Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem

Conflicts:
	drivers/net/wireless/ath/ath9k/debug.c
	net/mac80211/iface.c

15 files changed, 443 insertions, 861 deletions

diff --git a/net/wireless/core.c b/net/wireless/core.c
index 01e41191f1bf..e4df77490229 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -34,13 +34,12 @@
 MODULE_AUTHOR("Johannes Berg");
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("wireless configuration support");
+MODULE_ALIAS_GENL_FAMILY(NL80211_GENL_NAME);
 
-/* RCU-protected (and cfg80211_mutex for writers) */
+/* RCU-protected (and RTNL for writers) */
 LIST_HEAD(cfg80211_rdev_list);
 int cfg80211_rdev_list_generation;
 
-DEFINE_MUTEX(cfg80211_mutex);
-
 /* for debugfs */
 static struct dentry *ieee80211_debugfs_dir;
 
@@ -52,12 +51,11 @@ module_param(cfg80211_disable_40mhz_24ghz, bool, 0644);
 MODULE_PARM_DESC(cfg80211_disable_40mhz_24ghz,
                  "Disable 40MHz support in the 2.4GHz band");
 
-/* requires cfg80211_mutex to be held! */
 struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx)
 {
         struct cfg80211_registered_device *result = NULL, *rdev;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
                 if (rdev->wiphy_idx == wiphy_idx) {
@@ -76,12 +74,11 @@ int get_wiphy_idx(struct wiphy *wiphy)
         return rdev->wiphy_idx;
 }
 
-/* requires cfg80211_rdev_mutex to be held! */
 struct wiphy *wiphy_idx_to_wiphy(int wiphy_idx)
 {
         struct cfg80211_registered_device *rdev;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         rdev = cfg80211_rdev_by_wiphy_idx(wiphy_idx);
         if (!rdev)
@@ -89,35 +86,13 @@ struct wiphy *wiphy_idx_to_wiphy(int wiphy_idx)
         return &rdev->wiphy;
 }
 
-struct cfg80211_registered_device *
-cfg80211_get_dev_from_ifindex(struct net *net, int ifindex)
-{
-        struct cfg80211_registered_device *rdev = ERR_PTR(-ENODEV);
-        struct net_device *dev;
-
-        mutex_lock(&cfg80211_mutex);
-        dev = dev_get_by_index(net, ifindex);
-        if (!dev)
-                goto out;
-        if (dev->ieee80211_ptr) {
-                rdev = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
-                mutex_lock(&rdev->mtx);
-        } else
-                rdev = ERR_PTR(-ENODEV);
-        dev_put(dev);
- out:
-        mutex_unlock(&cfg80211_mutex);
-        return rdev;
-}
-
-/* requires cfg80211_mutex to be held */
 int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
                         char *newname)
 {
         struct cfg80211_registered_device *rdev2;
         int wiphy_idx, taken = -1, result, digits;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         /* prohibit calling the thing phy%d when %d is not its number */
         sscanf(newname, PHY_NAME "%d%n", &wiphy_idx, &taken);
@@ -215,8 +190,7 @@ static void cfg80211_rfkill_poll(struct rfkill *rfkill, void *data)
 void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev,
                               struct wireless_dev *wdev)
 {
-        lockdep_assert_held(&rdev->devlist_mtx);
-        lockdep_assert_held(&rdev->sched_scan_mtx);
+        ASSERT_RTNL();
 
         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_P2P_DEVICE))
                 return;
@@ -230,18 +204,15 @@ void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev,
         rdev->opencount--;
 
         if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
-                bool busy = work_busy(&rdev->scan_done_wk);
-
                 /*
-                 * If the work isn't pending or running (in which case it would
-                 * be waiting for the lock we hold) the driver didn't properly
-                 * cancel the scan when the interface was removed. In this case
-                 * warn and leak the scan request object to not crash later.
+                 * If the scan request wasn't notified as done, set it
+                 * to aborted and leak it after a warning. The driver
+                 * should have notified us that it ended at the latest
+                 * during rdev_stop_p2p_device().
                  */
-                WARN_ON(!busy);
-
-                rdev->scan_req->aborted = true;
-                ___cfg80211_scan_done(rdev, !busy);
+                if (WARN_ON(!rdev->scan_req->notified))
+                        rdev->scan_req->aborted = true;
+                ___cfg80211_scan_done(rdev, !rdev->scan_req->notified);
         }
 }
 
@@ -255,8 +226,6 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
 
         rtnl_lock();
 
-        /* read-only iteration need not hold the devlist_mtx */
-
         list_for_each_entry(wdev, &rdev->wdev_list, list) {
                 if (wdev->netdev) {
                         dev_close(wdev->netdev);
@@ -265,12 +234,7 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
                 /* otherwise, check iftype */
                 switch (wdev->iftype) {
                 case NL80211_IFTYPE_P2P_DEVICE:
-                        /* but this requires it */
-                        mutex_lock(&rdev->devlist_mtx);
-                        mutex_lock(&rdev->sched_scan_mtx);
                         cfg80211_stop_p2p_device(rdev, wdev);
-                        mutex_unlock(&rdev->sched_scan_mtx);
-                        mutex_unlock(&rdev->devlist_mtx);
                         break;
                 default:
                         break;
@@ -298,10 +262,7 @@ static void cfg80211_event_work(struct work_struct *work)
                             event_work);
 
         rtnl_lock();
-        cfg80211_lock_rdev(rdev);
-
         cfg80211_process_rdev_events(rdev);
-        cfg80211_unlock_rdev(rdev);
         rtnl_unlock();
 }
 
@@ -309,7 +270,7 @@ static void cfg80211_event_work(struct work_struct *work)
 
 struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
 {
-        static int wiphy_counter;
+        static atomic_t wiphy_counter = ATOMIC_INIT(0);
 
         struct cfg80211_registered_device *rdev;
         int alloc_size;
@@ -331,26 +292,18 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
 
         rdev->ops = ops;
 
-        mutex_lock(&cfg80211_mutex);
-
-        rdev->wiphy_idx = wiphy_counter++;
+        rdev->wiphy_idx = atomic_inc_return(&wiphy_counter);
 
         if (unlikely(rdev->wiphy_idx < 0)) {
-                wiphy_counter--;
-                mutex_unlock(&cfg80211_mutex);
                 /* ugh, wrapped! */
+                atomic_dec(&wiphy_counter);
                 kfree(rdev);
                 return NULL;
         }
 
-        mutex_unlock(&cfg80211_mutex);
-
         /* give it a proper name */
         dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx);
 
-        mutex_init(&rdev->mtx);
-        mutex_init(&rdev->devlist_mtx);
-        mutex_init(&rdev->sched_scan_mtx);
         INIT_LIST_HEAD(&rdev->wdev_list);
         INIT_LIST_HEAD(&rdev->beacon_registrations);
         spin_lock_init(&rdev->beacon_registrations_lock);
@@ -598,11 +551,11 @@ int wiphy_register(struct wiphy *wiphy)
         /* check and set up bitrates */
         ieee80211_set_bitrate_flags(wiphy);
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
 
         res = device_add(&rdev->wiphy.dev);
         if (res) {
-                mutex_unlock(&cfg80211_mutex);
+                rtnl_unlock();
                 return res;
         }
 
@@ -631,25 +584,18 @@ int wiphy_register(struct wiphy *wiphy)
         }
 
         cfg80211_debugfs_rdev_add(rdev);
-        mutex_unlock(&cfg80211_mutex);
 
-        /*
-         * due to a locking dependency this has to be outside of the
-         * cfg80211_mutex lock
-         */
         res = rfkill_register(rdev->rfkill);
         if (res) {
                 device_del(&rdev->wiphy.dev);
 
-                mutex_lock(&cfg80211_mutex);
                 debugfs_remove_recursive(rdev->wiphy.debugfsdir);
                 list_del_rcu(&rdev->list);
                 wiphy_regulatory_deregister(wiphy);
-                mutex_unlock(&cfg80211_mutex);
+                rtnl_unlock();
                 return res;
         }
 
-        rtnl_lock();
         rdev->wiphy.registered = true;
         rtnl_unlock();
         return 0;
@@ -679,25 +625,19 @@ void wiphy_unregister(struct wiphy *wiphy)
 {
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
-        rtnl_lock();
-        rdev->wiphy.registered = false;
-        rtnl_unlock();
-
-        rfkill_unregister(rdev->rfkill);
-
-        /* protect the device list */
-        mutex_lock(&cfg80211_mutex);
-
         wait_event(rdev->dev_wait, ({
                 int __count;
-                mutex_lock(&rdev->devlist_mtx);
+                rtnl_lock();
                 __count = rdev->opencount;
-                mutex_unlock(&rdev->devlist_mtx);
+                rtnl_unlock();
                 __count == 0; }));
 
-        mutex_lock(&rdev->devlist_mtx);
+        rtnl_lock();
+        rdev->wiphy.registered = false;
+
+        rfkill_unregister(rdev->rfkill);
+
         BUG_ON(!list_empty(&rdev->wdev_list));
-        mutex_unlock(&rdev->devlist_mtx);
 
         /*
          * First remove the hardware from everywhere, this makes
@@ -708,20 +648,6 @@ void wiphy_unregister(struct wiphy *wiphy)
         synchronize_rcu();
 
         /*
-         * Try to grab rdev->mtx. If a command is still in progress,
-         * hopefully the driver will refuse it since it's tearing
-         * down the device already. We wait for this command to complete
-         * before unlinking the item from the list.
-         * Note: as codified by the BUG_ON above we cannot get here if
-         * a virtual interface is still present. Hence, we can only get
-         * to lock contention here if userspace issues a command that
-         * identified the hardware by wiphy index.
-         */
-        cfg80211_lock_rdev(rdev);
-        /* nothing */
-        cfg80211_unlock_rdev(rdev);
-
-        /*
          * If this device got a regulatory hint tell core its
          * free to listen now to a new shiny device regulatory hint
          */
@@ -730,15 +656,17 @@ void wiphy_unregister(struct wiphy *wiphy)
         cfg80211_rdev_list_generation++;
         device_del(&rdev->wiphy.dev);
 
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 
         flush_work(&rdev->scan_done_wk);
         cancel_work_sync(&rdev->conn_work);
         flush_work(&rdev->event_work);
         cancel_delayed_work_sync(&rdev->dfs_update_channels_wk);
 
-        if (rdev->wowlan && rdev->ops->set_wakeup)
+#ifdef CONFIG_PM
+        if (rdev->wiphy.wowlan_config && rdev->ops->set_wakeup)
                 rdev_set_wakeup(rdev, false);
+#endif
         cfg80211_rdev_free_wowlan(rdev);
 }
 EXPORT_SYMBOL(wiphy_unregister);
@@ -748,9 +676,6 @@ void cfg80211_dev_free(struct cfg80211_registered_device *rdev)
         struct cfg80211_internal_bss *scan, *tmp;
         struct cfg80211_beacon_registration *reg, *treg;
         rfkill_destroy(rdev->rfkill);
-        mutex_destroy(&rdev->mtx);
-        mutex_destroy(&rdev->devlist_mtx);
-        mutex_destroy(&rdev->sched_scan_mtx);
         list_for_each_entry_safe(reg, treg, &rdev->beacon_registrations, list) {
                 list_del(&reg->list);
                 kfree(reg);
@@ -775,36 +700,6 @@ void wiphy_rfkill_set_hw_state(struct wiphy *wiphy, bool blocked)
 }
 EXPORT_SYMBOL(wiphy_rfkill_set_hw_state);
 
-static void wdev_cleanup_work(struct work_struct *work)
-{
-        struct wireless_dev *wdev;
-        struct cfg80211_registered_device *rdev;
-
-        wdev = container_of(work, struct wireless_dev, cleanup_work);
-        rdev = wiphy_to_dev(wdev->wiphy);
-
-        mutex_lock(&rdev->sched_scan_mtx);
-
-        if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
-                rdev->scan_req->aborted = true;
-                ___cfg80211_scan_done(rdev, true);
-        }
-
-        if (WARN_ON(rdev->sched_scan_req &&
-                    rdev->sched_scan_req->dev == wdev->netdev)) {
-                __cfg80211_stop_sched_scan(rdev, false);
-        }
-
-        mutex_unlock(&rdev->sched_scan_mtx);
-
-        mutex_lock(&rdev->devlist_mtx);
-        rdev->opencount--;
-        mutex_unlock(&rdev->devlist_mtx);
-        wake_up(&rdev->dev_wait);
-
-        dev_put(wdev->netdev);
-}
-
 void cfg80211_unregister_wdev(struct wireless_dev *wdev)
 {
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
@@ -814,8 +709,6 @@ void cfg80211_unregister_wdev(struct wireless_dev *wdev)
         if (WARN_ON(wdev->netdev))
                 return;
 
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
         list_del_rcu(&wdev->list);
         rdev->devlist_generation++;
 
@@ -827,8 +720,6 @@ void cfg80211_unregister_wdev(struct wireless_dev *wdev)
                 WARN_ON_ONCE(1);
                 break;
         }
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
 }
 EXPORT_SYMBOL(cfg80211_unregister_wdev);
 
@@ -847,7 +738,7 @@ void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev,
 }
 
 void cfg80211_leave(struct cfg80211_registered_device *rdev,
-                   struct wireless_dev *wdev)
+                    struct wireless_dev *wdev)
 {
         struct net_device *dev = wdev->netdev;
 
@@ -857,9 +748,7 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev,
                 break;
         case NL80211_IFTYPE_P2P_CLIENT:
         case NL80211_IFTYPE_STATION:
-                mutex_lock(&rdev->sched_scan_mtx);
                 __cfg80211_stop_sched_scan(rdev, false);
-                mutex_unlock(&rdev->sched_scan_mtx);
 
                 wdev_lock(wdev);
 #ifdef CONFIG_CFG80211_WEXT
@@ -868,8 +757,8 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev,
                 wdev->wext.ie_len = 0;
                 wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
 #endif
-                __cfg80211_disconnect(rdev, dev,
-                                      WLAN_REASON_DEAUTH_LEAVING, true);
+                cfg80211_disconnect(rdev, dev,
+                                    WLAN_REASON_DEAUTH_LEAVING, true);
                 wdev_unlock(wdev);
                 break;
         case NL80211_IFTYPE_MESH_POINT:
@@ -911,13 +800,11 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                  * are added with nl80211.
                  */
                 mutex_init(&wdev->mtx);
-                INIT_WORK(&wdev->cleanup_work, wdev_cleanup_work);
                 INIT_LIST_HEAD(&wdev->event_list);
                 spin_lock_init(&wdev->event_lock);
                 INIT_LIST_HEAD(&wdev->mgmt_registrations);
                 spin_lock_init(&wdev->mgmt_registrations_lock);
 
