aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS3
-rw-r--r--drivers/net/wireless/ath/ath9k/link.c3
-rw-r--r--drivers/net/wireless/b43/dma.c65
-rw-r--r--drivers/net/wireless/b43/phy_n.c8
-rw-r--r--drivers/net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c369
-rw-r--r--drivers/net/wireless/brcm80211/brcmsmac/phy/phytbl_lcn.c64
-rw-r--r--drivers/net/wireless/iwlegacy/4965-rs.c3
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/lib.c9
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/ucode.c4
-rw-r--r--drivers/net/wireless/iwlwifi/pcie/trans.c13
-rw-r--r--drivers/net/wireless/iwlwifi/pcie/tx.c2
-rw-r--r--drivers/net/wireless/mwifiex/pcie.c1
-rw-r--r--net/mac80211/iface.c35
-rw-r--r--net/mac80211/mesh.c3
-rw-r--r--net/mac80211/mlme.c6
-rw-r--r--net/mac80211/rx.c14
-rw-r--r--net/mac80211/sta_info.c12
-rw-r--r--net/wireless/core.c64
-rw-r--r--net/wireless/core.h3
-rw-r--r--net/wireless/nl80211.c52
-rw-r--r--net/wireless/scan.c24
-rw-r--r--net/wireless/sme.c6
-rw-r--r--net/wireless/trace.h5
-rw-r--r--net/wireless/wext-sme.c6
24 files changed, 404 insertions, 370 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 72b08438d536..457ff5c52396 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -5059,9 +5059,8 @@ S: Maintained
5059F: drivers/net/ethernet/marvell/sk* 5059F: drivers/net/ethernet/marvell/sk*
5060 5060
5061MARVELL LIBERTAS WIRELESS DRIVER 5061MARVELL LIBERTAS WIRELESS DRIVER
5062M: Dan Williams <dcbw@redhat.com>
5063L: libertas-dev@lists.infradead.org 5062L: libertas-dev@lists.infradead.org
5064S: Maintained 5063S: Orphan
5065F: drivers/net/wireless/libertas/ 5064F: drivers/net/wireless/libertas/
5066 5065
5067MARVELL MV643XX ETHERNET DRIVER 5066MARVELL MV643XX ETHERNET DRIVER
diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c
index 39c84ecf6a42..7fdac6c7b3ea 100644
--- a/drivers/net/wireless/ath/ath9k/link.c
+++ b/drivers/net/wireless/ath/ath9k/link.c
@@ -170,7 +170,8 @@ void ath_rx_poll(unsigned long data)
170{ 170{
171 struct ath_softc *sc = (struct ath_softc *)data; 171 struct ath_softc *sc = (struct ath_softc *)data;
172 172
173 ieee80211_queue_work(sc->hw, &sc->hw_check_work); 173 if (!test_bit(SC_OP_INVALID, &sc->sc_flags))
174 ieee80211_queue_work(sc->hw, &sc->hw_check_work);
174} 175}
175 176
176/* 177/*
diff --git a/drivers/net/wireless/b43/dma.c b/drivers/net/wireless/b43/dma.c
index 38bc5a7997ff..122146943bf2 100644
--- a/drivers/net/wireless/b43/dma.c
+++ b/drivers/net/wireless/b43/dma.c
@@ -1487,8 +1487,12 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1487 const struct b43_dma_ops *ops; 1487 const struct b43_dma_ops *ops;
1488 struct b43_dmaring *ring; 1488 struct b43_dmaring *ring;
1489 struct b43_dmadesc_meta *meta; 1489 struct b43_dmadesc_meta *meta;
1490 static const struct b43_txstatus fake; /* filled with 0 */
1491 const struct b43_txstatus *txstat;
1490 int slot, firstused; 1492 int slot, firstused;
1491 bool frame_succeed; 1493 bool frame_succeed;
1494 int skip;
1495 static u8 err_out1, err_out2;
1492 1496
1493 ring = parse_cookie(dev, status->cookie, &slot); 1497 ring = parse_cookie(dev, status->cookie, &slot);
1494 if (unlikely(!ring)) 1498 if (unlikely(!ring))
@@ -1501,13 +1505,36 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1501 firstused = ring->current_slot - ring->used_slots + 1; 1505 firstused = ring->current_slot - ring->used_slots + 1;
1502 if (firstused < 0) 1506 if (firstused < 0)
1503 firstused = ring->nr_slots + firstused; 1507 firstused = ring->nr_slots + firstused;
1508
1509 skip = 0;
1504 if (unlikely(slot != firstused)) { 1510 if (unlikely(slot != firstused)) {
1505 /* This possibly is a firmware bug and will result in 1511 /* This possibly is a firmware bug and will result in
1506 * malfunction, memory leaks and/or stall of DMA functionality. */ 1512 * malfunction, memory leaks and/or stall of DMA functionality.
1507 b43dbg(dev->wl, "Out of order TX status report on DMA ring %d. " 1513 */
1508 "Expected %d, but got %d\n", 1514 if (slot == next_slot(ring, next_slot(ring, firstused))) {
1509 ring->index, firstused, slot); 1515 /* If a single header/data pair was missed, skip over
1510 return; 1516 * the first two slots in an attempt to recover.
1517 */
1518 slot = firstused;
1519 skip = 2;
1520 if (!err_out1) {
1521 /* Report the error once. */
1522 b43dbg(dev->wl,
1523 "Skip on DMA ring %d slot %d.\n",
1524 ring->index, slot);
1525 err_out1 = 1;
1526 }
1527 } else {
1528 /* More than a single header/data pair were missed.
1529 * Report this error once.
1530 */
1531 if (!err_out2)
1532 b43dbg(dev->wl,
1533 "Out of order TX status report on DMA ring %d. Expected %d, but got %d\n",
1534 ring->index, firstused, slot);
1535 err_out2 = 1;
1536 return;
1537 }
1511 } 1538 }
1512 1539
1513 ops = ring->ops; 1540 ops = ring->ops;
@@ -1522,11 +1549,13 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1522 slot, firstused, ring->index); 1549 slot, firstused, ring->index);
1523 break; 1550 break;
1524 } 1551 }
1552
1525 if (meta->skb) { 1553 if (meta->skb) {
1526 struct b43_private_tx_info *priv_info = 1554 struct b43_private_tx_info *priv_info =
1527 b43_get_priv_tx_info(IEEE80211_SKB_CB(meta->skb)); 1555 b43_get_priv_tx_info(IEEE80211_SKB_CB(meta->skb));
1528 1556
1529 unmap_descbuffer(ring, meta->dmaaddr, meta->skb->len, 1); 1557 unmap_descbuffer(ring, meta->dmaaddr,
1558 meta->skb->len, 1);
1530 kfree(priv_info->bouncebuffer); 1559 kfree(priv_info->bouncebuffer);
1531 priv_info->bouncebuffer = NULL; 1560 priv_info->bouncebuffer = NULL;
1532 } else { 1561 } else {
@@ -1538,8 +1567,9 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1538 struct ieee80211_tx_info *info; 1567 struct ieee80211_tx_info *info;
1539 1568
1540 if (unlikely(!meta->skb)) { 1569 if (unlikely(!meta->skb)) {
1541 /* This is a scatter-gather fragment of a frame, so 1570 /* This is a scatter-gather fragment of a frame,
1542 * the skb pointer must not be NULL. */ 1571 * so the skb pointer must not be NULL.
1572 */
1543 b43dbg(dev->wl, "TX status unexpected NULL skb " 1573 b43dbg(dev->wl, "TX status unexpected NULL skb "
1544 "at slot %d (first=%d) on ring %d\n", 1574 "at slot %d (first=%d) on ring %d\n",
1545 slot, firstused, ring->index); 1575 slot, firstused, ring->index);
@@ -1550,9 +1580,18 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1550 1580
1551 /* 1581 /*
1552 * Call back to inform the ieee80211 subsystem about 1582 * Call back to inform the ieee80211 subsystem about
1553 * the status of the transmission. 1583 * the status of the transmission. When skipping over
1584 * a missed TX status report, use a status structure
1585 * filled with zeros to indicate that the frame was not
1586 * sent (frame_count 0) and not acknowledged
1554 */ 1587 */
1555 frame_succeed = b43_fill_txstatus_report(dev, info, status); 1588 if (unlikely(skip))
1589 txstat = &fake;
1590 else
1591 txstat = status;
1592
1593 frame_succeed = b43_fill_txstatus_report(dev, info,
1594 txstat);
1556#ifdef CONFIG_B43_DEBUG 1595#ifdef CONFIG_B43_DEBUG
1557 if (frame_succeed) 1596 if (frame_succeed)
1558 ring->nr_succeed_tx_packets++; 1597 ring->nr_succeed_tx_packets++;
@@ -1580,12 +1619,14 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev,
1580 /* Everything unmapped and free'd. So it's not used anymore. */ 1619 /* Everything unmapped and free'd. So it's not used anymore. */
1581 ring->used_slots--; 1620 ring->used_slots--;
1582 1621
1583 if (meta->is_last_fragment) { 1622 if (meta->is_last_fragment && !skip) {
1584 /* This is the last scatter-gather 1623 /* This is the last scatter-gather
1585 * fragment of the frame. We are done. */ 1624 * fragment of the frame. We are done. */
1586 break; 1625 break;
