c3058419e227bb9bf35f5c91f94aeb9edbc3c24e
[linux-2.6.git] / drivers / net / wireless / wl12xx / main.c
1 /*
2  * This file is part of wl1271
3  *
4  * Copyright (C) 2008-2010 Nokia Corporation
5  *
6  * Contact: Luciano Coelho <luciano.coelho@nokia.com>
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License
10  * version 2 as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but
13  * WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA
21  *
22  */
23
24 #include <linux/module.h>
25 #include <linux/firmware.h>
26 #include <linux/delay.h>
27 #include <linux/spi/spi.h>
28 #include <linux/crc32.h>
29 #include <linux/etherdevice.h>
30 #include <linux/vmalloc.h>
31 #include <linux/platform_device.h>
32 #include <linux/slab.h>
33 #include <linux/wl12xx.h>
34 #include <linux/sched.h>
35 #include <linux/interrupt.h>
36
37 #include "wl12xx.h"
38 #include "debug.h"
39 #include "wl12xx_80211.h"
40 #include "reg.h"
41 #include "io.h"
42 #include "event.h"
43 #include "tx.h"
44 #include "rx.h"
45 #include "ps.h"
46 #include "init.h"
47 #include "debugfs.h"
48 #include "cmd.h"
49 #include "boot.h"
50 #include "testmode.h"
51 #include "scan.h"
52
53 #define WL1271_BOOT_RETRIES 3
54
55 static struct conf_drv_settings default_conf = {
56         .sg = {
57                 .params = {
58                         [CONF_SG_ACL_BT_MASTER_MIN_BR] = 10,
59                         [CONF_SG_ACL_BT_MASTER_MAX_BR] = 180,
60                         [CONF_SG_ACL_BT_SLAVE_MIN_BR] = 10,
61                         [CONF_SG_ACL_BT_SLAVE_MAX_BR] = 180,
62                         [CONF_SG_ACL_BT_MASTER_MIN_EDR] = 10,
63                         [CONF_SG_ACL_BT_MASTER_MAX_EDR] = 80,
64                         [CONF_SG_ACL_BT_SLAVE_MIN_EDR] = 10,
65                         [CONF_SG_ACL_BT_SLAVE_MAX_EDR] = 80,
66                         [CONF_SG_ACL_WLAN_PS_MASTER_BR] = 8,
67                         [CONF_SG_ACL_WLAN_PS_SLAVE_BR] = 8,
68                         [CONF_SG_ACL_WLAN_PS_MASTER_EDR] = 20,
69                         [CONF_SG_ACL_WLAN_PS_SLAVE_EDR] = 20,
70                         [CONF_SG_ACL_WLAN_ACTIVE_MASTER_MIN_BR] = 20,
71                         [CONF_SG_ACL_WLAN_ACTIVE_MASTER_MAX_BR] = 35,
72                         [CONF_SG_ACL_WLAN_ACTIVE_SLAVE_MIN_BR] = 16,
73                         [CONF_SG_ACL_WLAN_ACTIVE_SLAVE_MAX_BR] = 35,
74                         [CONF_SG_ACL_WLAN_ACTIVE_MASTER_MIN_EDR] = 32,
75                         [CONF_SG_ACL_WLAN_ACTIVE_MASTER_MAX_EDR] = 50,
76                         [CONF_SG_ACL_WLAN_ACTIVE_SLAVE_MIN_EDR] = 28,
77                         [CONF_SG_ACL_WLAN_ACTIVE_SLAVE_MAX_EDR] = 50,
78                         [CONF_SG_ACL_ACTIVE_SCAN_WLAN_BR] = 10,
79                         [CONF_SG_ACL_ACTIVE_SCAN_WLAN_EDR] = 20,
80                         [CONF_SG_ACL_PASSIVE_SCAN_BT_BR] = 75,
81                         [CONF_SG_ACL_PASSIVE_SCAN_WLAN_BR] = 15,
82                         [CONF_SG_ACL_PASSIVE_SCAN_BT_EDR] = 27,
83                         [CONF_SG_ACL_PASSIVE_SCAN_WLAN_EDR] = 17,
84                         /* active scan params */
85                         [CONF_SG_AUTO_SCAN_PROBE_REQ] = 170,
86                         [CONF_SG_ACTIVE_SCAN_DURATION_FACTOR_HV3] = 50,
87                         [CONF_SG_ACTIVE_SCAN_DURATION_FACTOR_A2DP] = 100,
88                         /* passive scan params */
89                         [CONF_SG_PASSIVE_SCAN_DURATION_FACTOR_A2DP_BR] = 800,
90                         [CONF_SG_PASSIVE_SCAN_DURATION_FACTOR_A2DP_EDR] = 200,
91                         [CONF_SG_PASSIVE_SCAN_DURATION_FACTOR_HV3] = 200,
92                         /* passive scan in dual antenna params */
93                         [CONF_SG_CONSECUTIVE_HV3_IN_PASSIVE_SCAN] = 0,
94                         [CONF_SG_BCN_HV3_COLLISION_THRESH_IN_PASSIVE_SCAN] = 0,
95                         [CONF_SG_TX_RX_PROTECTION_BWIDTH_IN_PASSIVE_SCAN] = 0,
96                         /* general params */
97                         [CONF_SG_STA_FORCE_PS_IN_BT_SCO] = 1,
98                         [CONF_SG_ANTENNA_CONFIGURATION] = 0,
99                         [CONF_SG_BEACON_MISS_PERCENT] = 60,
100                         [CONF_SG_DHCP_TIME] = 5000,
101                         [CONF_SG_RXT] = 1200,
102                         [CONF_SG_TXT] = 1000,
103                         [CONF_SG_ADAPTIVE_RXT_TXT] = 1,
104                         [CONF_SG_GENERAL_USAGE_BIT_MAP] = 3,
105                         [CONF_SG_HV3_MAX_SERVED] = 6,
106                         [CONF_SG_PS_POLL_TIMEOUT] = 10,
107                         [CONF_SG_UPSD_TIMEOUT] = 10,
108                         [CONF_SG_CONSECUTIVE_CTS_THRESHOLD] = 2,
109                         [CONF_SG_STA_RX_WINDOW_AFTER_DTIM] = 5,
110                         [CONF_SG_STA_CONNECTION_PROTECTION_TIME] = 30,
111                         /* AP params */
112                         [CONF_AP_BEACON_MISS_TX] = 3,
113                         [CONF_AP_RX_WINDOW_AFTER_BEACON] = 10,
114                         [CONF_AP_BEACON_WINDOW_INTERVAL] = 2,
115                         [CONF_AP_CONNECTION_PROTECTION_TIME] = 0,
116                         [CONF_AP_BT_ACL_VAL_BT_SERVE_TIME] = 25,
117                         [CONF_AP_BT_ACL_VAL_WL_SERVE_TIME] = 25,
118                 },
119                 .state = CONF_SG_PROTECTIVE,
120         },
121         .rx = {
122                 .rx_msdu_life_time           = 512000,
123                 .packet_detection_threshold  = 0,
124                 .ps_poll_timeout             = 15,
125                 .upsd_timeout                = 15,
126                 .rts_threshold               = IEEE80211_MAX_RTS_THRESHOLD,
