Merge branch 'master' of ssh://infradead/~/public_git/wireless-next into for-davem

author: John W. Linville <linville@tuxdriver.com> 2011-09-19 15:00:16 -0400
committer: John W. Linville <linville@tuxdriver.com> 2011-09-19 15:00:16 -0400
commit: b53d63ecce17c4ddf8636def9f6e8b865c3927f9 (patch)
tree: 683ef774fcfb423fa35f61e4326d0ce3f6a7c283 /net/mac80211
parent: 765cf9976e937f1cfe9159bf4534967c8bf8eb6d (diff)
parent: 12e62d6f7ec475e546b40bece2045da15d6c21ef (diff)
25 files changed, 329 insertions, 227 deletions
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 9b5bd8cafc20..7c366dfe8da9 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -167,12 +167,8 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
        u16 capab;
        skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
+        if (!skb)
-        if (!skb) {
-                printk(KERN_DEBUG "%s: failed to allocate buffer "
-                       "for addba resp frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
@@ -279,14 +275,8 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
        /* prepare A-MPDU MLME for Rx aggregation */
        tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
-        if (!tid_agg_rx) {
+        if (!tid_agg_rx)
-#ifdef CONFIG_MAC80211_HT_DEBUG
-                if (net_ratelimit())
-                        printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
-                                        tid);
-#endif
                goto end;
-        }
        spin_lock_init(&tid_agg_rx->reorder_lock);
@@ -306,11 +296,6 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
        tid_agg_rx->reorder_time =
                kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
        if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) {
-#ifdef CONFIG_MAC80211_HT_DEBUG
-                if (net_ratelimit())
-                        printk(KERN_ERR "can not allocate reordering buffer "
-                               "to tid %d\n", tid);
-#endif
                kfree(tid_agg_rx->reorder_buf);
                kfree(tid_agg_rx->reorder_time);
                kfree(tid_agg_rx);
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 018108d1a2fd..3cef5a7281cb 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -68,11 +68,9 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
        skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_ERR "%s: failed to allocate buffer "
-                                "for addba request frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
        memset(mgmt, 0, 24);
@@ -106,19 +104,18 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
        ieee80211_tx_skb(sdata, skb);
 }
-void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
+void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
 {
+        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
        struct ieee80211_local *local = sdata->local;
        struct sk_buff *skb;
        struct ieee80211_bar *bar;
        u16 bar_control = 0;
        skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_ERR "%s: failed to allocate buffer for "
-                        "bar frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
        memset(bar, 0, sizeof(*bar));
@@ -135,6 +132,7 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
        IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
        ieee80211_tx_skb(sdata, skb);
 }
+EXPORT_SYMBOL(ieee80211_send_bar);
 void ieee80211_assign_tid_tx(struct sta_info *sta, int tid,
                             struct tid_ampdu_tx *tid_tx)
@@ -364,7 +362,8 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
                return -EINVAL;
        if ((tid >= STA_TID_NUM) ||
-            !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION))
+            !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) ||
+            (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW))
                return -EINVAL;
 #ifdef CONFIG_MAC80211_HT_DEBUG
@@ -413,11 +412,6 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
        /* prepare A-MPDU MLME for Tx aggregation */
        tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
        if (!tid_tx) {
-#ifdef CONFIG_MAC80211_HT_DEBUG
-                if (net_ratelimit())
-                        printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
-                                        tid);
-#endif
                ret = -ENOMEM;
                goto err_unlock_sta;
        }
@@ -574,14 +568,9 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
        struct ieee80211_ra_tid *ra_tid;
        struct sk_buff *skb = dev_alloc_skb(0);
-        if (unlikely(!skb)) {
+        if (unlikely(!skb))
-#ifdef CONFIG_MAC80211_HT_DEBUG
-                if (net_ratelimit())
-                        printk(KERN_WARNING "%s: Not enough memory, "
-                               "dropping start BA session", sdata->name);
-#endif
                return;
-        }
        ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
        memcpy(&ra_tid->ra, ra, ETH_ALEN);
        ra_tid->tid = tid;
@@ -727,14 +716,9 @@ void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
        struct ieee80211_ra_tid *ra_tid;
        struct sk_buff *skb = dev_alloc_skb(0);
-        if (unlikely(!skb)) {
+        if (unlikely(!skb))
-#ifdef CONFIG_MAC80211_HT_DEBUG
-                if (net_ratelimit())
-                        printk(KERN_WARNING "%s: Not enough memory, "
-                               "dropping stop BA session", sdata->name);
-#endif
                return;
-        }
        ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
        memcpy(&ra_tid->ra, ra, ETH_ALEN);
        ra_tid->tid = tid;
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 4baa03b1c251..567e3e54685a 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -455,6 +455,20 @@ static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
        return ret;
 }
+static void ieee80211_config_ap_ssid(struct ieee80211_sub_if_data *sdata,
+                                     struct beacon_parameters *params)
+{
+        struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
+        bss_conf->ssid_len = params->ssid_len;
+        if (params->ssid_len)
+                memcpy(bss_conf->ssid, params->ssid, params->ssid_len);
+        bss_conf->hidden_ssid =
+                (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
+}
 /*
 * This handles both adding a beacon and setting new beacon info
 */
@@ -548,8 +562,11 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
        kfree(old);
+        ieee80211_config_ap_ssid(sdata, params);
        ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
