aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h164
-rw-r--r--drivers/net/wireless/ath/ath9k/hif_usb.c1
-rw-r--r--drivers/net/wireless/ath/ath9k/xmit.c10
-rw-r--r--drivers/net/wireless/b43/main.c4
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c2
-rw-r--r--drivers/net/wireless/mwifiex/cfg80211.c7
-rw-r--r--drivers/net/wireless/mwifiex/scan.c13
-rw-r--r--drivers/net/wireless/rt2x00/rt2500usb.c1
-rw-r--r--drivers/net/wireless/rt2x00/rt2800lib.c2
-rw-r--r--drivers/net/wireless/rt2x00/rt2800usb.c1
-rw-r--r--drivers/net/wireless/rt2x00/rt73usb.c1
-rw-r--r--drivers/net/wireless/rtlwifi/usb.c2
-rw-r--r--include/net/cfg80211.h10
-rw-r--r--net/mac80211/cfg.c3
-rw-r--r--net/mac80211/ibss.c2
-rw-r--r--net/mac80211/ieee80211_i.h2
-rw-r--r--net/mac80211/main.c6
-rw-r--r--net/mac80211/mlme.c35
-rw-r--r--net/mac80211/rx.c74
-rw-r--r--net/mac80211/scan.c2
-rw-r--r--net/mac80211/sta_info.c11
-rw-r--r--net/mac80211/status.c9
-rw-r--r--net/mac80211/tx.c9
-rw-r--r--net/mac80211/util.c44
-rw-r--r--net/mac80211/wpa.c11
-rw-r--r--net/wireless/core.c3
-rw-r--r--net/wireless/mlme.c12
-rw-r--r--net/wireless/reg.c10
-rw-r--r--net/wireless/util.c14
29 files changed, 296 insertions, 169 deletions
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h
index 89bf94d4d8a1..6f7cf49eff4d 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h
@@ -534,107 +534,107 @@ static const u32 ar9300_2p2_baseband_core[][2] = {
534 534
535static const u32 ar9300Modes_high_power_tx_gain_table_2p2[][5] = { 535static const u32 ar9300Modes_high_power_tx_gain_table_2p2[][5] = {
536 /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */ 536 /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
537 {0x0000a2dc, 0x000cfff0, 0x000cfff0, 0x03aaa352, 0x03aaa352}, 537 {0x0000a2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352},
538 {0x0000a2e0, 0x000f0000, 0x000f0000, 0x03ccc584, 0x03ccc584}, 538 {0x0000a2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584},
539 {0x0000a2e4, 0x03f00000, 0x03f00000, 0x03f0f800, 0x03f0f800}, 539 {0x0000a2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800},
540 {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, 540 {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
541 {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9}, 541 {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9},
542 {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, 542 {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
543 {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002}, 543 {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002},
544 {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004}, 544 {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004},
545 {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200}, 545 {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200},
546 {0x0000a510, 0x15000028, 0x15000028, 0x0f000202, 0x0f000202}, 546 {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202},
547 {0x0000a514, 0x1b00002b, 0x1b00002b, 0x12000400, 0x12000400}, 547 {0x0000a514, 0x1c000223, 0x1c000223, 0x12000400, 0x12000400},
548 {0x0000a518, 0x1f020028, 0x1f020028, 0x16000402, 0x16000402}, 548 {0x0000a518, 0x21002220, 0x21002220, 0x16000402, 0x16000402},
549 {0x0000a51c, 0x2502002b, 0x2502002b, 0x19000404, 0x19000404}, 549 {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404},
550 {0x0000a520, 0x2a04002a, 0x2a04002a, 0x1c000603, 0x1c000603}, 550 {0x0000a520, 0x2b022220, 0x2b022220, 0x1c000603, 0x1c000603},
551 {0x0000a524, 0x2e06002a, 0x2e06002a, 0x21000a02, 0x21000a02}, 551 {0x0000a524, 0x2f022222, 0x2f022222, 0x21000a02, 0x21000a02},
552 {0x0000a528, 0x3302202d, 0x3302202d, 0x25000a04, 0x25000a04}, 552 {0x0000a528, 0x34022225, 0x34022225, 0x25000a04, 0x25000a04},
553 {0x0000a52c, 0x3804202c, 0x3804202c, 0x28000a20, 0x28000a20}, 553 {0x0000a52c, 0x3a02222a, 0x3a02222a, 0x28000a20, 0x28000a20},
554 {0x0000a530, 0x3c06202c, 0x3c06202c, 0x2c000e20, 0x2c000e20}, 554 {0x0000a530, 0x3e02222c, 0x3e02222c, 0x2c000e20, 0x2c000e20},
555 {0x0000a534, 0x4108202d, 0x4108202d, 0x30000e22, 0x30000e22}, 555 {0x0000a534, 0x4202242a, 0x4202242a, 0x30000e22, 0x30000e22},
556 {0x0000a538, 0x4506402d, 0x4506402d, 0x34000e24, 0x34000e24}, 556 {0x0000a538, 0x4702244a, 0x4702244a, 0x34000e24, 0x34000e24},
557 {0x0000a53c, 0x4906222d, 0x4906222d, 0x38001640, 0x38001640}, 557 {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x38001640, 0x38001640},
558 {0x0000a540, 0x4d062231, 0x4d062231, 0x3c001660, 0x3c001660}, 558 {0x0000a540, 0x4e02246c, 0x4e02246c, 0x3c001660, 0x3c001660},
559 {0x0000a544, 0x50082231, 0x50082231, 0x3f001861, 0x3f001861}, 559 {0x0000a544, 0x52022470, 0x52022470, 0x3f001861, 0x3f001861},
560 {0x0000a548, 0x5608422e, 0x5608422e, 0x43001a81, 0x43001a81}, 560 {0x0000a548, 0x55022490, 0x55022490, 0x43001a81, 0x43001a81},
561 {0x0000a54c, 0x5a08442e, 0x5a08442e, 0x47001a83, 0x47001a83}, 561 {0x0000a54c, 0x59022492, 0x59022492, 0x47001a83, 0x47001a83},
562 {0x0000a550, 0x5e0a4431, 0x5e0a4431, 0x4a001c84, 0x4a001c84}, 562 {0x0000a550, 0x5d022692, 0x5d022692, 0x4a001c84, 0x4a001c84},
563 {0x0000a554, 0x640a4432, 0x640a4432, 0x4e001ce3, 0x4e001ce3}, 563 {0x0000a554, 0x61022892, 0x61022892, 0x4e001ce3, 0x4e001ce3},
564 {0x0000a558, 0x680a4434, 0x680a4434, 0x52001ce5, 0x52001ce5}, 564 {0x0000a558, 0x65024890, 0x65024890, 0x52001ce5, 0x52001ce5},
565 {0x0000a55c, 0x6c0a6434, 0x6c0a6434, 0x56001ce9, 0x56001ce9}, 565 {0x0000a55c, 0x69024892, 0x69024892, 0x56001ce9, 0x56001ce9},
566 {0x0000a560, 0x6f0a6633, 0x6f0a6633, 0x5a001ceb, 0x5a001ceb}, 566 {0x0000a560, 0x6e024c92, 0x6e024c92, 0x5a001ceb, 0x5a001ceb},
567 {0x0000a564, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 567 {0x0000a564, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
568 {0x0000a568, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 568 {0x0000a568, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
569 {0x0000a56c, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 569 {0x0000a56c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
570 {0x0000a570, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 570 {0x0000a570, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
571 {0x0000a574, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 571 {0x0000a574, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
572 {0x0000a578, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 572 {0x0000a578, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
573 {0x0000a57c, 0x730c6634, 0x730c6634, 0x5d001eec, 0x5d001eec}, 573 {0x0000a57c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec},
574 {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000}, 574 {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000},
575 {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002}, 575 {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002},
