++ath9k-$(CPTCFG_ATH9K_DFS_CERTIFIED) += dfs.o
++ath9k-$(CPTCFG_ATH9K_TX99) += tx99.o
++ath9k-$(CPTCFG_ATH9K_WOW) += wow.o
+ obj-$(CPTCFG_ATH9K) += ath9k.o
+@@ -41,6 +41,8 @@ ath9k_hw-y:= \
+               ar9003_eeprom.o \
+               ar9003_paprd.o
++ath9k_hw-$(CPTCFG_ATH9K_WOW) += ar9003_wow.o
++
+ ath9k_hw-$(CPTCFG_ATH9K_BTCOEX_SUPPORT) += btcoex.o \
+                                          ar9003_mci.o
+ obj-$(CPTCFG_ATH9K_HW) += ath9k_hw.o
+--- a/drivers/net/wireless/ath/ath9k/ar9003_hw.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_hw.c
+@@ -581,6 +581,13 @@ static void ar9003_tx_gain_table_mode6(s
+                       ar9580_1p0_type6_tx_gain_table);
  }
  
-+static void ieee80211_wds_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
-+                                       struct sk_buff *skb)
++static void ar9003_tx_gain_table_mode7(struct ath_hw *ah)
 +{
-+      struct ieee80211_local *local = sdata->local;
-+      struct ieee80211_rx_status *rx_status;
-+      struct ieee802_11_elems elems;
-+      struct ieee80211_mgmt *mgmt;
-+      struct sta_info *sta;
-+      size_t baselen;
-+      u32 rates = 0;
-+      u16 stype;
-+      bool new = false;
-+      enum ieee80211_band band;
-+      struct ieee80211_supported_band *sband;
-+
-+      rx_status = IEEE80211_SKB_RXCB(skb);
-+      band = rx_status->band;
-+      sband = local->hw.wiphy->bands[band];
-+      mgmt = (struct ieee80211_mgmt *) skb->data;
-+      stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
-+
-+      if (stype != IEEE80211_STYPE_BEACON)
-+              return;
-+
-+      baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
-+      if (baselen > skb->len)
-+              return;
-+
-+      ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
-+                             skb->len - baselen, false, &elems);
-+
-+      rates = ieee80211_sta_get_rates(local, &elems, band, NULL);
-+
-+      rcu_read_lock();
-+
-+      sta = sta_info_get(sdata, sdata->u.wds.remote_addr);
-+
-+      if (!sta) {
-+              rcu_read_unlock();
-+              sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
-+                                   GFP_KERNEL);
-+              if (!sta)
-+                      return;
-+
-+              new = true;
-+      }
-+
-+      sta->last_rx = jiffies;
-+      sta->sta.supp_rates[band] = rates;
-+
-+      if (elems.ht_cap_elem)
-+              ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
-+                              elems.ht_cap_elem, sta);
-+
-+      if (elems.wmm_param)
-+              set_sta_flag(sta, WLAN_STA_WME);
-+
-+      if (new) {
-+              sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
-+              sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
-+              sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
-+              rate_control_rate_init(sta);
-+              sta_info_insert_rcu(sta);
-+      }
-+
-+      rcu_read_unlock();
++      if (AR_SREV_9340(ah))
++              INIT_INI_ARRAY(&ah->iniModesTxGain,
++                             ar9340_cus227_tx_gain_table_1p0);
 +}
 +
- static void ieee80211_iface_work(struct work_struct *work)
- {
-       struct ieee80211_sub_if_data *sdata =
-@@ -1220,6 +1273,9 @@ static void ieee80211_iface_work(struct 
-                               break;
-                       ieee80211_mesh_rx_queued_mgmt(sdata, skb);
-                       break;
-+              case NL80211_IFTYPE_WDS:
-+                      ieee80211_wds_rx_queued_mgmt(sdata, skb);
-+                      break;
-               default:
-                       WARN(1, "frame for unexpected interface type");
-                       break;
-@@ -1282,6 +1338,7 @@ static void ieee80211_setup_sdata(struct
-       skb_queue_head_init(&sdata->skb_queue);
-       INIT_WORK(&sdata->work, ieee80211_iface_work);
-       INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work);
-+      INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work);
-       switch (type) {
-       case NL80211_IFTYPE_P2P_GO:
---- a/net/mac80211/rc80211_minstrel_ht.c
-+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -365,6 +365,14 @@ minstrel_ht_update_stats(struct minstrel
-               }
-       }
+ typedef void (*ath_txgain_tab)(struct ath_hw *ah);
  
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+      /* use fixed index if set */
-+      if (mp->fixed_rate_idx != -1) {
-+              mi->max_tp_rate = mp->fixed_rate_idx;
-+              mi->max_tp_rate2 = mp->fixed_rate_idx;
-+              mi->max_prob_rate = mp->fixed_rate_idx;
-+      }
-+#endif
-       mi->stats_update = jiffies;
- }
-@@ -774,6 +782,11 @@ minstrel_ht_get_rate(void *priv, struct 
-       info->flags |= mi->tx_flags;
-       minstrel_ht_check_cck_shortpreamble(mp, mi, txrc->short_preamble);
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+      if (mp->fixed_rate_idx != -1)
-+              return;
-+#endif
-+
-       /* Don't use EAPOL frames for sampling on non-mrr hw */
-       if (mp->hw->max_rates == 1 &&
-           txrc->skb->protocol == cpu_to_be16(ETH_P_PAE))
-@@ -781,16 +794,6 @@ minstrel_ht_get_rate(void *priv, struct 
-       else
-               sample_idx = minstrel_get_sample_rate(mp, mi);
--#ifdef CPTCFG_MAC80211_DEBUGFS
--      /* use fixed index if set */
--      if (mp->fixed_rate_idx != -1) {
--              mi->max_tp_rate = mp->fixed_rate_idx;
--              mi->max_tp_rate2 = mp->fixed_rate_idx;
--              mi->max_prob_rate = mp->fixed_rate_idx;
--              sample_idx = -1;
--      }
--#endif
--
-       mi->total_packets++;
+ static void ar9003_tx_gain_table_apply(struct ath_hw *ah)
+@@ -593,6 +600,7 @@ static void ar9003_tx_gain_table_apply(s
+               ar9003_tx_gain_table_mode4,
+               ar9003_tx_gain_table_mode5,
+               ar9003_tx_gain_table_mode6,
++              ar9003_tx_gain_table_mode7,
+       };
+       int idx = ar9003_hw_get_tx_gain_idx(ah);
  
-       /* wraparound */
-@@ -804,10 +807,18 @@ minstrel_ht_get_rate(void *priv, struct 
-       sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES];
-       info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
-+      rate->count = 1;
+@@ -750,6 +758,9 @@ static void ar9003_hw_init_mode_gain_reg
+ static void ar9003_hw_configpcipowersave(struct ath_hw *ah,
+                                        bool power_off)
+ {
++      unsigned int i;
++      struct ar5416IniArray *array;
 +
-+      if (sample_idx / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) {
-+              int idx = sample_idx % ARRAY_SIZE(mp->cck_rates);
-+              rate->idx = mp->cck_rates[idx];
-+              rate->flags = 0;
-+              return;
-+      }
+       /*
+        * Increase L1 Entry Latency. Some WB222 boards don't have
+        * this change in eeprom/OTP.
+@@ -775,18 +786,13 @@ static void ar9003_hw_configpcipowersave
+        * Configire PCIE after Ini init. SERDES values now come from ini file
+        * This enables PCIe low power mode.
+        */
+-      if (ah->config.pcieSerDesWrite) {
+-              unsigned int i;
+-              struct ar5416IniArray *array;
+-
+-              array = power_off ? &ah->iniPcieSerdes :
+-                                  &ah->iniPcieSerdesLowPower;
+-
+-              for (i = 0; i < array->ia_rows; i++) {
+-                      REG_WRITE(ah,
+-                                INI_RA(array, i, 0),
+-                                INI_RA(array, i, 1));
+-              }
++      array = power_off ? &ah->iniPcieSerdes :
++              &ah->iniPcieSerdesLowPower;
 +
-       rate->idx = sample_idx % MCS_GROUP_RATES +
-                   (sample_group->streams - 1) * MCS_GROUP_RATES;
-       rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags;
--      rate->count = 1;
++      for (i = 0; i < array->ia_rows; i++) {
++              REG_WRITE(ah,
++                        INI_RA(array, i, 0),
++                        INI_RA(array, i, 1));
+       }
  }
  
- static void
-@@ -820,6 +831,9 @@ minstrel_ht_update_cck(struct minstrel_p
-       if (sband->band != IEEE80211_BAND_2GHZ)
-               return;
-+      if (!(mp->hw->flags & IEEE80211_HW_SUPPORTS_HT_CCK_RATES))
-+              return;
-+
-       mi->cck_supported = 0;
-       mi->cck_supported_short = 0;
-       for (i = 0; i < 4; i++) {
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -936,8 +936,14 @@ ieee80211_rx_h_check(struct ieee80211_rx
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
-       struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
+--- a/drivers/net/wireless/ath/ath9k/ar9340_initvals.h
++++ b/drivers/net/wireless/ath/ath9k/ar9340_initvals.h
+@@ -1447,4 +1447,106 @@ static const u32 ar9340_1p0_soc_preamble
+       {0x00007038, 0x000004c2},
+ };
  
--      /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
--      if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
-+      /*
-+       * Drop duplicate 802.11 retransmissions
-+       * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery")
-+       */
-+      if (rx->skb->len >= 24 && rx->sta &&
-+          !ieee80211_is_ctl(hdr->frame_control) &&
-+          !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
-+          !is_multicast_ether_addr(hdr->addr1)) {
-               if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
-                            rx->sta->last_seq_ctrl[rx->seqno_idx] ==
-                            hdr->seq_ctrl)) {
-@@ -2369,6 +2375,7 @@ ieee80211_rx_h_action(struct ieee80211_r
-                   sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
-                   sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
-                   sdata->vif.type != NL80211_IFTYPE_AP &&
-+                  sdata->vif.type != NL80211_IFTYPE_WDS &&
-                   sdata->vif.type != NL80211_IFTYPE_ADHOC)
-                       break;
-@@ -2720,14 +2727,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
-       if (!ieee80211_vif_is_mesh(&sdata->vif) &&
-           sdata->vif.type != NL80211_IFTYPE_ADHOC &&
--          sdata->vif.type != NL80211_IFTYPE_STATION)
-+          sdata->vif.type != NL80211_IFTYPE_STATION &&
-+          sdata->vif.type != NL80211_IFTYPE_WDS)
-               return RX_DROP_MONITOR;
-       switch (stype) {
-       case cpu_to_le16(IEEE80211_STYPE_AUTH):
-       case cpu_to_le16(IEEE80211_STYPE_BEACON):
-       case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
--              /* process for all: mesh, mlme, ibss */
-+              /* process for all: mesh, mlme, ibss, wds */
-               break;
-       case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
-       case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
-@@ -3008,6 +3016,9 @@ static int prepare_for_handlers(struct i
-       case NL80211_IFTYPE_ADHOC:
-               if (!bssid)
-                       return 0;
-+              if (ether_addr_equal(sdata->vif.addr, hdr->addr2) ||
-+                  ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
-+                      return 0;
-               if (ieee80211_is_beacon(hdr->frame_control)) {
-                       return 1;
-               } else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
-@@ -3059,10 +3070,16 @@ static int prepare_for_handlers(struct i
-               }
-               break;
-       case NL80211_IFTYPE_WDS:
--              if (bssid || !ieee80211_is_data(hdr->frame_control))
--                      return 0;
-               if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2))
-                       return 0;
-+
-+              if (ieee80211_is_data(hdr->frame_control) ||
-+                  ieee80211_is_action(hdr->frame_control)) {
-+                      if (compare_ether_addr(sdata->vif.addr, hdr->addr1))
-+                              return 0;
-+              } else if (!ieee80211_is_beacon(hdr->frame_control))
-+                      return 0;
++static const u32 ar9340_cus227_tx_gain_table_1p0[][5] = {
++      /* Addr      5G_HT20     5G_HT40     2G_HT40     2G_HT20   */
++      {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352},
++      {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584},
++      {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800},
++      {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
++      {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9},
++      {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002},
++      {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004},
++      {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200},
++      {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202},
++      {0x0000a514, 0x1c000223, 0x1c000223, 0x11000400, 0x11000400},
++      {0x0000a518, 0x21002220, 0x21002220, 0x15000402, 0x15000402},
++      {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404},
++      {0x0000a520, 0x2c022220, 0x2c022220, 0x1b000603, 0x1b000603},
++      {0x0000a524, 0x30022222, 0x30022222, 0x1f000a02, 0x1f000a02},
++      {0x0000a528, 0x35022225, 0x35022225, 0x23000a04, 0x23000a04},
++      {0x0000a52c, 0x3b02222a, 0x3b02222a, 0x26000a20, 0x26000a20},
++      {0x0000a530, 0x3f02222c, 0x3f02222c, 0x2a000e20, 0x2a000e20},
++      {0x0000a534, 0x4202242a, 0x4202242a, 0x2e000e22, 0x2e000e22},
++      {0x0000a538, 0x4702244a, 0x4702244a, 0x31000e24, 0x31000e24},
++      {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x34001640, 0x34001640},
++      {0x0000a540, 0x4e02246c, 0x4e02246c, 0x38001660, 0x38001660},
++      {0x0000a544, 0x5302266c, 0x5302266c, 0x3b001861, 0x3b001861},
++      {0x0000a548, 0x5702286c, 0x5702286c, 0x3e001a81, 0x3e001a81},
++      {0x0000a54c, 0x5c02486b, 0x5c02486b, 0x42001a83, 0x42001a83},
++      {0x0000a550, 0x61024a6c, 0x61024a6c, 0x44001c84, 0x44001c84},
++      {0x0000a554, 0x66026a6c, 0x66026a6c, 0x48001ce3, 0x48001ce3},
++      {0x0000a558, 0x6b026e6c, 0x6b026e6c, 0x4c001ce5, 0x4c001ce5},
++      {0x0000a55c, 0x7002708c, 0x7002708c, 0x50001ce9, 0x50001ce9},
++      {0x0000a560, 0x7302b08a, 0x7302b08a, 0x54001ceb, 0x54001ceb},
++      {0x0000a564, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a568, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a56c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a570, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a574, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a578, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a57c, 0x7702b08c, 0x7702b08c, 0x56001eec, 0x56001eec},
++      {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000},
++      {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002},
++      {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004},
++      {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200},
++      {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202},
++      {0x0000a594, 0x1c800223, 0x1c800223, 0x11800400, 0x11800400},
++      {0x0000a598, 0x21820220, 0x21820220, 0x15800402, 0x15800402},
++      {0x0000a59c, 0x27820223, 0x27820223, 0x19800404, 0x19800404},
++      {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1b800603, 0x1b800603},
++      {0x0000a5a4, 0x2f822222, 0x2f822222, 0x1f800a02, 0x1f800a02},
++      {0x0000a5a8, 0x34822225, 0x34822225, 0x23800a04, 0x23800a04},
++      {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x26800a20, 0x26800a20},
++      {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2a800e20, 0x2a800e20},
++      {0x0000a5b4, 0x4282242a, 0x4282242a, 0x2e800e22, 0x2e800e22},
++      {0x0000a5b8, 0x4782244a, 0x4782244a, 0x31800e24, 0x31800e24},
++      {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x34801640, 0x34801640},
++      {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x38801660, 0x38801660},
++      {0x0000a5c4, 0x5382266c, 0x5382266c, 0x3b801861, 0x3b801861},
++      {0x0000a5c8, 0x5782286c, 0x5782286c, 0x3e801a81, 0x3e801a81},
++      {0x0000a5cc, 0x5c84286b, 0x5c84286b, 0x42801a83, 0x42801a83},
++      {0x0000a5d0, 0x61842a6c, 0x61842a6c, 0x44801c84, 0x44801c84},
++      {0x0000a5d4, 0x66862a6c, 0x66862a6c, 0x48801ce3, 0x48801ce3},
++      {0x0000a5d8, 0x6b862e6c, 0x6b862e6c, 0x4c801ce5, 0x4c801ce5},
++      {0x0000a5dc, 0x7086308c, 0x7086308c, 0x50801ce9, 0x50801ce9},
++      {0x0000a5e0, 0x738a308a, 0x738a308a, 0x54801ceb, 0x54801ceb},
++      {0x0000a5e4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5e8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5ec, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5f0, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5f4, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5f8, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a5fc, 0x778a308c, 0x778a308c, 0x56801eec, 0x56801eec},
++      {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
++      {0x0000a614, 0x01404000, 0x01404000, 0x01404000, 0x01404000},
++      {0x0000a618, 0x01404501, 0x01404501, 0x01404501, 0x01404501},
++      {0x0000a61c, 0x02008802, 0x02008802, 0x02008501, 0x02008501},
++      {0x0000a620, 0x0300cc03, 0x0300cc03, 0x0280ca03, 0x0280ca03},
++      {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04},
++      {0x0000a628, 0x0300cc03, 0x0300cc03, 0x04014c04, 0x04014c04},
++      {0x0000a62c, 0x03810c03, 0x03810c03, 0x04015005, 0x04015005},
++      {0x0000a630, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
++      {0x0000a634, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
++      {0x0000a638, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
++      {0x0000a63c, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
++      {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352},
++      {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584},
++      {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800},
++      {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
++      {0x00016044, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4},
++      {0x00016048, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266},
++      {0x00016280, 0x01000015, 0x01000015, 0x01001015, 0x01001015},
++      {0x00016288, 0x30318000, 0x30318000, 0x00318000, 0x00318000},
++      {0x00016444, 0x056db2db, 0x056db2db, 0x03b6d2e4, 0x03b6d2e4},
++      {0x00016448, 0x24925666, 0x24925666, 0x8e481266, 0x8e481266},
++      {0x0000a3a4, 0x00000011, 0x00000011, 0x00000011, 0x00000011},
++      {0x0000a3a8, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c, 0x3c3c3c3c},
++      {0x0000a3ac, 0x30303030, 0x30303030, 0x30303030, 0x30303030},
++};
 +
-               break;
-       case NL80211_IFTYPE_P2P_DEVICE:
-               if (!ieee80211_is_public_action(hdr, skb->len) &&
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -32,7 +32,6 @@
-  * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble
-  *    frames.
-  * @WLAN_STA_WME: Station is a QoS-STA.
-- * @WLAN_STA_WDS: Station is one of our WDS peers.
-  * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the
-  *    IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next
-  *    frame to this station is transmitted.
-@@ -66,7 +65,6 @@ enum ieee80211_sta_info_flags {
-       WLAN_STA_AUTHORIZED,
-       WLAN_STA_SHORT_PREAMBLE,
-       WLAN_STA_WME,
--      WLAN_STA_WDS,
-       WLAN_STA_CLEAR_PS_FILT,
-       WLAN_STA_MFP,
-       WLAN_STA_BLOCK_BA,
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -135,6 +135,9 @@ static struct ath_frame_info *get_frame_
+ #endif /* INITVALS_9340_H */
+--- a/drivers/net/wireless/ath/ath9k/ath9k.h
++++ b/drivers/net/wireless/ath/ath9k/ath9k.h
+@@ -459,6 +459,7 @@ void ath_check_ani(struct ath_softc *sc)
+ int ath_update_survey_stats(struct ath_softc *sc);
+ void ath_update_survey_nf(struct ath_softc *sc, int channel);
+ void ath9k_queue_reset(struct ath_softc *sc, enum ath_reset_type type);
++void ath_ps_full_sleep(unsigned long data);
  
- static void ath_send_bar(struct ath_atx_tid *tid, u16 seqno)
- {
-+      if (!tid->an->sta)
-+              return;
-+
-       ieee80211_send_bar(tid->an->vif, tid->an->sta->addr, tid->tidno,
-                          seqno << IEEE80211_SEQ_SEQ_SHIFT);
- }
-@@ -146,6 +149,93 @@ static void ath_set_rates(struct ieee802
-                              ARRAY_SIZE(bf->rates));
+ /**********/
+ /* BTCOEX */
+@@ -570,6 +571,34 @@ static inline void ath_fill_led_pin(stru
  }
+ #endif
  
-+static void ath_txq_skb_done(struct ath_softc *sc, struct ath_txq *txq,
-+                           struct sk_buff *skb)
-+{
-+      int q;
-+
-+      q = skb_get_queue_mapping(skb);
-+      if (txq == sc->tx.uapsdq)
-+              txq = sc->tx.txq_map[q];
-+
-+      if (txq != sc->tx.txq_map[q])
-+              return;
-+
-+      if (WARN_ON(--txq->pending_frames < 0))
-+              txq->pending_frames = 0;
-+
-+      if (txq->stopped &&
-+          txq->pending_frames < sc->tx.txq_max_pending[q]) {
-+              ieee80211_wake_queue(sc->hw, q);
-+              txq->stopped = false;
-+      }
-+}
-+
-+static struct ath_atx_tid *
-+ath_get_skb_tid(struct ath_softc *sc, struct ath_node *an, struct sk_buff *skb)
++/************************/
++/* Wake on Wireless LAN */
++/************************/
++
++#ifdef CONFIG_ATH9K_WOW
++void ath9k_init_wow(struct ieee80211_hw *hw);
++int ath9k_suspend(struct ieee80211_hw *hw,
++                struct cfg80211_wowlan *wowlan);
++int ath9k_resume(struct ieee80211_hw *hw);
++void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled);
++#else
++static inline void ath9k_init_wow(struct ieee80211_hw *hw)
 +{
-+      struct ieee80211_hdr *hdr;
-+      u8 tidno = 0;
-+
-+      hdr = (struct ieee80211_hdr *) skb->data;
-+      if (ieee80211_is_data_qos(hdr->frame_control))
-+              tidno = ieee80211_get_qos_ctl(hdr)[0];
-+
-+      tidno &= IEEE80211_QOS_CTL_TID_MASK;
-+      return ATH_AN_2_TID(an, tidno);
 +}
-+
-+static bool ath_tid_has_buffered(struct ath_atx_tid *tid)
++static inline int ath9k_suspend(struct ieee80211_hw *hw,
++                              struct cfg80211_wowlan *wowlan)
 +{
-+      return !skb_queue_empty(&tid->buf_q) || !skb_queue_empty(&tid->retry_q);
++      return 0;
 +}
-+
-+static struct sk_buff *ath_tid_dequeue(struct ath_atx_tid *tid)
++static inline int ath9k_resume(struct ieee80211_hw *hw)
 +{
-+      struct sk_buff *skb;
-+
-+      skb = __skb_dequeue(&tid->retry_q);
-+      if (!skb)
-+              skb = __skb_dequeue(&tid->buf_q);
-+
-+      return skb;
++      return 0;
 +}
-+
-+/*
-+ * ath_tx_tid_change_state:
-+ * - clears a-mpdu flag of previous session
-+ * - force sequence number allocation to fix next BlockAck Window
-+ */
-+static void
-+ath_tx_tid_change_state(struct ath_softc *sc, struct ath_atx_tid *tid)
++static inline void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
 +{
-+      struct ath_txq *txq = tid->ac->txq;
-+      struct ieee80211_tx_info *tx_info;
-+      struct sk_buff *skb, *tskb;
-+      struct ath_buf *bf;
-+      struct ath_frame_info *fi;
-+
-+      skb_queue_walk_safe(&tid->buf_q, skb, tskb) {
-+              fi = get_frame_info(skb);
-+              bf = fi->bf;
-+
-+              tx_info = IEEE80211_SKB_CB(skb);
-+              tx_info->flags &= ~IEEE80211_TX_CTL_AMPDU;
-+
-+              if (bf)
-+                      continue;
-+
-+              bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-+              if (!bf) {
-+                      __skb_unlink(skb, &tid->buf_q);
-+                      ath_txq_skb_done(sc, txq, skb);
-+                      ieee80211_free_txskb(sc->hw, skb);
-+                      continue;
-+              }
-+      }
-+
 +}
++#endif /* CONFIG_ATH9K_WOW */
 +
- static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
- {
-       struct ath_txq *txq = tid->ac->txq;
-@@ -160,27 +250,22 @@ static void ath_tx_flush_tid(struct ath_
-       memset(&ts, 0, sizeof(ts));
--      while ((skb = __skb_dequeue(&tid->buf_q))) {
-+      while ((skb = __skb_dequeue(&tid->retry_q))) {
-               fi = get_frame_info(skb);
-               bf = fi->bf;
--
-               if (!bf) {
--                      bf = ath_tx_setup_buffer(sc, txq, tid, skb);
--                      if (!bf) {
--                              ieee80211_free_txskb(sc->hw, skb);
--                              continue;
--                      }
-+                      ath_txq_skb_done(sc, txq, skb);
-+                      ieee80211_free_txskb(sc->hw, skb);
-+                      continue;
-               }
--              if (fi->retries) {
--                      list_add_tail(&bf->list, &bf_head);
-+              if (fi->baw_tracked) {
-                       ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
--                      ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
-                       sendbar = true;
--              } else {
--                      ath_set_rates(tid->an->vif, tid->an->sta, bf);
--                      ath_tx_send_normal(sc, txq, NULL, skb);
-               }
-+
-+              list_add_tail(&bf->list, &bf_head);
-+              ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
-       }
+ /*******************************/
+ /* Antenna diversity/combining */
+ /*******************************/
+@@ -723,6 +752,7 @@ struct ath_softc {
+       struct work_struct hw_check_work;
+       struct work_struct hw_reset_work;
+       struct completion paprd_complete;
++      wait_queue_head_t tx_wait;
  
-       if (sendbar) {
-@@ -209,13 +294,16 @@ static void ath_tx_update_baw(struct ath
- }
+       unsigned int hw_busy_count;
+       unsigned long sc_flags;
+@@ -759,6 +789,7 @@ struct ath_softc {
+       struct delayed_work tx_complete_work;
+       struct delayed_work hw_pll_work;
+       struct timer_list rx_poll_timer;
++      struct timer_list sleep_timer;
  
- static void ath_tx_addto_baw(struct ath_softc *sc, struct ath_atx_tid *tid,
--                           u16 seqno)
-+                           struct ath_buf *bf)
- {
-+      struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu);
-+      u16 seqno = bf->bf_state.seqno;
-       int index, cindex;
-       index  = ATH_BA_INDEX(tid->seq_start, seqno);
-       cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1);
-       __set_bit(cindex, tid->tx_buf);
-+      fi->baw_tracked = 1;
-       if (index >= ((tid->baw_tail - tid->baw_head) &
-               (ATH_TID_MAX_BUFS - 1))) {
-@@ -224,12 +312,6 @@ static void ath_tx_addto_baw(struct ath_
+ #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
+       struct ath_btcoex btcoex;
+@@ -783,7 +814,7 @@ struct ath_softc {
+       bool tx99_state;
+       s16 tx99_power;
+-#ifdef CONFIG_PM_SLEEP
++#ifdef CONFIG_ATH9K_WOW
+       atomic_t wow_got_bmiss_intr;
+       atomic_t wow_sleep_proc_intr; /* in the middle of WoW sleep ? */
+       u32 wow_intr_before_sleep;
+@@ -946,10 +977,25 @@ struct fft_sample_ht20_40 {
+       u8 data[SPECTRAL_HT20_40_NUM_BINS];
+ } __packed;
+-int ath9k_tx99_init(struct ath_softc *sc);
+-void ath9k_tx99_deinit(struct ath_softc *sc);
++/********/
++/* TX99 */
++/********/
++
++#ifdef CONFIG_ATH9K_TX99
++void ath9k_tx99_init_debug(struct ath_softc *sc);
+ int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb,
+                   struct ath_tx_control *txctl);
++#else
++static inline void ath9k_tx99_init_debug(struct ath_softc *sc)
++{
++}
++static inline int ath9k_tx99_send(struct ath_softc *sc,
++                                struct sk_buff *skb,
++                                struct ath_tx_control *txctl)
++{
++      return 0;
++}
++#endif /* CONFIG_ATH9K_TX99 */
+ void ath9k_tasklet(unsigned long data);
+ int ath_cabq_update(struct ath_softc *);
+@@ -966,6 +1012,9 @@ extern bool is_ath9k_unloaded;
+ u8 ath9k_parse_mpdudensity(u8 mpdudensity);
+ irqreturn_t ath_isr(int irq, void *dev);
++int ath_reset(struct ath_softc *sc);
++void ath_cancel_work(struct ath_softc *sc);
++void ath_restart_work(struct ath_softc *sc);
+ int ath9k_init_device(u16 devid, struct ath_softc *sc,
+                   const struct ath_bus_ops *bus_ops);
+ void ath9k_deinit_device(struct ath_softc *sc);
+--- a/drivers/net/wireless/ath/ath9k/debug.c
++++ b/drivers/net/wireless/ath/ath9k/debug.c
+@@ -1782,111 +1782,6 @@ void ath9k_deinit_debug(struct ath_softc
        }
  }
  
--/*
-- * TODO: For frame(s) that are in the retry state, we will reuse the
-- * sequence number(s) without setting the retry bit. The
-- * alternative is to give up on these and BAR the receiver's window
-- * forward.
-- */
- static void ath_tid_drain(struct ath_softc *sc, struct ath_txq *txq,
-                         struct ath_atx_tid *tid)
-@@ -243,7 +325,7 @@ static void ath_tid_drain(struct ath_sof
-       memset(&ts, 0, sizeof(ts));
-       INIT_LIST_HEAD(&bf_head);
--      while ((skb = __skb_dequeue(&tid->buf_q))) {
-+      while ((skb = ath_tid_dequeue(tid))) {
-               fi = get_frame_info(skb);
-               bf = fi->bf;
-@@ -253,14 +335,8 @@ static void ath_tid_drain(struct ath_sof
-               }
-               list_add_tail(&bf->list, &bf_head);
+-static ssize_t read_file_tx99(struct file *file, char __user *user_buf,
+-                            size_t count, loff_t *ppos)
+-{
+-      struct ath_softc *sc = file->private_data;
+-      char buf[3];
+-      unsigned int len;
 -
--              ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
-               ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
-       }
+-      len = sprintf(buf, "%d\n", sc->tx99_state);
+-      return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+-}
 -
--      tid->seq_next = tid->seq_start;
--      tid->baw_tail = tid->baw_head;
--      tid->bar_index = -1;
- }
- static void ath_tx_set_retry(struct ath_softc *sc, struct ath_txq *txq,
-@@ -323,6 +399,7 @@ static struct ath_buf* ath_clone_txbuf(s
-       tbf->bf_buf_addr = bf->bf_buf_addr;
-       memcpy(tbf->bf_desc, bf->bf_desc, sc->sc_ah->caps.tx_desc_len);
-       tbf->bf_state = bf->bf_state;
-+      tbf->bf_state.stale = false;
+-static ssize_t write_file_tx99(struct file *file, const char __user *user_buf,
+-                             size_t count, loff_t *ppos)
+-{
+-      struct ath_softc *sc = file->private_data;
+-      struct ath_common *common = ath9k_hw_common(sc->sc_ah);
+-      char buf[32];
+-      bool start;
+-      ssize_t len;
+-      int r;
+-
+-      if (sc->nvifs > 1)
+-              return -EOPNOTSUPP;
+-
+-      len = min(count, sizeof(buf) - 1);
+-      if (copy_from_user(buf, user_buf, len))
+-              return -EFAULT;
+-
+-      if (strtobool(buf, &start))
+-              return -EINVAL;
+-
+-      if (start == sc->tx99_state) {
+-              if (!start)
+-                      return count;
+-              ath_dbg(common, XMIT, "Resetting TX99\n");
+-              ath9k_tx99_deinit(sc);
+-      }
+-
+-      if (!start) {
+-              ath9k_tx99_deinit(sc);
+-              return count;
+-      }
+-
+-      r = ath9k_tx99_init(sc);
+-      if (r)
+-              return r;
+-
+-      return count;
+-}
+-
+-static const struct file_operations fops_tx99 = {
+-      .read = read_file_tx99,
+-      .write = write_file_tx99,
+-      .open = simple_open,
+-      .owner = THIS_MODULE,
+-      .llseek = default_llseek,
+-};
+-
+-static ssize_t read_file_tx99_power(struct file *file,
+-                                  char __user *user_buf,
+-                                  size_t count, loff_t *ppos)
+-{
+-      struct ath_softc *sc = file->private_data;
+-      char buf[32];
+-      unsigned int len;
+-
+-      len = sprintf(buf, "%d (%d dBm)\n",
+-                    sc->tx99_power,
+-                    sc->tx99_power / 2);
+-
+-      return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+-}
+-
+-static ssize_t write_file_tx99_power(struct file *file,
+-                                   const char __user *user_buf,
+-                                   size_t count, loff_t *ppos)
+-{
+-      struct ath_softc *sc = file->private_data;
+-      int r;
+-      u8 tx_power;
+-
+-      r = kstrtou8_from_user(user_buf, count, 0, &tx_power);
+-      if (r)
+-              return r;
+-
+-      if (tx_power > MAX_RATE_POWER)
+-              return -EINVAL;
+-
+-      sc->tx99_power = tx_power;
+-
+-      ath9k_ps_wakeup(sc);
+-      ath9k_hw_tx99_set_txpower(sc->sc_ah, sc->tx99_power);
+-      ath9k_ps_restore(sc);
+-
+-      return count;
+-}
+-
+-static const struct file_operations fops_tx99_power = {
+-      .read = read_file_tx99_power,
+-      .write = write_file_tx99_power,
+-      .open = simple_open,
+-      .owner = THIS_MODULE,
+-      .llseek = default_llseek,
+-};
+-
+ int ath9k_init_debug(struct ath_hw *ah)
+ {
+       struct ath_common *common = ath9k_hw_common(ah);
+@@ -1903,6 +1798,7 @@ int ath9k_init_debug(struct ath_hw *ah)
+ #endif
  
-       return tbf;
- }
-@@ -380,7 +457,6 @@ static void ath_tx_complete_aggr(struct 
-       struct ieee80211_tx_rate rates[4];
-       struct ath_frame_info *fi;
-       int nframes;
--      u8 tidno;
-       bool flush = !!(ts->ts_status & ATH9K_TX_FLUSH);
-       int i, retries;
-       int bar_index = -1;
-@@ -406,7 +482,7 @@ static void ath_tx_complete_aggr(struct 
-               while (bf) {
-                       bf_next = bf->bf_next;
--                      if (!bf->bf_stale || bf_next != NULL)
-+                      if (!bf->bf_state.stale || bf_next != NULL)
-                               list_move_tail(&bf->list, &bf_head);
-                       ath_tx_complete_buf(sc, bf, txq, &bf_head, ts, 0);
-@@ -417,8 +493,7 @@ static void ath_tx_complete_aggr(struct 
-       }
+       ath9k_dfs_init_debug(sc);
++      ath9k_tx99_init_debug(sc);
  