-                                                BSS_CHANGED_BEACON);
+                                                BSS_CHANGED_BEACON |
+                                                BSS_CHANGED_SSID);
        return 0;
 }
@@ -921,7 +938,7 @@ static int ieee80211_del_mpath(struct wiphy *wiphy, struct net_device *dev,
        if (dst)
                return mesh_path_del(dst, sdata);
-        mesh_path_flush(sdata);
+        mesh_path_flush_by_iface(sdata);
        return 0;
 }
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 267ed45ef6a2..c9141168fd43 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -297,6 +297,9 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
        char *buf = kzalloc(mxln, GFP_KERNEL);
        int sf = 0; /* how many written so far */
+        if (!buf)
+                return 0;
        sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
        if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
                sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
@@ -347,6 +350,8 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
        if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
                sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
+        if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)
+                sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
        rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
        kfree(buf);
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 6e8eab7919e2..dd0462917518 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -340,6 +340,8 @@ IEEE80211_IF_FILE(fwded_mcast, u.mesh.mshstats.fwded_mcast, DEC);
 IEEE80211_IF_FILE(fwded_unicast, u.mesh.mshstats.fwded_unicast, DEC);
 IEEE80211_IF_FILE(fwded_frames, u.mesh.mshstats.fwded_frames, DEC);
 IEEE80211_IF_FILE(dropped_frames_ttl, u.mesh.mshstats.dropped_frames_ttl, DEC);
+IEEE80211_IF_FILE(dropped_frames_congestion,
+                u.mesh.mshstats.dropped_frames_congestion, DEC);
 IEEE80211_IF_FILE(dropped_frames_no_route,
                u.mesh.mshstats.dropped_frames_no_route, DEC);
 IEEE80211_IF_FILE(estab_plinks, u.mesh.mshstats.estab_plinks, ATOMIC);
@@ -463,6 +465,7 @@ static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
        MESHSTATS_ADD(fwded_frames);
        MESHSTATS_ADD(dropped_frames_ttl);
        MESHSTATS_ADD(dropped_frames_no_route);
+        MESHSTATS_ADD(dropped_frames_congestion);
        MESHSTATS_ADD(estab_plinks);
 #undef MESHSTATS_ADD
 }
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 7cfc286946c0..2b9b52c69569 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -186,12 +186,8 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
        u16 params;
        skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
+        if (!skb)
-        if (!skb) {
-                printk(KERN_ERR "%s: failed to allocate buffer "
-                                        "for delba frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index c204cee1189c..21186e280ceb 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -261,6 +261,7 @@ struct mesh_stats {
        __u32 fwded_frames;             /* Mesh total forwarded frames */
        __u32 dropped_frames_ttl;       /* Not transmitted since mesh_ttl == 0*/
        __u32 dropped_frames_no_route;  /* Not transmitted, no route found */
+        __u32 dropped_frames_congestion;/* Not forwarded due to congestion */
        atomic_t estab_plinks;
 };
@@ -670,6 +671,7 @@ enum queue_stop_reason {
        IEEE80211_QUEUE_STOP_REASON_AGGREGATION,
        IEEE80211_QUEUE_STOP_REASON_SUSPEND,
        IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
+        IEEE80211_QUEUE_STOP_REASON_CHTYPE_CHANGE,
 };
 #ifdef CONFIG_MAC80211_LEDS
@@ -1186,7 +1188,6 @@ struct ieee80211_tx_status_rtap_hdr {
 void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
                                       struct ieee80211_ht_cap *ht_cap_ie,
                                       struct ieee80211_sta_ht_cap *ht_cap);
-void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn);
 void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
                          const u8 *da, u16 tid,
                          u16 initiator, u16 reason_code);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index d10dc4df60b6..a33c58f5137c 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1214,6 +1214,9 @@ void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
        list_del_rcu(&sdata->list);
        mutex_unlock(&sdata->local->iflist_mtx);
+        if (ieee80211_vif_is_mesh(&sdata->vif))
+                mesh_path_flush_by_iface(sdata);
        synchronize_rcu();
        unregister_netdevice(sdata->dev);
 }
@@ -1233,6 +1236,9 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
        list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
                list_del(&sdata->list);
+                if (ieee80211_vif_is_mesh(&sdata->vif))
+                        mesh_path_flush_by_iface(sdata);
                unregister_netdevice_queue(sdata->dev, &unreg_list);
        }
        mutex_unlock(&local->iflist_mtx);
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 28ab510e621a..a4225ae69681 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -200,10 +200,9 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
        }
        p = kmem_cache_alloc(rm_cache, GFP_ATOMIC);
-        if (!p) {
+        if (!p)
-                printk(KERN_DEBUG "o11s: could not allocate RMC entry\n");
                return 0;
-        }
        p->seqnum = seqnum;
        p->exp_time = jiffies + RMC_TIMEOUT;
        memcpy(p->sa, sa, ETH_ALEN);
@@ -464,8 +463,7 @@ int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
                memcpy(hdr->addr3, meshsa, ETH_ALEN);
                return 24;
        } else {
-                *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
+                *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
-                                IEEE80211_FCTL_TODS);
                /* RA TA DA SA */
                memset(hdr->addr1, 0, ETH_ALEN);   /* RA is resolved later */
                memcpy(hdr->addr2, meshsa, ETH_ALEN);
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 20272072171f..7118e8e8855c 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -80,7 +80,9 @@ enum mesh_deferred_task_flags {
 *      retry
 * @discovery_retries: number of discovery retries
 * @flags: mesh path flags, as specified on &enum mesh_path_flags
- * @state_lock: mesh path state lock
+ * @state_lock: mesh path state lock used to protect changes to the
+ * mpath itself.  No need to take this lock when adding or removing
+ * an mpath to a hash bucket on a path table.