576 {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004}, 576 {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004},
577 {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200}, 577 {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200},
578 {0x0000a590, 0x15800028, 0x15800028, 0x0f800202, 0x0f800202}, 578 {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202},
579 {0x0000a594, 0x1b80002b, 0x1b80002b, 0x12800400, 0x12800400}, 579 {0x0000a594, 0x1c800223, 0x1c800223, 0x12800400, 0x12800400},
580 {0x0000a598, 0x1f820028, 0x1f820028, 0x16800402, 0x16800402}, 580 {0x0000a598, 0x21802220, 0x21802220, 0x16800402, 0x16800402},
581 {0x0000a59c, 0x2582002b, 0x2582002b, 0x19800404, 0x19800404}, 581 {0x0000a59c, 0x27802223, 0x27802223, 0x19800404, 0x19800404},
582 {0x0000a5a0, 0x2a84002a, 0x2a84002a, 0x1c800603, 0x1c800603}, 582 {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1c800603, 0x1c800603},
583 {0x0000a5a4, 0x2e86002a, 0x2e86002a, 0x21800a02, 0x21800a02}, 583 {0x0000a5a4, 0x2f822222, 0x2f822222, 0x21800a02, 0x21800a02},
584 {0x0000a5a8, 0x3382202d, 0x3382202d, 0x25800a04, 0x25800a04}, 584 {0x0000a5a8, 0x34822225, 0x34822225, 0x25800a04, 0x25800a04},
585 {0x0000a5ac, 0x3884202c, 0x3884202c, 0x28800a20, 0x28800a20}, 585 {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x28800a20, 0x28800a20},
586 {0x0000a5b0, 0x3c86202c, 0x3c86202c, 0x2c800e20, 0x2c800e20}, 586 {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2c800e20, 0x2c800e20},
587 {0x0000a5b4, 0x4188202d, 0x4188202d, 0x30800e22, 0x30800e22}, 587 {0x0000a5b4, 0x4282242a, 0x4282242a, 0x30800e22, 0x30800e22},
588 {0x0000a5b8, 0x4586402d, 0x4586402d, 0x34800e24, 0x34800e24}, 588 {0x0000a5b8, 0x4782244a, 0x4782244a, 0x34800e24, 0x34800e24},
589 {0x0000a5bc, 0x4986222d, 0x4986222d, 0x38801640, 0x38801640}, 589 {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x38801640, 0x38801640},
590 {0x0000a5c0, 0x4d862231, 0x4d862231, 0x3c801660, 0x3c801660}, 590 {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x3c801660, 0x3c801660},
591 {0x0000a5c4, 0x50882231, 0x50882231, 0x3f801861, 0x3f801861}, 591 {0x0000a5c4, 0x52822470, 0x52822470, 0x3f801861, 0x3f801861},
592 {0x0000a5c8, 0x5688422e, 0x5688422e, 0x43801a81, 0x43801a81}, 592 {0x0000a5c8, 0x55822490, 0x55822490, 0x43801a81, 0x43801a81},
593 {0x0000a5cc, 0x5a88442e, 0x5a88442e, 0x47801a83, 0x47801a83}, 593 {0x0000a5cc, 0x59822492, 0x59822492, 0x47801a83, 0x47801a83},
594 {0x0000a5d0, 0x5e8a4431, 0x5e8a4431, 0x4a801c84, 0x4a801c84}, 594 {0x0000a5d0, 0x5d822692, 0x5d822692, 0x4a801c84, 0x4a801c84},
595 {0x0000a5d4, 0x648a4432, 0x648a4432, 0x4e801ce3, 0x4e801ce3}, 595 {0x0000a5d4, 0x61822892, 0x61822892, 0x4e801ce3, 0x4e801ce3},
596 {0x0000a5d8, 0x688a4434, 0x688a4434, 0x52801ce5, 0x52801ce5}, 596 {0x0000a5d8, 0x65824890, 0x65824890, 0x52801ce5, 0x52801ce5},
597 {0x0000a5dc, 0x6c8a6434, 0x6c8a6434, 0x56801ce9, 0x56801ce9}, 597 {0x0000a5dc, 0x69824892, 0x69824892, 0x56801ce9, 0x56801ce9},
598 {0x0000a5e0, 0x6f8a6633, 0x6f8a6633, 0x5a801ceb, 0x5a801ceb}, 598 {0x0000a5e0, 0x6e824c92, 0x6e824c92, 0x5a801ceb, 0x5a801ceb},
599 {0x0000a5e4, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 599 {0x0000a5e4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
600 {0x0000a5e8, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 600 {0x0000a5e8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
601 {0x0000a5ec, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 601 {0x0000a5ec, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
602 {0x0000a5f0, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 602 {0x0000a5f0, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
603 {0x0000a5f4, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 603 {0x0000a5f4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
604 {0x0000a5f8, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 604 {0x0000a5f8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
605 {0x0000a5fc, 0x738c6634, 0x738c6634, 0x5d801eec, 0x5d801eec}, 605 {0x0000a5fc, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec},
606 {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, 606 {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
607 {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, 607 {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
608 {0x0000a608, 0x01804601, 0x01804601, 0x00000000, 0x00000000}, 608 {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
609 {0x0000a60c, 0x01804601, 0x01804601, 0x00000000, 0x00000000}, 609 {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
610 {0x0000a610, 0x01804601, 0x01804601, 0x00000000, 0x00000000}, 610 {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
611 {0x0000a614, 0x01804601, 0x01804601, 0x01404000, 0x01404000}, 611 {0x0000a614, 0x02004000, 0x02004000, 0x01404000, 0x01404000},
612 {0x0000a618, 0x01804601, 0x01804601, 0x01404501, 0x01404501}, 612 {0x0000a618, 0x02004801, 0x02004801, 0x01404501, 0x01404501},
613 {0x0000a61c, 0x01804601, 0x01804601, 0x02008501, 0x02008501}, 613 {0x0000a61c, 0x02808a02, 0x02808a02, 0x02008501, 0x02008501},
614 {0x0000a620, 0x03408d02, 0x03408d02, 0x0280ca03, 0x0280ca03}, 614 {0x0000a620, 0x0380ce03, 0x0380ce03, 0x0280ca03, 0x0280ca03},
615 {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04}, 615 {0x0000a624, 0x04411104, 0x04411104, 0x03010c04, 0x03010c04},
616 {0x0000a628, 0x03410d04, 0x03410d04, 0x04014c04, 0x04014c04}, 616 {0x0000a628, 0x04411104, 0x04411104, 0x04014c04, 0x04014c04},
617 {0x0000a62c, 0x03410d04, 0x03410d04, 0x04015005, 0x04015005}, 617 {0x0000a62c, 0x04411104, 0x04411104, 0x04015005, 0x04015005},
618 {0x0000a630, 0x03410d04, 0x03410d04, 0x04015005, 0x04015005}, 618 {0x0000a630, 0x04411104, 0x04411104, 0x04015005, 0x04015005},
619 {0x0000a634, 0x03410d04, 0x03410d04, 0x04015005, 0x04015005}, 619 {0x0000a634, 0x04411104, 0x04411104, 0x04015005, 0x04015005},
620 {0x0000a638, 0x03410d04, 0x03410d04, 0x04015005, 0x04015005}, 620 {0x0000a638, 0x04411104, 0x04411104, 0x04015005, 0x04015005},
621 {0x0000a63c, 0x03410d04, 0x03410d04, 0x04015005, 0x04015005}, 621 {0x0000a63c, 0x04411104, 0x04411104, 0x04015005, 0x04015005},
622 {0x0000b2dc, 0x000cfff0, 0x000cfff0, 0x03aaa352, 0x03aaa352}, 622 {0x0000b2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352},
623 {0x0000b2e0, 0x000f0000, 0x000f0000, 0x03ccc584, 0x03ccc584}, 623 {0x0000b2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584},
624 {0x0000b2e4, 0x03f00000, 0x03f00000, 0x03f0f800, 0x03f0f800}, 624 {0x0000b2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800},
625 {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, 625 {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
626 {0x0000c2dc, 0x000cfff0, 0x000cfff0, 0x03aaa352, 0x03aaa352}, 626 {0x0000c2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352},
