aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-01-14 11:27:10 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-01-14 11:27:10 -0500
commit6843cc0e0f59643d75a624999012b4dd72bfe1cf (patch)
tree6924ab19725e67b3f35f90277b2b670d0f0e0958 /net
parent7c8284c3aa127ffe72a90a1bad52183ec9ad870a (diff)
parentd0b9cec3e27d0e9fda2fbf6aaacece68c99b1104 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Fix regression allowing IP_TTL setting of zero, fix from Cong Wang. 2) Fix leak regressions in tunap, from Jason Wang. 3) be2net driver always returns IRQ_HANDLED in INTx handler, fix from Sathya Perla. 4) qlge doesn't really support NETIF_F_TSO6, don't set that flag. Fix from Amerigo Wang. 5) Add 802.11ad Atheros wil6210 driver, from Vladimir Kondratiev. 6) Fix MTU calculations in mac80211 layer, from T Krishna Chaitanya. 7) Station info layer of mac80211 needs to use del_timer_sync(), from Johannes Berg. 8) tcp_read_sock() can loop forever, because we don't immediately stop when recv_actor() returns zero. Fix from Eric Dumazet. 9) Fix WARN_ON() in tcp_cleanup_rbuf(). We have to use sk_eat_skb() in tcp_recv_skb() to handle the case where a large GRO packet is split up while it is use by a splice() operation. Fix also from Eric Dumazet. 10) addrconf_get_prefix_route() in ipv6 tests flags incorrectly, it does: if (X && (p->flags & Y) != 0) when it really meant to go: if (X && (p->flags & X) != 0) fix from Romain Kuntz. 11) Fix lost Kconfig dependency for bfin_mac driver hardware timestamping. From Lars-Peter Clausen. 12) Fix regression in handling of RST without ACK in TCP, from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (37 commits) be2net: fix unconditionally returning IRQ_HANDLED in INTx tuntap: fix leaking reference count tuntap: forbid calling TUNSETIFF when detached tuntap: switch to use rtnl_dereference() net, wireless: overwrite default_ethtool_ops qlge: remove NETIF_F_TSO6 flag tcp: accept RST without ACK flag net: ethernet: xilinx: Do not use NO_IRQ in axienet net: ethernet: xilinx: Do not use axienet on PPC bnx2x: Allow management traffic after boot from SAN bnx2x: Fix fastpath structures when memory allocation fails bfin_mac: Restore hardware time-stamping dependency on BF518 tun: avoid owner checks on IFF_ATTACH_QUEUE bnx2x: move debugging code before the return tuntap: refuse to re-attach to different tun_struct ipv6: use addrconf_get_prefix_route for prefix route lookup [v2] ipv6: fix the noflags test in addrconf_get_prefix_route tcp: fix splice() and tcp collapsing interaction tcp: splice: fix an infinite loop in tcp_read_sock() net: prevent setting ttl=0 via IP_TTL ...
Diffstat (limited to 'net')
-rw-r--r--net/core/dev.c8
-rw-r--r--net/ipv4/ip_sockglue.c2
-rw-r--r--net/ipv4/tcp.c15
-rw-r--r--net/ipv4/tcp_input.c4
-rw-r--r--net/ipv6/addrconf.c27
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/chan.c38
-rw-r--r--net/mac80211/ibss.c9
-rw-r--r--net/mac80211/ieee80211_i.h16
-rw-r--r--net/mac80211/iface.c48
-rw-r--r--net/mac80211/mesh.c8
-rw-r--r--net/mac80211/mesh.h2
-rw-r--r--net/mac80211/mlme.c75
-rw-r--r--net/mac80211/scan.c46
-rw-r--r--net/mac80211/sta_info.c46
-rw-r--r--net/mac80211/sta_info.h3
-rw-r--r--net/wireless/core.c3
17 files changed, 237 insertions, 115 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 515473ee52cb..f64e439b4a00 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -6121,6 +6121,14 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
6121 6121
6122static const struct ethtool_ops default_ethtool_ops; 6122static const struct ethtool_ops default_ethtool_ops;
6123 6123
6124void netdev_set_default_ethtool_ops(struct net_device *dev,
6125 const struct ethtool_ops *ops)
6126{
6127 if (dev->ethtool_ops == &default_ethtool_ops)
6128 dev->ethtool_ops = ops;
6129}
6130EXPORT_SYMBOL_GPL(netdev_set_default_ethtool_ops);
6131
6124/** 6132/**
6125 * alloc_netdev_mqs - allocate network device 6133 * alloc_netdev_mqs - allocate network device
6126 * @sizeof_priv: size of private data to allocate space for 6134 * @sizeof_priv: size of private data to allocate space for
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 3c9d20880283..d9c4f113d709 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -590,7 +590,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
590 case IP_TTL: 590 case IP_TTL:
591 if (optlen < 1) 591 if (optlen < 1)
592 goto e_inval; 592 goto e_inval;
593 if (val != -1 && (val < 0 || val > 255)) 593 if (val != -1 && (val < 1 || val > 255))
594 goto e_inval; 594 goto e_inval;
595 inet->uc_ttl = val; 595 inet->uc_ttl = val;
596 break; 596 break;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 1ca253635f7a..2aa69c8ae60c 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1428,12 +1428,12 @@ static void tcp_service_net_dma(struct sock *sk, bool wait)
1428} 1428}
1429#endif 1429#endif
1430 1430
1431static inline struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off) 1431static struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