 * @is_gate: the destination station of this path is a mesh gate
 *
 *
@@ -238,7 +240,6 @@ struct mesh_path *mesh_path_lookup_by_idx(int idx,
                struct ieee80211_sub_if_data *sdata);
 void mesh_path_fix_nexthop(struct mesh_path *mpath, struct sta_info *next_hop);
 void mesh_path_expire(struct ieee80211_sub_if_data *sdata);
-void mesh_path_flush(struct ieee80211_sub_if_data *sdata);
 void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
                struct ieee80211_mgmt *mgmt, size_t len);
 int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata);
@@ -275,6 +276,7 @@ void mesh_pathtbl_unregister(void);
 int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata);
 void mesh_path_timer(unsigned long data);
 void mesh_path_flush_by_nexthop(struct sta_info *sta);
+void mesh_path_flush_by_iface(struct ieee80211_sub_if_data *sdata);
 void mesh_path_discard_frame(struct sk_buff *skb,
                struct ieee80211_sub_if_data *sdata);
 void mesh_path_quiesce(struct ieee80211_sub_if_data *sdata);
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index fd4f76a3e139..6df7913d7ca4 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -8,6 +8,7 @@
 */
 #include <linux/slab.h>
+#include "wme.h"
 #include "mesh.h"
 #ifdef CONFIG_MAC80211_VERBOSE_MHWMP_DEBUG
@@ -202,6 +203,26 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
        return 0;
 }
+/*  Headroom is not adjusted.  Caller should ensure that skb has sufficient
+ *  headroom in case the frame is encrypted. */
+static void prepare_frame_for_deferred_tx(struct ieee80211_sub_if_data *sdata,
+                struct sk_buff *skb)
+{
+        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+        skb_set_mac_header(skb, 0);
+        skb_set_network_header(skb, 0);
+        skb_set_transport_header(skb, 0);
+        /* Send all internal mgmt frames on VO. Accordingly set TID to 7. */
+        skb_set_queue_mapping(skb, IEEE80211_AC_VO);
+        skb->priority = 7;
+        info->control.vif = &sdata->vif;
+        ieee80211_set_qos_hdr(sdata, skb);
+}
 /**
 * mesh_send_path error - Sends a PERR mesh management frame
 *
@@ -209,6 +230,10 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
 * @target_sn: SN of the broken destination
 * @target_rcode: reason code for this PERR
 * @ra: node this frame is addressed to
+ *
+ * Note: This function may be called with driver locks taken that the driver
+ * also acquires in the TX path.  To avoid a deadlock we don't transmit the
+ * frame directly but add it to the pending queue instead.
 */
 int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
                       __le16 target_rcode, const u8 *ra,
@@ -222,7 +247,7 @@ int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
        if (!skb)
                return -1;
-        skb_reserve(skb, local->hw.extra_tx_headroom);
+        skb_reserve(skb, local->tx_headroom + local->hw.extra_tx_headroom);
        /* 25 is the size of the common mgmt part (24) plus the size of the
         * common action part (1)
         */
@@ -263,7 +288,9 @@ int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
        pos += 4;
        memcpy(pos, &target_rcode, 2);
-        ieee80211_tx_skb(sdata, skb);
+        /* see note in function header */
+        prepare_frame_for_deferred_tx(sdata, skb);
+        ieee80211_add_pending_skb(local, skb);
        return 0;
 }
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index f97d17cb073c..7f54c5042235 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -14,6 +14,7 @@
 #include <linux/spinlock.h>
 #include <linux/string.h>
 #include <net/mac80211.h>
+#include "wme.h"
 #include "ieee80211_i.h"
 #include "mesh.h"
@@ -48,8 +49,10 @@ static struct mesh_table __rcu *mpp_paths; /* Store paths for MPP&MAP */
 int mesh_paths_generation;
 /* This lock will have the grow table function as writer and add / delete nodes
- * as readers. When reading the table (i.e. doing lookups) we are well protected
+ * as readers. RCU provides sufficient protection only when reading the table
- * by RCU
+ * (i.e. doing lookups).  Adding or adding or removing nodes requires we take
+ * the read lock or we risk operating on an old table.  The write lock is only
+ * needed when modifying the number of buckets a table.
 */
 static DEFINE_RWLOCK(pathtbl_resize_lock);
@@ -210,6 +213,7 @@ void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta)
        struct ieee80211_hdr *hdr;
        struct sk_buff_head tmpq;
        unsigned long flags;
+        struct ieee80211_sub_if_data *sdata = mpath->sdata;
        rcu_assign_pointer(mpath->next_hop, sta);
@@ -220,6 +224,8 @@ void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta)
        while ((skb = __skb_dequeue(&mpath->frame_queue)) != NULL) {
                hdr = (struct ieee80211_hdr *) skb->data;
                memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
+                skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, skb));
+                ieee80211_set_qos_hdr(sdata, skb);
                __skb_queue_tail(&tmpq, skb);
        }
@@ -333,25 +339,14 @@ static void mesh_path_move_to_queue(struct mesh_path *gate_mpath,
 }
-/**
+static struct mesh_path *path_lookup(struct mesh_table *tbl, u8 *dst,
- * mesh_path_lookup - look up a path in the mesh path table
+                                          struct ieee80211_sub_if_data *sdata)
- * @dst: hardware address (ETH_ALEN length) of destination
- * @sdata: local subif
- *
- * Returns: pointer to the mesh path structure, or NULL if not found
- *
- * Locking: must be called within a read rcu section.
- */
-struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
 {
        struct mesh_path *mpath;
        struct hlist_node *n;
        struct hlist_head *bucket;
-        struct mesh_table *tbl;
        struct mpath_node *node;
-        tbl = rcu_dereference(mesh_paths);
        bucket = &tbl->hash_buckets[mesh_table_hash(dst, sdata, tbl)];
        hlist_for_each_entry_rcu(node, n, bucket, list) {
                mpath = node->mpath;
@@ -359,8 +354,7 @@ struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
                                memcmp(dst, mpath->dst, ETH_ALEN) == 0) {
                        if (MPATH_EXPIRED(mpath)) {
                                spin_lock_bh(&mpath->state_lock);
-                                if (MPATH_EXPIRED(mpath))
+                                mpath->flags &= ~MESH_PATH_ACTIVE;
-                                        mpath->flags &= ~MESH_PATH_ACTIVE;
                                spin_unlock_bh(&mpath->state_lock);
                        }
                        return mpath;
@@ -369,31 +363,23 @@ struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
        return NULL;
 }
-struct mesh_path *mpp_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
+/**
+ * mesh_path_lookup - look up a path in the mesh path table
+ * @dst: hardware address (ETH_ALEN length) of destination
+ * @sdata: local subif
+ *
+ * Returns: pointer to the mesh path structure, or NULL if not found
+ *
+ * Locking: must be called within a read rcu section.