627 {0x0000c2e0, 0x000f0000, 0x000f0000, 0x03ccc584, 0x03ccc584}, 627 {0x0000c2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584},
628 {0x0000c2e4, 0x03f00000, 0x03f00000, 0x03f0f800, 0x03f0f800}, 628 {0x0000c2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800},
629 {0x0000c2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, 629 {0x0000c2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000},
630 {0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4}, 630 {0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4},
631 {0x00016048, 0x61200001, 0x61200001, 0x66480001, 0x66480001}, 631 {0x00016048, 0x66480001, 0x66480001, 0x66480001, 0x66480001},
632 {0x00016068, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c}, 632 {0x00016068, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
633 {0x00016444, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4}, 633 {0x00016444, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4},
634 {0x00016448, 0x61200001, 0x61200001, 0x66480001, 0x66480001}, 634 {0x00016448, 0x66480001, 0x66480001, 0x66480001, 0x66480001},
635 {0x00016468, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c}, 635 {0x00016468, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
636 {0x00016844, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4}, 636 {0x00016844, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4},
637 {0x00016848, 0x61200001, 0x61200001, 0x66480001, 0x66480001}, 637 {0x00016848, 0x66480001, 0x66480001, 0x66480001, 0x66480001},
638 {0x00016868, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c}, 638 {0x00016868, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
639}; 639};
640 640
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index 924c4616c3d9..f5dda84176c3 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -38,6 +38,7 @@ static struct usb_device_id ath9k_hif_usb_ids[] = {
38 { USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */ 38 { USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
39 { USB_DEVICE(0x040D, 0x3801) }, /* VIA */ 39 { USB_DEVICE(0x040D, 0x3801) }, /* VIA */
40 { USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */ 40 { USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */
41 { USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */
41 { USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */ 42 { USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */
42 43
43 { USB_DEVICE(0x0cf3, 0x7015), 44 { USB_DEVICE(0x0cf3, 0x7015),
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index 378bd70256b2..741918a2027b 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -312,6 +312,7 @@ static struct ath_buf *ath_tx_get_buffer(struct ath_softc *sc)
312 } 312 }
313 313
314 bf = list_first_entry(&sc->tx.txbuf, struct ath_buf, list); 314 bf = list_first_entry(&sc->tx.txbuf, struct ath_buf, list);
315 bf->bf_next = NULL;
315 list_del(&bf->list); 316 list_del(&bf->list);
316 317
317 spin_unlock_bh(&sc->tx.txbuflock); 318 spin_unlock_bh(&sc->tx.txbuflock);
@@ -393,7 +394,7 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
393 u16 seq_st = 0, acked_cnt = 0, txfail_cnt = 0, seq_first; 394 u16 seq_st = 0, acked_cnt = 0, txfail_cnt = 0, seq_first;
394 u32 ba[WME_BA_BMP_SIZE >> 5]; 395 u32 ba[WME_BA_BMP_SIZE >> 5];
395 int isaggr, txfail, txpending, sendbar = 0, needreset = 0, nbad = 0; 396 int isaggr, txfail, txpending, sendbar = 0, needreset = 0, nbad = 0;
396 bool rc_update = true; 397 bool rc_update = true, isba;
397 struct ieee80211_tx_rate rates[4]; 398 struct ieee80211_tx_rate rates[4];
398 struct ath_frame_info *fi; 399 struct ath_frame_info *fi;
399 int nframes; 400 int nframes;
@@ -437,13 +438,17 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
437 tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK; 438 tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK;
438 tid = ATH_AN_2_TID(an, tidno); 439 tid = ATH_AN_2_TID(an, tidno);
439 seq_first = tid->seq_start; 440 seq_first = tid->seq_start;
441 isba = ts->ts_flags & ATH9K_TX_BA;
440 442
441 /* 443 /*
442 * The hardware occasionally sends a tx status for the wrong TID. 444 * The hardware occasionally sends a tx status for the wrong TID.
443 * In this case, the BA status cannot be considered valid and all 445 * In this case, the BA status cannot be considered valid and all
444 * subframes need to be retransmitted 446 * subframes need to be retransmitted
447 *
448 * Only BlockAcks have a TID and therefore normal Acks cannot be
449 * checked
445 */ 450 */
446 if (tidno != ts->tid) 451 if (isba && tidno != ts->tid)
447 txok = false; 452 txok = false;
448 453
449 isaggr = bf_isaggr(bf); 454 isaggr = bf_isaggr(bf);
@@ -1774,6 +1779,7 @@ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
1774 list_add_tail(&bf->list, &bf_head); 1779 list_add_tail(&bf->list, &bf_head);
1775 bf->bf_state.bf_type = 0; 1780 bf->bf_state.bf_type = 0;
1776 1781
1782 bf->bf_next = NULL;
1777 bf->bf_lastbf = bf; 1783 bf->bf_lastbf = bf;
1778 ath_tx_fill_desc(sc, bf, txq, fi->framelen); 1784 ath_tx_fill_desc(sc, bf, txq, fi->framelen);
1779 ath_tx_txqaddbuf(sc, txq, &bf_head, false); 1785 ath_tx_txqaddbuf(sc, txq, &bf_head, false);
diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
index 73730e94e0ac..c5a99c8c8168 100644
--- a/drivers/net/wireless/b43/main.c
+++ b/drivers/net/wireless/b43/main.c
@@ -5404,6 +5404,8 @@ static void b43_bcma_remove(struct bcma_device *core)
5404 cancel_work_sync(&wldev->restart_work); 5404 cancel_work_sync(&wldev->restart_work);
5405 5405
5406 B43_WARN_ON(!wl); 5406 B43_WARN_ON(!wl);
5407 if (!wldev->fw.ucode.data)
5408 return; /* NULL if firmware never loaded */
5407 if (wl->current_dev == wldev && wl->hw_registred) { 5409 if (wl->current_dev == wldev && wl->hw_registred) {
5408 b43_leds_stop(wldev); 5410 b43_leds_stop(wldev);
5409 ieee80211_unregister_hw(wl->hw); 5411 ieee80211_unregister_hw(wl->hw);
@@ -5478,6 +5480,8 @@ static void b43_ssb_remove(struct ssb_device *sdev)
5478 cancel_work_sync(&wldev->restart_work); 5480 cancel_work_sync(&wldev->restart_work);
5479 5481
5480 B43_WARN_ON(!wl); 5482 B43_WARN_ON(!wl);
5483 if (!wldev->fw.ucode.data)
5484 return; /* NULL if firmware never loaded */
5481 if (wl->current_dev == wldev && wl->hw_registred) { 5485 if (wl->current_dev == wldev && wl->hw_registred) {
5482 b43_leds_stop(wldev); 5486 b43_leds_stop(wldev);
5483 ieee80211_unregister_hw(wl->hw); 5487 ieee80211_unregister_hw(wl->hw);
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
index 411dfe7c7ff0..a6f1e8166008 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
@@ -3569,7 +3569,7 @@ brcmf_cfg80211_sched_scan_start(struct wiphy *wiphy,
3569 3569
3570 if (!request || !request->n_ssids || !request->n_match_sets) { 3570 if (!request || !request->n_ssids || !request->n_match_sets) {