-                mutex_lock(&rdev->devlist_mtx);
                 wdev->identifier = ++rdev->wdev_id;
                 list_add_rcu(&wdev->list, &rdev->wdev_list);
                 rdev->devlist_generation++;
@@ -930,7 +817,6 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                 }
                 wdev->netdev = dev;
                 wdev->sme_state = CFG80211_SME_IDLE;
-                mutex_unlock(&rdev->devlist_mtx);
 #ifdef CONFIG_CFG80211_WEXT
                 wdev->wext.default_key = -1;
                 wdev->wext.default_mgmt_key = -1;
@@ -956,26 +842,22 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                 break;
         case NETDEV_DOWN:
                 cfg80211_update_iface_num(rdev, wdev->iftype, -1);
-                dev_hold(dev);
-                queue_work(cfg80211_wq, &wdev->cleanup_work);
+                if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
+                        if (WARN_ON(!rdev->scan_req->notified))
+                                rdev->scan_req->aborted = true;
+                        ___cfg80211_scan_done(rdev, true);
+                }
+
+                if (WARN_ON(rdev->sched_scan_req &&
+                            rdev->sched_scan_req->dev == wdev->netdev)) {
+                        __cfg80211_stop_sched_scan(rdev, false);
+                }
+
+                rdev->opencount--;
+                wake_up(&rdev->dev_wait);
                 break;
         case NETDEV_UP:
-                /*
-                 * If we have a really quick DOWN/UP succession we may
-                 * have this work still pending ... cancel it and see
-                 * if it was pending, in which case we need to account
-                 * for some of the work it would have done.
-                 */
-                if (cancel_work_sync(&wdev->cleanup_work)) {
-                        mutex_lock(&rdev->devlist_mtx);
-                        rdev->opencount--;
-                        mutex_unlock(&rdev->devlist_mtx);
-                        dev_put(dev);
-                }
                 cfg80211_update_iface_num(rdev, wdev->iftype, 1);
-                cfg80211_lock_rdev(rdev);
-                mutex_lock(&rdev->devlist_mtx);
-                mutex_lock(&rdev->sched_scan_mtx);
                 wdev_lock(wdev);
                 switch (wdev->iftype) {
 #ifdef CONFIG_CFG80211_WEXT
@@ -1007,10 +889,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                         break;
                 }
                 wdev_unlock(wdev);
-                mutex_unlock(&rdev->sched_scan_mtx);
                 rdev->opencount++;
-                mutex_unlock(&rdev->devlist_mtx);
-                cfg80211_unlock_rdev(rdev);
 
                 /*
                  * Configure power management to the driver here so that its
@@ -1027,12 +906,6 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                 break;
         case NETDEV_UNREGISTER:
                 /*
-                 * NB: cannot take rdev->mtx here because this may be
-                 * called within code protected by it when interfaces
-                 * are removed with nl80211.
-                 */
-                mutex_lock(&rdev->devlist_mtx);
-                /*
                  * It is possible to get NETDEV_UNREGISTER
                  * multiple times. To detect that, check
                  * that the interface is still on the list
@@ -1048,7 +921,6 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                         kfree(wdev->wext.keys);
 #endif
                 }
-                mutex_unlock(&rdev->devlist_mtx);
                 /*
                  * synchronise (so that we won't find this netdev
                  * from other code any more) and then clear the list
@@ -1068,9 +940,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                         return notifier_from_errno(-EOPNOTSUPP);
                 if (rfkill_blocked(rdev->rfkill))
                         return notifier_from_errno(-ERFKILL);
-                mutex_lock(&rdev->devlist_mtx);
                 ret = cfg80211_can_add_interface(rdev, wdev->iftype);
-                mutex_unlock(&rdev->devlist_mtx);
                 if (ret)
                         return notifier_from_errno(ret);
                 break;
@@ -1088,12 +958,10 @@ static void __net_exit cfg80211_pernet_exit(struct net *net)
         struct cfg80211_registered_device *rdev;
 
         rtnl_lock();
-        mutex_lock(&cfg80211_mutex);
         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
                 if (net_eq(wiphy_net(&rdev->wiphy), net))
                         WARN_ON(cfg80211_switch_netns(rdev, &init_net));
         }
-        mutex_unlock(&cfg80211_mutex);
         rtnl_unlock();
 }
 
diff --git a/net/wireless/core.h b/net/wireless/core.h
index fd35dae547c4..a65eaf8a84c1 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -5,7 +5,6 @@
  */
 #ifndef __NET_WIRELESS_CORE_H
 #define __NET_WIRELESS_CORE_H
-#include <linux/mutex.h>
 #include <linux/list.h>
 #include <linux/netdevice.h>
 #include <linux/rbtree.h>
@@ -23,11 +22,6 @@
 struct cfg80211_registered_device {
         const struct cfg80211_ops *ops;
         struct list_head list;
-        /* we hold this mutex during any call so that
-         * we cannot do multiple calls at once, and also
-         * to avoid the deregister call to proceed while
-         * any call is in progress */
-        struct mutex mtx;
 
         /* rfkill support */
         struct rfkill_ops rfkill_ops;
@@ -49,9 +43,7 @@ struct cfg80211_registered_device {
         /* wiphy index, internal only */
         int wiphy_idx;
 
-        /* associated wireless interfaces */
-        struct mutex devlist_mtx;
-        /* protected by devlist_mtx or RCU */
+        /* associated wireless interfaces, protected by rtnl or RCU */
         struct list_head wdev_list;
         int devlist_generation, wdev_id;
         int opencount; /* also protected by devlist_mtx */
@@ -75,8 +67,6 @@ struct cfg80211_registered_device {
         struct work_struct scan_done_wk;
         struct work_struct sched_scan_results_wk;
 
-        struct mutex sched_scan_mtx;
-
 #ifdef CONFIG_NL80211_TESTMODE
         struct genl_info *testmode_info;
 #endif
@@ -84,8 +74,6 @@ struct cfg80211_registered_device {
         struct work_struct conn_work;
         struct work_struct event_work;
 
-        struct cfg80211_wowlan *wowlan;
-
         struct delayed_work dfs_update_channels_wk;
 
         /* netlink port which started critical protocol (0 means not started) */
@@ -106,29 +94,26 @@ struct cfg80211_registered_device *wiphy_to_dev(struct wiphy *wiphy)
 static inline void
 cfg80211_rdev_free_wowlan(struct cfg80211_registered_device *rdev)
 {
+#ifdef CONFIG_PM
         int i;
 
-        if (!rdev->wowlan)
+        if (!rdev->wiphy.wowlan_config)
                 return;
-        for (i = 0; i < rdev->wowlan->n_patterns; i++)
-                kfree(rdev->wowlan->patterns[i].mask);
-        kfree(rdev->wowlan->patterns);
-        if (rdev->wowlan->tcp && rdev->wowlan->tcp->sock)
-                sock_release(rdev->wowlan->tcp->sock);
-        kfree(rdev->wowlan->tcp);
-        kfree(rdev->wowlan);
+        for (i = 0; i < rdev->wiphy.wowlan_config->n_patterns; i++)
+                kfree(rdev->wiphy.wowlan_config->patterns[i].mask);
+        kfree(rdev->wiphy.wowlan_config->patterns);
+        if (rdev->wiphy.wowlan_config->tcp &&
+            rdev->wiphy.wowlan_config->tcp->sock)
+                sock_release(rdev->wiphy.wowlan_config->tcp->sock);
+        kfree(rdev->wiphy.wowlan_config->tcp);
+        kfree(rdev->wiphy.wowlan_config);
+#endif
 }
 
 extern struct workqueue_struct *cfg80211_wq;
-extern struct mutex cfg80211_mutex;
 extern struct list_head cfg80211_rdev_list;
 extern int cfg80211_rdev_list_generation;
 
-static inline void assert_cfg80211_lock(void)
-{
-        lockdep_assert_held(&cfg80211_mutex);
-}
-
 struct cfg80211_internal_bss {
         struct list_head list;
         struct list_head hidden_list;
@@ -161,27 +146,11 @@ static inline void cfg80211_unhold_bss(struct cfg80211_internal_bss *bss)
 struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx);
 int get_wiphy_idx(struct wiphy *wiphy);
 
-/* requires cfg80211_rdev_mutex to be held! */
 struct wiphy *wiphy_idx_to_wiphy(int wiphy_idx);
 
-/* identical to cfg80211_get_dev_from_info but only operate on ifindex */
-extern struct cfg80211_registered_device *
-cfg80211_get_dev_from_ifindex(struct net *net, int ifindex);
-
 int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
                           struct net *net);
 
-static inline void cfg80211_lock_rdev(struct cfg80211_registered_device *rdev)
-{
-        mutex_lock(&rdev->mtx);
-}
-
-static inline void cfg80211_unlock_rdev(struct cfg80211_registered_device *rdev)
-{
-        BUG_ON(IS_ERR(rdev) || !rdev);
-        mutex_unlock(&rdev->mtx);
-}
-
 static inline void wdev_lock(struct wireless_dev *wdev)
         __acquires(wdev)
 {
@@ -196,7 +165,7 @@ static inline void wdev_unlock(struct wireless_dev *wdev)
         mutex_unlock(&wdev->mtx);
 }
 
-#define ASSERT_RDEV_LOCK(rdev) lockdep_assert_held(&(rdev)->mtx)
+#define ASSERT_RDEV_LOCK(rdev) ASSERT_RTNL()
 #define ASSERT_WDEV_LOCK(wdev) lockdep_assert_held(&(wdev)->mtx)
 
 static inline bool cfg80211_has_monitors_only(struct cfg80211_registered_device *rdev)
@@ -314,38 +283,21 @@ int cfg80211_stop_ap(struct cfg80211_registered_device *rdev,
                      struct net_device *dev);
 
 /* MLME */
-int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
-                         struct net_device *dev,
-                         struct ieee80211_channel *chan,
-                         enum nl80211_auth_type auth_type,
-                         const u8 *bssid,
-                         const u8 *ssid, int ssid_len,
-                         const u8 *ie, int ie_len,
-                         const u8 *key, int key_len, int key_idx,
-                         const u8 *sae_data, int sae_data_len);
 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
-                       struct net_device *dev, struct ieee80211_channel *chan,
-                       enum nl80211_auth_type auth_type, const u8 *bssid,
+                       struct net_device *dev,
+                       struct ieee80211_channel *chan,
+                       enum nl80211_auth_type auth_type,
+                       const u8 *bssid,
                        const u8 *ssid, int ssid_len,
                        const u8 *ie, int ie_len,
                        const u8 *key, int key_len, int key_idx,
                        const u8 *sae_data, int sae_data_len);
-int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
-                          struct net_device *dev,
-                          struct ieee80211_channel *chan,
-                          const u8 *bssid,
-                          const u8 *ssid, int ssid_len,
-                          struct cfg80211_assoc_request *req);
 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
                         struct net_device *dev,
                         struct ieee80211_channel *chan,
                         const u8 *bssid,
                         const u8 *ssid, int ssid_len,
                         struct cfg80211_assoc_request *req);
-int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
-                           struct net_device *dev, const u8 *bssid,
-                           const u8 *ie, int ie_len, u16 reason,
-                           bool local_state_change);
 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
                          struct net_device *dev, const u8 *bssid,
                          const u8 *ie, int ie_len, u16 reason,
@@ -377,18 +329,11 @@ void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
                                 const struct ieee80211_vht_cap *vht_capa_mask);
 
 /* SME */
-int __cfg80211_connect(struct cfg80211_registered_device *rdev,
-                       struct net_device *dev,
-                       struct cfg80211_connect_params *connect,
-                       struct cfg80211_cached_keys *connkeys,
-                       const u8 *prev_bssid);
 int cfg80211_connect(struct cfg80211_registered_device *rdev,
                      struct net_device *dev,
                      struct cfg80211_connect_params *connect,
-                     struct cfg80211_cached_keys *connkeys);
-int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
-                          struct net_device *dev, u16 reason,
-                          bool wextev);
+                     struct cfg80211_cached_keys *connkeys,
+                     const u8 *prev_bssid);
 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
                         struct net_device *dev, u16 reason,
                         bool wextev);
diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c
index 920cabe0461b..90d050036624 100644
--- a/net/wireless/debugfs.c
+++ b/net/wireless/debugfs.c
@@ -74,7 +74,7 @@ static ssize_t ht40allow_map_read(struct file *file,
         if (!buf)
                 return -ENOMEM;
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
 
         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
                 sband = wiphy->bands[band];
@@ -85,7 +85,7 @@ static ssize_t ht40allow_map_read(struct file *file,
                                                 buf, buf_size, offset);
         }
 
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 
         r = simple_read_from_buffer(user_buf, count, ppos, buf, offset);
 
diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index d80e47194d49..5449c5a6de84 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -152,11 +152,11 @@ int cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         int err;
 
-        mutex_lock(&rdev->devlist_mtx);
+        ASSERT_RTNL();
+
         wdev_lock(wdev);
         err = __cfg80211_join_ibss(rdev, dev, params, connkeys);
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
@@ -359,11 +359,9 @@ int cfg80211_ibss_wext_siwfreq(struct net_device *dev,
                 wdev->wext.ibss.channel_fixed = false;
         }
 
-        mutex_lock(&rdev->devlist_mtx);
         wdev_lock(wdev);
         err = cfg80211_ibss_wext_join(rdev, wdev);
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
@@ -429,11 +427,9 @@ int cfg80211_ibss_wext_siwessid(struct net_device *dev,
         memcpy(wdev->wext.ibss.ssid, ssid, len);
         wdev->wext.ibss.ssid_len = len;
 