1587 } 1626 }
1588 slot = next_slot(ring, slot); 1627 slot = next_slot(ring, slot);
1628 if (skip > 0)
1629 --skip;
1589 } 1630 }
1590 if (ring->stopped) { 1631 if (ring->stopped) {
1591 B43_WARN_ON(free_slots(ring) < TX_SLOTS_PER_FRAME); 1632 B43_WARN_ON(free_slots(ring) < TX_SLOTS_PER_FRAME);
diff --git a/drivers/net/wireless/b43/phy_n.c b/drivers/net/wireless/b43/phy_n.c
index 3c35382ee6c2..e8486c1e091a 100644
--- a/drivers/net/wireless/b43/phy_n.c
+++ b/drivers/net/wireless/b43/phy_n.c
@@ -1564,7 +1564,7 @@ static void b43_nphy_rev3_rssi_cal(struct b43_wldev *dev)
1564 u16 clip_off[2] = { 0xFFFF, 0xFFFF }; 1564 u16 clip_off[2] = { 0xFFFF, 0xFFFF };
1565 1565
1566 u8 vcm_final = 0; 1566 u8 vcm_final = 0;
1567 s8 offset[4]; 1567 s32 offset[4];
1568 s32 results[8][4] = { }; 1568 s32 results[8][4] = { };
1569 s32 results_min[4] = { }; 1569 s32 results_min[4] = { };
1570 s32 poll_results[4] = { }; 1570 s32 poll_results[4] = { };
@@ -1615,7 +1615,7 @@ static void b43_nphy_rev3_rssi_cal(struct b43_wldev *dev)
1615 } 1615 }
1616 for (i = 0; i < 4; i += 2) { 1616 for (i = 0; i < 4; i += 2) {
1617 s32 curr; 1617 s32 curr;
1618 s32 mind = 40; 1618 s32 mind = 0x100000;
1619 s32 minpoll = 249; 1619 s32 minpoll = 249;
1620 u8 minvcm = 0; 1620 u8 minvcm = 0;
1621 if (2 * core != i) 1621 if (2 * core != i)
@@ -1732,7 +1732,7 @@ static void b43_nphy_rev2_rssi_cal(struct b43_wldev *dev, u8 type)
1732 u8 regs_save_radio[2]; 1732 u8 regs_save_radio[2];
1733 u16 regs_save_phy[2]; 1733 u16 regs_save_phy[2];
1734 1734
1735 s8 offset[4]; 1735 s32 offset[4];
1736 u8 core; 1736 u8 core;
1737 u8 rail; 1737 u8 rail;
1738 1738
@@ -1799,7 +1799,7 @@ static void b43_nphy_rev2_rssi_cal(struct b43_wldev *dev, u8 type)
1799 } 1799 }
1800 1800
1801 for (i = 0; i < 4; i++) { 1801 for (i = 0; i < 4; i++) {
1802 s32 mind = 40; 1802 s32 mind = 0x100000;
1803 u8 minvcm = 0; 1803 u8 minvcm = 0;
1804 s32 minpoll = 249; 1804 s32 minpoll = 249;
1805 s32 curr; 1805 s32 curr;
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c
index 21a824232478..18d37645e2cd 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c
@@ -1137,9 +1137,8 @@ wlc_lcnphy_set_rx_gain_by_distribution(struct brcms_phy *pi,
1137 gain0_15 = ((biq1 & 0xf) << 12) | 1137 gain0_15 = ((biq1 & 0xf) << 12) |
1138 ((tia & 0xf) << 8) | 1138 ((tia & 0xf) << 8) |
1139 ((lna2 & 0x3) << 6) | 1139 ((lna2 & 0x3) << 6) |
1140 ((lna2 & 0x3) << 4) | 1140 ((lna2 &
1141 ((lna1 & 0x3) << 2) | 1141 0x3) << 4) | ((lna1 & 0x3) << 2) | ((lna1 & 0x3) << 0);
1142 ((lna1 & 0x3) << 0);
1143 1142
1144 mod_phy_reg(pi, 0x4b6, (0xffff << 0), gain0_15 << 0); 1143 mod_phy_reg(pi, 0x4b6, (0xffff << 0), gain0_15 << 0);
1145 mod_phy_reg(pi, 0x4b7, (0xf << 0), gain16_19 << 0); 1144 mod_phy_reg(pi, 0x4b7, (0xf << 0), gain16_19 << 0);
@@ -1157,8 +1156,6 @@ wlc_lcnphy_set_rx_gain_by_distribution(struct brcms_phy *pi,
1157 } 1156 }
1158 1157
1159 mod_phy_reg(pi, 0x44d, (0x1 << 0), (!trsw) << 0); 1158 mod_phy_reg(pi, 0x44d, (0x1 << 0), (!trsw) << 0);
1160 mod_phy_reg(pi, 0x4b1, (0x3 << 11), lna1 << 11);
1161 mod_phy_reg(pi, 0x4e6, (0x3 << 3), lna1 << 3);
1162 1159
1163} 1160}
1164 1161
@@ -1331,43 +1328,6 @@ static u32 wlc_lcnphy_measure_digital_power(struct brcms_phy *pi, u16 nsamples)
1331 return (iq_est.i_pwr + iq_est.q_pwr) / nsamples; 1328 return (iq_est.i_pwr + iq_est.q_pwr) / nsamples;
1332} 1329}
1333 1330
1334static bool wlc_lcnphy_rx_iq_cal_gain(struct brcms_phy *pi, u16 biq1_gain,
1335 u16 tia_gain, u16 lna2_gain)
1336{
1337 u32 i_thresh_l, q_thresh_l;
1338 u32 i_thresh_h, q_thresh_h;
1339 struct lcnphy_iq_est iq_est_h, iq_est_l;
1340
1341 wlc_lcnphy_set_rx_gain_by_distribution(pi, 0, 0, 0, biq1_gain, tia_gain,
1342 lna2_gain, 0);
1343
1344 wlc_lcnphy_rx_gain_override_enable(pi, true);
1345 wlc_lcnphy_start_tx_tone(pi, 2000, (40 >> 1), 0);
1346 udelay(500);
1347 write_radio_reg(pi, RADIO_2064_REG112, 0);
1348 if (!wlc_lcnphy_rx_iq_est(pi, 1024, 32, &iq_est_l))
1349 return false;
1350
1351 wlc_lcnphy_start_tx_tone(pi, 2000, 40, 0);
1352 udelay(500);
1353 write_radio_reg(pi, RADIO_2064_REG112, 0);
1354 if (!wlc_lcnphy_rx_iq_est(pi, 1024, 32, &iq_est_h))
1355 return false;
1356
1357 i_thresh_l = (iq_est_l.i_pwr << 1);
1358 i_thresh_h = (iq_est_l.i_pwr << 2) + iq_est_l.i_pwr;
1359
1360 q_thresh_l = (iq_est_l.q_pwr << 1);
1361 q_thresh_h = (iq_est_l.q_pwr << 2) + iq_est_l.q_pwr;
1362 if ((iq_est_h.i_pwr > i_thresh_l) &&
1363 (iq_est_h.i_pwr < i_thresh_h) &&
1364 (iq_est_h.q_pwr > q_thresh_l) &&
1365 (iq_est_h.q_pwr < q_thresh_h))
1366 return true;
1367
1368 return false;
1369}
1370
1371static bool 1331static bool
1372wlc_lcnphy_rx_iq_cal(struct brcms_phy *pi, 1332wlc_lcnphy_rx_iq_cal(struct brcms_phy *pi,
1373 const struct lcnphy_rx_iqcomp *iqcomp, 1333 const struct lcnphy_rx_iqcomp *iqcomp,
@@ -1382,8 +1342,8 @@ wlc_lcnphy_rx_iq_cal(struct brcms_phy *pi,
1382 RFOverrideVal0_old, rfoverride2_old, rfoverride2val_old, 1342 RFOverrideVal0_old, rfoverride2_old, rfoverride2val_old,
1383 rfoverride3_old, rfoverride3val_old, rfoverride4_old, 1343 rfoverride3_old, rfoverride3val_old, rfoverride4_old,
1384 rfoverride4val_old, afectrlovr_old, afectrlovrval_old; 1344 rfoverride4val_old, afectrlovr_old, afectrlovrval_old;
1385 int tia_gain, lna2_gain, biq1_gain; 1345 int tia_gain;
1386 bool set_gain; 1346 u32 received_power, rx_pwr_threshold;
1387 u16 old_sslpnCalibClkEnCtrl, old_sslpnRxFeClkEnCtrl; 1347 u16 old_sslpnCalibClkEnCtrl, old_sslpnRxFeClkEnCtrl;
1388 u16 values_to_save[11]; 1348 u16 values_to_save[11];
1389 s16 *ptr; 1349 s16 *ptr;
@@ -1408,134 +1368,126 @@ wlc_lcnphy_rx_iq_cal(struct brcms_phy *pi,
1408 goto cal_done; 1368 goto cal_done;
1409 } 1369 }
1410 1370
1411 WARN_ON(module != 1); 1371 if (module == 1) {
1412 tx_pwr_ctrl = wlc_lcnphy_get_tx_pwr_ctrl(pi);
1413 wlc_lcnphy_set_tx_pwr_ctrl(pi, LCNPHY_TX_PWR_CTRL_OFF);
1414
1415 for (i = 0; i < 11; i++)
1416 values_to_save[i] =
1417 read_radio_reg(pi, rxiq_cal_rf_reg[i]);
1418 Core1TxControl_old = read_phy_reg(pi, 0x631);
1419
1420 or_phy_reg(pi, 0x631, 0x0015);
1421
1422 RFOverride0_old = read_phy_reg(pi, 0x44c);
1423 RFOverrideVal0_old = read_phy_reg(pi, 0x44d);
1424 rfoverride2_old = read_phy_reg(pi, 0x4b0);
1425 rfoverride2val_old = read_phy_reg(pi, 0x4b1);
1426 rfoverride3_old = read_phy_reg(pi, 0x4f9);
1427 rfoverride3val_old = read_phy_reg(pi, 0x4fa);
1428 rfoverride4_old = read_phy_reg(pi, 0x938);
1429 rfoverride4val_old = read_phy_reg(pi, 0x939);
1430 afectrlovr_old = read_phy_reg(pi, 0x43b);
1431 afectrlovrval_old = read_phy_reg(pi, 0x43c);
1432 old_sslpnCalibClkEnCtrl = read_phy_reg(pi, 0x6da);
1433 old_sslpnRxFeClkEnCtrl = read_phy_reg(pi, 0x6db);
1434
1435 tx_gain_override_old = wlc_lcnphy_tx_gain_override_enabled(pi);
1436 if (tx_gain_override_old) {
1437 wlc_lcnphy_get_tx_gain(pi, &old_gains);
1438 tx_gain_index_old = pi_lcn->lcnphy_current_index;
1439 }
1440
1441 wlc_lcnphy_set_tx_pwr_by_index(pi, tx_gain_idx);
1442 1372
1443 mod_phy_reg(pi, 0x4f9, (0x1 << 0), 1 << 0); 1373 tx_pwr_ctrl = wlc_lcnphy_get_tx_pwr_ctrl(pi);
1444 mod_phy_reg(pi, 0x4fa, (0x1 << 0), 0 << 0); 1374 wlc_lcnphy_set_tx_pwr_ctrl(pi, LCNPHY_TX_PWR_CTRL_OFF);
1445 1375
1446 mod_phy_reg(pi, 0x43b, (0x1 << 1), 1 << 1); 1376 for (i = 0; i < 11; i++)
1447 mod_phy_reg(pi, 0x43c, (0x1 << 1), 0 << 1); 1377 values_to_save[i] =
1378 read_radio_reg(pi, rxiq_cal_rf_reg[i]);
1379 Core1TxControl_old = read_phy_reg(pi, 0x631);
1380
1381 or_phy_reg(pi, 0x631, 0x0015);
1382
1383 RFOverride0_old = read_phy_reg(pi, 0x44c);
1384 RFOverrideVal0_old = read_phy_reg(pi, 0x44d);
1385 rfoverride2_old = read_phy_reg(pi, 0x4b0);
1386 rfoverride2val_old = read_phy_reg(pi, 0x4b1);
1387 rfoverride3_old = read_phy_reg(pi, 0x4f9);