+ */
+struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
 {
-        struct mesh_path *mpath;
+        return path_lookup(rcu_dereference(mesh_paths), dst, sdata);
-        struct hlist_node *n;
+}
-        struct hlist_head *bucket;
-        struct mesh_table *tbl;
-        struct mpath_node *node;
-        tbl = rcu_dereference(mpp_paths);
-        bucket = &tbl->hash_buckets[mesh_table_hash(dst, sdata, tbl)];
+struct mesh_path *mpp_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
-        hlist_for_each_entry_rcu(node, n, bucket, list) {
+{
-                mpath = node->mpath;
+        return path_lookup(rcu_dereference(mpp_paths), dst, sdata);
-                if (mpath->sdata == sdata &&
-                    memcmp(dst, mpath->dst, ETH_ALEN) == 0) {
-                        if (MPATH_EXPIRED(mpath)) {
-                                spin_lock_bh(&mpath->state_lock);
-                                if (MPATH_EXPIRED(mpath))
-                                        mpath->flags &= ~MESH_PATH_ACTIVE;
-                                spin_unlock_bh(&mpath->state_lock);
-                        }
-                        return mpath;
-                }
-        }
-        return NULL;
 }
@@ -420,8 +406,7 @@ struct mesh_path *mesh_path_lookup_by_idx(int idx, struct ieee80211_sub_if_data
                if (j++ == idx) {
                        if (MPATH_EXPIRED(node->mpath)) {
                                spin_lock_bh(&node->mpath->state_lock);
-                                if (MPATH_EXPIRED(node->mpath))
+                                node->mpath->flags &= ~MESH_PATH_ACTIVE;
-                                        node->mpath->flags &= ~MESH_PATH_ACTIVE;
                                spin_unlock_bh(&node->mpath->state_lock);
                        }
                        return node->mpath;
@@ -776,22 +761,47 @@ void mesh_plink_broken(struct sta_info *sta)
        tbl = rcu_dereference(mesh_paths);
        for_each_mesh_entry(tbl, p, node, i) {
                mpath = node->mpath;
-                spin_lock_bh(&mpath->state_lock);
                if (rcu_dereference(mpath->next_hop) == sta &&
                    mpath->flags & MESH_PATH_ACTIVE &&
                    !(mpath->flags & MESH_PATH_FIXED)) {
+                        spin_lock_bh(&mpath->state_lock);
                        mpath->flags &= ~MESH_PATH_ACTIVE;
                        ++mpath->sn;
                        spin_unlock_bh(&mpath->state_lock);
                        mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl,
                                        mpath->dst, cpu_to_le32(mpath->sn),
                                        reason, bcast, sdata);
-                } else
+                }
-                spin_unlock_bh(&mpath->state_lock);
        }
        rcu_read_unlock();
 }
+static void mesh_path_node_reclaim(struct rcu_head *rp)
+{
+        struct mpath_node *node = container_of(rp, struct mpath_node, rcu);
+        struct ieee80211_sub_if_data *sdata = node->mpath->sdata;
+        del_timer_sync(&node->mpath->timer);
+        atomic_dec(&sdata->u.mesh.mpaths);
+        kfree(node->mpath);
+        kfree(node);
+}
+/* needs to be called with the corresponding hashwlock taken */
+static void __mesh_path_del(struct mesh_table *tbl, struct mpath_node *node)
+{
+        struct mesh_path *mpath;
+        mpath = node->mpath;
+        spin_lock(&mpath->state_lock);
+        mpath->flags |= MESH_PATH_RESOLVING;
+        if (mpath->is_gate)
+                mesh_gate_del(tbl, mpath);
+        hlist_del_rcu(&node->list);
+        call_rcu(&node->rcu, mesh_path_node_reclaim);
+        spin_unlock(&mpath->state_lock);
+        atomic_dec(&tbl->entries);
+}
 /**
 * mesh_path_flush_by_nexthop - Deletes mesh paths if their next hop matches
 *
@@ -812,42 +822,59 @@ void mesh_path_flush_by_nexthop(struct sta_info *sta)
        int i;
        rcu_read_lock();
-        tbl = rcu_dereference(mesh_paths);
+        read_lock_bh(&pathtbl_resize_lock);
+        tbl = resize_dereference_mesh_paths();
        for_each_mesh_entry(tbl, p, node, i) {
                mpath = node->mpath;
-                if (rcu_dereference(mpath->next_hop) == sta)
+                if (rcu_dereference(mpath->next_hop) == sta) {
-                        mesh_path_del(mpath->dst, mpath->sdata);
+                        spin_lock_bh(&tbl->hashwlock[i]);
+                        __mesh_path_del(tbl, node);
+                        spin_unlock_bh(&tbl->hashwlock[i]);
+                }
        }
+        read_unlock_bh(&pathtbl_resize_lock);
        rcu_read_unlock();
 }
-void mesh_path_flush(struct ieee80211_sub_if_data *sdata)
+static void table_flush_by_iface(struct mesh_table *tbl,
+                                 struct ieee80211_sub_if_data *sdata)
 {
-        struct mesh_table *tbl;
        struct mesh_path *mpath;
        struct mpath_node *node;
        struct hlist_node *p;
        int i;
-        rcu_read_lock();
+        WARN_ON(!rcu_read_lock_held());
-        tbl = rcu_dereference(mesh_paths);
        for_each_mesh_entry(tbl, p, node, i) {
                mpath = node->mpath;
-                if (mpath->sdata == sdata)
+                if (mpath->sdata != sdata)
-                        mesh_path_del(mpath->dst, mpath->sdata);
+                        continue;
+                spin_lock_bh(&tbl->hashwlock[i]);
+                __mesh_path_del(tbl, node);
+                spin_unlock_bh(&tbl->hashwlock[i]);
        }
-        rcu_read_unlock();
 }
-static void mesh_path_node_reclaim(struct rcu_head *rp)
+/**
+ * mesh_path_flush_by_iface - Deletes all mesh paths associated with a given iface
+ *
+ * This function deletes both mesh paths as well as mesh portal paths.
