From: Felix Fietkau <nbd@openwrt.org>
Date: Fri, 3 Oct 2008 15:17:34 +0000 (+0000)
Subject: madwifi patch cleanup and stability fixes - fix a semi-random heisenbug by replacing... 
X-Git-Tag: reboot~25463
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=187b76991db178fcb6361c58636268e1614b2a9c;p=openwrt%2Fopenwrt.git

madwifi patch cleanup and stability fixes - fix a semi-random heisenbug by replacing the previous noderef fix with a simple hack that is not 100% correct, but safe. - add ad-hoc atim fixes by bruno - add napi polling fixes by sven-ola - fix compile breakage with debug enabled

SVN-Revision: 12838
---

diff --git a/package/madwifi/ath_hal-20080909.tgz b/package/madwifi/ath_hal-20080909.tgz
deleted file mode 100644
index 732593c94e..0000000000
Binary files a/package/madwifi/ath_hal-20080909.tgz and /dev/null differ
diff --git a/package/madwifi/ath_hal-20081002.tgz b/package/madwifi/ath_hal-20081002.tgz
new file mode 100644
index 0000000000..872f991a77
Binary files /dev/null and b/package/madwifi/ath_hal-20081002.tgz differ
diff --git a/package/madwifi/patches/200-no_debug.patch b/package/madwifi/patches/200-no_debug.patch
index ce059e05cc..542c6c808c 100644
--- a/package/madwifi/patches/200-no_debug.patch
+++ b/package/madwifi/patches/200-no_debug.patch
@@ -150,7 +150,7 @@
  	ATH_DEBUG_RATE		= 0x00000010,	/* rate control */
 --- a/tools/do_multi.c
 +++ b/tools/do_multi.c
-@@ -9,16 +9,20 @@
+@@ -10,16 +10,20 @@
  
      progname = basename(argv[0]);
  
diff --git a/package/madwifi/patches/300-napi_polling.patch b/package/madwifi/patches/300-napi_polling.patch
index fae35b54be..a3a7c834a4 100644
--- a/package/madwifi/patches/300-napi_polling.patch
+++ b/package/madwifi/patches/300-napi_polling.patch
@@ -52,7 +52,7 @@
  	status &= sc->sc_imask;			/* discard unasked for bits */
  	/* As soon as we know we have a real interrupt we intend to service, 
  	 * we will check to see if we need an initial hardware TSF reading. 
-@@ -2277,7 +2290,23 @@
+@@ -2277,7 +2290,21 @@
  		}
  		if (status & (HAL_INT_RX | HAL_INT_RXPHY)) {
  			ath_uapsd_processtriggers(sc, hw_tsf);
@@ -64,10 +64,8 @@
 +			if (netif_rx_schedule_prep(dev))
 +#endif
 +			{
-+#ifndef ATH_PRECISE_TSF
 +				sc->sc_imask &= ~HAL_INT_RX;
 +				ath_hal_intrset(ah, sc->sc_imask);
-+#endif
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
 +				__netif_rx_schedule(dev, &sc->sc_napi);
 +#else
@@ -77,7 +75,7 @@
  		}
  		if (status & HAL_INT_TX) {
  #ifdef ATH_SUPERG_DYNTURBO
-@@ -2303,6 +2332,11 @@
+@@ -2303,6 +2330,11 @@
  				}
  			}
  #endif
@@ -89,7 +87,7 @@
  			ATH_SCHEDULE_TQUEUE(&sc->sc_txtq, &needmark);
  		}
  		if (status & HAL_INT_BMISS) {
-@@ -2515,6 +2549,7 @@
+@@ -2515,6 +2547,7 @@
  	if (sc->sc_tx99 != NULL)
  		sc->sc_tx99->start(sc->sc_tx99);
  #endif
@@ -97,7 +95,7 @@
  
  done:
  	ATH_UNLOCK(sc);
-@@ -2555,6 +2590,9 @@
+@@ -2555,6 +2588,9 @@
  		if (sc->sc_tx99 != NULL)
  			sc->sc_tx99->stop(sc->sc_tx99);
  #endif
@@ -107,7 +105,7 @@
  		netif_stop_queue(dev);	/* XXX re-enabled by ath_newstate */
  		dev->flags &= ~IFF_RUNNING;	/* NB: avoid recursion */
  		ieee80211_stop_running(ic);	/* stop all VAPs */
-@@ -4013,12 +4051,47 @@
+@@ -4013,12 +4049,47 @@
  	return ath_keyset(sc, k, mac, vap->iv_bss);
  }
  
@@ -155,7 +153,7 @@
  static void
  ath_key_update_begin(struct ieee80211vap *vap)
  {
-@@ -4032,14 +4105,9 @@
+@@ -4032,14 +4103,9 @@
  	 * When called from the rx tasklet we cannot use
  	 * tasklet_disable because it will block waiting
  	 * for us to complete execution.
@@ -172,7 +170,7 @@
  }
  
  static void
-@@ -4051,9 +4119,9 @@
+@@ -4051,9 +4117,9 @@
  #endif
  
  	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "End\n");
@@ -185,7 +183,7 @@
  }
  
  /*
-@@ -6360,15 +6428,25 @@
+@@ -6360,15 +6426,25 @@
  	sc->sc_rxotherant = 0;
  }
  
@@ -215,7 +213,7 @@
  	struct ieee80211com *ic = &sc->sc_ic;
  	struct ath_hal *ah = sc ? sc->sc_ah : NULL;
  	struct ath_desc *ds;
-@@ -6378,8 +6456,10 @@
+@@ -6378,8 +6454,10 @@
  	unsigned int len;
  	int type;
  	u_int phyerr;
@@ -226,7 +224,7 @@
  	do {
  		bf = STAILQ_FIRST(&sc->sc_rxbuf);
  		if (bf == NULL) {		/* XXX ??? can this happen */
-@@ -6403,6 +6483,15 @@
+@@ -6403,6 +6481,15 @@
  			/* NB: never process the self-linked entry at the end */
  			break;
  		}
@@ -242,7 +240,7 @@
  		skb = bf->bf_skb;
  		if (skb == NULL) {
  			EPRINTF(sc, "Dropping; buffer contains NULL skbuff.\n");
-@@ -6450,6 +6539,7 @@
+@@ -6450,6 +6537,7 @@
  				sc->sc_stats.ast_rx_phyerr++;
  				phyerr = rs->rs_phyerr & 0x1f;
  				sc->sc_stats.ast_rx_phy[phyerr]++;
@@ -250,7 +248,7 @@
  			}
  			if (rs->rs_status & HAL_RXERR_DECRYPT) {
  				/*
-@@ -6645,9 +6735,43 @@
+@@ -6645,9 +6733,39 @@
  		STAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
  		ATH_RXBUF_UNLOCK_IRQ(sc);
  	} while (ath_rxbuf_init(sc, bf) == 0);
@@ -259,7 +257,6 @@
 +		/* Check if more data is received while we were
 +		 * processing the descriptor chain.
 +		 */
-+#ifndef ATH_PRECISE_TSF
 +		local_irq_save(flags);
 +		if (sc->sc_isr & HAL_INT_RX) {
 +			u_int64_t hw_tsf = ath_hal_gettsf64(ah);
@@ -268,12 +265,7 @@
 +			ath_uapsd_processtriggers(sc, hw_tsf);
 +			goto process_rx_again;
 +		}
-+#endif
-+#ifndef ATH_PRECISE_TSF
-+		sc->sc_imask |= HAL_INT_RX;
-+		ath_hal_intrset(ah, sc->sc_imask);
 +		local_irq_restore(flags);
-+#endif
 +	}
 +
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
@@ -283,6 +275,8 @@
 +	*budget -= processed;
 +	dev->quota -= processed;
 +#endif
++	sc->sc_imask |= HAL_INT_RX;
++	ath_hal_intrset(ah, sc->sc_imask);
  
  	/* rx signal state monitoring */
  	ath_hal_rxmonitor(ah, &sc->sc_halstats, &sc->sc_curchan);
@@ -294,7 +288,7 @@
  #undef PA2DESC
  }
  