127                 .rx_cca_threshold            = 0,
128                 .irq_blk_threshold           = 0xFFFF,
129                 .irq_pkt_threshold           = 0,
130                 .irq_timeout                 = 600,
131                 .queue_type                  = CONF_RX_QUEUE_TYPE_LOW_PRIORITY,
132         },
133         .tx = {
134                 .tx_energy_detection         = 0,
135                 .sta_rc_conf                 = {
136                         .enabled_rates       = 0,
137                         .short_retry_limit   = 10,
138                         .long_retry_limit    = 10,
139                         .aflags              = 0,
140                 },
141                 .ac_conf_count               = 4,
142                 .ac_conf                     = {
143                         [CONF_TX_AC_BE] = {
144                                 .ac          = CONF_TX_AC_BE,
145                                 .cw_min      = 15,
146                                 .cw_max      = 63,
147                                 .aifsn       = 3,
148                                 .tx_op_limit = 0,
149                         },
150                         [CONF_TX_AC_BK] = {
151                                 .ac          = CONF_TX_AC_BK,
152                                 .cw_min      = 15,
153                                 .cw_max      = 63,
154                                 .aifsn       = 7,
155                                 .tx_op_limit = 0,
156                         },
157                         [CONF_TX_AC_VI] = {
158                                 .ac          = CONF_TX_AC_VI,
159                                 .cw_min      = 15,
160                                 .cw_max      = 63,
161                                 .aifsn       = CONF_TX_AIFS_PIFS,
162                                 .tx_op_limit = 3008,
163                         },
164                         [CONF_TX_AC_VO] = {
165                                 .ac          = CONF_TX_AC_VO,
166                                 .cw_min      = 15,
167                                 .cw_max      = 63,
168                                 .aifsn       = CONF_TX_AIFS_PIFS,
169                                 .tx_op_limit = 1504,
170                         },
171                 },
172                 .max_tx_retries = 100,
173                 .ap_aging_period = 300,
174                 .tid_conf_count = 4,
175                 .tid_conf = {
176                         [CONF_TX_AC_BE] = {
177                                 .queue_id    = CONF_TX_AC_BE,
178                                 .channel_type = CONF_CHANNEL_TYPE_EDCF,
179                                 .tsid        = CONF_TX_AC_BE,
180                                 .ps_scheme   = CONF_PS_SCHEME_LEGACY,
181                                 .ack_policy  = CONF_ACK_POLICY_LEGACY,
182                                 .apsd_conf   = {0, 0},
183                         },
184                         [CONF_TX_AC_BK] = {
185                                 .queue_id    = CONF_TX_AC_BK,
186                                 .channel_type = CONF_CHANNEL_TYPE_EDCF,
187                                 .tsid        = CONF_TX_AC_BK,
188                                 .ps_scheme   = CONF_PS_SCHEME_LEGACY,
189                                 .ack_policy  = CONF_ACK_POLICY_LEGACY,
190                                 .apsd_conf   = {0, 0},
191                         },
192                         [CONF_TX_AC_VI] = {
193                                 .queue_id    = CONF_TX_AC_VI,
194                                 .channel_type = CONF_CHANNEL_TYPE_EDCF,
195                                 .tsid        = CONF_TX_AC_VI,
196                                 .ps_scheme   = CONF_PS_SCHEME_LEGACY,
197                                 .ack_policy  = CONF_ACK_POLICY_LEGACY,
198                                 .apsd_conf   = {0, 0},
199                         },
200                         [CONF_TX_AC_VO] = {
201                                 .queue_id    = CONF_TX_AC_VO,
202                                 .channel_type = CONF_CHANNEL_TYPE_EDCF,
203                                 .tsid        = CONF_TX_AC_VO,
204                                 .ps_scheme   = CONF_PS_SCHEME_LEGACY,
205                                 .ack_policy  = CONF_ACK_POLICY_LEGACY,
206                                 .apsd_conf   = {0, 0},
207                         },
208                 },
209                 .frag_threshold              = IEEE80211_MAX_FRAG_THRESHOLD,
210                 .tx_compl_timeout            = 700,
211                 .tx_compl_threshold          = 4,
212                 .basic_rate                  = CONF_HW_BIT_RATE_1MBPS,
213                 .basic_rate_5                = CONF_HW_BIT_RATE_6MBPS,
214                 .tmpl_short_retry_limit      = 10,
215                 .tmpl_long_retry_limit       = 10,
216         },
217         .conn = {
218                 .wake_up_event               = CONF_WAKE_UP_EVENT_DTIM,
219                 .listen_interval             = 1,
220                 .bcn_filt_mode               = CONF_BCN_FILT_MODE_ENABLED,
221                 .bcn_filt_ie_count           = 2,
222                 .bcn_filt_ie = {
223                         [0] = {
224                                 .ie          = WLAN_EID_CHANNEL_SWITCH,
225                                 .rule        = CONF_BCN_RULE_PASS_ON_APPEARANCE,
226                         },
227                         [1] = {
228                                 .ie          = WLAN_EID_HT_INFORMATION,
229                                 .rule        = CONF_BCN_RULE_PASS_ON_CHANGE,
230                         },
231                 },