1432{ 1432{
1433 struct sk_buff *skb; 1433 struct sk_buff *skb;
1434 u32 offset; 1434 u32 offset;
1435 1435
1436 skb_queue_walk(&sk->sk_receive_queue, skb) { 1436 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) {
1437 offset = seq - TCP_SKB_CB(skb)->seq; 1437 offset = seq - TCP_SKB_CB(skb)->seq;
1438 if (tcp_hdr(skb)->syn) 1438 if (tcp_hdr(skb)->syn)
1439 offset--; 1439 offset--;
@@ -1441,6 +1441,11 @@ static inline struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
1441 *off = offset; 1441 *off = offset;
1442 return skb; 1442 return skb;
1443 } 1443 }
1444 /* This looks weird, but this can happen if TCP collapsing
1445 * splitted a fat GRO packet, while we released socket lock
1446 * in skb_splice_bits()
1447 */
1448 sk_eat_skb(sk, skb, false);
1444 } 1449 }
1445 return NULL; 1450 return NULL;
1446} 1451}
@@ -1482,7 +1487,7 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1482 break; 1487 break;
1483 } 1488 }
1484 used = recv_actor(desc, skb, offset, len); 1489 used = recv_actor(desc, skb, offset, len);
1485 if (used < 0) { 1490 if (used <= 0) {
1486 if (!copied) 1491 if (!copied)
1487 copied = used; 1492 copied = used;
1488 break; 1493 break;
@@ -1520,8 +1525,10 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1520 tcp_rcv_space_adjust(sk); 1525 tcp_rcv_space_adjust(sk);
1521 1526
1522 /* Clean up data we have read: This will do ACK frames. */ 1527 /* Clean up data we have read: This will do ACK frames. */
1523 if (copied > 0) 1528 if (copied > 0) {
1529 tcp_recv_skb(sk, seq, &offset);
1524 tcp_cleanup_rbuf(sk, copied); 1530 tcp_cleanup_rbuf(sk, copied);
1531 }
1525 return copied; 1532 return copied;
1526} 1533}
1527EXPORT_SYMBOL(tcp_read_sock); 1534EXPORT_SYMBOL(tcp_read_sock);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index a28e4db8a952..18f97ca76b00 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5543,7 +5543,7 @@ slow_path:
5543 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) 5543 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
5544 goto csum_error; 5544 goto csum_error;
5545 5545
5546 if (!th->ack) 5546 if (!th->ack && !th->rst)
5547 goto discard; 5547 goto discard;
5548 5548
5549 /* 5549 /*
@@ -5988,7 +5988,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5988 goto discard; 5988 goto discard;
5989 } 5989 }
5990 5990
5991 if (!th->ack) 5991 if (!th->ack && !th->rst)
5992 goto discard; 5992 goto discard;
5993 5993
5994 if (!tcp_validate_incoming(sk, skb, th, 0)) 5994 if (!tcp_validate_incoming(sk, skb, th, 0))
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 408cac4ae00a..420e56326384 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -154,6 +154,11 @@ static void addrconf_type_change(struct net_device *dev,
154 unsigned long event); 154 unsigned long event);
155static int addrconf_ifdown(struct net_device *dev, int how); 155static int addrconf_ifdown(struct net_device *dev, int how);
156 156
157static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
158 int plen,
159 const struct net_device *dev,
160 u32 flags, u32 noflags);
161
157static void addrconf_dad_start(struct inet6_ifaddr *ifp); 162static void addrconf_dad_start(struct inet6_ifaddr *ifp);
158static void addrconf_dad_timer(unsigned long data); 163static void addrconf_dad_timer(unsigned long data);
159static void addrconf_dad_completed(struct inet6_ifaddr *ifp); 164static void addrconf_dad_completed(struct inet6_ifaddr *ifp);
@@ -250,12 +255,6 @@ static inline bool addrconf_qdisc_ok(const struct net_device *dev)
250 return !qdisc_tx_is_noop(dev); 255 return !qdisc_tx_is_noop(dev);
251} 256}
252 257
253/* Check if a route is valid prefix route */
254static inline int addrconf_is_prefix_route(const struct rt6_info *rt)
255{
256 return (rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0;
257}
258
259static void addrconf_del_timer(struct inet6_ifaddr *ifp) 258static void addrconf_del_timer(struct inet6_ifaddr *ifp)
260{ 259{
261 if (del_timer(&ifp->timer)) 260 if (del_timer(&ifp->timer))
@@ -941,17 +940,15 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp)
941 if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) { 940 if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) {
942 struct in6_addr prefix; 941 struct in6_addr prefix;
943 struct rt6_info *rt; 942 struct rt6_info *rt;
944 struct net *net = dev_net(ifp->idev->dev);
945 struct flowi6 fl6 = {};
946 943
947 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len); 944 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
948 fl6.flowi6_oif = ifp->idev->dev->ifindex;
949 fl6.daddr = prefix;
950 rt = (struct rt6_info *)ip6_route_lookup(net, &fl6,
951 RT6_LOOKUP_F_IFACE);
952 945
953 if (rt != net->ipv6.ip6_null_entry && 946 rt = addrconf_get_prefix_route(&prefix,
954 addrconf_is_prefix_route(rt)) { 947 ifp->prefix_len,
948 ifp->idev->dev,
949 0, RTF_GATEWAY | RTF_DEFAULT);
950
951 if (rt) {
955 if (onlink == 0) { 952 if (onlink == 0) {
956 ip6_del_rt(rt); 953 ip6_del_rt(rt);
957 rt = NULL; 954 rt = NULL;