-@@ -8298,12 +8422,24 @@
+@@ -8298,12 +8416,24 @@
  {
  	struct net_device *dev = (struct net_device *)data;
  	struct ath_softc *sc = dev->priv;
@@ -319,7 +313,7 @@
  	netif_wake_queue(dev);
  
  	if (sc->sc_softled)
-@@ -8319,7 +8455,9 @@
+@@ -8319,7 +8449,9 @@
  {
  	struct net_device *dev = (struct net_device *)data;
  	struct ath_softc *sc = dev->priv;
@@ -329,7 +323,7 @@
  	/*
  	 * Process each active queue.
  	 */
-@@ -8340,6 +8478,16 @@
+@@ -8340,6 +8472,16 @@
  	if (sc->sc_uapsdq && txqactive(sc->sc_ah, sc->sc_uapsdq->axq_qnum))
  		ath_tx_processq(sc, sc->sc_uapsdq);
  
@@ -346,7 +340,7 @@
  	netif_wake_queue(dev);
  
  	if (sc->sc_softled)
-@@ -8355,13 +8503,25 @@
+@@ -8355,13 +8497,25 @@
  	struct net_device *dev = (struct net_device *)data;
  	struct ath_softc *sc = dev->priv;
  	unsigned int i;
@@ -372,7 +366,7 @@
  	netif_wake_queue(dev);
  
  	if (sc->sc_softled)
-@@ -10296,9 +10456,9 @@
+@@ -10296,9 +10450,9 @@
  	dev->mtu = mtu;
  	if ((dev->flags & IFF_RUNNING) && !sc->sc_invalid) {
  		/* NB: the rx buffers may need to be reallocated */
diff --git a/package/madwifi/patches/305-pureg_fix.patch b/package/madwifi/patches/305-pureg_fix.patch
index 67e4b670fa..8950547d83 100644
--- a/package/madwifi/patches/305-pureg_fix.patch
+++ b/package/madwifi/patches/305-pureg_fix.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -4160,7 +4160,9 @@
+@@ -4158,7 +4158,9 @@
  		rfilt |= HAL_RX_FILTER_PROM;
  	if (ic->ic_opmode == IEEE80211_M_STA ||
  	    sc->sc_opmode == HAL_M_IBSS ||	/* NB: AHDEMO too */
diff --git a/package/madwifi/patches/309-micfail_detect.patch b/package/madwifi/patches/309-micfail_detect.patch
index e184a4e9fd..80c1e731e7 100644
--- a/package/madwifi/patches/309-micfail_detect.patch
+++ b/package/madwifi/patches/309-micfail_detect.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -6459,6 +6459,7 @@
+@@ -6457,6 +6457,7 @@
  	int type;
  	u_int phyerr;
  	u_int processed = 0, early_stop = 0;
@@ -8,7 +8,7 @@
  
  	DPRINTF(sc, ATH_DEBUG_RX_PROC, "invoked\n");
  process_rx_again:
-@@ -6560,24 +6561,8 @@
+@@ -6558,24 +6559,8 @@
  			}
  			if (rs->rs_status & HAL_RXERR_MIC) {
  				sc->sc_stats.ast_rx_badmic++;
@@ -35,7 +35,7 @@
  			}
  			/*
  			 * Reject error frames if we have no vaps that
-@@ -6616,8 +6601,9 @@
+@@ -6614,8 +6599,9 @@
  		/*
  		 * Finished monitor mode handling, now reject
  		 * error frames before passing to other vaps
@@ -46,7 +46,7 @@
  			ieee80211_dev_kfree_skb(&skb);
  			goto rx_next;
  		}
-@@ -6625,6 +6611,26 @@
+@@ -6623,6 +6609,26 @@
  		/* remove the CRC */
  		skb_trim(skb, skb->len - IEEE80211_CRC_LEN);
  
@@ -73,7 +73,7 @@
  		/*
  		 * From this point on we assume the frame is at least
  		 * as large as ieee80211_frame_min; verify that.
-@@ -6637,6 +6643,7 @@
+@@ -6635,6 +6641,7 @@
  			goto rx_next;
  		}
  
diff --git a/package/madwifi/patches/310-noise_get.patch b/package/madwifi/patches/310-noise_get.patch
index 81b3cad869..63e8a4fecd 100644
--- a/package/madwifi/patches/310-noise_get.patch
+++ b/package/madwifi/patches/310-noise_get.patch
@@ -9,7 +9,7 @@
  	ATH_RXBUF_LOCK_IRQ(sc);
  	if (sc->sc_rxbufcur == NULL)
  		sc->sc_rxbufcur = STAILQ_FIRST(&sc->sc_rxbuf);
-@@ -8981,6 +8979,7 @@
+@@ -8975,6 +8973,7 @@
  			sc->sc_curchan.channel);
  		sc->sc_stats.ast_per_calfail++;
  	}
@@ -17,7 +17,7 @@
  
  	ath_hal_process_noisefloor(ah);
  	if (isIQdone == AH_TRUE) {
-@@ -9049,6 +9048,7 @@
+@@ -9043,6 +9042,7 @@
  	struct ath_softc *sc = dev->priv;
  
  	(void) ath_chan_set(sc, ic->ic_curchan);
@@ -25,7 +25,7 @@
  	/*
  	 * If we are returning to our bss channel then mark state
  	 * so the next recv'd beacon's TSF will be used to sync the
-@@ -9317,6 +9317,7 @@
+@@ -9311,6 +9311,7 @@
  		}
  
  		ath_hal_process_noisefloor(ah);
diff --git a/package/madwifi/patches/317-bmask.patch b/package/madwifi/patches/317-bmask.patch
index 55d996a0b2..4402761cd8 100644
--- a/package/madwifi/patches/317-bmask.patch
+++ b/package/madwifi/patches/317-bmask.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8695,6 +8695,10 @@
+@@ -8689,6 +8689,10 @@
  
  	sc->sc_rxbufcur = NULL;
  
diff --git a/package/madwifi/patches/325-channel_spam.patch b/package/madwifi/patches/325-channel_spam.patch
index 27541e1f47..ee06fe95c2 100644
--- a/package/madwifi/patches/325-channel_spam.patch
+++ b/package/madwifi/patches/325-channel_spam.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -9798,7 +9798,9 @@
+@@ -9792,7 +9792,9 @@
  	/*
  	 * Convert HAL channels to ieee80211 ones.
  	 */
@@ -10,7 +10,7 @@
  	for (i = 0; i < nchan; i++) {
  		HAL_CHANNEL *c = &chans[i];
  		struct ieee80211_channel *ichan = &ic->ic_channels[i];
-@@ -9825,6 +9827,7 @@
+@@ -9819,6 +9821,7 @@
  		ic->ic_chan_non_occupy[i].tv_sec  = 0;
  		ic->ic_chan_non_occupy[i].tv_usec = 0;
  
@@ -18,7 +18,7 @@
  		IPRINTF(sc, "Channel %3d (%4d MHz) Max Tx Power %d dBm%s "
  				"[%d hw %d reg] Flags%s%s%s%s%s%s%s%s%s%s%s%s%"
  				"s%s%s%s%s%s%s%s%s%s%s%s\n",
-@@ -9913,6 +9916,7 @@
+@@ -9907,6 +9910,7 @@
  				(c->privFlags & 0x0080 ? 
  				 " PF & (1 << 7)" : "")
  				);
diff --git a/package/madwifi/patches/327-queue.patch b/package/madwifi/patches/327-queue.patch
index a65c1ca233..71e5911e30 100644
--- a/package/madwifi/patches/327-queue.patch
+++ b/package/madwifi/patches/327-queue.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8444,8 +8444,6 @@
+@@ -8438,8 +8438,6 @@
  	ath_hal_intrset(sc->sc_ah, sc->sc_imask);
  	local_irq_restore(flags);
  
@@ -9,7 +9,7 @@
  	if (sc->sc_softled)
  		ath_led_event(sc, ATH_LED_TX);
  }
-@@ -8492,8 +8490,6 @@
+@@ -8486,8 +8484,6 @@
  	ath_hal_intrset(sc->sc_ah, sc->sc_imask);
  	local_irq_restore(flags);
  