3571 WL_ERR("Invalid sched scan req!! n_ssids:%d\n", 3571 WL_ERR("Invalid sched scan req!! n_ssids:%d\n",
3572 request->n_ssids); 3572 request ? request->n_ssids : 0);
3573 return -EINVAL; 3573 return -EINVAL;
3574 } 3574 }
3575 3575
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index 0679458a1bac..780d3e168297 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -1825,8 +1825,6 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy,
1825 return -EBUSY; 1825 return -EBUSY;
1826 } 1826 }
1827 1827
1828 priv->scan_request = request;
1829
1830 priv->user_scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), 1828 priv->user_scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg),
1831 GFP_KERNEL); 1829 GFP_KERNEL);
1832 if (!priv->user_scan_cfg) { 1830 if (!priv->user_scan_cfg) {
@@ -1834,6 +1832,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy,
1834 return -ENOMEM; 1832 return -ENOMEM;
1835 } 1833 }
1836 1834
1835 priv->scan_request = request;
1836
1837 priv->user_scan_cfg->num_ssids = request->n_ssids; 1837 priv->user_scan_cfg->num_ssids = request->n_ssids;
1838 priv->user_scan_cfg->ssid_list = request->ssids; 1838 priv->user_scan_cfg->ssid_list = request->ssids;
1839 1839
@@ -1870,6 +1870,9 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy,
1870 ret = mwifiex_scan_networks(priv, priv->user_scan_cfg); 1870 ret = mwifiex_scan_networks(priv, priv->user_scan_cfg);
1871 if (ret) { 1871 if (ret) {
1872 dev_err(priv->adapter->dev, "scan failed: %d\n", ret); 1872 dev_err(priv->adapter->dev, "scan failed: %d\n", ret);
1873 priv->scan_request = NULL;
1874 kfree(priv->user_scan_cfg);
1875 priv->user_scan_cfg = NULL;
1873 return ret; 1876 return ret;
1874 } 1877 }
1875 1878
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index 00b658d3b6ec..9171aaedbccd 100644
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -1843,21 +1843,18 @@ static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv,
1843 struct cfg80211_ssid *req_ssid) 1843 struct cfg80211_ssid *req_ssid)
1844{ 1844{
1845 struct mwifiex_adapter *adapter = priv->adapter; 1845 struct mwifiex_adapter *adapter = priv->adapter;
1846 int ret = 0; 1846 int ret;
1847 struct mwifiex_user_scan_cfg *scan_cfg; 1847 struct mwifiex_user_scan_cfg *scan_cfg;
1848 1848
1849 if (!req_ssid)
1850 return -1;
1851
1852 if (adapter->scan_processing) { 1849 if (adapter->scan_processing) {
1853 dev_dbg(adapter->dev, "cmd: Scan already in process...\n"); 1850 dev_err(adapter->dev, "cmd: Scan already in process...\n");
1854 return ret; 1851 return -EBUSY;
1855 } 1852 }
1856 1853
1857 if (priv->scan_block) { 1854 if (priv->scan_block) {
1858 dev_dbg(adapter->dev, 1855 dev_err(adapter->dev,
1859 "cmd: Scan is blocked during association...\n"); 1856 "cmd: Scan is blocked during association...\n");
1860 return ret; 1857 return -EBUSY;
1861 } 1858 }
1862 1859
1863 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL); 1860 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL);
diff --git a/drivers/net/wireless/rt2x00/rt2500usb.c b/drivers/net/wireless/rt2x00/rt2500usb.c
index a12e84f892be..6b2e1e431dd2 100644
--- a/drivers/net/wireless/rt2x00/rt2500usb.c
+++ b/drivers/net/wireless/rt2x00/rt2500usb.c
@@ -1988,6 +1988,7 @@ static struct usb_driver rt2500usb_driver = {
1988 .disconnect = rt2x00usb_disconnect, 1988 .disconnect = rt2x00usb_disconnect,
1989 .suspend = rt2x00usb_suspend, 1989 .suspend = rt2x00usb_suspend,
1990 .resume = rt2x00usb_resume, 1990 .resume = rt2x00usb_resume,
1991 .reset_resume = rt2x00usb_resume,
1991 .disable_hub_initiated_lpm = 1, 1992 .disable_hub_initiated_lpm = 1,
1992}; 1993};
1993 1994
diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
index 01dc8891070c..59474ae0aec0 100644
--- a/drivers/net/wireless/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
@@ -2449,7 +2449,7 @@ static int rt2800_get_gain_calibration_delta(struct rt2x00_dev *rt2x00dev)
2449 /* 2449 /*
2450 * Check if temperature compensation is supported. 2450 * Check if temperature compensation is supported.
2451 */ 2451 */
2452 if (tssi_bounds[4] == 0xff) 2452 if (tssi_bounds[4] == 0xff || step == 0xff)
2453 return 0; 2453 return 0;
2454 2454
2455 /* 2455 /*
diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c
index c9e9370eb789..3b8fb5a603f2 100644
--- a/drivers/net/wireless/rt2x00/rt2800usb.c
+++ b/drivers/net/wireless/rt2x00/rt2800usb.c
@@ -1282,6 +1282,7 @@ static struct usb_driver rt2800usb_driver = {
1282 .disconnect = rt2x00usb_disconnect, 1282 .disconnect = rt2x00usb_disconnect,
1283 .suspend = rt2x00usb_suspend, 1283 .suspend = rt2x00usb_suspend,
1284 .resume = rt2x00usb_resume, 1284 .resume = rt2x00usb_resume,
1285 .reset_resume = rt2x00usb_resume,
1285 .disable_hub_initiated_lpm = 1, 1286 .disable_hub_initiated_lpm = 1,
1286}; 1287};
1287 1288
diff --git a/drivers/net/wireless/rt2x00/rt73usb.c b/drivers/net/wireless/rt2x00/rt73usb.c
index e5eb43b3eee7..24eec66e9fd2 100644
--- a/drivers/net/wireless/rt2x00/rt73usb.c
+++ b/drivers/net/wireless/rt2x00/rt73usb.c
@@ -2535,6 +2535,7 @@ static struct usb_driver rt73usb_driver = {
2535 .disconnect = rt2x00usb_disconnect, 2535 .disconnect = rt2x00usb_disconnect,
2536 .suspend = rt2x00usb_suspend, 2536 .suspend = rt2x00usb_suspend,
2537 .resume = rt2x00usb_resume, 2537 .resume = rt2x00usb_resume,
2538 .reset_resume = rt2x00usb_resume,
2538 .disable_hub_initiated_lpm = 1, 2539 .disable_hub_initiated_lpm = 1,
2539}; 2540};
2540 2541
diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c
index 030beb45d8b0..e3ea4b346889 100644
--- a/drivers/net/wireless/rtlwifi/usb.c
+++ b/drivers/net/wireless/rtlwifi/usb.c
@@ -673,7 +673,7 @@ static int rtl_usb_start(struct ieee80211_hw *hw)
673 set_hal_start(rtlhal); 673 set_hal_start(rtlhal);
674 674
675 /* Start bulk IN */ 675 /* Start bulk IN */
676 _rtl_usb_receive(hw); 676 err = _rtl_usb_receive(hw);
677 } 677 }
678 678
679 return err; 679 return err;
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 1b4989082244..7d5b6000378b 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1218,6 +1218,7 @@ struct cfg80211_deauth_request {
1218 const u8 *ie; 1218 const u8 *ie;
1219 size_t ie_len; 1219 size_t ie_len;
1220 u16 reason_code; 1220 u16 reason_code;
1221 bool local_state_change;
1221}; 1222};
1222 1223
1223/** 1224/**
@@ -2651,6 +2652,15 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb);
2651unsigned int __attribute_const__ ieee80211_hdrlen(__le16 fc); 2652unsigned int __attribute_const__ ieee80211_hdrlen(__le16 fc);
2652 2653
2653/** 2654/**
2655 * ieee80211_get_mesh_hdrlen - get mesh extension header length
2656 * @meshhdr: the mesh extension header, only the flags field
2657 * (first byte) will be accessed
2658 * Returns the length of the extension header, which is always at
2659 * least 6 bytes and at most 18 if address 5 and 6 are present.