-       an = (struct ath_node *)sta->drv_priv;
--      tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK;
--      tid = ATH_AN_2_TID(an, tidno);
-+      tid = ath_get_skb_tid(sc, an, skb);
-       seq_first = tid->seq_start;
-       isba = ts->ts_flags & ATH9K_TX_BA;
+       debugfs_create_file("dma", S_IRUSR, sc->debug.debugfs_phy, sc,
+                           &fops_dma);
+@@ -1978,15 +1874,6 @@ int ath9k_init_debug(struct ath_hw *ah)
+       debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc,
+                           &fops_btcoex);
+ #endif
+-      if (config_enabled(CPTCFG_ATH9K_TX99) &&
+-          AR_SREV_9300_20_OR_LATER(ah)) {
+-              debugfs_create_file("tx99", S_IRUSR | S_IWUSR,
+-                                  sc->debug.debugfs_phy, sc,
+-                                  &fops_tx99);
+-              debugfs_create_file("tx99_power", S_IRUSR | S_IWUSR,
+-                                  sc->debug.debugfs_phy, sc,
+-                                  &fops_tx99_power);
+-      }
  
-@@ -430,7 +505,7 @@ static void ath_tx_complete_aggr(struct 
-        * Only BlockAcks have a TID and therefore normal Acks cannot be
-        * checked
-        */
--      if (isba && tidno != ts->tid)
-+      if (isba && tid->tidno != ts->tid)
-               txok = false;
-       isaggr = bf_isaggr(bf);
-@@ -466,7 +541,8 @@ static void ath_tx_complete_aggr(struct 
-               tx_info = IEEE80211_SKB_CB(skb);
-               fi = get_frame_info(skb);
--              if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno)) {
-+              if (!BAW_WITHIN(tid->seq_start, tid->baw_size, seqno) ||
-+                  !tid->active) {
-                       /*
-                        * Outside of the current BlockAck window,
-                        * maybe part of a previous session
-@@ -499,7 +575,7 @@ static void ath_tx_complete_aggr(struct 
-                * not a holding desc.
-                */
-               INIT_LIST_HEAD(&bf_head);
--              if (bf_next != NULL || !bf_last->bf_stale)
-+              if (bf_next != NULL || !bf_last->bf_state.stale)
-                       list_move_tail(&bf->list, &bf_head);
-               if (!txpending) {
-@@ -523,7 +599,7 @@ static void ath_tx_complete_aggr(struct 
-                               ieee80211_sta_eosp(sta);
-                       }
-                       /* retry the un-acked ones */
--                      if (bf->bf_next == NULL && bf_last->bf_stale) {
-+                      if (bf->bf_next == NULL && bf_last->bf_state.stale) {
-                               struct ath_buf *tbf;
-                               tbf = ath_clone_txbuf(sc, bf_last);
-@@ -560,7 +636,7 @@ static void ath_tx_complete_aggr(struct 
-               if (an->sleeping)
-                       ieee80211_sta_set_buffered(sta, tid->tidno, true);
--              skb_queue_splice(&bf_pending, &tid->buf_q);
-+              skb_queue_splice_tail(&bf_pending, &tid->retry_q);
-               if (!an->sleeping) {
-                       ath_tx_queue_tid(txq, tid);
-@@ -618,7 +694,7 @@ static void ath_tx_process_buffer(struct
-       } else
-               ath_tx_complete_aggr(sc, txq, bf, bf_head, ts, txok);
--      if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT) && !flush)
-+      if (!flush)
-               ath_txq_schedule(sc, txq);
+       return 0;
  }
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -454,7 +454,6 @@ static void ath9k_hw_init_config(struct 
+       }
  
-@@ -792,15 +868,20 @@ static int ath_compute_num_delims(struct
+       ah->config.rx_intr_mitigation = true;
+-      ah->config.pcieSerDesWrite = true;
  
- static struct ath_buf *
- ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq,
--                      struct ath_atx_tid *tid)
-+                      struct ath_atx_tid *tid, struct sk_buff_head **q)
- {
-+      struct ieee80211_tx_info *tx_info;
-       struct ath_frame_info *fi;
-       struct sk_buff *skb;
-       struct ath_buf *bf;
-       u16 seqno;
-       while (1) {
--              skb = skb_peek(&tid->buf_q);
-+              *q = &tid->retry_q;
-+              if (skb_queue_empty(*q))
-+                      *q = &tid->buf_q;
-+
-+              skb = skb_peek(*q);
-               if (!skb)
-                       break;
-@@ -808,13 +889,26 @@ ath_tx_get_tid_subframe(struct ath_softc
-               bf = fi->bf;
-               if (!fi->bf)
-                       bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-+              else
-+                      bf->bf_state.stale = false;
-               if (!bf) {
--                      __skb_unlink(skb, &tid->buf_q);
-+                      __skb_unlink(skb, *q);
-+                      ath_txq_skb_done(sc, txq, skb);
-                       ieee80211_free_txskb(sc->hw, skb);
-                       continue;
-               }
+       /*
+        * We need this for PCI devices only (Cardbus, PCI, miniPCI)
+--- a/drivers/net/wireless/ath/ath9k/hw.h
++++ b/drivers/net/wireless/ath/ath9k/hw.h
+@@ -283,7 +283,6 @@ struct ath9k_ops_config {
+       int additional_swba_backoff;
+       int ack_6mb;
+       u32 cwm_ignore_extcca;
+-      bool pcieSerDesWrite;
+       u8 pcie_clock_req;
+       u32 pcie_waen;
+       u8 analog_shiftreg;
+@@ -920,7 +919,7 @@ struct ath_hw {
+       /* Enterprise mode cap */
+       u32 ent_mode;
+-#ifdef CONFIG_PM_SLEEP
++#ifdef CONFIG_ATH9K_WOW
+       u32 wow_event_mask;
+ #endif
+       bool is_clk_25mhz;
+@@ -1126,7 +1125,7 @@ ath9k_hw_get_btcoex_scheme(struct ath_hw
+ #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */
  
-+              bf->bf_next = NULL;
-+              bf->bf_lastbf = bf;
-+
-+              tx_info = IEEE80211_SKB_CB(skb);
-+              tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT;
-+              if (!(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) {
-+                      bf->bf_state.bf_type = 0;
-+                      return bf;
-+              }
-+
-               bf->bf_state.bf_type = BUF_AMPDU | BUF_AGGR;
-               seqno = bf->bf_state.seqno;
  
-@@ -828,73 +922,52 @@ ath_tx_get_tid_subframe(struct ath_softc
+-#ifdef CONFIG_PM_SLEEP
++#ifdef CONFIG_ATH9K_WOW
+ const char *ath9k_hw_wow_event_to_string(u32 wow_event);
+ void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern,
+                               u8 *user_mask, int pattern_count,
+--- a/drivers/net/wireless/ath/ath9k/init.c
++++ b/drivers/net/wireless/ath/ath9k/init.c
+@@ -683,6 +683,7 @@ static int ath9k_init_softc(u16 devid, s
+       common = ath9k_hw_common(ah);
+       sc->dfs_detector = dfs_pattern_detector_init(common, NL80211_DFS_UNSET);
+       sc->tx99_power = MAX_RATE_POWER + 1;
++      init_waitqueue_head(&sc->tx_wait);
  
-                       INIT_LIST_HEAD(&bf_head);
-                       list_add(&bf->list, &bf_head);
--                      __skb_unlink(skb, &tid->buf_q);
-+                      __skb_unlink(skb, *q);
-                       ath_tx_update_baw(sc, tid, seqno);
-                       ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
-                       continue;
-               }
+       if (!pdata) {
+               ah->ah_flags |= AH_USE_EEPROM;
+@@ -730,6 +731,7 @@ static int ath9k_init_softc(u16 devid, s
+       tasklet_init(&sc->bcon_tasklet, ath9k_beacon_tasklet,
+                    (unsigned long)sc);
  
--              bf->bf_next = NULL;
--              bf->bf_lastbf = bf;
-               return bf;
++      setup_timer(&sc->sleep_timer, ath_ps_full_sleep, (unsigned long)sc);
+       INIT_WORK(&sc->hw_reset_work, ath_reset_work);
+       INIT_WORK(&sc->hw_check_work, ath_hw_check);
+       INIT_WORK(&sc->paprd_work, ath_paprd_calibrate);
+@@ -862,20 +864,11 @@ static const struct ieee80211_iface_comb
+               .max_interfaces = 1,
+               .num_different_channels = 1,
+               .beacon_int_infra_match = true,
+-              .radar_detect_widths =  BIT(NL80211_CHAN_NO_HT) |
+-                                      BIT(NL80211_CHAN_HT20),
++              .radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
++                                      BIT(NL80211_CHAN_WIDTH_20),
        }
+ };
  
-       return NULL;
- }
--static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
--                                           struct ath_txq *txq,
--                                           struct ath_atx_tid *tid,
--                                           struct list_head *bf_q,
--                                           int *aggr_len)
-+static bool
-+ath_tx_form_aggr(struct ath_softc *sc, struct ath_txq *txq,
-+               struct ath_atx_tid *tid, struct list_head *bf_q,
-+               struct ath_buf *bf_first, struct sk_buff_head *tid_q,
-+               int *aggr_len)
+-#ifdef CONFIG_PM
+-static const struct wiphy_wowlan_support ath9k_wowlan_support = {
+-      .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
+-      .n_patterns = MAX_NUM_USER_PATTERN,
+-      .pattern_min_len = 1,
+-      .pattern_max_len = MAX_PATTERN_SIZE,
+-};
+-#endif
+-
+ void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw)
  {
- #define PADBYTES(_len) ((4 - ((_len) % 4)) % 4)
--      struct ath_buf *bf, *bf_first = NULL, *bf_prev = NULL;
--      int rl = 0, nframes = 0, ndelim, prev_al = 0;
-+      struct ath_buf *bf = bf_first, *bf_prev = NULL;
-+      int nframes = 0, ndelim;
-       u16 aggr_limit = 0, al = 0, bpad = 0,
--              al_delta, h_baw = tid->baw_size / 2;
--      enum ATH_AGGR_STATUS status = ATH_AGGR_DONE;
-+          al_delta, h_baw = tid->baw_size / 2;
-       struct ieee80211_tx_info *tx_info;
-       struct ath_frame_info *fi;
-       struct sk_buff *skb;
-+      bool closed = false;
--      do {
--              bf = ath_tx_get_tid_subframe(sc, txq, tid);
--              if (!bf) {
--                      status = ATH_AGGR_BAW_CLOSED;
--                      break;
--              }
-+      bf = bf_first;
-+      aggr_limit = ath_lookup_rate(sc, bf, tid);
+       struct ath_hw *ah = sc->sc_ah;
+@@ -925,16 +918,6 @@ void ath9k_set_hw_capab(struct ath_softc
+       hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_5_10_MHZ;
+       hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
+-#ifdef CONFIG_PM_SLEEP
+-      if ((ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) &&
+-          (sc->driver_data & ATH9K_PCI_WOW) &&
+-          device_can_wakeup(sc->dev))
+-              hw->wiphy->wowlan = &ath9k_wowlan_support;
+-
+-      atomic_set(&sc->wow_sleep_proc_intr, -1);
+-      atomic_set(&sc->wow_got_bmiss_intr, -1);
+-#endif
+-
+       hw->queues = 4;
+       hw->max_rates = 4;
+       hw->channel_change_time = 5000;
+@@ -960,6 +943,7 @@ void ath9k_set_hw_capab(struct ath_softc
+               hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
+                       &sc->sbands[IEEE80211_BAND_5GHZ];
  
-+      do {
-               skb = bf->bf_mpdu;
-               fi = get_frame_info(skb);
++      ath9k_init_wow(hw);
+       ath9k_reload_chainmask_settings(sc);
  
--              if (!bf_first)
--                      bf_first = bf;
--
--              if (!rl) {
--                      ath_set_rates(tid->an->vif, tid->an->sta, bf);
--                      aggr_limit = ath_lookup_rate(sc, bf, tid);
--                      rl = 1;
--              }
--
-               /* do not exceed aggregation limit */
-               al_delta = ATH_AGGR_DELIM_SZ + fi->framelen;
-+              if (nframes) {
-+                      if (aggr_limit < al + bpad + al_delta ||
-+                          ath_lookup_legacy(bf) || nframes >= h_baw)
-+                              break;
--              if (nframes &&
--                  ((aggr_limit < (al + bpad + al_delta + prev_al)) ||
--                   ath_lookup_legacy(bf))) {
--                      status = ATH_AGGR_LIMITED;
--                      break;
--              }
--
--              tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
--              if (nframes && (tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE))
--                      break;
--
--              /* do not exceed subframe limit */
--              if (nframes >= min((int)h_baw, ATH_AMPDU_SUBFRAME_DEFAULT)) {
--                      status = ATH_AGGR_LIMITED;
--                      break;
-+                      tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+                      if ((tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) ||
-+                          !(tx_info->flags & IEEE80211_TX_CTL_AMPDU))
-+                              break;
-               }
-               /* add padding for previous frame to aggregation length */
-@@ -912,22 +985,37 @@ static enum ATH_AGGR_STATUS ath_tx_form_
-               bf->bf_next = NULL;
-               /* link buffers of this frame to the aggregate */
--              if (!fi->retries)
--                      ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
-+              if (!fi->baw_tracked)
-+                      ath_tx_addto_baw(sc, tid, bf);
-               bf->bf_state.ndelim = ndelim;
--              __skb_unlink(skb, &tid->buf_q);
-+              __skb_unlink(skb, tid_q);
-               list_add_tail(&bf->list, bf_q);
-               if (bf_prev)
-                       bf_prev->bf_next = bf;
-               bf_prev = bf;
--      } while (!skb_queue_empty(&tid->buf_q));
-+              bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+              if (!bf) {
-+                      closed = true;
-+                      break;
-+              }
-+      } while (ath_tid_has_buffered(tid));
-+
-+      bf = bf_first;
-+      bf->bf_lastbf = bf_prev;
-+
-+      if (bf == bf_prev) {
-+              al = get_frame_info(bf->bf_mpdu)->framelen;
-+              bf->bf_state.bf_type = BUF_AMPDU;
-+      } else {
-+              TX_STAT_INC(txq->axq_qnum, a_aggr);
-+      }
-       *aggr_len = al;
--      return status;
-+      return closed;
- #undef PADBYTES
- }
-@@ -999,7 +1087,7 @@ void ath_update_max_aggr_framelen(struct
- }
- static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
--                           struct ath_tx_info *info, int len)
-+                           struct ath_tx_info *info, int len, bool rts)
- {
-       struct ath_hw *ah = sc->sc_ah;
-       struct sk_buff *skb;
-@@ -1008,6 +1096,7 @@ static void ath_buf_set_rate(struct ath_
-       const struct ieee80211_rate *rate;
-       struct ieee80211_hdr *hdr;
-       struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu);
-+      u32 rts_thresh = sc->hw->wiphy->rts_threshold;
-       int i;
-       u8 rix = 0;
-@@ -1030,7 +1119,17 @@ static void ath_buf_set_rate(struct ath_
-               rix = rates[i].idx;
-               info->rates[i].Tries = rates[i].count;
--                  if (rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) {
-+              /*
-+               * Handle RTS threshold for unaggregated HT frames.
-+               */
-+              if (bf_isampdu(bf) && !bf_isaggr(bf) &&
-+                  (rates[i].flags & IEEE80211_TX_RC_MCS) &&
-+                  unlikely(rts_thresh != (u32) -1)) {
-+                      if (!rts_thresh || (len > rts_thresh))
-+                              rts = true;
-+              }
-+
-+              if (rts || rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) {
-                       info->rates[i].RateFlags |= ATH9K_RATESERIES_RTS_CTS;
-                       info->flags |= ATH9K_TXDESC_RTSENA;
-               } else if (rates[i].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
-@@ -1123,6 +1222,8 @@ static void ath_tx_fill_desc(struct ath_
-       struct ath_hw *ah = sc->sc_ah;
-       struct ath_buf *bf_first = NULL;
-       struct ath_tx_info info;
-+      u32 rts_thresh = sc->hw->wiphy->rts_threshold;
-+      bool rts = false;
-       memset(&info, 0, sizeof(info));
-       info.is_first = true;
-@@ -1159,7 +1260,22 @@ static void ath_tx_fill_desc(struct ath_
-                               info.flags |= (u32) bf->bf_state.bfs_paprd <<
-                                             ATH9K_TXDESC_PAPRD_S;
--                      ath_buf_set_rate(sc, bf, &info, len);
-+                      /*
-+                       * mac80211 doesn't handle RTS threshold for HT because
-+                       * the decision has to be taken based on AMPDU length
-+                       * and aggregation is done entirely inside ath9k.
-+                       * Set the RTS/CTS flag for the first subframe based
-+                       * on the threshold.
-+                       */
-+                      if (aggr && (bf == bf_first) &&
-+                          unlikely(rts_thresh != (u32) -1)) {
-+                              /*
-+                               * "len" is the size of the entire AMPDU.
-+                               */
-+                              if (!rts_thresh || (len > rts_thresh))
-+                                      rts = true;
-+                      }
-+                      ath_buf_set_rate(sc, bf, &info, len, rts);
-               }
-               info.buf_addr[0] = bf->bf_buf_addr;
-@@ -1188,64 +1304,101 @@ static void ath_tx_fill_desc(struct ath_
-       }
- }
--static void ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq,
--                            struct ath_atx_tid *tid)
-+static void
-+ath_tx_form_burst(struct ath_softc *sc, struct ath_txq *txq,
-+                struct ath_atx_tid *tid, struct list_head *bf_q,
-+                struct ath_buf *bf_first, struct sk_buff_head *tid_q)
- {
--      struct ath_buf *bf;
--      enum ATH_AGGR_STATUS status;
--      struct ieee80211_tx_info *tx_info;
--      struct list_head bf_q;
--      int aggr_len;
-+      struct ath_buf *bf = bf_first, *bf_prev = NULL;
-+      struct sk_buff *skb;
-+      int nframes = 0;
-       do {
--              if (skb_queue_empty(&tid->buf_q))
--                      return;
-+              struct ieee80211_tx_info *tx_info;
-+              skb = bf->bf_mpdu;
--              INIT_LIST_HEAD(&bf_q);
-+              nframes++;
-+              __skb_unlink(skb, tid_q);
-+              list_add_tail(&bf->list, bf_q);
-+              if (bf_prev)
-+                      bf_prev->bf_next = bf;
-+              bf_prev = bf;
--              status = ath_tx_form_aggr(sc, txq, tid, &bf_q, &aggr_len);
-+              if (nframes >= 2)
-+                      break;
--              /*
--               * no frames picked up to be aggregated;
--               * block-ack window is not open.
--               */
--              if (list_empty(&bf_q))
-+              bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+              if (!bf)
-                       break;
--              bf = list_first_entry(&bf_q, struct ath_buf, list);
--              bf->bf_lastbf = list_entry(bf_q.prev, struct ath_buf, list);
-               tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+              if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
-+                      break;
--              if (tid->ac->clear_ps_filter) {
--                      tid->ac->clear_ps_filter = false;
--                      tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
--              } else {
--                      tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT;
--              }
-+              ath_set_rates(tid->an->vif, tid->an->sta, bf);
-+      } while (1);
-+}
--              /* if only one frame, send as non-aggregate */
--              if (bf == bf->bf_lastbf) {
--                      aggr_len = get_frame_info(bf->bf_mpdu)->framelen;
--                      bf->bf_state.bf_type = BUF_AMPDU;
--              } else {
--                      TX_STAT_INC(txq->axq_qnum, a_aggr);
--              }
-+static bool ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq,
-+                            struct ath_atx_tid *tid, bool *stop)
-+{
-+      struct ath_buf *bf;
-+      struct ieee80211_tx_info *tx_info;
-+      struct sk_buff_head *tid_q;
-+      struct list_head bf_q;
-+      int aggr_len = 0;
-+      bool aggr, last = true;
-+
-+      if (!ath_tid_has_buffered(tid))
-+              return false;
--              ath_tx_fill_desc(sc, bf, txq, aggr_len);
--              ath_tx_txqaddbuf(sc, txq, &bf_q, false);
--      } while (txq->axq_ampdu_depth < ATH_AGGR_MIN_QDEPTH &&
--               status != ATH_AGGR_BAW_CLOSED);
-+      INIT_LIST_HEAD(&bf_q);
-+
-+      bf = ath_tx_get_tid_subframe(sc, txq, tid, &tid_q);
-+      if (!bf)
-+              return false;
-+
-+      tx_info = IEEE80211_SKB_CB(bf->bf_mpdu);
-+      aggr = !!(tx_info->flags & IEEE80211_TX_CTL_AMPDU);
-+      if ((aggr && txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) ||
-+              (!aggr && txq->axq_depth >= ATH_NON_AGGR_MIN_QDEPTH)) {
-+              *stop = true;
-+              return false;
-+      }
-+
-+      ath_set_rates(tid->an->vif, tid->an->sta, bf);
-+      if (aggr)
-+              last = ath_tx_form_aggr(sc, txq, tid, &bf_q, bf,
-+                                      tid_q, &aggr_len);
-+      else
-+              ath_tx_form_burst(sc, txq, tid, &bf_q, bf, tid_q);
-+
-+      if (list_empty(&bf_q))
-+              return false;
-+
-+      if (tid->ac->clear_ps_filter || tid->an->no_ps_filter) {
-+              tid->ac->clear_ps_filter = false;
-+              tx_info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
-+      }
-+
-+      ath_tx_fill_desc(sc, bf, txq, aggr_len);
-+      ath_tx_txqaddbuf(sc, txq, &bf_q, false);
-+      return true;
- }
- int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
-                     u16 tid, u16 *ssn)
- {
-       struct ath_atx_tid *txtid;
-+      struct ath_txq *txq;
-       struct ath_node *an;
-       u8 density;
-       an = (struct ath_node *)sta->drv_priv;
-       txtid = ATH_AN_2_TID(an, tid);
-+      txq = txtid->ac->txq;
-+
-+      ath_txq_lock(sc, txq);
-       /* update ampdu factor/density, they may have changed. This may happen
-        * in HT IBSS when a beacon with HT-info is received after the station
-@@ -1258,6 +1411,9 @@ int ath_tx_aggr_start(struct ath_softc *
-               an->mpdudensity = density;
-       }
-+      /* force sequence number allocation for pending frames */
-+      ath_tx_tid_change_state(sc, txtid);
-+
-       txtid->active = true;
-       txtid->paused = true;
-       *ssn = txtid->seq_start = txtid->seq_next;
-@@ -1266,6 +1422,8 @@ int ath_tx_aggr_start(struct ath_softc *
-       memset(txtid->tx_buf, 0, sizeof(txtid->tx_buf));
-       txtid->baw_head = txtid->baw_tail = 0;
-+      ath_txq_unlock_complete(sc, txq);
-+
-       return 0;
- }
-@@ -1277,8 +1435,9 @@ void ath_tx_aggr_stop(struct ath_softc *
-       ath_txq_lock(sc, txq);
-       txtid->active = false;
--      txtid->paused = true;
-+      txtid->paused = false;
-       ath_tx_flush_tid(sc, txtid);
-+      ath_tx_tid_change_state(sc, txtid);
-       ath_txq_unlock_complete(sc, txq);
- }
-@@ -1302,7 +1461,7 @@ void ath_tx_aggr_sleep(struct ieee80211_
-               ath_txq_lock(sc, txq);
--              buffered = !skb_queue_empty(&tid->buf_q);
-+              buffered = ath_tid_has_buffered(tid);
-               tid->sched = false;
-               list_del(&tid->list);
-@@ -1334,7 +1493,7 @@ void ath_tx_aggr_wakeup(struct ath_softc
-               ath_txq_lock(sc, txq);
-               ac->clear_ps_filter = true;
--              if (!skb_queue_empty(&tid->buf_q) && !tid->paused) {
-+              if (!tid->paused && ath_tid_has_buffered(tid)) {
-                       ath_tx_queue_tid(txq, tid);
-                       ath_txq_schedule(sc, txq);
-               }
-@@ -1359,7 +1518,7 @@ void ath_tx_aggr_resume(struct ath_softc
-       tid->baw_size = IEEE80211_MIN_AMPDU_BUF << sta->ht_cap.ampdu_factor;
-       tid->paused = false;
--      if (!skb_queue_empty(&tid->buf_q)) {
-+      if (ath_tid_has_buffered(tid)) {
-               ath_tx_queue_tid(txq, tid);
-               ath_txq_schedule(sc, txq);
-       }
-@@ -1379,6 +1538,7 @@ void ath9k_release_buffered_frames(struc
-       struct ieee80211_tx_info *info;
-       struct list_head bf_q;
-       struct ath_buf *bf_tail = NULL, *bf;
-+      struct sk_buff_head *tid_q;
-       int sent = 0;
-       int i;
-@@ -1394,16 +1554,18 @@ void ath9k_release_buffered_frames(struc
-                       continue;
-               ath_txq_lock(sc, tid->ac->txq);
--              while (!skb_queue_empty(&tid->buf_q) && nframes > 0) {
--                      bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid);
-+              while (nframes > 0) {
-+                      bf = ath_tx_get_tid_subframe(sc, sc->tx.uapsdq, tid, &tid_q);
-                       if (!bf)
-                               break;
--                      __skb_unlink(bf->bf_mpdu, &tid->buf_q);
-+                      __skb_unlink(bf->bf_mpdu, tid_q);
-                       list_add_tail(&bf->list, &bf_q);
-                       ath_set_rates(tid->an->vif, tid->an->sta, bf);
--                      ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
--                      bf->bf_state.bf_type &= ~BUF_AGGR;
-+                      if (bf_isampdu(bf)) {
-+                              ath_tx_addto_baw(sc, tid, bf);
-+                              bf->bf_state.bf_type &= ~BUF_AGGR;
-+                      }
-                       if (bf_tail)
-                               bf_tail->bf_next = bf;
-@@ -1412,7 +1574,7 @@ void ath9k_release_buffered_frames(struc
-                       sent++;
-                       TX_STAT_INC(txq->axq_qnum, a_queued_hw);
--                      if (skb_queue_empty(&tid->buf_q))
-+                      if (an->sta && !ath_tid_has_buffered(tid))
-                               ieee80211_sta_set_buffered(an->sta, i, false);
-               }
-               ath_txq_unlock_complete(sc, tid->ac->txq);
-@@ -1542,16 +1704,9 @@ int ath_cabq_update(struct ath_softc *sc
-       int qnum = sc->beacon.cabq->axq_qnum;
-       ath9k_hw_get_txq_props(sc->sc_ah, qnum, &qi);
--      /*
--       * Ensure the readytime % is within the bounds.
--       */
--      if (sc->config.cabqReadytime < ATH9K_READY_TIME_LO_BOUND)
--              sc->config.cabqReadytime = ATH9K_READY_TIME_LO_BOUND;
--      else if (sc->config.cabqReadytime > ATH9K_READY_TIME_HI_BOUND)
--              sc->config.cabqReadytime = ATH9K_READY_TIME_HI_BOUND;
-       qi.tqi_readyTime = (cur_conf->beacon_interval *
--                          sc->config.cabqReadytime) / 100;
-+                          ATH_CABQ_READY_TIME) / 100;
-       ath_txq_update(sc, qnum, &qi);
-       return 0;
-@@ -1571,7 +1726,7 @@ static void ath_drain_txq_list(struct at
-       while (!list_empty(list)) {
-               bf = list_first_entry(list, struct ath_buf, list);
--              if (bf->bf_stale) {
-+              if (bf->bf_state.stale) {
-                       list_del(&bf->list);
-                       ath_tx_return_buffer(sc, bf);
-@@ -1630,6 +1785,9 @@ bool ath_drain_all_txq(struct ath_softc 
-               if (!ATH_TXQ_SETUP(sc, i))
-                       continue;
-+              if (!sc->tx.txq[i].axq_depth)
-+                      continue;
-+
-               if (ath9k_hw_numtxpending(ah, sc->tx.txq[i].axq_qnum))
-                       npend |= BIT(i);
-       }
-@@ -1665,25 +1823,27 @@ void ath_tx_cleanupq(struct ath_softc *s
-  */
- void ath_txq_schedule(struct ath_softc *sc, struct ath_txq *txq)
- {
--      struct ath_atx_ac *ac, *ac_tmp, *last_ac;
-+      struct ath_atx_ac *ac, *last_ac;
-       struct ath_atx_tid *tid, *last_tid;
-+      bool sent = false;
-       if (test_bit(SC_OP_HW_RESET, &sc->sc_flags) ||
--          list_empty(&txq->axq_acq) ||
--          txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+          list_empty(&txq->axq_acq))
-               return;
-       rcu_read_lock();
--      ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list);
-       last_ac = list_entry(txq->axq_acq.prev, struct ath_atx_ac, list);
-+      while (!list_empty(&txq->axq_acq)) {
-+              bool stop = false;
--      list_for_each_entry_safe(ac, ac_tmp, &txq->axq_acq, list) {
-+              ac = list_first_entry(&txq->axq_acq, struct ath_atx_ac, list);
-               last_tid = list_entry(ac->tid_q.prev, struct ath_atx_tid, list);
-               list_del(&ac->list);
-               ac->sched = false;
-               while (!list_empty(&ac->tid_q)) {
-+
-                       tid = list_first_entry(&ac->tid_q, struct ath_atx_tid,
-                                              list);
-                       list_del(&tid->list);
-@@ -1692,17 +1852,17 @@ void ath_txq_schedule(struct ath_softc *
-                       if (tid->paused)
-                               continue;
--                      ath_tx_sched_aggr(sc, txq, tid);
-+                      if (ath_tx_sched_aggr(sc, txq, tid, &stop))
-+                              sent = true;
-                       /*
-                        * add tid to round-robin queue if more frames
-                        * are pending for the tid
-                        */
--                      if (!skb_queue_empty(&tid->buf_q))
-+                      if (ath_tid_has_buffered(tid))
-                               ath_tx_queue_tid(txq, tid);
--                      if (tid == last_tid ||
--                          txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+                      if (stop || tid == last_tid)
-                               break;
-               }
-@@ -1711,9 +1871,17 @@ void ath_txq_schedule(struct ath_softc *
-                       list_add_tail(&ac->list, &txq->axq_acq);
-               }
--              if (ac == last_ac ||
--                  txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH)
-+              if (stop)
-                       break;
-+
-+              if (ac == last_ac) {
-+                      if (!sent)
-+                              break;
-+
-+                      sent = false;
-+                      last_ac = list_entry(txq->axq_acq.prev,
-+                                           struct ath_atx_ac, list);
-+              }
-       }
-       rcu_read_unlock();
-@@ -1787,74 +1955,28 @@ static void ath_tx_txqaddbuf(struct ath_
-                       if (bf_is_ampdu_not_probing(bf))
-                               txq->axq_ampdu_depth++;
--                      bf = bf->bf_lastbf->bf_next;
-+                      bf_last = bf->bf_lastbf;
-+                      bf = bf_last->bf_next;
-+                      bf_last->bf_next = NULL;
-               }
-       }
- }
--static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_txq *txq,
--                            struct ath_atx_tid *tid, struct sk_buff *skb,
--                            struct ath_tx_control *txctl)
--{
--      struct ath_frame_info *fi = get_frame_info(skb);
--      struct list_head bf_head;
--      struct ath_buf *bf;
--
--      /*
--       * Do not queue to h/w when any of the following conditions is true:
--       * - there are pending frames in software queue
--       * - the TID is currently paused for ADDBA/BAR request
--       * - seqno is not within block-ack window
--       * - h/w queue depth exceeds low water mark
--       */
--      if ((!skb_queue_empty(&tid->buf_q) || tid->paused ||
--           !BAW_WITHIN(tid->seq_start, tid->baw_size, tid->seq_next) ||
--           txq->axq_ampdu_depth >= ATH_AGGR_MIN_QDEPTH) &&
--          txq != sc->tx.uapsdq) {
--              /*
--               * Add this frame to software queue for scheduling later
--               * for aggregation.
--               */
--              TX_STAT_INC(txq->axq_qnum, a_queued_sw);
--              __skb_queue_tail(&tid->buf_q, skb);
--              if (!txctl->an || !txctl->an->sleeping)
--                      ath_tx_queue_tid(txq, tid);
--              return;
--      }
--
--      bf = ath_tx_setup_buffer(sc, txq, tid, skb);
--      if (!bf) {
--              ieee80211_free_txskb(sc->hw, skb);
--              return;
--      }
--
--      ath_set_rates(tid->an->vif, tid->an->sta, bf);
--      bf->bf_state.bf_type = BUF_AMPDU;
--      INIT_LIST_HEAD(&bf_head);
--      list_add(&bf->list, &bf_head);
--
--      /* Add sub-frame to BAW */
--      ath_tx_addto_baw(sc, tid, bf->bf_state.seqno);
--
--      /* Queue to h/w without aggregation */
--      TX_STAT_INC(txq->axq_qnum, a_queued_hw);
--      bf->bf_lastbf = bf;
--      ath_tx_fill_desc(sc, bf, txq, fi->framelen);
--      ath_tx_txqaddbuf(sc, txq, &bf_head, false);
--}
--
- static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
-                              struct ath_atx_tid *tid, struct sk_buff *skb)
- {
-+      struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
-       struct ath_frame_info *fi = get_frame_info(skb);
-       struct list_head bf_head;
--      struct ath_buf *bf;
--
--      bf = fi->bf;
-+      struct ath_buf *bf = fi->bf;
-       INIT_LIST_HEAD(&bf_head);
-       list_add_tail(&bf->list, &bf_head);
-       bf->bf_state.bf_type = 0;
-+      if (tid && (tx_info->flags & IEEE80211_TX_CTL_AMPDU)) {
-+              bf->bf_state.bf_type = BUF_AMPDU;
-+              ath_tx_addto_baw(sc, tid, bf);
-+      }
-       bf->bf_next = NULL;
-       bf->bf_lastbf = bf;
-@@ -1911,8 +2033,7 @@ u8 ath_txchainmask_reduction(struct ath_
-       struct ath_hw *ah = sc->sc_ah;
-       struct ath9k_channel *curchan = ah->curchan;
--      if ((ah->caps.hw_caps & ATH9K_HW_CAP_APM) &&
--          (curchan->channelFlags & CHANNEL_5GHZ) &&
-+      if ((ah->caps.hw_caps & ATH9K_HW_CAP_APM) && IS_CHAN_5GHZ(curchan) &&
-           (chainmask == 0x7) && (rate < 0x90))
-               return 0x3;
-       else if (AR_SREV_9462(ah) && ath9k_hw_btcoex_is_enabled(ah) &&
-@@ -1985,6 +2106,7 @@ static int ath_tx_prepare(struct ieee802
-       struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
-       struct ieee80211_sta *sta = txctl->sta;
-       struct ieee80211_vif *vif = info->control.vif;
-+      struct ath_vif *avp;
-       struct ath_softc *sc = hw->priv;
-       int frmlen = skb->len + FCS_LEN;
-       int padpos, padsize;
-@@ -1992,6 +2114,10 @@ static int ath_tx_prepare(struct ieee802
-       /* NOTE:  sta can be NULL according to net/mac80211.h */
-       if (sta)
-               txctl->an = (struct ath_node *)sta->drv_priv;
-+      else if (vif && ieee80211_is_data(hdr->frame_control)) {
-+              avp = (void *)vif->drv_priv;
-+              txctl->an = &avp->mcast_node;
-+      }
-       if (info->control.hw_key)
-               frmlen += info->control.hw_key->icv_len;
-@@ -2041,7 +2167,6 @@ int ath_tx_start(struct ieee80211_hw *hw
-       struct ath_txq *txq = txctl->txq;
-       struct ath_atx_tid *tid = NULL;
-       struct ath_buf *bf;
--      u8 tidno;
-       int q;
-       int ret;
-@@ -2069,27 +2194,31 @@ int ath_tx_start(struct ieee80211_hw *hw
-               ath_txq_unlock(sc, txq);
-               txq = sc->tx.uapsdq;
-               ath_txq_lock(sc, txq);
--      }
--
--      if (txctl->an && ieee80211_is_data_qos(hdr->frame_control)) {
--              tidno = ieee80211_get_qos_ctl(hdr)[0] &
--                      IEEE80211_QOS_CTL_TID_MASK;
--              tid = ATH_AN_2_TID(txctl->an, tidno);
-+      } else if (txctl->an &&
-+                 ieee80211_is_data_present(hdr->frame_control)) {
-+              tid = ath_get_skb_tid(sc, txctl->an, skb);
-               WARN_ON(tid->ac->txq != txctl->txq);
--      }
--      if ((info->flags & IEEE80211_TX_CTL_AMPDU) && tid) {
-+              if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
-+                      tid->ac->clear_ps_filter = true;
-+
-               /*
--               * Try aggregation if it's a unicast data frame
--               * and the destination is HT capable.
-+               * Add this frame to software queue for scheduling later
-+               * for aggregation.
-                */
--              ath_tx_send_ampdu(sc, txq, tid, skb, txctl);
-+              TX_STAT_INC(txq->axq_qnum, a_queued_sw);
-+              __skb_queue_tail(&tid->buf_q, skb);
-+              if (!txctl->an->sleeping)
-+                      ath_tx_queue_tid(txq, tid);
-+
-+              ath_txq_schedule(sc, txq);
-               goto out;
-       }
-       bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-       if (!bf) {
-+              ath_txq_skb_done(sc, txq, skb);
-               if (txctl->paprd)
-                       dev_kfree_skb_any(skb);
-               else
-@@ -2142,7 +2271,7 @@ void ath_tx_cabq(struct ieee80211_hw *hw
-               bf->bf_lastbf = bf;
-               ath_set_rates(vif, NULL, bf);
--              ath_buf_set_rate(sc, bf, &info, fi->framelen);
-+              ath_buf_set_rate(sc, bf, &info, fi->framelen, false);
-               duration += info.rates[0].PktDuration;
-               if (bf_tail)
-                       bf_tail->bf_next = bf;
-@@ -2189,7 +2318,7 @@ static void ath_tx_complete(struct ath_s
-       struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
-       struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-       struct ieee80211_hdr * hdr = (struct ieee80211_hdr *)skb->data;
--      int q, padpos, padsize;
-+      int padpos, padsize;
-       unsigned long flags;
-       ath_dbg(common, XMIT, "TX complete: skb: %p\n", skb);
-@@ -2225,21 +2354,7 @@ static void ath_tx_complete(struct ath_s
-       spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
-       __skb_queue_tail(&txq->complete_q, skb);
--
--      q = skb_get_queue_mapping(skb);
--      if (txq == sc->tx.uapsdq)
--              txq = sc->tx.txq_map[q];
--
--      if (txq == sc->tx.txq_map[q]) {
--              if (WARN_ON(--txq->pending_frames < 0))
--                      txq->pending_frames = 0;
--
--              if (txq->stopped &&
--                  txq->pending_frames < sc->tx.txq_max_pending[q]) {
--                      ieee80211_wake_queue(sc->hw, q);
--                      txq->stopped = false;
--              }
--      }
-+      ath_txq_skb_done(sc, txq, skb);
- }
- static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf,
-@@ -2360,8 +2475,7 @@ static void ath_tx_processq(struct ath_s
-               if (list_empty(&txq->axq_q)) {
-                       txq->axq_link = NULL;
--                      if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_HT)
--                              ath_txq_schedule(sc, txq);
-+                      ath_txq_schedule(sc, txq);
-                       break;
-               }
-               bf = list_first_entry(&txq->axq_q, struct ath_buf, list);
-@@ -2375,7 +2489,7 @@ static void ath_tx_processq(struct ath_s
-                * it with the STALE flag.
-                */
-               bf_held = NULL;
--              if (bf->bf_stale) {
-+              if (bf->bf_state.stale) {
-                       bf_held = bf;
-                       if (list_is_last(&bf_held->list, &txq->axq_q))
-                               break;
-@@ -2399,7 +2513,7 @@ static void ath_tx_processq(struct ath_s
-                * however leave the last descriptor back as the holding
-                * descriptor for hw.
-                */
--              lastbf->bf_stale = true;
-+              lastbf->bf_state.stale = true;
-               INIT_LIST_HEAD(&bf_head);
-               if (!list_is_singular(&lastbf->list))
-                       list_cut_position(&bf_head,
-@@ -2470,7 +2584,7 @@ void ath_tx_edma_tasklet(struct ath_soft
-               }
+       SET_IEEE80211_PERM_ADDR(hw, common->macaddr);
+@@ -1058,6 +1042,7 @@ static void ath9k_deinit_softc(struct at
+               if (ATH_TXQ_SETUP(sc, i))
+                       ath_tx_cleanupq(sc, &sc->tx.txq[i]);
  