1388 rfoverride3val_old = read_phy_reg(pi, 0x4fa);
1389 rfoverride4_old = read_phy_reg(pi, 0x938);
1390 rfoverride4val_old = read_phy_reg(pi, 0x939);
1391 afectrlovr_old = read_phy_reg(pi, 0x43b);
1392 afectrlovrval_old = read_phy_reg(pi, 0x43c);
1393 old_sslpnCalibClkEnCtrl = read_phy_reg(pi, 0x6da);
1394 old_sslpnRxFeClkEnCtrl = read_phy_reg(pi, 0x6db);
1395
1396 tx_gain_override_old = wlc_lcnphy_tx_gain_override_enabled(pi);
1397 if (tx_gain_override_old) {
1398 wlc_lcnphy_get_tx_gain(pi, &old_gains);
1399 tx_gain_index_old = pi_lcn->lcnphy_current_index;
1400 }
1448 1401
1449 write_radio_reg(pi, RADIO_2064_REG116, 0x06); 1402 wlc_lcnphy_set_tx_pwr_by_index(pi, tx_gain_idx);
1450 write_radio_reg(pi, RADIO_2064_REG12C, 0x07);
1451 write_radio_reg(pi, RADIO_2064_REG06A, 0xd3);
1452 write_radio_reg(pi, RADIO_2064_REG098, 0x03);
1453 write_radio_reg(pi, RADIO_2064_REG00B, 0x7);
1454 mod_radio_reg(pi, RADIO_2064_REG113, 1 << 4, 1 << 4);
1455 write_radio_reg(pi, RADIO_2064_REG01D, 0x01);
1456 write_radio_reg(pi, RADIO_2064_REG114, 0x01);
1457 write_radio_reg(pi, RADIO_2064_REG02E, 0x10);
1458 write_radio_reg(pi, RADIO_2064_REG12A, 0x08);
1459
1460 mod_phy_reg(pi, 0x938, (0x1 << 0), 1 << 0);
1461 mod_phy_reg(pi, 0x939, (0x1 << 0), 0 << 0);
1462 mod_phy_reg(pi, 0x938, (0x1 << 1), 1 << 1);
1463 mod_phy_reg(pi, 0x939, (0x1 << 1), 1 << 1);
1464 mod_phy_reg(pi, 0x938, (0x1 << 2), 1 << 2);
1465 mod_phy_reg(pi, 0x939, (0x1 << 2), 1 << 2);
1466 mod_phy_reg(pi, 0x938, (0x1 << 3), 1 << 3);
1467 mod_phy_reg(pi, 0x939, (0x1 << 3), 1 << 3);
1468 mod_phy_reg(pi, 0x938, (0x1 << 5), 1 << 5);
1469 mod_phy_reg(pi, 0x939, (0x1 << 5), 0 << 5);
1470 1403
1471 mod_phy_reg(pi, 0x43b, (0x1 << 0), 1 << 0); 1404 mod_phy_reg(pi, 0x4f9, (0x1 << 0), 1 << 0);
1472 mod_phy_reg(pi, 0x43c, (0x1 << 0), 0 << 0); 1405 mod_phy_reg(pi, 0x4fa, (0x1 << 0), 0 << 0);
1473 1406
1474 write_phy_reg(pi, 0x6da, 0xffff); 1407 mod_phy_reg(pi, 0x43b, (0x1 << 1), 1 << 1);
1475 or_phy_reg(pi, 0x6db, 0x3); 1408 mod_phy_reg(pi, 0x43c, (0x1 << 1), 0 << 1);
1476 1409
1477 wlc_lcnphy_set_trsw_override(pi, tx_switch, rx_switch); 1410 write_radio_reg(pi, RADIO_2064_REG116, 0x06);
1478 set_gain = false; 1411 write_radio_reg(pi, RADIO_2064_REG12C, 0x07);
1479 1412 write_radio_reg(pi, RADIO_2064_REG06A, 0xd3);
1480 lna2_gain = 3; 1413 write_radio_reg(pi, RADIO_2064_REG098, 0x03);
1481 while ((lna2_gain >= 0) && !set_gain) { 1414 write_radio_reg(pi, RADIO_2064_REG00B, 0x7);
1482 tia_gain = 4; 1415 mod_radio_reg(pi, RADIO_2064_REG113, 1 << 4, 1 << 4);
1483 1416 write_radio_reg(pi, RADIO_2064_REG01D, 0x01);
1484 while ((tia_gain >= 0) && !set_gain) { 1417 write_radio_reg(pi, RADIO_2064_REG114, 0x01);
1485 biq1_gain = 6; 1418 write_radio_reg(pi, RADIO_2064_REG02E, 0x10);
1486 1419 write_radio_reg(pi, RADIO_2064_REG12A, 0x08);
1487 while ((biq1_gain >= 0) && !set_gain) { 1420
1488 set_gain = wlc_lcnphy_rx_iq_cal_gain(pi, 1421 mod_phy_reg(pi, 0x938, (0x1 << 0), 1 << 0);
1489 (u16) 1422 mod_phy_reg(pi, 0x939, (0x1 << 0), 0 << 0);
1490 biq1_gain, 1423 mod_phy_reg(pi, 0x938, (0x1 << 1), 1 << 1);
1491 (u16) 1424 mod_phy_reg(pi, 0x939, (0x1 << 1), 1 << 1);
1492 tia_gain, 1425 mod_phy_reg(pi, 0x938, (0x1 << 2), 1 << 2);
1493 (u16) 1426 mod_phy_reg(pi, 0x939, (0x1 << 2), 1 << 2);
1494 lna2_gain); 1427 mod_phy_reg(pi, 0x938, (0x1 << 3), 1 << 3);
1495 biq1_gain -= 1; 1428 mod_phy_reg(pi, 0x939, (0x1 << 3), 1 << 3);
1496 } 1429 mod_phy_reg(pi, 0x938, (0x1 << 5), 1 << 5);
1430 mod_phy_reg(pi, 0x939, (0x1 << 5), 0 << 5);
1431
1432 mod_phy_reg(pi, 0x43b, (0x1 << 0), 1 << 0);
1433 mod_phy_reg(pi, 0x43c, (0x1 << 0), 0 << 0);
1434
1435 wlc_lcnphy_start_tx_tone(pi, 2000, 120, 0);
1436 write_phy_reg(pi, 0x6da, 0xffff);
1437 or_phy_reg(pi, 0x6db, 0x3);
1438 wlc_lcnphy_set_trsw_override(pi, tx_switch, rx_switch);
1439 wlc_lcnphy_rx_gain_override_enable(pi, true);
1440
1441 tia_gain = 8;
1442 rx_pwr_threshold = 950;
1443 while (tia_gain > 0) {
1497 tia_gain -= 1; 1444 tia_gain -= 1;
1445 wlc_lcnphy_set_rx_gain_by_distribution(pi,
1446 0, 0, 2, 2,
1447 (u16)
1448 tia_gain, 1, 0);
1449 udelay(500);
1450
1451 received_power =
1452 wlc_lcnphy_measure_digital_power(pi, 2000);
1453 if (received_power < rx_pwr_threshold)
1454 break;
1498 } 1455 }
1499 lna2_gain -= 1; 1456 result = wlc_lcnphy_calc_rx_iq_comp(pi, 0xffff);
1500 }
1501 1457
1502 if (set_gain) 1458 wlc_lcnphy_stop_tx_tone(pi);
1503 result = wlc_lcnphy_calc_rx_iq_comp(pi, 1024);
1504 else
1505 result = false;
1506 1459
1507 wlc_lcnphy_stop_tx_tone(pi); 1460 write_phy_reg(pi, 0x631, Core1TxControl_old);
1508 1461
1509 write_phy_reg(pi, 0x631, Core1TxControl_old); 1462 write_phy_reg(pi, 0x44c, RFOverrideVal0_old);
1510 1463 write_phy_reg(pi, 0x44d, RFOverrideVal0_old);
1511 write_phy_reg(pi, 0x44c, RFOverrideVal0_old); 1464 write_phy_reg(pi, 0x4b0, rfoverride2_old);
1512 write_phy_reg(pi, 0x44d, RFOverrideVal0_old); 1465 write_phy_reg(pi, 0x4b1, rfoverride2val_old);
1513 write_phy_reg(pi, 0x4b0, rfoverride2_old); 1466 write_phy_reg(pi, 0x4f9, rfoverride3_old);
1514 write_phy_reg(pi, 0x4b1, rfoverride2val_old); 1467 write_phy_reg(pi, 0x4fa, rfoverride3val_old);
1515 write_phy_reg(pi, 0x4f9, rfoverride3_old); 1468 write_phy_reg(pi, 0x938, rfoverride4_old);
1516 write_phy_reg(pi, 0x4fa, rfoverride3val_old); 1469 write_phy_reg(pi, 0x939, rfoverride4val_old);
1517 write_phy_reg(pi, 0x938, rfoverride4_old); 1470 write_phy_reg(pi, 0x43b, afectrlovr_old);
1518 write_phy_reg(pi, 0x939, rfoverride4val_old); 1471 write_phy_reg(pi, 0x43c, afectrlovrval_old);
1519 write_phy_reg(pi, 0x43b, afectrlovr_old); 1472 write_phy_reg(pi, 0x6da, old_sslpnCalibClkEnCtrl);
1520 write_phy_reg(pi, 0x43c, afectrlovrval_old); 1473 write_phy_reg(pi, 0x6db, old_sslpnRxFeClkEnCtrl);
1521 write_phy_reg(pi, 0x6da, old_sslpnCalibClkEnCtrl);
1522 write_phy_reg(pi, 0x6db, old_sslpnRxFeClkEnCtrl);
1523 1474
1524 wlc_lcnphy_clear_trsw_override(pi); 1475 wlc_lcnphy_clear_trsw_override(pi);
1525 1476
1526 mod_phy_reg(pi, 0x44c, (0x1 << 2), 0 << 2); 1477 mod_phy_reg(pi, 0x44c, (0x1 << 2), 0 << 2);
1527 1478
1528 for (i = 0; i < 11; i++) 1479 for (i = 0; i < 11; i++)
1529 write_radio_reg(pi, rxiq_cal_rf_reg[i], 1480 write_radio_reg(pi, rxiq_cal_rf_reg[i],
1530 values_to_save[i]); 1481 values_to_save[i]);
1531 1482
1532 if (tx_gain_override_old) 1483 if (tx_gain_override_old)
1533 wlc_lcnphy_set_tx_pwr_by_index(pi, tx_gain_index_old); 1484 wlc_lcnphy_set_tx_pwr_by_index(pi, tx_gain_index_old);
1534 else 1485 else
1535 wlc_lcnphy_disable_tx_gain_override(pi); 1486 wlc_lcnphy_disable_tx_gain_override(pi);
1536 1487
1537 wlc_lcnphy_set_tx_pwr_ctrl(pi, tx_pwr_ctrl); 1488 wlc_lcnphy_set_tx_pwr_ctrl(pi, tx_pwr_ctrl);
1538 wlc_lcnphy_rx_gain_override_enable(pi, false); 1489 wlc_lcnphy_rx_gain_override_enable(pi, false);
1490 }
1539 1491
1540cal_done: 1492cal_done:
1541 kfree(ptr); 1493 kfree(ptr);
@@ -1829,17 +1781,6 @@ wlc_lcnphy_radio_2064_channel_tune_4313(struct brcms_phy *pi, u8 channel)
1829 write_radio_reg(pi, RADIO_2064_REG038, 3); 1781 write_radio_reg(pi, RADIO_2064_REG038, 3);
1830 write_radio_reg(pi, RADIO_2064_REG091, 7); 1782 write_radio_reg(pi, RADIO_2064_REG091, 7);
1831 } 1783 }
1832
1833 if (!(pi->sh->boardflags & BFL_FEM)) {
1834 u8 reg038[14] = {0xd, 0xe, 0xd, 0xd, 0xd, 0xc,
1835 0xa, 0xb, 0xb, 0x3, 0x3, 0x2, 0x0, 0x0};
1836
1837 write_radio_reg(pi, RADIO_2064_REG02A, 0xf);
1838 write_radio_reg(pi, RADIO_2064_REG091, 0x3);
1839 write_radio_reg(pi, RADIO_2064_REG038, 0x3);
1840
1841 write_radio_reg(pi, RADIO_2064_REG038, reg038[channel - 1]);
1842 }
1843} 1784}
1844 1785
1845static int 1786static int
@@ -2034,16 +1975,6 @@ wlc_lcnphy_set_tssi_mux(struct brcms_phy *pi, enum lcnphy_tssi_mode pos)
2034 } else { 1975 } else {