2660 */
2661unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr);
2662
2663/**
2654 * DOC: Data path helpers 2664 * DOC: Data path helpers
2655 * 2665 *
2656 * In addition to generic utilities, cfg80211 also offers 2666 * In addition to generic utilities, cfg80211 also offers
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 05f3a313db88..7371f676cf41 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2594,6 +2594,9 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
2594 else 2594 else
2595 local->probe_req_reg--; 2595 local->probe_req_reg--;
2596 2596
2597 if (!local->open_count)
2598 break;
2599
2597 ieee80211_queue_work(&local->hw, &local->reconfig_filter); 2600 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
2598 break; 2601 break;
2599 default: 2602 default:
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 5f3620f0bc0a..bf87c70ac6c5 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1108,7 +1108,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1108 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 1108 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
1109 sdata->u.ibss.ibss_join_req = jiffies; 1109 sdata->u.ibss.ibss_join_req = jiffies;
1110 1110
1111 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); 1111 memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len);
1112 sdata->u.ibss.ssid_len = params->ssid_len; 1112 sdata->u.ibss.ssid_len = params->ssid_len;
1113 1113
1114 mutex_unlock(&sdata->u.ibss.mtx); 1114 mutex_unlock(&sdata->u.ibss.mtx);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 8c804550465b..156e5835e37f 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1314,6 +1314,8 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1314 struct net_device *dev); 1314 struct net_device *dev);
1315netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, 1315netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1316 struct net_device *dev); 1316 struct net_device *dev);
1317void ieee80211_purge_tx_queue(struct ieee80211_hw *hw,
1318 struct sk_buff_head *skbs);
1317 1319
1318/* HT */ 1320/* HT */
1319void ieee80211_apply_htcap_overrides(struct ieee80211_sub_if_data *sdata, 1321void ieee80211_apply_htcap_overrides(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c80c4490351c..f57f597972f8 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -871,8 +871,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
871 local->hw.wiphy->cipher_suites, 871 local->hw.wiphy->cipher_suites,
872 sizeof(u32) * local->hw.wiphy->n_cipher_suites, 872 sizeof(u32) * local->hw.wiphy->n_cipher_suites,
873 GFP_KERNEL); 873 GFP_KERNEL);
874 if (!suites) 874 if (!suites) {
875 return -ENOMEM; 875 result = -ENOMEM;
876 goto fail_wiphy_register;
877 }
876 for (r = 0; r < local->hw.wiphy->n_cipher_suites; r++) { 878 for (r = 0; r < local->hw.wiphy->n_cipher_suites; r++) {
877 u32 suite = local->hw.wiphy->cipher_suites[r]; 879 u32 suite = local->hw.wiphy->cipher_suites[r];
878 if (suite == WLAN_CIPHER_SUITE_WEP40 || 880 if (suite == WLAN_CIPHER_SUITE_WEP40 ||
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index e714ed8bb198..1b7eed252fe9 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3099,22 +3099,32 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3099 ht_cfreq, ht_oper->primary_chan, 3099 ht_cfreq, ht_oper->primary_chan,
3100 cbss->channel->band); 3100 cbss->channel->band);
3101 ht_oper = NULL; 3101 ht_oper = NULL;
3102 } else {
3103 channel_type = NL80211_CHAN_HT20;
3102 } 3104 }
3103 } 3105 }
3104 3106
3105 if (ht_oper) { 3107 if (ht_oper && sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
3106 channel_type = NL80211_CHAN_HT20; 3108 /*
3109 * cfg80211 already verified that the channel itself can
3110 * be used, but it didn't check that we can do the right
3111 * HT type, so do that here as well. If HT40 isn't allowed
3112 * on this channel, disable 40 MHz operation.
3113 */
3107 3114
3108 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 3115 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
3109 switch (ht_oper->ht_param & 3116 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
3110 IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 3117 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40PLUS)
3111 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 3118 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3119 else
3112 channel_type = NL80211_CHAN_HT40PLUS; 3120 channel_type = NL80211_CHAN_HT40PLUS;
3113 break; 3121 break;
3114 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 3122 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
3123 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40MINUS)
3124 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3125 else
3115 channel_type = NL80211_CHAN_HT40MINUS; 3126 channel_type = NL80211_CHAN_HT40MINUS;
3116 break; 3127 break;
3117 }
3118 } 3128 }
3119 } 3129 }
3120 3130
@@ -3549,6 +3559,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3549{ 3559{
3550 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3560 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3551 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3561 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3562 bool tx = !req->local_state_change;
3552 3563
3553 mutex_lock(&ifmgd->mtx); 3564 mutex_lock(&ifmgd->mtx);
3554 3565
@@ -3565,12 +3576,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3565 if (ifmgd->associated && 3576 if (ifmgd->associated &&
3566 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 3577 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
3567 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3578 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3568 req->reason_code, true, frame_buf); 3579 req->reason_code, tx, frame_buf);
3569 } else { 3580 } else {
3570 drv_mgd_prepare_tx(sdata->local, sdata); 3581 drv_mgd_prepare_tx(sdata->local, sdata);
3571 ieee80211_send_deauth_disassoc(sdata, req->bssid, 3582 ieee80211_send_deauth_disassoc(sdata, req->bssid,
3572 IEEE80211_STYPE_DEAUTH, 3583 IEEE80211_STYPE_DEAUTH,
3573 req->reason_code, true, 3584 req->reason_code, tx,
3574 frame_buf); 3585 frame_buf);
3575 } 3586 }
3576 3587
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 61c621e9273f..00ade7feb2e3 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -531,6 +531,11 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
531 531
532 if (ieee80211_is_action(hdr->frame_control)) { 532 if (ieee80211_is_action(hdr->frame_control)) {
533 u8 category; 533 u8 category;
534
535 /* make sure category field is present */
536 if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
537 return RX_DROP_MONITOR;
538
534 mgmt = (struct ieee80211_mgmt *)hdr; 539 mgmt = (struct ieee80211_mgmt *)hdr;
535 category = mgmt->u.action.category; 540 category = mgmt->u.action.category;
536 if (category != WLAN_CATEGORY_MESH_ACTION && 541 if (category != WLAN_CATEGORY_MESH_ACTION &&
@@ -883,14 +888,16 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