-               bf = list_first_entry(fifo_list, struct ath_buf, list);
--              if (bf->bf_stale) {
-+              if (bf->bf_state.stale) {
-                       list_del(&bf->list);
-                       ath_tx_return_buffer(sc, bf);
-                       bf = list_first_entry(fifo_list, struct ath_buf, list);
-@@ -2492,7 +2606,7 @@ void ath_tx_edma_tasklet(struct ath_soft
-                               ath_tx_txqaddbuf(sc, txq, &bf_q, true);
-                       }
-               } else {
--                      lastbf->bf_stale = true;
-+                      lastbf->bf_state.stale = true;
-                       if (bf != lastbf)
-                               list_cut_position(&bf_head, fifo_list,
-                                                 lastbf->list.prev);
-@@ -2583,6 +2697,7 @@ void ath_tx_node_init(struct ath_softc *
-               tid->paused    = false;
-               tid->active        = false;
-               __skb_queue_head_init(&tid->buf_q);
-+              __skb_queue_head_init(&tid->retry_q);
-               acno = TID_TO_WME_AC(tidno);
-               tid->ac = &an->ac[acno];
-       }
-@@ -2590,6 +2705,7 @@ void ath_tx_node_init(struct ath_softc *
-       for (acno = 0, ac = &an->ac[acno];
-            acno < IEEE80211_NUM_ACS; acno++, ac++) {
-               ac->sched    = false;
-+              ac->clear_ps_filter = true;
-               ac->txq = sc->tx.txq_map[acno];
-               INIT_LIST_HEAD(&ac->tid_q);
-       }
++      del_timer_sync(&sc->sleep_timer);
+       ath9k_hw_deinit(sc->sc_ah);
+       if (sc->dfs_detector != NULL)
+               sc->dfs_detector->exit(sc->dfs_detector);
 --- a/drivers/net/wireless/ath/ath9k/main.c
 +++ b/drivers/net/wireless/ath/ath9k/main.c
 @@ -82,6 +82,22 @@ static bool ath9k_setpower(struct ath_so
                   !(sc->ps_flags & (PS_WAIT_FOR_BEACON |
                                     PS_WAIT_FOR_CAB |
                                     PS_WAIT_FOR_PSPOLL_DATA |
-@@ -173,8 +190,7 @@ static void ath_restart_work(struct ath_
+@@ -163,13 +180,13 @@ static void __ath_cancel_work(struct ath
+ #endif
+ }
+-static void ath_cancel_work(struct ath_softc *sc)
++void ath_cancel_work(struct ath_softc *sc)
+ {
+       __ath_cancel_work(sc);
+       cancel_work_sync(&sc->hw_reset_work);
+ }
+-static void ath_restart_work(struct ath_softc *sc)
++void ath_restart_work(struct ath_softc *sc)
  {
        ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0);
  
--      if (AR_SREV_9340(sc->sc_ah) || AR_SREV_9485(sc->sc_ah) ||
--          AR_SREV_9550(sc->sc_ah))
-+      if (AR_SREV_9340(sc->sc_ah) || AR_SREV_9330(sc->sc_ah))
-               ieee80211_queue_delayed_work(sc->hw, &sc->hw_pll_work,
-                                    msecs_to_jiffies(ATH_PLL_WORK_INTERVAL));
+@@ -487,6 +504,8 @@ void ath9k_tasklet(unsigned long data)
+                       ath_tx_edma_tasklet(sc);
+               else
+                       ath_tx_tasklet(sc);
++
++              wake_up(&sc->tx_wait);
+       }
  
-@@ -209,6 +225,7 @@ static bool ath_complete_reset(struct at
-       struct ath_hw *ah = sc->sc_ah;
-       struct ath_common *common = ath9k_hw_common(ah);
-       unsigned long flags;
-+      int i;
+       ath9k_btcoex_handle_interrupt(sc, status);
+@@ -579,7 +598,8 @@ irqreturn_t ath_isr(int irq, void *dev)
  
-       if (ath_startrecv(sc) != 0) {
-               ath_err(common, "Unable to restart recv logic\n");
-@@ -236,10 +253,16 @@ static bool ath_complete_reset(struct at
+               goto chip_reset;
+       }
+-#ifdef CONFIG_PM_SLEEP
++
++#ifdef CONFIG_ATH9K_WOW
+       if (status & ATH9K_INT_BMISS) {
+               if (atomic_read(&sc->wow_sleep_proc_intr) == 0) {
+                       ath_dbg(common, ANY, "during WoW we got a BMISS\n");
+@@ -588,6 +608,8 @@ irqreturn_t ath_isr(int irq, void *dev)
                }
-       work:
-               ath_restart_work(sc);
--      }
--      if ((ah->caps.hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB) && sc->ant_rx != 3)
--              ath_ant_comb_update(sc);
-+              for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
-+                      if (!ATH_TXQ_SETUP(sc, i))
-+                              continue;
+       }
+ #endif
 +
-+                      spin_lock_bh(&sc->tx.txq[i].axq_lock);
-+                      ath_txq_schedule(sc, &sc->tx.txq[i]);
-+                      spin_unlock_bh(&sc->tx.txq[i].axq_lock);
-+              }
-+      }
++
+       if (status & ATH9K_INT_SWBA)
+               tasklet_schedule(&sc->bcon_tasklet);
  
-       ieee80211_wake_queues(sc->hw);
+@@ -627,7 +649,7 @@ chip_reset:
+ #undef SCHED_INTR
+ }
  
-@@ -306,17 +329,91 @@ out:
-  * by reseting the chip.  To accomplish this we must first cleanup any pending
-  * DMA, then restart stuff.
- */
--static int ath_set_channel(struct ath_softc *sc, struct ieee80211_hw *hw,
--                  struct ath9k_channel *hchan)
-+static int ath_set_channel(struct ath_softc *sc, struct cfg80211_chan_def *chandef)
+-static int ath_reset(struct ath_softc *sc)
++int ath_reset(struct ath_softc *sc)
  {
-+      struct ath_hw *ah = sc->sc_ah;
-+      struct ath_common *common = ath9k_hw_common(ah);
-+      struct ieee80211_hw *hw = sc->hw;
-+      struct ath9k_channel *hchan;
-+      struct ieee80211_channel *chan = chandef->chan;
-+      unsigned long flags;
-+      bool offchannel;
-+      int pos = chan->hw_value;
-+      int old_pos = -1;
        int r;
  
-       if (test_bit(SC_OP_INVALID, &sc->sc_flags))
-               return -EIO;
+@@ -1817,13 +1839,31 @@ static void ath9k_set_coverage_class(str
+       mutex_unlock(&sc->mutex);
+ }
  
-+      offchannel = !!(hw->conf.flags & IEEE80211_CONF_OFFCHANNEL);
-+
-+      if (ah->curchan)
-+              old_pos = ah->curchan - &ah->channels[0];
-+
-+      ath_dbg(common, CONFIG, "Set channel: %d MHz width: %d\n",
-+              chan->center_freq, chandef->width);
-+
-+      /* update survey stats for the old channel before switching */
-+      spin_lock_irqsave(&common->cc_lock, flags);
-+      ath_update_survey_stats(sc);
-+      spin_unlock_irqrestore(&common->cc_lock, flags);
-+
-+      ath9k_cmn_get_channel(hw, ah, chandef);
++static bool ath9k_has_tx_pending(struct ath_softc *sc)
++{
++      int i, npend;
 +
-+      /*
-+       * If the operating channel changes, change the survey in-use flags
-+       * along with it.
-+       * Reset the survey data for the new channel, unless we're switching
-+       * back to the operating channel from an off-channel operation.
-+       */
-+      if (!offchannel && sc->cur_survey != &sc->survey[pos]) {
-+              if (sc->cur_survey)
-+                      sc->cur_survey->filled &= ~SURVEY_INFO_IN_USE;
++      for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
++              if (!ATH_TXQ_SETUP(sc, i))
++                      continue;
 +
-+              sc->cur_survey = &sc->survey[pos];
++              if (!sc->tx.txq[i].axq_depth)
++                      continue;
 +
-+              memset(sc->cur_survey, 0, sizeof(struct survey_info));
-+              sc->cur_survey->filled |= SURVEY_INFO_IN_USE;
-+      } else if (!(sc->survey[pos].filled & SURVEY_INFO_IN_USE)) {
-+              memset(&sc->survey[pos], 0, sizeof(struct survey_info));
++              npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]);
++              if (npend)
++                      break;
 +      }
 +
-+      hchan = &sc->sc_ah->channels[pos];
-       r = ath_reset_internal(sc, hchan);
-+      if (r)
-+              return r;
--      return r;
-+      /*
-+       * The most recent snapshot of channel->noisefloor for the old
-+       * channel is only available after the hardware reset. Copy it to
-+       * the survey stats now.
-+       */
-+      if (old_pos >= 0)
-+              ath_update_survey_nf(sc, old_pos);
-+
-+      /*
-+       * Enable radar pulse detection if on a DFS channel. Spectral
-+       * scanning and radar detection can not be used concurrently.
-+       */
-+      if (hw->conf.radar_enabled) {
-+              u32 rxfilter;
-+
-+              /* set HW specific DFS configuration */
-+              ath9k_hw_set_radar_params(ah);
-+              rxfilter = ath9k_hw_getrxfilter(ah);
-+              rxfilter |= ATH9K_RX_FILTER_PHYRADAR |
-+                              ATH9K_RX_FILTER_PHYERR;
-+              ath9k_hw_setrxfilter(ah, rxfilter);
-+              ath_dbg(common, DFS, "DFS enabled at freq %d\n",
-+                      chan->center_freq);
-+      } else {
-+              /* perform spectral scan if requested. */
-+              if (test_bit(SC_OP_SCANNING, &sc->sc_flags) &&
-+                      sc->spectral_mode == SPECTRAL_CHANSCAN)
-+                      ath9k_spectral_scan_trigger(hw);
-+      }
-+
-+      return 0;
- }
- static void ath_node_attach(struct ath_softc *sc, struct ieee80211_sta *sta,
-@@ -400,6 +497,8 @@ void ath9k_tasklet(unsigned long data)
-                       ath_tx_edma_tasklet(sc);
-               else
-                       ath_tx_tasklet(sc);
-+
-+              wake_up(&sc->tx_wait);
-       }
-       ath9k_btcoex_handle_interrupt(sc, status);
-@@ -543,21 +642,10 @@ chip_reset:
- static int ath_reset(struct ath_softc *sc)
- {
--      int i, r;
-+      int r;
-       ath9k_ps_wakeup(sc);
--
-       r = ath_reset_internal(sc, NULL);
--
--      for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
--              if (!ATH_TXQ_SETUP(sc, i))
--                      continue;
--
--              spin_lock_bh(&sc->tx.txq[i].axq_lock);
--              ath_txq_schedule(sc, &sc->tx.txq[i]);
--              spin_unlock_bh(&sc->tx.txq[i].axq_lock);
--      }
--
-       ath9k_ps_restore(sc);
-       return r;
-@@ -599,7 +687,7 @@ static int ath9k_start(struct ieee80211_
-       ath9k_ps_wakeup(sc);
-       mutex_lock(&sc->mutex);
--      init_channel = ath9k_cmn_get_curchannel(hw, ah);
-+      init_channel = ath9k_cmn_get_channel(hw, ah, &hw->conf.chandef);
-       /* Reset SERDES registers */
-       ath9k_hw_configpcipowersave(ah, false);
-@@ -802,7 +890,7 @@ static void ath9k_stop(struct ieee80211_
-       }
-       if (!ah->curchan)
--              ah->curchan = ath9k_cmn_get_curchannel(hw, ah);
-+              ah->curchan = ath9k_cmn_get_channel(hw, ah, &hw->conf.chandef);
-       ath9k_hw_reset(ah, ah->curchan, ah->caldata, false);
-       ath9k_hw_phy_disable(ah);
-@@ -821,7 +909,7 @@ static void ath9k_stop(struct ieee80211_
-       ath_dbg(common, CONFIG, "Driver halt\n");
- }
--bool ath9k_uses_beacons(int type)
-+static bool ath9k_uses_beacons(int type)
- {
-       switch (type) {
-       case NL80211_IFTYPE_AP:
-@@ -966,6 +1054,8 @@ static int ath9k_add_interface(struct ie
-       struct ath_softc *sc = hw->priv;
-       struct ath_hw *ah = sc->sc_ah;
-       struct ath_common *common = ath9k_hw_common(ah);
-+      struct ath_vif *avp = (void *)vif->drv_priv;
-+      struct ath_node *an = &avp->mcast_node;
-       mutex_lock(&sc->mutex);
-@@ -979,6 +1069,12 @@ static int ath9k_add_interface(struct ie
-       if (ath9k_uses_beacons(vif->type))
-               ath9k_beacon_assign_slot(sc, vif);
-+      an->sc = sc;
-+      an->sta = NULL;
-+      an->vif = vif;
-+      an->no_ps_filter = true;
-+      ath_tx_node_init(sc, an);
-+
-       mutex_unlock(&sc->mutex);
-       return 0;
- }
-@@ -1016,6 +1112,7 @@ static void ath9k_remove_interface(struc
- {
-       struct ath_softc *sc = hw->priv;
-       struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-+      struct ath_vif *avp = (void *)vif->drv_priv;
-       ath_dbg(common, CONFIG, "Detach Interface\n");
-@@ -1030,6 +1127,8 @@ static void ath9k_remove_interface(struc
-       ath9k_calculate_summary_state(hw, NULL);
-       ath9k_ps_restore(sc);
-+      ath_tx_node_cleanup(sc, &avp->mcast_node);
-+
-       mutex_unlock(&sc->mutex);
- }
-@@ -1192,83 +1291,12 @@ static int ath9k_config(struct ieee80211
-       }
-       if ((changed & IEEE80211_CONF_CHANGE_CHANNEL) || reset_channel) {
--              struct ieee80211_channel *curchan = hw->conf.chandef.chan;
--              enum nl80211_channel_type channel_type =
--                      cfg80211_get_chandef_type(&conf->chandef);
--              int pos = curchan->hw_value;
--              int old_pos = -1;
--              unsigned long flags;
--
--              if (ah->curchan)
--                      old_pos = ah->curchan - &ah->channels[0];
--
--              ath_dbg(common, CONFIG, "Set channel: %d MHz type: %d\n",
--                      curchan->center_freq, channel_type);
--
--              /* update survey stats for the old channel before switching */
--              spin_lock_irqsave(&common->cc_lock, flags);
--              ath_update_survey_stats(sc);
--              spin_unlock_irqrestore(&common->cc_lock, flags);
--
--              ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos],
--                                        curchan, channel_type);
--
--              /*
--               * If the operating channel changes, change the survey in-use flags
--               * along with it.
--               * Reset the survey data for the new channel, unless we're switching
--               * back to the operating channel from an off-channel operation.
--               */
--              if (!(hw->conf.flags & IEEE80211_CONF_OFFCHANNEL) &&
--                  sc->cur_survey != &sc->survey[pos]) {
--
--                      if (sc->cur_survey)
--                              sc->cur_survey->filled &= ~SURVEY_INFO_IN_USE;
--
--                      sc->cur_survey = &sc->survey[pos];
--
--                      memset(sc->cur_survey, 0, sizeof(struct survey_info));
--                      sc->cur_survey->filled |= SURVEY_INFO_IN_USE;
--              } else if (!(sc->survey[pos].filled & SURVEY_INFO_IN_USE)) {
--                      memset(&sc->survey[pos], 0, sizeof(struct survey_info));
--              }
--
--              if (ath_set_channel(sc, hw, &sc->sc_ah->channels[pos]) < 0) {
-+              if (ath_set_channel(sc, &hw->conf.chandef) < 0) {
-                       ath_err(common, "Unable to set channel\n");
-                       mutex_unlock(&sc->mutex);
-                       ath9k_ps_restore(sc);
-                       return -EINVAL;
-               }
--
--              /*
--               * The most recent snapshot of channel->noisefloor for the old
--               * channel is only available after the hardware reset. Copy it to
--               * the survey stats now.
--               */
--              if (old_pos >= 0)
--                      ath_update_survey_nf(sc, old_pos);
--
--              /*
--               * Enable radar pulse detection if on a DFS channel. Spectral
--               * scanning and radar detection can not be used concurrently.
--               */
--              if (hw->conf.radar_enabled) {
--                      u32 rxfilter;
--
--                      /* set HW specific DFS configuration */
--                      ath9k_hw_set_radar_params(ah);
--                      rxfilter = ath9k_hw_getrxfilter(ah);
--                      rxfilter |= ATH9K_RX_FILTER_PHYRADAR |
--                                  ATH9K_RX_FILTER_PHYERR;
--                      ath9k_hw_setrxfilter(ah, rxfilter);
--                      ath_dbg(common, DFS, "DFS enabled at freq %d\n",
--                              curchan->center_freq);
--              } else {
--                      /* perform spectral scan if requested. */
--                      if (test_bit(SC_OP_SCANNING, &sc->sc_flags) &&
--                          sc->spectral_mode == SPECTRAL_CHANSCAN)
--                              ath9k_spectral_scan_trigger(hw);
--              }
-       }
-       if (changed & IEEE80211_CONF_CHANGE_POWER) {
-@@ -1374,9 +1402,6 @@ static void ath9k_sta_notify(struct ieee
-       struct ath_softc *sc = hw->priv;
-       struct ath_node *an = (struct ath_node *) sta->drv_priv;
--      if (!sta->ht_cap.ht_supported)
--              return;
--
-       switch (cmd) {
-       case STA_NOTIFY_SLEEP:
-               an->sleeping = true;
-@@ -1772,13 +1797,31 @@ static void ath9k_set_coverage_class(str
-       mutex_unlock(&sc->mutex);
- }
-+static bool ath9k_has_tx_pending(struct ath_softc *sc)
-+{
-+      int i, npend;
-+
-+      for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
-+              if (!ATH_TXQ_SETUP(sc, i))
-+                      continue;
-+
-+              if (!sc->tx.txq[i].axq_depth)
-+                      continue;
-+
-+              npend = ath9k_has_pending_frames(sc, &sc->tx.txq[i]);
-+              if (npend)
-+                      break;
-+      }
-+
-+      return !!npend;
-+}
++      return !!npend;
++}
 +
  static void ath9k_flush(struct ieee80211_hw *hw, u32 queues, bool drop)
  {
        bool drain_txq;
  
        mutex_lock(&sc->mutex);
-@@ -1796,25 +1839,9 @@ static void ath9k_flush(struct ieee80211
+@@ -1841,25 +1881,9 @@ static void ath9k_flush(struct ieee80211
                return;
        }
  
  
        if (drop) {
                ath9k_ps_wakeup(sc);
-@@ -2094,7 +2121,7 @@ static void ath9k_wow_add_pattern(struct
- {
-       struct ath_hw *ah = sc->sc_ah;
-       struct ath9k_wow_pattern *wow_pattern = NULL;
--      struct cfg80211_wowlan_trig_pkt_pattern *patterns = wowlan->patterns;
-+      struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
-       int mask_len;
-       s8 i = 0;
---- a/drivers/net/wireless/mwifiex/cfg80211.c
-+++ b/drivers/net/wireless/mwifiex/cfg80211.c
-@@ -2298,8 +2298,7 @@ EXPORT_SYMBOL_GPL(mwifiex_del_virtual_in
- #ifdef CONFIG_PM
- static bool
--mwifiex_is_pattern_supported(struct cfg80211_wowlan_trig_pkt_pattern *pat,
--                           s8 *byte_seq)
-+mwifiex_is_pattern_supported(struct cfg80211_pkt_pattern *pat, s8 *byte_seq)
- {
-       int j, k, valid_byte_cnt = 0;
-       bool dont_care_byte = false;
---- a/drivers/net/wireless/ti/wlcore/main.c
-+++ b/drivers/net/wireless/ti/wlcore/main.c
-@@ -1315,7 +1315,7 @@ static struct sk_buff *wl12xx_alloc_dumm
- #ifdef CONFIG_PM
- static int
--wl1271_validate_wowlan_pattern(struct cfg80211_wowlan_trig_pkt_pattern *p)
-+wl1271_validate_wowlan_pattern(struct cfg80211_pkt_pattern *p)
- {
-       int num_fields = 0, in_field = 0, fields_size = 0;
-       int i, pattern_len = 0;
-@@ -1458,9 +1458,9 @@ void wl1271_rx_filter_flatten_fields(str
-  * Allocates an RX filter returned through f
-  * which needs to be freed using rx_filter_free()
-  */
--static int wl1271_convert_wowlan_pattern_to_rx_filter(
--      struct cfg80211_wowlan_trig_pkt_pattern *p,
--      struct wl12xx_rx_filter **f)
-+static int
-+wl1271_convert_wowlan_pattern_to_rx_filter(struct cfg80211_pkt_pattern *p,
-+                                         struct wl12xx_rx_filter **f)
- {
-       int i, j, ret = 0;
-       struct wl12xx_rx_filter *filter;
-@@ -1562,7 +1562,7 @@ static int wl1271_configure_wowlan(struc
-       /* Translate WoWLAN patterns into filters */
-       for (i = 0; i < wow->n_patterns; i++) {
--              struct cfg80211_wowlan_trig_pkt_pattern *p;
-+              struct cfg80211_pkt_pattern *p;
-               struct wl12xx_rx_filter *filter = NULL;
-               p = &wow->patterns[i];
---- a/include/net/cfg80211.h
-+++ b/include/net/cfg80211.h
-@@ -639,6 +639,30 @@ struct cfg80211_ap_settings {
- };
- /**
-+ * struct cfg80211_csa_settings - channel switch settings
-+ *
-+ * Used for channel switch
-+ *
-+ * @chandef: defines the channel to use after the switch
-+ * @beacon_csa: beacon data while performing the switch
-+ * @counter_offset_beacon: offset for the counter within the beacon (tail)
-+ * @counter_offset_presp: offset for the counter within the probe response
-+ * @beacon_after: beacon data to be used on the new channel
-+ * @radar_required: whether radar detection is required on the new channel
-+ * @block_tx: whether transmissions should be blocked while changing
-+ * @count: number of beacons until switch
-+ */
-+struct cfg80211_csa_settings {
-+      struct cfg80211_chan_def chandef;
-+      struct cfg80211_beacon_data beacon_csa;
-+      u16 counter_offset_beacon, counter_offset_presp;
-+      struct cfg80211_beacon_data beacon_after;
-+      bool radar_required;
-+      bool block_tx;
-+      u8 count;
-+};
-+
-+/**
-  * enum station_parameters_apply_mask - station parameter values to apply
-  * @STATION_PARAM_APPLY_UAPSD: apply new uAPSD parameters (uapsd_queues, max_sp)
-  * @STATION_PARAM_APPLY_CAPABILITY: apply new capability
-@@ -1698,7 +1722,7 @@ struct cfg80211_pmksa {
- };
- /**
-- * struct cfg80211_wowlan_trig_pkt_pattern - packet pattern
-+ * struct cfg80211_pkt_pattern - packet pattern
-  * @mask: bitmask where to match pattern and where to ignore bytes,
-  *    one bit per byte, in same format as nl80211
-  * @pattern: bytes to match where bitmask is 1
-@@ -1708,7 +1732,7 @@ struct cfg80211_pmksa {
-  * Internal note: @mask and @pattern are allocated in one chunk of
-  * memory, free @mask only!
-  */
--struct cfg80211_wowlan_trig_pkt_pattern {
-+struct cfg80211_pkt_pattern {
-       u8 *mask, *pattern;
-       int pattern_len;
-       int pkt_offset;
-@@ -1770,7 +1794,7 @@ struct cfg80211_wowlan {
-       bool any, disconnect, magic_pkt, gtk_rekey_failure,
-            eap_identity_req, four_way_handshake,
-            rfkill_release;
--      struct cfg80211_wowlan_trig_pkt_pattern *patterns;
-+      struct cfg80211_pkt_pattern *patterns;
-       struct cfg80211_wowlan_tcp *tcp;
-       int n_patterns;
- };
-@@ -2071,6 +2095,8 @@ struct cfg80211_update_ft_ies_params {
-  *    driver can take the most appropriate actions.
-  * @crit_proto_stop: Indicates critical protocol no longer needs increased link
-  *    reliability. This operation can not fail.
-+ *
-+ * @channel_switch: initiate channel-switch procedure (with CSA)
-  */
- struct cfg80211_ops {
-       int     (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
-@@ -2306,6 +2332,10 @@ struct cfg80211_ops {
-                                   u16 duration);
-       void    (*crit_proto_stop)(struct wiphy *wiphy,
-                                  struct wireless_dev *wdev);
-+
-+      int     (*channel_switch)(struct wiphy *wiphy,
-+                                struct net_device *dev,
-+                                struct cfg80211_csa_settings *params);
- };
- /*
-@@ -2371,6 +2401,8 @@ struct cfg80211_ops {
-  * @WIPHY_FLAG_OFFCHAN_TX: Device supports direct off-channel TX.
-  * @WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL: Device supports remain-on-channel call.
-  * @WIPHY_FLAG_SUPPORTS_5_10_MHZ: Device supports 5 MHz and 10 MHz channels.
-+ * @WIPHY_FLAG_HAS_CHANNEL_SWITCH: Device supports channel switch in
-+ *    beaconing mode (AP, IBSS, Mesh, ...).
-  */
- enum wiphy_flags {
-       WIPHY_FLAG_CUSTOM_REGULATORY            = BIT(0),
-@@ -2395,6 +2427,7 @@ enum wiphy_flags {
-       WIPHY_FLAG_OFFCHAN_TX                   = BIT(20),
-       WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL        = BIT(21),
-       WIPHY_FLAG_SUPPORTS_5_10_MHZ            = BIT(22),
-+      WIPHY_FLAG_HAS_CHANNEL_SWITCH           = BIT(23),
- };
- /**
---- a/include/uapi/linux/nl80211.h
-+++ b/include/uapi/linux/nl80211.h
-@@ -648,6 +648,16 @@
-  * @NL80211_CMD_CRIT_PROTOCOL_STOP: Indicates the connection reliability can
-  *    return back to normal.
-  *
-+ * @NL80211_CMD_CHANNEL_SWITCH: Perform a channel switch by announcing the
-+ *    the new channel information (Channel Switch Announcement - CSA)
-+ *    in the beacon for some time (as defined in the
-+ *    %NL80211_ATTR_CH_SWITCH_COUNT parameter) and then change to the
-+ *    new channel. Userspace provides the new channel information (using
-+ *    %NL80211_ATTR_WIPHY_FREQ and the attributes determining channel
-+ *    width). %NL80211_ATTR_CH_SWITCH_BLOCK_TX may be supplied to inform
-+ *    other station that transmission must be blocked until the channel
-+ *    switch is complete.
-+ *
-  * @NL80211_CMD_MAX: highest used command number
-  * @__NL80211_CMD_AFTER_LAST: internal use
-  */
-@@ -810,6 +820,8 @@ enum nl80211_commands {
-       NL80211_CMD_CRIT_PROTOCOL_START,
-       NL80211_CMD_CRIT_PROTOCOL_STOP,
-+      NL80211_CMD_CHANNEL_SWITCH,
-+
-       /* add new commands above here */
-       /* used to define NL80211_CMD_MAX below */
-@@ -1436,6 +1448,18 @@ enum nl80211_commands {
-  *    allowed to be used with the first @NL80211_CMD_SET_STATION command to
-  *    update a TDLS peer STA entry.
-  *
-+ * @NL80211_ATTR_CH_SWITCH_COUNT: u32 attribute specifying the number of TBTT's
-+ *    until the channel switch event.
-+ * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission
-+ *    must be blocked on the current channel (before the channel switch
-+ *    operation).
-+ * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information
-+ *    for the time while performing a channel switch.
-+ * @NL80211_ATTR_CSA_C_OFF_BEACON: Offset of the channel switch counter
-+ *    field in the beacons tail (%NL80211_ATTR_BEACON_TAIL).
-+ * @NL80211_ATTR_CSA_C_OFF_PRESP: Offset of the channel switch counter
-+ *    field in the probe response (%NL80211_ATTR_PROBE_RESP).
-+ *
-  * @NL80211_ATTR_MAX: highest attribute number currently defined
-  * @__NL80211_ATTR_AFTER_LAST: internal use
-  */
-@@ -1736,6 +1760,12 @@ enum nl80211_attrs {
-       NL80211_ATTR_PEER_AID,
-+      NL80211_ATTR_CH_SWITCH_COUNT,
-+      NL80211_ATTR_CH_SWITCH_BLOCK_TX,
-+      NL80211_ATTR_CSA_IES,
-+      NL80211_ATTR_CSA_C_OFF_BEACON,
-+      NL80211_ATTR_CSA_C_OFF_PRESP,
-+
-       /* add attributes here, update the policy in nl80211.c */
-       __NL80211_ATTR_AFTER_LAST,
-@@ -3060,11 +3090,11 @@ enum nl80211_tx_power_setting {
- };
- /**
-- * enum nl80211_wowlan_packet_pattern_attr - WoWLAN packet pattern attribute
-- * @__NL80211_WOWLAN_PKTPAT_INVALID: invalid number for nested attribute
-- * @NL80211_WOWLAN_PKTPAT_PATTERN: the pattern, values where the mask has
-+ * enum nl80211_packet_pattern_attr - packet pattern attribute
-+ * @__NL80211_PKTPAT_INVALID: invalid number for nested attribute
-+ * @NL80211_PKTPAT_PATTERN: the pattern, values where the mask has
-  *    a zero bit are ignored
-- * @NL80211_WOWLAN_PKTPAT_MASK: pattern mask, must be long enough to have
-+ * @NL80211_PKTPAT_MASK: pattern mask, must be long enough to have
-  *    a bit for each byte in the pattern. The lowest-order bit corresponds
-  *    to the first byte of the pattern, but the bytes of the pattern are
-  *    in a little-endian-like format, i.e. the 9th byte of the pattern
-@@ -3075,23 +3105,23 @@ enum nl80211_tx_power_setting {
-  *    Note that the pattern matching is done as though frames were not
-  *    802.11 frames but 802.3 frames, i.e. the frame is fully unpacked
-  *    first (including SNAP header unpacking) and then matched.
-- * @NL80211_WOWLAN_PKTPAT_OFFSET: packet offset, pattern is matched after
-+ * @NL80211_PKTPAT_OFFSET: packet offset, pattern is matched after
-  *    these fixed number of bytes of received packet
-- * @NUM_NL80211_WOWLAN_PKTPAT: number of attributes
-- * @MAX_NL80211_WOWLAN_PKTPAT: max attribute number
-+ * @NUM_NL80211_PKTPAT: number of attributes
-+ * @MAX_NL80211_PKTPAT: max attribute number
-  */
--enum nl80211_wowlan_packet_pattern_attr {
--      __NL80211_WOWLAN_PKTPAT_INVALID,
--      NL80211_WOWLAN_PKTPAT_MASK,
--      NL80211_WOWLAN_PKTPAT_PATTERN,
--      NL80211_WOWLAN_PKTPAT_OFFSET,
-+enum nl80211_packet_pattern_attr {
-+      __NL80211_PKTPAT_INVALID,
-+      NL80211_PKTPAT_MASK,
-+      NL80211_PKTPAT_PATTERN,
-+      NL80211_PKTPAT_OFFSET,
--      NUM_NL80211_WOWLAN_PKTPAT,
--      MAX_NL80211_WOWLAN_PKTPAT = NUM_NL80211_WOWLAN_PKTPAT - 1,
-+      NUM_NL80211_PKTPAT,
-+      MAX_NL80211_PKTPAT = NUM_NL80211_PKTPAT - 1,
- };
- /**
-- * struct nl80211_wowlan_pattern_support - pattern support information
-+ * struct nl80211_pattern_support - packet pattern support information
-  * @max_patterns: maximum number of patterns supported
-  * @min_pattern_len: minimum length of each pattern
-  * @max_pattern_len: maximum length of each pattern
-@@ -3101,13 +3131,22 @@ enum nl80211_wowlan_packet_pattern_attr 
-  * that is part of %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED in the
-  * capability information given by the kernel to userspace.
-  */
--struct nl80211_wowlan_pattern_support {
-+struct nl80211_pattern_support {
-       __u32 max_patterns;
-       __u32 min_pattern_len;
-       __u32 max_pattern_len;
-       __u32 max_pkt_offset;
- } __attribute__((packed));
-+/* only for backward compatibility */
-+#define __NL80211_WOWLAN_PKTPAT_INVALID __NL80211_PKTPAT_INVALID
-+#define NL80211_WOWLAN_PKTPAT_MASK NL80211_PKTPAT_MASK
-+#define NL80211_WOWLAN_PKTPAT_PATTERN NL80211_PKTPAT_PATTERN
-+#define NL80211_WOWLAN_PKTPAT_OFFSET NL80211_PKTPAT_OFFSET
-+#define NUM_NL80211_WOWLAN_PKTPAT NUM_NL80211_PKTPAT
-+#define MAX_NL80211_WOWLAN_PKTPAT MAX_NL80211_PKTPAT
-+#define nl80211_wowlan_pattern_support nl80211_pattern_support
-+
- /**
-  * enum nl80211_wowlan_triggers - WoWLAN trigger definitions
-  * @__NL80211_WOWLAN_TRIG_INVALID: invalid number for nested attributes
-@@ -3127,7 +3166,7 @@ struct nl80211_wowlan_pattern_support {
-  *    pattern matching is done after the packet is converted to the MSDU.
-  *
-  *    In %NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED, it is a binary attribute
-- *    carrying a &struct nl80211_wowlan_pattern_support.
-+ *    carrying a &struct nl80211_pattern_support.
-  *
-  *    When reporting wakeup. it is a u32 attribute containing the 0-based
-  *    index of the pattern that caused the wakeup, in the patterns passed
-@@ -3284,7 +3323,7 @@ struct nl80211_wowlan_tcp_data_token_fea
-  * @NL80211_WOWLAN_TCP_WAKE_PAYLOAD: wake packet payload, for advertising a
-  *    u32 attribute holding the maximum length
-  * @NL80211_WOWLAN_TCP_WAKE_MASK: Wake packet payload mask, not used for
-- *    feature advertising. The mask works like @NL80211_WOWLAN_PKTPAT_MASK
-+ *    feature advertising. The mask works like @NL80211_PKTPAT_MASK
-  *    but on the TCP payload only.
-  * @NUM_NL80211_WOWLAN_TCP: number of TCP attributes
-  * @MAX_NL80211_WOWLAN_TCP: highest attribute number
---- a/net/mac80211/mesh_ps.c
-+++ b/net/mac80211/mesh_ps.c
-@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(str
-       enum nl80211_mesh_power_mode pm;
-       bool do_buffer;
-+      /* For non-assoc STA, prevent buffering or frame transmission */
-+      if (sta->sta_state < IEEE80211_STA_ASSOC)
-+              return;
-+
-       /*
-        * use peer-specific power mode if peering is established and the
-        * peer's power mode is known
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -349,6 +349,11 @@ static const struct nla_policy nl80211_p
-       [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
-                                 .len = IEEE80211_MAX_DATA_LEN },
-       [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
-+      [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
-+      [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
-+      [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
-+      [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
-+      [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
- };
- /* policy for the key attributes */
-@@ -441,10 +446,12 @@ static int nl80211_prepare_wdev_dump(str
-                       goto out_unlock;
-               }
-               *rdev = wiphy_to_dev((*wdev)->wiphy);
--              cb->args[0] = (*rdev)->wiphy_idx;
-+              /* 0 is the first index - add 1 to parse only once */
-+              cb->args[0] = (*rdev)->wiphy_idx + 1;
-               cb->args[1] = (*wdev)->identifier;
-       } else {
--              struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
-+              /* subtract the 1 again here */
-+              struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
-               struct wireless_dev *tmp;
-               if (!wiphy) {
-@@ -974,7 +981,7 @@ static int nl80211_send_wowlan(struct sk
-               return -ENOBUFS;
-       if (dev->wiphy.wowlan->n_patterns) {
--              struct nl80211_wowlan_pattern_support pat = {
-+              struct nl80211_pattern_support pat = {
-                       .max_patterns = dev->wiphy.wowlan->n_patterns,
-                       .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
-                       .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
-@@ -1393,6 +1400,8 @@ static int nl80211_send_wiphy(struct cfg
-               if (state->split) {
-                       CMD(crit_proto_start, CRIT_PROTOCOL_START);
-                       CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
-+                      if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
-+                              CMD(channel_switch, CHANNEL_SWITCH);
-               }
- #ifdef CPTCFG_NL80211_TESTMODE
-@@ -1568,8 +1577,10 @@ static int nl80211_dump_wiphy(struct sk_
-       rtnl_lock();
-       if (!state) {
-               state = kzalloc(sizeof(*state), GFP_KERNEL);
--              if (!state)
-+              if (!state) {
-+                      rtnl_unlock();
-                       return -ENOMEM;
-+              }
-               state->filter_wiphy = -1;
-               ret = nl80211_dump_wiphy_parse(skb, cb, state);
-               if (ret) {
-@@ -2620,8 +2631,8 @@ static int nl80211_get_key(struct sk_buf
-       hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
-                            NL80211_CMD_NEW_KEY);
--      if (IS_ERR(hdr))
--              return PTR_ERR(hdr);
-+      if (!hdr)
-+              return -ENOBUFS;
-       cookie.msg = msg;
-       cookie.idx = key_idx;
-@@ -4770,9 +4781,9 @@ do {                                                                         \
-       FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
-                                 mask, NL80211_MESHCONF_FORWARDING,
-                                 nla_get_u8);
--      FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255,
-+      FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
-                                 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
--                                nla_get_u32);
-+                                nla_get_s32);
-       FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
-                                 mask, NL80211_MESHCONF_HT_OPMODE,
-                                 nla_get_u16);
-@@ -5578,6 +5589,111 @@ static int nl80211_start_radar_detection
-       return err;
- }
-+static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
-+{
-+      struct cfg80211_registered_device *rdev = info->user_ptr[0];
-+      struct net_device *dev = info->user_ptr[1];
-+      struct wireless_dev *wdev = dev->ieee80211_ptr;
-+      struct cfg80211_csa_settings params;
-+      /* csa_attrs is defined static to avoid waste of stack size - this
-+       * function is called under RTNL lock, so this should not be a problem.
-+       */
-+      static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
-+      u8 radar_detect_width = 0;
-+      int err;
-+
-+      if (!rdev->ops->channel_switch ||
-+          !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
-+              return -EOPNOTSUPP;
-+
-+      /* may add IBSS support later */
-+      if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
-+          dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
-+              return -EOPNOTSUPP;
-+
-+      memset(&params, 0, sizeof(params));
-+
-+      if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
-+          !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
-+              return -EINVAL;
-+
-+      /* only important for AP, IBSS and mesh create IEs internally */
-+      if (!info->attrs[NL80211_ATTR_CSA_IES])
-+              return -EINVAL;
-+
-+      /* useless if AP is not running */
-+      if (!wdev->beacon_interval)
-+              return -EINVAL;
-+
-+      params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
-+
-+      err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
-+      if (err)
-+              return err;
-+
-+      err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
-+                             info->attrs[NL80211_ATTR_CSA_IES],
-+                             nl80211_policy);
-+      if (err)
-+              return err;
-+
-+      err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
-+      if (err)
-+              return err;
-+
-+      if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
-+              return -EINVAL;
-+
-+      params.counter_offset_beacon =
-+              nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
-+      if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
-+              return -EINVAL;
-+
-+      /* sanity check - counters should be the same */
-+      if (params.beacon_csa.tail[params.counter_offset_beacon] !=
-+          params.count)
-+              return -EINVAL;
-+
-+      if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
-+              params.counter_offset_presp =
-+                      nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
-+              if (params.counter_offset_presp >=
-+                  params.beacon_csa.probe_resp_len)
-+                      return -EINVAL;
-+
-+              if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
-+                  params.count)
-+                      return -EINVAL;
-+      }
-+
-+      err = nl80211_parse_chandef(rdev, info, &params.chandef);
-+      if (err)
-+              return err;
-+
-+      if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
-+              return -EINVAL;
-+
-+      err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
-+      if (err < 0) {
-+              return err;
-+      } else if (err) {
-+              radar_detect_width = BIT(params.chandef.width);
-+              params.radar_required = true;
-+      }
-+
-+      err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
-+                                         params.chandef.chan,
-+                                         CHAN_MODE_SHARED,
-+                                         radar_detect_width);
-+      if (err)
-+              return err;
-+
-+      if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
-+              params.block_tx = true;
-+
-+      return rdev_channel_switch(rdev, dev, &params);
-+}
-+
- static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
-                           u32 seq, int flags,
-                           struct cfg80211_registered_device *rdev,
-@@ -6507,6 +6623,9 @@ static int nl80211_testmode_dump(struct 
-                                          NL80211_CMD_TESTMODE);
-               struct nlattr *tmdata;
-+              if (!hdr)
-+                      break;
-+
-               if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
-                       genlmsg_cancel(skb, hdr);
-                       break;
-@@ -6615,12 +6734,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_ev
- void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
- {
-+      struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
-       void *hdr = ((void **)skb->cb)[1];
-       struct nlattr *data = ((void **)skb->cb)[2];
-       nla_nest_end(skb, data);
-       genlmsg_end(skb, hdr);
--      genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
-+      genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
-+                              nl80211_testmode_mcgrp.id, gfp);
+@@ -2021,333 +2045,6 @@ static int ath9k_get_antenna(struct ieee
+       return 0;
  }
- EXPORT_SYMBOL(cfg80211_testmode_event);
- #endif
-@@ -6949,9 +7070,8 @@ static int nl80211_remain_on_channel(str
  