@@ -18,7 +18,7 @@
  	if (sc->sc_softled)
  		ath_led_event(sc, ATH_LED_TX);
  }
-@@ -8526,8 +8522,6 @@
+@@ -8520,8 +8516,6 @@
  	ath_hal_intrset(sc->sc_ah, sc->sc_imask);
  	local_irq_restore(flags);
  
diff --git a/package/madwifi/patches/330-beaconcal.patch b/package/madwifi/patches/330-beaconcal.patch
index 49c76dafce..3504bc4e95 100644
--- a/package/madwifi/patches/330-beaconcal.patch
+++ b/package/madwifi/patches/330-beaconcal.patch
@@ -24,7 +24,7 @@
  module_param(countrycode, int, 0600);
  module_param(maxvaps, int, 0600);
  module_param(outdoor, int, 0600);
-@@ -2602,7 +2605,8 @@
+@@ -2600,7 +2603,8 @@
  		}
  		if (!sc->sc_invalid) {
  			del_timer_sync(&sc->sc_dfs_cac_timer);
@@ -34,7 +34,7 @@
  		}
  		ath_draintxq(sc);
  		if (!sc->sc_invalid) {
-@@ -2619,6 +2623,20 @@
+@@ -2617,6 +2621,20 @@
  	return 0;
  }
  
@@ -55,7 +55,7 @@
  /*
   * Stop the device, grabbing the top-level lock to protect
   * against concurrent entry through ath_init (which can happen
-@@ -2744,6 +2762,12 @@
+@@ -2742,6 +2760,12 @@
  	HAL_STATUS status;
  
  	/*
@@ -68,7 +68,7 @@
  	 * Convert to a HAL channel description with the flags
  	 * constrained to reflect the current operating mode.
  	 */
-@@ -5156,6 +5180,8 @@
+@@ -5154,6 +5178,8 @@
  			"Invoking ath_hal_txstart with sc_bhalq: %d\n",
  			sc->sc_bhalq);
  		ath_hal_txstart(ah, sc->sc_bhalq);
@@ -77,7 +77,7 @@
  
  		sc->sc_stats.ast_be_xmit++;		/* XXX per-VAP? */
  	}
-@@ -5405,6 +5431,7 @@
+@@ -5403,6 +5429,7 @@
  		ath_hal_beacontimers(ah, &bs);
  		sc->sc_imask |= HAL_INT_BMISS;
  		ath_hal_intrset(ah, sc->sc_imask);
@@ -85,7 +85,7 @@
  	} else {
  		ath_hal_intrset(ah, 0);
  		if (reset_tsf)
-@@ -5416,8 +5443,11 @@
+@@ -5414,8 +5441,11 @@
  			 */
  			intval |= HAL_BEACON_ENA;
  			sc->sc_imask |= HAL_INT_SWBA;
@@ -98,7 +98,7 @@
  #ifdef ATH_SUPERG_DYNTURBO
  		ath_beacon_dturbo_config(vap, intval &
  				~(HAL_BEACON_RESET_TSF | HAL_BEACON_ENA));
-@@ -8885,6 +8915,9 @@
+@@ -8879,6 +8909,9 @@
  			/* Enter DFS wait period */
  			mod_timer(&sc->sc_dfs_cac_timer,
  				jiffies + (sc->sc_dfs_cac_period * HZ));
@@ -108,7 +108,7 @@
  		}
  		/*
  		 * re configure beacons when it is a turbo mode switch.
-@@ -8994,8 +9027,11 @@
+@@ -8988,8 +9021,11 @@
  		sc->sc_curchan.channel, sc->sc_curchan.channelFlags,
  		isIQdone ? "done" : "not done");
  
@@ -122,7 +122,7 @@
  }
  
  static void
-@@ -9102,7 +9138,8 @@
+@@ -9096,7 +9132,8 @@
  		ieee80211_state_name[vap->iv_state],
  		ieee80211_state_name[nstate]);
  
@@ -132,7 +132,7 @@
  
  	ath_hal_setledstate(ah, leds[nstate]);	/* set LED */
  	netif_stop_queue(dev);			/* before we do anything else */
-@@ -9327,7 +9364,8 @@
+@@ -9321,7 +9358,8 @@
  				"VAP -> DFSWAIT_PENDING \n");
  			/* start calibration timer with a really small value 
  			 * 1/10 sec */
@@ -142,7 +142,7 @@
  			/* wake the receiver */
  			netif_wake_queue(dev);
  			/* don't do the other usual stuff... */
-@@ -9370,7 +9408,7 @@
+@@ -9364,7 +9402,7 @@
  	error = avp->av_newstate(vap, nstate, arg);
  
  	/* Finally, start any timers. */
diff --git a/package/madwifi/patches/331-memory_alloc.patch b/package/madwifi/patches/331-memory_alloc.patch
index c18f6b4fd2..49a42e9ba3 100644
--- a/package/madwifi/patches/331-memory_alloc.patch
+++ b/package/madwifi/patches/331-memory_alloc.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -3322,17 +3322,18 @@
+@@ -3320,17 +3320,18 @@
  	 * without affecting any other bridge ports. */
  	if (skb_cloned(skb)) {
  		/* Remember the original SKB so we can free up our references */
@@ -25,7 +25,7 @@
  	eh = (struct ether_header *)skb->data;
  
  #ifdef ATH_SUPERG_FF
-@@ -3603,6 +3604,8 @@
+@@ -3601,6 +3602,8 @@
  	sc->sc_stats.ast_tx_mgmt++;
  	return 0;
  bad:
diff --git a/package/madwifi/patches/332-reset_beacons.patch b/package/madwifi/patches/332-reset_beacons.patch
index ea3b598354..81b10b59a9 100644
--- a/package/madwifi/patches/332-reset_beacons.patch
+++ b/package/madwifi/patches/332-reset_beacons.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8926,7 +8926,7 @@
+@@ -8920,7 +8920,7 @@
  		 * re configure beacons when it is a turbo mode switch.
  		 * HW seems to turn off beacons during turbo mode switch.
  		 */
diff --git a/package/madwifi/patches/342-performance.patch b/package/madwifi/patches/342-performance.patch
index c9316c6533..1fa1b856b6 100644
--- a/package/madwifi/patches/342-performance.patch
+++ b/package/madwifi/patches/342-performance.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -3241,7 +3241,6 @@
+@@ -3239,7 +3239,6 @@
  	struct ath_softc *sc = dev->priv;
  	struct ieee80211_node *ni = NULL;
  	struct ath_buf *bf = NULL;
@@ -8,7 +8,7 @@
  	ath_bufhead bf_head;
  	struct ath_buf *tbf, *tempbf;
  	struct sk_buff *tskb;
-@@ -3253,6 +3252,7 @@
+@@ -3251,6 +3250,7 @@
  	*/
  	int requeue = 0;
  #ifdef ATH_SUPERG_FF
@@ -16,7 +16,7 @@
  	unsigned int pktlen;
  	struct ieee80211com *ic = &sc->sc_ic;
  	struct ath_node *an;
-@@ -3318,27 +3318,9 @@
+@@ -3316,27 +3316,9 @@
  		requeue = 1;
  		goto hardstart_fail;
  	}
diff --git a/package/madwifi/patches/343-txqueue_races.patch b/package/madwifi/patches/343-txqueue_races.patch
index 6cd0b13c4a..a49f5376c2 100644
--- a/package/madwifi/patches/343-txqueue_races.patch
+++ b/package/madwifi/patches/343-txqueue_races.patch
@@ -2,7 +2,7 @@ Merged from madwifi trunk r3551, r3552
 