-        mutex_lock(&rdev->devlist_mtx);
         wdev_lock(wdev);
         err = cfg80211_ibss_wext_join(rdev, wdev);
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
@@ -512,11 +508,9 @@ int cfg80211_ibss_wext_siwap(struct net_device *dev,
         } else
                 wdev->wext.ibss.bssid = NULL;
 
-        mutex_lock(&rdev->devlist_mtx);
         wdev_lock(wdev);
         err = cfg80211_ibss_wext_join(rdev, wdev);
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
diff --git a/net/wireless/mesh.c b/net/wireless/mesh.c
index 0bb93f3061a4..5dfb289ab761 100644
--- a/net/wireless/mesh.c
+++ b/net/wireless/mesh.c
@@ -82,6 +82,7 @@ const struct mesh_setup default_mesh_setup = {
         .sync_method = IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET,
         .path_sel_proto = IEEE80211_PATH_PROTOCOL_HWMP,
         .path_metric = IEEE80211_PATH_METRIC_AIRTIME,
+        .auth_id = 0, /* open */
         .ie = NULL,
         .ie_len = 0,
         .is_secure = false,
@@ -185,11 +186,9 @@ int cfg80211_join_mesh(struct cfg80211_registered_device *rdev,
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         int err;
 
-        mutex_lock(&rdev->devlist_mtx);
         wdev_lock(wdev);
         err = __cfg80211_join_mesh(rdev, dev, setup, conf);
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 0c7b7dd855f6..7bde5d9c0003 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -25,12 +25,9 @@ void cfg80211_send_rx_auth(struct net_device *dev, const u8 *buf, size_t len)
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
         trace_cfg80211_send_rx_auth(dev);
-        wdev_lock(wdev);
 
         nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
         cfg80211_sme_rx_auth(dev, buf, len);
-
-        wdev_unlock(wdev);
 }
 EXPORT_SYMBOL(cfg80211_send_rx_auth);
 
@@ -46,7 +43,6 @@ void cfg80211_send_rx_assoc(struct net_device *dev, struct cfg80211_bss *bss,
         int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
 
         trace_cfg80211_send_rx_assoc(dev, bss);
-        wdev_lock(wdev);
 
         status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
 
@@ -59,7 +55,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, struct cfg80211_bss *bss,
         if (status_code != WLAN_STATUS_SUCCESS && wdev->conn &&
             cfg80211_sme_failed_reassoc(wdev)) {
                 cfg80211_put_bss(wiphy, bss);
-                goto out;
+                return;
         }
 
         nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL);
@@ -71,7 +67,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, struct cfg80211_bss *bss,
                  * sme will schedule work that does it later.
                  */
                 cfg80211_put_bss(wiphy, bss);
-                goto out;
+                return;
         }
 
         if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) {
@@ -87,13 +83,11 @@ void cfg80211_send_rx_assoc(struct net_device *dev, struct cfg80211_bss *bss,
         __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs,
                                   status_code,
                                   status_code == WLAN_STATUS_SUCCESS, bss);
- out:
-        wdev_unlock(wdev);
 }
 EXPORT_SYMBOL(cfg80211_send_rx_assoc);
 
-void __cfg80211_send_deauth(struct net_device *dev,
-                                   const u8 *buf, size_t len)
+void cfg80211_send_deauth(struct net_device *dev,
+                          const u8 *buf, size_t len)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         struct wiphy *wiphy = wdev->wiphy;
@@ -102,7 +96,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
         const u8 *bssid = mgmt->bssid;
         bool was_current = false;
 
-        trace___cfg80211_send_deauth(dev);
+        trace_cfg80211_send_deauth(dev);
         ASSERT_WDEV_LOCK(wdev);
 
         if (wdev->current_bss &&
@@ -129,20 +123,10 @@ void __cfg80211_send_deauth(struct net_device *dev,
                                           false, NULL);
         }
 }
-EXPORT_SYMBOL(__cfg80211_send_deauth);
-
-void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len)
-{
-        struct wireless_dev *wdev = dev->ieee80211_ptr;
-
-        wdev_lock(wdev);
-        __cfg80211_send_deauth(dev, buf, len);
-        wdev_unlock(wdev);
-}
 EXPORT_SYMBOL(cfg80211_send_deauth);
 
-void __cfg80211_send_disassoc(struct net_device *dev,
-                                     const u8 *buf, size_t len)
+void cfg80211_send_disassoc(struct net_device *dev,
+                            const u8 *buf, size_t len)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         struct wiphy *wiphy = wdev->wiphy;
@@ -152,7 +136,7 @@ void __cfg80211_send_disassoc(struct net_device *dev,
         u16 reason_code;
         bool from_ap;
 
-        trace___cfg80211_send_disassoc(dev);
+        trace_cfg80211_send_disassoc(dev);
         ASSERT_WDEV_LOCK(wdev);
 
         nl80211_send_disassoc(rdev, dev, buf, len, GFP_KERNEL);
@@ -175,16 +159,6 @@ void __cfg80211_send_disassoc(struct net_device *dev,
         from_ap = !ether_addr_equal(mgmt->sa, dev->dev_addr);
         __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap);
 }
-EXPORT_SYMBOL(__cfg80211_send_disassoc);
-
-void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len)
-{
-        struct wireless_dev *wdev = dev->ieee80211_ptr;
-
-        wdev_lock(wdev);
-        __cfg80211_send_disassoc(dev, buf, len);
-        wdev_unlock(wdev);
-}
 EXPORT_SYMBOL(cfg80211_send_disassoc);
 
 void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr)
@@ -194,15 +168,12 @@ void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr)
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
         trace_cfg80211_send_auth_timeout(dev, addr);
-        wdev_lock(wdev);
 
         nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
         if (wdev->sme_state == CFG80211_SME_CONNECTING)
                 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
                                           WLAN_STATUS_UNSPECIFIED_FAILURE,
                                           false, NULL);
-
-        wdev_unlock(wdev);
 }
 EXPORT_SYMBOL(cfg80211_send_auth_timeout);
 
@@ -213,15 +184,12 @@ void cfg80211_send_assoc_timeout(struct net_device *dev, const u8 *addr)
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
         trace_cfg80211_send_assoc_timeout(dev, addr);
-        wdev_lock(wdev);
 
         nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL);
         if (wdev->sme_state == CFG80211_SME_CONNECTING)
                 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
                                           WLAN_STATUS_UNSPECIFIED_FAILURE,
                                           false, NULL);
-
-        wdev_unlock(wdev);
 }
 EXPORT_SYMBOL(cfg80211_send_assoc_timeout);
 
@@ -253,18 +221,27 @@ void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
 EXPORT_SYMBOL(cfg80211_michael_mic_failure);
 
 /* some MLME handling for userspace SME */
-int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
-                         struct net_device *dev,
-                         struct ieee80211_channel *chan,
-                         enum nl80211_auth_type auth_type,
-                         const u8 *bssid,
-                         const u8 *ssid, int ssid_len,
-                         const u8 *ie, int ie_len,
-                         const u8 *key, int key_len, int key_idx,
-                         const u8 *sae_data, int sae_data_len)
+int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
+                       struct net_device *dev,
+                       struct ieee80211_channel *chan,
+                       enum nl80211_auth_type auth_type,
+                       const u8 *bssid,
+                       const u8 *ssid, int ssid_len,
+                       const u8 *ie, int ie_len,
+                       const u8 *key, int key_len, int key_idx,
+                       const u8 *sae_data, int sae_data_len)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
-        struct cfg80211_auth_request req;
+        struct cfg80211_auth_request req = {
+                .ie = ie,
+                .ie_len = ie_len,
+                .sae_data = sae_data,
+                .sae_data_len = sae_data_len,
+                .auth_type = auth_type,
+                .key = key,
+                .key_len = key_len,
+                .key_idx = key_idx,
+        };
         int err;
 
         ASSERT_WDEV_LOCK(wdev);
@@ -277,18 +254,8 @@ int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
             ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
                 return -EALREADY;
 
-        memset(&req, 0, sizeof(req));
-
-        req.ie = ie;
-        req.ie_len = ie_len;
-        req.sae_data = sae_data;
-        req.sae_data_len = sae_data_len;
-        req.auth_type = auth_type;
         req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
                                    WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);
-        req.key = key;
-        req.key_len = key_len;
-        req.key_idx = key_idx;
         if (!req.bss)
                 return -ENOENT;
 
@@ -304,28 +271,6 @@ out:
         return err;
 }
 
-int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
-                       struct net_device *dev, struct ieee80211_channel *chan,
-                       enum nl80211_auth_type auth_type, const u8 *bssid,
-                       const u8 *ssid, int ssid_len,
-                       const u8 *ie, int ie_len,
-                       const u8 *key, int key_len, int key_idx,
-                       const u8 *sae_data, int sae_data_len)
-{
-        int err;
-
-        mutex_lock(&rdev->devlist_mtx);
-        wdev_lock(dev->ieee80211_ptr);
-        err = __cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
-                                   ssid, ssid_len, ie, ie_len,
-                                   key, key_len, key_idx,
-                                   sae_data, sae_data_len);
-        wdev_unlock(dev->ieee80211_ptr);
-        mutex_unlock(&rdev->devlist_mtx);
-
-        return err;
-}
-
 /*  Do a logical ht_capa &= ht_capa_mask.  */
 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
                                const struct ieee80211_ht_cap *ht_capa_mask)
@@ -360,12 +305,12 @@ void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
                 p1[i] &= p2[i];
 }
 
-int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
-                          struct net_device *dev,
-                          struct ieee80211_channel *chan,
-                          const u8 *bssid,
-                          const u8 *ssid, int ssid_len,
-                          struct cfg80211_assoc_request *req)
+int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
+                        struct net_device *dev,
+                        struct ieee80211_channel *chan,
+                        const u8 *bssid,
+                        const u8 *ssid, int ssid_len,
+                        struct cfg80211_assoc_request *req)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         int err;
@@ -415,30 +360,10 @@ out:
         return err;
 }
 
-int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
-                        struct net_device *dev,
-                        struct ieee80211_channel *chan,
-                        const u8 *bssid,
-                        const u8 *ssid, int ssid_len,
-                        struct cfg80211_assoc_request *req)
-{
-        struct wireless_dev *wdev = dev->ieee80211_ptr;
-        int err;
-
-        mutex_lock(&rdev->devlist_mtx);
-        wdev_lock(wdev);
-        err = __cfg80211_mlme_assoc(rdev, dev, chan, bssid,
-                                    ssid, ssid_len, req);
-        wdev_unlock(wdev);
-        mutex_unlock(&rdev->devlist_mtx);
-
-        return err;
-}
-
-int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
-                           struct net_device *dev, const u8 *bssid,
-                           const u8 *ie, int ie_len, u16 reason,
-                           bool local_state_change)
+int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
+                         struct net_device *dev, const u8 *bssid,
+                         const u8 *ie, int ie_len, u16 reason,
+                         bool local_state_change)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         struct cfg80211_deauth_request req = {
@@ -458,29 +383,18 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
         return rdev_deauth(rdev, dev, &req);
 }
 
-int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
-                         struct net_device *dev, const u8 *bssid,
-                         const u8 *ie, int ie_len, u16 reason,
-                         bool local_state_change)
-{
-        struct wireless_dev *wdev = dev->ieee80211_ptr;
-        int err;
-
-        wdev_lock(wdev);
-        err = __cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason,
-                                     local_state_change);
-        wdev_unlock(wdev);
-
-        return err;
-}
-
-static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
-                                    struct net_device *dev, const u8 *bssid,
-                                    const u8 *ie, int ie_len, u16 reason,
-                                    bool local_state_change)
+int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
+                           struct net_device *dev, const u8 *bssid,
+                           const u8 *ie, int ie_len, u16 reason,
+                           bool local_state_change)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
-        struct cfg80211_disassoc_request req;
+        struct cfg80211_disassoc_request req = {
+                .reason_code = reason,
+                .local_state_change = local_state_change,
+                .ie = ie,
+                .ie_len = ie_len,
+        };
 
         ASSERT_WDEV_LOCK(wdev);
 
@@ -490,11 +404,6 @@ static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
         if (WARN(!wdev->current_bss, "sme_state=%d\n", wdev->sme_state))
                 return -ENOTCONN;
 
-        memset(&req, 0, sizeof(req));
-        req.reason_code = reason;
-        req.local_state_change = local_state_change;
-        req.ie = ie;
-        req.ie_len = ie_len;
         if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
                 req.bss = &wdev->current_bss->pub;
         else
@@ -503,44 +412,25 @@ static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
         return rdev_disassoc(rdev, dev, &req);
 }
 
-int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
-                           struct net_device *dev, const u8 *bssid,
-                           const u8 *ie, int ie_len, u16 reason,
-                           bool local_state_change)
-{
-        struct wireless_dev *wdev = dev->ieee80211_ptr;
-        int err;
-
-        wdev_lock(wdev);
-        err = __cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason,
-                                       local_state_change);
-        wdev_unlock(wdev);
-
-        return err;
-}
-
 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
                         struct net_device *dev)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
-        struct cfg80211_deauth_request req;
         u8 bssid[ETH_ALEN];
+        struct cfg80211_deauth_request req = {
+                .reason_code = WLAN_REASON_DEAUTH_LEAVING,
+                .bssid = bssid,
+        };
 
         ASSERT_WDEV_LOCK(wdev);
 
         if (!rdev->ops->deauth)
                 return;
 