232                 .synch_fail_thold            = 10,
233                 .bss_lose_timeout            = 100,
234                 .beacon_rx_timeout           = 10000,
235                 .broadcast_timeout           = 20000,
236                 .rx_broadcast_in_ps          = 1,
237                 .ps_poll_threshold           = 10,
238                 .ps_poll_recovery_period     = 700,
239                 .bet_enable                  = CONF_BET_MODE_ENABLE,
240                 .bet_max_consecutive         = 50,
241                 .psm_entry_retries           = 8,
242                 .psm_exit_retries            = 16,
243                 .psm_entry_nullfunc_retries  = 3,
244                 .keep_alive_interval         = 55000,
245                 .max_listen_interval         = 20,
246         },
247         .itrim = {
248                 .enable = false,
249                 .timeout = 50000,
250         },
251         .pm_config = {
252                 .host_clk_settling_time = 5000,
253                 .host_fast_wakeup_support = false
254         },
255         .roam_trigger = {
256                 .trigger_pacing               = 1,
257                 .avg_weight_rssi_beacon       = 20,
258                 .avg_weight_rssi_data         = 10,
259                 .avg_weight_snr_beacon        = 20,
260                 .avg_weight_snr_data          = 10,
261         },
262         .scan = {
263                 .min_dwell_time_active        = 7500,
264                 .max_dwell_time_active        = 30000,
265                 .min_dwell_time_passive       = 100000,
266                 .max_dwell_time_passive       = 100000,
267                 .num_probe_reqs               = 2,
268         },
269         .sched_scan = {
270                 /* sched_scan requires dwell times in TU instead of TU/1000 */
271                 .min_dwell_time_active = 30,
272                 .max_dwell_time_active = 60,
273                 .dwell_time_passive    = 100,
274                 .dwell_time_dfs        = 150,
275                 .num_probe_reqs        = 2,
276                 .rssi_threshold        = -90,
277                 .snr_threshold         = 0,
278         },
279         .rf = {
280                 .tx_per_channel_power_compensation_2 = {
281                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
282                 },
283                 .tx_per_channel_power_compensation_5 = {
284                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
285                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
286                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
287                 },
288         },
289         .ht = {
290                 .rx_ba_win_size = 8,
291                 .tx_ba_win_size = 64,
292                 .inactivity_timeout = 10000,
293                 .tx_ba_tid_bitmap = CONF_TX_BA_ENABLED_TID_BITMAP,
294         },
295         .mem_wl127x = {
296                 .num_stations                 = 1,
297                 .ssid_profiles                = 1,
298                 .rx_block_num                 = 70,
299                 .tx_min_block_num             = 40,
300                 .dynamic_memory               = 1,
301                 .min_req_tx_blocks            = 100,
302                 .min_req_rx_blocks            = 22,
303                 .tx_min                       = 27,
304         },
305         .mem_wl128x = {
306                 .num_stations                 = 1,
307                 .ssid_profiles                = 1,
308                 .rx_block_num                 = 40,
309                 .tx_min_block_num             = 40,
310                 .dynamic_memory               = 1,
311                 .min_req_tx_blocks            = 45,
312                 .min_req_rx_blocks            = 22,
313                 .tx_min                       = 27,
314         },
315         .fm_coex = {
316                 .enable                       = true,
317                 .swallow_period               = 5,
318                 .n_divider_fref_set_1         = 0xff,       /* default */
319                 .n_divider_fref_set_2         = 12,
320                 .m_divider_fref_set_1         = 148,
321                 .m_divider_fref_set_2         = 0xffff,     /* default */
322                 .coex_pll_stabilization_time  = 0xffffffff, /* default */
323                 .ldo_stabilization_time       = 0xffff,     /* default */
324                 .fm_disturbed_band_margin     = 0xff,       /* default */
325                 .swallow_clk_diff             = 0xff,       /* default */
326         },
327         .rx_streaming = {
328                 .duration                      = 150,
329                 .queues                        = 0x1,
330                 .interval                      = 20,
331                 .always                        = 0,
332         },
333         .fwlog = {
334                 .mode                         = WL12XX_FWLOG_ON_DEMAND,
335                 .mem_blocks                   = 2,
336                 .severity                     = 0,
337                 .timestamp                    = WL12XX_FWLOG_TIMESTAMP_DISABLED,
338                 .output                       = WL12XX_FWLOG_OUTPUT_HOST,
339                 .threshold                    = 0,
340         },
341         .hci_io_ds = HCI_IO_DS_6MA,
342         .rate = {
343                 .rate_retry_score = 32000,
344                 .per_add = 8192,
345                 .per_th1 = 2048,
346                 .per_th2 = 4096,
347                 .max_per = 8100,
348                 .inverse_curiosity_factor = 5,
349                 .tx_fail_low_th = 4,