-       hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
-                            NL80211_CMD_REMAIN_ON_CHANNEL);
+-#ifdef CONFIG_PM_SLEEP
 -
--      if (IS_ERR(hdr)) {
--              err = PTR_ERR(hdr);
-+      if (!hdr) {
-+              err = -ENOBUFS;
-               goto free_msg;
-       }
-@@ -7249,9 +7369,8 @@ static int nl80211_tx_mgmt(struct sk_buf
-               hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
-                                    NL80211_CMD_FRAME);
+-static void ath9k_wow_map_triggers(struct ath_softc *sc,
+-                                 struct cfg80211_wowlan *wowlan,
+-                                 u32 *wow_triggers)
+-{
+-      if (wowlan->disconnect)
+-              *wow_triggers |= AH_WOW_LINK_CHANGE |
+-                               AH_WOW_BEACON_MISS;
+-      if (wowlan->magic_pkt)
+-              *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN;
 -
--              if (IS_ERR(hdr)) {
--                      err = PTR_ERR(hdr);
-+              if (!hdr) {
-+                      err = -ENOBUFS;
-                       goto free_msg;
-               }
-       }
-@@ -7593,12 +7712,11 @@ static int nl80211_send_wowlan_patterns(
-               if (!nl_pat)
-                       return -ENOBUFS;
-               pat_len = wowlan->patterns[i].pattern_len;
--              if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
--                          DIV_ROUND_UP(pat_len, 8),
-+              if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
-                           wowlan->patterns[i].mask) ||
--                  nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
--                          pat_len, wowlan->patterns[i].pattern) ||
--                  nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
-+                  nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
-+                          wowlan->patterns[i].pattern) ||
-+                  nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
-                               wowlan->patterns[i].pkt_offset))
-                       return -ENOBUFS;
-               nla_nest_end(msg, nl_pat);
-@@ -7939,7 +8057,7 @@ static int nl80211_set_wowlan(struct sk_
-               struct nlattr *pat;
-               int n_patterns = 0;
-               int rem, pat_len, mask_len, pkt_offset;
--              struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
-+              struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
-               nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
-                                   rem)
-@@ -7958,26 +8076,25 @@ static int nl80211_set_wowlan(struct sk_
-               nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
-                                   rem) {
--                      nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
--                                nla_data(pat), nla_len(pat), NULL);
-+                      nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
-+                                nla_len(pat), NULL);
-                       err = -EINVAL;
--                      if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
--                          !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
-+                      if (!pat_tb[NL80211_PKTPAT_MASK] ||
-+                          !pat_tb[NL80211_PKTPAT_PATTERN])
-                               goto error;
--                      pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
-+                      pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
-                       mask_len = DIV_ROUND_UP(pat_len, 8);
--                      if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
--                          mask_len)
-+                      if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
-                               goto error;
-                       if (pat_len > wowlan->pattern_max_len ||
-                           pat_len < wowlan->pattern_min_len)
-                               goto error;
--                      if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
-+                      if (!pat_tb[NL80211_PKTPAT_OFFSET])
-                               pkt_offset = 0;
-                       else
-                               pkt_offset = nla_get_u32(
--                                      pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
-+                                      pat_tb[NL80211_PKTPAT_OFFSET]);
-                       if (pkt_offset > wowlan->max_pkt_offset)
-                               goto error;
-                       new_triggers.patterns[i].pkt_offset = pkt_offset;
-@@ -7991,11 +8108,11 @@ static int nl80211_set_wowlan(struct sk_
-                       new_triggers.patterns[i].pattern =
-                               new_triggers.patterns[i].mask + mask_len;
-                       memcpy(new_triggers.patterns[i].mask,
--                             nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
-+                             nla_data(pat_tb[NL80211_PKTPAT_MASK]),
-                              mask_len);
-                       new_triggers.patterns[i].pattern_len = pat_len;
-                       memcpy(new_triggers.patterns[i].pattern,
--                             nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
-+                             nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
-                              pat_len);
-                       i++;
-               }
-@@ -8130,9 +8247,8 @@ static int nl80211_probe_client(struct s
-       hdr = nl80211hdr_put(msg, genl_info_snd_portid(info), info->snd_seq, 0,
-                            NL80211_CMD_PROBE_CLIENT);
+-      if (wowlan->n_patterns)
+-              *wow_triggers |= AH_WOW_USER_PATTERN_EN;
 -
--      if (IS_ERR(hdr)) {
--              err = PTR_ERR(hdr);
-+      if (!hdr) {
-+              err = -ENOBUFS;
-               goto free_msg;
-       }
-@@ -9041,7 +9157,15 @@ static struct genl_ops nl80211_ops[] = {
-               .flags = GENL_ADMIN_PERM,
-               .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
-                                 NL80211_FLAG_NEED_RTNL,
--      }
-+      },
-+      {
-+              .cmd = NL80211_CMD_CHANNEL_SWITCH,
-+              .doit = nl80211_channel_switch,
-+              .policy = nl80211_policy,
-+              .flags = GENL_ADMIN_PERM,
-+              .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
-+                                NL80211_FLAG_NEED_RTNL,
-+      },
- };
- static struct genl_multicast_group nl80211_mlme_mcgrp = {
-@@ -10066,7 +10190,8 @@ void cfg80211_mgmt_tx_status(struct wire
-       genlmsg_end(msg, hdr);
--      genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
-+      genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
-+                              nl80211_mlme_mcgrp.id, gfp);
-       return;
-  nla_put_failure:
---- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
-@@ -2247,10 +2247,13 @@ int reg_device_uevent(struct device *dev
- void wiphy_regulatory_register(struct wiphy *wiphy)
- {
-+      struct regulatory_request *lr;
-+
-       if (!reg_dev_ignore_cell_hint(wiphy))
-               reg_num_devs_support_basehint++;
--      wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
-+      lr = get_last_request();
-+      wiphy_update_regulatory(wiphy, lr->initiator);
- }
- void wiphy_regulatory_deregister(struct wiphy *wiphy)
-@@ -2279,7 +2282,9 @@ void wiphy_regulatory_deregister(struct 
- static void reg_timeout_work(struct work_struct *work)
+-      sc->wow_enabled = *wow_triggers;
+-
+-}
+-
+-static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc)
+-{
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath_common *common = ath9k_hw_common(ah);
+-      int pattern_count = 0;
+-      int i, byte_cnt;
+-      u8 dis_deauth_pattern[MAX_PATTERN_SIZE];
+-      u8 dis_deauth_mask[MAX_PATTERN_SIZE];
+-
+-      memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE);
+-      memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE);
+-
+-      /*
+-       * Create Dissassociate / Deauthenticate packet filter
+-       *
+-       *     2 bytes        2 byte    6 bytes   6 bytes  6 bytes
+-       *  +--------------+----------+---------+--------+--------+----
+-       *  + Frame Control+ Duration +   DA    +  SA    +  BSSID +
+-       *  +--------------+----------+---------+--------+--------+----
+-       *
+-       * The above is the management frame format for disassociate/
+-       * deauthenticate pattern, from this we need to match the first byte
+-       * of 'Frame Control' and DA, SA, and BSSID fields
+-       * (skipping 2nd byte of FC and Duration feild.
+-       *
+-       * Disassociate pattern
+-       * --------------------
+-       * Frame control = 00 00 1010
+-       * DA, SA, BSSID = x:x:x:x:x:x
+-       * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x
+-       *                          | x:x:x:x:x:x  -- 22 bytes
+-       *
+-       * Deauthenticate pattern
+-       * ----------------------
+-       * Frame control = 00 00 1100
+-       * DA, SA, BSSID = x:x:x:x:x:x
+-       * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x
+-       *                          | x:x:x:x:x:x  -- 22 bytes
+-       */
+-
+-      /* Create Disassociate Pattern first */
+-
+-      byte_cnt = 0;
+-
+-      /* Fill out the mask with all FF's */
+-
+-      for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++)
+-              dis_deauth_mask[i] = 0xff;
+-
+-      /* copy the first byte of frame control field */
+-      dis_deauth_pattern[byte_cnt] = 0xa0;
+-      byte_cnt++;
+-
+-      /* skip 2nd byte of frame control and Duration field */
+-      byte_cnt += 3;
+-
+-      /*
+-       * need not match the destination mac address, it can be a broadcast
+-       * mac address or an unicast to this station
+-       */
+-      byte_cnt += 6;
+-
+-      /* copy the source mac address */
+-      memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
+-
+-      byte_cnt += 6;
+-
+-      /* copy the bssid, its same as the source mac address */
+-
+-      memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
+-
+-      /* Create Disassociate pattern mask */
+-
+-      dis_deauth_mask[0] = 0xfe;
+-      dis_deauth_mask[1] = 0x03;
+-      dis_deauth_mask[2] = 0xc0;
+-
+-      ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n");
+-
+-      ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
+-                                 pattern_count, byte_cnt);
+-
+-      pattern_count++;
+-      /*
+-       * for de-authenticate pattern, only the first byte of the frame
+-       * control field gets changed from 0xA0 to 0xC0
+-       */
+-      dis_deauth_pattern[0] = 0xC0;
+-
+-      ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
+-                                 pattern_count, byte_cnt);
+-
+-}
+-
+-static void ath9k_wow_add_pattern(struct ath_softc *sc,
+-                                struct cfg80211_wowlan *wowlan)
+-{
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath9k_wow_pattern *wow_pattern = NULL;
+-      struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
+-      int mask_len;
+-      s8 i = 0;
+-
+-      if (!wowlan->n_patterns)
+-              return;
+-
+-      /*
+-       * Add the new user configured patterns
+-       */
+-      for (i = 0; i < wowlan->n_patterns; i++) {
+-
+-              wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL);
+-
+-              if (!wow_pattern)
+-                      return;
+-
+-              /*
+-               * TODO: convert the generic user space pattern to
+-               * appropriate chip specific/802.11 pattern.
+-               */
+-
+-              mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8);
+-              memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE);
+-              memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE);
+-              memcpy(wow_pattern->pattern_bytes, patterns[i].pattern,
+-                     patterns[i].pattern_len);
+-              memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len);
+-              wow_pattern->pattern_len = patterns[i].pattern_len;
+-
+-              /*
+-               * just need to take care of deauth and disssoc pattern,
+-               * make sure we don't overwrite them.
+-               */
+-
+-              ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes,
+-                                         wow_pattern->mask_bytes,
+-                                         i + 2,
+-                                         wow_pattern->pattern_len);
+-              kfree(wow_pattern);
+-
+-      }
+-
+-}
+-
+-static int ath9k_suspend(struct ieee80211_hw *hw,
+-                       struct cfg80211_wowlan *wowlan)
+-{
+-      struct ath_softc *sc = hw->priv;
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath_common *common = ath9k_hw_common(ah);
+-      u32 wow_triggers_enabled = 0;
+-      int ret = 0;
+-
+-      mutex_lock(&sc->mutex);
+-
+-      ath_cancel_work(sc);
+-      ath_stop_ani(sc);
+-      del_timer_sync(&sc->rx_poll_timer);
+-
+-      if (test_bit(SC_OP_INVALID, &sc->sc_flags)) {
+-              ath_dbg(common, ANY, "Device not present\n");
+-              ret = -EINVAL;
+-              goto fail_wow;
+-      }
+-
+-      if (WARN_ON(!wowlan)) {
+-              ath_dbg(common, WOW, "None of the WoW triggers enabled\n");
+-              ret = -EINVAL;
+-              goto fail_wow;
+-      }
+-
+-      if (!device_can_wakeup(sc->dev)) {
+-              ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n");
+-              ret = 1;
+-              goto fail_wow;
+-      }
+-
+-      /*
+-       * none of the sta vifs are associated
+-       * and we are not currently handling multivif
+-       * cases, for instance we have to seperately
+-       * configure 'keep alive frame' for each
+-       * STA.
+-       */
+-
+-      if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) {
+-              ath_dbg(common, WOW, "None of the STA vifs are associated\n");
+-              ret = 1;
+-              goto fail_wow;
+-      }
+-
+-      if (sc->nvifs > 1) {
+-              ath_dbg(common, WOW, "WoW for multivif is not yet supported\n");
+-              ret = 1;
+-              goto fail_wow;
+-      }
+-
+-      ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled);
+-
+-      ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n",
+-              wow_triggers_enabled);
+-
+-      ath9k_ps_wakeup(sc);
+-
+-      ath9k_stop_btcoex(sc);
+-
+-      /*
+-       * Enable wake up on recieving disassoc/deauth
+-       * frame by default.
+-       */
+-      ath9k_wow_add_disassoc_deauth_pattern(sc);
+-
+-      if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN)
+-              ath9k_wow_add_pattern(sc, wowlan);
+-
+-      spin_lock_bh(&sc->sc_pcu_lock);
+-      /*
+-       * To avoid false wake, we enable beacon miss interrupt only
+-       * when we go to sleep. We save the current interrupt mask
+-       * so we can restore it after the system wakes up
+-       */
+-      sc->wow_intr_before_sleep = ah->imask;
+-      ah->imask &= ~ATH9K_INT_GLOBAL;
+-      ath9k_hw_disable_interrupts(ah);
+-      ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL;
+-      ath9k_hw_set_interrupts(ah);
+-      ath9k_hw_enable_interrupts(ah);
+-
+-      spin_unlock_bh(&sc->sc_pcu_lock);
+-
+-      /*
+-       * we can now sync irq and kill any running tasklets, since we already
+-       * disabled interrupts and not holding a spin lock
+-       */
+-      synchronize_irq(sc->irq);
+-      tasklet_kill(&sc->intr_tq);
+-
+-      ath9k_hw_wow_enable(ah, wow_triggers_enabled);
+-
+-      ath9k_ps_restore(sc);
+-      ath_dbg(common, ANY, "WoW enabled in ath9k\n");
+-      atomic_inc(&sc->wow_sleep_proc_intr);
+-
+-fail_wow:
+-      mutex_unlock(&sc->mutex);
+-      return ret;
+-}
+-
+-static int ath9k_resume(struct ieee80211_hw *hw)
+-{
+-      struct ath_softc *sc = hw->priv;
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath_common *common = ath9k_hw_common(ah);
+-      u32 wow_status;
+-
+-      mutex_lock(&sc->mutex);
+-
+-      ath9k_ps_wakeup(sc);
+-
+-      spin_lock_bh(&sc->sc_pcu_lock);
+-
+-      ath9k_hw_disable_interrupts(ah);
+-      ah->imask = sc->wow_intr_before_sleep;
+-      ath9k_hw_set_interrupts(ah);
+-      ath9k_hw_enable_interrupts(ah);
+-
+-      spin_unlock_bh(&sc->sc_pcu_lock);
+-
+-      wow_status = ath9k_hw_wow_wakeup(ah);
+-
+-      if (atomic_read(&sc->wow_got_bmiss_intr) == 0) {
+-              /*
+-               * some devices may not pick beacon miss
+-               * as the reason they woke up so we add
+-               * that here for that shortcoming.
+-               */
+-              wow_status |= AH_WOW_BEACON_MISS;
+-              atomic_dec(&sc->wow_got_bmiss_intr);
+-              ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n");
+-      }
+-
+-      atomic_dec(&sc->wow_sleep_proc_intr);
+-
+-      if (wow_status) {
+-              ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n",
+-                      ath9k_hw_wow_event_to_string(wow_status), wow_status);
+-      }
+-
+-      ath_restart_work(sc);
+-      ath9k_start_btcoex(sc);
+-
+-      ath9k_ps_restore(sc);
+-      mutex_unlock(&sc->mutex);
+-
+-      return 0;
+-}
+-
+-static void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
+-{
+-      struct ath_softc *sc = hw->priv;
+-
+-      mutex_lock(&sc->mutex);
+-      device_init_wakeup(sc->dev, 1);
+-      device_set_wakeup_enable(sc->dev, enabled);
+-      mutex_unlock(&sc->mutex);
+-}
+-
+-#endif
+ static void ath9k_sw_scan_start(struct ieee80211_hw *hw)
  {
-       REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n");
-+      rtnl_lock();
-       restore_regulatory_settings(true);
-+      rtnl_unlock();
+       struct ath_softc *sc = hw->priv;
+@@ -2373,134 +2070,6 @@ static void ath9k_channel_switch_beacon(
+       sc->csa_vif = vif;
  }
  
- int __init regulatory_init(void)
---- a/net/wireless/sme.c
-+++ b/net/wireless/sme.c
-@@ -34,8 +34,10 @@ struct cfg80211_conn {
-               CFG80211_CONN_SCAN_AGAIN,
-               CFG80211_CONN_AUTHENTICATE_NEXT,
-               CFG80211_CONN_AUTHENTICATING,
-+              CFG80211_CONN_AUTH_FAILED,
-               CFG80211_CONN_ASSOCIATE_NEXT,
-               CFG80211_CONN_ASSOCIATING,
-+              CFG80211_CONN_ASSOC_FAILED,
-               CFG80211_CONN_DEAUTH,
-               CFG80211_CONN_CONNECTED,
-       } state;
-@@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct 
-                                         NULL, 0,
-                                         params->key, params->key_len,
-                                         params->key_idx, NULL, 0);
-+      case CFG80211_CONN_AUTH_FAILED:
-+              return -ENOTCONN;
-       case CFG80211_CONN_ASSOCIATE_NEXT:
-               BUG_ON(!rdev->ops->assoc);
-               wdev->conn->state = CFG80211_CONN_ASSOCIATING;
-@@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct 
-                                            WLAN_REASON_DEAUTH_LEAVING,
-                                            false);
-               return err;
-+      case CFG80211_CONN_ASSOC_FAILED:
-+              cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-+                                   NULL, 0,
-+                                   WLAN_REASON_DEAUTH_LEAVING, false);
-+              return -ENOTCONN;
-       case CFG80211_CONN_DEAUTH:
-               cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-                                    NULL, 0,
-                                    WLAN_REASON_DEAUTH_LEAVING, false);
-+              /* free directly, disconnected event already sent */
-+              cfg80211_sme_free(wdev);
-               return 0;
-       default:
-               return 0;
-@@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct w
-               return true;
-       }
--      wdev->conn->state = CFG80211_CONN_DEAUTH;
-+      wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
-       schedule_work(&rdev->conn_work);
-       return false;
- }
-@@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless
+-static void ath9k_tx99_stop(struct ath_softc *sc)
+-{
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath_common *common = ath9k_hw_common(ah);
+-
+-      ath_drain_all_txq(sc);
+-      ath_startrecv(sc);
+-
+-      ath9k_hw_set_interrupts(ah);
+-      ath9k_hw_enable_interrupts(ah);
+-
+-      ieee80211_wake_queues(sc->hw);
+-
+-      kfree_skb(sc->tx99_skb);
+-      sc->tx99_skb = NULL;
+-      sc->tx99_state = false;
+-
+-      ath9k_hw_tx99_stop(sc->sc_ah);
+-      ath_dbg(common, XMIT, "TX99 stopped\n");
+-}
+-
+-static struct sk_buff *ath9k_build_tx99_skb(struct ath_softc *sc)
+-{
+-      static u8 PN9Data[] = {0xff, 0x87, 0xb8, 0x59, 0xb7, 0xa1, 0xcc, 0x24,
+-                             0x57, 0x5e, 0x4b, 0x9c, 0x0e, 0xe9, 0xea, 0x50,
+-                             0x2a, 0xbe, 0xb4, 0x1b, 0xb6, 0xb0, 0x5d, 0xf1,
+-                             0xe6, 0x9a, 0xe3, 0x45, 0xfd, 0x2c, 0x53, 0x18,
+-                             0x0c, 0xca, 0xc9, 0xfb, 0x49, 0x37, 0xe5, 0xa8,
+-                             0x51, 0x3b, 0x2f, 0x61, 0xaa, 0x72, 0x18, 0x84,
+-                             0x02, 0x23, 0x23, 0xab, 0x63, 0x89, 0x51, 0xb3,
+-                             0xe7, 0x8b, 0x72, 0x90, 0x4c, 0xe8, 0xfb, 0xc0};
+-      u32 len = 1200;
+-      struct ieee80211_hw *hw = sc->hw;
+-      struct ieee80211_hdr *hdr;
+-      struct ieee80211_tx_info *tx_info;
+-      struct sk_buff *skb;
+-
+-      skb = alloc_skb(len, GFP_KERNEL);
+-      if (!skb)
+-              return NULL;
+-
+-      skb_put(skb, len);
+-
+-      memset(skb->data, 0, len);
+-
+-      hdr = (struct ieee80211_hdr *)skb->data;
+-      hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA);
+-      hdr->duration_id = 0;
+-
+-      memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
+-      memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
+-      memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
+-
+-      hdr->seq_ctrl |= cpu_to_le16(sc->tx.seq_no);
+-
+-      tx_info = IEEE80211_SKB_CB(skb);
+-      memset(tx_info, 0, sizeof(*tx_info));
+-      tx_info->band = hw->conf.chandef.chan->band;
+-      tx_info->flags = IEEE80211_TX_CTL_NO_ACK;
+-      tx_info->control.vif = sc->tx99_vif;
+-
+-      memcpy(skb->data + sizeof(*hdr), PN9Data, sizeof(PN9Data));
+-
+-      return skb;
+-}
+-
+-void ath9k_tx99_deinit(struct ath_softc *sc)
+-{
+-      ath_reset(sc);
+-
+-      ath9k_ps_wakeup(sc);
+-      ath9k_tx99_stop(sc);
+-      ath9k_ps_restore(sc);
+-}
+-
+-int ath9k_tx99_init(struct ath_softc *sc)
+-{
+-      struct ieee80211_hw *hw = sc->hw;
+-      struct ath_hw *ah = sc->sc_ah;
+-      struct ath_common *common = ath9k_hw_common(ah);
+-      struct ath_tx_control txctl;
+-      int r;
+-
+-      if (sc->sc_flags & SC_OP_INVALID) {
+-              ath_err(common,
+-                      "driver is in invalid state unable to use TX99");
+-              return -EINVAL;
+-      }
+-
+-      sc->tx99_skb = ath9k_build_tx99_skb(sc);
+-      if (!sc->tx99_skb)
+-              return -ENOMEM;
+-
+-      memset(&txctl, 0, sizeof(txctl));
+-      txctl.txq = sc->tx.txq_map[IEEE80211_AC_VO];
+-
+-      ath_reset(sc);
+-
+-      ath9k_ps_wakeup(sc);
+-
+-      ath9k_hw_disable_interrupts(ah);
+-      atomic_set(&ah->intr_ref_cnt, -1);
+-      ath_drain_all_txq(sc);
+-      ath_stoprecv(sc);
+-
+-      sc->tx99_state = true;
+-
+-      ieee80211_stop_queues(hw);
+-
+-      if (sc->tx99_power == MAX_RATE_POWER + 1)
+-              sc->tx99_power = MAX_RATE_POWER;
+-
+-      ath9k_hw_tx99_set_txpower(ah, sc->tx99_power);
+-      r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl);
+-      if (r) {
+-              ath_dbg(common, XMIT, "Failed to xmit TX99 skb\n");
+-              return r;
+-      }
+-
+-      ath_dbg(common, XMIT, "TX99 xmit started using %d ( %ddBm)\n",
+-              sc->tx99_power,
+-              sc->tx99_power / 2);
+-
+-      /* We leave the harware awake as it will be chugging on */
+-
+-      return 0;
+-}
+-
+ struct ieee80211_ops ath9k_ops = {
+       .tx                 = ath9k_tx,
+       .start              = ath9k_start,
+@@ -2531,7 +2100,7 @@ struct ieee80211_ops ath9k_ops = {
+       .set_antenna        = ath9k_set_antenna,
+       .get_antenna        = ath9k_get_antenna,
+-#ifdef CONFIG_PM_SLEEP
++#ifdef CONFIG_ATH9K_WOW
+       .suspend            = ath9k_suspend,
+       .resume             = ath9k_resume,
+       .set_wakeup         = ath9k_set_wakeup,
+--- a/drivers/net/wireless/ath/ath9k/wow.c
++++ b/drivers/net/wireless/ath/ath9k/wow.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2012 Qualcomm Atheros, Inc.
++ * Copyright (c) 2013 Qualcomm Atheros, Inc.
+  *
+  * Permission to use, copy, modify, and/or distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -14,409 +14,348 @@
+  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  */
  