-        memset(&req, 0, sizeof(req));
-        req.reason_code = WLAN_REASON_DEAUTH_LEAVING;
-        req.ie = NULL;
-        req.ie_len = 0;
-
         if (!wdev->current_bss)
                 return;
 
         memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
-        req.bssid = bssid;
         rdev_deauth(rdev, dev, &req);
 
         if (wdev->current_bss) {
@@ -848,7 +738,7 @@ void cfg80211_dfs_channels_update_work(struct work_struct *work)
                             dfs_update_channels_wk);
         wiphy = &rdev->wiphy;
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
         for (bandid = 0; bandid < IEEE80211_NUM_BANDS; bandid++) {
                 sband = wiphy->bands[bandid];
                 if (!sband)
@@ -881,7 +771,7 @@ void cfg80211_dfs_channels_update_work(struct work_struct *work)
                         check_again = true;
                 }
         }
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 
         /* reschedule if there are other channels waiting to be cleared again */
         if (check_again)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d5aed3bb3945..31d265f36d2c 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -37,10 +37,10 @@ static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
 
 /* the netlink family */
 static struct genl_family nl80211_fam = {
-        .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
-        .name = "nl80211",      /* have users key off the name instead */
-        .hdrsize = 0,           /* no private header */
-        .version = 1,           /* no particular meaning now */
+        .id = GENL_ID_GENERATE,         /* don't bother with a hardcoded ID */
+        .name = NL80211_GENL_NAME,      /* have users key off the name instead */
+        .hdrsize = 0,                   /* no private header */
+        .version = 1,                   /* no particular meaning now */
         .maxattr = NL80211_ATTR_MAX,
         .netnsok = true,
         .pre_doit = nl80211_pre_doit,
@@ -59,7 +59,7 @@ __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
         int wiphy_idx = -1;
         int ifidx = -1;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         if (!have_ifidx && !have_wdev_id)
                 return ERR_PTR(-EINVAL);
@@ -80,7 +80,6 @@ __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
                 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
                         continue;
 
-                mutex_lock(&rdev->devlist_mtx);
                 list_for_each_entry(wdev, &rdev->wdev_list, list) {
                         if (have_ifidx && wdev->netdev &&
                             wdev->netdev->ifindex == ifidx) {
@@ -92,7 +91,6 @@ __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
                                 break;
                         }
                 }
-                mutex_unlock(&rdev->devlist_mtx);
 
                 if (result)
                         break;
@@ -109,7 +107,7 @@ __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
         struct cfg80211_registered_device *rdev = NULL, *tmp;
         struct net_device *netdev;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         if (!attrs[NL80211_ATTR_WIPHY] &&
             !attrs[NL80211_ATTR_IFINDEX] &&
@@ -128,14 +126,12 @@ __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
                 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
                 if (tmp) {
                         /* make sure wdev exists */
-                        mutex_lock(&tmp->devlist_mtx);
                         list_for_each_entry(wdev, &tmp->wdev_list, list) {
                                 if (wdev->identifier != (u32)wdev_id)
                                         continue;
                                 found = true;
                                 break;
                         }
-                        mutex_unlock(&tmp->devlist_mtx);
 
                         if (!found)
                                 tmp = NULL;
@@ -182,19 +178,6 @@ __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
 /*
  * This function returns a pointer to the driver
  * that the genl_info item that is passed refers to.
- * If successful, it returns non-NULL and also locks
- * the driver's mutex!
- *
- * This means that you need to call cfg80211_unlock_rdev()
- * before being allowed to acquire &cfg80211_mutex!
- *
- * This is necessary because we need to lock the global
- * mutex to get an item off the list safely, and then
- * we lock the rdev mutex so it doesn't go away under us.
- *
- * We don't want to keep cfg80211_mutex locked
- * for all the time in order to allow requests on
- * other interfaces to go through at the same time.
  *
  * The result of this can be a PTR_ERR and hence must
  * be checked with IS_ERR() for errors.
@@ -202,20 +185,7 @@ __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
 static struct cfg80211_registered_device *
 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
 {
-        struct cfg80211_registered_device *rdev;
-
-        mutex_lock(&cfg80211_mutex);
-        rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
-
-        /* if it is not an error we grab the lock on
-         * it to assure it won't be going away while
-         * we operate on it */
-        if (!IS_ERR(rdev))
-                mutex_lock(&rdev->mtx);
-
-        mutex_unlock(&cfg80211_mutex);
-
-        return rdev;
+        return __cfg80211_rdev_from_attrs(netns, info->attrs);
 }
 
 /* policy for the attributes */
@@ -378,6 +348,7 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
         [NL80211_ATTR_MDID] = { .type = NLA_U16 },
         [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
                                   .len = IEEE80211_MAX_DATA_LEN },
+        [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
 };
 
 /* policy for the key attributes */
@@ -455,7 +426,6 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
         int err;
 
         rtnl_lock();
-        mutex_lock(&cfg80211_mutex);
 
         if (!cb->args[0]) {
                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
@@ -484,14 +454,12 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
                 *rdev = wiphy_to_dev(wiphy);
                 *wdev = NULL;
 
-                mutex_lock(&(*rdev)->devlist_mtx);
                 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
                         if (tmp->identifier == cb->args[1]) {
                                 *wdev = tmp;
                                 break;
                         }
                 }
-                mutex_unlock(&(*rdev)->devlist_mtx);
 
                 if (!*wdev) {
                         err = -ENODEV;
@@ -499,19 +467,14 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
                 }
         }
 
-        cfg80211_lock_rdev(*rdev);
-
-        mutex_unlock(&cfg80211_mutex);
         return 0;
  out_unlock:
-        mutex_unlock(&cfg80211_mutex);
         rtnl_unlock();
         return err;
 }
 
 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
 {
-        cfg80211_unlock_rdev(rdev);
         rtnl_unlock();
 }
 
@@ -1567,7 +1530,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
         struct nlattr **tb = nl80211_fam.attrbuf;
         int res;
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
                           tb, nl80211_fam.maxattr, nl80211_policy);
         if (res == 0) {
@@ -1581,10 +1544,8 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                         int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
 
                         netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
-                        if (!netdev) {
-                                mutex_unlock(&cfg80211_mutex);
+                        if (!netdev)
                                 return -ENODEV;
-                        }
                         if (netdev->ieee80211_ptr) {
                                 dev = wiphy_to_dev(
                                         netdev->ieee80211_ptr->wiphy);
@@ -1628,7 +1589,6 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                                     !skb->len &&
                                     cb->min_dump_alloc < 4096) {
                                         cb->min_dump_alloc = 4096;
-                                        mutex_unlock(&cfg80211_mutex);
                                         return 1;
                                 }
                                 idx--;
@@ -1637,7 +1597,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                 } while (cb->args[1] > 0);
                 break;
         }
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 
         cb->args[0] = idx;
 
@@ -1792,7 +1752,6 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
         if (result)
                 return result;
 
-        mutex_lock(&rdev->devlist_mtx);
         switch (iftype) {
         case NL80211_IFTYPE_AP:
         case NL80211_IFTYPE_P2P_GO:
@@ -1816,7 +1775,6 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
         default:
                 result = -EINVAL;
         }
-        mutex_unlock(&rdev->devlist_mtx);
 
         return result;
 }
@@ -1865,6 +1823,8 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
         u32 frag_threshold = 0, rts_threshold = 0;
         u8 coverage_class = 0;
 
+        ASSERT_RTNL();
+
         /*
          * Try to find the wiphy and netdev. Normally this
          * function shouldn't need the netdev, but this is
@@ -1874,31 +1834,25 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
          * also passed a netdev to set_wiphy, so that it is
          * possible to let that go to the right netdev!
          */
-        mutex_lock(&cfg80211_mutex);
 
         if (info->attrs[NL80211_ATTR_IFINDEX]) {
                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
 
                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
-                if (netdev && netdev->ieee80211_ptr) {
+                if (netdev && netdev->ieee80211_ptr)
                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
-                        mutex_lock(&rdev->mtx);
-                } else
+                else
                         netdev = NULL;
         }
 
         if (!netdev) {
                 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
                                                   info->attrs);
-                if (IS_ERR(rdev)) {
-                        mutex_unlock(&cfg80211_mutex);
+                if (IS_ERR(rdev))
                         return PTR_ERR(rdev);
-                }
                 wdev = NULL;
                 netdev = NULL;
                 result = 0;
-
-                mutex_lock(&rdev->mtx);
         } else
                 wdev = netdev->ieee80211_ptr;
 
@@ -1911,8 +1865,6 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
                 result = cfg80211_dev_rename(
                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
 
-        mutex_unlock(&cfg80211_mutex);
-
         if (result)
                 goto bad_res;
 
@@ -2119,7 +2071,6 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
         }
 
  bad_res:
-        mutex_unlock(&rdev->mtx);
         if (netdev)
                 dev_put(netdev);
         return result;
@@ -2217,7 +2168,7 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
         struct cfg80211_registered_device *rdev;
         struct wireless_dev *wdev;
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
                         continue;
@@ -2227,7 +2178,6 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
                 }
                 if_idx = 0;
 
-                mutex_lock(&rdev->devlist_mtx);
                 list_for_each_entry(wdev, &rdev->wdev_list, list) {
                         if (if_idx < if_start) {
                                 if_idx++;
@@ -2236,17 +2186,15 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
                                                rdev, wdev) < 0) {
-                                mutex_unlock(&rdev->devlist_mtx);
                                 goto out;
                         }
                         if_idx++;
                 }
-                mutex_unlock(&rdev->devlist_mtx);
 
                 wp_idx++;
         }
  out:
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 
         cb->args[0] = wp_idx;
         cb->args[1] = if_idx;
@@ -2279,6 +2227,7 @@ static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
+        [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
 };
 
 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
@@ -2390,6 +2339,10 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
                 change = true;
         }
 
+        if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) &&
+            !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
+                return -EOPNOTSUPP;
+
         if (change)
                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
         else
@@ -2447,6 +2400,11 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
                                   &flags);
+
+        if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) &&
+            !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
+                return -EOPNOTSUPP;
+
         wdev = rdev_add_virtual_intf(rdev,
                                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
                                 type, err ? NULL : &flags, &params);
@@ -2479,11 +2437,9 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
                 INIT_LIST_HEAD(&wdev->mgmt_registrations);
                 spin_lock_init(&wdev->mgmt_registrations_lock);
 
-                mutex_lock(&rdev->devlist_mtx);
                 wdev->identifier = ++rdev->wdev_id;
                 list_add_rcu(&wdev->list, &rdev->wdev_list);
                 rdev->devlist_generation++;
-                mutex_unlock(&rdev->devlist_mtx);
                 break;
         default:
                 break;
@@ -2992,8 +2948,6 @@ static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
         struct wireless_dev *wdev;
         bool ret = false;
 
-        mutex_lock(&rdev->devlist_mtx);
-
         list_for_each_entry(wdev, &rdev->wdev_list, list) {
                 if (wdev->iftype != NL80211_IFTYPE_AP &&
                     wdev->iftype != NL80211_IFTYPE_P2P_GO)
@@ -3007,8 +2961,6 @@ static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
                 break;
         }
 
-        mutex_unlock(&rdev->devlist_mtx);
-
         return ret;
 }
 
@@ -3170,13 +3122,10 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
                 params.radar_required = true;
         }
 
-        mutex_lock(&rdev->devlist_mtx);
         err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
                                            params.chandef.chan,
                                            CHAN_MODE_SHARED,
                                            radar_detect_width);
-        mutex_unlock(&rdev->devlist_mtx);
-
         if (err)
                 return err;
 
@@ -3376,6 +3325,32 @@ static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
         return true;
 }
 
+static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
+                               int id)
+{
+        void *attr;
+        int i = 0;
+
+        if (!mask)
+                return true;
+
+        attr = nla_nest_start(msg, id);
+        if (!attr)
+                return false;
+
+        for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
+                if (!(mask & BIT(i)))
+                        continue;
+
+                if (nla_put_u8(msg, i, signal[i]))
+                        return false;
+        }
+
+        nla_nest_end(msg, attr);
+
+        return true;
+}
+
 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
                                 int flags,
                                 struct cfg80211_registered_device *rdev,
@@ -3447,6 +3422,18 @@ static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
         default:
                 break;
         }
+        if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
+                if (!nl80211_put_signal(msg, sinfo->chains,
+                                        sinfo->chain_signal,
+                                        NL80211_STA_INFO_CHAIN_SIGNAL))
+                        goto nla_put_failure;
+        }
+        if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
+                if (!nl80211_put_signal(msg, sinfo->chains,
+                                        sinfo->chain_signal_avg,
+                                        NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
+                        goto nla_put_failure;
+        }
         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
                                           NL80211_STA_INFO_TX_BITRATE))
@@ -3834,6 +3821,8 @@ static int nl80211_set_station_tdls(struct genl_info *info,
                                     struct station_parameters *params)
 {
         /* Dummy STA entry gets updated once the peer capabilities are known */
+        if (info->attrs[NL80211_ATTR_PEER_AID])
+                params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
                 params->ht_capa =
                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
@@ -3974,7 +3963,8 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
                 return -EINVAL;
 
-        if (!info->attrs[NL80211_ATTR_STA_AID])
+        if (!info->attrs[NL80211_ATTR_STA_AID] &&
+            !info->attrs[NL80211_ATTR_PEER_AID])
                 return -EINVAL;
 
         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
@@ -3985,7 +3975,10 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
         params.listen_interval =
                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
 
-        params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
+        if (info->attrs[NL80211_ATTR_STA_AID])
+                params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
+        else
+                params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
         if (!params.aid || params.aid > IEEE80211_MAX_AID)
                 return -EINVAL;
 
@@ -4634,6 +4627,7 @@ static const struct nla_policy
         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
+        [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
         [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
                                     .len = IEEE80211_MAX_DATA_LEN },
@@ -4819,6 +4813,13 @@ static int nl80211_parse_mesh_setup(struct genl_info *info,
         if (setup->is_secure)
                 setup->user_mpm = true;
 
+        if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
+                if (!setup->user_mpm)
+                        return -EINVAL;
+                setup->auth_id =
+                        nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
+        }
+
         return 0;
 }
 
@@ -4861,18 +4862,13 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
         void *hdr = NULL;
         struct nlattr *nl_reg_rules;
         unsigned int i;
-        int err = -EINVAL;
-
-        mutex_lock(&cfg80211_mutex);
 
         if (!cfg80211_regdomain)
-                goto out;
+                return -EINVAL;
 