@@ -1877,7 +1874,7 @@ static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
1877 continue; 1874 continue;
1878 if ((rt->rt6i_flags & flags) != flags) 1875 if ((rt->rt6i_flags & flags) != flags)
1879 continue; 1876 continue;
1880 if ((noflags != 0) && ((rt->rt6i_flags & flags) != 0)) 1877 if ((rt->rt6i_flags & noflags) != 0)
1881 continue; 1878 continue;
1882 dst_hold(&rt->dst); 1879 dst_hold(&rt->dst);
1883 break; 1880 break;
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 5c61677487cf..47e0aca614b7 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1009,6 +1009,8 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1009 if (old_probe_resp) 1009 if (old_probe_resp)
1010 kfree_rcu(old_probe_resp, rcu_head); 1010 kfree_rcu(old_probe_resp, rcu_head);
1011 1011
1012 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1013 sta_info_flush(local, vlan);
1012 sta_info_flush(local, sdata); 1014 sta_info_flush(local, sdata);
1013 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 1015 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
1014 1016
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 53f03120db55..80e55527504b 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -4,6 +4,7 @@
4 4
5#include <linux/nl80211.h> 5#include <linux/nl80211.h>
6#include <linux/export.h> 6#include <linux/export.h>
7#include <linux/rtnetlink.h>
7#include <net/cfg80211.h> 8#include <net/cfg80211.h>
8#include "ieee80211_i.h" 9#include "ieee80211_i.h"
9#include "driver-ops.h" 10#include "driver-ops.h"
@@ -197,6 +198,15 @@ static void __ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata)
197 198
198 ctx = container_of(conf, struct ieee80211_chanctx, conf); 199 ctx = container_of(conf, struct ieee80211_chanctx, conf);
199 200
201 if (sdata->vif.type == NL80211_IFTYPE_AP) {
202 struct ieee80211_sub_if_data *vlan;
203
204 /* for the VLAN list */
205 ASSERT_RTNL();
206 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
207 rcu_assign_pointer(vlan->vif.chanctx_conf, NULL);
208 }
209
200 ieee80211_unassign_vif_chanctx(sdata, ctx); 210 ieee80211_unassign_vif_chanctx(sdata, ctx);
201 if (ctx->refcount == 0) 211 if (ctx->refcount == 0)
202 ieee80211_free_chanctx(local, ctx); 212 ieee80211_free_chanctx(local, ctx);
@@ -316,6 +326,15 @@ int ieee80211_vif_use_channel(struct ieee80211_sub_if_data *sdata,
316 goto out; 326 goto out;
317 } 327 }
318 328
329 if (sdata->vif.type == NL80211_IFTYPE_AP) {
330 struct ieee80211_sub_if_data *vlan;
331
332 /* for the VLAN list */
333 ASSERT_RTNL();
334 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
335 rcu_assign_pointer(vlan->vif.chanctx_conf, &ctx->conf);
336 }
337
319 ieee80211_recalc_smps_chanctx(local, ctx); 338 ieee80211_recalc_smps_chanctx(local, ctx);
320 out: 339 out:
321 mutex_unlock(&local->chanctx_mtx); 340 mutex_unlock(&local->chanctx_mtx);
@@ -331,6 +350,25 @@ void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata)
331 mutex_unlock(&sdata->local->chanctx_mtx); 350 mutex_unlock(&sdata->local->chanctx_mtx);
332} 351}
333 352
353void ieee80211_vif_vlan_copy_chanctx(struct ieee80211_sub_if_data *sdata)
354{
355 struct ieee80211_local *local = sdata->local;
356 struct ieee80211_sub_if_data *ap;
357 struct ieee80211_chanctx_conf *conf;
358
359 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->bss))
360 return;
361
362 ap = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
363
364 mutex_lock(&local->chanctx_mtx);
365
366 conf = rcu_dereference_protected(ap->vif.chanctx_conf,
367 lockdep_is_held(&local->chanctx_mtx));
368 rcu_assign_pointer(sdata->vif.chanctx_conf, conf);
369 mutex_unlock(&local->chanctx_mtx);
370}
371
334void ieee80211_iter_chan_contexts_atomic( 372void ieee80211_iter_chan_contexts_atomic(
335 struct ieee80211_hw *hw, 373 struct ieee80211_hw *hw,
336 void (*iter)(struct ieee80211_hw *hw, 374 void (*iter)(struct ieee80211_hw *hw,
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 8881fc77fb13..6b7644e818d8 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -703,8 +703,8 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
703 sdata_info(sdata, 703 sdata_info(sdata,
704 "No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)\n"); 704 "No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)\n");
705 705
706 ieee80211_request_internal_scan(sdata, 706 ieee80211_request_ibss_scan(sdata, ifibss->ssid, ifibss->ssid_len,
707 ifibss->ssid, ifibss->ssid_len, NULL); 707 NULL);
708} 708}
709 709
710static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 710static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
@@ -802,9 +802,8 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
802 IEEE80211_SCAN_INTERVAL)) { 802 IEEE80211_SCAN_INTERVAL)) {
803 sdata_info(sdata, "Trigger new scan to find an IBSS to join\n"); 803 sdata_info(sdata, "Trigger new scan to find an IBSS to join\n");
804 804
805 ieee80211_request_internal_scan(sdata, 805 ieee80211_request_ibss_scan(sdata, ifibss->ssid,
806 ifibss->ssid, ifibss->ssid_len, 806 ifibss->ssid_len, chan);