883 */ 888 */
884 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION && 889 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
885 ieee80211_is_data_present(hdr->frame_control)) { 890 ieee80211_is_data_present(hdr->frame_control)) {
886 u16 ethertype; 891 unsigned int hdrlen;
887 u8 *payload; 892 __be16 ethertype;
888 893
889 payload = rx->skb->data + 894 hdrlen = ieee80211_hdrlen(hdr->frame_control);
890 ieee80211_hdrlen(hdr->frame_control); 895
891 ethertype = (payload[6] << 8) | payload[7]; 896 if (rx->skb->len < hdrlen + 8)
892 if (cpu_to_be16(ethertype) == 897 return RX_DROP_MONITOR;
893 rx->sdata->control_port_protocol) 898
899 skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2);
900 if (ethertype == rx->sdata->control_port_protocol)
894 return RX_CONTINUE; 901 return RX_CONTINUE;
895 } 902 }
896 903
@@ -1462,11 +1469,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1462 1469
1463 hdr = (struct ieee80211_hdr *)rx->skb->data; 1470 hdr = (struct ieee80211_hdr *)rx->skb->data;
1464 fc = hdr->frame_control; 1471 fc = hdr->frame_control;
1472
1473 if (ieee80211_is_ctl(fc))
1474 return RX_CONTINUE;
1475
1465 sc = le16_to_cpu(hdr->seq_ctrl); 1476 sc = le16_to_cpu(hdr->seq_ctrl);
1466 frag = sc & IEEE80211_SCTL_FRAG; 1477 frag = sc & IEEE80211_SCTL_FRAG;
1467 1478
1468 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || 1479 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
1469 (rx->skb)->len < 24 ||
1470 is_multicast_ether_addr(hdr->addr1))) { 1480 is_multicast_ether_addr(hdr->addr1))) {
1471 /* not fragmented */ 1481 /* not fragmented */
1472 goto out; 1482 goto out;
@@ -1889,6 +1899,20 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1889 1899
1890 hdr = (struct ieee80211_hdr *) skb->data; 1900 hdr = (struct ieee80211_hdr *) skb->data;
1891 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1901 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1902
1903 /* make sure fixed part of mesh header is there, also checks skb len */
1904 if (!pskb_may_pull(rx->skb, hdrlen + 6))
1905 return RX_DROP_MONITOR;
1906
1907 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1908
1909 /* make sure full mesh header is there, also checks skb len */
1910 if (!pskb_may_pull(rx->skb,
1911 hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr)))
1912 return RX_DROP_MONITOR;
1913
1914 /* reload pointers */
1915 hdr = (struct ieee80211_hdr *) skb->data;
1892 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1916 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1893 1917
1894 /* frame is in RMC, don't forward */ 1918 /* frame is in RMC, don't forward */
@@ -1897,7 +1921,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1897 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata)) 1921 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
1898 return RX_DROP_MONITOR; 1922 return RX_DROP_MONITOR;
1899 1923
1900 if (!ieee80211_is_data(hdr->frame_control)) 1924 if (!ieee80211_is_data(hdr->frame_control) ||
1925 !(status->rx_flags & IEEE80211_RX_RA_MATCH))
1901 return RX_CONTINUE; 1926 return RX_CONTINUE;
1902 1927
1903 if (!mesh_hdr->ttl) 1928 if (!mesh_hdr->ttl)
@@ -1911,9 +1936,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1911 if (is_multicast_ether_addr(hdr->addr1)) { 1936 if (is_multicast_ether_addr(hdr->addr1)) {
1912 mpp_addr = hdr->addr3; 1937 mpp_addr = hdr->addr3;
1913 proxied_addr = mesh_hdr->eaddr1; 1938 proxied_addr = mesh_hdr->eaddr1;
1914 } else { 1939 } else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
1940 /* has_a4 already checked in ieee80211_rx_mesh_check */
1915 mpp_addr = hdr->addr4; 1941 mpp_addr = hdr->addr4;
1916 proxied_addr = mesh_hdr->eaddr2; 1942 proxied_addr = mesh_hdr->eaddr2;
1943 } else {
1944 return RX_DROP_MONITOR;
1917 } 1945 }
1918 1946
1919 rcu_read_lock(); 1947 rcu_read_lock();
@@ -1941,12 +1969,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1941 } 1969 }
1942 skb_set_queue_mapping(skb, q); 1970 skb_set_queue_mapping(skb, q);
1943 1971
1944 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1945 goto out;
1946
1947 if (!--mesh_hdr->ttl) { 1972 if (!--mesh_hdr->ttl) {
1948 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl); 1973 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
1949 return RX_DROP_MONITOR; 1974 goto out;
1950 } 1975 }
1951 1976
1952 if (!ifmsh->mshcfg.dot11MeshForwarding) 1977 if (!ifmsh->mshcfg.dot11MeshForwarding)
@@ -2353,6 +2378,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2353 } 2378 }
2354 break; 2379 break;
2355 case WLAN_CATEGORY_SELF_PROTECTED: 2380 case WLAN_CATEGORY_SELF_PROTECTED:
2381 if (len < (IEEE80211_MIN_ACTION_SIZE +
2382 sizeof(mgmt->u.action.u.self_prot.action_code)))
2383 break;
2384
2356 switch (mgmt->u.action.u.self_prot.action_code) { 2385 switch (mgmt->u.action.u.self_prot.action_code) {
2357 case WLAN_SP_MESH_PEERING_OPEN: 2386 case WLAN_SP_MESH_PEERING_OPEN:
2358 case WLAN_SP_MESH_PEERING_CLOSE: 2387 case WLAN_SP_MESH_PEERING_CLOSE:
@@ -2371,6 +2400,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2371 } 2400 }
2372 break; 2401 break;
2373 case WLAN_CATEGORY_MESH_ACTION: 2402 case WLAN_CATEGORY_MESH_ACTION:
2403 if (len < (IEEE80211_MIN_ACTION_SIZE +
2404 sizeof(mgmt->u.action.u.mesh_action.action_code)))
2405 break;
2406
2374 if (!ieee80211_vif_is_mesh(&sdata->vif)) 2407 if (!ieee80211_vif_is_mesh(&sdata->vif))
2375 break; 2408 break;
2376 if (mesh_action_is_path_sel(mgmt) && 2409 if (mesh_action_is_path_sel(mgmt) &&
@@ -2913,10 +2946,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2913 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc)) 2946 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2914 local->dot11ReceivedFragmentCount++; 2947 local->dot11ReceivedFragmentCount++;
2915 2948
2916 if (ieee80211_is_mgmt(fc)) 2949 if (ieee80211_is_mgmt(fc)) {
2917 err = skb_linearize(skb); 2950 /* drop frame if too short for header */
2918 else 2951 if (skb->len < ieee80211_hdrlen(fc))
2952 err = -ENOBUFS;
2953 else
2954 err = skb_linearize(skb);
2955 } else {
2919 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc)); 2956 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
2957 }
2920 2958
2921 if (err) { 2959 if (err) {
2922 dev_kfree_skb(skb); 2960 dev_kfree_skb(skb);
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index c4cdbde24fd3..43e60b5a7546 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -917,7 +917,7 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
917 struct cfg80211_sched_scan_request *req) 917 struct cfg80211_sched_scan_request *req)
918{ 918{
919 struct ieee80211_local *local = sdata->local; 919 struct ieee80211_local *local = sdata->local;
920 struct ieee80211_sched_scan_ies sched_scan_ies; 920 struct ieee80211_sched_scan_ies sched_scan_ies = {};
921 int ret, i; 921 int ret, i;
922 922
923 mutex_lock(&local->mtx); 923 mutex_lock(&local->mtx);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 0a4e4c04db89..d2eb64e12353 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -117,8 +117,8 @@ static void free_sta_work(struct work_struct *wk)