         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-        if (!msg) {
-                err = -ENOBUFS;
-                goto out;
-        }
+        if (!msg)
+                return -ENOBUFS;
 
         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
                              NL80211_CMD_GET_REG);
@@ -4931,8 +4927,7 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
         nla_nest_end(msg, nl_reg_rules);
 
         genlmsg_end(msg, hdr);
-        err = genlmsg_reply(msg, info);
-        goto out;
+        return genlmsg_reply(msg, info);
 
 nla_put_failure_rcu:
         rcu_read_unlock();
@@ -4940,10 +4935,7 @@ nla_put_failure:
         genlmsg_cancel(msg, hdr);
 put_failure:
         nlmsg_free(msg);
-        err = -EMSGSIZE;
-out:
-        mutex_unlock(&cfg80211_mutex);
-        return err;
+        return -EMSGSIZE;
 }
 
 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
@@ -5009,12 +5001,9 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
                 }
         }
 
-        mutex_lock(&cfg80211_mutex);
-
         r = set_regdom(rd);
         /* set_regdom took ownership */
         rd = NULL;
-        mutex_unlock(&cfg80211_mutex);
 
  bad_reg:
         kfree(rd);
@@ -5064,7 +5053,6 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
         if (!rdev->ops->scan)
                 return -EOPNOTSUPP;
 
-        mutex_lock(&rdev->sched_scan_mtx);
         if (rdev->scan_req) {
                 err = -EBUSY;
                 goto unlock;
@@ -5250,7 +5238,6 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
         }
 
  unlock:
-        mutex_unlock(&rdev->sched_scan_mtx);
         return err;
 }
 
@@ -5322,8 +5309,6 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
         if (ie_len > wiphy->max_sched_scan_ie_len)
                 return -EINVAL;
 
-        mutex_lock(&rdev->sched_scan_mtx);
-
         if (rdev->sched_scan_req) {
                 err = -EINPROGRESS;
                 goto out;
@@ -5491,7 +5476,6 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
 out_free:
         kfree(request);
 out:
-        mutex_unlock(&rdev->sched_scan_mtx);
         return err;
 }
 
@@ -5499,17 +5483,12 @@ static int nl80211_stop_sched_scan(struct sk_buff *skb,
                                    struct genl_info *info)
 {
         struct cfg80211_registered_device *rdev = info->user_ptr[0];
-        int err;
 
         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
             !rdev->ops->sched_scan_stop)
                 return -EOPNOTSUPP;
 
-        mutex_lock(&rdev->sched_scan_mtx);
-        err = __cfg80211_stop_sched_scan(rdev, false);
-        mutex_unlock(&rdev->sched_scan_mtx);
-
-        return err;
+        return __cfg80211_stop_sched_scan(rdev, false);
 }
 
 static int nl80211_start_radar_detection(struct sk_buff *skb,
@@ -5541,12 +5520,11 @@ static int nl80211_start_radar_detection(struct sk_buff *skb,
         if (!rdev->ops->start_radar_detection)
                 return -EOPNOTSUPP;
 
-        mutex_lock(&rdev->devlist_mtx);
         err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
                                            chandef.chan, CHAN_MODE_SHARED,
                                            BIT(chandef.width));
         if (err)
-                goto err_locked;
+                return err;
 
         err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
         if (!err) {
@@ -5554,9 +5532,6 @@ static int nl80211_start_radar_detection(struct sk_buff *skb,
                 wdev->cac_started = true;
                 wdev->cac_start_time = jiffies;
         }
-err_locked:
-        mutex_unlock(&rdev->devlist_mtx);
-
         return err;
 }
 
@@ -5939,10 +5914,13 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
         if (local_state_change)
                 return 0;
 
-        return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
-                                  ssid, ssid_len, ie, ie_len,
-                                  key.p.key, key.p.key_len, key.idx,
-                                  sae_data, sae_data_len);
+        wdev_lock(dev->ieee80211_ptr);
+        err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
+                                 ssid, ssid_len, ie, ie_len,
+                                 key.p.key, key.p.key_len, key.idx,
+                                 sae_data, sae_data_len);
+        wdev_unlock(dev->ieee80211_ptr);
+        return err;
 }
 
 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
@@ -6109,9 +6087,12 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
         }
 
         err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
-        if (!err)
+        if (!err) {
+                wdev_lock(dev->ieee80211_ptr);
                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
                                           ssid, ssid_len, &req);
+                wdev_unlock(dev->ieee80211_ptr);
+        }
 
         return err;
 }
@@ -6121,7 +6102,7 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
         struct cfg80211_registered_device *rdev = info->user_ptr[0];
         struct net_device *dev = info->user_ptr[1];
         const u8 *ie = NULL, *bssid;
-        int ie_len = 0;
+        int ie_len = 0, err;
         u16 reason_code;
         bool local_state_change;
 
@@ -6156,8 +6137,11 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
 
         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
 
-        return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
-                                    local_state_change);
+        wdev_lock(dev->ieee80211_ptr);
+        err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
+                                   local_state_change);
+        wdev_unlock(dev->ieee80211_ptr);
+        return err;
 }
 
 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
@@ -6165,7 +6149,7 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
         struct cfg80211_registered_device *rdev = info->user_ptr[0];
         struct net_device *dev = info->user_ptr[1];
         const u8 *ie = NULL, *bssid;
-        int ie_len = 0;
+        int ie_len = 0, err;
         u16 reason_code;
         bool local_state_change;
 
@@ -6200,8 +6184,11 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
 
         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
 
-        return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
-                                      local_state_change);
+        wdev_lock(dev->ieee80211_ptr);
+        err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
+                                     local_state_change);
+        wdev_unlock(dev->ieee80211_ptr);
+        return err;
 }
 
 static bool
@@ -6419,6 +6406,8 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
         void *data = NULL;
         int data_len = 0;
 
+        rtnl_lock();
+
         if (cb->args[0]) {
                 /*
                  * 0 is a valid index, but not valid for args[0],
@@ -6430,18 +6419,16 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
                                   nl80211_policy);
                 if (err)
-                        return err;
+                        goto out_err;
 
-                mutex_lock(&cfg80211_mutex);
                 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
                                                   nl80211_fam.attrbuf);
                 if (IS_ERR(rdev)) {
-                        mutex_unlock(&cfg80211_mutex);
-                        return PTR_ERR(rdev);
+                        err = PTR_ERR(rdev);
+                        goto out_err;
                 }
                 phy_idx = rdev->wiphy_idx;
                 rdev = NULL;
-                mutex_unlock(&cfg80211_mutex);
 
                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
                         cb->args[1] =
@@ -6453,14 +6440,11 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
                 data_len = nla_len((void *)cb->args[1]);
         }
 
-        mutex_lock(&cfg80211_mutex);
         rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
         if (!rdev) {
-                mutex_unlock(&cfg80211_mutex);
-                return -ENOENT;
+                err = -ENOENT;
+                goto out_err;
         }
-        cfg80211_lock_rdev(rdev);
-        mutex_unlock(&cfg80211_mutex);
 
         if (!rdev->ops->testmode_dump) {
                 err = -EOPNOTSUPP;
@@ -6501,7 +6485,7 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
         /* see above */
         cb->args[0] = phy_idx + 1;
  out_err:
-        cfg80211_unlock_rdev(rdev);
+        rtnl_unlock();
         return err;
 }
 
@@ -6709,7 +6693,9 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
                        sizeof(connect.vht_capa));
         }
 
-        err = cfg80211_connect(rdev, dev, &connect, connkeys);
+        wdev_lock(dev->ieee80211_ptr);
+        err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
+        wdev_unlock(dev->ieee80211_ptr);
         if (err)
                 kfree(connkeys);
         return err;
@@ -6720,6 +6706,7 @@ static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
         struct cfg80211_registered_device *rdev = info->user_ptr[0];
         struct net_device *dev = info->user_ptr[1];
         u16 reason;
+        int ret;
 
         if (!info->attrs[NL80211_ATTR_REASON_CODE])
                 reason = WLAN_REASON_DEAUTH_LEAVING;
@@ -6733,7 +6720,10 @@ static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
                 return -EOPNOTSUPP;
 
-        return cfg80211_disconnect(rdev, dev, reason, true);
+        wdev_lock(dev->ieee80211_ptr);
+        ret = cfg80211_disconnect(rdev, dev, reason, true);
+        wdev_unlock(dev->ieee80211_ptr);
+        return ret;
 }
 
 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
@@ -7509,28 +7499,29 @@ static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
                                         struct cfg80211_registered_device *rdev)
 {
+        struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
         struct nlattr *nl_pats, *nl_pat;
         int i, pat_len;
 
-        if (!rdev->wowlan->n_patterns)
+        if (!wowlan->n_patterns)
                 return 0;
 
         nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
         if (!nl_pats)
                 return -ENOBUFS;
 
-        for (i = 0; i < rdev->wowlan->n_patterns; i++) {
+        for (i = 0; i < wowlan->n_patterns; i++) {
                 nl_pat = nla_nest_start(msg, i + 1);
                 if (!nl_pat)
                         return -ENOBUFS;
-                pat_len = rdev->wowlan->patterns[i].pattern_len;
+                pat_len = wowlan->patterns[i].pattern_len;
                 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
                             DIV_ROUND_UP(pat_len, 8),
-                            rdev->wowlan->patterns[i].mask) ||
+                            wowlan->patterns[i].mask) ||
                     nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
-                            pat_len, rdev->wowlan->patterns[i].pattern) ||
+                            pat_len, wowlan->patterns[i].pattern) ||
                     nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
-                                rdev->wowlan->patterns[i].pkt_offset))
+                                wowlan->patterns[i].pkt_offset))
                         return -ENOBUFS;
                 nla_nest_end(msg, nl_pat);
         }
@@ -7593,12 +7584,12 @@ static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
             !rdev->wiphy.wowlan.tcp)
                 return -EOPNOTSUPP;
 
-        if (rdev->wowlan && rdev->wowlan->tcp) {
+        if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
                 /* adjust size to have room for all the data */
-                size += rdev->wowlan->tcp->tokens_size +
-                        rdev->wowlan->tcp->payload_len +
-                        rdev->wowlan->tcp->wake_len +
-                        rdev->wowlan->tcp->wake_len / 8;
+                size += rdev->wiphy.wowlan_config->tcp->tokens_size +
+                        rdev->wiphy.wowlan_config->tcp->payload_len +
+                        rdev->wiphy.wowlan_config->tcp->wake_len +
+                        rdev->wiphy.wowlan_config->tcp->wake_len / 8;
         }
 
         msg = nlmsg_new(size, GFP_KERNEL);
@@ -7610,33 +7601,34 @@ static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
         if (!hdr)
                 goto nla_put_failure;
 
-        if (rdev->wowlan) {
+        if (rdev->wiphy.wowlan_config) {
                 struct nlattr *nl_wowlan;
 
                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
                 if (!nl_wowlan)
                         goto nla_put_failure;
 
-                if ((rdev->wowlan->any &&
+                if ((rdev->wiphy.wowlan_config->any &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
-                    (rdev->wowlan->disconnect &&
+                    (rdev->wiphy.wowlan_config->disconnect &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
-                    (rdev->wowlan->magic_pkt &&
+                    (rdev->wiphy.wowlan_config->magic_pkt &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
-                    (rdev->wowlan->gtk_rekey_failure &&
+                    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
-                    (rdev->wowlan->eap_identity_req &&
+                    (rdev->wiphy.wowlan_config->eap_identity_req &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
-                    (rdev->wowlan->four_way_handshake &&
+                    (rdev->wiphy.wowlan_config->four_way_handshake &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
-                    (rdev->wowlan->rfkill_release &&
+                    (rdev->wiphy.wowlan_config->rfkill_release &&
                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
                         goto nla_put_failure;
 
                 if (nl80211_send_wowlan_patterns(msg, rdev))
                         goto nla_put_failure;
 
-                if (nl80211_send_wowlan_tcp(msg, rdev->wowlan->tcp))
+                if (nl80211_send_wowlan_tcp(msg,
+                                            rdev->wiphy.wowlan_config->tcp))
                         goto nla_put_failure;
 
                 nla_nest_end(msg, nl_wowlan);
@@ -7803,7 +7795,7 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
         struct cfg80211_wowlan *ntrig;
         struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
         int err, i;
-        bool prev_enabled = rdev->wowlan;
+        bool prev_enabled = rdev->wiphy.wowlan_config;
 
         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns &&
             !rdev->wiphy.wowlan.tcp)
@@ -7811,7 +7803,7 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
 
         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
                 cfg80211_rdev_free_wowlan(rdev);
-                rdev->wowlan = NULL;
+                rdev->wiphy.wowlan_config = NULL;
                 goto set_wakeup;
         }
 
@@ -7947,11 +7939,12 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
                 goto error;
         }
         cfg80211_rdev_free_wowlan(rdev);
-        rdev->wowlan = ntrig;
+        rdev->wiphy.wowlan_config = ntrig;
 
  set_wakeup:
-        if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
-                rdev_set_wakeup(rdev, rdev->wowlan);
+        if (rdev->ops->set_wakeup &&
+            prev_enabled != !!rdev->wiphy.wowlan_config)
+                rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
 
         return 0;
  error:
@@ -8136,9 +8129,7 @@ static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
         if (wdev->p2p_started)
                 return 0;
 
-        mutex_lock(&rdev->devlist_mtx);
         err = cfg80211_can_add_interface(rdev, wdev->iftype);
-        mutex_unlock(&rdev->devlist_mtx);
         if (err)
                 return err;
 
@@ -8147,9 +8138,7 @@ static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
                 return err;
 
         wdev->p2p_started = true;
-        mutex_lock(&rdev->devlist_mtx);
         rdev->opencount++;
-        mutex_unlock(&rdev->devlist_mtx);
 
         return 0;
 }
@@ -8165,11 +8154,7 @@ static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
         if (!rdev->ops->stop_p2p_device)
                 return -EOPNOTSUPP;
 