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8257,6 +8257,17 @@
+@@ -8251,6 +8251,17 @@
  			goto bf_fail;
  		}
  
diff --git a/package/madwifi/patches/345-minstrel_sampling.patch b/package/madwifi/patches/345-minstrel_sampling.patch
index 8180c6de45..aa242d5974 100644
--- a/package/madwifi/patches/345-minstrel_sampling.patch
+++ b/package/madwifi/patches/345-minstrel_sampling.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8107,6 +8107,7 @@
+@@ -8101,6 +8101,7 @@
  		ath_hal_setupxtxdesc(sc->sc_ah, ds, mrr.rate1, mrr.retries1,
  				     mrr.rate2, mrr.retries2,
  				     mrr.rate3, mrr.retries3);
diff --git a/package/madwifi/patches/347-tuning.patch b/package/madwifi/patches/347-tuning.patch
index 54bc28952b..efa3f6e14b 100644
--- a/package/madwifi/patches/347-tuning.patch
+++ b/package/madwifi/patches/347-tuning.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -10280,11 +10280,11 @@
+@@ -10274,11 +10274,11 @@
  	sc->sc_currates = rt;
  	sc->sc_curmode = mode;
  	/*
diff --git a/package/madwifi/patches/348-ackcts.patch b/package/madwifi/patches/348-ackcts.patch
index ebd665a2a3..5dd23fefb5 100644
--- a/package/madwifi/patches/348-ackcts.patch
+++ b/package/madwifi/patches/348-ackcts.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -2725,6 +2725,9 @@
+@@ -2723,6 +2723,9 @@
  static int
  ath_set_ack_bitrate(struct ath_softc *sc, int high)
  {
@@ -10,7 +10,7 @@
  	if (ar_device(sc->devid) == 5212 || ar_device(sc->devid) == 5213) {
  		/* set ack to be sent at low bit-rate */
  		/* registers taken from the OpenBSD 5212 HAL */
-@@ -10795,8 +10798,13 @@
+@@ -10789,8 +10792,13 @@
  				break;
  #endif
  			case ATH_ACKRATE:
diff --git a/package/madwifi/patches/349-reset.patch b/package/madwifi/patches/349-reset.patch
index 6333358d59..8b74e021d0 100644
--- a/package/madwifi/patches/349-reset.patch
+++ b/package/madwifi/patches/349-reset.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8868,8 +8868,7 @@
+@@ -8862,8 +8862,7 @@
  		 * needed to do the reset with chanchange = AH_FALSE in order
  		 * to receive traffic when peforming high velocity channel
  		 * changes. */
diff --git a/package/madwifi/patches/352-ani_fix.patch b/package/madwifi/patches/352-ani_fix.patch
index 5f631d7d2e..9845f7807a 100644
--- a/package/madwifi/patches/352-ani_fix.patch
+++ b/package/madwifi/patches/352-ani_fix.patch
@@ -23,7 +23,7 @@
  	return 0;
  bad3:
  	ieee80211_ifdetach(ic);
-@@ -2351,16 +2354,6 @@
+@@ -2349,16 +2352,6 @@
  		}
  		if (status & HAL_INT_MIB) {
  			sc->sc_stats.ast_mib++;
@@ -40,7 +40,7 @@
  			/* Let the HAL handle the event. */
  			ath_hal_mibevent(ah, &sc->sc_halstats);
  		}
-@@ -2430,6 +2423,43 @@
+@@ -2428,6 +2421,43 @@
  	return flags;
  }
  
@@ -84,7 +84,7 @@
  /*
   * Context: process context
   */
-@@ -2495,8 +2525,7 @@
+@@ -2493,8 +2523,7 @@
  	if (sc->sc_softled)
  		ath_hal_gpioCfgOutput(ah, sc->sc_ledpin);
  
@@ -94,7 +94,7 @@
  
  	/*
  	 * This is needed only to setup initial state
-@@ -2532,7 +2561,7 @@
+@@ -2530,7 +2559,7 @@
  	 * Enable MIB interrupts when there are hardware phy counters.
  	 * Note we only do this (at the moment) for station mode.
  	 */
@@ -103,7 +103,7 @@
  		sc->sc_imask |= HAL_INT_MIB;
  	ath_hal_intrset(ah, sc->sc_imask);
  
-@@ -2789,9 +2818,7 @@
+@@ -2787,9 +2816,7 @@
  		EPRINTF(sc, "Unable to reset hardware: '%s' (HAL status %u)\n",
  			ath_get_hal_status_desc(status), status);
  
@@ -114,7 +114,7 @@
  	ath_update_txpow(sc);		/* update tx power state */
  	ath_radar_update(sc);
  	ath_setdefantenna(sc, sc->sc_defant);
-@@ -4176,6 +4203,8 @@
+@@ -4174,6 +4201,8 @@
  	if (sc->sc_nmonvaps > 0)
  		rfilt |= (HAL_RX_FILTER_CONTROL | HAL_RX_FILTER_BEACON |
  			  HAL_RX_FILTER_PROBEREQ | HAL_RX_FILTER_PROM);
@@ -123,7 +123,7 @@
  	if (sc->sc_curchan.privFlags & CHANNEL_DFS)
  		rfilt |= (HAL_RX_FILTER_PHYERR | HAL_RX_FILTER_PHYRADAR);
  	return rfilt;
-@@ -6526,9 +6555,6 @@
+@@ -6524,9 +6553,6 @@
  			rs->rs_rssi = 0;
  
  		len = rs->rs_datalen;
@@ -133,7 +133,7 @@
  
  		if (rs->rs_more) {
  			/*
-@@ -8880,9 +8906,7 @@
+@@ -8874,9 +8900,7 @@
  		if (sc->sc_softled)
  			ath_hal_gpioCfgOutput(ah, sc->sc_ledpin);
  
@@ -144,7 +144,7 @@
  		sc->sc_curchan = hchan;
  		ath_update_txpow(sc);		/* update tx power state */
  		ath_radar_update(sc);
-@@ -10659,9 +10683,54 @@
+@@ -10653,9 +10677,54 @@
  	ATH_RP_IGNORED 		= 24,
  	ATH_RADAR_IGNORED       = 25,
  	ATH_MAXVAPS  		= 26,
@@ -199,7 +199,7 @@
  ATH_SYSCTL_DECL(ath_sysctl_halparam, ctl, write, filp, buffer, lenp, ppos)
  {
  	struct ath_softc *sc = ctl->extra1;
-@@ -10847,6 +10916,11 @@
+@@ -10841,6 +10910,11 @@
  			case ATH_RADAR_IGNORED:
  				sc->sc_radar_ignored = val;
  				break;
@@ -211,7 +211,7 @@
  			default:
  				ret = -EINVAL;
  				break;
-@@ -10913,6 +10987,11 @@
+@@ -10907,6 +10981,11 @@
  		case ATH_RADAR_IGNORED:
  			val = sc->sc_radar_ignored;
  			break;
@@ -223,7 +223,7 @@
  		default:
  			ret = -EINVAL;
  			break;
-@@ -11090,6 +11169,24 @@
+@@ -11084,6 +11163,24 @@
  	  .proc_handler = ath_sysctl_halparam,
  	  .extra2	= (void *)ATH_RADAR_IGNORED,
  	},
diff --git a/package/madwifi/patches/355-eap_auth_disassoc.patch b/package/madwifi/patches/355-eap_auth_disassoc.patch
index 7774d6bdd5..e121dae214 100644
--- a/package/madwifi/patches/355-eap_auth_disassoc.patch
+++ b/package/madwifi/patches/355-eap_auth_disassoc.patch
@@ -5,7 +5,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
 