117 117
118 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 118 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
119 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]); 119 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
120 __skb_queue_purge(&sta->ps_tx_buf[ac]); 120 ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
121 __skb_queue_purge(&sta->tx_filtered[ac]); 121 ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
122 } 122 }
123 123
124#ifdef CONFIG_MAC80211_MESH 124#ifdef CONFIG_MAC80211_MESH
@@ -141,7 +141,7 @@ static void free_sta_work(struct work_struct *wk)
141 tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]); 141 tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
142 if (!tid_tx) 142 if (!tid_tx)
143 continue; 143 continue;
144 __skb_queue_purge(&tid_tx->pending); 144 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
145 kfree(tid_tx); 145 kfree(tid_tx);
146 } 146 }
147 147
@@ -961,6 +961,7 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
961 struct ieee80211_local *local = sdata->local; 961 struct ieee80211_local *local = sdata->local;
962 struct sk_buff_head pending; 962 struct sk_buff_head pending;
963 int filtered = 0, buffered = 0, ac; 963 int filtered = 0, buffered = 0, ac;
964 unsigned long flags;
964 965
965 clear_sta_flag(sta, WLAN_STA_SP); 966 clear_sta_flag(sta, WLAN_STA_SP);
966 967
@@ -976,12 +977,16 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
976 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 977 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
977 int count = skb_queue_len(&pending), tmp; 978 int count = skb_queue_len(&pending), tmp;
978 979
980 spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
979 skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending); 981 skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
982 spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
980 tmp = skb_queue_len(&pending); 983 tmp = skb_queue_len(&pending);
981 filtered += tmp - count; 984 filtered += tmp - count;
982 count = tmp; 985 count = tmp;
983 986
987 spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
984 skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending); 988 skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
989 spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
985 tmp = skb_queue_len(&pending); 990 tmp = skb_queue_len(&pending);
986 buffered += tmp - count; 991 buffered += tmp - count;
987 } 992 }
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 3af0cc4130f1..101eb88a2b78 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -668,3 +668,12 @@ void ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb)
668 dev_kfree_skb_any(skb); 668 dev_kfree_skb_any(skb);
669} 669}
670EXPORT_SYMBOL(ieee80211_free_txskb); 670EXPORT_SYMBOL(ieee80211_free_txskb);
671
672void ieee80211_purge_tx_queue(struct ieee80211_hw *hw,
673 struct sk_buff_head *skbs)
674{
675 struct sk_buff *skb;
676
677 while ((skb = __skb_dequeue(skbs)))
678 ieee80211_free_txskb(hw, skb);
679}
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index c9bf83f36657..b858ebe41fda 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1358,7 +1358,7 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1358 if (tx->skb) 1358 if (tx->skb)
1359 ieee80211_free_txskb(&tx->local->hw, tx->skb); 1359 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1360 else 1360 else
1361 __skb_queue_purge(&tx->skbs); 1361 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1362 return -1; 1362 return -1;
1363 } else if (unlikely(res == TX_QUEUED)) { 1363 } else if (unlikely(res == TX_QUEUED)) {
1364 I802_DEBUG_INC(tx->local->tx_handlers_queued); 1364 I802_DEBUG_INC(tx->local->tx_handlers_queued);
@@ -2120,10 +2120,13 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
2120 */ 2120 */
2121void ieee80211_clear_tx_pending(struct ieee80211_local *local) 2121void ieee80211_clear_tx_pending(struct ieee80211_local *local)
2122{ 2122{
2123 struct sk_buff *skb;
2123 int i; 2124 int i;
2124 2125
2125 for (i = 0; i < local->hw.queues; i++) 2126 for (i = 0; i < local->hw.queues; i++) {
2126 skb_queue_purge(&local->pending[i]); 2127 while ((skb = skb_dequeue(&local->pending[i])) != NULL)
2128 ieee80211_free_txskb(&local->hw, skb);
2129 }
2127} 2130}
2128 2131
2129/* 2132/*
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 94e586873979..0151ae33c4cd 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -643,13 +643,41 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
643 break; 643 break;
644 } 644 }
645 645
646 if (id != WLAN_EID_VENDOR_SPECIFIC && 646 switch (id) {
647 id != WLAN_EID_QUIET && 647 case WLAN_EID_SSID:
648 test_bit(id, seen_elems)) { 648 case WLAN_EID_SUPP_RATES:
649 elems->parse_error = true; 649 case WLAN_EID_FH_PARAMS:
650 left -= elen; 650 case WLAN_EID_DS_PARAMS:
651 pos += elen; 651 case WLAN_EID_CF_PARAMS:
652 continue; 652 case WLAN_EID_TIM:
653 case WLAN_EID_IBSS_PARAMS:
654 case WLAN_EID_CHALLENGE:
655 case WLAN_EID_RSN:
656 case WLAN_EID_ERP_INFO:
657 case WLAN_EID_EXT_SUPP_RATES:
658 case WLAN_EID_HT_CAPABILITY:
659 case WLAN_EID_HT_OPERATION:
660 case WLAN_EID_VHT_CAPABILITY:
661 case WLAN_EID_VHT_OPERATION:
662 case WLAN_EID_MESH_ID:
663 case WLAN_EID_MESH_CONFIG:
664 case WLAN_EID_PEER_MGMT:
665 case WLAN_EID_PREQ:
666 case WLAN_EID_PREP:
667 case WLAN_EID_PERR:
668 case WLAN_EID_RANN:
669 case WLAN_EID_CHANNEL_SWITCH:
670 case WLAN_EID_EXT_CHANSWITCH_ANN:
671 case WLAN_EID_COUNTRY:
672 case WLAN_EID_PWR_CONSTRAINT:
673 case WLAN_EID_TIMEOUT_INTERVAL:
674 if (test_bit(id, seen_elems)) {
675 elems->parse_error = true;
676 left -= elen;
677 pos += elen;
678 continue;
679 }
680 break;
653 } 681 }
654 682
655 if (calc_crc && id < 64 && (filter & (1ULL << id))) 683 if (calc_crc && id < 64 && (filter & (1ULL << id)))
@@ -1463,6 +1491,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1463 list_for_each_entry(sdata, &local->interfaces, list) { 1491 list_for_each_entry(sdata, &local->interfaces, list) {
1464 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1492 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1465 continue; 1493 continue;
1494 if (!sdata->u.mgd.associated)
1495 continue;
1466 1496
1467 ieee80211_send_nullfunc(local, sdata, 0); 1497 ieee80211_send_nullfunc(local, sdata, 0);
1468 } 1498 }
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index e72562a18bad..8bd2f5c6a56e 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -546,14 +546,19 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
546 546
547static void bip_aad(struct sk_buff *skb, u8 *aad) 547static void bip_aad(struct sk_buff *skb, u8 *aad)
548{ 548{
549 __le16 mask_fc;
550 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
551
549 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 552 /* BIP AAD: FC(masked) || A1 || A2 || A3 */
550 553