807 ifibss->fixed_channel ? ifibss->channel : NULL);
808 } else { 807 } else {
809 int interval = IEEE80211_SCAN_INTERVAL; 808 int interval = IEEE80211_SCAN_INTERVAL;
810 809
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 42d0d0267730..8563b9a5cac3 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -92,8 +92,6 @@ struct ieee80211_bss {
92 92
93 u32 device_ts; 93 u32 device_ts;
94 94
95 u8 dtim_period;
96
97 bool wmm_used; 95 bool wmm_used;
98 bool uapsd_supported; 96 bool uapsd_supported;
99 97
@@ -140,7 +138,6 @@ enum ieee80211_bss_corrupt_data_flags {
140 138
141/** 139/**
142 * enum ieee80211_valid_data_flags - BSS valid data flags 140 * enum ieee80211_valid_data_flags - BSS valid data flags
143 * @IEEE80211_BSS_VALID_DTIM: DTIM data was gathered from non-corrupt IE
144 * @IEEE80211_BSS_VALID_WMM: WMM/UAPSD data was gathered from non-corrupt IE 141 * @IEEE80211_BSS_VALID_WMM: WMM/UAPSD data was gathered from non-corrupt IE
145 * @IEEE80211_BSS_VALID_RATES: Supported rates were gathered from non-corrupt IE 142 * @IEEE80211_BSS_VALID_RATES: Supported rates were gathered from non-corrupt IE
146 * @IEEE80211_BSS_VALID_ERP: ERP flag was gathered from non-corrupt IE 143 * @IEEE80211_BSS_VALID_ERP: ERP flag was gathered from non-corrupt IE
@@ -151,7 +148,6 @@ enum ieee80211_bss_corrupt_data_flags {
151 * beacon/probe response. 148 * beacon/probe response.
152 */ 149 */
153enum ieee80211_bss_valid_data_flags { 150enum ieee80211_bss_valid_data_flags {
154 IEEE80211_BSS_VALID_DTIM = BIT(0),
155 IEEE80211_BSS_VALID_WMM = BIT(1), 151 IEEE80211_BSS_VALID_WMM = BIT(1),
156 IEEE80211_BSS_VALID_RATES = BIT(2), 152 IEEE80211_BSS_VALID_RATES = BIT(2),
157 IEEE80211_BSS_VALID_ERP = BIT(3) 153 IEEE80211_BSS_VALID_ERP = BIT(3)
@@ -440,6 +436,7 @@ struct ieee80211_if_managed {
440 unsigned long timers_running; /* used for quiesce/restart */ 436 unsigned long timers_running; /* used for quiesce/restart */
441 bool powersave; /* powersave requested for this iface */ 437 bool powersave; /* powersave requested for this iface */
442 bool broken_ap; /* AP is broken -- turn off powersave */ 438 bool broken_ap; /* AP is broken -- turn off powersave */
439 u8 dtim_period;
443 enum ieee80211_smps_mode req_smps, /* requested smps mode */ 440 enum ieee80211_smps_mode req_smps, /* requested smps mode */
444 driver_smps_mode; /* smps mode request */ 441 driver_smps_mode; /* smps mode request */
445 442
@@ -773,6 +770,10 @@ struct ieee80211_sub_if_data {
773 u32 mntr_flags; 770 u32 mntr_flags;
774 } u; 771 } u;
775 772
773 spinlock_t cleanup_stations_lock;
774 struct list_head cleanup_stations;
775 struct work_struct cleanup_stations_wk;
776
776#ifdef CONFIG_MAC80211_DEBUGFS 777#ifdef CONFIG_MAC80211_DEBUGFS
777 struct { 778 struct {
778 struct dentry *dir; 779 struct dentry *dir;
@@ -1329,9 +1330,9 @@ void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1329 1330
1330/* scan/BSS handling */ 1331/* scan/BSS handling */
1331void ieee80211_scan_work(struct work_struct *work); 1332void ieee80211_scan_work(struct work_struct *work);
1332int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, 1333int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
1333 const u8 *ssid, u8 ssid_len, 1334 const u8 *ssid, u8 ssid_len,
1334 struct ieee80211_channel *chan); 1335 struct ieee80211_channel *chan);
1335int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1336int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
1336 struct cfg80211_scan_request *req); 1337 struct cfg80211_scan_request *req);
1337void ieee80211_scan_cancel(struct ieee80211_local *local); 1338void ieee80211_scan_cancel(struct ieee80211_local *local);
@@ -1628,6 +1629,7 @@ ieee80211_vif_use_channel(struct ieee80211_sub_if_data *sdata,
1628 const struct cfg80211_chan_def *chandef, 1629 const struct cfg80211_chan_def *chandef,
1629 enum ieee80211_chanctx_mode mode); 1630 enum ieee80211_chanctx_mode mode);
1630void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata); 1631void ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata);
1632void ieee80211_vif_vlan_copy_chanctx(struct ieee80211_sub_if_data *sdata);
1631 1633
1632void ieee80211_recalc_smps_chanctx(struct ieee80211_local *local, 1634void ieee80211_recalc_smps_chanctx(struct ieee80211_local *local,
1633 struct ieee80211_chanctx *chanctx); 1635 struct ieee80211_chanctx *chanctx);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 09a80b55cf5a..8be854e86cd9 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -207,17 +207,8 @@ void ieee80211_recalc_idle(struct ieee80211_local *local)
207 207
208static int ieee80211_change_mtu(struct net_device *dev, int new_mtu) 208static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
209{ 209{
210 int meshhdrlen; 210 if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN)
211 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
212
213 meshhdrlen = (sdata->vif.type == NL80211_IFTYPE_MESH_POINT) ? 5 : 0;
214
215 /* FIX: what would be proper limits for MTU?