2035 mod_radio_reg(pi, RADIO_2064_REG03A, 1, 0x1); 1976 mod_radio_reg(pi, RADIO_2064_REG03A, 1, 0x1);
2036 mod_radio_reg(pi, RADIO_2064_REG11A, 0x8, 0x8); 1977 mod_radio_reg(pi, RADIO_2064_REG11A, 0x8, 0x8);
2037 mod_radio_reg(pi, RADIO_2064_REG028, 0x1, 0x0);
2038 mod_radio_reg(pi, RADIO_2064_REG11A, 0x4, 1<<2);
2039 mod_radio_reg(pi, RADIO_2064_REG036, 0x10, 0x0);
2040 mod_radio_reg(pi, RADIO_2064_REG11A, 0x10, 1<<4);
2041 mod_radio_reg(pi, RADIO_2064_REG036, 0x3, 0x0);
2042 mod_radio_reg(pi, RADIO_2064_REG035, 0xff, 0x77);
2043 mod_radio_reg(pi, RADIO_2064_REG028, 0x1e, 0xe<<1);
2044 mod_radio_reg(pi, RADIO_2064_REG112, 0x80, 1<<7);
2045 mod_radio_reg(pi, RADIO_2064_REG005, 0x7, 1<<1);
2046 mod_radio_reg(pi, RADIO_2064_REG029, 0xf0, 0<<4);
2047 } 1978 }
2048 } else { 1979 } else {
2049 mod_phy_reg(pi, 0x4d9, (0x1 << 2), (0x1) << 2); 1980 mod_phy_reg(pi, 0x4d9, (0x1 << 2), (0x1) << 2);
@@ -2130,14 +2061,12 @@ static void wlc_lcnphy_pwrctrl_rssiparams(struct brcms_phy *pi)
2130 (auxpga_vmid_temp << 0) | (auxpga_gain_temp << 12)); 2061 (auxpga_vmid_temp << 0) | (auxpga_gain_temp << 12));
2131 2062
2132 mod_radio_reg(pi, RADIO_2064_REG082, (1 << 5), (1 << 5)); 2063 mod_radio_reg(pi, RADIO_2064_REG082, (1 << 5), (1 << 5));
2133 mod_radio_reg(pi, RADIO_2064_REG07C, (1 << 0), (1 << 0));
2134} 2064}
2135 2065
2136static void wlc_lcnphy_tssi_setup(struct brcms_phy *pi) 2066static void wlc_lcnphy_tssi_setup(struct brcms_phy *pi)
2137{ 2067{
2138 struct phytbl_info tab; 2068 struct phytbl_info tab;
2139 u32 rfseq, ind; 2069 u32 rfseq, ind;
2140 u8 tssi_sel;
2141 2070
2142 tab.tbl_id = LCNPHY_TBL_ID_TXPWRCTL; 2071 tab.tbl_id = LCNPHY_TBL_ID_TXPWRCTL;
2143 tab.tbl_width = 32; 2072 tab.tbl_width = 32;
@@ -2159,13 +2088,7 @@ static void wlc_lcnphy_tssi_setup(struct brcms_phy *pi)
2159 2088
2160 mod_phy_reg(pi, 0x503, (0x1 << 4), (1) << 4); 2089 mod_phy_reg(pi, 0x503, (0x1 << 4), (1) << 4);
2161 2090
2162 if (pi->sh->boardflags & BFL_FEM) { 2091 wlc_lcnphy_set_tssi_mux(pi, LCNPHY_TSSI_EXT);
2163 tssi_sel = 0x1;
2164 wlc_lcnphy_set_tssi_mux(pi, LCNPHY_TSSI_EXT);
2165 } else {
2166 tssi_sel = 0xe;
2167 wlc_lcnphy_set_tssi_mux(pi, LCNPHY_TSSI_POST_PA);
2168 }
2169 mod_phy_reg(pi, 0x4a4, (0x1 << 14), (0) << 14); 2092 mod_phy_reg(pi, 0x4a4, (0x1 << 14), (0) << 14);
2170 2093
2171 mod_phy_reg(pi, 0x4a4, (0x1 << 15), (1) << 15); 2094 mod_phy_reg(pi, 0x4a4, (0x1 << 15), (1) << 15);
@@ -2201,10 +2124,9 @@ static void wlc_lcnphy_tssi_setup(struct brcms_phy *pi)
2201 mod_phy_reg(pi, 0x49a, (0x1ff << 0), (0xff) << 0); 2124 mod_phy_reg(pi, 0x49a, (0x1ff << 0), (0xff) << 0);
2202 2125
2203 if (LCNREV_IS(pi->pubpi.phy_rev, 2)) { 2126 if (LCNREV_IS(pi->pubpi.phy_rev, 2)) {
2204 mod_radio_reg(pi, RADIO_2064_REG028, 0xf, tssi_sel); 2127 mod_radio_reg(pi, RADIO_2064_REG028, 0xf, 0xe);
2205 mod_radio_reg(pi, RADIO_2064_REG086, 0x4, 0x4); 2128 mod_radio_reg(pi, RADIO_2064_REG086, 0x4, 0x4);
2206 } else { 2129 } else {
2207 mod_radio_reg(pi, RADIO_2064_REG028, 0x1e, tssi_sel << 1);
2208 mod_radio_reg(pi, RADIO_2064_REG03A, 0x1, 1); 2130 mod_radio_reg(pi, RADIO_2064_REG03A, 0x1, 1);
2209 mod_radio_reg(pi, RADIO_2064_REG11A, 0x8, 1 << 3); 2131 mod_radio_reg(pi, RADIO_2064_REG11A, 0x8, 1 << 3);
2210 } 2132 }
@@ -2251,10 +2173,6 @@ static void wlc_lcnphy_tssi_setup(struct brcms_phy *pi)
2251 2173
2252 mod_phy_reg(pi, 0x4d7, (0xf << 8), (0) << 8); 2174 mod_phy_reg(pi, 0x4d7, (0xf << 8), (0) << 8);
2253 2175
2254 mod_radio_reg(pi, RADIO_2064_REG035, 0xff, 0x0);
2255 mod_radio_reg(pi, RADIO_2064_REG036, 0x3, 0x0);
2256 mod_radio_reg(pi, RADIO_2064_REG11A, 0x8, 0x8);
2257
2258 wlc_lcnphy_pwrctrl_rssiparams(pi); 2176 wlc_lcnphy_pwrctrl_rssiparams(pi);
2259} 2177}
2260 2178
@@ -2873,8 +2791,6 @@ static void wlc_lcnphy_idle_tssi_est(struct brcms_phy_pub *ppi)
2873 read_radio_reg(pi, RADIO_2064_REG007) & 1; 2791 read_radio_reg(pi, RADIO_2064_REG007) & 1;
2874 u16 SAVE_jtag_auxpga = read_radio_reg(pi, RADIO_2064_REG0FF) & 0x10; 2792 u16 SAVE_jtag_auxpga = read_radio_reg(pi, RADIO_2064_REG0FF) & 0x10;
2875 u16 SAVE_iqadc_aux_en = read_radio_reg(pi, RADIO_2064_REG11F) & 4; 2793 u16 SAVE_iqadc_aux_en = read_radio_reg(pi, RADIO_2064_REG11F) & 4;
2876 u8 SAVE_bbmult = wlc_lcnphy_get_bbmult(pi);
2877
2878 idleTssi = read_phy_reg(pi, 0x4ab); 2794 idleTssi = read_phy_reg(pi, 0x4ab);
2879 suspend = (0 == (bcma_read32(pi->d11core, D11REGOFFS(maccontrol)) & 2795 suspend = (0 == (bcma_read32(pi->d11core, D11REGOFFS(maccontrol)) &
2880 MCTL_EN_MAC)); 2796 MCTL_EN_MAC));
@@ -2892,12 +2808,6 @@ static void wlc_lcnphy_idle_tssi_est(struct brcms_phy_pub *ppi)
2892 mod_radio_reg(pi, RADIO_2064_REG0FF, 0x10, 1 << 4); 2808 mod_radio_reg(pi, RADIO_2064_REG0FF, 0x10, 1 << 4);
2893 mod_radio_reg(pi, RADIO_2064_REG11F, 0x4, 1 << 2); 2809 mod_radio_reg(pi, RADIO_2064_REG11F, 0x4, 1 << 2);
2894 wlc_lcnphy_tssi_setup(pi); 2810 wlc_lcnphy_tssi_setup(pi);
2895
2896 mod_phy_reg(pi, 0x4d7, (0x1 << 0), (1 << 0));
2897 mod_phy_reg(pi, 0x4d7, (0x1 << 6), (1 << 6));
2898
2899 wlc_lcnphy_set_bbmult(pi, 0x0);
2900
2901 wlc_phy_do_dummy_tx(pi, true, OFF); 2811 wlc_phy_do_dummy_tx(pi, true, OFF);
2902 idleTssi = ((read_phy_reg(pi, 0x4ab) & (0x1ff << 0)) 2812 idleTssi = ((read_phy_reg(pi, 0x4ab) & (0x1ff << 0))
2903 >> 0); 2813 >> 0);
@@ -2919,7 +2829,6 @@ static void wlc_lcnphy_idle_tssi_est(struct brcms_phy_pub *ppi)
2919 2829
2920 mod_phy_reg(pi, 0x44c, (0x1 << 12), (0) << 12); 2830 mod_phy_reg(pi, 0x44c, (0x1 << 12), (0) << 12);
2921 2831
2922 wlc_lcnphy_set_bbmult(pi, SAVE_bbmult);
2923 wlc_lcnphy_set_tx_gain_override(pi, tx_gain_override_old); 2832 wlc_lcnphy_set_tx_gain_override(pi, tx_gain_override_old);
2924 wlc_lcnphy_set_tx_gain(pi, &old_gains); 2833 wlc_lcnphy_set_tx_gain(pi, &old_gains);
2925 wlc_lcnphy_set_tx_pwr_ctrl(pi, SAVE_txpwrctrl); 2834 wlc_lcnphy_set_tx_pwr_ctrl(pi, SAVE_txpwrctrl);
@@ -3133,11 +3042,6 @@ static void wlc_lcnphy_tx_pwr_ctrl_init(struct brcms_phy_pub *ppi)
3133 wlc_lcnphy_write_table(pi, &tab); 3042 wlc_lcnphy_write_table(pi, &tab);
3134 tab.tbl_offset++; 3043 tab.tbl_offset++;
3135 } 3044 }
3136 mod_phy_reg(pi, 0x4d0, (0x1 << 0), (0) << 0);
3137 mod_phy_reg(pi, 0x4d3, (0xff << 0), (0) << 0);
3138 mod_phy_reg(pi, 0x4d3, (0xff << 8), (0) << 8);
3139 mod_phy_reg(pi, 0x4d0, (0x1 << 4), (0) << 4);
3140 mod_phy_reg(pi, 0x4d0, (0x1 << 2), (0) << 2);
3141 3045
3142 mod_phy_reg(pi, 0x410, (0x1 << 7), (0) << 7); 3046 mod_phy_reg(pi, 0x410, (0x1 << 7), (0) << 7);
3143 3047
@@ -3939,6 +3843,7 @@ static void wlc_lcnphy_txpwrtbl_iqlo_cal(struct brcms_phy *pi)
3939 target_gains.pad_gain = 21; 3843 target_gains.pad_gain = 21;
3940 target_gains.dac_gain = 0; 3844 target_gains.dac_gain = 0;
3941 wlc_lcnphy_set_tx_gain(pi, &target_gains); 3845 wlc_lcnphy_set_tx_gain(pi, &target_gains);
3846 wlc_lcnphy_set_tx_pwr_by_index(pi, 16);
3942 3847
3943 if (LCNREV_IS(pi->pubpi.phy_rev, 1) || pi_lcn->lcnphy_hw_iqcal_en) { 3848 if (LCNREV_IS(pi->pubpi.phy_rev, 1) || pi_lcn->lcnphy_hw_iqcal_en) {
3944 3849
@@ -3949,7 +3854,6 @@ static void wlc_lcnphy_txpwrtbl_iqlo_cal(struct brcms_phy *pi)
3949 lcnphy_recal ? LCNPHY_CAL_RECAL : 3854 lcnphy_recal ? LCNPHY_CAL_RECAL :
3950 LCNPHY_CAL_FULL), false); 3855 LCNPHY_CAL_FULL), false);
3951 } else { 3856 } else {
3952 wlc_lcnphy_set_tx_pwr_by_index(pi, 16);
3953 wlc_lcnphy_tx_iqlo_soft_cal_full(pi); 3857 wlc_lcnphy_tx_iqlo_soft_cal_full(pi);
3954 } 3858 }
3955 3859
@@ -4374,22 +4278,17 @@ wlc_lcnphy_load_tx_gain_table(struct brcms_phy *pi,
4374 if (CHSPEC_IS5G(pi->radio_chanspec)) 4278 if (CHSPEC_IS5G(pi->radio_chanspec))
4375 pa_gain = 0x70; 4279 pa_gain = 0x70;
4376 else 4280 else
4377 pa_gain = 0x60; 4281 pa_gain = 0x70;
4378 4282
4379 if (pi->sh->boardflags & BFL_FEM) 4283 if (pi->sh->boardflags & BFL_FEM)