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -8328,6 +8328,14 @@
+@@ -8322,6 +8322,14 @@
  #endif
  				if (ts->ts_status & HAL_TXERR_XRETRY) {
  					sc->sc_stats.ast_tx_xretries++;
diff --git a/package/madwifi/patches/363-fix_turbo.patch b/package/madwifi/patches/363-fix_turbo.patch
index c0e0f8fc88..b3c7324652 100644
--- a/package/madwifi/patches/363-fix_turbo.patch
+++ b/package/madwifi/patches/363-fix_turbo.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -4917,7 +4917,7 @@
+@@ -4915,7 +4915,7 @@
  	 * capability info and arrange for a mode change
  	 * if needed.
  	 */
diff --git a/package/madwifi/patches/366-bstuck_thresh.patch b/package/madwifi/patches/366-bstuck_thresh.patch
index 9a940985d7..ecf5dc98f3 100644
--- a/package/madwifi/patches/366-bstuck_thresh.patch
+++ b/package/madwifi/patches/366-bstuck_thresh.patch
@@ -32,7 +32,7 @@
  MODULE_PARM_DESC(autocreate, "Create ath device in "
  		"[sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use "
  		"'none' to disable");
-@@ -5064,7 +5068,7 @@
+@@ -5062,7 +5066,7 @@
  		DPRINTF(sc, ATH_DEBUG_BEACON_PROC,
  			"Missed %u consecutive beacons (n_beacon=%u)\n",
  			sc->sc_bmisscount, n_beacon);
@@ -41,7 +41,7 @@
  			ATH_SCHEDULE_TQUEUE(&sc->sc_bstucktq, needmark);
  		return;
  	}
-@@ -5220,7 +5224,7 @@
+@@ -5218,7 +5222,7 @@
  	 *     check will be true, in which case return
  	 *     without resetting the driver.
  	 */
diff --git a/package/madwifi/patches/370-wdsvap.patch b/package/madwifi/patches/370-wdsvap.patch
index 1cf334e7b6..d5307bb4b0 100644
--- a/package/madwifi/patches/370-wdsvap.patch
+++ b/package/madwifi/patches/370-wdsvap.patch
@@ -67,7 +67,7 @@
  	/* override with driver methods */
  	vap = &avp->av_vap;
  	avp->av_newstate = vap->iv_newstate;
-@@ -4201,8 +4203,7 @@
+@@ -4199,8 +4201,7 @@
  	if (ic->ic_opmode == IEEE80211_M_STA ||
  	    sc->sc_opmode == HAL_M_IBSS ||	/* NB: AHDEMO too */
  	    (sc->sc_nostabeacons) || sc->sc_scanning ||
@@ -77,7 +77,7 @@
  		rfilt |= HAL_RX_FILTER_BEACON;
  	if (sc->sc_nmonvaps > 0)
  		rfilt |= (HAL_RX_FILTER_CONTROL | HAL_RX_FILTER_BEACON |
-@@ -9026,8 +9027,6 @@
+@@ -9020,8 +9021,6 @@
  		 * set sc->beacons if we might need to restart
                   * them after ath_reset. */
  		if (!sc->sc_beacons &&
diff --git a/package/madwifi/patches/374-nbtt_fix.patch b/package/madwifi/patches/374-nbtt_fix.patch
index 3b00f644fb..99c13ee5db 100644
--- a/package/madwifi/patches/374-nbtt_fix.patch
+++ b/package/madwifi/patches/374-nbtt_fix.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -5476,6 +5476,9 @@
+@@ -5474,6 +5474,9 @@
  		ath_beacon_dturbo_config(vap, intval &
  				~(HAL_BEACON_RESET_TSF | HAL_BEACON_ENA));
  #endif
diff --git a/package/madwifi/patches/375-atim_tsf_update.patch b/package/madwifi/patches/375-atim_tsf_update.patch
index bbe380ed47..3800b90c1b 100644
--- a/package/madwifi/patches/375-atim_tsf_update.patch
+++ b/package/madwifi/patches/375-atim_tsf_update.patch
@@ -1,43 +1,79 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -2785,6 +2785,44 @@
+@@ -161,6 +161,7 @@
+ static void ath_beacon_return(struct ath_softc *, struct ath_buf *);
+ static void ath_beacon_free(struct ath_softc *);
+ static void ath_beacon_config(struct ath_softc *, struct ieee80211vap *);
++static void ath_hw_beacon_stop(struct ath_softc *sc);
+ static int ath_desc_alloc(struct ath_softc *);
+ static void ath_desc_free(struct ath_softc *);
+ static void ath_desc_swap(struct ath_desc *);
+@@ -2783,6 +2784,72 @@
  	return 1;
  }
  
++static void
++ath_hw_beacon_stop(struct ath_softc *sc)
++{
++	HAL_BEACON_TIMERS btimers;
++
++	btimers.bt_intval = 0;
++	btimers.bt_nexttbtt = 0;
++	btimers.bt_nextdba = 0xffffffff;
++	btimers.bt_nextswba = 0xffffffff;
++	btimers.bt_nextatim = 0;
++
++	ath_hal_setbeacontimers(sc->sc_ah, &btimers);
++}
++
 +/* Fix up the ATIM window after TSF resync */
 +static int
-+ath_hw_check_atim(struct ath_softc *sc, int window)
++ath_hw_check_atim(struct ath_softc *sc, int window, int intval)
 +{
 +#define AR5K_TIMER0_5210       0x802c  /* Next beacon time register */
 +#define AR5K_TIMER0_5211       0x8028
 +#define AR5K_TIMER3_5210       0x8038  /* End of ATIM window time register */
 +#define AR5K_TIMER3_5211       0x8034
 +	struct ath_hal *ah = sc->sc_ah;
++	int dev = sc->sc_ah->ah_macType;
 +	unsigned int nbtt, atim;
-+	int dev = ar_device(sc->devid);
++	bool is_5210 = false;
 +
++	/*
++	 * check if the ATIM window is still correct:
++	 *   1.) usually ATIM should be NBTT + window
++	 *   2.) nbtt already updated
++	 *   3.) nbtt already updated and has wrapped around
++	 *   4.) atim has wrapped around
++	 */
 +	switch(dev) {
 +	case 5210:
 +		nbtt = OS_REG_READ(ah, AR5K_TIMER0_5210);
 +		atim = OS_REG_READ(ah, AR5K_TIMER3_5210);
-+		if (atim - nbtt != window) {
-+			OS_REG_WRITE(ah, AR5K_TIMER3_5210, nbtt + window );
-+			return atim - nbtt;
-+		}
++		is_5210 = true;
 +		break;
 +	case 5211:
 +	case 5212:
 +		nbtt = OS_REG_READ(ah, AR5K_TIMER0_5211);
 +		atim = OS_REG_READ(ah, AR5K_TIMER3_5211);
-+		if (atim - nbtt != window) {
-+			OS_REG_WRITE(ah, AR5K_TIMER3_5211, nbtt + window );
-+			return atim - nbtt;
-+		}
 +		break;
 +	/* NB: 5416+ doesn't do ATIM in hw */
++	case 5416:
 +	default:
-+		break;
++		return 0;
++	}
++
++	if ((atim - nbtt != window) &&				/* 1.) */
++	    (nbtt - atim != intval - window) &&			/* 2.) */
++	    ((nbtt | 0x10000) - atim != intval - window) &&	/* 3.) */
++	    ((atim | 0x10000) - nbtt != window)) {		/* 4.) */
++		if (is_5210)
++			OS_REG_WRITE(ah, AR5K_TIMER3_5210, nbtt + window );
++		else
++			OS_REG_WRITE(ah, AR5K_TIMER3_5211, nbtt + window );
++		return atim - nbtt;
 +	}
++
 +	return 0;
 +}
 +
@@ -45,13 +81,59 @@
  /*
   * Reset the hardware w/o losing operational state.  This is
   * basically a more efficient way of doing ath_stop, ath_init,
-@@ -6391,6 +6429,11 @@
+@@ -5282,6 +5349,7 @@
+ 	u_int64_t tsf, hw_tsf;
+ 	u_int32_t tsftu, hw_tsftu;
+ 	u_int32_t intval, nexttbtt = 0;
++	unsigned long flags;
+ 	int reset_tsf = 0;
+ 
+ 	if (vap == NULL)
+@@ -5289,6 +5357,9 @@
+ 
+ 	ni = vap->iv_bss;
+ 
++	/* TSF calculation is timing critical - we don't want to be interrupted here */
++	local_irq_save(flags);
++
+ 	hw_tsf = ath_hal_gettsf64(ah);
+ 	tsf = le64_to_cpu(ni->ni_tstamp.tsf);
+ 	hw_tsftu = hw_tsf >> 10;
+@@ -5478,15 +5549,27 @@
+ 				<= ath_hal_sw_beacon_response_time)
+ 			nexttbtt += intval;
+ 		sc->sc_nexttbtt = nexttbtt;
++
++		/* stop beacons before reconfiguring the timers to avoid race
++		 * conditions. ath_hal_beaconinit will start them again */
++		ath_hw_beacon_stop(sc);
++
+ 		ath_hal_beaconinit(ah, nexttbtt, intval);
+ 		if (intval & HAL_BEACON_RESET_TSF) {
+ 			sc->sc_last_tsf = 0;
+ 		}
+ 		sc->sc_bmisscount = 0;
+ 		ath_hal_intrset(ah, sc->sc_imask);
++
++		if (ath_hw_check_atim(sc, 1, intval & HAL_BEACON_PERIOD)) {
++			DPRINTF(sc, ATH_DEBUG_BEACON,
++				"fixed atim window after beacon init\n");
++		}
+ 	}
+ 
+ ath_beacon_config_debug:
++	local_irq_restore(flags);
++
+ 	/* We print all debug messages here, in order to preserve the
+ 	 * time critical aspect of this function */
+ 	DPRINTF(sc, ATH_DEBUG_BEACON,
+@@ -6389,6 +6472,11 @@
  			DPRINTF(sc, ATH_DEBUG_BEACON, 
  				"Updated beacon timers\n");
  		}
 +		if ((sc->sc_opmode == IEEE80211_M_IBSS) &&
 +				IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid) &&
-+				ath_hw_check_atim(sc, 1)) {
++				ath_hw_check_atim(sc, 1, vap->iv_bss->ni_intval)) {
 +			DPRINTF(sc, ATH_DEBUG_ANY, "Fixed ATIM window after beacon recv\n");
 +		}
  		/* NB: Fall Through */
diff --git a/package/madwifi/patches/376-beacon_update.patch b/package/madwifi/patches/376-beacon_update.patch
deleted file mode 100644
index 2b4f34b582..0000000000
--- a/package/madwifi/patches/376-beacon_update.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- a/ath/if_ath.c
-+++ b/ath/if_ath.c
-@@ -5495,6 +5495,8 @@
- 		ath_hal_intrset(ah, sc->sc_imask);
- 		ath_set_beacon_cal(sc, 0);
- 	} else {
-+		unsigned long flags;
-+
- 		ath_hal_intrset(ah, 0);
- 		if (reset_tsf)
- 			intval |= HAL_BEACON_RESET_TSF;
-@@ -5514,11 +5516,14 @@
- 		ath_beacon_dturbo_config(vap, intval &
- 				~(HAL_BEACON_RESET_TSF | HAL_BEACON_ENA));
- #endif
-+		local_irq_save(flags);
- 		if ((nexttbtt & HAL_BEACON_PERIOD) - (ath_hal_gettsf32(ah) >> 10)
- 				<= ath_hal_sw_beacon_response_time)
- 			nexttbtt += intval;
- 		sc->sc_nexttbtt = nexttbtt;
- 		ath_hal_beaconinit(ah, nexttbtt, intval);
-+		local_irq_restore(flags);
-+
- 		if (intval & HAL_BEACON_RESET_TSF) {
- 			sc->sc_last_tsf = 0;
- 		}
diff --git a/package/madwifi/patches/377-disable_vlan_code.patch b/package/madwifi/patches/377-disable_vlan_code.patch
index 54ab9277b3..720b8dc53a 100644
--- a/package/madwifi/patches/377-disable_vlan_code.patch
+++ b/package/madwifi/patches/377-disable_vlan_code.patch
@@ -1,6 +1,6 @@
 --- a/net80211/ieee80211_linux.h
 +++ b/net80211/ieee80211_linux.h
-@@ -661,22 +661,7 @@
+@@ -649,22 +649,7 @@
  	       char *);
  void ieee80211_proc_cleanup(struct ieee80211vap *);
  
diff --git a/package/madwifi/patches/378-adhoc_crash_fix.patch b/package/madwifi/patches/378-adhoc_crash_fix.patch
index 1295063c0d..e28bb014bd 100644
--- a/package/madwifi/patches/378-adhoc_crash_fix.patch
+++ b/package/madwifi/patches/378-adhoc_crash_fix.patch
@@ -1,6 +1,6 @@
 --- a/net80211/ieee80211_input.c
 +++ b/net80211/ieee80211_input.c
-@@ -3532,6 +3532,11 @@
+@@ -3530,6 +3530,11 @@
  		if (ic->ic_flags & IEEE80211_F_SCAN) {
  			ieee80211_add_scan(vap, &scan, wh, subtype, rssi, rtsf);
  		}
diff --git a/package/madwifi/patches/379-invalid_rate_fix.patch b/package/madwifi/patches/379-invalid_rate_fix.patch
index 0128ca2691..305d26d600 100644
--- a/package/madwifi/patches/379-invalid_rate_fix.patch
+++ b/package/madwifi/patches/379-invalid_rate_fix.patch
@@ -29,7 +29,75 @@
  #define ONE_SECOND (1000 * 1000)  /* 1 second, or 1000 milliseconds; eternity, in other words */
  
  #include "release.h"
-@@ -689,17 +675,17 @@
+@@ -471,11 +457,11 @@
+ 		final_rate = sc->sc_hwmap[ts->ts_rate & ~HAL_TXSTAT_ALTRATE].ieeerate;
+ 		final_ndx = rate_to_ndx(sn, final_rate);
+ 		if (final_ndx >= sn->num_rates) {
+-			DPRINTF(sc, "%s: final ndx too high\n", __func__);
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: final ndx too high\n", __func__);
+ 			final_ndx = 0;
+ 		}
+ 		if (final_ndx < 0) {
+-			DPRINTF(sc, "%s: final ndx too low\n", __func__);
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: final ndx too low\n", __func__);
+ 			final_ndx = 0;
+ 		}
+ 
+@@ -485,7 +471,7 @@
+ 		tries = ts->ts_longretry + 1;
+ 
+ 		if (sn->num_rates <= 0) {
+-			DPRINTF(sc, "%s: " MAC_FMT " %s no rates yet\n", dev_info,
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: " MAC_FMT " %s no rates yet\n", dev_info,
+ 				MAC_ADDR(an->an_node.ni_macaddr), __func__);
+ 			return;
+ 		}
+@@ -551,7 +537,7 @@
+ static void
+ ath_rate_newassoc(struct ath_softc *sc, struct ath_node *an, int isnew)
+ {
+-		DPRINTF(sc, "%s: " MAC_FMT " %s\n", dev_info,
++		DPRINTF(sc, ATH_DEBUG_RATE, "%s: " MAC_FMT " %s\n", dev_info,
+ 			MAC_ADDR(an->an_node.ni_macaddr), __func__);
+ 		if (isnew)
+ 			ath_rate_ctl_reset(sc, &an->an_node);
+@@ -601,7 +587,7 @@
+ 			    p = rates + sprintf(rates, "rates :: %d ", column_index);
+ 			    for (i = 0; i < num_sample_rates; i++)
+ 			            p += sprintf(p, "%2u ", sn->rs_sampleTable[i][column_index]);
+-			    DPRINTF(sc, "%s\n", rates);
++			    DPRINTF(sc, ATH_DEBUG_RATE, "%s\n", rates);
+ 		};
+ #endif
+ }
+@@ -628,7 +614,7 @@
+ 		sn->is_sampling = 0;
+ 
+ 		if (rt == NULL) {
+-			DPRINTF(sc, "no rates yet! mode %u\n", sc->sc_curmode);
++			DPRINTF(sc, ATH_DEBUG_RATE, "no rates yet! mode %u\n", sc->sc_curmode);
+ 			return;
+ 		}
+ 		sn->static_rate_ndx = -1;
+@@ -658,7 +644,7 @@
+ 			sn->rates[x].rix = sc->sc_rixmap[sn->rates[x].rate];
+ 			}
+ 			if (sn->rates[x].rix == 0xff) {
+-				DPRINTF(sc, "%s: %s ignore bogus rix at %d\n",
++				DPRINTF(sc, ATH_DEBUG_RATE, "%s: %s ignore bogus rix at %d\n",
+ 					dev_info, __func__, x);
+ 				continue;
+ 			}
+@@ -673,7 +659,7 @@
+ 		ni->ni_txrate = 0;
+ 
+ 		if (sn->num_rates <= 0) {
+-			DPRINTF(sc, "%s: %s " MAC_FMT " no rates (fixed %d) \n",
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: %s " MAC_FMT " no rates (fixed %d) \n",
+ 				dev_info, __func__, MAC_ADDR(ni->ni_macaddr),
+ 				vap->iv_fixed_rate);
+ 			/* There are no rates yet; we're done */
+@@ -689,23 +675,23 @@
  			 * the node.  We know the rate is there because the
  			 * rate set is checked when the station associates. */
  			/* NB: the rate set is assumed sorted */
@@ -48,13 +116,72 @@
 +			if ((ni->ni_rates.rs_rates[srate] & IEEE80211_RATE_VAL) != vap->iv_fixed_rate)
 +				EPRINTF(sc, "Invalid static rate, falling back to basic rate\n");
 +			else
-+				DPRINTF(sc, "%s: %s " MAC_FMT " fixed rate %d%sMbps\n",
++				DPRINTF(sc, ATH_DEBUG_RATE, "%s: %s " MAC_FMT " fixed rate %d%sMbps\n",
 +					dev_info, __func__, MAC_ADDR(ni->ni_macaddr),
 +					sn->rates[srate].rate / 2,
 +					(sn->rates[srate].rate % 2) ? ".5 " : " ");
  			return;
  		}
  
+ 		for (x = 0; x < ni->ni_rates.rs_nrates; x++) {
+ 			if (sn->rates[x].rix == 0xff) {
+-				DPRINTF(sc, "%s: %s ignore bogus rix at %d\n",
++				DPRINTF(sc, ATH_DEBUG_RATE, "%s: %s ignore bogus rix at %d\n",
+ 					dev_info, __func__, x);
+ 				continue;
+ 			}
+@@ -735,9 +721,9 @@
+ 		}
+ 
+ #if 0
+-		DPRINTF(sc, "%s: Retry table for this node\n", __func__);
++		DPRINTF(sc, ATH_DEBUG_RATE, "%s: Retry table for this node\n", __func__);
+ 		  for (x = 0; x < ni->ni_rates.rs_nrates; x++)
+-			     DPRINTF(sc, "%2d  %2d %6d  \n", x, sn->retry_count[x], sn->perfect_tx_time[x]);
++			     DPRINTF(sc, ATH_DEBUG_RATE, "%2d  %2d %6d  \n", x, sn->retry_count[x], sn->perfect_tx_time[x]);
+ #endif
+ 
+ 		/* Set the initial rate */
+@@ -781,10 +767,10 @@
+ 		unsigned int interval = ath_timer_interval;
+ 
+ 		if (dev == NULL)
+-			DPRINTF(sc, "%s: 'dev' is null in this timer \n", __func__);
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: 'dev' is null in this timer \n", __func__);
+ 
+ 		if (sc == NULL)
+-			DPRINTF(sc, "%s: 'sc' is null in this timer\n", __func__);
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: 'sc' is null in this timer\n", __func__);
+ 
+ 		ic = &sc->sc_ic;
+ 
+@@ -808,7 +794,7 @@
+ 
+ 		timer  = &(ssc->timer);
+ 		if (timer == NULL)
+-			DPRINTF(sc, "%s: timer is null - leave it\n", __func__);
++			DPRINTF(sc, ATH_DEBUG_RATE, "%s: timer is null - leave it\n", __func__);
+ 
+ 		timer->expires = jiffies + ((HZ * interval) / 1000);
+ 		add_timer(timer);
+@@ -904,7 +890,7 @@
+ ath_rate_attach(struct ath_softc *sc)
+ {
+ 		struct minstrel_softc *osc;
+-		DPRINTF(sc, "%s: %s\n", dev_info, __func__);
++		DPRINTF(sc, ATH_DEBUG_RATE, "%s: %s\n", dev_info, __func__);
+ 
+ 		_MOD_INC_USE(THIS_MODULE, return NULL);
+ 		osc = kmalloc(sizeof(struct minstrel_softc), GFP_ATOMIC);
+@@ -963,7 +949,7 @@
+ 					p += sprintf(p, "out of room for node " MAC_FMT "\n\n", MAC_ADDR(ni->ni_macaddr));
+ 					break;
+ 				}
+-				DPRINTF(sc, "%s: out of memeory to write tall of the nodes\n", __func__);
++				DPRINTF(sc, ATH_DEBUG_RATE, "%s: out of memeory to write tall of the nodes\n", __func__);
+ 			            break;
+ 			}
+ 			an = ATH_NODE(ni);
 --- a/ath_rate/amrr/amrr.c
 +++ b/ath_rate/amrr/amrr.c
 @@ -64,24 +64,13 @@
@@ -83,6 +210,15 @@
  static int ath_rateinterval = 1000;		/* rate ctl interval (ms)  */
  static int ath_rate_max_success_threshold = 10;
  static int ath_rate_min_success_threshold = 1;
+@@ -197,7 +186,7 @@
+ 
+ 	KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode));
+ 
+-	DPRINTF(sc, "%s: set xmit rate for " MAC_FMT " to %dM\n",
++	DPRINTF(sc, ATH_DEBUG_RATE, "%s: set xmit rate for " MAC_FMT " to %dM\n",
+ 		__func__, MAC_ADDR(ni->ni_macaddr),
+ 		ni->ni_rates.rs_nrates > 0 ?
+ 			(ni->ni_rates.rs_rates[rate] & IEEE80211_RATE_VAL) / 2 : 0);
 @@ -297,9 +286,9 @@
  		 * rate set is checked when the station associates.
  		 */
@@ -96,6 +232,39 @@
  	}
  	ath_rate_update(sc, ni, srate);
  #undef RATE
+@@ -377,7 +366,7 @@
+ 
+ 	old_rate = ni->ni_txrate;
+ 
+-  	DPRINTF (sc, "cnt0: %d cnt1: %d cnt2: %d cnt3: %d -- threshold: %d\n",
++  	DPRINTF(sc, ATH_DEBUG_RATE, "cnt0: %d cnt1: %d cnt2: %d cnt3: %d -- threshold: %d\n",
+ 		 amn->amn_tx_try0_cnt,
+ 		 amn->amn_tx_try1_cnt,
+ 		 amn->amn_tx_try2_cnt,
+@@ -390,7 +379,7 @@
+   			amn->amn_recovery = 1;
+   			amn->amn_success = 0;
+   			ni->ni_txrate++;
+-			DPRINTF(sc, "increase rate to %d\n", ni->ni_txrate);
++			DPRINTF(sc, ATH_DEBUG_RATE, "increase rate to %d\n", ni->ni_txrate);
+   		} else
+ 			amn->amn_recovery = 0;
+   	} else if (is_failure(amn)) {
+@@ -401,12 +390,12 @@
+   				amn->amn_success_threshold *= 2;
+   				amn->amn_success_threshold = min(amn->amn_success_threshold,
+ 								  (u_int)ath_rate_max_success_threshold);
+- 				DPRINTF(sc, "decrease rate recovery thr: %d\n",
++ 				DPRINTF(sc, ATH_DEBUG_RATE, "decrease rate recovery thr: %d\n",
+ 					amn->amn_success_threshold);
+   			} else {
+   				/* simple failure. */
+  				amn->amn_success_threshold = ath_rate_min_success_threshold;
+- 				DPRINTF(sc, "decrease rate normal thr: %d\n",
++ 				DPRINTF(sc, ATH_DEBUG_RATE, "decrease rate normal thr: %d\n",
+ 					amn->amn_success_threshold);
+   			}
+ 			amn->amn_recovery = 0;
 --- a/ath_rate/onoe/onoe.c
 +++ b/ath_rate/onoe/onoe.c
 @@ -60,27 +60,13 @@
@@ -127,6 +296,15 @@
  /*
   * Default parameters for the rate control algorithm.  These are
   * all tunable with sysctls.  The rate controller runs periodically
+@@ -186,7 +172,7 @@
+ 
+ 	KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode));
+ 
+-	DPRINTF(sc, "%s: set xmit rate for " MAC_FMT " to %dM\n",
++	DPRINTF(sc, ATH_DEBUG_RATE, "%s: set xmit rate for " MAC_FMT " to %dM\n",
+ 		__func__, MAC_ADDR(ni->ni_macaddr),
+ 		ni->ni_rates.rs_nrates > 0 ?
+ 			(ni->ni_rates.rs_rates[rate] & IEEE80211_RATE_VAL) / 2 : 0);
 @@ -283,9 +269,9 @@
  		 */
  		/* NB: the rate set is assumed sorted */
@@ -140,6 +318,24 @@
  	}
  	ath_rate_update(sc, ni, srate);
  #undef RATE
+@@ -364,7 +350,7 @@
+ 	    on->on_tx_retr < (on->on_tx_ok * ath_rate_raise) / 100)
+ 		dir = 1;
+ 
+-	DPRINTF(sc, MAC_FMT ": ok %d err %d retr %d upper %d dir %d\n",
++	DPRINTF(sc, ATH_DEBUG_RATE, MAC_FMT ": ok %d err %d retr %d upper %d dir %d\n",
+ 		MAC_ADDR(ni->ni_macaddr),
+ 		on->on_tx_ok, on->on_tx_err, on->on_tx_retr,
+ 		on->on_tx_upper, dir);
+@@ -395,7 +381,7 @@
+ 	}
+ 
+ 	if (nrate != ni->ni_txrate) {
+-		DPRINTF(sc, "%s: %dM -> %dM (%d ok, %d err, %d retr)\n",
++		DPRINTF(sc, ATH_DEBUG_RATE, "%s: %dM -> %dM (%d ok, %d err, %d retr)\n",
+ 		    __func__,
+ 		    (rs->rs_rates[ni->ni_txrate] & IEEE80211_RATE_VAL) / 2,
+ 		    (rs->rs_rates[nrate] & IEEE80211_RATE_VAL) / 2,
 --- a/ath_rate/sample/sample.c
 +++ b/ath_rate/sample/sample.c
 @@ -62,30 +62,13 @@
@@ -174,6 +370,15 @@
  /*
   * This file is an implementation of the SampleRate algorithm
   * in "Bit-rate Selection in Wireless Networks"
+@@ -740,7 +723,7 @@
+ 		ndx[3] = rate_to_ndx(sn, rate[3]);
+ 
+ #if 0
+-		DPRINTF(sc, "%s: " MAC_FMT " size %u finaltsidx %u tries %u status %u rate/try %u/%u %u/%u %u/%u %u/%u\n",
++		DPRINTF(sc, ATH_DEBUG_RATE, "%s: " MAC_FMT " size %u finaltsidx %u tries %u status %u rate/try %u/%u %u/%u %u/%u %u/%u\n",
+ 			dev_info, MAC_ADDR(an->an_node.ni_macaddr),
+ 			bin_to_size(size_to_bin(frame_size)),
+ 			finalTSIdx,
 @@ -886,15 +869,16 @@
  			if ((ni->ni_rates.rs_rates[x] & IEEE80211_RATE_VAL) == vap->iv_fixed_rate)
  				srate = x;
diff --git a/package/madwifi/patches/380-noderef_fix.patch b/package/madwifi/patches/380-noderef_fix.patch
deleted file mode 100644
index fb4192ddf9..0000000000
--- a/package/madwifi/patches/380-noderef_fix.patch
+++ /dev/null
@@ -1,29 +0,0 @@
---- a/net80211/ieee80211_node.c
-+++ b/net80211/ieee80211_node.c
-@@ -316,7 +316,7 @@
- 	 */
- 	ni = ieee80211_find_node(&ic->ic_sta, vap->iv_myaddr);
- 	if (ni == NULL) {
--		ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr);
-+		ni = ieee80211_alloc_node(vap, vap->iv_myaddr);
- 		IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
- 				  "%s: ni:%p allocated for " MAC_FMT "\n",
- 				  __func__, ni, MAC_ADDR(vap->iv_myaddr));
-@@ -421,14 +421,14 @@
- 	/* XXX multi-bss wrong */
- 	ieee80211_reset_erp(ic, ic->ic_curmode);
- 
--	ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr);
-+	ni = ieee80211_alloc_node(vap, vap->iv_myaddr);
- 	IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
- 			  "%s: ni:%p allocated for " MAC_FMT "\n",
- 			  __func__, ni, MAC_ADDR(vap->iv_myaddr));
- 	KASSERT(ni != NULL, ("unable to setup inital BSS node"));
- 
- 	vap->iv_bss = PASS_NODE(ni);
--	KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 2), 
-+	KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 1),
- 		("wrong refcount for new node."));
- 
- 	if (obss != NULL) {
-
diff --git a/package/madwifi/patches/380-noderef_hack.patch b/package/madwifi/patches/380-noderef_hack.patch
new file mode 100644
index 0000000000..4e224903ce
--- /dev/null
+++ b/package/madwifi/patches/380-noderef_hack.patch
@@ -0,0 +1,13 @@
+--- a/net80211/ieee80211_node.c
++++ b/net80211/ieee80211_node.c
+@@ -427,8 +427,8 @@
+ 			  __func__, ni, MAC_ADDR(vap->iv_myaddr));
+ 	KASSERT(ni != NULL, ("unable to setup inital BSS node"));
+ 
+-	vap->iv_bss = PASS_NODE(ni);
+-	KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 2), 
++	vap->iv_bss = ieee80211_ref_node(ni);
++	KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 3), 
+ 		("wrong refcount for new node."));
+ 
+ 	if (obss != NULL) {
diff --git a/package/madwifi/patches/406-monitor_r3711.patch b/package/madwifi/patches/406-monitor_r3711.patch
index 9f6ef59fc0..74004ad2eb 100644
--- a/package/madwifi/patches/406-monitor_r3711.patch
+++ b/package/madwifi/patches/406-monitor_r3711.patch
@@ -1,6 +1,6 @@
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -6371,7 +6371,7 @@
+@@ -6409,7 +6409,7 @@
  