216 * This interface uses 802.3 frames. */
217 if (new_mtu < 256 ||
218 new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6 - meshhdrlen) {
219 return -EINVAL; 211 return -EINVAL;
220 }
221 212
222 dev->mtu = new_mtu; 213 dev->mtu = new_mtu;
223 return 0; 214 return 0;
@@ -586,11 +577,13 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
586 577
587 switch (sdata->vif.type) { 578 switch (sdata->vif.type) {
588 case NL80211_IFTYPE_AP_VLAN: 579 case NL80211_IFTYPE_AP_VLAN:
589 /* no need to tell driver, but set carrier */ 580 /* no need to tell driver, but set carrier and chanctx */
590 if (rtnl_dereference(sdata->bss->beacon)) 581 if (rtnl_dereference(sdata->bss->beacon)) {
582 ieee80211_vif_vlan_copy_chanctx(sdata);
591 netif_carrier_on(dev); 583 netif_carrier_on(dev);
592 else 584 } else {
593 netif_carrier_off(dev); 585 netif_carrier_off(dev);
586 }
594 break; 587 break;
595 case NL80211_IFTYPE_MONITOR: 588 case NL80211_IFTYPE_MONITOR:
596 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) { 589 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) {
@@ -839,6 +832,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
839 switch (sdata->vif.type) { 832 switch (sdata->vif.type) {
840 case NL80211_IFTYPE_AP_VLAN: 833 case NL80211_IFTYPE_AP_VLAN:
841 list_del(&sdata->u.vlan.list); 834 list_del(&sdata->u.vlan.list);
835 rcu_assign_pointer(sdata->vif.chanctx_conf, NULL);
842 /* no need to tell driver */ 836 /* no need to tell driver */
843 break; 837 break;
844 case NL80211_IFTYPE_MONITOR: 838 case NL80211_IFTYPE_MONITOR:
@@ -865,20 +859,11 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
865 cancel_work_sync(&sdata->work); 859 cancel_work_sync(&sdata->work);
866 /* 860 /*
867 * When we get here, the interface is marked down. 861 * When we get here, the interface is marked down.
868 * Call rcu_barrier() to wait both for the RX path 862 * Call synchronize_rcu() to wait for the RX path
869 * should it be using the interface and enqueuing 863 * should it be using the interface and enqueuing
870 * frames at this very time on another CPU, and 864 * frames at this very time on another CPU.
871 * for the sta free call_rcu callbacks.
872 */
873 rcu_barrier();
874
875 /*
876 * free_sta_rcu() enqueues a work for the actual
877 * sta cleanup, so we need to flush it while
878 * sdata is still valid.
879 */ 865 */
880 flush_workqueue(local->workqueue); 866 synchronize_rcu();
881
882 skb_queue_purge(&sdata->skb_queue); 867 skb_queue_purge(&sdata->skb_queue);
883 868
884 /* 869 /*
@@ -1498,6 +1483,15 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1498 mutex_unlock(&local->iflist_mtx); 1483 mutex_unlock(&local->iflist_mtx);
1499} 1484}
1500 1485
1486static void ieee80211_cleanup_sdata_stas_wk(struct work_struct *wk)
1487{
1488 struct ieee80211_sub_if_data *sdata;
1489
1490 sdata = container_of(wk, struct ieee80211_sub_if_data, cleanup_stations_wk);
1491
1492 ieee80211_cleanup_sdata_stas(sdata);
1493}
1494
1501int ieee80211_if_add(struct ieee80211_local *local, const char *name, 1495int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1502 struct wireless_dev **new_wdev, enum nl80211_iftype type, 1496 struct wireless_dev **new_wdev, enum nl80211_iftype type,
1503 struct vif_params *params) 1497 struct vif_params *params)
@@ -1573,6 +1567,10 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1573 1567
1574 INIT_LIST_HEAD(&sdata->key_list); 1568 INIT_LIST_HEAD(&sdata->key_list);
1575 1569
1570 spin_lock_init(&sdata->cleanup_stations_lock);
1571 INIT_LIST_HEAD(&sdata->cleanup_stations);
1572 INIT_WORK(&sdata->cleanup_stations_wk, ieee80211_cleanup_sdata_stas_wk);
1573
1576 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 1574 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
1577 struct ieee80211_supported_band *sband; 1575 struct ieee80211_supported_band *sband;
1578 sband = local->hw.wiphy->bands[i]; 1576 sband = local->hw.wiphy->bands[i];
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 1bf03f9ff3ba..649ad513547f 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -163,7 +163,7 @@ int mesh_rmc_init(struct ieee80211_sub_if_data *sdata)
163 return -ENOMEM; 163 return -ENOMEM;
164 sdata->u.mesh.rmc->idx_mask = RMC_BUCKETS - 1; 164 sdata->u.mesh.rmc->idx_mask = RMC_BUCKETS - 1;
165 for (i = 0; i < RMC_BUCKETS; i++) 165 for (i = 0; i < RMC_BUCKETS; i++)
166 INIT_LIST_HEAD(&sdata->u.mesh.rmc->bucket[i].list); 166 INIT_LIST_HEAD(&sdata->u.mesh.rmc->bucket[i]);
167 return 0; 167 return 0;
168} 168}
169 169
@@ -177,7 +177,7 @@ void mesh_rmc_free(struct ieee80211_sub_if_data *sdata)
177 return; 177 return;
178 178
179 for (i = 0; i < RMC_BUCKETS; i++) 179 for (i = 0; i < RMC_BUCKETS; i++)
180 list_for_each_entry_safe(p, n, &rmc->bucket[i].list, list) { 180 list_for_each_entry_safe(p, n, &rmc->bucket[i], list) {
181 list_del(&p->list); 181 list_del(&p->list);
182 kmem_cache_free(rm_cache, p); 182 kmem_cache_free(rm_cache, p);
183 } 183 }
@@ -210,7 +210,7 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
210 /* Don't care about endianness since only match matters */ 210 /* Don't care about endianness since only match matters */
211 memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); 211 memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