4380 pa_gain = 0x10; 4284 pa_gain = 0x10;
4381
4382 tab.tbl_id = LCNPHY_TBL_ID_TXPWRCTL; 4285 tab.tbl_id = LCNPHY_TBL_ID_TXPWRCTL;
4383 tab.tbl_width = 32; 4286 tab.tbl_width = 32;
4384 tab.tbl_len = 1; 4287 tab.tbl_len = 1;
4385 tab.tbl_ptr = &val; 4288 tab.tbl_ptr = &val;
4386 4289
4387 for (j = 0; j < 128; j++) { 4290 for (j = 0; j < 128; j++) {
4388 if (pi->sh->boardflags & BFL_FEM) 4291 gm_gain = gain_table[j].gm;
4389 gm_gain = gain_table[j].gm;
4390 else
4391 gm_gain = 15;
4392
4393 val = (((u32) pa_gain << 24) | 4292 val = (((u32) pa_gain << 24) |
4394 (gain_table[j].pad << 16) | 4293 (gain_table[j].pad << 16) |
4395 (gain_table[j].pga << 8) | gm_gain); 4294 (gain_table[j].pga << 8) | gm_gain);
@@ -4600,10 +4499,7 @@ static void wlc_radio_2064_init(struct brcms_phy *pi)
4600 4499
4601 write_phy_reg(pi, 0x4ea, 0x4688); 4500 write_phy_reg(pi, 0x4ea, 0x4688);
4602 4501
4603 if (pi->sh->boardflags & BFL_FEM) 4502 mod_phy_reg(pi, 0x4eb, (0x7 << 0), 2 << 0);
4604 mod_phy_reg(pi, 0x4eb, (0x7 << 0), 2 << 0);
4605 else
4606 mod_phy_reg(pi, 0x4eb, (0x7 << 0), 3 << 0);
4607 4503
4608 mod_phy_reg(pi, 0x4eb, (0x7 << 6), 0 << 6); 4504 mod_phy_reg(pi, 0x4eb, (0x7 << 6), 0 << 6);
4609 4505
@@ -4614,13 +4510,6 @@ static void wlc_radio_2064_init(struct brcms_phy *pi)
4614 wlc_lcnphy_rcal(pi); 4510 wlc_lcnphy_rcal(pi);
4615 4511
4616 wlc_lcnphy_rc_cal(pi); 4512 wlc_lcnphy_rc_cal(pi);
4617
4618 if (!(pi->sh->boardflags & BFL_FEM)) {
4619 write_radio_reg(pi, RADIO_2064_REG032, 0x6f);
4620 write_radio_reg(pi, RADIO_2064_REG033, 0x19);
4621 write_radio_reg(pi, RADIO_2064_REG039, 0xe);
4622 }
4623
4624} 4513}
4625 4514
4626static void wlc_lcnphy_radio_init(struct brcms_phy *pi) 4515static void wlc_lcnphy_radio_init(struct brcms_phy *pi)
@@ -4650,20 +4539,22 @@ static void wlc_lcnphy_tbl_init(struct brcms_phy *pi)
4650 wlc_lcnphy_write_table(pi, &tab); 4539 wlc_lcnphy_write_table(pi, &tab);
4651 } 4540 }
4652 4541
4653 if (!(pi->sh->boardflags & BFL_FEM)) { 4542 tab.tbl_id = LCNPHY_TBL_ID_RFSEQ;
4654 tab.tbl_id = LCNPHY_TBL_ID_RFSEQ; 4543 tab.tbl_width = 16;
4655 tab.tbl_width = 16; 4544 tab.tbl_ptr = &val;
4656 tab.tbl_ptr = &val; 4545 tab.tbl_len = 1;
4657 tab.tbl_len = 1;
4658 4546
4659 val = 150; 4547 val = 114;
4660 tab.tbl_offset = 0; 4548 tab.tbl_offset = 0;
4661 wlc_lcnphy_write_table(pi, &tab); 4549 wlc_lcnphy_write_table(pi, &tab);
4662 4550
4663 val = 220; 4551 val = 130;
4664 tab.tbl_offset = 1; 4552 tab.tbl_offset = 1;
4665 wlc_lcnphy_write_table(pi, &tab); 4553 wlc_lcnphy_write_table(pi, &tab);
4666 } 4554
4555 val = 6;
4556 tab.tbl_offset = 8;
4557 wlc_lcnphy_write_table(pi, &tab);
4667 4558
4668 if (CHSPEC_IS2G(pi->radio_chanspec)) { 4559 if (CHSPEC_IS2G(pi->radio_chanspec)) {
4669 if (pi->sh->boardflags & BFL_FEM) 4560 if (pi->sh->boardflags & BFL_FEM)
@@ -5055,7 +4946,6 @@ void wlc_phy_chanspec_set_lcnphy(struct brcms_phy *pi, u16 chanspec)
5055 wlc_lcnphy_load_tx_iir_filter(pi, true, 3); 4946 wlc_lcnphy_load_tx_iir_filter(pi, true, 3);
5056 4947
5057 mod_phy_reg(pi, 0x4eb, (0x7 << 3), (1) << 3); 4948 mod_phy_reg(pi, 0x4eb, (0x7 << 3), (1) << 3);
5058 wlc_lcnphy_tssi_setup(pi);
5059} 4949}
5060 4950
5061void wlc_phy_detach_lcnphy(struct brcms_phy *pi) 4951void wlc_phy_detach_lcnphy(struct brcms_phy *pi)
@@ -5094,7 +4984,8 @@ bool wlc_phy_attach_lcnphy(struct brcms_phy *pi)
5094 if (!wlc_phy_txpwr_srom_read_lcnphy(pi)) 4984 if (!wlc_phy_txpwr_srom_read_lcnphy(pi))
5095 return false; 4985 return false;
5096 4986
5097 if (LCNREV_IS(pi->pubpi.phy_rev, 1)) { 4987 if ((pi->sh->boardflags & BFL_FEM) &&
4988 (LCNREV_IS(pi->pubpi.phy_rev, 1))) {
5098 if (pi_lcn->lcnphy_tempsense_option == 3) { 4989 if (pi_lcn->lcnphy_tempsense_option == 3) {
5099 pi->hwpwrctrl = true; 4990 pi->hwpwrctrl = true;
5100 pi->hwpwrctrl_capable = true; 4991 pi->hwpwrctrl_capable = true;
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phytbl_lcn.c b/drivers/net/wireless/brcm80211/brcmsmac/phy/phytbl_lcn.c
index b7e95acc2084..622c01ca72c5 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phytbl_lcn.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phytbl_lcn.c
@@ -1992,70 +1992,70 @@ static const u16 dot11lcn_sw_ctrl_tbl_4313_epa_rev0[] = {
1992}; 1992};
1993 1993
1994static const u16 dot11lcn_sw_ctrl_tbl_4313_rev0[] = { 1994static const u16 dot11lcn_sw_ctrl_tbl_4313_rev0[] = {
1995 0x0009,
1996 0x000a, 1995 0x000a,
1997 0x0005,
1998 0x0006,
1999 0x0009, 1996 0x0009,
2000 0x000a,
2001 0x0005,
2002 0x0006, 1997 0x0006,
2003 0x0009,
2004 0x000a,
2005 0x0005, 1998 0x0005,
2006 0x0006,
2007 0x0009,
2008 0x000a, 1999 0x000a,
2009 0x0005,
2010 0x0006,
2011 0x0009, 2000 0x0009,
2012 0x000a,
2013 0x0005,
2014 0x0006, 2001 0x0006,
2015 0x0009,
2016 0x000a,
2017 0x0005, 2002 0x0005,
2018 0x0006,
2019 0x0009,
2020 0x000a, 2003 0x000a,
2021 0x0005,
2022 0x0006,
2023 0x0009, 2004 0x0009,
2024 0x000a,
2025 0x0005,
2026 0x0006, 2005 0x0006,
2027 0x0009,
2028 0x000a,
2029 0x0005, 2006 0x0005,
2030 0x0006,
2031 0x0009,
2032 0x000a, 2007 0x000a,
2033 0x0005,
2034 0x0006,
2035 0x0009, 2008 0x0009,
2036 0x000a,
2037 0x0005,
2038 0x0006, 2009 0x0006,
2039 0x0009,
2040 0x000a,
2041 0x0005, 2010 0x0005,
2042 0x0006, 2011 0x000a,
2043 0x0009, 2012 0x0009,
2013 0x0006,
2014 0x0005,
2044 0x000a, 2015 0x000a,
2016 0x0009,
2017 0x0006,
2045 0x0005, 2018 0x0005,
2019 0x000a,
2020 0x0009,
2046 0x0006, 2021 0x0006,
2022 0x0005,
2023 0x000a,
2047 0x0009, 2024 0x0009,
2025 0x0006,
2026 0x0005,
2048 0x000a, 2027 0x000a,
2028 0x0009,
2029 0x0006,
2049 0x0005, 2030 0x0005,
2031 0x000a,
2032 0x0009,
2050 0x0006, 2033 0x0006,
2034 0x0005,
2035 0x000a,
2051 0x0009, 2036 0x0009,
2037 0x0006,
2038 0x0005,
2052 0x000a, 2039 0x000a,
2040 0x0009,
2041 0x0006,
2053 0x0005, 2042 0x0005,
2043 0x000a,
2044 0x0009,
2054 0x0006, 2045 0x0006,
2046 0x0005,
2047 0x000a,
2055 0x0009, 2048 0x0009,
2049 0x0006,
2050 0x0005,
2056 0x000a, 2051 0x000a,
2052 0x0009,
2053 0x0006,
2057 0x0005, 2054 0x0005,
2055 0x000a,
2056 0x0009,
2058 0x0006, 2057 0x0006,
2058 0x0005,
2059}; 2059};
2060 2060
2061static const u16 dot11lcn_sw_ctrl_tbl_rev0[] = { 2061static const u16 dot11lcn_sw_ctrl_tbl_rev0[] = {
diff --git a/drivers/net/wireless/iwlegacy/4965-rs.c b/drivers/net/wireless/iwlegacy/4965-rs.c
index e8324b5e5bfe..6c7493c2d698 100644
--- a/drivers/net/wireless/iwlegacy/4965-rs.c
+++ b/drivers/net/wireless/iwlegacy/4965-rs.c
@@ -2152,7 +2152,7 @@ il4965_rs_initialize_lq(struct il_priv *il, struct ieee80211_conf *conf,
2152 int rate_idx; 2152 int rate_idx;
2153 int i; 2153 int i;
2154 u32 rate; 2154 u32 rate;
2155 u8 use_green = il4965_rs_use_green(il, sta); 2155 u8 use_green;
2156 u8 active_tbl = 0; 2156 u8 active_tbl = 0;
2157 u8 valid_tx_ant; 2157 u8 valid_tx_ant;
2158 struct il_station_priv *sta_priv; 2158 struct il_station_priv *sta_priv;
@@ -2160,6 +2160,7 @@ il4965_rs_initialize_lq(struct il_priv *il, struct ieee80211_conf *conf,
2160 if (!sta || !lq_sta) 2160 if (!sta || !lq_sta)
2161 return; 2161 return;
2162 2162
2163 use_green = il4965_rs_use_green(il, sta);
2163 sta_priv = (void *)sta->drv_priv; 2164 sta_priv = (void *)sta->drv_priv;
2164 2165
2165 i = lq_sta->last_txrate_idx; 2166 i = lq_sta->last_txrate_idx;
diff --git a/drivers/net/wireless/iwlwifi/dvm/lib.c b/drivers/net/wireless/iwlwifi/dvm/lib.c
index 86ea5f4c3939..44ca0e57f9f7 100644
--- a/drivers/net/wireless/iwlwifi/dvm/lib.c
+++ b/drivers/net/wireless/iwlwifi/dvm/lib.c
@@ -1262,6 +1262,15 @@ int iwl_dvm_send_cmd(struct iwl_priv *priv, struct iwl_host_cmd *cmd)
1262 } 1262 }
1263 1263
1264 /* 1264 /*
1265 * This can happen upon FW ASSERT: we clear the STATUS_FW_ERROR flag
1266 * in iwl_down but cancel the workers only later.