- void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
- {
--      cfg80211_sme_free(wdev);
-+      struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+      if (!wdev->conn)
-+              return;
+-#include <linux/export.h>
+ #include "ath9k.h"
+-#include "reg.h"
+-#include "hw-ops.h"
+-const char *ath9k_hw_wow_event_to_string(u32 wow_event)
++static const struct wiphy_wowlan_support ath9k_wowlan_support = {
++      .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
++      .n_patterns = MAX_NUM_USER_PATTERN,
++      .pattern_min_len = 1,
++      .pattern_max_len = MAX_PATTERN_SIZE,
++};
 +
-+      wdev->conn->state = CFG80211_CONN_AUTH_FAILED;
-+      schedule_work(&rdev->conn_work);
- }
- void cfg80211_sme_disassoc(struct wireless_dev *wdev)
-@@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wirele
- void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
++static void ath9k_wow_map_triggers(struct ath_softc *sc,
++                                 struct cfg80211_wowlan *wowlan,
++                                 u32 *wow_triggers)
  {
--      cfg80211_sme_disassoc(wdev);
-+      struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
-+
-+      if (!wdev->conn)
-+              return;
-+
-+      wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
-+      schedule_work(&rdev->conn_work);
+-      if (wow_event & AH_WOW_MAGIC_PATTERN_EN)
+-              return "Magic pattern";
+-      if (wow_event & AH_WOW_USER_PATTERN_EN)
+-              return "User pattern";
+-      if (wow_event & AH_WOW_LINK_CHANGE)
+-              return "Link change";
+-      if (wow_event & AH_WOW_BEACON_MISS)
+-              return "Beacon miss";
++      if (wowlan->disconnect)
++              *wow_triggers |= AH_WOW_LINK_CHANGE |
++                               AH_WOW_BEACON_MISS;
++      if (wowlan->magic_pkt)
++              *wow_triggers |= AH_WOW_MAGIC_PATTERN_EN;
++
++      if (wowlan->n_patterns)
++              *wow_triggers |= AH_WOW_USER_PATTERN_EN;
++
++      sc->wow_enabled = *wow_triggers;
+-      return  "unknown reason";
  }
+-EXPORT_SYMBOL(ath9k_hw_wow_event_to_string);
  
- static int cfg80211_sme_connect(struct wireless_dev *wdev,
-@@ -953,21 +976,19 @@ int cfg80211_disconnect(struct cfg80211_
-                       struct net_device *dev, u16 reason, bool wextev)
+-static void ath9k_hw_set_powermode_wow_sleep(struct ath_hw *ah)
++static void ath9k_wow_add_disassoc_deauth_pattern(struct ath_softc *sc)
  {
-       struct wireless_dev *wdev = dev->ieee80211_ptr;
--      int err;
-+      int err = 0;
-       ASSERT_WDEV_LOCK(wdev);
-       kfree(wdev->connect_keys);
-       wdev->connect_keys = NULL;
--      if (wdev->conn) {
-+      if (wdev->conn)
-               err = cfg80211_sme_disconnect(wdev, reason);
--      } else if (!rdev->ops->disconnect) {
-+      else if (!rdev->ops->disconnect)
-               cfg80211_mlme_down(rdev, dev);
--              err = 0;
--      } else {
-+      else if (wdev->current_bss)
-               err = rdev_disconnect(rdev, dev, reason);
--      }
++      struct ath_hw *ah = sc->sc_ah;
+       struct ath_common *common = ath9k_hw_common(ah);
++      int pattern_count = 0;
++      int i, byte_cnt;
++      u8 dis_deauth_pattern[MAX_PATTERN_SIZE];
++      u8 dis_deauth_mask[MAX_PATTERN_SIZE];
  
-       return err;
- }
---- a/net/mac80211/rc80211_minstrel.c
-+++ b/net/mac80211/rc80211_minstrel.c
-@@ -203,6 +203,15 @@ minstrel_update_stats(struct minstrel_pr
-       memcpy(mi->max_tp_rate, tmp_tp_rate, sizeof(mi->max_tp_rate));
-       mi->max_prob_rate = tmp_prob_rate;
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+      /* use fixed index if set */
-+      if (mp->fixed_rate_idx != -1) {
-+              mi->max_tp_rate[0] = mp->fixed_rate_idx;
-+              mi->max_tp_rate[1] = mp->fixed_rate_idx;
-+              mi->max_prob_rate = mp->fixed_rate_idx;
-+      }
-+#endif
-+
-       /* Reset update timer */
-       mi->stats_update = jiffies;
-@@ -290,7 +299,7 @@ minstrel_get_rate(void *priv, struct iee
-       struct minstrel_rate *msr, *mr;
-       unsigned int ndx;
-       bool mrr_capable;
--      bool prev_sample = mi->prev_sample;
-+      bool prev_sample;
-       int delta;
-       int sampling_ratio;
-@@ -310,10 +319,16 @@ minstrel_get_rate(void *priv, struct iee
-       /* increase sum packet counter */
-       mi->packet_count++;
-+#ifdef CPTCFG_MAC80211_DEBUGFS
-+      if (mp->fixed_rate_idx != -1)
-+              return;
-+#endif
-+
-       delta = (mi->packet_count * sampling_ratio / 100) -
-                       (mi->sample_count + mi->sample_deferred / 2);
+-      REG_SET_BIT(ah, AR_STA_ID1, AR_STA_ID1_PWR_SAV);
++      memset(dis_deauth_pattern, 0, MAX_PATTERN_SIZE);
++      memset(dis_deauth_mask, 0, MAX_PATTERN_SIZE);
  
-       /* delta < 0: no sampling required */
-+      prev_sample = mi->prev_sample;
-       mi->prev_sample = false;
-       if (delta < 0 || (!mrr_capable && prev_sample))
-               return;
---- a/drivers/net/wireless/rt2x00/rt2x00queue.c
-+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -936,13 +936,8 @@ void rt2x00queue_index_inc(struct queue_
-       spin_unlock_irqrestore(&queue->index_lock, irqflags);
- }
+-      /* set rx disable bit */
+-      REG_WRITE(ah, AR_CR, AR_CR_RXD);
++      /*
++       * Create Dissassociate / Deauthenticate packet filter
++       *
++       *     2 bytes        2 byte    6 bytes   6 bytes  6 bytes
++       *  +--------------+----------+---------+--------+--------+----
++       *  + Frame Control+ Duration +   DA    +  SA    +  BSSID +
++       *  +--------------+----------+---------+--------+--------+----
++       *
++       * The above is the management frame format for disassociate/
++       * deauthenticate pattern, from this we need to match the first byte
++       * of 'Frame Control' and DA, SA, and BSSID fields
++       * (skipping 2nd byte of FC and Duration feild.
++       *
++       * Disassociate pattern
++       * --------------------
++       * Frame control = 00 00 1010
++       * DA, SA, BSSID = x:x:x:x:x:x
++       * Pattern will be A0000000 | x:x:x:x:x:x | x:x:x:x:x:x
++       *                          | x:x:x:x:x:x  -- 22 bytes
++       *
++       * Deauthenticate pattern
++       * ----------------------
++       * Frame control = 00 00 1100
++       * DA, SA, BSSID = x:x:x:x:x:x
++       * Pattern will be C0000000 | x:x:x:x:x:x | x:x:x:x:x:x
++       *                          | x:x:x:x:x:x  -- 22 bytes
++       */
  
--void rt2x00queue_pause_queue(struct data_queue *queue)
-+void rt2x00queue_pause_queue_nocheck(struct data_queue *queue)
- {
--      if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
--          !test_bit(QUEUE_STARTED, &queue->flags) ||
--          test_and_set_bit(QUEUE_PAUSED, &queue->flags))
+-      if (!ath9k_hw_wait(ah, AR_CR, AR_CR_RXE, 0, AH_WAIT_TIMEOUT)) {
+-              ath_err(common, "Failed to stop Rx DMA in 10ms AR_CR=0x%08x AR_DIAG_SW=0x%08x\n",
+-                      REG_READ(ah, AR_CR), REG_READ(ah, AR_DIAG_SW));
 -              return;
--
-       switch (queue->qid) {
-       case QID_AC_VO:
-       case QID_AC_VI:
-@@ -958,6 +953,15 @@ void rt2x00queue_pause_queue(struct data
-               break;
-       }
- }
-+void rt2x00queue_pause_queue(struct data_queue *queue)
-+{
-+      if (!test_bit(DEVICE_STATE_PRESENT, &queue->rt2x00dev->flags) ||
-+          !test_bit(QUEUE_STARTED, &queue->flags) ||
-+          test_and_set_bit(QUEUE_PAUSED, &queue->flags))
-+              return;
-+
-+      rt2x00queue_pause_queue_nocheck(queue);
-+}
- EXPORT_SYMBOL_GPL(rt2x00queue_pause_queue);
- void rt2x00queue_unpause_queue(struct data_queue *queue)
-@@ -1019,7 +1023,7 @@ void rt2x00queue_stop_queue(struct data_
-               return;
-       }
--      rt2x00queue_pause_queue(queue);
-+      rt2x00queue_pause_queue_nocheck(queue);
+-      }
++      /* Create Disassociate Pattern first */
  
-       queue->rt2x00dev->ops->lib->stop_queue(queue);
+-      REG_WRITE(ah, AR_RTC_FORCE_WAKE, AR_RTC_FORCE_WAKE_ON_INT);
+-}
++      byte_cnt = 0;
  
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -31,10 +31,12 @@
- #include "led.h"
- #define IEEE80211_AUTH_TIMEOUT                (HZ / 5)
-+#define IEEE80211_AUTH_TIMEOUT_LONG   (HZ / 2)
- #define IEEE80211_AUTH_TIMEOUT_SHORT  (HZ / 10)
- #define IEEE80211_AUTH_MAX_TRIES      3
- #define IEEE80211_AUTH_WAIT_ASSOC     (HZ * 5)
- #define IEEE80211_ASSOC_TIMEOUT               (HZ / 5)
-+#define IEEE80211_ASSOC_TIMEOUT_LONG  (HZ / 2)
- #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
- #define IEEE80211_ASSOC_MAX_TRIES     3
-@@ -209,8 +211,9 @@ ieee80211_determine_chantype(struct ieee
-                            struct ieee80211_channel *channel,
-                            const struct ieee80211_ht_operation *ht_oper,
-                            const struct ieee80211_vht_operation *vht_oper,
--                           struct cfg80211_chan_def *chandef, bool verbose)
-+                           struct cfg80211_chan_def *chandef, bool tracking)
- {
-+      struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
-       struct cfg80211_chan_def vht_chandef;
-       u32 ht_cfreq, ret;
-@@ -229,7 +232,7 @@ ieee80211_determine_chantype(struct ieee
-       ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
-                                                 channel->band);
-       /* check that channel matches the right operating channel */
--      if (channel->center_freq != ht_cfreq) {
-+      if (!tracking && channel->center_freq != ht_cfreq) {
-               /*
-                * It's possible that some APs are confused here;
-                * Netgear WNDR3700 sometimes reports 4 higher than
-@@ -237,11 +240,10 @@ ieee80211_determine_chantype(struct ieee
-                * since we look at probe response/beacon data here
-                * it should be OK.
-                */
--              if (verbose)
--                      sdata_info(sdata,
--                                 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
--                                 channel->center_freq, ht_cfreq,
--                                 ht_oper->primary_chan, channel->band);
-+              sdata_info(sdata,
-+                         "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
-+                         channel->center_freq, ht_cfreq,
-+                         ht_oper->primary_chan, channel->band);
-               ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
-               goto out;
-       }
-@@ -295,7 +297,7 @@ ieee80211_determine_chantype(struct ieee
-                               channel->band);
-               break;
-       default:
--              if (verbose)
-+              if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
-                       sdata_info(sdata,
-                                  "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
-                                  vht_oper->chan_width);
-@@ -304,7 +306,7 @@ ieee80211_determine_chantype(struct ieee
-       }
+-static void ath9k_wow_create_keep_alive_pattern(struct ath_hw *ah)
+-{
+-      struct ath_common *common = ath9k_hw_common(ah);
+-      u8 sta_mac_addr[ETH_ALEN], ap_mac_addr[ETH_ALEN];
+-      u32 ctl[13] = {0};
+-      u32 data_word[KAL_NUM_DATA_WORDS];
+-      u8 i;
+-      u32 wow_ka_data_word0;
+-
+-      memcpy(sta_mac_addr, common->macaddr, ETH_ALEN);
+-      memcpy(ap_mac_addr, common->curbssid, ETH_ALEN);
+-
+-      /* set the transmit buffer */
+-      ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16));
+-      ctl[1] = 0;
+-      ctl[3] = 0xb;   /* OFDM_6M hardware value for this rate */
+-      ctl[4] = 0;
+-      ctl[7] = (ah->txchainmask) << 2;
+-      ctl[2] = 0xf << 16; /* tx_tries 0 */
+-
+-      for (i = 0; i < KAL_NUM_DESC_WORDS; i++)
+-              REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
+-
+-      REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + i * 4), ctl[i]);
+-
+-      data_word[0] = (KAL_FRAME_TYPE << 2) | (KAL_FRAME_SUB_TYPE << 4) |
+-                     (KAL_TO_DS << 8) | (KAL_DURATION_ID << 16);
+-      data_word[1] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
+-                     (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
+-      data_word[2] = (sta_mac_addr[1] << 24) | (sta_mac_addr[0] << 16) |
+-                     (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
+-      data_word[3] = (sta_mac_addr[5] << 24) | (sta_mac_addr[4] << 16) |
+-                     (sta_mac_addr[3] << 8) | (sta_mac_addr[2]);
+-      data_word[4] = (ap_mac_addr[3] << 24) | (ap_mac_addr[2] << 16) |
+-                     (ap_mac_addr[1] << 8) | (ap_mac_addr[0]);
+-      data_word[5] = (ap_mac_addr[5] << 8) | (ap_mac_addr[4]);
+-
+-      if (AR_SREV_9462_20(ah)) {
+-              /* AR9462 2.0 has an extra descriptor word (time based
+-               * discard) compared to other chips */
+-              REG_WRITE(ah, (AR_WOW_KA_DESC_WORD2 + (12 * 4)), 0);
+-              wow_ka_data_word0 = AR_WOW_TXBUF(13);
+-      } else {
+-              wow_ka_data_word0 = AR_WOW_TXBUF(12);
+-      }
++      /* Fill out the mask with all FF's */
  
-       if (!cfg80211_chandef_valid(&vht_chandef)) {
--              if (verbose)
-+              if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
-                       sdata_info(sdata,
-                                  "AP VHT information is invalid, disable VHT\n");
-               ret = IEEE80211_STA_DISABLE_VHT;
-@@ -317,7 +319,7 @@ ieee80211_determine_chantype(struct ieee
-       }
+-      for (i = 0; i < KAL_NUM_DATA_WORDS; i++)
+-              REG_WRITE(ah, (wow_ka_data_word0 + i*4), data_word[i]);
++      for (i = 0; i < MAX_PATTERN_MASK_SIZE; i++)
++              dis_deauth_mask[i] = 0xff;
  
-       if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
--              if (verbose)
-+              if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
-                       sdata_info(sdata,
-                                  "AP VHT information doesn't match HT, disable VHT\n");
-               ret = IEEE80211_STA_DISABLE_VHT;
-@@ -333,18 +335,27 @@ out:
-       if (ret & IEEE80211_STA_DISABLE_VHT)
-               vht_chandef = *chandef;
+-}
++      /* copy the first byte of frame control field */
++      dis_deauth_pattern[byte_cnt] = 0xa0;
++      byte_cnt++;
  
+-void ath9k_hw_wow_apply_pattern(struct ath_hw *ah, u8 *user_pattern,
+-                              u8 *user_mask, int pattern_count,
+-                              int pattern_len)
+-{
+-      int i;
+-      u32 pattern_val, mask_val;
+-      u32 set, clr;
++      /* skip 2nd byte of frame control and Duration field */
++      byte_cnt += 3;
+-      /* FIXME: should check count by querying the hardware capability */
+-      if (pattern_count >= MAX_NUM_PATTERN)
+-              return;
 +      /*
-+       * Ignore the DISABLED flag when we're already connected and only
-+       * tracking the APs beacon for bandwidth changes - otherwise we
-+       * might get disconnected here if we connect to an AP, update our
-+       * regulatory information based on the AP's country IE and the
-+       * information we have is wrong/outdated and disables the channel
-+       * that we're actually using for the connection to the AP.
++       * need not match the destination mac address, it can be a broadcast
++       * mac address or an unicast to this station
 +       */
-       while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
--                                      IEEE80211_CHAN_DISABLED)) {
-+                                      tracking ? 0 :
-+                                                 IEEE80211_CHAN_DISABLED)) {
-               if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
-                       ret = IEEE80211_STA_DISABLE_HT |
-                             IEEE80211_STA_DISABLE_VHT;
--                      goto out;
-+                      break;
-               }
++      byte_cnt += 6;
+-      REG_SET_BIT(ah, AR_WOW_PATTERN, BIT(pattern_count));
++      /* copy the source mac address */
++      memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
+-      /* set the registers for pattern */
+-      for (i = 0; i < MAX_PATTERN_SIZE; i += 4) {
+-              memcpy(&pattern_val, user_pattern, 4);
+-              REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i),
+-                        pattern_val);
+-              user_pattern += 4;
+-      }
++      byte_cnt += 6;
  
-               ret |= chandef_downgrade(chandef);
-       }
+-      /* set the registers for mask */
+-      for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) {
+-              memcpy(&mask_val, user_mask, 4);
+-              REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val);
+-              user_mask += 4;
+-      }
++      /* copy the bssid, its same as the source mac address */
+-      /* set the pattern length to be matched
+-       *
+-       * AR_WOW_LENGTH1_REG1
+-       * bit 31:24 pattern 0 length
+-       * bit 23:16 pattern 1 length
+-       * bit 15:8 pattern 2 length
+-       * bit 7:0 pattern 3 length
+-       *
+-       * AR_WOW_LENGTH1_REG2
+-       * bit 31:24 pattern 4 length
+-       * bit 23:16 pattern 5 length
+-       * bit 15:8 pattern 6 length
+-       * bit 7:0 pattern 7 length
+-       *
+-       * the below logic writes out the new
+-       * pattern length for the corresponding
+-       * pattern_count, while masking out the
+-       * other fields
+-       */
++      memcpy((dis_deauth_pattern + byte_cnt), common->curbssid, ETH_ALEN);
  
--      if (chandef->width != vht_chandef.width && verbose)
-+      if (chandef->width != vht_chandef.width && !tracking)
-               sdata_info(sdata,
-                          "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
+-      ah->wow_event_mask |= BIT(pattern_count + AR_WOW_PAT_FOUND_SHIFT);
++      /* Create Disassociate pattern mask */
+-      if (pattern_count < 4) {
+-              /* Pattern 0-3 uses AR_WOW_LENGTH1 register */
+-              set = (pattern_len & AR_WOW_LENGTH_MAX) <<
+-                     AR_WOW_LEN1_SHIFT(pattern_count);
+-              clr = AR_WOW_LENGTH1_MASK(pattern_count);
+-              REG_RMW(ah, AR_WOW_LENGTH1, set, clr);
+-      } else {
+-              /* Pattern 4-7 uses AR_WOW_LENGTH2 register */
+-              set = (pattern_len & AR_WOW_LENGTH_MAX) <<
+-                     AR_WOW_LEN2_SHIFT(pattern_count);
+-              clr = AR_WOW_LENGTH2_MASK(pattern_count);
+-              REG_RMW(ah, AR_WOW_LENGTH2, set, clr);
+-      }
++      dis_deauth_mask[0] = 0xfe;
++      dis_deauth_mask[1] = 0x03;
++      dis_deauth_mask[2] = 0xc0;
  
-@@ -384,7 +395,7 @@ static int ieee80211_config_bw(struct ie
+-}
+-EXPORT_SYMBOL(ath9k_hw_wow_apply_pattern);
++      ath_dbg(common, WOW, "Adding disassoc/deauth patterns for WoW\n");
  
-       /* calculate new channel (type) based on HT/VHT operation IEs */
-       flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
--                                           vht_oper, &chandef, false);
-+                                           vht_oper, &chandef, true);
+-u32 ath9k_hw_wow_wakeup(struct ath_hw *ah)
+-{
+-      u32 wow_status = 0;
+-      u32 val = 0, rval;
++      ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
++                                 pattern_count, byte_cnt);
  
++      pattern_count++;
        /*
-        * Downgrade the new channel if we associated with restricted
-@@ -1043,6 +1054,13 @@ ieee80211_sta_process_chanswitch(struct 
-               if (!ieee80211_operating_class_to_band(
-                               elems->ext_chansw_ie->new_operating_class,
-                               &new_band)) {
-+                      /*
-+                       * Some APs send invalid ECSA IEs in probe response
-+                       * frames, so check for these and ignore them.
-+                       */
-+                      if (beacon && elems->ext_chansw_ie->new_ch_num == 0 &&
-+                          elems->ext_chansw_ie->new_operating_class == 0)
-+                              return;
-                       sdata_info(sdata,
-                                  "cannot understand ECSA IE operating class %d, disconnecting\n",
-                                  elems->ext_chansw_ie->new_operating_class);
-@@ -1110,6 +1128,15 @@ ieee80211_sta_process_chanswitch(struct 
-       case -1:
-               cfg80211_chandef_create(&new_chandef, new_chan,
-                                       NL80211_CHAN_NO_HT);
-+              /* keep width for 5/10 MHz channels */
-+              switch (sdata->vif.bss_conf.chandef.width) {
-+              case NL80211_CHAN_WIDTH_5:
-+              case NL80211_CHAN_WIDTH_10:
-+                      new_chandef.width = sdata->vif.bss_conf.chandef.width;
-+                      break;
-+              default:
-+                      break;
-+              }
-               break;
-       }
+-       * read the WoW status register to know
+-       * the wakeup reason
++       * for de-authenticate pattern, only the first byte of the frame
++       * control field gets changed from 0xA0 to 0xC0
+        */
+-      rval = REG_READ(ah, AR_WOW_PATTERN);
+-      val = AR_WOW_STATUS(rval);
++      dis_deauth_pattern[0] = 0xC0;
  
-@@ -3394,10 +3421,13 @@ static int ieee80211_probe_auth(struct i
+-      /*
+-       * mask only the WoW events that we have enabled. Sometimes
+-       * we have spurious WoW events from the AR_WOW_PATTERN
+-       * register. This mask will clean it up.
+-       */
++      ath9k_hw_wow_apply_pattern(ah, dis_deauth_pattern, dis_deauth_mask,
++                                 pattern_count, byte_cnt);
  
-       if (tx_flags == 0) {
-               auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
--              ifmgd->auth_data->timeout_started = true;
-+              auth_data->timeout_started = true;
-               run_again(sdata, auth_data->timeout);
-       } else {
--              auth_data->timeout_started = false;
-+              auth_data->timeout =
-+                      round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
-+              auth_data->timeout_started = true;
-+              run_again(sdata, auth_data->timeout);
-       }
+-      val &= ah->wow_event_mask;
++}
  
-       return 0;
-@@ -3434,7 +3464,11 @@ static int ieee80211_do_assoc(struct iee
-               assoc_data->timeout_started = true;
-               run_again(sdata, assoc_data->timeout);
-       } else {
--              assoc_data->timeout_started = false;
-+              assoc_data->timeout =
-+                      round_jiffies_up(jiffies +
-+                                       IEEE80211_ASSOC_TIMEOUT_LONG);
-+              assoc_data->timeout_started = true;
-+              run_again(sdata, assoc_data->timeout);
-       }
+-      if (val) {
+-              if (val & AR_WOW_MAGIC_PAT_FOUND)
+-                      wow_status |= AH_WOW_MAGIC_PATTERN_EN;
+-              if (AR_WOW_PATTERN_FOUND(val))
+-                      wow_status |= AH_WOW_USER_PATTERN_EN;
+-              if (val & AR_WOW_KEEP_ALIVE_FAIL)
+-                      wow_status |= AH_WOW_LINK_CHANGE;
+-              if (val & AR_WOW_BEACON_FAIL)
+-                      wow_status |= AH_WOW_BEACON_MISS;
+-      }
++static void ath9k_wow_add_pattern(struct ath_softc *sc,
++                                struct cfg80211_wowlan *wowlan)
++{
++      struct ath_hw *ah = sc->sc_ah;
++      struct ath9k_wow_pattern *wow_pattern = NULL;
++      struct cfg80211_pkt_pattern *patterns = wowlan->patterns;
++      int mask_len;
++      s8 i = 0;
++
++      if (!wowlan->n_patterns)
++              return;
  
-       return 0;
-@@ -3829,7 +3863,7 @@ static int ieee80211_prep_channel(struct
-       ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
-                                                    cbss->channel,
-                                                    ht_oper, vht_oper,
--                                                   &chandef, true);
-+                                                   &chandef, false);
-       sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
-                                     local->rx_chains);
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -772,6 +772,7 @@ void cfg80211_leave(struct cfg80211_regi
-               cfg80211_leave_mesh(rdev, dev);
-               break;
-       case NL80211_IFTYPE_AP:
-+      case NL80211_IFTYPE_P2P_GO:
-               cfg80211_stop_ap(rdev, dev);
-               break;
-       default:
---- a/drivers/net/wireless/rtlwifi/Kconfig
-+++ b/drivers/net/wireless/rtlwifi/Kconfig
-@@ -1,29 +1,22 @@
--config RTLWIFI
--      tristate "Realtek wireless card support"
-+menuconfig RTL_CARDS
-+      tristate "Realtek rtlwifi family of devices"
-       depends on m
--      depends on MAC80211
--      select BACKPORT_FW_LOADER
--      ---help---
--        This is common code for RTL8192CE/RTL8192CU/RTL8192SE/RTL8723AE
--        drivers.  This module does nothing by itself - the various front-end
--        drivers need to be enabled to support any desired devices.
--
--        If you choose to build as a module, it'll be called rtlwifi.
--
--config RTLWIFI_DEBUG
--      bool "Debugging output for rtlwifi driver family"
--      depends on RTLWIFI
-+      depends on MAC80211 && (PCI || USB)
-       default y
-       ---help---
--      To use the module option that sets the dynamic-debugging level for,
--      the front-end driver, this parameter must be "Y". For memory-limited
--      systems, choose "N". If in doubt, choose "Y".
-+        This option will enable support for the Realtek mac80211-based
-+        wireless drivers. Drivers rtl8192ce, rtl8192cu, rtl8192se, rtl8192de,
-+        rtl8723eu, and rtl8188eu share some common code.
-+
-+if RTL_CARDS
- config RTL8192CE
-       tristate "Realtek RTL8192CE/RTL8188CE Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && PCI
-+      depends on PCI
-       select RTL8192C_COMMON
-+      select RTLWIFI
-+      select RTLWIFI_PCI
-       ---help---
-       This is the driver for Realtek RTL8192CE/RTL8188CE 802.11n PCIe
-       wireless network adapters.
-@@ -33,7 +26,9 @@ config RTL8192CE
- config RTL8192SE
-       tristate "Realtek RTL8192SE/RTL8191SE PCIe Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && PCI
-+      depends on PCI
-+      select RTLWIFI
-+      select RTLWIFI_PCI
-       ---help---
-       This is the driver for Realtek RTL8192SE/RTL8191SE 802.11n PCIe
-       wireless network adapters.
-@@ -43,7 +38,9 @@ config RTL8192SE
- config RTL8192DE
-       tristate "Realtek RTL8192DE/RTL8188DE PCIe Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && PCI
-+      depends on PCI
-+      select RTLWIFI
-+      select RTLWIFI_PCI
-       ---help---
-       This is the driver for Realtek RTL8192DE/RTL8188DE 802.11n PCIe
-       wireless network adapters.
-@@ -53,7 +50,9 @@ config RTL8192DE
- config RTL8723AE
-       tristate "Realtek RTL8723AE PCIe Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && PCI
-+      depends on PCI
-+      select RTLWIFI
-+      select RTLWIFI_PCI
-       ---help---
-       This is the driver for Realtek RTL8723AE 802.11n PCIe
-       wireless network adapters.
-@@ -63,7 +62,9 @@ config RTL8723AE
- config RTL8188EE
-       tristate "Realtek RTL8188EE Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && PCI
-+      depends on PCI
-+      select RTLWIFI
-+      select RTLWIFI_PCI
-       ---help---
-       This is the driver for Realtek RTL8188EE 802.11n PCIe
-       wireless network adapters.
-@@ -73,7 +74,9 @@ config RTL8188EE
- config RTL8192CU
-       tristate "Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter"
-       depends on m
--      depends on RTLWIFI && USB
-+      depends on USB
-+      select RTLWIFI
-+      select RTLWIFI_USB
-       select RTL8192C_COMMON
-       ---help---
-       This is the driver for Realtek RTL8192CU/RTL8188CU 802.11n USB
-@@ -81,8 +84,32 @@ config RTL8192CU
+       /*
+-       * set and clear WOW_PME_CLEAR registers for the chip to
+-       * generate next wow signal.
+-       * disable D3 before accessing other registers ?
++       * Add the new user configured patterns
+        */
++      for (i = 0; i < wowlan->n_patterns; i++) {
  
-       If you choose to build it as a module, it will be called rtl8192cu
+-      /* do we need to check the bit value 0x01000000 (7-10) ?? */
+-      REG_RMW(ah, AR_PCIE_PM_CTRL, AR_PMCTRL_WOW_PME_CLR,
+-              AR_PMCTRL_PWR_STATE_D1D3);
++              wow_pattern = kzalloc(sizeof(*wow_pattern), GFP_KERNEL);
  
-+config RTLWIFI
-+      tristate
-+      depends on m
-+      select BACKPORT_FW_LOADER
-+
-+config RTLWIFI_PCI
-+      tristate
-+      depends on m
+-      /*
+-       * clear all events
+-       */
+-      REG_WRITE(ah, AR_WOW_PATTERN,
+-                AR_WOW_CLEAR_EVENTS(REG_READ(ah, AR_WOW_PATTERN)));
++              if (!wow_pattern)
++                      return;
+-      /*
+-       * restore the beacon threshold to init value
+-       */
+-      REG_WRITE(ah, AR_RSSI_THR, INIT_RSSI_THR);
++              /*
++               * TODO: convert the generic user space pattern to
++               * appropriate chip specific/802.11 pattern.
++               */
+-      /*
+-       * Restore the way the PCI-E reset, Power-On-Reset, external
+-       * PCIE_POR_SHORT pins are tied to its original value.
+-       * Previously just before WoW sleep, we untie the PCI-E
+-       * reset to our Chip's Power On Reset so that any PCI-E
+-       * reset from the bus will not reset our chip
+-       */
+-      if (ah->is_pciexpress)
+-              ath9k_hw_configpcipowersave(ah, false);
++              mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8);
++              memset(wow_pattern->pattern_bytes, 0, MAX_PATTERN_SIZE);
++              memset(wow_pattern->mask_bytes, 0, MAX_PATTERN_SIZE);
++              memcpy(wow_pattern->pattern_bytes, patterns[i].pattern,
++                     patterns[i].pattern_len);
++              memcpy(wow_pattern->mask_bytes, patterns[i].mask, mask_len);
++              wow_pattern->pattern_len = patterns[i].pattern_len;
 +
-+config RTLWIFI_USB
-+      tristate
-+      depends on m
++              /*
++               * just need to take care of deauth and disssoc pattern,
++               * make sure we don't overwrite them.
++               */
 +
-+config RTLWIFI_DEBUG
-+      bool "Debugging output for rtlwifi driver family"
-+      depends on RTLWIFI
-+      default y
-+      ---help---
-+      To use the module option that sets the dynamic-debugging level for,
-+      the front-end driver, this parameter must be "Y". For memory-limited
-+      systems, choose "N". If in doubt, choose "Y".
-+
- config RTL8192C_COMMON
-       tristate
-       depends on m
-       depends on RTL8192CE || RTL8192CU
--      default m
-+      default y
-+
-+endif
---- a/drivers/net/wireless/rtlwifi/Makefile
-+++ b/drivers/net/wireless/rtlwifi/Makefile
-@@ -12,13 +12,11 @@ rtlwifi-objs       :=              \
- rtl8192c_common-objs +=               \
--ifneq ($(CONFIG_PCI),)
--rtlwifi-objs  += pci.o
--endif
-+obj-$(CPTCFG_RTLWIFI_PCI)     += rtl_pci.o
-+rtl_pci-objs  :=              pci.o
--ifneq ($(CONFIG_USB),)
--rtlwifi-objs  += usb.o
--endif
-+obj-$(CPTCFG_RTLWIFI_USB)     += rtl_usb.o
-+rtl_usb-objs  :=              usb.o
- obj-$(CPTCFG_RTL8192C_COMMON) += rtl8192c/
- obj-$(CPTCFG_RTL8192CE)               += rtl8192ce/
---- a/drivers/net/wireless/rtlwifi/ps.h
-+++ b/drivers/net/wireless/rtlwifi/ps.h
-@@ -49,5 +49,6 @@ void rtl_swlps_rf_awake(struct ieee80211
- void rtl_swlps_rf_sleep(struct ieee80211_hw *hw);
- void rtl_p2p_ps_cmd(struct ieee80211_hw *hw, u8 p2p_ps_state);
- void rtl_p2p_info(struct ieee80211_hw *hw, void *data, unsigned int len);
-+void rtl_lps_change_work_callback(struct work_struct *work);
++              ath9k_hw_wow_apply_pattern(ah, wow_pattern->pattern_bytes,
++                                         wow_pattern->mask_bytes,
++                                         i + 2,
++                                         wow_pattern->pattern_len);
++              kfree(wow_pattern);
  
- #endif
---- a/drivers/net/wireless/rtlwifi/base.c
-+++ b/drivers/net/wireless/rtlwifi/base.c
-@@ -173,6 +173,7 @@ u8 rtl_tid_to_ac(u8 tid)
- {
-       return tid_to_ac[tid];
- }
-+EXPORT_SYMBOL_GPL(rtl_tid_to_ac);
+-      ah->wow_event_mask = 0;
++      }
  
- static void _rtl_init_hw_ht_capab(struct ieee80211_hw *hw,
-                                 struct ieee80211_sta_ht_cap *ht_cap)
-@@ -407,6 +408,7 @@ void rtl_deinit_deferred_work(struct iee
-       cancel_delayed_work(&rtlpriv->works.ps_rfon_wq);
-       cancel_delayed_work(&rtlpriv->works.fwevt_wq);
+-      return wow_status;
  }
-+EXPORT_SYMBOL_GPL(rtl_deinit_deferred_work);
+-EXPORT_SYMBOL(ath9k_hw_wow_wakeup);
  