+ *
+ * @sdata - interface data to match
+ *
+ */
+void mesh_path_flush_by_iface(struct ieee80211_sub_if_data *sdata)
 {
-        struct mpath_node *node = container_of(rp, struct mpath_node, rcu);
+        struct mesh_table *tbl;
-        struct ieee80211_sub_if_data *sdata = node->mpath->sdata;
-        del_timer_sync(&node->mpath->timer);
+        rcu_read_lock();
-        atomic_dec(&sdata->u.mesh.mpaths);
+        read_lock_bh(&pathtbl_resize_lock);
-        kfree(node->mpath);
+        tbl = resize_dereference_mesh_paths();
-        kfree(node);
+        table_flush_by_iface(tbl, sdata);
+        tbl = resize_dereference_mpp_paths();
+        table_flush_by_iface(tbl, sdata);
+        read_unlock_bh(&pathtbl_resize_lock);
+        rcu_read_unlock();
 }
 /**
@@ -878,14 +905,7 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
                mpath = node->mpath;
                if (mpath->sdata == sdata &&
                    memcmp(addr, mpath->dst, ETH_ALEN) == 0) {
-                        spin_lock_bh(&mpath->state_lock);
+                        __mesh_path_del(tbl, node);
-                        if (mpath->is_gate)
-                                mesh_gate_del(tbl, mpath);
-                        mpath->flags |= MESH_PATH_RESOLVING;
-                        hlist_del_rcu(&node->list);
-                        call_rcu(&node->rcu, mesh_path_node_reclaim);
-                        atomic_dec(&tbl->entries);
-                        spin_unlock_bh(&mpath->state_lock);
                        goto enddel;
                }
        }
@@ -991,9 +1011,14 @@ void mesh_path_discard_frame(struct sk_buff *skb,
                da = hdr->addr3;
                ra = hdr->addr1;
+                rcu_read_lock();
                mpath = mesh_path_lookup(da, sdata);
-                if (mpath)
+                if (mpath) {
+                        spin_lock_bh(&mpath->state_lock);
                        sn = ++mpath->sn;
+                        spin_unlock_bh(&mpath->state_lock);
+                }
+                rcu_read_unlock();
                mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl, skb->data,
                                   cpu_to_le32(sn), reason, ra, sdata);
        }
@@ -1074,6 +1099,7 @@ static int mesh_path_node_copy(struct hlist_node *p, struct mesh_table *newtbl)
 int mesh_pathtbl_init(void)
 {
        struct mesh_table *tbl_path, *tbl_mpp;
+        int ret;
        tbl_path = mesh_table_alloc(INIT_PATHS_SIZE_ORDER);
        if (!tbl_path)
@@ -1082,18 +1108,26 @@ int mesh_pathtbl_init(void)
        tbl_path->copy_node = &mesh_path_node_copy;
        tbl_path->mean_chain_len = MEAN_CHAIN_LEN;
        tbl_path->known_gates = kzalloc(sizeof(struct hlist_head), GFP_ATOMIC);
+        if (!tbl_path->known_gates) {
+                ret = -ENOMEM;
+                goto free_path;
+        }
        INIT_HLIST_HEAD(tbl_path->known_gates);
        tbl_mpp = mesh_table_alloc(INIT_PATHS_SIZE_ORDER);
        if (!tbl_mpp) {
-                mesh_table_free(tbl_path, true);
+                ret = -ENOMEM;
-                return -ENOMEM;
+                goto free_path;
        }
        tbl_mpp->free_node = &mesh_path_node_free;
        tbl_mpp->copy_node = &mesh_path_node_copy;
        tbl_mpp->mean_chain_len = MEAN_CHAIN_LEN;
        tbl_mpp->known_gates = kzalloc(sizeof(struct hlist_head), GFP_ATOMIC);
+        if (!tbl_mpp->known_gates) {
+                ret = -ENOMEM;
+                goto free_mpp;
+        }
        INIT_HLIST_HEAD(tbl_mpp->known_gates);
        /* Need no locking since this is during init */
@@ -1101,6 +1135,12 @@ int mesh_pathtbl_init(void)
        RCU_INIT_POINTER(mpp_paths, tbl_mpp);
        return 0;
+free_mpp:
+        mesh_table_free(tbl_mpp, true);
+free_path:
+        mesh_table_free(tbl_path, true);
+        return ret;
 }
 void mesh_path_expire(struct ieee80211_sub_if_data *sdata)
@@ -1117,14 +1157,10 @@ void mesh_path_expire(struct ieee80211_sub_if_data *sdata)
                if (node->mpath->sdata != sdata)
                        continue;
                mpath = node->mpath;
-                spin_lock_bh(&mpath->state_lock);
                if ((!(mpath->flags & MESH_PATH_RESOLVING)) &&
                    (!(mpath->flags & MESH_PATH_FIXED)) &&
-                     time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE)) {
+                     time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE))
-                        spin_unlock_bh(&mpath->state_lock);
                        mesh_path_del(mpath->dst, mpath->sdata);
-                } else
-                        spin_unlock_bh(&mpath->state_lock);
        }
        rcu_read_unlock();
 }
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 1a00d0f701c3..4396906175ae 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -88,7 +88,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
        if (!sta)
                return NULL;
-        sta->flags = WLAN_STA_AUTHORIZED | WLAN_STA_AUTH;
+        sta->flags = WLAN_STA_AUTHORIZED | WLAN_STA_AUTH | WLAN_STA_WME;
        sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
        rate_control_rate_init(sta);
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 60a6f273cd30..2f92ae2f9706 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -271,11 +271,9 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
        struct ieee80211_mgmt *mgmt;
        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for "
-                       "deauth/disassoc frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
@@ -354,11 +352,9 @@ static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
                return;
        skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for 4addr "
-                       "nullfunc frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
@@ -394,6 +390,9 @@ static void ieee80211_chswitch_work(struct work_struct *work)
                /* call "hw_config" only if doing sw channel switch */
                ieee80211_hw_config(sdata->local,
                        IEEE80211_CONF_CHANGE_CHANNEL);
+        } else {
+                /* update the device channel directly */
+                sdata->local->hw.conf.channel = sdata->local->oper_channel;
        }
        /* XXX: shouldn't really modify cfg80211-owned data! */
@@ -1922,8 +1921,24 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
                rcu_read_unlock();
+                /*
+                 * Whenever the AP announces the HT mode change that can be
+                 * 40MHz intolerant or etc., it would be safer to stop tx
+                 * queues before doing hw config to avoid buffer overflow.