1267 */
1268 if (!priv->ucode_loaded) {
1269 IWL_ERR(priv, "Fw not loaded - dropping CMD: %x\n", cmd->id);
1270 return -EIO;
1271 }
1272
1273 /*
1265 * Synchronous commands from this op-mode must hold 1274 * Synchronous commands from this op-mode must hold
1266 * the mutex, this ensures we don't try to send two 1275 * the mutex, this ensures we don't try to send two
1267 * (or more) synchronous commands at a time. 1276 * (or more) synchronous commands at a time.
diff --git a/drivers/net/wireless/iwlwifi/dvm/ucode.c b/drivers/net/wireless/iwlwifi/dvm/ucode.c
index 736fe9bb140e..1a4ac9236a44 100644
--- a/drivers/net/wireless/iwlwifi/dvm/ucode.c
+++ b/drivers/net/wireless/iwlwifi/dvm/ucode.c
@@ -367,6 +367,8 @@ int iwl_load_ucode_wait_alive(struct iwl_priv *priv,
367 return -EIO; 367 return -EIO;
368 } 368 }
369 369
370 priv->ucode_loaded = true;
371
370 if (ucode_type != IWL_UCODE_WOWLAN) { 372 if (ucode_type != IWL_UCODE_WOWLAN) {
371 /* delay a bit to give rfkill time to run */ 373 /* delay a bit to give rfkill time to run */
372 msleep(5); 374 msleep(5);
@@ -380,8 +382,6 @@ int iwl_load_ucode_wait_alive(struct iwl_priv *priv,
380 return ret; 382 return ret;
381 } 383 }
382 384
383 priv->ucode_loaded = true;
384
385 return 0; 385 return 0;
386} 386}
387 387
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
index 17bedc50e753..12c4f31ca8fb 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
@@ -475,6 +475,10 @@ static int iwl_trans_pcie_start_fw(struct iwl_trans *trans,
475 475
476 /* If platform's RF_KILL switch is NOT set to KILL */ 476 /* If platform's RF_KILL switch is NOT set to KILL */
477 hw_rfkill = iwl_is_rfkill_set(trans); 477 hw_rfkill = iwl_is_rfkill_set(trans);
478 if (hw_rfkill)
479 set_bit(STATUS_RFKILL, &trans_pcie->status);
480 else
481 clear_bit(STATUS_RFKILL, &trans_pcie->status);
478 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill); 482 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill);
479 if (hw_rfkill && !run_in_rfkill) 483 if (hw_rfkill && !run_in_rfkill)
480 return -ERFKILL; 484 return -ERFKILL;
@@ -641,6 +645,7 @@ static int iwl_trans_pcie_d3_resume(struct iwl_trans *trans,
641 645
642static int iwl_trans_pcie_start_hw(struct iwl_trans *trans) 646static int iwl_trans_pcie_start_hw(struct iwl_trans *trans)
643{ 647{
648 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
644 bool hw_rfkill; 649 bool hw_rfkill;
645 int err; 650 int err;
646 651
@@ -656,6 +661,10 @@ static int iwl_trans_pcie_start_hw(struct iwl_trans *trans)
656 iwl_enable_rfkill_int(trans); 661 iwl_enable_rfkill_int(trans);
657 662
658 hw_rfkill = iwl_is_rfkill_set(trans); 663 hw_rfkill = iwl_is_rfkill_set(trans);
664 if (hw_rfkill)
665 set_bit(STATUS_RFKILL, &trans_pcie->status);
666 else
667 clear_bit(STATUS_RFKILL, &trans_pcie->status);
659 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill); 668 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill);
660 669
661 return 0; 670 return 0;
@@ -694,6 +703,10 @@ static void iwl_trans_pcie_stop_hw(struct iwl_trans *trans,
694 * op_mode. 703 * op_mode.
695 */ 704 */
696 hw_rfkill = iwl_is_rfkill_set(trans); 705 hw_rfkill = iwl_is_rfkill_set(trans);
706 if (hw_rfkill)
707 set_bit(STATUS_RFKILL, &trans_pcie->status);
708 else
709 clear_bit(STATUS_RFKILL, &trans_pcie->status);
697 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill); 710 iwl_op_mode_hw_rf_kill(trans->op_mode, hw_rfkill);
698 } 711 }
699} 712}
diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c
index 8595c16f74de..cb5c6792e3a8 100644
--- a/drivers/net/wireless/iwlwifi/pcie/tx.c
+++ b/drivers/net/wireless/iwlwifi/pcie/tx.c
@@ -1264,7 +1264,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
1264 for (i = 0; i < IWL_MAX_CMD_TBS_PER_TFD; i++) { 1264 for (i = 0; i < IWL_MAX_CMD_TBS_PER_TFD; i++) {
1265 int copy = 0; 1265 int copy = 0;
1266 1266
1267 if (!cmd->len) 1267 if (!cmd->len[i])
1268 continue; 1268 continue;
1269 1269
1270 /* need at least IWL_HCMD_SCRATCHBUF_SIZE copied */ 1270 /* need at least IWL_HCMD_SCRATCHBUF_SIZE copied */
diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
index 5c395e2e6a2b..feb204613397 100644
--- a/drivers/net/wireless/mwifiex/pcie.c
+++ b/drivers/net/wireless/mwifiex/pcie.c
@@ -1508,6 +1508,7 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
1508 } 1508 }
1509 memcpy(adapter->upld_buf, skb->data, 1509 memcpy(adapter->upld_buf, skb->data,
1510 min_t(u32, MWIFIEX_SIZE_OF_CMD_BUFFER, skb->len)); 1510 min_t(u32, MWIFIEX_SIZE_OF_CMD_BUFFER, skb->len));
1511 skb_push(skb, INTF_HEADER_LEN);
1511 if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE, 1512 if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE,
1512 PCI_DMA_FROMDEVICE)) 1513 PCI_DMA_FROMDEVICE))
1513 return -1; 1514 return -1;
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index baaa8608e52d..3bfe2612c8c2 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -349,21 +349,19 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
349static int ieee80211_add_virtual_monitor(struct ieee80211_local *local) 349static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
350{ 350{
351 struct ieee80211_sub_if_data *sdata; 351 struct ieee80211_sub_if_data *sdata;
352 int ret = 0; 352 int ret;
353 353
354 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)) 354 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
355 return 0; 355 return 0;
356 356
357 mutex_lock(&local->iflist_mtx); 357 ASSERT_RTNL();
358 358
359 if (local->monitor_sdata) 359 if (local->monitor_sdata)
360 goto out_unlock; 360 return 0;
361 361
362 sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL); 362 sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
363 if (!sdata) { 363 if (!sdata)
364 ret = -ENOMEM; 364 return -ENOMEM;
365 goto out_unlock;
366 }
367 365
368 /* set up data */ 366 /* set up data */
369 sdata->local = local; 367 sdata->local = local;
@@ -377,13 +375,13 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
377 if (WARN_ON(ret)) { 375 if (WARN_ON(ret)) {
378 /* ok .. stupid driver, it asked for this! */ 376 /* ok .. stupid driver, it asked for this! */
379 kfree(sdata); 377 kfree(sdata);
380 goto out_unlock; 378 return ret;
381 } 379 }
382 380
383 ret = ieee80211_check_queues(sdata); 381 ret = ieee80211_check_queues(sdata);
384 if (ret) { 382 if (ret) {
385 kfree(sdata); 383 kfree(sdata);
386 goto out_unlock; 384 return ret;
387 } 385 }
388 386
389 ret = ieee80211_vif_use_channel(sdata, &local->monitor_chandef, 387 ret = ieee80211_vif_use_channel(sdata, &local->monitor_chandef,
@@ -391,13 +389,14 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
391 if (ret) { 389 if (ret) {
392 drv_remove_interface(local, sdata); 390 drv_remove_interface(local, sdata);
393 kfree(sdata); 391 kfree(sdata);
394 goto out_unlock; 392 return ret;
395 } 393 }
396 394
395 mutex_lock(&local->iflist_mtx);
397 rcu_assign_pointer(local->monitor_sdata, sdata); 396 rcu_assign_pointer(local->monitor_sdata, sdata);
398 out_unlock:
399 mutex_unlock(&local->iflist_mtx); 397 mutex_unlock(&local->iflist_mtx);
400 return ret; 398
399 return 0;
401} 400}
402 401
403static void ieee80211_del_virtual_monitor(struct ieee80211_local *local) 402static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
@@ -407,14 +406,20 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
407 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)) 406 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
408 return; 407 return;
409 408
409 ASSERT_RTNL();
410
410 mutex_lock(&local->iflist_mtx); 411 mutex_lock(&local->iflist_mtx);
411 412
412 sdata = rcu_dereference_protected(local->monitor_sdata, 413 sdata = rcu_dereference_protected(local->monitor_sdata,
413 lockdep_is_held(&local->iflist_mtx)); 414 lockdep_is_held(&local->iflist_mtx));
414 if (!sdata) 415 if (!sdata) {
415 goto out_unlock; 416 mutex_unlock(&local->iflist_mtx);
417 return;
418 }
416 419
417 rcu_assign_pointer(local->monitor_sdata, NULL); 420 rcu_assign_pointer(local->monitor_sdata, NULL);
421 mutex_unlock(&local->iflist_mtx);
422
418 synchronize_net(); 423 synchronize_net();
419 424
420 ieee80211_vif_release_channel(sdata); 425 ieee80211_vif_release_channel(sdata);
@@ -422,8 +427,6 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
422 drv_remove_interface(local, sdata); 427 drv_remove_interface(local, sdata);
423 428
424 kfree(sdata); 429 kfree(sdata);
425 out_unlock:
426 mutex_unlock(&local->iflist_mtx);
427} 430}
428 431
429/* 432/*
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 29ce2aa87e7b..4749b3858695 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1060,7 +1060,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
1060 1060
1061 rcu_read_lock(); 1061 rcu_read_lock();
1062 list_for_each_entry_rcu(sdata, &local->interfaces, list) 1062 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1063 if (ieee80211_vif_is_mesh(&sdata->vif)) 1063 if (ieee80211_vif_is_mesh(&sdata->vif) &&
1064 ieee80211_sdata_running(sdata))
1064 ieee80211_queue_work(&local->hw, &sdata->work); 1065 ieee80211_queue_work(&local->hw, &sdata->work);
1065 rcu_read_unlock(); 1066 rcu_read_unlock();
1066} 1067}
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 141577412d84..82cc30318a86 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3608,8 +3608,10 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3608 3608
3609 /* Restart STA timers */ 3609 /* Restart STA timers */
3610 rcu_read_lock(); 3610 rcu_read_lock();
3611 list_for_each_entry_rcu(sdata, &local->interfaces, list) 3611 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3612 ieee80211_restart_sta_timer(sdata); 3612 if (ieee80211_sdata_running(sdata))
3613 ieee80211_restart_sta_timer(sdata);
3614 }
3613 rcu_read_unlock(); 3615 rcu_read_unlock();
3614} 3616}
3615 3617
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index bb73ed2d20b9..c6844ad080be 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2675,7 +2675,19 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2675 2675
2676 memset(nskb->cb, 0, sizeof(nskb->cb)); 2676 memset(nskb->cb, 0, sizeof(nskb->cb));
2677 2677
2678 ieee80211_tx_skb(rx->sdata, nskb); 2678 if (rx->sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
2679 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(nskb);
2680
2681 info->flags = IEEE80211_TX_CTL_TX_OFFCHAN |
2682 IEEE80211_TX_INTFL_OFFCHAN_TX_OK |
2683 IEEE80211_TX_CTL_NO_CCK_RATE;
2684 if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
2685 info->hw_queue =
2686 local->hw.offchannel_tx_hw_queue;
2687 }
2688
2689 __ieee80211_tx_skb_tid_band(rx->sdata, nskb, 7,
2690 status->band);
2679 } 2691 }
2680 dev_kfree_skb(rx->skb); 2692 dev_kfree_skb(rx->skb);
2681 return RX_QUEUED; 2693 return RX_QUEUED;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index a79ce820cb50..238a0cca320e 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -766,6 +766,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
766 struct ieee80211_local *local; 766 struct ieee80211_local *local;
767 struct ieee80211_sub_if_data *sdata; 767 struct ieee80211_sub_if_data *sdata;
768 int ret, i; 768 int ret, i;
769 bool have_key = false;
769 770
770 might_sleep(); 771 might_sleep();
771 772
@@ -793,12 +794,19 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
793 list_del_rcu(&sta->list); 794 list_del_rcu(&sta->list);
794 795
795 mutex_lock(&local->key_mtx); 796 mutex_lock(&local->key_mtx);
796 for (i = 0; i < NUM_DEFAULT_KEYS; i++) 797 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
797 __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i])); 798 __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
798 if (sta->ptk) 799 have_key = true;
800 }
801 if (sta->ptk) {
799 __ieee80211_key_free(key_mtx_dereference(local, sta->ptk)); 802 __ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
803 have_key = true;
804 }
800 mutex_unlock(&local->key_mtx); 805 mutex_unlock(&local->key_mtx);
801 806
807 if (!have_key)
808 synchronize_net();
809
802 sta->dead = true; 810 sta->dead = true;
803 811
804 local->num_sta--; 812 local->num_sta--;
diff --git a/net/wireless/core.c b/net/wireless/core.c
index ea4155fe9733..6ddf74f0ae1e 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -212,6 +212,39 @@ static void cfg80211_rfkill_poll(struct rfkill *rfkill, void *data)
212 rdev_rfkill_poll(rdev); 212 rdev_rfkill_poll(rdev);
213} 213}
214 214
215void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev,
216 struct wireless_dev *wdev)
217{
218 lockdep_assert_held(&rdev->devlist_mtx);
219 lockdep_assert_held(&rdev->sched_scan_mtx);
220
221 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_P2P_DEVICE))
222 return;
223
224 if (!wdev->p2p_started)
225 return;
226
227 rdev_stop_p2p_device(rdev, wdev);
228 wdev->p2p_started = false;
229
230 rdev->opencount--;
231
232 if (rdev->scan_req && rdev->scan_req->wdev == wdev) {
233 bool busy = work_busy(&rdev->scan_done_wk);
234
235 /*
236 * If the work isn't pending or running (in which case it would
237 * be waiting for the lock we hold) the driver didn't properly
238 * cancel the scan when the interface was removed. In this case
239 * warn and leak the scan request object to not crash later.