- void rtl_init_rfkill(struct ieee80211_hw *hw)
+-void ath9k_hw_wow_enable(struct ath_hw *ah, u32 pattern_enable)
++int ath9k_suspend(struct ieee80211_hw *hw,
++                struct cfg80211_wowlan *wowlan)
  {
-@@ -440,6 +442,7 @@ void rtl_deinit_rfkill(struct ieee80211_
- {
-       wiphy_rfkill_stop_polling(hw->wiphy);
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_rfkill);
+-      u32 wow_event_mask;
+-      u32 set, clr;
++      struct ath_softc *sc = hw->priv;
++      struct ath_hw *ah = sc->sc_ah;
++      struct ath_common *common = ath9k_hw_common(ah);
++      u32 wow_triggers_enabled = 0;
++      int ret = 0;
  
- int rtl_init_core(struct ieee80211_hw *hw)
- {
-@@ -490,10 +493,12 @@ int rtl_init_core(struct ieee80211_hw *h
+-      /*
+-       * wow_event_mask is a mask to the AR_WOW_PATTERN register to
+-       * indicate which WoW events we have enabled. The WoW events
+-       * are from the 'pattern_enable' in this function and
+-       * 'pattern_count' of ath9k_hw_wow_apply_pattern()
+-       */
+-      wow_event_mask = ah->wow_event_mask;
++      mutex_lock(&sc->mutex);
  
-       return 0;
- }
-+EXPORT_SYMBOL_GPL(rtl_init_core);
+-      /*
+-       * Untie Power-on-Reset from the PCI-E-Reset. When we are in
+-       * WOW sleep, we do want the Reset from the PCI-E to disturb
+-       * our hw state
+-       */
+-      if (ah->is_pciexpress) {
+-              /*
+-               * we need to untie the internal POR (power-on-reset)
+-               * to the external PCI-E reset. We also need to tie
+-               * the PCI-E Phy reset to the PCI-E reset.
+-               */
+-              set = AR_WA_RESET_EN | AR_WA_POR_SHORT;
+-              clr = AR_WA_UNTIE_RESET_EN | AR_WA_D3_L1_DISABLE;
+-              REG_RMW(ah, AR_WA, set, clr);
++      ath_cancel_work(sc);
++      ath_stop_ani(sc);
++      del_timer_sync(&sc->rx_poll_timer);
++
++      if (test_bit(SC_OP_INVALID, &sc->sc_flags)) {
++              ath_dbg(common, ANY, "Device not present\n");
++              ret = -EINVAL;
++              goto fail_wow;
+       }
  
- void rtl_deinit_core(struct ieee80211_hw *hw)
- {
- }
-+EXPORT_SYMBOL_GPL(rtl_deinit_core);
+-      /*
+-       * set the power states appropriately and enable PME
+-       */
+-      set = AR_PMCTRL_HOST_PME_EN | AR_PMCTRL_PWR_PM_CTRL_ENA |
+-            AR_PMCTRL_AUX_PWR_DET | AR_PMCTRL_WOW_PME_CLR;
++      if (WARN_ON(!wowlan)) {
++              ath_dbg(common, WOW, "None of the WoW triggers enabled\n");
++              ret = -EINVAL;
++              goto fail_wow;
++      }
  
- void rtl_init_rx_config(struct ieee80211_hw *hw)
- {
-@@ -502,6 +507,7 @@ void rtl_init_rx_config(struct ieee80211
+-      /*
+-       * set and clear WOW_PME_CLEAR registers for the chip
+-       * to generate next wow signal.
+-       */
+-      REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
+-      clr = AR_PMCTRL_WOW_PME_CLR;
+-      REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
++      if (!device_can_wakeup(sc->dev)) {
++              ath_dbg(common, WOW, "device_can_wakeup failed, WoW is not enabled\n");
++              ret = 1;
++              goto fail_wow;
++      }
  
-       rtlpriv->cfg->ops->get_hw_reg(hw, HW_VAR_RCR, (u8 *) (&mac->rx_conf));
- }
-+EXPORT_SYMBOL_GPL(rtl_init_rx_config);
+       /*
+-       * Setup for:
+-       *      - beacon misses
+-       *      - magic pattern
+-       *      - keep alive timeout
+-       *      - pattern matching
++       * none of the sta vifs are associated
++       * and we are not currently handling multivif
++       * cases, for instance we have to seperately
++       * configure 'keep alive frame' for each
++       * STA.
+        */
  
- /*********************************************************
-  *
-@@ -880,6 +886,7 @@ bool rtl_tx_mgmt_proc(struct ieee80211_h
+-      /*
+-       * Program default values for pattern backoff, aifs/slot/KAL count,
+-       * beacon miss timeout, KAL timeout, etc.
+-       */
+-      set = AR_WOW_BACK_OFF_SHIFT(AR_WOW_PAT_BACKOFF);
+-      REG_SET_BIT(ah, AR_WOW_PATTERN, set);
++      if (!test_bit(SC_OP_PRIM_STA_VIF, &sc->sc_flags)) {
++              ath_dbg(common, WOW, "None of the STA vifs are associated\n");
++              ret = 1;
++              goto fail_wow;
++      }
++
++      if (sc->nvifs > 1) {
++              ath_dbg(common, WOW, "WoW for multivif is not yet supported\n");
++              ret = 1;
++              goto fail_wow;
++      }
  
-       return true;
- }
-+EXPORT_SYMBOL_GPL(rtl_tx_mgmt_proc);
+-      set = AR_WOW_AIFS_CNT(AR_WOW_CNT_AIFS_CNT) |
+-            AR_WOW_SLOT_CNT(AR_WOW_CNT_SLOT_CNT) |
+-            AR_WOW_KEEP_ALIVE_CNT(AR_WOW_CNT_KA_CNT);
+-      REG_SET_BIT(ah, AR_WOW_COUNT, set);
+-
+-      if (pattern_enable & AH_WOW_BEACON_MISS)
+-              set = AR_WOW_BEACON_TIMO;
+-      /* We are not using beacon miss, program a large value */
+-      else
+-              set = AR_WOW_BEACON_TIMO_MAX;
++      ath9k_wow_map_triggers(sc, wowlan, &wow_triggers_enabled);
  
- void rtl_get_tcb_desc(struct ieee80211_hw *hw,
-                     struct ieee80211_tx_info *info,
-@@ -1053,6 +1060,7 @@ bool rtl_action_proc(struct ieee80211_hw
+-      REG_WRITE(ah, AR_WOW_BCN_TIMO, set);
++      ath_dbg(common, WOW, "WoW triggers enabled 0x%x\n",
++              wow_triggers_enabled);
  
-       return true;
- }
-+EXPORT_SYMBOL_GPL(rtl_action_proc);
+-      /*
+-       * Keep alive timo in ms except AR9280
+-       */
+-      if (!pattern_enable)
+-              set = AR_WOW_KEEP_ALIVE_NEVER;
+-      else
+-              set = KAL_TIMEOUT * 32;
++      ath9k_ps_wakeup(sc);
  
- /*should call before software enc*/
- u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
-@@ -1126,6 +1134,7 @@ u8 rtl_is_special_data(struct ieee80211_
+-      REG_WRITE(ah, AR_WOW_KEEP_ALIVE_TIMO, set);
++      ath9k_stop_btcoex(sc);
  
-       return false;
- }
-+EXPORT_SYMBOL_GPL(rtl_is_special_data);
+       /*
+-       * Keep alive delay in us. based on 'power on clock',
+-       * therefore in usec
++       * Enable wake up on recieving disassoc/deauth
++       * frame by default.
+        */
+-      set = KAL_DELAY * 1000;
+-      REG_WRITE(ah, AR_WOW_KEEP_ALIVE_DELAY, set);
++      ath9k_wow_add_disassoc_deauth_pattern(sc);
  
- /*********************************************************
-  *
-@@ -1301,6 +1310,7 @@ void rtl_beacon_statistic(struct ieee802
+-      /*
+-       * Create keep alive pattern to respond to beacons
+-       */
+-      ath9k_wow_create_keep_alive_pattern(ah);
++      if (wow_triggers_enabled & AH_WOW_USER_PATTERN_EN)
++              ath9k_wow_add_pattern(sc, wowlan);
  
-       rtlpriv->link_info.bcn_rx_inperiod++;
- }
-+EXPORT_SYMBOL_GPL(rtl_beacon_statistic);
++      spin_lock_bh(&sc->sc_pcu_lock);
+       /*
+-       * Configure MAC WoW Registers
++       * To avoid false wake, we enable beacon miss interrupt only
++       * when we go to sleep. We save the current interrupt mask
++       * so we can restore it after the system wakes up
+        */
+-      set = 0;
+-      /* Send keep alive timeouts anyway */
+-      clr = AR_WOW_KEEP_ALIVE_AUTO_DIS;
+-
+-      if (pattern_enable & AH_WOW_LINK_CHANGE)
+-              wow_event_mask |= AR_WOW_KEEP_ALIVE_FAIL;
+-      else
+-              set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
++      sc->wow_intr_before_sleep = ah->imask;
++      ah->imask &= ~ATH9K_INT_GLOBAL;
++      ath9k_hw_disable_interrupts(ah);
++      ah->imask = ATH9K_INT_BMISS | ATH9K_INT_GLOBAL;
++      ath9k_hw_set_interrupts(ah);
++      ath9k_hw_enable_interrupts(ah);
+-      set = AR_WOW_KEEP_ALIVE_FAIL_DIS;
+-      REG_RMW(ah, AR_WOW_KEEP_ALIVE, set, clr);
++      spin_unlock_bh(&sc->sc_pcu_lock);
  
- void rtl_watchdog_wq_callback(void *data)
- {
-@@ -1794,6 +1804,7 @@ void rtl_recognize_peer(struct ieee80211
+       /*
+-       * we are relying on a bmiss failure. ensure we have
+-       * enough threshold to prevent false positives
++       * we can now sync irq and kill any running tasklets, since we already
++       * disabled interrupts and not holding a spin lock
+        */
+-      REG_RMW_FIELD(ah, AR_RSSI_THR, AR_RSSI_THR_BM_THR,
+-                    AR_WOW_BMISSTHRESHOLD);
++      synchronize_irq(sc->irq);
++      tasklet_kill(&sc->intr_tq);
++
++      ath9k_hw_wow_enable(ah, wow_triggers_enabled);
  
-       mac->vendor = vendor;
- }
-+EXPORT_SYMBOL_GPL(rtl_recognize_peer);
+-      set = 0;
+-      clr = 0;
++      ath9k_ps_restore(sc);
++      ath_dbg(common, ANY, "WoW enabled in ath9k\n");
++      atomic_inc(&sc->wow_sleep_proc_intr);
  
- /*********************************************************
-  *
-@@ -1850,6 +1861,7 @@ struct attribute_group rtl_attribute_gro
-       .name = "rtlsysfs",
-       .attrs = rtl_sysfs_entries,
- };
-+EXPORT_SYMBOL_GPL(rtl_attribute_group);
+-      if (pattern_enable & AH_WOW_BEACON_MISS) {
+-              set = AR_WOW_BEACON_FAIL_EN;
+-              wow_event_mask |= AR_WOW_BEACON_FAIL;
+-      } else {
+-              clr = AR_WOW_BEACON_FAIL_EN;
++fail_wow:
++      mutex_unlock(&sc->mutex);
++      return ret;
++}
++
++int ath9k_resume(struct ieee80211_hw *hw)
++{
++      struct ath_softc *sc = hw->priv;
++      struct ath_hw *ah = sc->sc_ah;
++      struct ath_common *common = ath9k_hw_common(ah);
++      u32 wow_status;
++
++      mutex_lock(&sc->mutex);
++
++      ath9k_ps_wakeup(sc);
++
++      spin_lock_bh(&sc->sc_pcu_lock);
++
++      ath9k_hw_disable_interrupts(ah);
++      ah->imask = sc->wow_intr_before_sleep;
++      ath9k_hw_set_interrupts(ah);
++      ath9k_hw_enable_interrupts(ah);
++
++      spin_unlock_bh(&sc->sc_pcu_lock);
++
++      wow_status = ath9k_hw_wow_wakeup(ah);
++
++      if (atomic_read(&sc->wow_got_bmiss_intr) == 0) {
++              /*
++               * some devices may not pick beacon miss
++               * as the reason they woke up so we add
++               * that here for that shortcoming.
++               */
++              wow_status |= AH_WOW_BEACON_MISS;
++              atomic_dec(&sc->wow_got_bmiss_intr);
++              ath_dbg(common, ANY, "Beacon miss interrupt picked up during WoW sleep\n");
+       }
  
- MODULE_AUTHOR("lizhaoming     <chaoming_li@realsil.com.cn>");
- MODULE_AUTHOR("Realtek WlanFAE        <wlanfae@realtek.com>");
-@@ -1857,7 +1869,8 @@ MODULE_AUTHOR("Larry Finger      <Larry.FInge
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Realtek 802.11n PCI wireless core");
+-      REG_RMW(ah, AR_WOW_BCN_EN, set, clr);
++      atomic_dec(&sc->wow_sleep_proc_intr);
  
--struct rtl_global_var global_var = {};
-+struct rtl_global_var rtl_global_var = {};
-+EXPORT_SYMBOL_GPL(rtl_global_var);
+-      set = 0;
+-      clr = 0;
+-      /*
+-       * Enable the magic packet registers
+-       */
+-      if (pattern_enable & AH_WOW_MAGIC_PATTERN_EN) {
+-              set = AR_WOW_MAGIC_EN;
+-              wow_event_mask |= AR_WOW_MAGIC_PAT_FOUND;
+-      } else {
+-              clr = AR_WOW_MAGIC_EN;
++      if (wow_status) {
++              ath_dbg(common, ANY, "Waking up due to WoW triggers %s with WoW status = %x\n",
++                      ath9k_hw_wow_event_to_string(wow_status), wow_status);
+       }
+-      set |= AR_WOW_MAC_INTR_EN;
+-      REG_RMW(ah, AR_WOW_PATTERN, set, clr);
  
- static int __init rtl_core_module_init(void)
- {
-@@ -1865,8 +1878,8 @@ static int __init rtl_core_module_init(v
-               pr_err("Unable to register rtl_rc, use default RC !!\n");
+-      REG_WRITE(ah, AR_WOW_PATTERN_MATCH_LT_256B,
+-                AR_WOW_PATTERN_SUPPORTED);
++      ath_restart_work(sc);
++      ath9k_start_btcoex(sc);
  
-       /* init some global vars */
--      INIT_LIST_HEAD(&global_var.glb_priv_list);
--      spin_lock_init(&global_var.glb_list_lock);
-+      INIT_LIST_HEAD(&rtl_global_var.glb_priv_list);
-+      spin_lock_init(&rtl_global_var.glb_list_lock);
+-      /*
+-       * Set the power states appropriately and enable PME
+-       */
+-      clr = 0;
+-      set = AR_PMCTRL_PWR_STATE_D1D3 | AR_PMCTRL_HOST_PME_EN |
+-            AR_PMCTRL_PWR_PM_CTRL_ENA;
++      ath9k_ps_restore(sc);
++      mutex_unlock(&sc->mutex);
  
-       return 0;
- }
---- a/drivers/net/wireless/rtlwifi/base.h
-+++ b/drivers/net/wireless/rtlwifi/base.h
-@@ -147,7 +147,7 @@ void rtl_recognize_peer(struct ieee80211
- u8 rtl_tid_to_ac(u8 tid);
- extern struct attribute_group rtl_attribute_group;
- void rtl_easy_concurrent_retrytimer_callback(unsigned long data);
--extern struct rtl_global_var global_var;
-+extern struct rtl_global_var rtl_global_var;
- int rtlwifi_rate_mapping(struct ieee80211_hw *hw,
-                        bool isht, u8 desc_rate, bool first_ampdu);
- bool rtl_tx_mgmt_proc(struct ieee80211_hw *hw, struct sk_buff *skb);
---- a/drivers/net/wireless/rtlwifi/core.c
-+++ b/drivers/net/wireless/rtlwifi/core.c
-@@ -1330,3 +1330,4 @@ const struct ieee80211_ops rtl_ops = {
-       .rfkill_poll = rtl_op_rfkill_poll,
-       .flush = rtl_op_flush,
- };
-+EXPORT_SYMBOL_GPL(rtl_ops);
---- a/drivers/net/wireless/rtlwifi/debug.c
-+++ b/drivers/net/wireless/rtlwifi/debug.c
-@@ -51,3 +51,4 @@ void rtl_dbgp_flag_init(struct ieee80211
+-      clr = AR_PCIE_PM_CTRL_ENA;
+-      REG_RMW(ah, AR_PCIE_PM_CTRL, set, clr);
++      return 0;
++}
  
-       /*Init Debug flag enable condition */
- }
-+EXPORT_SYMBOL_GPL(rtl_dbgp_flag_init);
---- a/drivers/net/wireless/rtlwifi/efuse.c
-+++ b/drivers/net/wireless/rtlwifi/efuse.c
-@@ -229,6 +229,7 @@ void read_efuse_byte(struct ieee80211_hw
+-      /*
+-       * this is needed to prevent the chip waking up
+-       * the host within 3-4 seconds with certain
+-       * platform/BIOS. The fix is to enable
+-       * D1 & D3 to match original definition and
+-       * also match the OTP value. Anyway this
+-       * is more related to SW WOW.
+-       */
+-      clr = AR_PMCTRL_PWR_STATE_D1D3;
+-      REG_CLR_BIT(ah, AR_PCIE_PM_CTRL, clr);
++void ath9k_set_wakeup(struct ieee80211_hw *hw, bool enabled)
++{
++      struct ath_softc *sc = hw->priv;
+-      set = AR_PMCTRL_PWR_STATE_D1D3_REAL;
+-      REG_SET_BIT(ah, AR_PCIE_PM_CTRL, set);
++      mutex_lock(&sc->mutex);
++      device_init_wakeup(sc->dev, 1);
++      device_set_wakeup_enable(sc->dev, enabled);
++      mutex_unlock(&sc->mutex);
++}
  
-       *pbuf = (u8) (value32 & 0xff);
+-      REG_CLR_BIT(ah, AR_STA_ID1, AR_STA_ID1_PRESERVE_SEQNUM);
++void ath9k_init_wow(struct ieee80211_hw *hw)
++{
++      struct ath_softc *sc = hw->priv;
+-      /* to bring down WOW power low margin */
+-      set = BIT(13);
+-      REG_SET_BIT(ah, AR_PCIE_PHY_REG3, set);
+-      /* HW WoW */
+-      clr = BIT(5);
+-      REG_CLR_BIT(ah, AR_PCU_MISC_MODE3, clr);
++      if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_WOW_DEVICE_CAPABLE) &&
++          (sc->driver_data & ATH9K_PCI_WOW) &&
++          device_can_wakeup(sc->dev))
++              hw->wiphy->wowlan = &ath9k_wowlan_support;
+-      ath9k_hw_set_powermode_wow_sleep(ah);
+-      ah->wow_event_mask = wow_event_mask;
++      atomic_set(&sc->wow_sleep_proc_intr, -1);
++      atomic_set(&sc->wow_got_bmiss_intr, -1);
  }
-+EXPORT_SYMBOL_GPL(read_efuse_byte);
+-EXPORT_SYMBOL(ath9k_hw_wow_enable);
+--- a/drivers/net/wireless/ath/ath9k/xmit.c
++++ b/drivers/net/wireless/ath/ath9k/xmit.c
+@@ -1786,6 +1786,9 @@ bool ath_drain_all_txq(struct ath_softc 
+               if (!ATH_TXQ_SETUP(sc, i))
+                       continue;
  
- void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf)
- {
---- a/drivers/net/wireless/rtlwifi/pci.c
-+++ b/drivers/net/wireless/rtlwifi/pci.c
-@@ -35,6 +35,13 @@
- #include "efuse.h"
- #include <linux/export.h>
- #include <linux/kmemleak.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming     <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE        <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger   <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("PCI basic driver for rtlwifi");
- static const u16 pcibridge_vendors[PCI_BRIDGE_VENDOR_MAX] = {
-       PCI_VENDOR_ID_INTEL,
-@@ -1008,19 +1015,6 @@ static void _rtl_pci_prepare_bcn_tasklet
-       return;
++              if (!sc->tx.txq[i].axq_depth)
++                      continue;
++
+               if (ath9k_hw_numtxpending(ah, sc->tx.txq[i].axq_qnum))
+                       npend |= BIT(i);
+       }
+@@ -2749,6 +2752,8 @@ void ath_tx_node_cleanup(struct ath_soft
+       }
  }
  
--static void rtl_lps_change_work_callback(struct work_struct *work)
--{
--      struct rtl_works *rtlworks =
--          container_of(work, struct rtl_works, lps_change_work);
--      struct ieee80211_hw *hw = rtlworks->hw;
--      struct rtl_priv *rtlpriv = rtl_priv(hw);
--
--      if (rtlpriv->enter_ps)
--              rtl_lps_enter(hw);
--      else
--              rtl_lps_leave(hw);
--}
--
- static void _rtl_pci_init_trx_var(struct ieee80211_hw *hw)
++#ifdef CONFIG_ATH9K_TX99
++
+ int ath9k_tx99_send(struct ath_softc *sc, struct sk_buff *skb,
+                   struct ath_tx_control *txctl)
  {
-       struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
-@@ -1899,7 +1893,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
-       rtlpriv->rtlhal.interface = INTF_PCI;
-       rtlpriv->cfg = (struct rtl_hal_cfg *)(id->driver_data);
-       rtlpriv->intf_ops = &rtl_pci_ops;
--      rtlpriv->glb_var = &global_var;
-+      rtlpriv->glb_var = &rtl_global_var;
+@@ -2791,3 +2796,5 @@ int ath9k_tx99_send(struct ath_softc *sc
  
-       /*
-        *init dbgp flags before all
---- a/drivers/net/wireless/rtlwifi/ps.c
-+++ b/drivers/net/wireless/rtlwifi/ps.c
-@@ -269,6 +269,7 @@ void rtl_ips_nic_on(struct ieee80211_hw 
-       spin_unlock_irqrestore(&rtlpriv->locks.ips_lock, flags);
+       return 0;
  }
-+EXPORT_SYMBOL_GPL(rtl_ips_nic_on);
++
++#endif /* CONFIG_ATH9K_TX99 */
+--- a/drivers/net/wireless/ath/regd.c
++++ b/drivers/net/wireless/ath/regd.c
+@@ -37,17 +37,17 @@ static int __ath_regd_init(struct ath_re
+ /* We enable active scan on these a case by case basis by regulatory domain */
+ #define ATH9K_2GHZ_CH12_13    REG_RULE(2467-10, 2472+10, 40, 0, 20,\
+-                                      NL80211_RRF_PASSIVE_SCAN)
++                                      NL80211_RRF_NO_IR)
+ #define ATH9K_2GHZ_CH14               REG_RULE(2484-10, 2484+10, 40, 0, 20,\
+-                              NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_OFDM)
++                              NL80211_RRF_NO_IR | NL80211_RRF_NO_OFDM)
+ /* We allow IBSS on these on a case by case basis by regulatory domain */
+ #define ATH9K_5GHZ_5150_5350  REG_RULE(5150-10, 5350+10, 80, 0, 30,\
+-                              NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
++                              NL80211_RRF_NO_IR)
+ #define ATH9K_5GHZ_5470_5850  REG_RULE(5470-10, 5850+10, 80, 0, 30,\
+-                              NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
++                              NL80211_RRF_NO_IR)
+ #define ATH9K_5GHZ_5725_5850  REG_RULE(5725-10, 5850+10, 80, 0, 30,\
+-                              NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS)
++                              NL80211_RRF_NO_IR)
+ #define ATH9K_2GHZ_ALL                ATH9K_2GHZ_CH01_11, \
+                               ATH9K_2GHZ_CH12_13, \
+@@ -224,17 +224,16 @@ ath_reg_apply_beaconing_flags(struct wip
+                                * regulatory_hint().
+                                */
+                               if (!(reg_rule->flags &
+-                                  NL80211_RRF_NO_IBSS))
++                                  NL80211_RRF_NO_IR))
+                                       ch->flags &=
+-                                        ~IEEE80211_CHAN_NO_IBSS;
++                                        ~IEEE80211_CHAN_NO_IR;
+                               if (!(reg_rule->flags &
+-                                  NL80211_RRF_PASSIVE_SCAN))
++                                  NL80211_RRF_NO_IR))
+                                       ch->flags &=
+-                                        ~IEEE80211_CHAN_PASSIVE_SCAN;
++                                        ~IEEE80211_CHAN_NO_IR;
+                       } else {
+                               if (ch->beacon_found)
+-                                      ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
+-                                        IEEE80211_CHAN_PASSIVE_SCAN);
++                                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+                       }
+               }
+       }
+@@ -260,11 +259,11 @@ ath_reg_apply_active_scan_flags(struct w
+        */
+       if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) {
+               ch = &sband->channels[11]; /* CH 12 */
+-              if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                      ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (ch->flags & IEEE80211_CHAN_NO_IR)
++                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+               ch = &sband->channels[12]; /* CH 13 */
+-              if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                      ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (ch->flags & IEEE80211_CHAN_NO_IR)
++                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+               return;
+       }
  
- /*for FW LPS*/
+@@ -278,17 +277,17 @@ ath_reg_apply_active_scan_flags(struct w
+       ch = &sband->channels[11]; /* CH 12 */
+       reg_rule = freq_reg_info(wiphy, ch->center_freq);
+       if (!IS_ERR(reg_rule)) {
+-              if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
+-                      if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                              ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (!(reg_rule->flags & NL80211_RRF_NO_IR))
++                      if (ch->flags & IEEE80211_CHAN_NO_IR)
++                              ch->flags &= ~IEEE80211_CHAN_NO_IR;
+       }
  
-@@ -518,6 +519,7 @@ void rtl_swlps_beacon(struct ieee80211_h
-                        "u_bufferd: %x, m_buffered: %x\n", u_buffed, m_buffed);
+       ch = &sband->channels[12]; /* CH 13 */
+       reg_rule = freq_reg_info(wiphy, ch->center_freq);
+       if (!IS_ERR(reg_rule)) {
+-              if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
+-                      if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                              ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (!(reg_rule->flags & NL80211_RRF_NO_IR))
++                      if (ch->flags & IEEE80211_CHAN_NO_IR)
++                              ch->flags &= ~IEEE80211_CHAN_NO_IR;
        }
  }
-+EXPORT_SYMBOL_GPL(rtl_swlps_beacon);
  
- void rtl_swlps_rf_awake(struct ieee80211_hw *hw)
- {
-@@ -611,6 +613,19 @@ void rtl_swlps_rf_sleep(struct ieee80211
-                       MSECS(sleep_intv * mac->vif->bss_conf.beacon_int - 40));
+@@ -320,8 +319,8 @@ static void ath_reg_apply_radar_flags(st
+                */
+               if (!(ch->flags & IEEE80211_CHAN_DISABLED))
+                       ch->flags |= IEEE80211_CHAN_RADAR |
+-                                   IEEE80211_CHAN_NO_IBSS |
+-                                   IEEE80211_CHAN_PASSIVE_SCAN;
++                                   IEEE80211_CHAN_NO_IR |
++                                   IEEE80211_CHAN_NO_IR;
+       }
  }
  
-+void rtl_lps_change_work_callback(struct work_struct *work)
-+{
-+      struct rtl_works *rtlworks =
-+          container_of(work, struct rtl_works, lps_change_work);
-+      struct ieee80211_hw *hw = rtlworks->hw;
-+      struct rtl_priv *rtlpriv = rtl_priv(hw);
-+
-+      if (rtlpriv->enter_ps)
-+              rtl_lps_enter(hw);
-+      else
-+              rtl_lps_leave(hw);
-+}
-+EXPORT_SYMBOL_GPL(rtl_lps_change_work_callback);
- void rtl_swlps_wq_callback(void *data)
- {
-@@ -922,3 +937,4 @@ void rtl_p2p_info(struct ieee80211_hw *h
-       else
-               rtl_p2p_noa_ie(hw, data, len - FCS_LEN);
- }
-+EXPORT_SYMBOL_GPL(rtl_p2p_info);
---- a/drivers/net/wireless/rtlwifi/usb.c
-+++ b/drivers/net/wireless/rtlwifi/usb.c
-@@ -32,6 +32,13 @@
- #include "ps.h"
- #include "rtl8192c/fw_common.h"
- #include <linux/export.h>
-+#include <linux/module.h>
-+
-+MODULE_AUTHOR("lizhaoming     <chaoming_li@realsil.com.cn>");
-+MODULE_AUTHOR("Realtek WlanFAE        <wlanfae@realtek.com>");
-+MODULE_AUTHOR("Larry Finger   <Larry.FInger@lwfinger.net>");
-+MODULE_LICENSE("GPL");
-+MODULE_DESCRIPTION("USB basic driver for rtlwifi");
- #define       REALTEK_USB_VENQT_READ                  0xC0
- #define       REALTEK_USB_VENQT_WRITE                 0x40
-@@ -1070,6 +1077,8 @@ int rtl_usb_probe(struct usb_interface *
-       spin_lock_init(&rtlpriv->locks.usb_lock);
-       INIT_WORK(&rtlpriv->works.fill_h2c_cmd,
-                 rtl_fill_h2c_cmd_work_callback);
-+      INIT_WORK(&rtlpriv->works.lps_change_work,
-+                rtl_lps_change_work_callback);
-       rtlpriv->usb_data_index = 0;
-       init_completion(&rtlpriv->firmware_loading_complete);
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -64,7 +64,6 @@ struct ath_node;
+--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+@@ -812,7 +812,7 @@ static s32 brcmf_p2p_run_escan(struct br
+                       struct ieee80211_channel *chan = request->channels[i];
  
- struct ath_config {
-       u16 txpowlimit;
--      u8 cabqReadytime;
};
+                       if (chan->flags & (IEEE80211_CHAN_RADAR |
+-                                         IEEE80211_CHAN_PASSIVE_SCAN))
++                                         IEEE80211_CHAN_NO_IR))
                              continue;
  
- /*************************/
-@@ -72,17 +71,12 @@ struct ath_config {
- /*************************/
+                       chanspecs[i] = channel_to_chanspec(&p2p->cfg->d11inf,
+--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+@@ -202,9 +202,9 @@ static struct ieee80211_supported_band _
+ /* This is to override regulatory domains defined in cfg80211 module (reg.c)
+  * By default world regulatory domain defined in reg.c puts the flags
+- * NL80211_RRF_PASSIVE_SCAN and NL80211_RRF_NO_IBSS for 5GHz channels (for
+- * 36..48 and 149..165). With respect to these flags, wpa_supplicant doesn't
+- * start p2p operations on 5GHz channels. All the changes in world regulatory
++ * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
++ * With respect to these flags, wpa_supplicant doesn't * start p2p
++ * operations on 5GHz channels. All the changes in world regulatory
+  * domain are to be done here.
+  */
+ static const struct ieee80211_regdomain brcmf_regdom = {
+@@ -5197,10 +5197,10 @@ static s32 brcmf_construct_reginfo(struc
+                                       if (channel & WL_CHAN_RADAR)
+                                               band_chan_arr[index].flags |=
+                                                       (IEEE80211_CHAN_RADAR |
+-                                                      IEEE80211_CHAN_NO_IBSS);
++                                                      IEEE80211_CHAN_NO_IR);
+                                       if (channel & WL_CHAN_PASSIVE)
+                                               band_chan_arr[index].flags |=
+-                                                  IEEE80211_CHAN_PASSIVE_SCAN;
++                                                  IEEE80211_CHAN_NO_IR;
+                               }
+                       }
+                       if (!update)
+--- a/drivers/net/wireless/brcm80211/brcmsmac/channel.c
++++ b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
+@@ -59,23 +59,20 @@
+ #define BRCM_2GHZ_2412_2462   REG_RULE(2412-10, 2462+10, 40, 0, 19, 0)
+ #define BRCM_2GHZ_2467_2472   REG_RULE(2467-10, 2472+10, 20, 0, 19, \
+-                                       NL80211_RRF_PASSIVE_SCAN | \
+-                                       NL80211_RRF_NO_IBSS)
++                                       NL80211_RRF_NO_IR)
+ #define BRCM_5GHZ_5180_5240   REG_RULE(5180-10, 5240+10, 40, 0, 21, \
+-                                       NL80211_RRF_PASSIVE_SCAN | \
+-                                       NL80211_RRF_NO_IBSS)
++                                       NL80211_RRF_NO_IR)
+ #define BRCM_5GHZ_5260_5320   REG_RULE(5260-10, 5320+10, 40, 0, 21, \
+-                                       NL80211_RRF_PASSIVE_SCAN | \
++                                       NL80211_RRF_NO_IR | \
+                                        NL80211_RRF_DFS | \
+-                                       NL80211_RRF_NO_IBSS)
++                                       NL80211_RRF_NO_IR)
+ #define BRCM_5GHZ_5500_5700   REG_RULE(5500-10, 5700+10, 40, 0, 21, \
+-                                       NL80211_RRF_PASSIVE_SCAN | \
++                                       NL80211_RRF_NO_IR | \
+                                        NL80211_RRF_DFS | \
+-                                       NL80211_RRF_NO_IBSS)
++                                       NL80211_RRF_NO_IR)
+ #define BRCM_5GHZ_5745_5825   REG_RULE(5745-10, 5825+10, 40, 0, 21, \
+-                                       NL80211_RRF_PASSIVE_SCAN | \
+-                                       NL80211_RRF_NO_IBSS)
++                                       NL80211_RRF_NO_IR)
+ static const struct ieee80211_regdomain brcms_regdom_x2 = {
+       .n_reg_rules = 6,
+@@ -395,7 +392,7 @@ brcms_c_channel_set_chanspec(struct brcm
+               brcms_c_set_gmode(wlc, wlc->protection->gmode_user, false);
+       brcms_b_set_chanspec(wlc->hw, chanspec,
+-                            !!(ch->flags & IEEE80211_CHAN_PASSIVE_SCAN),
++                            !!(ch->flags & IEEE80211_CHAN_NO_IR),
+                             &txpwr);
+ }
  
- #define ATH_TXBUF_RESET(_bf) do {                             \
--              (_bf)->bf_stale = false;                        \
-               (_bf)->bf_lastbf = NULL;                        \
-               (_bf)->bf_next = NULL;                          \
-               memset(&((_bf)->bf_state), 0,                   \
-                      sizeof(struct ath_buf_state));           \
-       } while (0)
+@@ -657,8 +654,8 @@ static void brcms_reg_apply_radar_flags(
+                */
+               if (!(ch->flags & IEEE80211_CHAN_DISABLED))
+                       ch->flags |= IEEE80211_CHAN_RADAR |
+-                                   IEEE80211_CHAN_NO_IBSS |
+-                                   IEEE80211_CHAN_PASSIVE_SCAN;
++                                   IEEE80211_CHAN_NO_IR |
++                                   IEEE80211_CHAN_NO_IR;
+       }
+ }
  