+                 */
+                ieee80211_stop_queues_by_reason(&sdata->local->hw,
+                                IEEE80211_QUEUE_STOP_REASON_CHTYPE_CHANGE);
+                /* flush out all packets */
+                synchronize_net();
+                drv_flush(local, false);
                changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
                                               bssid, ap_ht_cap_flags);
+                ieee80211_wake_queues_by_reason(&sdata->local->hw,
+                                IEEE80211_QUEUE_STOP_REASON_CHTYPE_CHANGE);
        }
        /* Note: country IE parsing is done for us by cfg80211 */
@@ -2441,11 +2456,8 @@ static int ieee80211_pre_assoc(struct ieee80211_sub_if_data *sdata,
        int err;
        sta = sta_info_alloc(sdata, bssid, GFP_KERNEL);
-        if (!sta) {
+        if (!sta)
-                printk(KERN_DEBUG "%s: failed to alloc STA entry for"
-                           " the AP\n", sdata->name);
                return -ENOMEM;
-        }
        sta->dummy = true;
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 21588386a302..e19249b0f971 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -452,7 +452,8 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
        if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) {
                minstrel_ht_update_stats(mp, mi);
-                minstrel_aggr_check(mp, sta, skb);
+                if (!(info->flags & IEEE80211_TX_CTL_AMPDU))
+                        minstrel_aggr_check(mp, sta, skb);
        }
 }
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index f45fd2fedc24..db46601e50bf 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -476,7 +476,6 @@ static ieee80211_rx_result
 ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
 {
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
-        unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
        char *dev_addr = rx->sdata->vif.addr;
        if (ieee80211_is_data(hdr->frame_control)) {
@@ -524,14 +523,6 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
        }
-#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
-        if (ieee80211_is_data(hdr->frame_control) &&
-            is_multicast_ether_addr(hdr->addr1) &&
-            mesh_rmc_check(hdr->addr3, msh_h_get(hdr, hdrlen), rx->sdata))
-                return RX_DROP_MONITOR;
-#undef msh_h_get
        return RX_CONTINUE;
 }
@@ -1840,6 +1831,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
        hdrlen = ieee80211_hdrlen(hdr->frame_control);
        mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
+        /* frame is in RMC, don't forward */
+        if (ieee80211_is_data(hdr->frame_control) &&
+            is_multicast_ether_addr(hdr->addr1) &&
+            mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
+                return RX_DROP_MONITOR;
        if (!ieee80211_is_data(hdr->frame_control))
                return RX_CONTINUE;
@@ -1847,6 +1844,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
                /* illegal frame */
                return RX_DROP_MONITOR;
+        if (ieee80211_queue_stopped(&local->hw, skb_get_queue_mapping(skb))) {
+                IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh,
+                                                dropped_frames_congestion);
+                return RX_DROP_MONITOR;
+        }
        if (mesh_hdr->flags & MESH_FLAGS_AE) {
                struct mesh_path *mppath;
                char *proxied_addr;
@@ -1902,13 +1905,13 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
                        memset(info, 0, sizeof(*info));
                        info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
                        info->control.vif = &rx->sdata->vif;
-                        skb_set_queue_mapping(skb,
+                        if (is_multicast_ether_addr(fwd_hdr->addr1)) {
-                                ieee80211_select_queue(rx->sdata, fwd_skb));
-                        ieee80211_set_qos_hdr(local, skb);
-                        if (is_multicast_ether_addr(fwd_hdr->addr1))
                                IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh,
                                                                fwded_mcast);
-                        else {
+                                skb_set_queue_mapping(fwd_skb,
+                                        ieee80211_select_queue(sdata, fwd_skb));
+                                ieee80211_set_qos_hdr(sdata, fwd_skb);
+                        } else {
                                int err;
                                /*
                                 * Save TA to addr1 to send TA a path error if a
@@ -2569,12 +2572,12 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx)
                CALL_RXH(ieee80211_rx_h_ps_poll)
                CALL_RXH(ieee80211_rx_h_michael_mic_verify)
                /* must be after MMIC verify so header is counted in MPDU mic */
-                CALL_RXH(ieee80211_rx_h_remove_qos_control)
-                CALL_RXH(ieee80211_rx_h_amsdu)
 #ifdef CONFIG_MAC80211_MESH
                if (ieee80211_vif_is_mesh(&rx->sdata->vif))
                        CALL_RXH(ieee80211_rx_h_mesh_fwding);
 #endif
+                CALL_RXH(ieee80211_rx_h_remove_qos_control)
+                CALL_RXH(ieee80211_rx_h_amsdu)
                CALL_RXH(ieee80211_rx_h_data)
                CALL_RXH(ieee80211_rx_h_ctrl);