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
         cfg80211_stop_p2p_device(rdev, wdev);
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return 0;
 }
@@ -8312,11 +8297,11 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
                 info->user_ptr[0] = rdev;
         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
                    ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
-                mutex_lock(&cfg80211_mutex);
+                ASSERT_RTNL();
+
                 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
                                                   info->attrs);
                 if (IS_ERR(wdev)) {
-                        mutex_unlock(&cfg80211_mutex);
                         if (rtnl)
                                 rtnl_unlock();
                         return PTR_ERR(wdev);
@@ -8327,7 +8312,6 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
 
                 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
                         if (!dev) {
-                                mutex_unlock(&cfg80211_mutex);
                                 if (rtnl)
                                         rtnl_unlock();
                                 return -EINVAL;
@@ -8341,7 +8325,6 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
                 if (dev) {
                         if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
                             !netif_running(dev)) {
-                                mutex_unlock(&cfg80211_mutex);
                                 if (rtnl)
                                         rtnl_unlock();
                                 return -ENETDOWN;
@@ -8350,17 +8333,12 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
                         dev_hold(dev);
                 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
                         if (!wdev->p2p_started) {
-                                mutex_unlock(&cfg80211_mutex);
                                 if (rtnl)
                                         rtnl_unlock();
                                 return -ENETDOWN;
                         }
                 }
 
-                cfg80211_lock_rdev(rdev);
-
-                mutex_unlock(&cfg80211_mutex);
-
                 info->user_ptr[0] = rdev;
         }
 
@@ -8370,8 +8348,6 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
                               struct genl_info *info)
 {
-        if (info->user_ptr[0])
-                cfg80211_unlock_rdev(info->user_ptr[0]);
         if (info->user_ptr[1]) {
                 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
                         struct wireless_dev *wdev = info->user_ptr[1];
@@ -8393,7 +8369,8 @@ static struct genl_ops nl80211_ops[] = {
                 .dumpit = nl80211_dump_wiphy,
                 .policy = nl80211_policy,
                 /* can be retrieved by unprivileged users */
-                .internal_flags = NL80211_FLAG_NEED_WIPHY,
+                .internal_flags = NL80211_FLAG_NEED_WIPHY |
+                                  NL80211_FLAG_NEED_RTNL,
         },
         {
                 .cmd = NL80211_CMD_SET_WIPHY,
@@ -8408,7 +8385,8 @@ static struct genl_ops nl80211_ops[] = {
                 .dumpit = nl80211_dump_interface,
                 .policy = nl80211_policy,
                 /* can be retrieved by unprivileged users */
-                .internal_flags = NL80211_FLAG_NEED_WDEV,
+                .internal_flags = NL80211_FLAG_NEED_WDEV |
+                                  NL80211_FLAG_NEED_RTNL,
         },
         {
                 .cmd = NL80211_CMD_SET_INTERFACE,
@@ -8567,6 +8545,7 @@ static struct genl_ops nl80211_ops[] = {
                 .cmd = NL80211_CMD_GET_REG,
                 .doit = nl80211_get_reg,
                 .policy = nl80211_policy,
+                .internal_flags = NL80211_FLAG_NEED_RTNL,
                 /* can be retrieved by unprivileged users */
         },
         {
@@ -8574,6 +8553,7 @@ static struct genl_ops nl80211_ops[] = {
                 .doit = nl80211_set_reg,
                 .policy = nl80211_policy,
                 .flags = GENL_ADMIN_PERM,
+                .internal_flags = NL80211_FLAG_NEED_RTNL,
         },
         {
                 .cmd = NL80211_CMD_REQ_SET_REG,
@@ -9029,8 +9009,6 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
         struct nlattr *nest;
         int i;
 
-        lockdep_assert_held(&rdev->sched_scan_mtx);
-
         if (WARN_ON(!req))
                 return 0;
 
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index cc35fbaa4578..e1d6749234c6 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -81,7 +81,10 @@ static struct regulatory_request core_request_world = {
         .country_ie_env = ENVIRON_ANY,
 };
 
-/* Receipt of information from last regulatory request */
+/*
+ * Receipt of information from last regulatory request,
+ * protected by RTNL (and can be accessed with RCU protection)
+ */
 static struct regulatory_request __rcu *last_request =
         (void __rcu *)&core_request_world;
 
@@ -96,39 +99,25 @@ static struct device_type reg_device_type = {
  * Central wireless core regulatory domains, we only need two,
  * the current one and a world regulatory domain in case we have no
  * information to give us an alpha2.
+ * (protected by RTNL, can be read under RCU)
  */
 const struct ieee80211_regdomain __rcu *cfg80211_regdomain;
 
 /*
- * Protects static reg.c components:
- *      - cfg80211_regdomain (if not used with RCU)
- *      - cfg80211_world_regdom
- *      - last_request (if not used with RCU)
- *      - reg_num_devs_support_basehint
- */
-static DEFINE_MUTEX(reg_mutex);
-
-/*
  * Number of devices that registered to the core
  * that support cellular base station regulatory hints
+ * (protected by RTNL)
  */
 static int reg_num_devs_support_basehint;
 
-static inline void assert_reg_lock(void)
-{
-        lockdep_assert_held(&reg_mutex);
-}
-
 static const struct ieee80211_regdomain *get_cfg80211_regdom(void)
 {
-        return rcu_dereference_protected(cfg80211_regdomain,
-                                         lockdep_is_held(&reg_mutex));
+        return rtnl_dereference(cfg80211_regdomain);
 }
 
 static const struct ieee80211_regdomain *get_wiphy_regdom(struct wiphy *wiphy)
 {
-        return rcu_dereference_protected(wiphy->regd,
-                                         lockdep_is_held(&reg_mutex));
+        return rtnl_dereference(wiphy->regd);
 }
 
 static void rcu_free_regdom(const struct ieee80211_regdomain *r)
@@ -140,8 +129,7 @@ static void rcu_free_regdom(const struct ieee80211_regdomain *r)
 
 static struct regulatory_request *get_last_request(void)
 {
-        return rcu_dereference_check(last_request,
-                                     lockdep_is_held(&reg_mutex));
+        return rcu_dereference_rtnl(last_request);
 }
 
 /* Used to queue up regulatory hints */
@@ -200,6 +188,7 @@ static const struct ieee80211_regdomain world_regdom = {
         }
 };
 
+/* protected by RTNL */
 static const struct ieee80211_regdomain *cfg80211_world_regdom =
         &world_regdom;
 
@@ -215,7 +204,7 @@ static void reset_regdomains(bool full_reset,
         const struct ieee80211_regdomain *r;
         struct regulatory_request *lr;
 
-        assert_reg_lock();
+        ASSERT_RTNL();
 
         r = get_cfg80211_regdom();
 
@@ -377,7 +366,7 @@ static void reg_regdb_search(struct work_struct *work)
         const struct ieee80211_regdomain *curdom, *regdom = NULL;
         int i;
 
-        mutex_lock(&cfg80211_mutex);
+        rtnl_lock();
 
         mutex_lock(&reg_regdb_search_mutex);
         while (!list_empty(&reg_regdb_search_list)) {
@@ -402,7 +391,7 @@ static void reg_regdb_search(struct work_struct *work)
         if (!IS_ERR_OR_NULL(regdom))
                 set_regdom(regdom);
 
-        mutex_unlock(&cfg80211_mutex);
+        rtnl_unlock();
 }
 
 static DECLARE_WORK(reg_regdb_work, reg_regdb_search);
@@ -936,13 +925,7 @@ static bool reg_request_cell_base(struct regulatory_request *request)
 
 bool reg_last_request_cell_base(void)
 {
-        bool val;
-
-        mutex_lock(&reg_mutex);
-        val = reg_request_cell_base(get_last_request());
-        mutex_unlock(&reg_mutex);
-
-        return val;
+        return reg_request_cell_base(get_last_request());
 }
 
 #ifdef CONFIG_CFG80211_CERTIFICATION_ONUS
@@ -1225,7 +1208,7 @@ static void update_all_wiphy_regulatory(enum nl80211_reg_initiator initiator)
         struct cfg80211_registered_device *rdev;
         struct wiphy *wiphy;
 
-        assert_cfg80211_lock();
+        ASSERT_RTNL();
 
         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
                 wiphy = &rdev->wiphy;
@@ -1444,8 +1427,6 @@ static void reg_set_request_processed(void)
  * what it believes should be the current regulatory domain.
  *
  * Returns one of the different reg request treatment values.
- *
- * Caller must hold &reg_mutex
  */
 static enum reg_request_treatment
 __regulatory_hint(struct wiphy *wiphy,
@@ -1570,21 +1551,19 @@ static void reg_process_pending_hints(void)
 {
         struct regulatory_request *reg_request, *lr;
 
-        mutex_lock(&cfg80211_mutex);
-        mutex_lock(&reg_mutex);
         lr = get_last_request();
 
         /* When last_request->processed becomes true this will be rescheduled */
         if (lr && !lr->processed) {
                 REG_DBG_PRINT("Pending regulatory request, waiting for it to be processed...\n");
-                goto out;
+                return;
         }
 
         spin_lock(&reg_requests_lock);
 
         if (list_empty(&reg_requests_list)) {
                 spin_unlock(&reg_requests_lock);
-                goto out;
+                return;
         }
 
         reg_request = list_first_entry(&reg_requests_list,
@@ -1595,10 +1574,6 @@ static void reg_process_pending_hints(void)
         spin_unlock(&reg_requests_lock);
 
         reg_process_hint(reg_request, reg_request->initiator);
-
-out:
-        mutex_unlock(&reg_mutex);
-        mutex_unlock(&cfg80211_mutex);
 }
 
 /* Processes beacon hints -- this has nothing to do with country IEs */
@@ -1607,9 +1582,6 @@ static void reg_process_pending_beacon_hints(void)
         struct cfg80211_registered_device *rdev;
         struct reg_beacon *pending_beacon, *tmp;
 
-        mutex_lock(&cfg80211_mutex);
-        mutex_lock(&reg_mutex);
-
         /* This goes through the _pending_ beacon list */
         spin_lock_bh(&reg_pending_beacons_lock);
 
@@ -1626,14 +1598,14 @@ static void reg_process_pending_beacon_hints(void)
         }
 
         spin_unlock_bh(&reg_pending_beacons_lock);
-        mutex_unlock(&reg_mutex);
-        mutex_unlock(&cfg80211_mutex);
 }
 
 static void reg_todo(struct work_struct *work)
 {
+        rtnl_lock();
         reg_process_pending_hints();
         reg_process_pending_beacon_hints();
+        rtnl_unlock();
 }
 
 static void queue_regulatory_request(struct regulatory_request *request)
@@ -1717,29 +1689,23 @@ int regulatory_hint(struct wiphy *wiphy, const char *alpha2)
 }
 EXPORT_SYMBOL(regulatory_hint);
 
-/*
- * We hold wdev_lock() here so we cannot hold cfg80211_mutex() and
- * therefore cannot iterate over the rdev list here.
- */
 void regulatory_hint_11d(struct wiphy *wiphy, enum ieee80211_band band,
                          const u8 *country_ie, u8 country_ie_len)
 {
         char alpha2[2];
         enum environment_cap env = ENVIRON_ANY;
-        struct regulatory_request *request, *lr;
-
-        mutex_lock(&reg_mutex);
-        lr = get_last_request();
-
-        if (unlikely(!lr))
-                goto out;
+        struct regulatory_request *request = NULL, *lr;
 
         /* IE len must be evenly divisible by 2 */
         if (country_ie_len & 0x01)
-                goto out;
+                return;
 
         if (country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
-                goto out;
+                return;
+
+        request = kzalloc(sizeof(*request), GFP_KERNEL);
+        if (!request)
+                return;
 
         alpha2[0] = country_ie[0];
         alpha2[1] = country_ie[1];
@@ -1749,19 +1715,21 @@ void regulatory_hint_11d(struct wiphy *wiphy, enum ieee80211_band band,
         else if (country_ie[2] == 'O')
                 env = ENVIRON_OUTDOOR;
 
+        rcu_read_lock();
+        lr = get_last_request();
+
+        if (unlikely(!lr))
+                goto out;
+
         /*
          * We will run this only upon a successful connection on cfg80211.
          * We leave conflict resolution to the workqueue, where can hold
-         * cfg80211_mutex.
+         * the RTNL.
          */
         if (lr->initiator == NL80211_REGDOM_SET_BY_COUNTRY_IE &&
             lr->wiphy_idx != WIPHY_IDX_INVALID)
                 goto out;
 
-        request = kzalloc(sizeof(struct regulatory_request), GFP_KERNEL);
-        if (!request)
-                goto out;
-
         request->wiphy_idx = get_wiphy_idx(wiphy);
         request->alpha2[0] = alpha2[0];
         request->alpha2[1] = alpha2[1];
@@ -1769,8 +1737,10 @@ void regulatory_hint_11d(struct wiphy *wiphy, enum ieee80211_band band,
         request->country_ie_env = env;
 
         queue_regulatory_request(request);
+        request = NULL;
 out:
-        mutex_unlock(&reg_mutex);
+        kfree(request);
+        rcu_read_unlock();
 }
 
 static void restore_alpha2(char *alpha2, bool reset_user)
@@ -1858,8 +1828,7 @@ static void restore_regulatory_settings(bool reset_user)
         LIST_HEAD(tmp_reg_req_list);
         struct cfg80211_registered_device *rdev;
 
-        mutex_lock(&cfg80211_mutex);
-        mutex_lock(&reg_mutex);
+        ASSERT_RTNL();
 
         reset_regdomains(true, &world_regdom);
         restore_alpha2(alpha2, reset_user);
@@ -1914,9 +1883,6 @@ static void restore_regulatory_settings(bool reset_user)
         list_splice_tail_init(&tmp_reg_req_list, &reg_requests_list);
         spin_unlock(&reg_requests_lock);
 
-        mutex_unlock(&reg_mutex);
-        mutex_unlock(&cfg80211_mutex);
-
         REG_DBG_PRINT("Kicking the queue\n");
 
         schedule_work(&reg_work);
@@ -2231,7 +2197,6 @@ int set_regdom(const struct ieee80211_regdomain *rd)
         struct regulatory_request *lr;
         int r;
 
-        mutex_lock(&reg_mutex);
         lr = get_last_request();
 