350                 .tx_fail_high_th = 10,
351                 .per_alpha_shift = 4,
352                 .per_add_shift = 13,
353                 .per_beta1_shift = 10,
354                 .per_beta2_shift = 8,
355                 .rate_check_up = 2,
356                 .rate_check_down = 12,
357                 .rate_retry_policy = {
358                         0x00, 0x00, 0x00, 0x00, 0x00,
359                         0x00, 0x00, 0x00, 0x00, 0x00,
360                         0x00, 0x00, 0x00,
361                 },
362         },
363         .hangover = {
364                 .recover_time               = 0,
365                 .hangover_period            = 20,
366                 .dynamic_mode               = 1,
367                 .early_termination_mode     = 1,
368                 .max_period                 = 20,
369                 .min_period                 = 1,
370                 .increase_delta             = 1,
371                 .decrease_delta             = 2,
372                 .quiet_time                 = 4,
373                 .increase_time              = 1,
374                 .window_size                = 16,
375         },
376 };
377
378 static char *fwlog_param;
379 static bool bug_on_recovery;
380
381 static void __wl1271_op_remove_interface(struct wl1271 *wl,
382                                          struct ieee80211_vif *vif,
383                                          bool reset_tx_queues);
384 static void wl1271_op_stop(struct ieee80211_hw *hw);
385 static void wl1271_free_ap_keys(struct wl1271 *wl, struct wl12xx_vif *wlvif);
386
387 static DEFINE_MUTEX(wl_list_mutex);
388 static LIST_HEAD(wl_list);
389
390 static int wl1271_check_operstate(struct wl1271 *wl, struct wl12xx_vif *wlvif,
391                                   unsigned char operstate)
392 {
393         int ret;
394
395         if (operstate != IF_OPER_UP)
396                 return 0;
397
398         if (test_and_set_bit(WLVIF_FLAG_STA_STATE_SENT, &wlvif->flags))
399                 return 0;
400
401         ret = wl12xx_cmd_set_peer_state(wl, wlvif->sta.hlid);
402         if (ret < 0)
403                 return ret;
404
405         wl12xx_croc(wl, wlvif->role_id);
406
407         wl1271_info("Association completed.");
408         return 0;
409 }
410 static int wl1271_dev_notify(struct notifier_block *me, unsigned long what,
411                              void *arg)
412 {
413         struct net_device *dev = arg;
414         struct wireless_dev *wdev;
415         struct wiphy *wiphy;
416         struct ieee80211_hw *hw;
417         struct wl1271 *wl;
418         struct wl1271 *wl_temp;
419         struct wl12xx_vif *wlvif;
420         int ret = 0;
421
422         /* Check that this notification is for us. */
423         if (what != NETDEV_CHANGE)
424                 return NOTIFY_DONE;
425
426         wdev = dev->ieee80211_ptr;
427         if (wdev == NULL)
428                 return NOTIFY_DONE;
429
430         wiphy = wdev->wiphy;
431         if (wiphy == NULL)
432                 return NOTIFY_DONE;
433
434         hw = wiphy_priv(wiphy);
435         if (hw == NULL)
436                 return NOTIFY_DONE;
437
438         wl_temp = hw->priv;
439         mutex_lock(&wl_list_mutex);
440         list_for_each_entry(wl, &wl_list, list) {
441                 if (wl == wl_temp)
442                         break;
443         }
444         mutex_unlock(&wl_list_mutex);
445         if (wl != wl_temp)
446                 return NOTIFY_DONE;
447
448         mutex_lock(&wl->mutex);
449
450         if (wl->state == WL1271_STATE_OFF)
451                 goto out;
452
453         wl12xx_for_each_wlvif_sta(wl, wlvif) {
454                 if (!test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags))
455                         continue;
456
457                 ret = wl1271_ps_elp_wakeup(wl);
458                 if (ret < 0)
459                         goto out;
460
461                 wl1271_check_operstate(wl, wlvif, dev->operstate);
462
463                 wl1271_ps_elp_sleep(wl);
464         }
465 out:
466         mutex_unlock(&wl->mutex);
467
468         return NOTIFY_OK;
469 }
470
471 static int wl1271_reg_notify(struct wiphy *wiphy,
472                              struct regulatory_request *request)
473 {
474         struct ieee80211_supported_band *band;
475         struct ieee80211_channel *ch;
476         int i;
477
478         band = wiphy->bands[IEEE80211_BAND_5GHZ];
479         for (i = 0; i < band->n_channels; i++) {
480                 ch = &band->channels[i];
481                 if (ch->flags & IEEE80211_CHAN_DISABLED)
482                         continue;
483
484                 if (ch->flags & IEEE80211_CHAN_RADAR)
485                         ch->flags |= IEEE80211_CHAN_NO_IBSS |
486                                      IEEE80211_CHAN_PASSIVE_SCAN;
487
488         }
489
490         return 0;
491 }
492
493 static int wl1271_set_rx_streaming(struct wl1271 *wl, struct wl12xx_vif *wlvif,
494                                    bool enable)
495 {
496         int ret = 0;
497
498         /* we should hold wl->mutex */
499         ret = wl1271_acx_ps_rx_streaming(wl, wlvif, enable);
500         if (ret < 0)
501                 goto out;
502
503         if (enable)
504                 set_bit(WLVIF_FLAG_RX_STREAMING_STARTED, &wlvif->flags);
505         else
506                 clear_bit(WLVIF_FLAG_RX_STREAMING_STARTED, &wlvif->flags);
507 out:
508         return ret;
509 }
510
511 /*
512  * this function is being called when the rx_streaming interval
513  * has beed changed or rx_streaming should be disabled
514  */
515 int wl1271_recalc_rx_streaming(struct wl1271 *wl, struct wl12xx_vif *wlvif)
516 {