                CALL_RXH(ieee80211_rx_h_mgmt_check)
diff --git a/net/mac80211/spectmgmt.c b/net/mac80211/spectmgmt.c
index 7733f66ee2c4..578eea3fc04d 100644
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -32,12 +32,8 @@ static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_da
        skb = dev_alloc_skb(sizeof(*msr_report) + local->hw.extra_tx_headroom +
                                sizeof(struct ieee80211_msrment_ie));
+        if (!skb)
-        if (!skb) {
-                printk(KERN_ERR "%s: failed to allocate buffer for "
-                                "measurement report frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 6bc17fb80ee9..695447e988cb 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -691,14 +691,13 @@ void sta_info_clear_tim_bit(struct sta_info *sta)
        spin_unlock_irqrestore(&sta->local->sta_lock, flags);
 }
-static int sta_info_buffer_expired(struct sta_info *sta,
+static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
-                                   struct sk_buff *skb)
 {
        struct ieee80211_tx_info *info;
        int timeout;
        if (!skb)
-                return 0;
+                return false;
        info = IEEE80211_SKB_CB(skb);
@@ -718,9 +717,6 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
        unsigned long flags;
        struct sk_buff *skb;
-        if (skb_queue_empty(&sta->ps_tx_buf))
-                return false;
        for (;;) {
                spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
                skb = skb_peek(&sta->ps_tx_buf);
@@ -745,7 +741,7 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
                        sta_info_clear_tim_bit(sta);
        }
-        return true;
+        return !skb_queue_empty(&sta->ps_tx_buf);
 }
 static int __must_check __sta_info_destroy(struct sta_info *sta)
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index e9eb565506da..56a3d38a2cd1 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -86,6 +86,8 @@ enum ieee80211_sta_info_flags {
 * @stop_initiator: initiator of a session stop
 * @tx_stop: TX DelBA frame when stopping
 * @buf_size: reorder buffer size at receiver
+ * @failed_bar_ssn: ssn of the last failed BAR tx attempt
+ * @bar_pending: BAR needs to be re-sent
 *
 * This structure's lifetime is managed by RCU, assignments to
 * the array holding it must hold the aggregation mutex.
@@ -106,6 +108,9 @@ struct tid_ampdu_tx {
        u8 stop_initiator;
        bool tx_stop;
        u8 buf_size;
+        u16 failed_bar_ssn;
+        bool bar_pending;
 };
 /**
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index e51bd2a1a073..d50358c45ab0 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -127,12 +127,32 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
        dev_kfree_skb(skb);
 }
+static void ieee80211_check_pending_bar(struct sta_info *sta, u8 *addr, u8 tid)
+{
+        struct tid_ampdu_tx *tid_tx;
+        tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
+        if (!tid_tx || !tid_tx->bar_pending)
+                return;
+        tid_tx->bar_pending = false;
+        ieee80211_send_bar(&sta->sdata->vif, addr, tid, tid_tx->failed_bar_ssn);
+}
 static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
 {
        struct ieee80211_mgmt *mgmt = (void *) skb->data;
        struct ieee80211_local *local = sta->local;
        struct ieee80211_sub_if_data *sdata = sta->sdata;
+        if (ieee80211_is_data_qos(mgmt->frame_control)) {
+                struct ieee80211_hdr *hdr = (void *) skb->data;
+                u8 *qc = ieee80211_get_qos_ctl(hdr);
+                u16 tid = qc[0] & 0xf;
+                ieee80211_check_pending_bar(sta, hdr->addr1, tid);
+        }
        if (ieee80211_is_action(mgmt->frame_control) &&
            sdata->vif.type == NL80211_IFTYPE_STATION &&
            mgmt->u.action.category == WLAN_CATEGORY_HT &&
@@ -161,6 +181,18 @@ static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
        }
 }
+static void ieee80211_set_bar_pending(struct sta_info *sta, u8 tid, u16 ssn)
+{
+        struct tid_ampdu_tx *tid_tx;
+        tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
+        if (!tid_tx)
+                return;
+        tid_tx->failed_bar_ssn = ssn;
+        tid_tx->bar_pending = true;
+}
 /*
 * Use a static threshold for now, best value to be determined
 * by testing ...
@@ -241,23 +273,28 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
                        tid = qc[0] & 0xf;
                        ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
                                                & IEEE80211_SCTL_SEQ);
-                        ieee80211_send_bar(sta->sdata, hdr->addr1,
+                        ieee80211_send_bar(&sta->sdata->vif, hdr->addr1,
                                           tid, ssn);
                }
                if (!acked && ieee80211_is_back_req(fc)) {
+                        u16 control;
                        /*
-                         * BAR failed, let's tear down the BA session as a
+                         * BAR failed, store the last SSN and retry sending
-                         * last resort as some STAs (Intel 5100 on Windows)
+                         * the BAR when the next unicast transmission on the
-                         * can get stuck when the BA window isn't flushed
+                         * same TID succeeds.
-                         * correctly.