         /* Note that this doesn't update the wiphys, this is done below */
@@ -2241,14 +2206,12 @@ int set_regdom(const struct ieee80211_regdomain *rd)
                         reg_set_request_processed();
 
                 kfree(rd);
-                goto out;
+                return r;
         }
 
         /* This would make this whole thing pointless */
-        if (WARN_ON(!lr->intersect && rd != get_cfg80211_regdom())) {
-                r = -EINVAL;
-                goto out;
-        }
+        if (WARN_ON(!lr->intersect && rd != get_cfg80211_regdom()))
+                return -EINVAL;
 
         /* update all wiphys now with the new established regulatory domain */
         update_all_wiphy_regulatory(lr->initiator);
@@ -2259,10 +2222,7 @@ int set_regdom(const struct ieee80211_regdomain *rd)
 
         reg_set_request_processed();
 
- out:
-        mutex_unlock(&reg_mutex);
-
-        return r;
+        return 0;
 }
 
 int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
@@ -2287,23 +2247,17 @@ int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
 
 void wiphy_regulatory_register(struct wiphy *wiphy)
 {
-        mutex_lock(&reg_mutex);
-
         if (!reg_dev_ignore_cell_hint(wiphy))
                 reg_num_devs_support_basehint++;
 
         wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
-
-        mutex_unlock(&reg_mutex);
 }
 
-/* Caller must hold cfg80211_mutex */
 void wiphy_regulatory_deregister(struct wiphy *wiphy)
 {
         struct wiphy *request_wiphy = NULL;
         struct regulatory_request *lr;
 
-        mutex_lock(&reg_mutex);
         lr = get_last_request();
 
         if (!reg_dev_ignore_cell_hint(wiphy))
@@ -2316,12 +2270,10 @@ void wiphy_regulatory_deregister(struct wiphy *wiphy)
                 request_wiphy = wiphy_idx_to_wiphy(lr->wiphy_idx);
 
         if (!request_wiphy || request_wiphy != wiphy)
-                goto out;
+                return;
 
         lr->wiphy_idx = WIPHY_IDX_INVALID;
         lr->country_ie_env = ENVIRON_ANY;
-out:
-        mutex_unlock(&reg_mutex);
 }
 
 static void reg_timeout_work(struct work_struct *work)
@@ -2385,9 +2337,9 @@ void regulatory_exit(void)
         cancel_delayed_work_sync(&reg_timeout);
 
         /* Lock to suppress warnings */
-        mutex_lock(&reg_mutex);
+        rtnl_lock();
         reset_regdomains(true, NULL);
-        mutex_unlock(&reg_mutex);
+        rtnl_unlock();
 
         dev_set_uevent_suppress(&reg_pdev->dev, true);
 
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index fd99ea495b7e..dd01b58fa78c 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -169,7 +169,7 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
         union iwreq_data wrqu;
 #endif
 
-        lockdep_assert_held(&rdev->sched_scan_mtx);
+        ASSERT_RTNL();
 
         request = rdev->scan_req;
 
@@ -230,9 +230,9 @@ void __cfg80211_scan_done(struct work_struct *wk)
         rdev = container_of(wk, struct cfg80211_registered_device,
                             scan_done_wk);
 
-        mutex_lock(&rdev->sched_scan_mtx);
+        rtnl_lock();
         ___cfg80211_scan_done(rdev, false);
-        mutex_unlock(&rdev->sched_scan_mtx);
+        rtnl_unlock();
 }
 
 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
@@ -241,6 +241,7 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
         WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
 
         request->aborted = aborted;
+        request->notified = true;
         queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk);
 }
 EXPORT_SYMBOL(cfg80211_scan_done);
@@ -255,7 +256,7 @@ void __cfg80211_sched_scan_results(struct work_struct *wk)
 
         request = rdev->sched_scan_req;
 
-        mutex_lock(&rdev->sched_scan_mtx);
+        rtnl_lock();
 
         /* we don't have sched_scan_req anymore if the scan is stopping */
         if (request) {
@@ -270,7 +271,7 @@ void __cfg80211_sched_scan_results(struct work_struct *wk)
                 nl80211_send_sched_scan_results(rdev, request->dev);
         }
 
-        mutex_unlock(&rdev->sched_scan_mtx);
+        rtnl_unlock();
 }
 
 void cfg80211_sched_scan_results(struct wiphy *wiphy)
@@ -289,9 +290,9 @@ void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
 
         trace_cfg80211_sched_scan_stopped(wiphy);
 
-        mutex_lock(&rdev->sched_scan_mtx);
+        rtnl_lock();
         __cfg80211_stop_sched_scan(rdev, true);
-        mutex_unlock(&rdev->sched_scan_mtx);
+        rtnl_unlock();
 }
 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
 
@@ -300,7 +301,7 @@ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
 {
         struct net_device *dev;
 
-        lockdep_assert_held(&rdev->sched_scan_mtx);
+        ASSERT_RTNL();
 
         if (!rdev->sched_scan_req)
                 return -ENOENT;
@@ -1040,6 +1041,25 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
 EXPORT_SYMBOL(cfg80211_unlink_bss);
 
 #ifdef CONFIG_CFG80211_WEXT
+static struct cfg80211_registered_device *
+cfg80211_get_dev_from_ifindex(struct net *net, int ifindex)
+{
+        struct cfg80211_registered_device *rdev;
+        struct net_device *dev;
+
+        ASSERT_RTNL();
+
+        dev = dev_get_by_index(net, ifindex);
+        if (!dev)
+                return ERR_PTR(-ENODEV);
+        if (dev->ieee80211_ptr)
+                rdev = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
+        else
+                rdev = ERR_PTR(-ENODEV);
+        dev_put(dev);
+        return rdev;
+}
+
 int cfg80211_wext_siwscan(struct net_device *dev,
                           struct iw_request_info *info,
                           union iwreq_data *wrqu, char *extra)
@@ -1062,7 +1082,6 @@ int cfg80211_wext_siwscan(struct net_device *dev,
         if (IS_ERR(rdev))
                 return PTR_ERR(rdev);
 
-        mutex_lock(&rdev->sched_scan_mtx);
         if (rdev->scan_req) {
                 err = -EBUSY;
                 goto out;
@@ -1169,9 +1188,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
                 dev_hold(dev);
         }
  out:
-        mutex_unlock(&rdev->sched_scan_mtx);
         kfree(creq);
-        cfg80211_unlock_rdev(rdev);
         return err;
 }
 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan);
@@ -1470,10 +1487,8 @@ int cfg80211_wext_giwscan(struct net_device *dev,
         if (IS_ERR(rdev))
                 return PTR_ERR(rdev);
 
-        if (rdev->scan_req) {
-                res = -EAGAIN;
-                goto out;
-        }
+        if (rdev->scan_req)
+                return -EAGAIN;
 
         res = ieee80211_scan_results(rdev, info, extra, data->length);
         data->length = 0;
@@ -1482,8 +1497,6 @@ int cfg80211_wext_giwscan(struct net_device *dev,
                 res = 0;
         }
 
- out:
-        cfg80211_unlock_rdev(rdev);
         return res;
 }
 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 3ed35c345cae..81be95f3be74 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -43,35 +43,29 @@ static bool cfg80211_is_all_idle(void)
         struct wireless_dev *wdev;
         bool is_all_idle = true;
 
-        mutex_lock(&cfg80211_mutex);
-
         /*
          * All devices must be idle as otherwise if you are actively
          * scanning some new beacon hints could be learned and would
          * count as new regulatory hints.
          */
         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
-                cfg80211_lock_rdev(rdev);
                 list_for_each_entry(wdev, &rdev->wdev_list, list) {
                         wdev_lock(wdev);
                         if (wdev->sme_state != CFG80211_SME_IDLE)
                                 is_all_idle = false;
                         wdev_unlock(wdev);
                 }
-                cfg80211_unlock_rdev(rdev);
         }
 
-        mutex_unlock(&cfg80211_mutex);
-
         return is_all_idle;
 }
 
 static void disconnect_work(struct work_struct *work)
 {
-        if (!cfg80211_is_all_idle())
-                return;
-
-        regulatory_hint_disconnect();
+        rtnl_lock();
+        if (cfg80211_is_all_idle())
+                regulatory_hint_disconnect();
+        rtnl_unlock();
 }
 
 static DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
@@ -85,7 +79,6 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev)
         ASSERT_RTNL();
         ASSERT_RDEV_LOCK(rdev);
         ASSERT_WDEV_LOCK(wdev);
-        lockdep_assert_held(&rdev->sched_scan_mtx);
 
         if (rdev->scan_req)
                 return -EBUSY;
@@ -176,13 +169,13 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
         case CFG80211_CONN_AUTHENTICATE_NEXT:
                 BUG_ON(!rdev->ops->auth);
                 wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
-                return __cfg80211_mlme_auth(rdev, wdev->netdev,
-                                            params->channel, params->auth_type,
-                                            params->bssid,
-                                            params->ssid, params->ssid_len,
-                                            NULL, 0,
-                                            params->key, params->key_len,
-                                            params->key_idx, NULL, 0);
+                return cfg80211_mlme_auth(rdev, wdev->netdev,
+                                          params->channel, params->auth_type,
+                                          params->bssid,
+                                          params->ssid, params->ssid_len,
+                                          NULL, 0,
+                                          params->key, params->key_len,
+                                          params->key_idx, NULL, 0);
         case CFG80211_CONN_ASSOCIATE_NEXT:
                 BUG_ON(!rdev->ops->assoc);
                 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
@@ -198,19 +191,19 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
                 req.vht_capa = params->vht_capa;
                 req.vht_capa_mask = params->vht_capa_mask;
 
-                err = __cfg80211_mlme_assoc(rdev, wdev->netdev, params->channel,
-                                            params->bssid, params->ssid,
-                                            params->ssid_len, &req);
+                err = cfg80211_mlme_assoc(rdev, wdev->netdev, params->channel,
+                                          params->bssid, params->ssid,
+                                          params->ssid_len, &req);
                 if (err)
-                        __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-                                               NULL, 0,
-                                               WLAN_REASON_DEAUTH_LEAVING,
-                                               false);
+                        cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
+                                             NULL, 0,
+                                             WLAN_REASON_DEAUTH_LEAVING,
+                                             false);
                 return err;
         case CFG80211_CONN_DEAUTH_ASSOC_FAIL:
-                __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
-                                       NULL, 0,
-                                       WLAN_REASON_DEAUTH_LEAVING, false);
+                cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
+                                     NULL, 0,
+                                     WLAN_REASON_DEAUTH_LEAVING, false);
                 /* return an error so that we call __cfg80211_connect_result() */
                 return -EINVAL;
         default:
@@ -226,9 +219,6 @@ void cfg80211_conn_work(struct work_struct *work)
         u8 bssid_buf[ETH_ALEN], *bssid = NULL;
 
         rtnl_lock();
-        cfg80211_lock_rdev(rdev);
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
 
         list_for_each_entry(wdev, &rdev->wdev_list, list) {
                 if (!wdev->netdev)
@@ -256,9 +246,6 @@ void cfg80211_conn_work(struct work_struct *work)
                 wdev_unlock(wdev);
         }
 
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
-        cfg80211_unlock_rdev(rdev);
         rtnl_unlock();
 }
 
@@ -773,11 +760,11 @@ void cfg80211_disconnected(struct net_device *dev, u16 reason,
 }
 EXPORT_SYMBOL(cfg80211_disconnected);
 
-int __cfg80211_connect(struct cfg80211_registered_device *rdev,
-                       struct net_device *dev,
-                       struct cfg80211_connect_params *connect,
-                       struct cfg80211_cached_keys *connkeys,
-                       const u8 *prev_bssid)
+int cfg80211_connect(struct cfg80211_registered_device *rdev,
+                     struct net_device *dev,
+                     struct cfg80211_connect_params *connect,
+                     struct cfg80211_cached_keys *connkeys,
+                     const u8 *prev_bssid)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         struct cfg80211_bss *bss = NULL;
@@ -924,27 +911,8 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
         }
 }
 
-int cfg80211_connect(struct cfg80211_registered_device *rdev,
-                     struct net_device *dev,
-                     struct cfg80211_connect_params *connect,
-                     struct cfg80211_cached_keys *connkeys)
-{
-        int err;
-
-        mutex_lock(&rdev->devlist_mtx);
-        /* might request scan - scan_mtx -> wdev_mtx dependency */
-        mutex_lock(&rdev->sched_scan_mtx);
-        wdev_lock(dev->ieee80211_ptr);
-        err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL);
-        wdev_unlock(dev->ieee80211_ptr);
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
-
-        return err;
-}
-
-int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
-                          struct net_device *dev, u16 reason, bool wextev)
+int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
+                        struct net_device *dev, u16 reason, bool wextev)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
         int err;
@@ -979,7 +947,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
                 }
 
                 /* wdev->conn->params.bssid must be set if > SCANNING */
-                err = __cfg80211_mlme_deauth(rdev, dev,
+                err = cfg80211_mlme_deauth(rdev, dev,
                                              wdev->conn->params.bssid,
                                              NULL, 0, reason, false);
                 if (err)
@@ -1001,19 +969,6 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
         return 0;
 }
 
-int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
-                        struct net_device *dev,
-                        u16 reason, bool wextev)
-{
-        int err;
-
-        wdev_lock(dev->ieee80211_ptr);
-        err = __cfg80211_disconnect(rdev, dev, reason, wextev);
-        wdev_unlock(dev->ieee80211_ptr);
-
-        return err;
-}
-
 void cfg80211_sme_disassoc(struct net_device *dev,
                            struct cfg80211_internal_bss *bss)
 {
@@ -1036,6 +991,6 @@ void cfg80211_sme_disassoc(struct net_device *dev,
 
         memcpy(bssid, bss->pub.bssid, ETH_ALEN);
 