212 idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask; 212 idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;
213 list_for_each_entry_safe(p, n, &rmc->bucket[idx].list, list) { 213 list_for_each_entry_safe(p, n, &rmc->bucket[idx], list) {
214 ++entries; 214 ++entries;
215 if (time_after(jiffies, p->exp_time) || 215 if (time_after(jiffies, p->exp_time) ||
216 (entries == RMC_QUEUE_MAX_LEN)) { 216 (entries == RMC_QUEUE_MAX_LEN)) {
@@ -229,7 +229,7 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
229 p->seqnum = seqnum; 229 p->seqnum = seqnum;
230 p->exp_time = jiffies + RMC_TIMEOUT; 230 p->exp_time = jiffies + RMC_TIMEOUT;
231 memcpy(p->sa, sa, ETH_ALEN); 231 memcpy(p->sa, sa, ETH_ALEN);
232 list_add(&p->list, &rmc->bucket[idx].list); 232 list_add(&p->list, &rmc->bucket[idx]);
233 return 0; 233 return 0;
234} 234}
235 235
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 7c9215fb2ac8..84c28c6101cd 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -184,7 +184,7 @@ struct rmc_entry {
184}; 184};
185 185
186struct mesh_rmc { 186struct mesh_rmc {
187 struct rmc_entry bucket[RMC_BUCKETS]; 187 struct list_head bucket[RMC_BUCKETS];
188 u32 idx_mask; 188 u32 idx_mask;
189}; 189};
190 190
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 7753a9ca98a6..a3552929a21d 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1074,12 +1074,8 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1074 if (beaconint_us > latency) { 1074 if (beaconint_us > latency) {
1075 local->ps_sdata = NULL; 1075 local->ps_sdata = NULL;
1076 } else { 1076 } else {
1077 struct ieee80211_bss *bss;
1078 int maxslp = 1; 1077 int maxslp = 1;
1079 u8 dtimper; 1078 u8 dtimper = found->u.mgd.dtim_period;
1080
1081 bss = (void *)found->u.mgd.associated->priv;
1082 dtimper = bss->dtim_period;
1083 1079
1084 /* If the TIM IE is invalid, pretend the value is 1 */ 1080 /* If the TIM IE is invalid, pretend the value is 1 */
1085 if (!dtimper) 1081 if (!dtimper)
@@ -1410,10 +1406,17 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1410 1406
1411 ieee80211_led_assoc(local, 1); 1407 ieee80211_led_assoc(local, 1);
1412 1408
1413 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) 1409 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) {
1414 bss_conf->dtim_period = bss->dtim_period; 1410 /*
1415 else 1411 * If the AP is buggy we may get here with no DTIM period
1412 * known, so assume it's 1 which is the only safe assumption
1413 * in that case, although if the TIM IE is broken powersave
1414 * probably just won't work at all.
1415 */
1416 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1417 } else {
1416 bss_conf->dtim_period = 0; 1418 bss_conf->dtim_period = 0;
1419 }
1417 1420
1418 bss_conf->assoc = 1; 1421 bss_conf->assoc = 1;
1419 1422
@@ -1562,6 +1565,8 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1562 1565
1563 sdata->u.mgd.timers_running = 0; 1566 sdata->u.mgd.timers_running = 0;
1564 1567
1568 sdata->vif.bss_conf.dtim_period = 0;
1569
1565 ifmgd->flags = 0; 1570 ifmgd->flags = 0;
1566 ieee80211_vif_release_channel(sdata); 1571 ieee80211_vif_release_channel(sdata);
1567} 1572}
@@ -2373,11 +2378,18 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2373 struct ieee80211_channel *channel; 2378 struct ieee80211_channel *channel;
2374 bool need_ps = false; 2379 bool need_ps = false;
2375 2380
2376 if (sdata->u.mgd.associated && 2381 if ((sdata->u.mgd.associated &&
2377 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) { 2382 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2378 bss = (void *)sdata->u.mgd.associated->priv; 2383 (sdata->u.mgd.assoc_data &&
2384 ether_addr_equal(mgmt->bssid,
2385 sdata->u.mgd.assoc_data->bss->bssid))) {
2379 /* not previously set so we may need to recalc */ 2386 /* not previously set so we may need to recalc */
2380 need_ps = !bss->dtim_period; 2387 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period;
2388
2389 if (elems->tim && !elems->parse_error) {
2390 struct ieee80211_tim_ie *tim_ie = elems->tim;
2391 sdata->u.mgd.dtim_period = tim_ie->dtim_period;
2392 }
2381 } 2393 }
2382 2394
2383 if (elems->ds_params && elems->ds_params_len == 1) 2395 if (elems->ds_params && elems->ds_params_len == 1)
@@ -3896,20 +3908,41 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3896 /* kick off associate process */ 3908 /* kick off associate process */
3897 3909
3898 ifmgd->assoc_data = assoc_data; 3910 ifmgd->assoc_data = assoc_data;
3911 ifmgd->dtim_period = 0;
3899 3912
3900 err = ieee80211_prep_connection(sdata, req->bss, true); 3913 err = ieee80211_prep_connection(sdata, req->bss, true);
3901 if (err) 3914 if (err)
3902 goto err_clear; 3915 goto err_clear;
3903 3916
3904 if (!bss->dtim_period && 3917 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) {
3905 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) { 3918 const struct cfg80211_bss_ies *beacon_ies;
3906 /* 3919
3907 * Wait up to one beacon interval ... 3920 rcu_read_lock();
3908 * should this be more if we miss one? 3921 beacon_ies = rcu_dereference(req->bss->beacon_ies);
3909 */ 3922 if (!beacon_ies) {
3910 sdata_info(sdata, "waiting for beacon from %pM\n", 3923 /*
3911 ifmgd->bssid); 3924 * Wait up to one beacon interval ...