                         */
                        bar = (struct ieee80211_bar *) skb->data;
-                        if (!(bar->control & IEEE80211_BAR_CTRL_MULTI_TID)) {
+                        control = le16_to_cpu(bar->control);
-                                tid = (bar->control &
+                        if (!(control & IEEE80211_BAR_CTRL_MULTI_TID)) {
+                                u16 ssn = le16_to_cpu(bar->start_seq_num);
+                                tid = (control &
                                       IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
                                      IEEE80211_BAR_CTRL_TID_INFO_SHIFT;
-                                ieee80211_stop_tx_ba_session(&sta->sta, tid);
+                                ieee80211_set_bar_pending(sta, tid, ssn);
                        }
                }
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 01072639666f..7cd6c28968b2 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1232,7 +1232,8 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
                tx->sta = sta_info_get(sdata, hdr->addr1);
        if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
-            (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) {
+            (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) &&
+            !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) {
                struct tid_ampdu_tx *tid_tx;
                qc = ieee80211_get_qos_ctl(hdr);
@@ -1595,7 +1596,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
                                return;
                        }
-        ieee80211_set_qos_hdr(local, skb);
+        ieee80211_set_qos_hdr(sdata, skb);
        ieee80211_tx(sdata, skb, false);
        rcu_read_unlock();
 }
@@ -1878,6 +1879,10 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
                rcu_read_unlock();
        }
+        /* For mesh, the use of the QoS header is mandatory */
+        if (ieee80211_vif_is_mesh(&sdata->vif))
+                sta_flags |= WLAN_STA_WME;
        /* receiver and we are QoS enabled, use a QoS type frame */
        if ((sta_flags & WLAN_STA_WME) && local->hw.queues >= 4) {
                fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
@@ -2365,11 +2370,9 @@ struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
        local = sdata->local;
        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for "
-                       "pspoll template\n", sdata->name);
                return NULL;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
@@ -2405,11 +2408,9 @@ struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
        local = sdata->local;
        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*nullfunc));
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
-                       "template\n", sdata->name);
                return NULL;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        nullfunc = (struct ieee80211_hdr_3addr *) skb_put(skb,
@@ -2444,11 +2445,8 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
                            ie_ssid_len + ie_len);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
-                       "request template\n", sdata->name);
                return NULL;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index ce916ff6ef08..4b1466d5b6a1 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -707,11 +707,9 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
        skb = dev_alloc_skb(local->hw.extra_tx_headroom +
                            sizeof(*mgmt) + 6 + extra_len);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
-                       "frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
@@ -864,11 +862,8 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
        /* FIXME: come up with a proper value */
        buf = kmalloc(200 + ie_len, GFP_KERNEL);
-        if (!buf) {
+        if (!buf)
-                printk(KERN_DEBUG "%s: failed to allocate temporary IE "
-                       "buffer\n", sdata->name);
                return NULL;
-        }
        /*
         * Do not send DS Channel parameter for directed probe requests
@@ -1082,6 +1077,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
                        changed |= BSS_CHANGED_IBSS;
                        /* fall through */
                case NL80211_IFTYPE_AP:
+                        changed |= BSS_CHANGED_SSID;
+                        /* fall through */
                case NL80211_IFTYPE_MESH_POINT:
                        changed |= BSS_CHANGED_BEACON |
                                   BSS_CHANGED_BEACON_ENABLED;
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 7a49532f14cb..971004c9b04f 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -83,11 +83,7 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
                break;
 #ifdef CONFIG_MAC80211_MESH
        case NL80211_IFTYPE_MESH_POINT:
-                /*
+                ra = skb->data;
-                 * XXX: This is clearly broken ... but already was before,
-                 * because ieee80211_fill_mesh_addresses() would clear A1
-                 * except for multicast addresses.
-                 */
                break;
 #endif
        case NL80211_IFTYPE_STATION:
@@ -139,7 +135,8 @@ u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
        return ieee802_1d_to_ac[skb->priority];
 }
-void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb)
+void ieee80211_set_qos_hdr(struct ieee80211_sub_if_data *sdata,
+                           struct sk_buff *skb)
 {
        struct ieee80211_hdr *hdr = (void *)skb->data;
@@ -150,10 +147,11 @@ void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb)
                tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
-                if (unlikely(local->wifi_wme_noack_test))
+                if (unlikely(sdata->local->wifi_wme_noack_test))
                        ack_policy |= IEEE80211_QOS_CTL_ACK_POLICY_NOACK;
-                /* qos header is 2 bytes, second reserved */
+                /* qos header is 2 bytes */
                *p++ = ack_policy | tid;
-                *p = 0;
+                *p = ieee80211_vif_is_mesh(&sdata->vif) ?
+                        (IEEE80211_QOS_CTL_MESH_CONTROL_PRESENT >> 8) : 0;
        }
 }
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h
index faead6d02026..34e166fbf4d4 100644
--- a/net/mac80211/wme.h
+++ b/net/mac80211/wme.h
@@ -17,7 +17,8 @@ extern const int ieee802_1d_to_ac[8];
 u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
                           struct sk_buff *skb);
-void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb);
+void ieee80211_set_qos_hdr(struct ieee80211_sub_if_data *sdata,
+                           struct sk_buff *skb);
 u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
                              struct sk_buff *skb);
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 380b9a7462b6..bac34394c05e 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -229,11 +229,9 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
                        wk->ie_len + /* extra IEs */
                        9, /* WMM */
                        GFP_KERNEL);
-        if (!skb) {
+        if (!skb)
-                printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
-                       "frame\n", sdata->name);
                return;
-        }
        skb_reserve(skb, local->hw.extra_tx_headroom);
        capab = WLAN_CAPABILITY_ESS;
author	John W. Linville <linville@tuxdriver.com>	2011-09-19 15:00:16 -0400
committer	John W. Linville <linville@tuxdriver.com>	2011-09-19 15:00:16 -0400
commit	b53d63ecce17c4ddf8636def9f6e8b865c3927f9 (patch)
tree	683ef774fcfb423fa35f61e4326d0ce3f6a7c283 /net/mac80211
parent	765cf9976e937f1cfe9159bf4534967c8bf8eb6d (diff)
parent	12e62d6f7ec475e546b40bece2045da15d6c21ef (diff)