517         int ret = 0;
518         int period = wl->conf.rx_streaming.interval;
519
520         /* don't reconfigure if rx_streaming is disabled */
521         if (!test_bit(WLVIF_FLAG_RX_STREAMING_STARTED, &wlvif->flags))
522                 goto out;
523
524         /* reconfigure/disable according to new streaming_period */
525         if (period &&
526             test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags) &&
527             (wl->conf.rx_streaming.always ||
528              test_bit(WL1271_FLAG_SOFT_GEMINI, &wl->flags)))
529                 ret = wl1271_set_rx_streaming(wl, wlvif, true);
530         else {
531                 ret = wl1271_set_rx_streaming(wl, wlvif, false);
532                 /* don't cancel_work_sync since we might deadlock */
533                 del_timer_sync(&wlvif->rx_streaming_timer);
534         }
535 out:
536         return ret;
537 }
538
539 static void wl1271_rx_streaming_enable_work(struct work_struct *work)
540 {
541         int ret;
542         struct wl12xx_vif *wlvif = container_of(work, struct wl12xx_vif,
543                                                 rx_streaming_enable_work);
544         struct wl1271 *wl = wlvif->wl;
545
546         mutex_lock(&wl->mutex);
547
548         if (test_bit(WLVIF_FLAG_RX_STREAMING_STARTED, &wlvif->flags) ||
549             !test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags) ||
550             (!wl->conf.rx_streaming.always &&
551              !test_bit(WL1271_FLAG_SOFT_GEMINI, &wl->flags)))
552                 goto out;
553
554         if (!wl->conf.rx_streaming.interval)
555                 goto out;
556
557         ret = wl1271_ps_elp_wakeup(wl);
558         if (ret < 0)
559                 goto out;
560
561         ret = wl1271_set_rx_streaming(wl, wlvif, true);
562         if (ret < 0)
563                 goto out_sleep;
564
565         /* stop it after some time of inactivity */
566         mod_timer(&wlvif->rx_streaming_timer,
567                   jiffies + msecs_to_jiffies(wl->conf.rx_streaming.duration));
568
569 out_sleep:
570         wl1271_ps_elp_sleep(wl);
571 out:
572         mutex_unlock(&wl->mutex);
573 }
574
575 static void wl1271_rx_streaming_disable_work(struct work_struct *work)
576 {
577         int ret;
578         struct wl12xx_vif *wlvif = container_of(work, struct wl12xx_vif,
579                                                 rx_streaming_disable_work);
580         struct wl1271 *wl = wlvif->wl;
581
582         mutex_lock(&wl->mutex);
583
584         if (!test_bit(WLVIF_FLAG_RX_STREAMING_STARTED, &wlvif->flags))
585                 goto out;
586
587         ret = wl1271_ps_elp_wakeup(wl);
588         if (ret < 0)
589                 goto out;
590
591         ret = wl1271_set_rx_streaming(wl, wlvif, false);
592         if (ret)
593                 goto out_sleep;
594
595 out_sleep:
596         wl1271_ps_elp_sleep(wl);
597 out:
598         mutex_unlock(&wl->mutex);
599 }
600
601 static void wl1271_rx_streaming_timer(unsigned long data)
602 {
603         struct wl12xx_vif *wlvif = (struct wl12xx_vif *)data;
604         struct wl1271 *wl = wlvif->wl;
605         ieee80211_queue_work(wl->hw, &wlvif->rx_streaming_disable_work);
606 }
607
608 static void wl1271_conf_init(struct wl1271 *wl)
609 {
610
611         /*
612          * This function applies the default configuration to the driver. This
613          * function is invoked upon driver load (spi probe.)
614          *
615          * The configuration is stored in a run-time structure in order to
616          * facilitate for run-time adjustment of any of the parameters. Making
617          * changes to the configuration structure will apply the new values on
618          * the next interface up (wl1271_op_start.)
619          */
620
621         /* apply driver default configuration */
622         memcpy(&wl->conf, &default_conf, sizeof(default_conf));
623
624         /* Adjust settings according to optional module parameters */
625         if (fwlog_param) {
626                 if (!strcmp(fwlog_param, "continuous")) {
627                         wl->conf.fwlog.mode = WL12XX_FWLOG_CONTINUOUS;
628                 } else if (!strcmp(fwlog_param, "ondemand")) {
629                         wl->conf.fwlog.mode = WL12XX_FWLOG_ON_DEMAND;
630                 } else if (!strcmp(fwlog_param, "dbgpins")) {
631                         wl->conf.fwlog.mode = WL12XX_FWLOG_CONTINUOUS;
632                         wl->conf.fwlog.output = WL12XX_FWLOG_OUTPUT_DBG_PINS;
633                 } else if (!strcmp(fwlog_param, "disable")) {
634                         wl->conf.fwlog.mem_blocks = 0;
635                         wl->conf.fwlog.output = WL12XX_FWLOG_OUTPUT_NONE;
636                 } else {
637                         wl1271_error("Unknown fwlog parameter %s", fwlog_param);
638                 }
639         }
640 }
641
642 static int wl1271_plt_init(struct wl1271 *wl)
643 {
644         int ret;
645
646         if (wl->chip.id == CHIP_ID_1283_PG20)
647                 ret = wl128x_cmd_general_parms(wl);
648         else
649                 ret = wl1271_cmd_general_parms(wl);
650         if (ret < 0)
651                 return ret;
652
653         if (wl->chip.id == CHIP_ID_1283_PG20)
654                 ret = wl128x_cmd_radio_parms(wl);
655         else
656                 ret = wl1271_cmd_radio_parms(wl);
657         if (ret < 0)
658                 return ret;
659
660         if (wl->chip.id != CHIP_ID_1283_PG20) {
661                 ret = wl1271_cmd_ext_radio_parms(wl);
662                 if (ret < 0)
663                         return ret;
664         }
665         if (ret < 0)
666                 return ret;
667
668         /* Chip-specific initializations */