--#define ATH_RXBUF_RESET(_bf) do {             \
--              (_bf)->bf_stale = false;        \
--      } while (0)
--
- /**
-  * enum buffer_type - Buffer type flags
-  *
-@@ -137,7 +131,8 @@ int ath_descdma_setup(struct ath_softc *
- #define ATH_AGGR_ENCRYPTDELIM      10
- /* minimum h/w qdepth to be sustained to maximize aggregation */
- #define ATH_AGGR_MIN_QDEPTH        2
--#define ATH_AMPDU_SUBFRAME_DEFAULT 32
-+/* minimum h/w qdepth for non-aggregated traffic */
-+#define ATH_NON_AGGR_MIN_QDEPTH    8
- #define IEEE80211_SEQ_SEQ_SHIFT    4
- #define IEEE80211_SEQ_MAX          4096
-@@ -174,12 +169,6 @@ int ath_descdma_setup(struct ath_softc *
- #define ATH_TX_COMPLETE_POLL_INT      1000
--enum ATH_AGGR_STATUS {
--      ATH_AGGR_DONE,
--      ATH_AGGR_BAW_CLOSED,
--      ATH_AGGR_LIMITED,
--};
--
- #define ATH_TXFIFO_DEPTH 8
- struct ath_txq {
-       int mac80211_qnum; /* mac80211 queue number, -1 means not mac80211 Q */
-@@ -201,10 +190,10 @@ struct ath_txq {
- struct ath_atx_ac {
-       struct ath_txq *txq;
--      int sched;
-       struct list_head list;
-       struct list_head tid_q;
-       bool clear_ps_filter;
-+      bool sched;
+@@ -688,14 +685,13 @@ brcms_reg_apply_beaconing_flags(struct w
+                               if (IS_ERR(rule))
+                                       continue;
+-                              if (!(rule->flags & NL80211_RRF_NO_IBSS))
+-                                      ch->flags &= ~IEEE80211_CHAN_NO_IBSS;
+-                              if (!(rule->flags & NL80211_RRF_PASSIVE_SCAN))
++                              if (!(rule->flags & NL80211_RRF_NO_IR))
++                                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
++                              if (!(rule->flags & NL80211_RRF_NO_IR))
+                                       ch->flags &=
+-                                              ~IEEE80211_CHAN_PASSIVE_SCAN;
++                                              ~IEEE80211_CHAN_NO_IR;
+                       } else if (ch->beacon_found) {
+-                              ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
+-                                             IEEE80211_CHAN_PASSIVE_SCAN);
++                              ch->flags &= ~IEEE80211_CHAN_NO_IR;
+                       }
+               }
+       }
+--- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
++++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
+@@ -125,13 +125,13 @@ static struct ieee80211_channel brcms_2g
+       CHAN2GHZ(10, 2457, IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN2GHZ(11, 2462, IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN2GHZ(12, 2467,
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
++               IEEE80211_CHAN_NO_IR |
+                IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN2GHZ(13, 2472,
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
++               IEEE80211_CHAN_NO_IR |
+                IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN2GHZ(14, 2484,
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_IBSS |
++               IEEE80211_CHAN_NO_IR |
+                IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS |
+                IEEE80211_CHAN_NO_OFDM)
  };
+@@ -144,51 +144,51 @@ static struct ieee80211_channel brcms_5g
+       CHAN5GHZ(48, IEEE80211_CHAN_NO_HT40PLUS),
+       /* UNII-2 */
+       CHAN5GHZ(52,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(56,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(60,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(64,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       /* MID */
+       CHAN5GHZ(100,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(104,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(108,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(112,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(116,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(120,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(124,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(128,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(132,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40MINUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
+       CHAN5GHZ(136,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS),
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
+       CHAN5GHZ(140,
+-               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IBSS |
+-               IEEE80211_CHAN_PASSIVE_SCAN | IEEE80211_CHAN_NO_HT40PLUS |
++               IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR |
++               IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS |
+                IEEE80211_CHAN_NO_HT40MINUS),
+       /* UNII-3 */
+       CHAN5GHZ(149, IEEE80211_CHAN_NO_HT40MINUS),
+--- a/drivers/net/wireless/cw1200/scan.c
++++ b/drivers/net/wireless/cw1200/scan.c
+@@ -197,9 +197,9 @@ void cw1200_scan_work(struct work_struct
+                       if ((*it)->band != first->band)
+                               break;
+                       if (((*it)->flags ^ first->flags) &
+-                                      IEEE80211_CHAN_PASSIVE_SCAN)
++                                      IEEE80211_CHAN_NO_IR)
+                               break;
+-                      if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
++                      if (!(first->flags & IEEE80211_CHAN_NO_IR) &&
+                           (*it)->max_power != first->max_power)
+                               break;
+               }
+@@ -210,7 +210,7 @@ void cw1200_scan_work(struct work_struct
+               else
+                       scan.max_tx_rate = WSM_TRANSMIT_RATE_1;
+               scan.num_probes =
+-                      (first->flags & IEEE80211_CHAN_PASSIVE_SCAN) ? 0 : 2;
++                      (first->flags & IEEE80211_CHAN_NO_IR) ? 0 : 2;
+               scan.num_ssids = priv->scan.n_ssids;
+               scan.ssids = &priv->scan.ssids[0];
+               scan.num_channels = it - priv->scan.curr;
+@@ -233,7 +233,7 @@ void cw1200_scan_work(struct work_struct
+               }
+               for (i = 0; i < scan.num_channels; ++i) {
+                       scan.ch[i].number = priv->scan.curr[i]->hw_value;
+-                      if (priv->scan.curr[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN) {
++                      if (priv->scan.curr[i]->flags & IEEE80211_CHAN_NO_IR) {
+                               scan.ch[i].min_chan_time = 50;
+                               scan.ch[i].max_chan_time = 100;
+                       } else {
+@@ -241,7 +241,7 @@ void cw1200_scan_work(struct work_struct
+                               scan.ch[i].max_chan_time = 25;
+                       }
+               }
+-              if (!(first->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
++              if (!(first->flags & IEEE80211_CHAN_NO_IR) &&
+                   priv->scan.output_power != first->max_power) {
+                       priv->scan.output_power = first->max_power;
+                       wsm_set_output_power(priv,
+--- a/drivers/net/wireless/ipw2x00/ipw2100.c
++++ b/drivers/net/wireless/ipw2x00/ipw2100.c
+@@ -1934,10 +1934,10 @@ static int ipw2100_wdev_init(struct net_
+                       bg_band->channels[i].max_power = geo->bg[i].max_power;
+                       if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
+                               bg_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_PASSIVE_SCAN;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
+                               bg_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_NO_IBSS;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
+                               bg_band->channels[i].flags |=
+                                       IEEE80211_CHAN_RADAR;
+--- a/drivers/net/wireless/ipw2x00/ipw2200.c
++++ b/drivers/net/wireless/ipw2x00/ipw2200.c
+@@ -11472,10 +11472,10 @@ static int ipw_wdev_init(struct net_devi
+                       bg_band->channels[i].max_power = geo->bg[i].max_power;
+                       if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
+                               bg_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_PASSIVE_SCAN;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
+                               bg_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_NO_IBSS;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
+                               bg_band->channels[i].flags |=
+                                       IEEE80211_CHAN_RADAR;
+@@ -11511,10 +11511,10 @@ static int ipw_wdev_init(struct net_devi
+                       a_band->channels[i].max_power = geo->a[i].max_power;
+                       if (geo->a[i].flags & LIBIPW_CH_PASSIVE_ONLY)
+                               a_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_PASSIVE_SCAN;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->a[i].flags & LIBIPW_CH_NO_IBSS)
+                               a_band->channels[i].flags |=
+-                                      IEEE80211_CHAN_NO_IBSS;
++                                      IEEE80211_CHAN_NO_IR;
+                       if (geo->a[i].flags & LIBIPW_CH_RADAR_DETECT)
+                               a_band->channels[i].flags |=
+                                       IEEE80211_CHAN_RADAR;
+--- a/drivers/net/wireless/iwlegacy/3945-mac.c
++++ b/drivers/net/wireless/iwlegacy/3945-mac.c
+@@ -1595,7 +1595,7 @@ il3945_get_channels_for_scan(struct il_p
+                *  and use long active_dwell time.
+                */
+               if (!is_active || il_is_channel_passive(ch_info) ||
+-                  (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)) {
++                  (chan->flags & IEEE80211_CHAN_NO_IR)) {
+                       scan_ch->type = 0;      /* passive */
+                       if (IL_UCODE_API(il->ucode_ver) == 1)
+                               scan_ch->active_dwell =
+--- a/drivers/net/wireless/iwlegacy/4965-mac.c
++++ b/drivers/net/wireless/iwlegacy/4965-mac.c
+@@ -805,7 +805,7 @@ il4965_get_channels_for_scan(struct il_p
+               }
  
- struct ath_frame_info {
-@@ -212,14 +201,24 @@ struct ath_frame_info {
-       int framelen;
-       enum ath9k_key_type keytype;
-       u8 keyix;
--      u8 retries;
-       u8 rtscts_rate;
-+      u8 retries : 7;
-+      u8 baw_tracked : 1;
-+};
-+
-+struct ath_rxbuf {
-+      struct list_head list;
-+      struct sk_buff *bf_mpdu;
-+      void *bf_desc;
-+      dma_addr_t bf_daddr;
-+      dma_addr_t bf_buf_addr;
+               if (!is_active || il_is_channel_passive(ch_info) ||
+-                  (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
++                  (chan->flags & IEEE80211_CHAN_NO_IR))
+                       scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
+               else
+                       scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
+--- a/drivers/net/wireless/iwlegacy/common.c
++++ b/drivers/net/wireless/iwlegacy/common.c
+@@ -3447,10 +3447,10 @@ il_init_geos(struct il_priv *il)
+               if (il_is_channel_valid(ch)) {
+                       if (!(ch->flags & EEPROM_CHANNEL_IBSS))
+-                              geo_ch->flags |= IEEE80211_CHAN_NO_IBSS;
++                              geo_ch->flags |= IEEE80211_CHAN_NO_IR;
+                       if (!(ch->flags & EEPROM_CHANNEL_ACTIVE))
+-                              geo_ch->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
++                              geo_ch->flags |= IEEE80211_CHAN_NO_IR;
+                       if (ch->flags & EEPROM_CHANNEL_RADAR)
+                               geo_ch->flags |= IEEE80211_CHAN_RADAR;
+--- a/drivers/net/wireless/iwlegacy/debug.c
++++ b/drivers/net/wireless/iwlegacy/debug.c
+@@ -567,12 +567,12 @@ il_dbgfs_channels_read(struct file *file
+                                     flags & IEEE80211_CHAN_RADAR ?
+                                     " (IEEE 802.11h required)" : "",
+                                     ((channels[i].
+-                                      flags & IEEE80211_CHAN_NO_IBSS) ||
++                                      flags & IEEE80211_CHAN_NO_IR) ||
+                                      (channels[i].
+                                       flags & IEEE80211_CHAN_RADAR)) ? "" :
+                                     ", IBSS",
+                                     channels[i].
+-                                    flags & IEEE80211_CHAN_PASSIVE_SCAN ?
++                                    flags & IEEE80211_CHAN_NO_IR ?
+                                     "passive only" : "active/passive");
+       }
+       supp_band = il_get_hw_mode(il, IEEE80211_BAND_5GHZ);
+@@ -594,12 +594,12 @@ il_dbgfs_channels_read(struct file *file
+                                     flags & IEEE80211_CHAN_RADAR ?
+                                     " (IEEE 802.11h required)" : "",
+                                     ((channels[i].
+-                                      flags & IEEE80211_CHAN_NO_IBSS) ||
++                                      flags & IEEE80211_CHAN_NO_IR) ||
+                                      (channels[i].
+                                       flags & IEEE80211_CHAN_RADAR)) ? "" :
+                                     ", IBSS",
+                                     channels[i].
+-                                    flags & IEEE80211_CHAN_PASSIVE_SCAN ?
++                                    flags & IEEE80211_CHAN_NO_IR ?
+                                     "passive only" : "active/passive");
+       }
+       ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
+--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
++++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
+@@ -352,12 +352,12 @@ static ssize_t iwl_dbgfs_channels_read(s
+                                       channels[i].max_power,
+                                       channels[i].flags & IEEE80211_CHAN_RADAR ?
+                                       " (IEEE 802.11h required)" : "",
+-                                      ((channels[i].flags & IEEE80211_CHAN_NO_IBSS)
++                                      ((channels[i].flags & IEEE80211_CHAN_NO_IR)
+                                       || (channels[i].flags &
+                                       IEEE80211_CHAN_RADAR)) ? "" :
+                                       ", IBSS",
+                                       channels[i].flags &
+-                                      IEEE80211_CHAN_PASSIVE_SCAN ?
++                                      IEEE80211_CHAN_NO_IR ?
+                                       "passive only" : "active/passive");
+       }
+       supp_band = iwl_get_hw_mode(priv, IEEE80211_BAND_5GHZ);
+@@ -375,12 +375,12 @@ static ssize_t iwl_dbgfs_channels_read(s
+                                       channels[i].max_power,
+                                       channels[i].flags & IEEE80211_CHAN_RADAR ?
+                                       " (IEEE 802.11h required)" : "",
+-                                      ((channels[i].flags & IEEE80211_CHAN_NO_IBSS)
++                                      ((channels[i].flags & IEEE80211_CHAN_NO_IR)
+                                       || (channels[i].flags &
+                                       IEEE80211_CHAN_RADAR)) ? "" :
+                                       ", IBSS",
+                                       channels[i].flags &
+-                                      IEEE80211_CHAN_PASSIVE_SCAN ?
++                                      IEEE80211_CHAN_NO_IR ?
+                                       "passive only" : "active/passive");
+       }
+       ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
+--- a/drivers/net/wireless/iwlwifi/dvm/scan.c
++++ b/drivers/net/wireless/iwlwifi/dvm/scan.c
+@@ -544,7 +544,7 @@ static int iwl_get_channels_for_scan(str
+               channel = chan->hw_value;
+               scan_ch->channel = cpu_to_le16(channel);
+-              if (!is_active || (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
++              if (!is_active || (chan->flags & IEEE80211_CHAN_NO_IR))
+                       scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
+               else
+                       scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
+--- a/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
++++ b/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
+@@ -614,10 +614,10 @@ static int iwl_init_channel_map(struct d
+                       channel->flags = IEEE80211_CHAN_NO_HT40;
+                       if (!(eeprom_ch->flags & EEPROM_CHANNEL_IBSS))
+-                              channel->flags |= IEEE80211_CHAN_NO_IBSS;
++                              channel->flags |= IEEE80211_CHAN_NO_IR;
+                       if (!(eeprom_ch->flags & EEPROM_CHANNEL_ACTIVE))
+-                              channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
++                              channel->flags |= IEEE80211_CHAN_NO_IR;
+                       if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR)
+                               channel->flags |= IEEE80211_CHAN_RADAR;
+--- a/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
++++ b/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
+@@ -223,10 +223,10 @@ static int iwl_init_channel_map(struct d
+                       channel->flags |= IEEE80211_CHAN_NO_160MHZ;
+               if (!(ch_flags & NVM_CHANNEL_IBSS))
+-                      channel->flags |= IEEE80211_CHAN_NO_IBSS;
++                      channel->flags |= IEEE80211_CHAN_NO_IR;
+               if (!(ch_flags & NVM_CHANNEL_ACTIVE))
+-                      channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
++                      channel->flags |= IEEE80211_CHAN_NO_IR;
+               if (ch_flags & NVM_CHANNEL_RADAR)
+                       channel->flags |= IEEE80211_CHAN_RADAR;
+--- a/drivers/net/wireless/iwlwifi/mvm/scan.c
++++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
+@@ -192,7 +192,7 @@ static void iwl_mvm_scan_fill_channels(s
+       for (i = 0; i < cmd->channel_count; i++) {
+               chan->channel = cpu_to_le16(req->channels[i]->hw_value);
+               chan->type = cpu_to_le32(type);
+-              if (req->channels[i]->flags & IEEE80211_CHAN_PASSIVE_SCAN)
++              if (req->channels[i]->flags & IEEE80211_CHAN_NO_IR)
+                       chan->type &= cpu_to_le32(~SCAN_CHANNEL_TYPE_ACTIVE);
+               chan->active_dwell = cpu_to_le16(active_dwell);
+               chan->passive_dwell = cpu_to_le16(passive_dwell);
+@@ -642,7 +642,7 @@ static void iwl_build_channel_cfg(struct
+               channels->iter_count[index] = cpu_to_le16(1);
+               channels->iter_interval[index] = 0;
+-              if (!(s_band->channels[i].flags & IEEE80211_CHAN_PASSIVE_SCAN))
++              if (!(s_band->channels[i].flags & IEEE80211_CHAN_NO_IR))
+                       channels->type[index] |=
+                               cpu_to_le32(IWL_SCAN_OFFLOAD_CHANNEL_ACTIVE);
+--- a/drivers/net/wireless/mac80211_hwsim.c
++++ b/drivers/net/wireless/mac80211_hwsim.c
+@@ -159,7 +159,7 @@ static const struct ieee80211_regdomain 
+       .reg_rules = {
+               REG_RULE(2412-10, 2462+10, 40, 0, 20, 0),
+               REG_RULE(5725-10, 5850+10, 40, 0, 30,
+-                      NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
++                       NL80211_RRF_NO_IR),
+       }
  };
  
- struct ath_buf_state {
-       u8 bf_type;
-       u8 bfs_paprd;
-       u8 ndelim;
-+      bool stale;
-       u16 seqno;
-       unsigned long bfs_paprd_timestamp;
- };
-@@ -233,7 +232,6 @@ struct ath_buf {
-       void *bf_desc;                  /* virtual addr of desc */
-       dma_addr_t bf_daddr;            /* physical addr of desc */
-       dma_addr_t bf_buf_addr; /* physical addr of data buffer, for DMA */
--      bool bf_stale;
-       struct ieee80211_tx_rate rates[4];
-       struct ath_buf_state bf_state;
- };
-@@ -241,16 +239,18 @@ struct ath_buf {
- struct ath_atx_tid {
-       struct list_head list;
-       struct sk_buff_head buf_q;
-+      struct sk_buff_head retry_q;
-       struct ath_node *an;
-       struct ath_atx_ac *ac;
-       unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)];
--      int bar_index;
-       u16 seq_start;
-       u16 seq_next;
-       u16 baw_size;
--      int tidno;
-+      u8 tidno;
-       int baw_head;   /* first un-acked tx buffer */
-       int baw_tail;   /* next unused tx buffer slot */
-+
-+      s8 bar_index;
-       bool sched;
-       bool paused;
-       bool active;
-@@ -262,12 +262,13 @@ struct ath_node {
-       struct ieee80211_vif *vif; /* interface with which we're associated */
-       struct ath_atx_tid tid[IEEE80211_NUM_TIDS];
-       struct ath_atx_ac ac[IEEE80211_NUM_ACS];
--      int ps_key;
-       u16 maxampdu;
-       u8 mpdudensity;
-+      s8 ps_key;
-       bool sleeping;
-+      bool no_ps_filter;
- #if defined(CPTCFG_MAC80211_DEBUGFS) && defined(CPTCFG_ATH9K_DEBUGFS)
-       struct dentry *node_stat;
-@@ -317,6 +318,7 @@ struct ath_rx {
-       struct ath_descdma rxdma;
-       struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX];
-+      struct ath_rxbuf *buf_hold;
-       struct sk_buff *frag;
-       u32 ampdu_ref;
-@@ -367,6 +369,7 @@ void ath9k_release_buffered_frames(struc
- /********/
- struct ath_vif {
-+      struct ath_node mcast_node;
-       int av_bslot;
-       bool primary_sta_vif;
-       __le64 tsf_adjust; /* TSF adjustment for staggered beacons */
-@@ -459,6 +462,7 @@ void ath_check_ani(struct ath_softc *sc)
- int ath_update_survey_stats(struct ath_softc *sc);
- void ath_update_survey_nf(struct ath_softc *sc, int channel);
- void ath9k_queue_reset(struct ath_softc *sc, enum ath_reset_type type);
-+void ath_ps_full_sleep(unsigned long data);
+@@ -1485,7 +1485,7 @@ static void hw_scan_work(struct work_str
+                   req->channels[hwsim->scan_chan_idx]->center_freq);
  
- /**********/
- /* BTCOEX */
-@@ -585,19 +589,14 @@ static inline void ath_fill_led_pin(stru
- #define ATH_ANT_DIV_COMB_MAX_COUNT 100
- #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO 30
- #define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2 20
-+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO_LOW_RSSI 50
-+#define ATH_ANT_DIV_COMB_ALT_ANT_RATIO2_LOW_RSSI 50
- #define ATH_ANT_DIV_COMB_LNA1_LNA2_SWITCH_DELTA -1
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_HI -4
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_MID -2
- #define ATH_ANT_DIV_COMB_LNA1_DELTA_LOW 2
--enum ath9k_ant_div_comb_lna_conf {
--      ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2,
--      ATH_ANT_DIV_COMB_LNA2,
--      ATH_ANT_DIV_COMB_LNA1,
--      ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2,
--};
--
- struct ath_ant_comb {
-       u16 count;
-       u16 total_pkt_count;
-@@ -614,27 +613,36 @@ struct ath_ant_comb {
-       int rssi_first;
-       int rssi_second;
-       int rssi_third;
-+      int ant_ratio;
-+      int ant_ratio2;
-       bool alt_good;
-       int quick_scan_cnt;
--      int main_conf;
-+      enum ath9k_ant_div_comb_lna_conf main_conf;
-       enum ath9k_ant_div_comb_lna_conf first_quick_scan_conf;
-       enum ath9k_ant_div_comb_lna_conf second_quick_scan_conf;
-       bool first_ratio;
-       bool second_ratio;
-       unsigned long scan_start_time;
-+
-+      /*
-+       * Card-specific config values.
-+       */
-+      int low_rssi_thresh;
-+      int fast_div_bias;
+       hwsim->tmp_chan = req->channels[hwsim->scan_chan_idx];
+-      if (hwsim->tmp_chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
++      if (hwsim->tmp_chan->flags & IEEE80211_CHAN_NO_IR ||
+           !req->n_ssids) {
+               dwell = 120;
+       } else {
+--- a/drivers/net/wireless/mwifiex/cfg80211.c
++++ b/drivers/net/wireless/mwifiex/cfg80211.c
+@@ -50,24 +50,24 @@ static const struct ieee80211_regdomain 
+               REG_RULE(2412-10, 2462+10, 40, 3, 20, 0),
+               /* Channel 12 - 13 */
+               REG_RULE(2467-10, 2472+10, 20, 3, 20,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
++                       NL80211_RRF_NO_IR),
+               /* Channel 14 */
+               REG_RULE(2484-10, 2484+10, 20, 3, 20,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
++                       NL80211_RRF_NO_IR |
+                        NL80211_RRF_NO_OFDM),
+               /* Channel 36 - 48 */
+               REG_RULE(5180-10, 5240+10, 40, 3, 20,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
++                       NL80211_RRF_NO_IR),
+               /* Channel 149 - 165 */
+               REG_RULE(5745-10, 5825+10, 40, 3, 20,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS),
++                       NL80211_RRF_NO_IR),
+               /* Channel 52 - 64 */
+               REG_RULE(5260-10, 5320+10, 40, 3, 30,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
++                       NL80211_RRF_NO_IR |
+                        NL80211_RRF_DFS),
+               /* Channel 100 - 140 */
+               REG_RULE(5500-10, 5700+10, 40, 3, 30,
+-                       NL80211_RRF_PASSIVE_SCAN | NL80211_RRF_NO_IBSS |
++                       NL80211_RRF_NO_IR |
+                        NL80211_RRF_DFS),
+       }
  };
+@@ -1968,7 +1968,7 @@ mwifiex_cfg80211_scan(struct wiphy *wiph
+               user_scan_cfg->chan_list[i].chan_number = chan->hw_value;
+               user_scan_cfg->chan_list[i].radio_type = chan->band;
+-              if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
++              if (chan->flags & IEEE80211_CHAN_NO_IR)
+                       user_scan_cfg->chan_list[i].scan_type =
+                                               MWIFIEX_SCAN_TYPE_PASSIVE;
+               else
+--- a/drivers/net/wireless/mwifiex/scan.c
++++ b/drivers/net/wireless/mwifiex/scan.c
+@@ -515,14 +515,14 @@ mwifiex_scan_create_channel_list(struct 
+                               scan_chan_list[chan_idx].max_scan_time =
+                                       cpu_to_le16((u16) user_scan_in->
+                                       chan_list[0].scan_time);
+-                      else if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
++                      else if (ch->flags & IEEE80211_CHAN_NO_IR)
+                               scan_chan_list[chan_idx].max_scan_time =
+                                       cpu_to_le16(adapter->passive_scan_time);
+                       else
+                               scan_chan_list[chan_idx].max_scan_time =
+                                       cpu_to_le16(adapter->active_scan_time);
  
- void ath_ant_comb_scan(struct ath_softc *sc, struct ath_rx_status *rs);
--void ath_ant_comb_update(struct ath_softc *sc);
+-                      if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
++                      if (ch->flags & IEEE80211_CHAN_NO_IR)
+                               scan_chan_list[chan_idx].chan_scan_mode_bitmap
+                                       |= MWIFIEX_PASSIVE_SCAN;
+                       else
+--- a/drivers/net/wireless/rt2x00/rt2x00lib.h
++++ b/drivers/net/wireless/rt2x00/rt2x00lib.h
+@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_
+  * @local: frame is not from mac80211
+  */
+ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+-                             bool local);
++                             struct ieee80211_sta *sta, bool local);
  
- /********************/
- /* Main driver core */
- /********************/
+ /**
+  * rt2x00queue_update_beacon - Send new beacon from mac80211
+--- a/drivers/net/wireless/rt2x00/rt2x00mac.c
++++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
+@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct r
+                                 frag_skb->data, data_length, tx_info,
+                                 (struct ieee80211_rts *)(skb->data));
+-      retval = rt2x00queue_write_tx_frame(queue, skb, true);
++      retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true);
+       if (retval) {
+               dev_kfree_skb_any(skb);
+               rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n");
+@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *h
+                       goto exit_fail;
+       }
  
--#define ATH9K_PCI_CUS198 0x0001
--#define ATH9K_PCI_CUS230 0x0002
--#define ATH9K_PCI_CUS217 0x0004
--#define ATH9K_PCI_WOW    0x0008
-+#define ATH9K_PCI_CUS198     0x0001
-+#define ATH9K_PCI_CUS230     0x0002
-+#define ATH9K_PCI_CUS217     0x0004
-+#define ATH9K_PCI_WOW        0x0008
-+#define ATH9K_PCI_BT_ANT_DIV 0x0010
-+#define ATH9K_PCI_D3_L1_WAR  0x0020
+-      if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false)))
++      if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false)))
+               goto exit_fail;
  
- /*
-  * Default cache line size, in bytes.
-@@ -717,6 +725,7 @@ struct ath_softc {
-       struct work_struct hw_check_work;
-       struct work_struct hw_reset_work;
-       struct completion paprd_complete;
-+      wait_queue_head_t tx_wait;
+       /*
+--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
+@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct
+ }
  
-       unsigned int hw_busy_count;
-       unsigned long sc_flags;
-@@ -753,6 +762,7 @@ struct ath_softc {
-       struct delayed_work tx_complete_work;
-       struct delayed_work hw_pll_work;
-       struct timer_list rx_poll_timer;
-+      struct timer_list sleep_timer;
+ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+-                             bool local)
++                             struct ieee80211_sta *sta, bool local)
+ {
+       struct ieee80211_tx_info *tx_info;
+       struct queue_entry *entry;
+@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct da
+        * after that we are free to use the skb->cb array
+        * for our information.
+        */
+-      rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL);
++      rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta);
  