3912 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 3925 * should this be more if we miss one?
3926 */
3927 sdata_info(sdata, "waiting for beacon from %pM\n",
3928 ifmgd->bssid);
3929 assoc_data->timeout =
3930 TU_TO_EXP_TIME(req->bss->beacon_interval);
3931 } else {
3932 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3933 beacon_ies->data,
3934 beacon_ies->len);
3935 if (tim_ie && tim_ie[1] >=
3936 sizeof(struct ieee80211_tim_ie)) {
3937 const struct ieee80211_tim_ie *tim;
3938 tim = (void *)(tim_ie + 2);
3939 ifmgd->dtim_period = tim->dtim_period;
3940 }
3941 assoc_data->have_beacon = true;
3942 assoc_data->sent_assoc = false;
3943 assoc_data->timeout = jiffies;
3944 }
3945 rcu_read_unlock();
3913 } else { 3946 } else {
3914 assoc_data->have_beacon = true; 3947 assoc_data->have_beacon = true;
3915 assoc_data->sent_assoc = false; 3948 assoc_data->sent_assoc = false;
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 8ed83dcc149f..d59fc6818b1c 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -113,18 +113,6 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
113 bss->valid_data |= IEEE80211_BSS_VALID_ERP; 113 bss->valid_data |= IEEE80211_BSS_VALID_ERP;
114 } 114 }
115 115
116 if (elems->tim && (!elems->parse_error ||
117 !(bss->valid_data & IEEE80211_BSS_VALID_DTIM))) {
118 struct ieee80211_tim_ie *tim_ie = elems->tim;
119 bss->dtim_period = tim_ie->dtim_period;
120 if (!elems->parse_error)
121 bss->valid_data |= IEEE80211_BSS_VALID_DTIM;
122 }
123
124 /* If the beacon had no TIM IE, or it was invalid, use 1 */
125 if (beacon && !bss->dtim_period)
126 bss->dtim_period = 1;
127
128 /* replace old supported rates if we get new values */ 116 /* replace old supported rates if we get new values */
129 if (!elems->parse_error || 117 if (!elems->parse_error ||
130 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { 118 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
@@ -832,9 +820,9 @@ int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
832 return res; 820 return res;
833} 821}
834 822
835int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, 823int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
836 const u8 *ssid, u8 ssid_len, 824 const u8 *ssid, u8 ssid_len,
837 struct ieee80211_channel *chan) 825 struct ieee80211_channel *chan)
838{ 826{
839 struct ieee80211_local *local = sdata->local; 827 struct ieee80211_local *local = sdata->local;
840 int ret = -EBUSY; 828 int ret = -EBUSY;
@@ -848,22 +836,36 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
848 836
849 /* fill internal scan request */ 837 /* fill internal scan request */
850 if (!chan) { 838 if (!chan) {
851 int i, nchan = 0; 839 int i, max_n;
840 int n_ch = 0;
852 841
853 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 842 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
854 if (!local->hw.wiphy->bands[band]) 843 if (!local->hw.wiphy->bands[band])
855 continue; 844 continue;
856 for (i = 0; 845
857 i < local->hw.wiphy->bands[band]->n_channels; 846 max_n = local->hw.wiphy->bands[band]->n_channels;
858 i++) { 847 for (i = 0; i < max_n; i++) {
859 local->int_scan_req->channels[nchan] = 848 struct ieee80211_channel *tmp_ch =
860 &local->hw.wiphy->bands[band]->channels[i]; 849 &local->hw.wiphy->bands[band]->channels[i];
861 nchan++; 850
851 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS |
852 IEEE80211_CHAN_DISABLED))
853 continue;
854
855 local->int_scan_req->channels[n_ch] = tmp_ch;
856 n_ch++;
862 } 857 }
863 } 858 }
864 859
865 local->int_scan_req->n_channels = nchan; 860 if (WARN_ON_ONCE(n_ch == 0))
861 goto unlock;
862
863 local->int_scan_req->n_channels = n_ch;
866 } else { 864 } else {
865 if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS |
866 IEEE80211_CHAN_DISABLED)))
867 goto unlock;
868
867 local->int_scan_req->channels[0] = chan; 869 local->int_scan_req->channels[0] = chan;
868 local->int_scan_req->n_channels = 1; 870 local->int_scan_req->n_channels = 1;
869 } 871 }
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f3e502502fee..ca9fde198188 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -91,9 +91,8 @@ static int sta_info_hash_del(struct ieee80211_local *local,
91 return -ENOENT; 91 return -ENOENT;
92} 92}
93 93
94static void free_sta_work(struct work_struct *wk) 94static void cleanup_single_sta(struct sta_info *sta)
95{ 95{
96 struct sta_info *sta = container_of(wk, struct sta_info, free_sta_wk);
97 int ac, i; 96 int ac, i;
98 struct tid_ampdu_tx *tid_tx; 97 struct tid_ampdu_tx *tid_tx;