551 /* FC type/subtype */ 554 /* FC type/subtype */
552 aad[0] = skb->data[0];
553 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 555 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
554 aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6)); 556 mask_fc = hdr->frame_control;
557 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
558 IEEE80211_FCTL_MOREDATA);
559 put_unaligned(mask_fc, (__le16 *) &aad[0]);
555 /* A1 || A2 || A3 */ 560 /* A1 || A2 || A3 */
556 memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN); 561 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
557} 562}
558 563
559 564
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 443d4d7deea2..3f7253052088 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -526,8 +526,7 @@ int wiphy_register(struct wiphy *wiphy)
526 for (i = 0; i < sband->n_channels; i++) { 526 for (i = 0; i < sband->n_channels; i++) {
527 sband->channels[i].orig_flags = 527 sband->channels[i].orig_flags =
528 sband->channels[i].flags; 528 sband->channels[i].flags;
529 sband->channels[i].orig_mag = 529 sband->channels[i].orig_mag = INT_MAX;
530 sband->channels[i].max_antenna_gain;
531 sband->channels[i].orig_mpwr = 530 sband->channels[i].orig_mpwr =
532 sband->channels[i].max_power; 531 sband->channels[i].max_power;
533 sband->channels[i].band = band; 532 sband->channels[i].band = band;
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 8016fee0752b..904a7f368325 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -457,20 +457,14 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
457 .reason_code = reason, 457 .reason_code = reason,
458 .ie = ie, 458 .ie = ie,
459 .ie_len = ie_len, 459 .ie_len = ie_len,
460 .local_state_change = local_state_change,
460 }; 461 };
461 462
462 ASSERT_WDEV_LOCK(wdev); 463 ASSERT_WDEV_LOCK(wdev);
463 464
464 if (local_state_change) { 465 if (local_state_change && (!wdev->current_bss ||
465 if (wdev->current_bss && 466 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
466 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) {
467 cfg80211_unhold_bss(wdev->current_bss);
468 cfg80211_put_bss(&wdev->current_bss->pub);
469 wdev->current_bss = NULL;
470 }
471
472 return 0; 467 return 0;
473 }
474 468
475 return rdev->ops->deauth(&rdev->wiphy, dev, &req); 469 return rdev->ops->deauth(&rdev->wiphy, dev, &req);
476} 470}
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 3b8cbbc214db..b75756b05af7 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -141,9 +141,8 @@ static const struct ieee80211_regdomain world_regdom = {
141 .reg_rules = { 141 .reg_rules = {
142 /* IEEE 802.11b/g, channels 1..11 */ 142 /* IEEE 802.11b/g, channels 1..11 */
143 REG_RULE(2412-10, 2462+10, 40, 6, 20, 0), 143 REG_RULE(2412-10, 2462+10, 40, 6, 20, 0),
144 /* IEEE 802.11b/g, channels 12..13. No HT40 144 /* IEEE 802.11b/g, channels 12..13. */
145 * channel fits here. */ 145 REG_RULE(2467-10, 2472+10, 40, 6, 20,
146 REG_RULE(2467-10, 2472+10, 20, 6, 20,
147 NL80211_RRF_PASSIVE_SCAN | 146 NL80211_RRF_PASSIVE_SCAN |
148 NL80211_RRF_NO_IBSS), 147 NL80211_RRF_NO_IBSS),
149 /* IEEE 802.11 channel 14 - Only JP enables 148 /* IEEE 802.11 channel 14 - Only JP enables
@@ -908,7 +907,7 @@ static void handle_channel(struct wiphy *wiphy,
908 map_regdom_flags(reg_rule->flags) | bw_flags; 907 map_regdom_flags(reg_rule->flags) | bw_flags;
909 chan->max_antenna_gain = chan->orig_mag = 908 chan->max_antenna_gain = chan->orig_mag =
910 (int) MBI_TO_DBI(power_rule->max_antenna_gain); 909 (int) MBI_TO_DBI(power_rule->max_antenna_gain);
911 chan->max_power = chan->orig_mpwr = 910 chan->max_reg_power = chan->max_power = chan->orig_mpwr =
912 (int) MBM_TO_DBM(power_rule->max_eirp); 911 (int) MBM_TO_DBM(power_rule->max_eirp);
913 return; 912 return;
914 } 913 }
@@ -1331,7 +1330,8 @@ static void handle_channel_custom(struct wiphy *wiphy,
1331 1330
1332 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags; 1331 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags;
1333 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain); 1332 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain);
1334 chan->max_power = (int) MBM_TO_DBM(power_rule->max_eirp); 1333 chan->max_reg_power = chan->max_power =
1334 (int) MBM_TO_DBM(power_rule->max_eirp);
1335} 1335}
1336 1336
1337static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band, 1337static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band,
diff --git a/net/wireless/util.c b/net/wireless/util.c
index ef35f4ef2aa6..2762e8329986 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -309,23 +309,21 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
309} 309}
310EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 310EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
311 311
312static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) 312unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
313{ 313{
314 int ae = meshhdr->flags & MESH_FLAGS_AE; 314 int ae = meshhdr->flags & MESH_FLAGS_AE;
315 /* 7.1.3.5a.2 */ 315 /* 802.11-2012, 8.2.4.7.3 */
316 switch (ae) { 316 switch (ae) {
317 default:
317 case 0: 318 case 0:
318 return 6; 319 return 6;
319 case MESH_FLAGS_AE_A4: 320 case MESH_FLAGS_AE_A4:
320 return 12; 321 return 12;
321 case MESH_FLAGS_AE_A5_A6: 322 case MESH_FLAGS_AE_A5_A6:
322 return 18; 323 return 18;
323 case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6):
324 return 24;
325 default:
326 return 6;
327 } 324 }
328} 325}
326EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen);
329 327
330int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, 328int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
331 enum nl80211_iftype iftype) 329 enum nl80211_iftype iftype)
@@ -373,6 +371,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
373 /* make sure meshdr->flags is on the linear part */ 371 /* make sure meshdr->flags is on the linear part */
374 if (!pskb_may_pull(skb, hdrlen + 1)) 372 if (!pskb_may_pull(skb, hdrlen + 1))
375 return -1; 373 return -1;
374 if (meshdr->flags & MESH_FLAGS_AE_A4)
375 return -1;
376 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { 376 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
377 skb_copy_bits(skb, hdrlen + 377 skb_copy_bits(skb, hdrlen +
378 offsetof(struct ieee80211s_hdr, eaddr1), 378 offsetof(struct ieee80211s_hdr, eaddr1),
@@ -397,6 +397,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
397 /* make sure meshdr->flags is on the linear part */ 397 /* make sure meshdr->flags is on the linear part */
398 if (!pskb_may_pull(skb, hdrlen + 1)) 398 if (!pskb_may_pull(skb, hdrlen + 1))
399 return -1; 399 return -1;
400 if (meshdr->flags & MESH_FLAGS_AE_A5_A6)
401 return -1;
400 if (meshdr->flags & MESH_FLAGS_AE_A4) 402 if (meshdr->flags & MESH_FLAGS_AE_A4)
401 skb_copy_bits(skb, hdrlen + 403 skb_copy_bits(skb, hdrlen +
402 offsetof(struct ieee80211s_hdr, eaddr1), 404 offsetof(struct ieee80211s_hdr, eaddr1),
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-24 12:27:34 -0400