669         ret = wl1271_chip_specific_init(wl);
670         if (ret < 0)
671                 return ret;
672
673         ret = wl1271_acx_init_mem_config(wl);
674         if (ret < 0)
675                 return ret;
676
677         ret = wl12xx_acx_mem_cfg(wl);
678         if (ret < 0)
679                 goto out_free_memmap;
680
681         /* Enable data path */
682         ret = wl1271_cmd_data_path(wl, 1);
683         if (ret < 0)
684                 goto out_free_memmap;
685
686         /* Configure for CAM power saving (ie. always active) */
687         ret = wl1271_acx_sleep_auth(wl, WL1271_PSM_CAM);
688         if (ret < 0)
689                 goto out_free_memmap;
690
691         /* configure PM */
692         ret = wl1271_acx_pm_config(wl);
693         if (ret < 0)
694                 goto out_free_memmap;
695
696         return 0;
697
698  out_free_memmap:
699         kfree(wl->target_mem_map);
700         wl->target_mem_map = NULL;
701
702         return ret;
703 }
704
705 static void wl12xx_irq_ps_regulate_link(struct wl1271 *wl,
706                                         struct wl12xx_vif *wlvif,
707                                         u8 hlid, u8 tx_pkts)
708 {
709         bool fw_ps, single_sta;
710
711         fw_ps = test_bit(hlid, (unsigned long *)&wl->ap_fw_ps_map);
712         single_sta = (wl->active_sta_count == 1);
713
714         /*
715          * Wake up from high level PS if the STA is asleep with too little
716          * packets in FW or if the STA is awake.
717          */
718         if (!fw_ps || tx_pkts < WL1271_PS_STA_MAX_PACKETS)
719                 wl12xx_ps_link_end(wl, wlvif, hlid);
720
721         /*
722          * Start high-level PS if the STA is asleep with enough blocks in FW.
723          * Make an exception if this is the only connected station. In this
724          * case FW-memory congestion is not a problem.
725          */
726         else if (!single_sta && fw_ps && tx_pkts >= WL1271_PS_STA_MAX_PACKETS)
727                 wl12xx_ps_link_start(wl, wlvif, hlid, true);
728 }
729
730 static void wl12xx_irq_update_links_status(struct wl1271 *wl,
731                                            struct wl12xx_vif *wlvif,
732                                            struct wl12xx_fw_status *status)
733 {
734         struct wl1271_link *lnk;
735         u32 cur_fw_ps_map;
736         u8 hlid, cnt;
737
738         /* TODO: also use link_fast_bitmap here */
739
740         cur_fw_ps_map = le32_to_cpu(status->link_ps_bitmap);
741         if (wl->ap_fw_ps_map != cur_fw_ps_map) {
742                 wl1271_debug(DEBUG_PSM,
743                              "link ps prev 0x%x cur 0x%x changed 0x%x",
744                              wl->ap_fw_ps_map, cur_fw_ps_map,
745                              wl->ap_fw_ps_map ^ cur_fw_ps_map);
746
747                 wl->ap_fw_ps_map = cur_fw_ps_map;
748         }
749
750         for_each_set_bit(hlid, wlvif->ap.sta_hlid_map, WL12XX_MAX_LINKS) {
751                 lnk = &wl->links[hlid];
752                 cnt = status->tx_lnk_free_pkts[hlid] - lnk->prev_freed_pkts;
753
754                 lnk->prev_freed_pkts = status->tx_lnk_free_pkts[hlid];
755                 lnk->allocated_pkts -= cnt;
756
757                 wl12xx_irq_ps_regulate_link(wl, wlvif, hlid,
758                                             lnk->allocated_pkts);
759         }
760 }
761
762 static void wl12xx_fw_status(struct wl1271 *wl,
763                              struct wl12xx_fw_status *status)
764 {
765         struct wl12xx_vif *wlvif;
766         struct timespec ts;
767         u32 old_tx_blk_count = wl->tx_blocks_available;
768         int avail, freed_blocks;
769         int i;
770
771         wl1271_raw_read(wl, FW_STATUS_ADDR, status, sizeof(*status), false);
772
773         wl1271_debug(DEBUG_IRQ, "intr: 0x%x (fw_rx_counter = %d, "
774                      "drv_rx_counter = %d, tx_results_counter = %d)",
775                      status->intr,
776                      status->fw_rx_counter,
777                      status->drv_rx_counter,
778                      status->tx_results_counter);
779
780         for (i = 0; i < NUM_TX_QUEUES; i++) {
781                 /* prevent wrap-around in freed-packets counter */
782                 wl->tx_allocated_pkts[i] -=
783                                 (status->tx_released_pkts[i] -
784                                 wl->tx_pkts_freed[i]) & 0xff;
785
786                 wl->tx_pkts_freed[i] = status->tx_released_pkts[i];
787         }
788
789         /* prevent wrap-around in total blocks counter */
790         if (likely(wl->tx_blocks_freed <=
791                    le32_to_cpu(status->total_released_blks)))
792                 freed_blocks = le32_to_cpu(status->total_released_blks) -
793                                wl->tx_blocks_freed;
794         else
795                 freed_blocks = 0x100000000LL - wl->tx_blocks_freed +
796                                le32_to_cpu(status->total_released_blks);
797
798         wl->tx_blocks_freed = le32_to_cpu(status->total_released_blks);
799
800         wl->tx_allocated_blocks -= freed_blocks;
801
802         avail = le32_to_cpu(status->tx_total) - wl->tx_allocated_blocks;
803
804         /*
805          * The FW might change the total number of TX memblocks before
806          * we get a notification about blocks being released. Thus, the
807          * available blocks calculation might yield a temporary result
808          * which is lower than the actual available blocks. Keeping in
809          * mind that only blocks that were allocated can be moved from
810          * TX to RX, tx_blocks_available should never decrease here.