240 */
241 WARN_ON(!busy);
242
243 rdev->scan_req->aborted = true;
244 ___cfg80211_scan_done(rdev, !busy);
245 }
246}
247
215static int cfg80211_rfkill_set_block(void *data, bool blocked) 248static int cfg80211_rfkill_set_block(void *data, bool blocked)
216{ 249{
217 struct cfg80211_registered_device *rdev = data; 250 struct cfg80211_registered_device *rdev = data;
@@ -221,7 +254,8 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
221 return 0; 254 return 0;
222 255
223 rtnl_lock(); 256 rtnl_lock();
224 mutex_lock(&rdev->devlist_mtx); 257
258 /* read-only iteration need not hold the devlist_mtx */
225 259
226 list_for_each_entry(wdev, &rdev->wdev_list, list) { 260 list_for_each_entry(wdev, &rdev->wdev_list, list) {
227 if (wdev->netdev) { 261 if (wdev->netdev) {
@@ -231,18 +265,18 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
231 /* otherwise, check iftype */ 265 /* otherwise, check iftype */
232 switch (wdev->iftype) { 266 switch (wdev->iftype) {
233 case NL80211_IFTYPE_P2P_DEVICE: 267 case NL80211_IFTYPE_P2P_DEVICE:
234 if (!wdev->p2p_started) 268 /* but this requires it */
235 break; 269 mutex_lock(&rdev->devlist_mtx);
236 rdev_stop_p2p_device(rdev, wdev); 270 mutex_lock(&rdev->sched_scan_mtx);
237 wdev->p2p_started = false; 271 cfg80211_stop_p2p_device(rdev, wdev);
238 rdev->opencount--; 272 mutex_unlock(&rdev->sched_scan_mtx);
273 mutex_unlock(&rdev->devlist_mtx);
239 break; 274 break;
240 default: 275 default:
241 break; 276 break;
242 } 277 }
243 } 278 }
244 279
245 mutex_unlock(&rdev->devlist_mtx);
246 rtnl_unlock(); 280 rtnl_unlock();
247 281
248 return 0; 282 return 0;
@@ -745,17 +779,13 @@ static void wdev_cleanup_work(struct work_struct *work)
745 wdev = container_of(work, struct wireless_dev, cleanup_work); 779 wdev = container_of(work, struct wireless_dev, cleanup_work);
746 rdev = wiphy_to_dev(wdev->wiphy); 780 rdev = wiphy_to_dev(wdev->wiphy);
747 781
748 cfg80211_lock_rdev(rdev); 782 mutex_lock(&rdev->sched_scan_mtx);
749 783
750 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) { 784 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
751 rdev->scan_req->aborted = true; 785 rdev->scan_req->aborted = true;
752 ___cfg80211_scan_done(rdev, true); 786 ___cfg80211_scan_done(rdev, true);
753 } 787 }
754 788
755 cfg80211_unlock_rdev(rdev);
756
757 mutex_lock(&rdev->sched_scan_mtx);
758
759 if (WARN_ON(rdev->sched_scan_req && 789 if (WARN_ON(rdev->sched_scan_req &&
760 rdev->sched_scan_req->dev == wdev->netdev)) { 790 rdev->sched_scan_req->dev == wdev->netdev)) {
761 __cfg80211_stop_sched_scan(rdev, false); 791 __cfg80211_stop_sched_scan(rdev, false);
@@ -781,21 +811,19 @@ void cfg80211_unregister_wdev(struct wireless_dev *wdev)
781 return; 811 return;
782 812
783 mutex_lock(&rdev->devlist_mtx); 813 mutex_lock(&rdev->devlist_mtx);
814 mutex_lock(&rdev->sched_scan_mtx);
784 list_del_rcu(&wdev->list); 815 list_del_rcu(&wdev->list);
785 rdev->devlist_generation++; 816 rdev->devlist_generation++;
786 817
787 switch (wdev->iftype) { 818 switch (wdev->iftype) {
788 case NL80211_IFTYPE_P2P_DEVICE: 819 case NL80211_IFTYPE_P2P_DEVICE:
789 if (!wdev->p2p_started) 820 cfg80211_stop_p2p_device(rdev, wdev);
790 break;
791 rdev_stop_p2p_device(rdev, wdev);
792 wdev->p2p_started = false;
793 rdev->opencount--;
794 break; 821 break;
795 default: 822 default:
796 WARN_ON_ONCE(1); 823 WARN_ON_ONCE(1);
797 break; 824 break;
798 } 825 }
826 mutex_unlock(&rdev->sched_scan_mtx);
799 mutex_unlock(&rdev->devlist_mtx); 827 mutex_unlock(&rdev->devlist_mtx);
800} 828}
801EXPORT_SYMBOL(cfg80211_unregister_wdev); 829EXPORT_SYMBOL(cfg80211_unregister_wdev);
@@ -936,6 +964,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
936 cfg80211_update_iface_num(rdev, wdev->iftype, 1); 964 cfg80211_update_iface_num(rdev, wdev->iftype, 1);
937 cfg80211_lock_rdev(rdev); 965 cfg80211_lock_rdev(rdev);
938 mutex_lock(&rdev->devlist_mtx); 966 mutex_lock(&rdev->devlist_mtx);
967 mutex_lock(&rdev->sched_scan_mtx);
939 wdev_lock(wdev); 968 wdev_lock(wdev);
940 switch (wdev->iftype) { 969 switch (wdev->iftype) {
941#ifdef CONFIG_CFG80211_WEXT 970#ifdef CONFIG_CFG80211_WEXT
@@ -967,6 +996,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
967 break; 996 break;
968 } 997 }
969 wdev_unlock(wdev); 998 wdev_unlock(wdev);
999 mutex_unlock(&rdev->sched_scan_mtx);
970 rdev->opencount++; 1000 rdev->opencount++;
971 mutex_unlock(&rdev->devlist_mtx); 1001 mutex_unlock(&rdev->devlist_mtx);
972 cfg80211_unlock_rdev(rdev); 1002 cfg80211_unlock_rdev(rdev);
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 3aec0e429d8a..5845c2b37aa8 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -503,6 +503,9 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
503void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev, 503void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev,
504 enum nl80211_iftype iftype, int num); 504 enum nl80211_iftype iftype, int num);
505 505
506void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev,
507 struct wireless_dev *wdev);
508
506#define CFG80211_MAX_NUM_DIFFERENT_CHANNELS 10 509#define CFG80211_MAX_NUM_DIFFERENT_CHANNELS 10
507 510
508#ifdef CONFIG_CFG80211_DEVELOPER_WARNINGS 511#ifdef CONFIG_CFG80211_DEVELOPER_WARNINGS
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d44ab216c0ec..58e13a8c95f9 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4702,14 +4702,19 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4702 if (!rdev->ops->scan) 4702 if (!rdev->ops->scan)
4703 return -EOPNOTSUPP; 4703 return -EOPNOTSUPP;
4704 4704
4705 if (rdev->scan_req) 4705 mutex_lock(&rdev->sched_scan_mtx);
4706 return -EBUSY; 4706 if (rdev->scan_req) {
4707 err = -EBUSY;
4708 goto unlock;
4709 }
4707 4710
4708 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4711 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4709 n_channels = validate_scan_freqs( 4712 n_channels = validate_scan_freqs(
4710 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4713 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4711 if (!n_channels) 4714 if (!n_channels) {
4712 return -EINVAL; 4715 err = -EINVAL;
4716 goto unlock;
4717 }
4713 } else { 4718 } else {
4714 enum ieee80211_band band; 4719 enum ieee80211_band band;
4715 n_channels = 0; 4720 n_channels = 0;
@@ -4723,23 +4728,29 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4723 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4728 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4724 n_ssids++; 4729 n_ssids++;
4725 4730
4726 if (n_ssids > wiphy->max_scan_ssids) 4731 if (n_ssids > wiphy->max_scan_ssids) {
4727 return -EINVAL; 4732 err = -EINVAL;
4733 goto unlock;
4734 }
4728 4735
4729 if (info->attrs[NL80211_ATTR_IE]) 4736 if (info->attrs[NL80211_ATTR_IE])
4730 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4737 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4731 else 4738 else
4732 ie_len = 0; 4739 ie_len = 0;
4733 4740
4734 if (ie_len > wiphy->max_scan_ie_len) 4741 if (ie_len > wiphy->max_scan_ie_len) {
4735 return -EINVAL; 4742 err = -EINVAL;
4743 goto unlock;
4744 }
4736 4745
4737 request = kzalloc(sizeof(*request) 4746 request = kzalloc(sizeof(*request)
4738 + sizeof(*request->ssids) * n_ssids 4747 + sizeof(*request->ssids) * n_ssids
4739 + sizeof(*request->channels) * n_channels 4748 + sizeof(*request->channels) * n_channels
4740 + ie_len, GFP_KERNEL); 4749 + ie_len, GFP_KERNEL);
4741 if (!request) 4750 if (!request) {
4742 return -ENOMEM; 4751 err = -ENOMEM;
4752 goto unlock;
4753 }
4743 4754
4744 if (n_ssids) 4755 if (n_ssids)
4745 request->ssids = (void *)&request->channels[n_channels]; 4756 request->ssids = (void *)&request->channels[n_channels];
@@ -4876,6 +4887,8 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4876 kfree(request); 4887 kfree(request);
4877 } 4888 }
4878 4889
4890 unlock:
4891 mutex_unlock(&rdev->sched_scan_mtx);
4879 return err; 4892 return err;
4880} 4893}
4881 4894
@@ -7749,20 +7762,9 @@ static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
7749 if (!rdev->ops->stop_p2p_device) 7762 if (!rdev->ops->stop_p2p_device)
7750 return -EOPNOTSUPP; 7763 return -EOPNOTSUPP;
7751 7764
7752 if (!wdev->p2p_started) 7765 mutex_lock(&rdev->sched_scan_mtx);
7753 return 0; 7766 cfg80211_stop_p2p_device(rdev, wdev);
7754 7767 mutex_unlock(&rdev->sched_scan_mtx);
7755 rdev_stop_p2p_device(rdev, wdev);
7756 wdev->p2p_started = false;
7757
7758 mutex_lock(&rdev->devlist_mtx);
7759 rdev->opencount--;
7760 mutex_unlock(&rdev->devlist_mtx);
7761
7762 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
7763 rdev->scan_req->aborted = true;
7764 ___cfg80211_scan_done(rdev, true);
7765 }
7766 7768
7767 return 0; 7769 return 0;
7768} 7770}
@@ -8486,7 +8488,7 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
8486 struct nlattr *nest; 8488 struct nlattr *nest;
8487 int i; 8489 int i;
8488 8490
8489 ASSERT_RDEV_LOCK(rdev); 8491 lockdep_assert_held(&rdev->sched_scan_mtx);
8490 8492
8491 if (WARN_ON(!req)) 8493 if (WARN_ON(!req))
8492 return 0; 8494 return 0;
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 674aadca0079..fd99ea495b7e 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -169,7 +169,7 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
169 union iwreq_data wrqu; 169 union iwreq_data wrqu;
170#endif 170#endif
171 171
172 ASSERT_RDEV_LOCK(rdev); 172 lockdep_assert_held(&rdev->sched_scan_mtx);
173 173
174 request = rdev->scan_req; 174 request = rdev->scan_req;
175 175
@@ -230,9 +230,9 @@ void __cfg80211_scan_done(struct work_struct *wk)
230 rdev = container_of(wk, struct cfg80211_registered_device, 230 rdev = container_of(wk, struct cfg80211_registered_device,
231 scan_done_wk); 231 scan_done_wk);
232 232
233 cfg80211_lock_rdev(rdev); 233 mutex_lock(&rdev->sched_scan_mtx);
234 ___cfg80211_scan_done(rdev, false); 234 ___cfg80211_scan_done(rdev, false);
235 cfg80211_unlock_rdev(rdev); 235 mutex_unlock(&rdev->sched_scan_mtx);
236} 236}
237 237
238void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) 238void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
@@ -698,11 +698,6 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
698 found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR); 698 found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR);
699 699
700 if (found) { 700 if (found) {
701 found->pub.beacon_interval = tmp->pub.beacon_interval;
702 found->pub.signal = tmp->pub.signal;
703 found->pub.capability = tmp->pub.capability;
704 found->ts = tmp->ts;
705
706 /* Update IEs */ 701 /* Update IEs */
707 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 702 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
708 const struct cfg80211_bss_ies *old; 703 const struct cfg80211_bss_ies *old;
@@ -723,6 +718,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
723 718
724 if (found->pub.hidden_beacon_bss && 719 if (found->pub.hidden_beacon_bss &&
725 !list_empty(&found->hidden_list)) { 720 !list_empty(&found->hidden_list)) {
721 const struct cfg80211_bss_ies *f;
722
726 /* 723 /*
727 * The found BSS struct is one of the probe 724 * The found BSS struct is one of the probe
728 * response members of a group, but we're 725 * response members of a group, but we're
@@ -732,6 +729,10 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
732 * SSID to showing it, which is confusing so 729 * SSID to showing it, which is confusing so
733 * drop this information. 730 * drop this information.