99 struct ieee80211_sub_if_data *sdata = sta->sdata; 98 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -153,11 +152,35 @@ static void free_sta_work(struct work_struct *wk)
153 sta_info_free(local, sta); 152 sta_info_free(local, sta);
154} 153}
155 154
155void ieee80211_cleanup_sdata_stas(struct ieee80211_sub_if_data *sdata)
156{
157 struct sta_info *sta;
158
159 spin_lock_bh(&sdata->cleanup_stations_lock);
160 while (!list_empty(&sdata->cleanup_stations)) {
161 sta = list_first_entry(&sdata->cleanup_stations,
162 struct sta_info, list);
163 list_del(&sta->list);
164 spin_unlock_bh(&sdata->cleanup_stations_lock);
165
166 cleanup_single_sta(sta);
167
168 spin_lock_bh(&sdata->cleanup_stations_lock);
169 }
170
171 spin_unlock_bh(&sdata->cleanup_stations_lock);
172}
173
156static void free_sta_rcu(struct rcu_head *h) 174static void free_sta_rcu(struct rcu_head *h)
157{ 175{
158 struct sta_info *sta = container_of(h, struct sta_info, rcu_head); 176 struct sta_info *sta = container_of(h, struct sta_info, rcu_head);
177 struct ieee80211_sub_if_data *sdata = sta->sdata;
159 178
160 ieee80211_queue_work(&sta->local->hw, &sta->free_sta_wk); 179 spin_lock(&sdata->cleanup_stations_lock);
180 list_add_tail(&sta->list, &sdata->cleanup_stations);
181 spin_unlock(&sdata->cleanup_stations_lock);
182
183 ieee80211_queue_work(&sdata->local->hw, &sdata->cleanup_stations_wk);
161} 184}
162 185
163/* protected by RCU */ 186/* protected by RCU */
@@ -310,7 +333,6 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
310 333
311 spin_lock_init(&sta->lock); 334 spin_lock_init(&sta->lock);
312 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 335 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
313 INIT_WORK(&sta->free_sta_wk, free_sta_work);
314 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); 336 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
315 mutex_init(&sta->ampdu_mlme.mtx); 337 mutex_init(&sta->ampdu_mlme.mtx);
316 338
@@ -862,7 +884,7 @@ void sta_info_init(struct ieee80211_local *local)
862 884
863void sta_info_stop(struct ieee80211_local *local) 885void sta_info_stop(struct ieee80211_local *local)
864{ 886{
865 del_timer(&local->sta_cleanup); 887 del_timer_sync(&local->sta_cleanup);
866 sta_info_flush(local, NULL); 888 sta_info_flush(local, NULL);
867} 889}
868 890
@@ -891,6 +913,20 @@ int sta_info_flush(struct ieee80211_local *local,
891 } 913 }
892 mutex_unlock(&local->sta_mtx); 914 mutex_unlock(&local->sta_mtx);
893 915
916 rcu_barrier();
917
918 if (sdata) {
919 ieee80211_cleanup_sdata_stas(sdata);
920 cancel_work_sync(&sdata->cleanup_stations_wk);
921 } else {
922 mutex_lock(&local->iflist_mtx);
923 list_for_each_entry(sdata, &local->interfaces, list) {
924 ieee80211_cleanup_sdata_stas(sdata);
925 cancel_work_sync(&sdata->cleanup_stations_wk);
926 }
927 mutex_unlock(&local->iflist_mtx);
928 }
929
894 return ret; 930 return ret;
895} 931}
896 932
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 1489bca9ea97..37c1889afd3a 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -299,7 +299,6 @@ struct sta_info {
299 spinlock_t lock; 299 spinlock_t lock;
300 300
301 struct work_struct drv_unblock_wk; 301 struct work_struct drv_unblock_wk;
302 struct work_struct free_sta_wk;
303 302
304 u16 listen_interval; 303 u16 listen_interval;
305 304
@@ -563,4 +562,6 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta);
563void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta); 562void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta);
564void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta); 563void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta);
565 564
565void ieee80211_cleanup_sdata_stas(struct ieee80211_sub_if_data *sdata);
566
566#endif /* STA_INFO_H */ 567#endif /* STA_INFO_H */
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 14d990400354..b677eab55b68 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -866,8 +866,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
866 /* allow mac80211 to determine the timeout */ 866 /* allow mac80211 to determine the timeout */
867 wdev->ps_timeout = -1; 867 wdev->ps_timeout = -1;
868 868
869 if (!dev->ethtool_ops) 869 netdev_set_default_ethtool_ops(dev, &cfg80211_ethtool_ops);
870 dev->ethtool_ops = &cfg80211_ethtool_ops;
871 870
872 if ((wdev->iftype == NL80211_IFTYPE_STATION || 871 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
873 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT || 872 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT ||