-- ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
-- IEEE80211_STA_BEACON_POLL);
-+ ieee80211_stop_poll(sdata);
-
- ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
- false, frame_buf);
-@@ -2879,8 +2895,7 @@ static void ieee80211_restart_sta_timer(
- u32 flags;
-
- if (sdata->vif.type == NL80211_IFTYPE_STATION) {
-- sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL |
-- IEEE80211_STA_CONNECTION_POLL);
-+ __ieee80211_stop_poll(sdata);
-
- /* let's probe the connection once */
- flags = sdata->local->hw.flags;
-@@ -2949,7 +2964,10 @@ void ieee80211_sta_restart(struct ieee80
- if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
- add_timer(&ifmgd->chswitch_timer);
- ieee80211_sta_reset_beacon_monitor(sdata);
-+
-+ mutex_lock(&sdata->local->mtx);
- ieee80211_restart_sta_timer(sdata);
-+ mutex_unlock(&sdata->local->mtx);
- }
- #endif
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -674,7 +674,7 @@ int __must_check __sta_info_destroy(stru
+ * will be sufficient.
+ */
+ set_sta_flag(sta, WLAN_STA_BLOCK_BA);
+- ieee80211_sta_tear_down_BA_sessions(sta, true);
++ ieee80211_sta_tear_down_BA_sessions(sta, false);
+
+ ret = sta_info_hash_del(local, sta);
+ if (ret)
+--- a/drivers/net/wireless/ath/ath5k/phy.c
++++ b/drivers/net/wireless/ath/ath5k/phy.c
+@@ -1977,11 +1977,13 @@ ath5k_hw_set_spur_mitigation_filter(stru
+ spur_delta_phase = (spur_offset << 18) / 25;
+ spur_freq_sigma_delta = (spur_delta_phase >> 10);
+ symbol_width = AR5K_SPUR_SYMBOL_WIDTH_BASE_100Hz / 2;
++ break;
+ case AR5K_BWMODE_5MHZ:
+ /* Both sample_freq and chip_freq are 10MHz (?) */
+ spur_delta_phase = (spur_offset << 19) / 25;
+ spur_freq_sigma_delta = (spur_delta_phase >> 10);
+ symbol_width = AR5K_SPUR_SYMBOL_WIDTH_BASE_100Hz / 4;
++ break;
+ default:
+ if (channel->band == IEEE80211_BAND_5GHZ) {
+ /* Both sample_freq and chip_freq are 40MHz */
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -1062,7 +1062,7 @@ struct ieee80211_local {
+ bool disable_dynamic_ps;
+
+ int user_power_level; /* in dBm */
+- int power_constr_level; /* in dBm */
++ int ap_power_level; /* in dBm */
+
+ enum ieee80211_smps_mode smps_mode;
+
+@@ -1170,7 +1170,6 @@ struct ieee802_11_elems {
+ u8 prep_len;
+ u8 perr_len;
+ u8 country_elem_len;
+- u8 pwr_constr_elem_len;
+ u8 quiet_elem_len;
+ u8 num_of_quiet_elem; /* can be more the one */
+ u8 timeout_int_len;
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -792,8 +792,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+ elems->country_elem_len = elen;
+ break;
+ case WLAN_EID_PWR_CONSTRAINT:
++ if (elen != 1) {
++ elem_parse_failed = true;
++ break;
++ }
+ elems->pwr_constr_elem = pos;
+- elems->pwr_constr_elem_len = elen;
+ break;
+ case WLAN_EID_TIMEOUT_INTERVAL:
+ elems->timeout_int = pos;
+--- a/net/mac80211/main.c
++++ b/net/mac80211/main.c
+@@ -154,13 +154,11 @@ int ieee80211_hw_config(struct ieee80211
+
+ if (test_bit(SCAN_SW_SCANNING, &local->scanning) ||
+ test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning) ||
+- test_bit(SCAN_HW_SCANNING, &local->scanning))
++ test_bit(SCAN_HW_SCANNING, &local->scanning) ||
++ !local->ap_power_level)
+ power = chan->max_power;
+ else
+- power = local->power_constr_level ?
+- min(chan->max_power,
+- (chan->max_reg_power - local->power_constr_level)) :
+- chan->max_power;
++ power = min(chan->max_power, local->ap_power_level);
+
+ if (local->user_power_level >= 0)
+ power = min(power, local->user_power_level);
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1218,6 +1218,7 @@ struct cfg80211_deauth_request {
+ const u8 *ie;
+ size_t ie_len;
+ u16 reason_code;
++ bool local_state_change;
+ };
+
+ /**
+--- a/net/wireless/mlme.c
++++ b/net/wireless/mlme.c
+@@ -457,20 +457,14 @@ int __cfg80211_mlme_deauth(struct cfg802
+ .reason_code = reason,
+ .ie = ie,
+ .ie_len = ie_len,
++ .local_state_change = local_state_change,
+ };
+
+ ASSERT_WDEV_LOCK(wdev);
+
+- if (local_state_change) {
+- if (wdev->current_bss &&
+- ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) {
+- cfg80211_unhold_bss(wdev->current_bss);
+- cfg80211_put_bss(&wdev->current_bss->pub);
+- wdev->current_bss = NULL;
+- }
+-
++ if (local_state_change && (!wdev->current_bss ||
++ !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
+ return 0;
+- }