734 */ 731 */
732
733 f = rcu_access_pointer(tmp->pub.beacon_ies);
734 kfree_rcu((struct cfg80211_bss_ies *)f,
735 rcu_head);
735 goto drop; 736 goto drop;
736 } 737 }
737 738
@@ -761,6 +762,11 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
761 kfree_rcu((struct cfg80211_bss_ies *)old, 762 kfree_rcu((struct cfg80211_bss_ies *)old,
762 rcu_head); 763 rcu_head);
763 } 764 }
765
766 found->pub.beacon_interval = tmp->pub.beacon_interval;
767 found->pub.signal = tmp->pub.signal;
768 found->pub.capability = tmp->pub.capability;
769 found->ts = tmp->ts;
764 } else { 770 } else {
765 struct cfg80211_internal_bss *new; 771 struct cfg80211_internal_bss *new;
766 struct cfg80211_internal_bss *hidden; 772 struct cfg80211_internal_bss *hidden;
@@ -1056,6 +1062,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
1056 if (IS_ERR(rdev)) 1062 if (IS_ERR(rdev))
1057 return PTR_ERR(rdev); 1063 return PTR_ERR(rdev);
1058 1064
1065 mutex_lock(&rdev->sched_scan_mtx);
1059 if (rdev->scan_req) { 1066 if (rdev->scan_req) {
1060 err = -EBUSY; 1067 err = -EBUSY;
1061 goto out; 1068 goto out;
@@ -1162,6 +1169,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
1162 dev_hold(dev); 1169 dev_hold(dev);
1163 } 1170 }
1164 out: 1171 out:
1172 mutex_unlock(&rdev->sched_scan_mtx);
1165 kfree(creq); 1173 kfree(creq);
1166 cfg80211_unlock_rdev(rdev); 1174 cfg80211_unlock_rdev(rdev);
1167 return err; 1175 return err;
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index f432bd3755b1..09d994d192ff 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -85,6 +85,7 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev)
85 ASSERT_RTNL(); 85 ASSERT_RTNL();
86 ASSERT_RDEV_LOCK(rdev); 86 ASSERT_RDEV_LOCK(rdev);
87 ASSERT_WDEV_LOCK(wdev); 87 ASSERT_WDEV_LOCK(wdev);
88 lockdep_assert_held(&rdev->sched_scan_mtx);
88 89
89 if (rdev->scan_req) 90 if (rdev->scan_req)
90 return -EBUSY; 91 return -EBUSY;
@@ -320,11 +321,9 @@ void cfg80211_sme_scan_done(struct net_device *dev)
320{ 321{
321 struct wireless_dev *wdev = dev->ieee80211_ptr; 322 struct wireless_dev *wdev = dev->ieee80211_ptr;
322 323
323 mutex_lock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
324 wdev_lock(wdev); 324 wdev_lock(wdev);
325 __cfg80211_sme_scan_done(dev); 325 __cfg80211_sme_scan_done(dev);
326 wdev_unlock(wdev); 326 wdev_unlock(wdev);
327 mutex_unlock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
328} 327}
329 328
330void cfg80211_sme_rx_auth(struct net_device *dev, 329void cfg80211_sme_rx_auth(struct net_device *dev,
@@ -924,9 +923,12 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
924 int err; 923 int err;
925 924
926 mutex_lock(&rdev->devlist_mtx); 925 mutex_lock(&rdev->devlist_mtx);
926 /* might request scan - scan_mtx -> wdev_mtx dependency */
927 mutex_lock(&rdev->sched_scan_mtx);
927 wdev_lock(dev->ieee80211_ptr); 928 wdev_lock(dev->ieee80211_ptr);
928 err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL); 929 err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL);
929 wdev_unlock(dev->ieee80211_ptr); 930 wdev_unlock(dev->ieee80211_ptr);
931 mutex_unlock(&rdev->sched_scan_mtx);
930 mutex_unlock(&rdev->devlist_mtx); 932 mutex_unlock(&rdev->devlist_mtx);
931 933
932 return err; 934 return err;
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index b7a531380e19..7586de77a2f8 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -27,7 +27,8 @@
27#define WIPHY_PR_ARG __entry->wiphy_name 27#define WIPHY_PR_ARG __entry->wiphy_name
28 28
29#define WDEV_ENTRY __field(u32, id) 29#define WDEV_ENTRY __field(u32, id)
30#define WDEV_ASSIGN (__entry->id) = (wdev ? wdev->identifier : 0) 30#define WDEV_ASSIGN (__entry->id) = (!IS_ERR_OR_NULL(wdev) \
31 ? wdev->identifier : 0)
31#define WDEV_PR_FMT "wdev(%u)" 32#define WDEV_PR_FMT "wdev(%u)"
32#define WDEV_PR_ARG (__entry->id) 33#define WDEV_PR_ARG (__entry->id)
33 34
@@ -1778,7 +1779,7 @@ TRACE_EVENT(rdev_set_mac_acl,
1778 ), 1779 ),
1779 TP_fast_assign( 1780 TP_fast_assign(
1780 WIPHY_ASSIGN; 1781 WIPHY_ASSIGN;
1781 WIPHY_ASSIGN; 1782 NETDEV_ASSIGN;
1782 __entry->acl_policy = params->acl_policy; 1783 __entry->acl_policy = params->acl_policy;
1783 ), 1784 ),
1784 TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", acl policy: %d", 1785 TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", acl policy: %d",
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index fb9622f6d99c..e79cb5c0655a 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -89,6 +89,7 @@ int cfg80211_mgd_wext_siwfreq(struct net_device *dev,
89 89
90 cfg80211_lock_rdev(rdev); 90 cfg80211_lock_rdev(rdev);
91 mutex_lock(&rdev->devlist_mtx); 91 mutex_lock(&rdev->devlist_mtx);
92 mutex_lock(&rdev->sched_scan_mtx);
92 wdev_lock(wdev); 93 wdev_lock(wdev);
93 94
94 if (wdev->sme_state != CFG80211_SME_IDLE) { 95 if (wdev->sme_state != CFG80211_SME_IDLE) {
@@ -135,6 +136,7 @@ int cfg80211_mgd_wext_siwfreq(struct net_device *dev,
135 err = cfg80211_mgd_wext_connect(rdev, wdev); 136 err = cfg80211_mgd_wext_connect(rdev, wdev);
136 out: 137 out:
137 wdev_unlock(wdev); 138 wdev_unlock(wdev);
139 mutex_unlock(&rdev->sched_scan_mtx);
138 mutex_unlock(&rdev->devlist_mtx); 140 mutex_unlock(&rdev->devlist_mtx);
139 cfg80211_unlock_rdev(rdev); 141 cfg80211_unlock_rdev(rdev);
140 return err; 142 return err;
@@ -190,6 +192,7 @@ int cfg80211_mgd_wext_siwessid(struct net_device *dev,
190 192
191 cfg80211_lock_rdev(rdev); 193 cfg80211_lock_rdev(rdev);
192 mutex_lock(&rdev->devlist_mtx); 194 mutex_lock(&rdev->devlist_mtx);
195 mutex_lock(&rdev->sched_scan_mtx);
193 wdev_lock(wdev); 196 wdev_lock(wdev);
194 197
195 err = 0; 198 err = 0;
@@ -223,6 +226,7 @@ int cfg80211_mgd_wext_siwessid(struct net_device *dev,
223 err = cfg80211_mgd_wext_connect(rdev, wdev); 226 err = cfg80211_mgd_wext_connect(rdev, wdev);
224 out: 227 out:
225 wdev_unlock(wdev); 228 wdev_unlock(wdev);
229 mutex_unlock(&rdev->sched_scan_mtx);
226 mutex_unlock(&rdev->devlist_mtx); 230 mutex_unlock(&rdev->devlist_mtx);
227 cfg80211_unlock_rdev(rdev); 231 cfg80211_unlock_rdev(rdev);
228 return err; 232 return err;
@@ -285,6 +289,7 @@ int cfg80211_mgd_wext_siwap(struct net_device *dev,
285 289
286 cfg80211_lock_rdev(rdev); 290 cfg80211_lock_rdev(rdev);
287 mutex_lock(&rdev->devlist_mtx); 291 mutex_lock(&rdev->devlist_mtx);
292 mutex_lock(&rdev->sched_scan_mtx);
288 wdev_lock(wdev); 293 wdev_lock(wdev);
289 294
290 if (wdev->sme_state != CFG80211_SME_IDLE) { 295 if (wdev->sme_state != CFG80211_SME_IDLE) {
@@ -313,6 +318,7 @@ int cfg80211_mgd_wext_siwap(struct net_device *dev,
313 err = cfg80211_mgd_wext_connect(rdev, wdev); 318 err = cfg80211_mgd_wext_connect(rdev, wdev);
314 out: 319 out:
315 wdev_unlock(wdev); 320 wdev_unlock(wdev);
321 mutex_unlock(&rdev->sched_scan_mtx);
316 mutex_unlock(&rdev->devlist_mtx); 322 mutex_unlock(&rdev->devlist_mtx);
317 cfg80211_unlock_rdev(rdev); 323 cfg80211_unlock_rdev(rdev);
318 return err; 324 return err;
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-04 07:16:50 -0500