Patch should fix this oops:

BUG: unable to handle kernel NULL pointer dereference at 000000a0
IP: [<f8e06078>] rt2800usb_write_tx_desc+0x18/0xc0 [rt2800usb]
*pdpt = 000000002408c001 *pde = 0000000024079067 *pte = 0000000000000000
Oops: 0000 [#1] SMP
EIP: 0060:[<f8e06078>] EFLAGS: 00010282 CPU: 0
EIP is at rt2800usb_write_tx_desc+0x18/0xc0 [rt2800usb]
EAX: 00000035 EBX: ef2bef10 ECX: 00000000 EDX: d40958a0
ESI: ef1865f8 EDI: ef1865f8 EBP: d4095878 ESP: d409585c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Call Trace:
 [<f8da5e85>] rt2x00queue_write_tx_frame+0x155/0x300 [rt2x00lib]
 [<f8da424c>] rt2x00mac_tx+0x7c/0x370 [rt2x00lib]
 [<c04882b2>] ? mark_held_locks+0x62/0x90
 [<c081f645>] ? _raw_spin_unlock_irqrestore+0x35/0x60
 [<c04884ba>] ? trace_hardirqs_on_caller+0x5a/0x170
 [<c04885db>] ? trace_hardirqs_on+0xb/0x10
 [<f8d618ac>] __ieee80211_tx+0x5c/0x1e0 [mac80211]
 [<f8d631fc>] ieee80211_tx+0xbc/0xe0 [mac80211]
 [<f8d63163>] ? ieee80211_tx+0x23/0xe0 [mac80211]
 [<f8d632e1>] ieee80211_xmit+0xc1/0x200 [mac80211]
 [<f8d63220>] ? ieee80211_tx+0xe0/0xe0 [mac80211]
 [<c0487d45>] ? lock_release_holdtime+0x35/0x1b0
 [<f8d63986>] ? ieee80211_subif_start_xmit+0x446/0x5f0 [mac80211]
 [<f8d637dd>] ieee80211_subif_start_xmit+0x29d/0x5f0 [mac80211]
 [<f8d63924>] ? ieee80211_subif_start_xmit+0x3e4/0x5f0 [mac80211]
 [<c0760188>] ? sock_setsockopt+0x6a8/0x6f0
 [<c0760000>] ? sock_setsockopt+0x520/0x6f0
 [<c076daef>] dev_hard_start_xmit+0x2ef/0x650

Oops might happen because we perform parallel putting new entries in a
queue (rt2x00queue_write_tx_frame()) and removing entries after
finishing transmitting (rt2800usb_work_txdone()). There are cases when
_txdone may process an entry that was not fully send and nullify
entry->skb .

To fix check in _txdone if entry has flags that indicate pending
transmission and wait until flags get cleared.
Reported-by: NJustin Piszcz <jpiszcz@lucidpixels.com>
Cc: stable@kernel.org
Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This patch add a device id for the wifi usb keys shiped by DVICO with
some of their tvix hardware.
Signed-off-by: NAnthony Bourguignon <contact+kernel@toniob.net>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Reported-by: NMaik-Holger Freudenberg <hhfeuer@gmx.de>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug
was introduced by commit 62fe7784
"rt2x00: Fix stuck queue in tx failure case" .

Cc: stable@kernel.org # 3.0+
Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This was introduced by commit
77b5621b (rt2x00: Don't use queue entry
as parameter when creating TX descriptor.)
Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Reported-by: NRandy Dunlap <rdunlap@xenotime.net>
Acked-by: NRandy Dunlap <rdunlap@xenotime.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We should clear skb->data not skb itself. Bug was introduced by:
commit 0b8004aa "rt2x00: Properly
reserve room for descriptors in skbs".

Cc: stable@kernel.org # 2.6.36+
Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Belkin's Connect N150 Wireless USB Adapter, model F7D1101 version 2, uses ID 0x945b.
Chipset info: rt: 3390, rf: 000b, rev: 3213.
I have just bought one, which started to work perfectly after the ID was added through this patch.
Signed-off-by: NEduardo Bacchi Kienetz <eduardo@kienetz.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Implementing this callback function will cause mac80211 refrain from
going to powersave state when there are still untransmitted TX frames
in the queues.
This would exactly mimic the behaviour of the legacy vendor driver which
also doesn't go in powersave mode if there are still TX frames that are not
transmitted.
This should make powersaving and rt2x00 a better couple.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Sitecom WLA4000 (USB ID 0x0df6:0x0060) is an RT3072 chipset.
Sitecom WLA5000 (USB ID 0x0df6:0x0062) is an RT3572 chipset.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Reported-by: NWim Vander Schelden <wim@fixnum.org>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Currently a lot of actions that can be done without the queue's tx lock
being held are done inside the locked area.
Move them out to have a leaner and meaner code that operates while the
tx lock is being held.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The functions that create the tx descriptor structure do not operate on
a queue entry at all. Signal this fact in the code by not providing a
queue entry as a parameter, but the rt2x00 device structure and the skb
directly.