- #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-       struct ath_btcoex btcoex;
-@@ -926,7 +936,6 @@ void ath9k_deinit_device(struct ath_soft
- void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw);
- void ath9k_reload_chainmask_settings(struct ath_softc *sc);
--bool ath9k_uses_beacons(int type);
- void ath9k_spectral_scan_trigger(struct ieee80211_hw *hw);
- int ath9k_spectral_scan_config(struct ieee80211_hw *hw,
-                              enum spectral_mode spectral_mode);
---- a/drivers/net/wireless/ath/ath9k/debug.c
-+++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -270,25 +270,29 @@ static const struct file_operations fops
-       .llseek = default_llseek,
+       /*
+        * All information is retrieved from the skb->cb array,
+--- a/drivers/net/wireless/rtl818x/rtl8187/dev.c
++++ b/drivers/net/wireless/rtl818x/rtl8187/dev.c
+@@ -416,7 +416,7 @@ static int rtl8187_init_urbs(struct ieee
+       struct rtl8187_rx_info *info;
+       int ret = 0;
+-      while (skb_queue_len(&priv->rx_queue) < 16) {
++      while (skb_queue_len(&priv->rx_queue) < 32) {
+               skb = __dev_alloc_skb(RTL8187_MAX_RX, GFP_KERNEL);
+               if (!skb) {
+                       ret = -ENOMEM;
+--- a/drivers/net/wireless/rtlwifi/base.c
++++ b/drivers/net/wireless/rtlwifi/base.c
+@@ -1078,8 +1078,8 @@ u8 rtl_is_special_data(struct ieee80211_
+       ip = (struct iphdr *)((u8 *) skb->data + mac_hdr_len +
+                             SNAP_SIZE + PROTOC_TYPE_SIZE);
+-      ether_type = *(u16 *) ((u8 *) skb->data + mac_hdr_len + SNAP_SIZE);
+-      /*      ether_type = ntohs(ether_type); */
++      ether_type = be16_to_cpu(*(__be16 *)((u8 *)skb->data + mac_hdr_len +
++                                           SNAP_SIZE));
+       if (ETH_P_IP == ether_type) {
+               if (IPPROTO_UDP == ip->protocol) {
+--- a/drivers/net/wireless/rtlwifi/regd.c
++++ b/drivers/net/wireless/rtlwifi/regd.c
+@@ -59,30 +59,27 @@ static struct country_code_to_enum_rd al
+  */
+ #define RTL819x_2GHZ_CH12_13  \
+       REG_RULE(2467-10, 2472+10, 40, 0, 20,\
+-      NL80211_RRF_PASSIVE_SCAN)
++      NL80211_RRF_NO_IR)
+ #define RTL819x_2GHZ_CH14     \
+       REG_RULE(2484-10, 2484+10, 40, 0, 20, \
+-      NL80211_RRF_PASSIVE_SCAN | \
++      NL80211_RRF_NO_IR | \
+       NL80211_RRF_NO_OFDM)
+ /* 5G chan 36 - chan 64*/
+ #define RTL819x_5GHZ_5150_5350        \
+       REG_RULE(5150-10, 5350+10, 40, 0, 30, \
+-      NL80211_RRF_PASSIVE_SCAN | \
+-      NL80211_RRF_NO_IBSS)
++      NL80211_RRF_NO_IR)
+ /* 5G chan 100 - chan 165*/
+ #define RTL819x_5GHZ_5470_5850        \
+       REG_RULE(5470-10, 5850+10, 40, 0, 30, \
+-      NL80211_RRF_PASSIVE_SCAN | \
+-      NL80211_RRF_NO_IBSS)
++      NL80211_RRF_NO_IR)
+ /* 5G chan 149 - chan 165*/
+ #define RTL819x_5GHZ_5725_5850        \
+       REG_RULE(5725-10, 5850+10, 40, 0, 30, \
+-      NL80211_RRF_PASSIVE_SCAN | \
+-      NL80211_RRF_NO_IBSS)
++      NL80211_RRF_NO_IR)
+ #define RTL819x_5GHZ_ALL      \
+       (RTL819x_5GHZ_5150_5350, RTL819x_5GHZ_5470_5850)
+@@ -185,16 +182,15 @@ static void _rtl_reg_apply_beaconing_fla
+                                *regulatory_hint().
+                                */
+-                              if (!(reg_rule->flags & NL80211_RRF_NO_IBSS))
+-                                      ch->flags &= ~IEEE80211_CHAN_NO_IBSS;
++                              if (!(reg_rule->flags & NL80211_RRF_NO_IR))
++                                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+                               if (!(reg_rule->
+-                                   flags & NL80211_RRF_PASSIVE_SCAN))
++                                   flags & NL80211_RRF_NO_IR))
+                                       ch->flags &=
+-                                          ~IEEE80211_CHAN_PASSIVE_SCAN;
++                                          ~IEEE80211_CHAN_NO_IR;
+                       } else {
+                               if (ch->beacon_found)
+-                                      ch->flags &= ~(IEEE80211_CHAN_NO_IBSS |
+-                                                IEEE80211_CHAN_PASSIVE_SCAN);
++                                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+                       }
+               }
+       }
+@@ -219,11 +215,11 @@ static void _rtl_reg_apply_active_scan_f
+        */
+       if (initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) {
+               ch = &sband->channels[11];      /* CH 12 */
+-              if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                      ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (ch->flags & IEEE80211_CHAN_NO_IR)
++                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+               ch = &sband->channels[12];      /* CH 13 */
+-              if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                      ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (ch->flags & IEEE80211_CHAN_NO_IR)
++                      ch->flags &= ~IEEE80211_CHAN_NO_IR;
+               return;
+       }
+@@ -237,17 +233,17 @@ static void _rtl_reg_apply_active_scan_f
+       ch = &sband->channels[11];      /* CH 12 */
+       reg_rule = freq_reg_info(wiphy, ch->center_freq);
+       if (!IS_ERR(reg_rule)) {
+-              if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
+-                      if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                              ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (!(reg_rule->flags & NL80211_RRF_NO_IR))
++                      if (ch->flags & IEEE80211_CHAN_NO_IR)
++                              ch->flags &= ~IEEE80211_CHAN_NO_IR;
+       }
+       ch = &sband->channels[12];      /* CH 13 */
+       reg_rule = freq_reg_info(wiphy, ch->center_freq);
+       if (!IS_ERR(reg_rule)) {
+-              if (!(reg_rule->flags & NL80211_RRF_PASSIVE_SCAN))
+-                      if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
+-                              ch->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
++              if (!(reg_rule->flags & NL80211_RRF_NO_IR))
++                      if (ch->flags & IEEE80211_CHAN_NO_IR)
++                              ch->flags &= ~IEEE80211_CHAN_NO_IR;
+       }
+ }
+@@ -284,8 +280,8 @@ static void _rtl_reg_apply_radar_flags(s
+                */
+               if (!(ch->flags & IEEE80211_CHAN_DISABLED))
+                       ch->flags |= IEEE80211_CHAN_RADAR |
+-                          IEEE80211_CHAN_NO_IBSS |
+-                          IEEE80211_CHAN_PASSIVE_SCAN;
++                          IEEE80211_CHAN_NO_IR |
++                          IEEE80211_CHAN_NO_IR;
+       }
+ }
+--- a/drivers/net/wireless/ti/wl12xx/scan.c
++++ b/drivers/net/wireless/ti/wl12xx/scan.c
+@@ -47,7 +47,7 @@ static int wl1271_get_scan_channels(stru
+                    * In active scans, we only scan channels not
+                    * marked as passive.
+                    */
+-                  (passive || !(flags & IEEE80211_CHAN_PASSIVE_SCAN))) {
++                  (passive || !(flags & IEEE80211_CHAN_NO_IR))) {
+                       wl1271_debug(DEBUG_SCAN, "band %d, center_freq %d ",
+                                    req->channels[i]->band,
+                                    req->channels[i]->center_freq);
+--- a/drivers/net/wireless/ti/wlcore/cmd.c
++++ b/drivers/net/wireless/ti/wlcore/cmd.c
+@@ -1688,7 +1688,7 @@ int wlcore_cmd_regdomain_config_locked(s
+                       if (channel->flags & (IEEE80211_CHAN_DISABLED |
+                                             IEEE80211_CHAN_RADAR |
+-                                            IEEE80211_CHAN_PASSIVE_SCAN))
++                                            IEEE80211_CHAN_NO_IR))
+                               continue;
+                       ch_bit_idx = wlcore_get_reg_conf_ch_idx(b, ch);
+--- a/drivers/net/wireless/ti/wlcore/main.c
++++ b/drivers/net/wireless/ti/wlcore/main.c
+@@ -91,8 +91,7 @@ static void wl1271_reg_notify(struct wip
+                       continue;
+               if (ch->flags & IEEE80211_CHAN_RADAR)
+-                      ch->flags |= IEEE80211_CHAN_NO_IBSS |
+-                                   IEEE80211_CHAN_PASSIVE_SCAN;
++                      ch->flags |= IEEE80211_CHAN_NO_IR;
+       }
+--- a/drivers/net/wireless/ti/wlcore/scan.c
++++ b/drivers/net/wireless/ti/wlcore/scan.c
+@@ -189,14 +189,14 @@ wlcore_scan_get_channels(struct wl1271 *
+               flags = req_channels[i]->flags;
+               if (force_passive)
+-                      flags |= IEEE80211_CHAN_PASSIVE_SCAN;
++                      flags |= IEEE80211_CHAN_NO_IR;
+               if ((req_channels[i]->band == band) &&
+                   !(flags & IEEE80211_CHAN_DISABLED) &&
+                   (!!(flags & IEEE80211_CHAN_RADAR) == radar) &&
+                   /* if radar is set, we ignore the passive flag */
+                   (radar ||
+-                   !!(flags & IEEE80211_CHAN_PASSIVE_SCAN) == passive)) {
++                   !!(flags & IEEE80211_CHAN_NO_IR) == passive)) {
+                       if (flags & IEEE80211_CHAN_RADAR) {
+@@ -221,7 +221,7 @@ wlcore_scan_get_channels(struct wl1271 *
+                           (band == IEEE80211_BAND_2GHZ) &&
+                           (channels[j].channel >= 12) &&
+                           (channels[j].channel <= 14) &&
+-                          (flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
++                          (flags & IEEE80211_CHAN_NO_IR) &&
+                           !force_passive) {
+                               /* pactive channels treated as DFS */
+                               channels[j].flags = SCAN_CHANNEL_FLAGS_DFS;
+@@ -244,7 +244,7 @@ wlcore_scan_get_channels(struct wl1271 *
+                                    max_dwell_time_active,
+                                    flags & IEEE80211_CHAN_RADAR ?
+                                       ", DFS" : "",
+-                                   flags & IEEE80211_CHAN_PASSIVE_SCAN ?
++                                   flags & IEEE80211_CHAN_NO_IR ?
+                                       ", PASSIVE" : "");
+                       j++;
+               }
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -91,9 +91,8 @@ enum ieee80211_band {
+  * Channel flags set by the regulatory control code.
+  *
+  * @IEEE80211_CHAN_DISABLED: This channel is disabled.
+- * @IEEE80211_CHAN_PASSIVE_SCAN: Only passive scanning is permitted
+- *    on this channel.
+- * @IEEE80211_CHAN_NO_IBSS: IBSS is not allowed on this channel.
++ * @IEEE80211_CHAN_NO_IR: do not initiate radiation, this includes
++ *    sending probe requests or beaconing.
+  * @IEEE80211_CHAN_RADAR: Radar detection is required on this channel.
+  * @IEEE80211_CHAN_NO_HT40PLUS: extension channel above this channel
+  *    is not permitted.
+@@ -113,8 +112,8 @@ enum ieee80211_band {
+  */
+ enum ieee80211_channel_flags {
+       IEEE80211_CHAN_DISABLED         = 1<<0,
+-      IEEE80211_CHAN_PASSIVE_SCAN     = 1<<1,
+-      IEEE80211_CHAN_NO_IBSS          = 1<<2,
++      IEEE80211_CHAN_NO_IR            = 1<<1,
++      /* hole at 1<<2 */
+       IEEE80211_CHAN_RADAR            = 1<<3,
+       IEEE80211_CHAN_NO_HT40PLUS      = 1<<4,
+       IEEE80211_CHAN_NO_HT40MINUS     = 1<<5,
+@@ -4149,6 +4148,7 @@ void cfg80211_radar_event(struct wiphy *
+ /**
+  * cfg80211_cac_event - Channel availability check (CAC) event
+  * @netdev: network device
++ * @chandef: chandef for the current channel
+  * @event: type of event
+  * @gfp: context flags
+  *
+@@ -4157,6 +4157,7 @@ void cfg80211_radar_event(struct wiphy *
+  * also by full-MAC drivers.
+  */
+ void cfg80211_cac_event(struct net_device *netdev,
++                      const struct cfg80211_chan_def *chandef,
+                       enum nl80211_radar_event event, gfp_t gfp);
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -1508,6 +1508,9 @@ enum nl80211_commands {
+  *    to react to radar events, e.g. initiate a channel switch or leave the
+  *    IBSS network.
+  *
++ * @NL80211_ATTR_SUPPORT_5_10_MHZ: A flag indicating that the device supports
++ *    5 MHz and 10 MHz channel bandwidth.
++ *
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+  */
+@@ -1824,6 +1827,8 @@ enum nl80211_attrs {
+       NL80211_ATTR_HANDLE_DFS,
++      NL80211_ATTR_SUPPORT_5_10_MHZ,
++
+       /* add attributes here, update the policy in nl80211.c */
+       __NL80211_ATTR_AFTER_LAST,
+@@ -2224,10 +2229,9 @@ enum nl80211_band_attr {
+  * @NL80211_FREQUENCY_ATTR_FREQ: Frequency in MHz
+  * @NL80211_FREQUENCY_ATTR_DISABLED: Channel is disabled in current
+  *    regulatory domain.
+- * @NL80211_FREQUENCY_ATTR_PASSIVE_SCAN: Only passive scanning is
+- *    permitted on this channel in current regulatory domain.
+- * @NL80211_FREQUENCY_ATTR_NO_IBSS: IBSS networks are not permitted
+- *    on this channel in current regulatory domain.
++ * @NL80211_FREQUENCY_ATTR_NO_IR: no mechanisms that initiate radiation
++ *    are permitted on this channel, this includes sending probe
++ *    requests, or modes of operation that require beaconing.
+  * @NL80211_FREQUENCY_ATTR_RADAR: Radar detection is mandatory
+  *    on this channel in current regulatory domain.
+  * @NL80211_FREQUENCY_ATTR_MAX_TX_POWER: Maximum transmission power in mBm
+@@ -2254,8 +2258,8 @@ enum nl80211_frequency_attr {
+       __NL80211_FREQUENCY_ATTR_INVALID,
+       NL80211_FREQUENCY_ATTR_FREQ,
+       NL80211_FREQUENCY_ATTR_DISABLED,
+-      NL80211_FREQUENCY_ATTR_PASSIVE_SCAN,
+-      NL80211_FREQUENCY_ATTR_NO_IBSS,
++      NL80211_FREQUENCY_ATTR_NO_IR,
++      __NL80211_FREQUENCY_ATTR_NO_IBSS,
+       NL80211_FREQUENCY_ATTR_RADAR,
+       NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
+       NL80211_FREQUENCY_ATTR_DFS_STATE,
+@@ -2271,6 +2275,9 @@ enum nl80211_frequency_attr {
+ };
+ #define NL80211_FREQUENCY_ATTR_MAX_TX_POWER NL80211_FREQUENCY_ATTR_MAX_TX_POWER
++#define NL80211_FREQUENCY_ATTR_PASSIVE_SCAN   NL80211_FREQUENCY_ATTR_NO_IR
++#define NL80211_FREQUENCY_ATTR_NO_IBSS                NL80211_FREQUENCY_ATTR_NO_IR
++#define NL80211_FREQUENCY_ATTR_NO_IR          NL80211_FREQUENCY_ATTR_NO_IR
+ /**
+  * enum nl80211_bitrate_attr - bitrate attributes
+@@ -2413,8 +2420,9 @@ enum nl80211_sched_scan_match_attr {
+  * @NL80211_RRF_DFS: DFS support is required to be used
+  * @NL80211_RRF_PTP_ONLY: this is only for Point To Point links
+  * @NL80211_RRF_PTMP_ONLY: this is only for Point To Multi Point links
+- * @NL80211_RRF_PASSIVE_SCAN: passive scan is required
+- * @NL80211_RRF_NO_IBSS: no IBSS is allowed
++ * @NL80211_RRF_NO_IR: no mechanisms that initiate radiation are allowed,
++ *    this includes probe requests or modes of operation that require
++ *    beaconing.
+  */
+ enum nl80211_reg_rule_flags {
+       NL80211_RRF_NO_OFDM             = 1<<0,
+@@ -2424,10 +2432,17 @@ enum nl80211_reg_rule_flags {
+       NL80211_RRF_DFS                 = 1<<4,
+       NL80211_RRF_PTP_ONLY            = 1<<5,
+       NL80211_RRF_PTMP_ONLY           = 1<<6,
+-      NL80211_RRF_PASSIVE_SCAN        = 1<<7,
+-      NL80211_RRF_NO_IBSS             = 1<<8,
++      NL80211_RRF_NO_IR               = 1<<7,
++      __NL80211_RRF_NO_IBSS           = 1<<8,
  };
  
--static ssize_t read_file_ant_diversity(struct file *file, char __user *user_buf,
--                                     size_t count, loff_t *ppos)
-+#ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
++#define NL80211_RRF_PASSIVE_SCAN      NL80211_RRF_NO_IR
++#define NL80211_RRF_NO_IBSS           NL80211_RRF_NO_IR
++#define NL80211_RRF_NO_IR             NL80211_RRF_NO_IR
 +
-+static ssize_t read_file_bt_ant_diversity(struct file *file,
-+                                        char __user *user_buf,
-+                                        size_t count, loff_t *ppos)
- {
-       struct ath_softc *sc = file->private_data;
-       struct ath_common *common = ath9k_hw_common(sc->sc_ah);
-       char buf[32];
-       unsigned int len;
++/* For backport compatibility with older userspace */
++#define NL80211_RRF_NO_IR_ALL         (NL80211_RRF_NO_IR | __NL80211_RRF_NO_IBSS)
++
+ /**
+  * enum nl80211_dfs_regions - regulatory DFS regions
+  *
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -1050,6 +1050,7 @@ static int ieee80211_stop_ap(struct wiph
+       struct ieee80211_local *local = sdata->local;
+       struct beacon_data *old_beacon;
+       struct probe_resp *old_probe_resp;
++      struct cfg80211_chan_def chandef;
+       old_beacon = rtnl_dereference(sdata->u.ap.beacon);
+       if (!old_beacon)
+@@ -1091,8 +1092,10 @@ static int ieee80211_stop_ap(struct wiph
+       ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
+       if (sdata->wdev.cac_started) {
++              chandef = sdata->vif.bss_conf.chandef;
+               cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+-              cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED,
++              cfg80211_cac_event(sdata->dev, &chandef,
++                                 NL80211_RADAR_CAC_ABORTED,
+                                  GFP_KERNEL);
+       }
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -749,6 +749,7 @@ static void ieee80211_do_stop(struct iee
+       u32 hw_reconf_flags = 0;
+       int i, flushed;
+       struct ps_data *ps;
++      struct cfg80211_chan_def chandef;
+       clear_bit(SDATA_STATE_RUNNING, &sdata->state);
+@@ -828,11 +829,13 @@ static void ieee80211_do_stop(struct iee
+       cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+       if (sdata->wdev.cac_started) {
++              chandef = sdata->vif.bss_conf.chandef;
+               WARN_ON(local->suspended);
+               mutex_lock(&local->iflist_mtx);
+               ieee80211_vif_release_channel(sdata);
+               mutex_unlock(&local->iflist_mtx);
+-              cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED,
++              cfg80211_cac_event(sdata->dev, &chandef,
++                                 NL80211_RADAR_CAC_ABORTED,
+                                  GFP_KERNEL);
+       }
+@@ -1340,7 +1343,6 @@ static void ieee80211_setup_sdata(struct
+               sdata->vif.bss_conf.bssid = NULL;
+               break;
+       case NL80211_IFTYPE_AP_VLAN:
+-              break;
+       case NL80211_IFTYPE_P2P_DEVICE:
+               sdata->vif.bss_conf.bssid = sdata->vif.addr;
+               break;
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -1398,10 +1398,12 @@ void ieee80211_dfs_cac_timer_work(struct
+       struct ieee80211_sub_if_data *sdata =
+               container_of(delayed_work, struct ieee80211_sub_if_data,
+                            dfs_cac_timer_work);
++      struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
+       ieee80211_vif_release_channel(sdata);
+-
+-      cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
++      cfg80211_cac_event(sdata->dev, &chandef,
++                         NL80211_RADAR_CAC_FINISHED,
++                         GFP_KERNEL);
+ }
+ /* MLME */
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -729,9 +729,7 @@ static void ieee80211_release_reorder_fr
+       lockdep_assert_held(&tid_agg_rx->reorder_lock);
+       while (ieee80211_sn_less(tid_agg_rx->head_seq_num, head_seq_num)) {
+-              index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
+-                                       tid_agg_rx->ssn) %
+-                                                      tid_agg_rx->buf_size;
++              index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
+               ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
+                                               frames);
+       }
+@@ -757,8 +755,7 @@ static void ieee80211_sta_reorder_releas
+       lockdep_assert_held(&tid_agg_rx->reorder_lock);
+       /* release the buffer until next missing frame */
+-      index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
+-                               tid_agg_rx->ssn) % tid_agg_rx->buf_size;
++      index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
+       if (!tid_agg_rx->reorder_buf[index] &&
+           tid_agg_rx->stored_mpdu_num) {
+               /*
+@@ -793,15 +790,11 @@ static void ieee80211_sta_reorder_releas
+       } else while (tid_agg_rx->reorder_buf[index]) {
+               ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
+                                               frames);
+-              index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
+-                                       tid_agg_rx->ssn) %
+-                                                      tid_agg_rx->buf_size;
++              index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
+       }
  
--      len = sprintf(buf, "%d\n", common->antenna_diversity);
-+      len = sprintf(buf, "%d\n", common->bt_ant_diversity);
-       return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+       if (tid_agg_rx->stored_mpdu_num) {
+-              j = index = ieee80211_sn_sub(tid_agg_rx->head_seq_num,
+-                                           tid_agg_rx->ssn) %
+-                                                      tid_agg_rx->buf_size;
++              j = index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
+               for (; j != (index - 1) % tid_agg_rx->buf_size;
+                    j = (j + 1) % tid_agg_rx->buf_size) {
+@@ -861,8 +854,7 @@ static bool ieee80211_sta_manage_reorder
+       /* Now the new frame is always in the range of the reordering buffer */
+-      index = ieee80211_sn_sub(mpdu_seq_num,
+-                               tid_agg_rx->ssn) % tid_agg_rx->buf_size;
++      index = mpdu_seq_num % tid_agg_rx->buf_size;
+       /* check if we already stored this frame */
+       if (tid_agg_rx->reorder_buf[index]) {
+--- a/net/mac80211/scan.c
++++ b/net/mac80211/scan.c
+@@ -526,7 +526,7 @@ static int __ieee80211_start_scan(struct
+               ieee80211_hw_config(local, 0);
+               if ((req->channels[0]->flags &
+-                   IEEE80211_CHAN_PASSIVE_SCAN) ||
++                   IEEE80211_CHAN_NO_IR) ||
+                   !local->scan_req->n_ssids) {
+                       next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+               } else {
+@@ -572,7 +572,7 @@ ieee80211_scan_get_channel_time(struct i
+        * TODO: channel switching also consumes quite some time,
+        * add that delay as well to get a better estimation
+        */
+-      if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
++      if (chan->flags & IEEE80211_CHAN_NO_IR)
+               return IEEE80211_PASSIVE_CHANNEL_TIME;
+       return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
  }
+@@ -696,7 +696,7 @@ static void ieee80211_scan_state_set_cha
+        *
+        * In any case, it is not necessary for a passive scan.
+        */
+-      if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
++      if (chan->flags & IEEE80211_CHAN_NO_IR ||
+           !local->scan_req->n_ssids) {
+               *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+               local->next_scan_state = SCAN_DECISION;
+@@ -881,7 +881,7 @@ int ieee80211_request_ibss_scan(struct i
+                               struct ieee80211_channel *tmp_ch =
+                                   &local->hw.wiphy->bands[band]->channels[i];
+-                              if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS |
++                              if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR |
+                                                    IEEE80211_CHAN_DISABLED))
+                                       continue;
+@@ -895,7 +895,7 @@ int ieee80211_request_ibss_scan(struct i
+               local->int_scan_req->n_channels = n_ch;
+       } else {
+-              if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS |
++              if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IR |
+                                               IEEE80211_CHAN_DISABLED)))
+                       goto unlock;
  
--static ssize_t write_file_ant_diversity(struct file *file,
--                                      const char __user *user_buf,
--                                      size_t count, loff_t *ppos)
-+static ssize_t write_file_bt_ant_diversity(struct file *file,
-+                                         const char __user *user_buf,
-+                                         size_t count, loff_t *ppos)
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1728,8 +1728,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
+        * radar detection by itself. We can do that later by adding a
+        * monitor flag interfaces used for AP support.
+        */
+-      if ((chan->flags & (IEEE80211_CHAN_NO_IBSS | IEEE80211_CHAN_RADAR |
+-                          IEEE80211_CHAN_PASSIVE_SCAN)))
++      if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)))
+               goto fail_rcu;
+       ieee80211_xmit(sdata, skb, chan->band);
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -2259,14 +2259,17 @@ u64 ieee80211_calculate_rx_timestamp(str
+ void ieee80211_dfs_cac_cancel(struct ieee80211_local *local)
  {
-       struct ath_softc *sc = file->private_data;
-       struct ath_common *common = ath9k_hw_common(sc->sc_ah);
--      unsigned long antenna_diversity;
-+      struct ath9k_hw_capabilities *pCap = &sc->sc_ah->caps;
-+      unsigned long bt_ant_diversity;
-       char buf[32];
-       ssize_t len;
-@@ -296,26 +300,147 @@ static ssize_t write_file_ant_diversity(
-       if (copy_from_user(buf, user_buf, len))
-               return -EFAULT;
--      if (!AR_SREV_9565(sc->sc_ah))
-+      if (!(pCap->hw_caps & ATH9K_HW_CAP_BT_ANT_DIV))
-               goto exit;
-       buf[len] = '\0';
--      if (strict_strtoul(buf, 0, &antenna_diversity))
-+      if (kstrtoul(buf, 0, &bt_ant_diversity))
-               return -EINVAL;
+       struct ieee80211_sub_if_data *sdata;
++      struct cfg80211_chan_def chandef;
  
--      common->antenna_diversity = !!antenna_diversity;
-+      common->bt_ant_diversity = !!bt_ant_diversity;
-       ath9k_ps_wakeup(sc);
--      ath_ant_comb_update(sc);
--      ath_dbg(common, CONFIG, "Antenna diversity: %d\n",
--              common->antenna_diversity);
-+      ath9k_hw_set_bt_ant_diversity(sc->sc_ah, common->bt_ant_diversity);
-+      ath_dbg(common, CONFIG, "Enable WLAN/BT RX Antenna diversity: %d\n",
-+              common->bt_ant_diversity);
-       ath9k_ps_restore(sc);
- exit:
-       return count;
+       mutex_lock(&local->iflist_mtx);
+       list_for_each_entry(sdata, &local->interfaces, list) {
+               cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+               if (sdata->wdev.cac_started) {
++                      chandef = sdata->vif.bss_conf.chandef;
+                       ieee80211_vif_release_channel(sdata);
+                       cfg80211_cac_event(sdata->dev,
++                                         &chandef,
+                                          NL80211_RADAR_CAC_ABORTED,
+                                          GFP_KERNEL);
+               }
+--- a/net/wireless/chan.c
++++ b/net/wireless/chan.c
+@@ -277,6 +277,32 @@ void cfg80211_set_dfs_state(struct wiphy
+                                    width, dfs_state);
  }
  
--static const struct file_operations fops_ant_diversity = {
--      .read = read_file_ant_diversity,
--      .write = write_file_ant_diversity,
-+static const struct file_operations fops_bt_ant_diversity = {
-+      .read = read_file_bt_ant_diversity,
-+      .write = write_file_bt_ant_diversity,
-+      .open = simple_open,
-+      .owner = THIS_MODULE,
-+      .llseek = default_llseek,
-+};
-+
-+#endif
-+
-+void ath9k_debug_stat_ant(struct ath_softc *sc,
-+                        struct ath_hw_antcomb_conf *div_ant_conf,
-+                        int main_rssi_avg, int alt_rssi_avg)
++static u32 cfg80211_get_start_freq(u32 center_freq,
++                                 u32 bandwidth)
 +{
-+      struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN];
-+      struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT];
++      u32 start_freq;
 +
-+      as_main->lna_attempt_cnt[div_ant_conf->main_lna_conf]++;
-+      as_alt->lna_attempt_cnt[div_ant_conf->alt_lna_conf]++;
++      if (bandwidth <= 20)
++              start_freq = center_freq;
++      else
++              start_freq = center_freq - bandwidth/2 + 10;
 +
-+      as_main->rssi_avg = main_rssi_avg;
-+      as_alt->rssi_avg = alt_rssi_avg;
++      return start_freq;
 +}
 +
-+static ssize_t read_file_antenna_diversity(struct file *file,
-+                                         char __user *user_buf,
-+                                         size_t count, loff_t *ppos)
++static u32 cfg80211_get_end_freq(u32 center_freq,
++                               u32 bandwidth)
 +{
-+      struct ath_softc *sc = file->private_data;
-+      struct ath_hw *ah = sc->sc_ah;
-+      struct ath9k_hw_capabilities *pCap = &ah->caps;
-+      struct ath_antenna_stats *as_main = &sc->debug.stats.ant_stats[ANT_MAIN];
-+      struct ath_antenna_stats *as_alt = &sc->debug.stats.ant_stats[ANT_ALT];
-+      struct ath_hw_antcomb_conf div_ant_conf;
-+      unsigned int len = 0, size = 1024;
-+      ssize_t retval = 0;
-+      char *buf;
-+      char *lna_conf_str[4] = {"LNA1_MINUS_LNA2",
-+                               "LNA2",
-+                               "LNA1",
-+                               "LNA1_PLUS_LNA2"};
-+
-+      buf = kzalloc(size, GFP_KERNEL);
-+      if (buf == NULL)
-+              return -ENOMEM;
-+
-+      if (!(pCap->hw_caps & ATH9K_HW_CAP_ANT_DIV_COMB)) {
-+              len += snprintf(buf + len, size - len, "%s\n",
-+                              "Antenna Diversity Combining is disabled");
-+              goto exit;
-+      }
++      u32 end_freq;
 +
-+      ath9k_ps_wakeup(sc);
-+      ath9k_hw_antdiv_comb_conf_get(ah, &div_ant_conf);
-+      len += snprintf(buf + len, size - len, "Current MAIN config : %s\n",
-+                      lna_conf_str[div_ant_conf.main_lna_conf]);
-+      len += snprintf(buf + len, size - len, "Current ALT config  : %s\n",
-+                      lna_conf_str[div_ant_conf.alt_lna_conf]);
-+      len += snprintf(buf + len, size - len, "Average MAIN RSSI   : %d\n",
-+                      as_main->rssi_avg);
-+      len += snprintf(buf + len, size - len, "Average ALT RSSI    : %d\n\n",
-+                      as_alt->rssi_avg);
-+      ath9k_ps_restore(sc);
++      if (bandwidth <= 20)
++              end_freq = center_freq;
++      else
++              end_freq = center_freq + bandwidth/2 - 10;
 +
-+      len += snprintf(buf + len, size - len, "Packet Receive Cnt:\n");
-+      len += snprintf(buf + len, size - len, "-------------------\n");
-+
-+      len += snprintf(buf + len, size - len, "%30s%15s\n",
-+                      "MAIN", "ALT");
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "TOTAL COUNT",
-+                      as_main->recv_cnt,
-+                      as_alt->recv_cnt);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1",
-+                      as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1],
-+                      as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA2",
-+                      as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2],
-+                      as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA2]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1 + LNA2",
-+                      as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2],
-+                      as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1 - LNA2",
-+                      as_main->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2],
-+                      as_alt->lna_recv_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]);
-+
-+      len += snprintf(buf + len, size - len, "\nLNA Config Attempts:\n");
-+      len += snprintf(buf + len, size - len, "--------------------\n");
-+
-+      len += snprintf(buf + len, size - len, "%30s%15s\n",
-+                      "MAIN", "ALT");
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1",
-+                      as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1],
-+                      as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA2",
-+                      as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2],
-+                      as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA2]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1 + LNA2",
-+                      as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2],
-+                      as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2]);
-+      len += snprintf(buf + len, size - len, "%-14s:%15d%15d\n",
-+                      "LNA1 - LNA2",
-+                      as_main->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2],
-+                      as_alt->lna_attempt_cnt[ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2]);
-+
-+exit:
-+      if (len > size)
-+              len = size;
-+
-+      retval = simple_read_from_buffer(user_buf, count, ppos, buf, len);
-+      kfree(buf);
-+
-+      return retval;
++      return end_freq;
 +}
 +
-+static const struct file_operations fops_antenna_diversity = {
-+      .read = read_file_antenna_diversity,
-       .open = simple_open,
-       .owner = THIS_MODULE,
-       .llseek = default_llseek,
-@@ -607,6 +732,28 @@ static ssize_t read_file_xmit(struct fil
-       return retval;
+ static int cfg80211_get_chans_dfs_required(struct wiphy *wiphy,
+                                           u32 center_freq,
+                                           u32 bandwidth)
+@@ -284,13 +310,8 @@ static int cfg80211_get_chans_dfs_requir
+       struct ieee80211_channel *c;
+       u32 freq, start_freq, end_freq;
+-      if (bandwidth <= 20) {
+-              start_freq = center_freq;
+-              end_freq = center_freq;
+-      } else {
+-              start_freq = center_freq - bandwidth/2 + 10;
+-              end_freq = center_freq + bandwidth/2 - 10;
+-      }
++      start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
++      end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
+       for (freq = start_freq; freq <= end_freq; freq += 20) {
+               c = ieee80211_get_channel(wiphy, freq);
+@@ -330,33 +351,159 @@ int cfg80211_chandef_dfs_required(struct
  }
+ EXPORT_SYMBOL(cfg80211_chandef_dfs_required);
+-static bool cfg80211_secondary_chans_ok(struct wiphy *wiphy,
+-                                      u32 center_freq, u32 bandwidth,
+-                                      u32 prohibited_flags)
++static int cfg80211_get_chans_dfs_usable(struct wiphy *wiphy,
++                                       u32 center_freq,
++                                       u32 bandwidth)
+ {
+       struct ieee80211_channel *c;
+       u32 freq, start_freq, end_freq;
++      int count = 0;
  
-+static ssize_t print_queue(struct ath_softc *sc, struct ath_txq *txq,
-+                         char *buf, ssize_t size)
-+{
-+      ssize_t len = 0;
-+
-+      ath_txq_lock(sc, txq);
-+
-+      len += snprintf(buf + len, size - len, "%s: %d ",
-+                      "qnum", txq->axq_qnum);
-+      len += snprintf(buf + len, size - len, "%s: %2d ",
-+                      "qdepth", txq->axq_depth);
-+      len += snprintf(buf + len, size - len, "%s: %2d ",
-+                      "ampdu-depth", txq->axq_ampdu_depth);
-+      len += snprintf(buf + len, size - len, "%s: %3d ",
-+                      "pending", txq->pending_frames);
-+      len += snprintf(buf + len, size - len, "%s: %d\n",
-+                      "stopped", txq->stopped);
-+
-+      ath_txq_unlock(sc, txq);
-+      return len;
+-      if (bandwidth <= 20) {
+-              start_freq = center_freq;
+-              end_freq = center_freq;
+-      } else {
+-              start_freq = center_freq - bandwidth/2 + 10;
+-              end_freq = center_freq + bandwidth/2 - 10;
++      start_freq = cfg80211_get_start_freq(center_freq, bandwidth);
++      end_freq = cfg80211_get_end_freq(center_freq, bandwidth);
++
++      /*
++       * Check entire range of channels for the bandwidth.
++       * Check all channels are DFS channels (DFS_USABLE or
++       * DFS_AVAILABLE). Return number of usable channels
++       * (require CAC). Allow DFS and non-DFS channel mix.
++       */
++      for (freq = start_freq; freq <= end_freq; freq += 20) {
++              c = ieee80211_get_channel(wiphy, freq);
++              if (!c)
++                      return -EINVAL;
++
++              if (c->flags & IEEE80211_CHAN_DISABLED)
++                      return -EINVAL;
++
++              if (c->flags & IEEE80211_CHAN_RADAR) {
++                      if (c->dfs_state == NL80211_DFS_UNAVAILABLE)
++                              return -EINVAL;
++
++                      if (c->dfs_state == NL80211_DFS_USABLE)
++                              count++;
++              }
++      }
++
++      return count;
 +}
 +
- static ssize_t read_file_queues(struct file *file, char __user *user_buf,
-                               size_t count, loff_t *ppos)
- {
-@@ -624,24 +771,13 @@ static ssize_t read_file_queues(struct f
-       for (i = 0; i < IEEE80211_NUM_ACS; i++) {
-               txq = sc->tx.txq_map[i];
--              len += snprintf(buf + len, size - len, "(%s): ", qname[i]);
--
--              ath_txq_lock(sc, txq);
--
--              len += snprintf(buf + len, size - len, "%s: %d ",
--                              "qnum", txq->axq_qnum);
--              len += snprintf(buf + len, size - len, "%s: %2d ",
--                              "qdepth", txq->axq_depth);
--              len += snprintf(buf + len, size - len, "%s: %2d ",
--                              "ampdu-depth", txq->axq_ampdu_depth);
--              len += snprintf(buf + len, size - len, "%s: %3d ",
--                              "pending", txq->pending_frames);
--              len += snprintf(buf + len, size - len, "%s: %d\n",
--                              "stopped", txq->stopped);
--
--              ath_txq_unlock(sc, txq);
-+              len += snprintf(buf + len, size - len, "(%s):  ", qname[i]);
-+              len += print_queue(sc, txq, buf + len, size - len);
-       }
-+      len += snprintf(buf + len, size - len, "(CAB): ");
-+      len += print_queue(sc, sc->beacon.cabq, buf + len, size - len);
++bool cfg80211_chandef_dfs_usable(struct wiphy *wiphy,
++                               const struct cfg80211_chan_def *chandef)
++{
++      int width;
++      int r1, r2 = 0;
 +
-       if (len > size)
-               len = size;
-@@ -1818,9 +1954,11 @@ int ath9k_init_debug(struct ath_hw *ah)
-                          sc->debug.debugfs_phy, &sc->sc_ah->gpio_mask);
-       debugfs_create_u32("gpio_val", S_IRUSR | S_IWUSR,
-                          sc->debug.debugfs_phy, &sc->sc_ah->gpio_val);
--      debugfs_create_file("diversity", S_IRUSR | S_IWUSR,
--                          sc->debug.debugfs_phy, sc, &fops_ant_diversity);
-+      debugfs_create_file("antenna_diversity", S_IRUSR,
-+                          sc->debug.debugfs_phy, sc, &fops_antenna_diversity);
- #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
-+      debugfs_create_file("bt_ant_diversity", S_IRUSR | S_IWUSR,
-+                          sc->debug.debugfs_phy, sc, &fops_bt_ant_diversity);
-       debugfs_create_file("btcoex", S_IRUSR, sc->debug.debugfs_phy, sc,
-                           &fops_btcoex);
- #endif
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -30,13 +30,14 @@
- #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
- #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
-+#define IEEE80211_IBSS_RSN_INACTIVITY_LIMIT (10 * HZ)
- #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
- static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
-                                     const u8 *bssid, const int beacon_int,
--                                    struct ieee80211_channel *chan,
-+                                    struct cfg80211_chan_def *req_chandef,
-                                     const u32 basic_rates,
-                                     const u16 capability, u64 tsf,
-                                     bool creator)
-@@ -51,6 +52,7 @@ static void __ieee80211_sta_join_ibss(st
-       u32 bss_change;
-       u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
-       struct cfg80211_chan_def chandef;
-+      struct ieee80211_channel *chan;
-       struct beacon_data *presp;
-       int frame_len;
-@@ -81,7 +83,9 @@ static void __ieee80211_sta_join_ibss(st
-       sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0;
--      chandef = ifibss->chandef;
-+      /* make a copy of the chandef, it could be modified below. */
-+      chandef = *req_chandef;
-+      chan = chandef.chan;
-       if (!cfg80211_reg_can_beacon(local->hw.wiphy, &chandef)) {
-               chandef.width = NL80211_CHAN_WIDTH_20;
-               chandef.center_freq1 = chan->center_freq;
-@@ -259,10 +263,12 @@ static void ieee80211_sta_join_ibss(stru
-       struct cfg80211_bss *cbss =
-               container_of((void *)bss, struct cfg80211_bss, priv);
-       struct ieee80211_supported_band *sband;
-+      struct cfg80211_chan_def chandef;
-       u32 basic_rates;
-       int i, j;
-       u16 beacon_int = cbss->beacon_interval;
-       const struct cfg80211_bss_ies *ies;
-+      enum nl80211_channel_type chan_type;
-       u64 tsf;
-       sdata_assert_lock(sdata);
-@@ -270,6 +276,26 @@ static void ieee80211_sta_join_ibss(stru
-       if (beacon_int < 10)
-               beacon_int = 10;
-+      switch (sdata->u.ibss.chandef.width) {
-+      case NL80211_CHAN_WIDTH_20_NOHT:
-+      case NL80211_CHAN_WIDTH_20:
-+      case NL80211_CHAN_WIDTH_40:
-+              chan_type = cfg80211_get_chandef_type(&sdata->u.ibss.chandef);
-+              cfg80211_chandef_create(&chandef, cbss->channel, chan_type);
-+              break;
-+      case NL80211_CHAN_WIDTH_5:
-+      case NL80211_CHAN_WIDTH_10:
-+              cfg80211_chandef_create(&chandef, cbss->channel,
-+                                      NL80211_CHAN_WIDTH_20_NOHT);
-+              chandef.width = sdata->u.ibss.chandef.width;
++      if (WARN_ON(!cfg80211_chandef_valid(chandef)))
++              return false;
++
++      width = cfg80211_chandef_get_width(chandef);
++      if (width < 0)
++              return false;
++
++      r1 = cfg80211_get_chans_dfs_usable(wiphy, chandef->center_freq1,
++                                       &