811          */
812         wl->tx_blocks_available = max((int)wl->tx_blocks_available,
813                                       avail);
814
815         /* if more blocks are available now, tx work can be scheduled */
816         if (wl->tx_blocks_available > old_tx_blk_count)
817                 clear_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags);
818
819         /* for AP update num of allocated TX blocks per link and ps status */
820         wl12xx_for_each_wlvif_ap(wl, wlvif) {
821                 wl12xx_irq_update_links_status(wl, wlvif, status);
822         }
823
824         /* update the host-chipset time offset */
825         getnstimeofday(&ts);
826         wl->time_offset = (timespec_to_ns(&ts) >> 10) -
827                 (s64)le32_to_cpu(status->fw_localtime);
828 }
829
830 static void wl1271_flush_deferred_work(struct wl1271 *wl)
831 {
832         struct sk_buff *skb;
833
834         /* Pass all received frames to the network stack */
835         while ((skb = skb_dequeue(&wl->deferred_rx_queue)))
836                 ieee80211_rx_ni(wl->hw, skb);
837
838         /* Return sent skbs to the network stack */
839         while ((skb = skb_dequeue(&wl->deferred_tx_queue)))
840                 ieee80211_tx_status_ni(wl->hw, skb);
841 }
842
843 static void wl1271_netstack_work(struct work_struct *work)
844 {
845         struct wl1271 *wl =
846                 container_of(work, struct wl1271, netstack_work);
847
848         do {
849                 wl1271_flush_deferred_work(wl);
850         } while (skb_queue_len(&wl->deferred_rx_queue));
851 }
852
853 #define WL1271_IRQ_MAX_LOOPS 256
854
855 static irqreturn_t wl1271_irq(int irq, void *cookie)
856 {
857         int ret;
858         u32 intr;
859         int loopcount = WL1271_IRQ_MAX_LOOPS;
860         struct wl1271 *wl = (struct wl1271 *)cookie;
861         bool done = false;
862         unsigned int defer_count;
863         unsigned long flags;
864
865         /* TX might be handled here, avoid redundant work */
866         set_bit(WL1271_FLAG_TX_PENDING, &wl->flags);
867         cancel_work_sync(&wl->tx_work);
868
869         /*
870          * In case edge triggered interrupt must be used, we cannot iterate
871          * more than once without introducing race conditions with the hardirq.
872          */
873         if (wl->platform_quirks & WL12XX_PLATFORM_QUIRK_EDGE_IRQ)
874                 loopcount = 1;
875
876         mutex_lock(&wl->mutex);
877
878         wl1271_debug(DEBUG_IRQ, "IRQ work");
879
880         if (unlikely(wl->state == WL1271_STATE_OFF))
881                 goto out;
882
883         ret = wl1271_ps_elp_wakeup(wl);
884         if (ret < 0)
885                 goto out;
886
887         while (!done && loopcount--) {
888                 /*
889                  * In order to avoid a race with the hardirq, clear the flag
890                  * before acknowledging the chip. Since the mutex is held,
891                  * wl1271_ps_elp_wakeup cannot be called concurrently.
892                  */
893                 clear_bit(WL1271_FLAG_IRQ_RUNNING, &wl->flags);
894                 smp_mb__after_clear_bit();
895
896                 wl12xx_fw_status(wl, wl->fw_status);
897                 intr = le32_to_cpu(wl->fw_status->intr);
898                 intr &= WL1271_INTR_MASK;
899                 if (!intr) {
900                         done = true;
901                         continue;
902                 }
903
904                 if (unlikely(intr & WL1271_ACX_INTR_WATCHDOG)) {
905                         wl1271_error("watchdog interrupt received! "
906                                      "starting recovery.");
907                         wl12xx_queue_recovery_work(wl);
908
909                         /* restarting the chip. ignore any other interrupt. */
910                         goto out;
911                 }
912
913                 if (likely(intr & WL1271_ACX_INTR_DATA)) {
914                         wl1271_debug(DEBUG_IRQ, "WL1271_ACX_INTR_DATA");
915
916                         wl12xx_rx(wl, wl->fw_status);
917
918                         /* Check if any tx blocks were freed */
919                         spin_lock_irqsave(&wl->wl_lock, flags);
920                         if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags) &&
921                             wl1271_tx_total_queue_count(wl) > 0) {
922                                 spin_unlock_irqrestore(&wl->wl_lock, flags);
923                                 /*
924                                  * In order to avoid starvation of the TX path,
925                                  * call the work function directly.