This patch is a preparation for reducing the time a queue is locked for
a tx operation.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The rt2x00 driver gets frequent occurrences of the following error message
when operating under load:
phy0 -> rt2x00queue_write_tx_frame: Error - Arrived at non-free entry in the
non-full queue 2.

This is caused by simultaneous attempts from mac80211 to send a frame via
rt2x00, which are not properly serialized inside rt2x00queue_write_tx_frame,
causing the second frame to fail sending with the above mentioned error
message.

Fix this by introducing a per-queue spinlock to serialize the TX operations
on that queue.
Reported-by: NAndreas Hartmann <andihartmann@01019freenet.de>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Acked-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When module is reloaded, device may fail to work, with messages:

[  342.211926] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x0059, type=2.
[  342.314254] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x004a, type=2.
[  342.416458] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 3183 max 2432.
[  342.518605] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x00c9, type=2.
[  342.620836] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x00ae, type=1.
[  342.723201] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 0 max 2432.
[  342.825399] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 0 max 2432.
[  342.927624] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 0 max 2432.
[  343.029804] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 2491 max 2432.
[  343.132008] phy40 -> rt2x00lib_rxdone: Warning - Wrong frame size 2576 max 2432.
[  343.234326] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x004c, type=1.
[  343.438723] phy40 -> rt2x00lib_rxdone_read_signal: Warning - Frame received with unrecognized signal, mode=0x0000, signal=0x00e6, type=1.

Whereas replugging device make it functional. To solve that problem
force reset device during probe.

With patch messages are gone. Unfortunately device may sometimes
still does not operate correctly after module reload (fail to receive
data after associate), but such cases are rarer than without the patch.
Signed-off-by: NStanislaw Gruszka <stf_xl@wp.pl>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Sometimes rxdesc descriptor provided by hardware contains invalid
(random) data. For example rxdesc.size can be bigger than actual
size of the buffer. When this happen rt2x00crypto_rx_insert_iv()
corrupt memory doing memmove outside of buffer boundaries.
Signed-off-by: NStanislaw Gruszka <stf_xl@wp.pl>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

* remove interrupt.g inclusion from netdevice.h -- not needed
* fixup fallout, add interrupt.h and hardirq.h back where needed.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Avoid queue and run autowakeup_work when device is not present anymore.
That prevent rmmod and device remove crash introduced by:

commit 1c0bcf89
Author: Ivo van Doorn <ivdoorn@gmail.com>
Date:   Sat Apr 30 17:18:18 2011 +0200

    rt2x00: Add autowake support for USB hardware
Signed-off-by: NStanislaw Gruszka <stf_xl@wp.pl>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Semicolons are not necessary after switch/while/for/if braces
so remove them.
Signed-off-by: NJoe Perches <joe@perches.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Now that support for these devices has been added we can enable them
by default and remove the Kconfig not on support for these devices to
be non-functional.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

These two functions are only used by rt2800usb so they don't have to be
in rt2800lib.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This lock is only used in the TX path and thus in process context. Therefore
we can use a much lighter spinlock variant.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

(based on an earlier patch submitted by Shiang)

Add support for RT3572/RT3592/RT3592+Bluetooth combo card
Signed-off-by: NShiang Tu <shiang_tu@ralinktech.com>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

(split off from the earlier RT35xx patch submitted by Shiang)
Signed-off-by: NShiang Tu <shiang_tu@ralinktech.com>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

(split off from the earlier RT35xx patch submitted by Shiang)

There's no point in enabling the PA_PE bits for the bands that we are
not active on.
Signed-off-by: NShiang Tu <shiang_tu@ralinktech.com>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We make oldconfig every time when a new kernel arrives, but
if we don't have such a device(I guess this is the most common
case for a new device), the default value should be 'n' so
that the kernel size we build doesn't grow up too much quickly.
For anyone who has the device, it is OK for them to turn it on
by themselves.

Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: NTao Ma <boyu.mt@taobao.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

txstatus_timer should only be deleted for USB devices, as it is only
initialized for USB devices.
Reported-by: NAndreas Hartmann <andihartmann@01019freenet.de>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Patch:
  rt2x00: Make rt2x00_queue_entry_for_each more flexible
  commit: 10e11568

introduced a severe regression on the throughput
for USB hardware. It turns out that the exiting of
the rt2x00queue_for_each_entry() was done too early.

The exact cause for this regression is unknown,
but by disabling the premature exiting of the loop
seems to resolve the issue.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Reported-by: NYasushi SHOJI <yashi@atmark-techno.com>
Reported-by: NBalint Viragh <bviragh@dension.com>
Tested-by: NBalint Viragh <bviragh@dension.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Add necessary RF chipset define and basic support for these devices.
Tested-by: NJuan Carlos Garza <juancarlosgarza@gmail.com>
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The USB drivers don't support automatically waking up when in powersaving mode,
add a work object which will wakeup the device in time to receive the next beacon.
Based on that beacon, we either go back into powersaving mode, or we remain awake
to receive the buffered frames for our station.

Some part of the code, especially rt2x00lib_find_ie and rt2x00lib_rxdone_check_ps
are inspired on the code from carl9170.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Use flag instead of re-reading the eeprom every time.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

In rt2800lib.c the rt2800_init_eeprom function the same eeprom
words were read multiple times, due to inefficient ordering of the
eeprom checks.

Reorder the checks so that each EEPROM word only has to be read once.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The patch
	rt2x00: Optimize register access in rt2800pci
from Helmut Schaa missed one register call, namely
the rt2800_register_multiwrite which should be changed
to rt2x00pci_register_multiwrite.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Add recycling functionality to rt2x00usb_register_read_async.
When the callback function returns true, resubmit the urb to
read the register again.

This optimizes the rt2800usb driver when multiple TX status reports
are pending in the register, because now we don't need to allocate
the rt2x00_async_read_data and urb structure each time.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When no TX status was available, the default timeout
of 20ms is a bit high. The frame is highly likely already
send out, so the TX status should be available within
only a few milliseconds.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Implement the get_antenna and set_antenna callback functions, which will
allow clients to control the antenna for all non-11n hardware (Antenna handling
in rt2800 is still a bit magical, so we can't use the set_antenna for those drivers
yet).

To best support the set_antenna callback some modifications are needed in the
diversity handling. We should never look at the default antenna settings to determine
if software diversity is enabled. Instead we should set the diversity flag when
possible, which will allow the link_tuner to automatically pick up the tuning.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

With the get_ringparam callback function we can export ring parameters
to ethtool through the mac80211 interface.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

All register reads/writes in rt2800usb were previously done with
rt2800_register_read/rt2800_register_write. These however indirectly
call rt2x00usb_register_read/rt2x00usb_register_write which adds an
additional overhead of at least one call and several move instructions
to each register access.

Replacing the calls to rt2800_register_read/rt2800_register_write with
direct calls to rt2x00usb_register_read/rt2x00usb_register_write gets
rid of quite a number of instructions in the drivers hotpaths (IRQ
handling and txdone handling).

For consistency replace all references to rt2800_register_read/write
with the rt2x00usb_register_read/write variants.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

All register reads/writes in rt2800pci were previously done with
rt2800_register_read/rt2800_register_write. These however indirectly
call rt2x00pci_register_read/rt2x00pci_register_write which adds an
additional overhead of at least one call and several move instructions
to each register access.

Replacing the calls to rt2800_register_read/rt2800_register_write with
direct calls to rt2x00pci_register_read/rt2x00pci_register_write gets
rid of quite a number of instructions in the drivers hotpaths (IRQ
handling and txdone handling).

For consistency replace all references to rt2800_register_read/write
with the rt2x00pci_register_read/write variants.
Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The two functions that are in rt2x00ht.c can be much better placed
closer to the places where the call-sites of these functions are (one
in rt2x00config.c and one in rt2x00queue.c) allowing us to make these
functions static.
Also, conditional compilations doesn't seem to be necessary anymore as
802.11n support is quite common nowadays.

This makes the code a bit easier readable and searchable.
Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>