  	/* Never copy the SKB, as it is ours on the RX side, and this is the 
  	 * last process on the TX side and we only modify our own headers. */
@@ -9,7 +9,7 @@
  	if (tskb == NULL) {
  		DPRINTF(sc, ATH_DEBUG_ANY,
  			"Dropping; ath_skb_removepad failed!\n");
-@@ -6379,6 +6379,8 @@
+@@ -6417,6 +6417,8 @@
  	}
  	
  	ieee80211_input_monitor(ic, tskb, bf, tx, tsf, sc);
diff --git a/package/madwifi/patches/408-changeset_r3337.patch b/package/madwifi/patches/408-changeset_r3337.patch
index 13200ab4fd..5b225650a9 100644
--- a/package/madwifi/patches/408-changeset_r3337.patch
+++ b/package/madwifi/patches/408-changeset_r3337.patch
@@ -10,7 +10,7 @@
  Please let us know if you think your name should be mentioned here!
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -3002,7 +3002,7 @@
+@@ -3029,7 +3029,7 @@
  	struct ath_softc *sc = dev->priv;
  	struct ath_hal *ah = sc->sc_ah;
  	struct ieee80211_phy_params *ph = (struct ieee80211_phy_params *)
diff --git a/package/madwifi/patches/450-new_hal.patch b/package/madwifi/patches/450-new_hal.patch
index 5171ce2784..b9e2454d8e 100644
--- a/package/madwifi/patches/450-new_hal.patch
+++ b/package/madwifi/patches/450-new_hal.patch
@@ -93,7 +93,7 @@
   * The functions in this section are not intended to be invoked by MadWifi
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -592,6 +592,14 @@
+@@ -593,6 +593,14 @@
  	}
  	sc->sc_ah = ah;
  
@@ -108,7 +108,7 @@
  	/*
  	 * Check if the MAC has multi-rate retry support.
  	 * We do this by trying to setup a fake extended
-@@ -7348,7 +7356,7 @@
+@@ -7382,7 +7390,7 @@
  	if (qtype == HAL_TX_QUEUE_UAPSD)
  		qi.tqi_qflags = HAL_TXQ_TXDESCINT_ENABLE;
  	else