-        __cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
-                               WLAN_REASON_DEAUTH_LEAVING, false);
+        cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
+                             WLAN_REASON_DEAUTH_LEAVING, false);
 }
diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c
index 8f28b9f798d8..360a42c6f694 100644
--- a/net/wireless/sysfs.c
+++ b/net/wireless/sysfs.c
@@ -91,6 +91,7 @@ static void cfg80211_leave_all(struct cfg80211_registered_device *rdev)
                 cfg80211_leave(rdev, wdev);
 }
 
+#ifdef CONFIG_PM
 static int wiphy_suspend(struct device *dev, pm_message_t state)
 {
         struct cfg80211_registered_device *rdev = dev_to_rdev(dev);
@@ -100,10 +101,10 @@ static int wiphy_suspend(struct device *dev, pm_message_t state)
 
         rtnl_lock();
         if (rdev->wiphy.registered) {
-                if (!rdev->wowlan)
+                if (!rdev->wiphy.wowlan_config)
                         cfg80211_leave_all(rdev);
                 if (rdev->ops->suspend)
-                        ret = rdev_suspend(rdev, rdev->wowlan);
+                        ret = rdev_suspend(rdev, rdev->wiphy.wowlan_config);
                 if (ret == 1) {
                         /* Driver refuse to configure wowlan */
                         cfg80211_leave_all(rdev);
@@ -132,6 +133,7 @@ static int wiphy_resume(struct device *dev)
 
         return ret;
 }
+#endif
 
 static const void *wiphy_namespace(struct device *d)
 {
@@ -146,8 +148,10 @@ struct class ieee80211_class = {
         .dev_release = wiphy_dev_release,
         .dev_attrs = ieee80211_dev_attrs,
         .dev_uevent = wiphy_uevent,
+#ifdef CONFIG_PM
         .suspend = wiphy_suspend,
         .resume = wiphy_resume,
+#endif
         .ns_type = &net_ns_type_operations,
         .namespace = wiphy_namespace,
 };
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index 5755bc14abbd..23fafeae8a10 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -1911,12 +1911,12 @@ TRACE_EVENT(cfg80211_send_rx_assoc,
                   NETDEV_PR_ARG, MAC_PR_ARG(bssid), CHAN_PR_ARG)
 );
 
-DEFINE_EVENT(netdev_evt_only, __cfg80211_send_deauth,
+DEFINE_EVENT(netdev_evt_only, cfg80211_send_deauth,
         TP_PROTO(struct net_device *netdev),
         TP_ARGS(netdev)
 );
 
-DEFINE_EVENT(netdev_evt_only, __cfg80211_send_disassoc,
+DEFINE_EVENT(netdev_evt_only, cfg80211_send_disassoc,
         TP_PROTO(struct net_device *netdev),
         TP_ARGS(netdev)
 );
diff --git a/net/wireless/util.c b/net/wireless/util.c
index f5ad4d94ba88..74458b7f61eb 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -33,6 +33,29 @@ ieee80211_get_response_rate(struct ieee80211_supported_band *sband,
 }
 EXPORT_SYMBOL(ieee80211_get_response_rate);
 
+u32 ieee80211_mandatory_rates(struct ieee80211_supported_band *sband)
+{
+        struct ieee80211_rate *bitrates;
+        u32 mandatory_rates = 0;
+        enum ieee80211_rate_flags mandatory_flag;
+        int i;
+
+        if (WARN_ON(!sband))
+                return 1;
+
+        if (sband->band == IEEE80211_BAND_2GHZ)
+                mandatory_flag = IEEE80211_RATE_MANDATORY_B;
+        else
+                mandatory_flag = IEEE80211_RATE_MANDATORY_A;
+
+        bitrates = sband->bitrates;
+        for (i = 0; i < sband->n_bitrates; i++)
+                if (bitrates[i].flags & mandatory_flag)
+                        mandatory_rates |= BIT(i);
+        return mandatory_rates;
+}
+EXPORT_SYMBOL(ieee80211_mandatory_rates);
+
 int ieee80211_channel_to_frequency(int chan, enum ieee80211_band band)
 {
         /* see 802.11 17.3.8.3.2 and Annex J
@@ -785,12 +808,8 @@ void cfg80211_process_rdev_events(struct cfg80211_registered_device *rdev)
         ASSERT_RTNL();
         ASSERT_RDEV_LOCK(rdev);
 
-        mutex_lock(&rdev->devlist_mtx);
-
         list_for_each_entry(wdev, &rdev->wdev_list, list)
                 cfg80211_process_wdev_events(wdev);
-
-        mutex_unlock(&rdev->devlist_mtx);
 }
 
 int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
@@ -822,10 +841,8 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
                 return -EBUSY;
 
         if (ntype != otype && netif_running(dev)) {
-                mutex_lock(&rdev->devlist_mtx);
                 err = cfg80211_can_change_interface(rdev, dev->ieee80211_ptr,
                                                     ntype);
-                mutex_unlock(&rdev->devlist_mtx);
                 if (err)
                         return err;
 
@@ -841,8 +858,10 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
                         break;
                 case NL80211_IFTYPE_STATION:
                 case NL80211_IFTYPE_P2P_CLIENT:
+                        wdev_lock(dev->ieee80211_ptr);
                         cfg80211_disconnect(rdev, dev,
                                             WLAN_REASON_DEAUTH_LEAVING, true);
+                        wdev_unlock(dev->ieee80211_ptr);
                         break;
                 case NL80211_IFTYPE_MESH_POINT:
                         /* mesh should be handled? */
@@ -1169,6 +1188,9 @@ bool ieee80211_operating_class_to_band(u8 operating_class,
         case 84:
                 *band = IEEE80211_BAND_2GHZ;
                 return true;
+        case 180:
+                *band = IEEE80211_BAND_60GHZ;
+                return true;
         }
 
         return false;
@@ -1184,8 +1206,6 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
         if (!beacon_int)
                 return -EINVAL;
 
-        mutex_lock(&rdev->devlist_mtx);
-
         list_for_each_entry(wdev, &rdev->wdev_list, list) {
                 if (!wdev->beacon_interval)
                         continue;
@@ -1195,8 +1215,6 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
                 }
         }
 
-        mutex_unlock(&rdev->devlist_mtx);
-
         return res;
 }
 
@@ -1220,7 +1238,6 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
         int i, j;
 
         ASSERT_RTNL();
-        lockdep_assert_held(&rdev->devlist_mtx);
 
         if (WARN_ON(hweight32(radar_detect) > 1))
                 return -EINVAL;
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index d997d0f0c54a..e7c6e862580d 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -72,7 +72,6 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info,
         struct cfg80211_registered_device *rdev;
         struct vif_params vifparams;
         enum nl80211_iftype type;
-        int ret;
 
         rdev = wiphy_to_dev(wdev->wiphy);
 
@@ -98,11 +97,7 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info,
 
         memset(&vifparams, 0, sizeof(vifparams));
 
-        cfg80211_lock_rdev(rdev);
-        ret = cfg80211_change_iface(rdev, dev, type, NULL, &vifparams);
-        cfg80211_unlock_rdev(rdev);
-
-        return ret;
+        return cfg80211_change_iface(rdev, dev, type, NULL, &vifparams);
 }
 EXPORT_SYMBOL_GPL(cfg80211_wext_siwmode);
 
@@ -579,13 +574,10 @@ static int cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
 {
         int err;
 
-        /* devlist mutex needed for possible IBSS re-join */
-        mutex_lock(&rdev->devlist_mtx);
         wdev_lock(dev->ieee80211_ptr);
         err = __cfg80211_set_encryption(rdev, dev, pairwise, addr,
                                         remove, tx_key, idx, params);
         wdev_unlock(dev->ieee80211_ptr);
-        mutex_unlock(&rdev->devlist_mtx);
 
         return err;
 }
@@ -787,7 +779,7 @@ static int cfg80211_wext_siwfreq(struct net_device *dev,
         struct cfg80211_chan_def chandef = {
                 .width = NL80211_CHAN_WIDTH_20_NOHT,
         };
-        int freq, err;
+        int freq;
 
         switch (wdev->iftype) {
         case NL80211_IFTYPE_STATION:
@@ -804,10 +796,7 @@ static int cfg80211_wext_siwfreq(struct net_device *dev,
                 chandef.chan = ieee80211_get_channel(&rdev->wiphy, freq);
                 if (!chandef.chan)
                         return -EINVAL;
-                mutex_lock(&rdev->devlist_mtx);
-                err = cfg80211_set_monitor_channel(rdev, &chandef);
-                mutex_unlock(&rdev->devlist_mtx);
-                return err;
+                return cfg80211_set_monitor_channel(rdev, &chandef);
         case NL80211_IFTYPE_MESH_POINT:
                 freq = cfg80211_wext_freq(wdev->wiphy, wextfreq);
                 if (freq < 0)
@@ -818,10 +807,7 @@ static int cfg80211_wext_siwfreq(struct net_device *dev,
                 chandef.chan = ieee80211_get_channel(&rdev->wiphy, freq);
                 if (!chandef.chan)
                         return -EINVAL;
-                mutex_lock(&rdev->devlist_mtx);
-                err = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
-                mutex_unlock(&rdev->devlist_mtx);
-                return err;
+                return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
         default:
                 return -EOPNOTSUPP;
         }
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index e79cb5c0655a..a53f8404f451 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -54,8 +54,8 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
         if (wdev->wext.prev_bssid_valid)
                 prev_bssid = wdev->wext.prev_bssid;
 
-        err = __cfg80211_connect(rdev, wdev->netdev,
-                                 &wdev->wext.connect, ck, prev_bssid);
+        err = cfg80211_connect(rdev, wdev->netdev,
+                               &wdev->wext.connect, ck, prev_bssid);
         if (err)
                 kfree(ck);
 
@@ -87,9 +87,6 @@ int cfg80211_mgd_wext_siwfreq(struct net_device *dev,
                         return -EINVAL;
         }
 
-        cfg80211_lock_rdev(rdev);
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
         wdev_lock(wdev);
 
         if (wdev->sme_state != CFG80211_SME_IDLE) {
@@ -103,8 +100,8 @@ int cfg80211_mgd_wext_siwfreq(struct net_device *dev,
                 /* if SSID set, we'll try right again, avoid event */
                 if (wdev->wext.connect.ssid_len)
                         event = false;
-                err = __cfg80211_disconnect(rdev, dev,
-                                            WLAN_REASON_DEAUTH_LEAVING, event);
+                err = cfg80211_disconnect(rdev, dev,
+                                          WLAN_REASON_DEAUTH_LEAVING, event);
                 if (err)
                         goto out;
         }
@@ -136,9 +133,6 @@ int cfg80211_mgd_wext_siwfreq(struct net_device *dev,
         err = cfg80211_mgd_wext_connect(rdev, wdev);
  out:
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
-        cfg80211_unlock_rdev(rdev);
         return err;
 }
 
@@ -190,9 +184,6 @@ int cfg80211_mgd_wext_siwessid(struct net_device *dev,
         if (len > 0 && ssid[len - 1] == '\0')
                 len--;
 
-        cfg80211_lock_rdev(rdev);
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
         wdev_lock(wdev);
 
         err = 0;
@@ -208,8 +199,8 @@ int cfg80211_mgd_wext_siwessid(struct net_device *dev,
                 /* if SSID set now, we'll try to connect, avoid event */
                 if (len)
                         event = false;
-                err = __cfg80211_disconnect(rdev, dev,
-                                            WLAN_REASON_DEAUTH_LEAVING, event);
+                err = cfg80211_disconnect(rdev, dev,
+                                          WLAN_REASON_DEAUTH_LEAVING, event);
                 if (err)
                         goto out;
         }
@@ -226,9 +217,6 @@ int cfg80211_mgd_wext_siwessid(struct net_device *dev,
         err = cfg80211_mgd_wext_connect(rdev, wdev);
  out:
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
-        cfg80211_unlock_rdev(rdev);
         return err;
 }
 
@@ -287,9 +275,6 @@ int cfg80211_mgd_wext_siwap(struct net_device *dev,
         if (is_zero_ether_addr(bssid) || is_broadcast_ether_addr(bssid))
                 bssid = NULL;
 
-        cfg80211_lock_rdev(rdev);
-        mutex_lock(&rdev->devlist_mtx);
-        mutex_lock(&rdev->sched_scan_mtx);
         wdev_lock(wdev);
 
         if (wdev->sme_state != CFG80211_SME_IDLE) {
@@ -303,8 +288,8 @@ int cfg80211_mgd_wext_siwap(struct net_device *dev,
                     ether_addr_equal(bssid, wdev->wext.connect.bssid))
                         goto out;
 
-                err = __cfg80211_disconnect(rdev, dev,
-                                            WLAN_REASON_DEAUTH_LEAVING, false);
+                err = cfg80211_disconnect(rdev, dev,
+                                          WLAN_REASON_DEAUTH_LEAVING, false);
                 if (err)
                         goto out;
         }
@@ -318,9 +303,6 @@ int cfg80211_mgd_wext_siwap(struct net_device *dev,
         err = cfg80211_mgd_wext_connect(rdev, wdev);
  out:
         wdev_unlock(wdev);
-        mutex_unlock(&rdev->sched_scan_mtx);
-        mutex_unlock(&rdev->devlist_mtx);
-        cfg80211_unlock_rdev(rdev);
         return err;
 }
 
@@ -383,8 +365,8 @@ int cfg80211_wext_siwgenie(struct net_device *dev,
         wdev->wext.ie_len = ie_len;
 
         if (wdev->sme_state != CFG80211_SME_IDLE) {
-                err = __cfg80211_disconnect(rdev, dev,
-                                            WLAN_REASON_DEAUTH_LEAVING, false);
+                err = cfg80211_disconnect(rdev, dev,
+                                          WLAN_REASON_DEAUTH_LEAVING, false);
                 if (err)
                         goto out;
         }
@@ -420,8 +402,7 @@ int cfg80211_wext_siwmlme(struct net_device *dev,
         switch (mlme->cmd) {
         case IW_MLME_DEAUTH:
         case IW_MLME_DISASSOC:
-                err = __cfg80211_disconnect(rdev, dev, mlme->reason_code,
-                                            true);
+                err = cfg80211_disconnect(rdev, dev, mlme->reason_code, true);
                 break;
         default:
                 err = -EOPNOTSUPP;