926                                  */
927                                 wl1271_tx_work_locked(wl);
928                         } else {
929                                 spin_unlock_irqrestore(&wl->wl_lock, flags);
930                         }
931
932                         /* check for tx results */
933                         if (wl->fw_status->tx_results_counter !=
934                             (wl->tx_results_count & 0xff))
935                                 wl1271_tx_complete(wl);
936
937                         /* Make sure the deferred queues don't get too long */
938                         defer_count = skb_queue_len(&wl->deferred_tx_queue) +
939                                       skb_queue_len(&wl->deferred_rx_queue);
940                         if (defer_count > WL1271_DEFERRED_QUEUE_LIMIT)
941                                 wl1271_flush_deferred_work(wl);
942                 }
943
944                 if (intr & WL1271_ACX_INTR_EVENT_A) {
945                         wl1271_debug(DEBUG_IRQ, "WL1271_ACX_INTR_EVENT_A");
946                         wl1271_event_handle(wl, 0);
947                 }
948
949                 if (intr & WL1271_ACX_INTR_EVENT_B) {
950                         wl1271_debug(DEBUG_IRQ, "WL1271_ACX_INTR_EVENT_B");
951                         wl1271_event_handle(wl, 1);
952                 }
953
954                 if (intr & WL1271_ACX_INTR_INIT_COMPLETE)
955                         wl1271_debug(DEBUG_IRQ,
956                                      "WL1271_ACX_INTR_INIT_COMPLETE");
957
958                 if (intr & WL1271_ACX_INTR_HW_AVAILABLE)
959                         wl1271_debug(DEBUG_IRQ, "WL1271_ACX_INTR_HW_AVAILABLE");
960         }
961
962         wl1271_ps_elp_sleep(wl);
963
964 out:
965         spin_lock_irqsave(&wl->wl_lock, flags);
966         /* In case TX was not handled here, queue TX work */
967         clear_bit(WL1271_FLAG_TX_PENDING, &wl->flags);
968         if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags) &&
969             wl1271_tx_total_queue_count(wl) > 0)
970                 ieee80211_queue_work(wl->hw, &wl->tx_work);
971         spin_unlock_irqrestore(&wl->wl_lock, flags);
972
973         mutex_unlock(&wl->mutex);
974
975         return IRQ_HANDLED;
976 }
977
978 static int wl1271_fetch_firmware(struct wl1271 *wl)
979 {
980         const struct firmware *fw;
981         const char *fw_name;
982         int ret;
983
984         if (wl->chip.id == CHIP_ID_1283_PG20)
985                 fw_name = WL128X_FW_NAME;
986         else
987                 fw_name = WL127X_FW_NAME;
988
989         wl1271_debug(DEBUG_BOOT, "booting firmware %s", fw_name);
990
991         ret = request_firmware(&fw, fw_name, wl->dev);
992
993         if (ret < 0) {
994                 wl1271_error("could not get firmware %s: %d", fw_name, ret);
995                 return ret;
996         }
997
998         if (fw->size % 4) {
999                 wl1271_error("firmware size is not multiple of 32 bits: %zu",
1000                              fw->size);
1001                 ret = -EILSEQ;
1002                 goto out;
1003         }
1004
1005         vfree(wl->fw);
1006         wl->fw_len = fw->size;
1007         wl->fw = vmalloc(wl->fw_len);
1008
1009         if (!wl->fw) {
1010                 wl1271_error("could not allocate memory for the firmware");
1011                 ret = -ENOMEM;
1012                 goto out;
1013         }
1014
1015         memcpy(wl->fw, fw->data, wl->fw_len);
1016         ret = 0;
1017
1018 out:
1019         release_firmware(fw);
1020
1021         return ret;
1022 }
1023
1024 static int wl1271_fetch_nvs(struct wl1271 *wl)
1025 {
1026         const struct firmware *fw;
1027         int ret;
1028
1029         ret = request_firmware(&fw, WL12XX_NVS_NAME, wl->dev);
1030
1031         if (ret < 0) {
1032                 wl1271_error("could not get nvs file %s: %d", WL12XX_NVS_NAME,
1033                              ret);
1034                 return ret;
1035         }
1036
1037         wl->nvs = kmemdup(fw->data, fw->size, GFP_KERNEL);
1038
1039         if (!wl->nvs) {
1040                 wl1271_error("could not allocate memory for the nvs file");
1041                 ret = -ENOMEM;
1042                 goto out;
1043         }
1044
1045         wl->nvs_len = fw->size;
1046
1047 out:
1048         release_firmware(fw);
1049
1050         return ret;
1051 }
1052
1053 void wl12xx_queue_recovery_work(struct wl1271 *wl)
1054 {
1055         if (!test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags))
1056                 ieee80211_queue_work(wl->hw, &wl->recovery_work);
1057 }
1058
1059 size_t wl12xx_copy_fwlog(struct wl1271 *wl, u8 *memblock, size_t maxlen)
1060 {
1061         size_t len = 0;
1062
1063         /* The FW log is a length-value list, find where the log end */
1064         while (len < maxlen) {
1065                 if (memblock[len] == 0)
1066                         break;
1067                 if (len + memblock[len] + 1 > maxlen)
1068                         break;
1069                 len += memblock[len] + 1;
1070         }
1071
1072         /* Make sure we have enough room */
1073         len = min(len, (size_t)(PAGE_SIZE - wl->fwlog_size));
1074
1075         /* Fill the FW log file, consumed by the sysfs fwlog entry */
1076         memcpy(wl->fwlog + wl->fwlog_size, memblock, len);
1077         wl->fwlog_size += len;
1078
1079         return len;
1080 }
1081
1082 static void wl12xx_read_fwlog_panic(struct wl1271 *wl)
1083 {
1084         u32 addr;
1085         u32 first_addr;
1086         u8 *block;
1087
1088         if ((wl->quirks & WL12XX_QUIRK_FWLOG_NOT_IMPLEMENTED) ||
1089             (wl->conf.fwlog.mode != WL12XX_FWLOG_ON_DEMAND) ||
1090             (wl->conf.fwlog.mem_blocks == 0))
1091                 return;
1092
1093         wl1271_info("Reading FW panic log");
1094
1095         block = kmalloc(WL12XX_HW_BLOCK_SIZE, GFP_KERNEL);
1096         if (!block)
1097                 return;
1098
1099         /*
1100          * Make sure the chip is awake and the logger isn't active.
1101          * This might fail if the firmware hanged.
1102          */
1103         if (!wl1271_ps_elp_wakeup(wl))
1104                 wl12xx_cmd_stop_fwlog(wl);
1105
1106         /* Read the first memory block address */
1107         wl12xx_fw_status(wl, wl->fw_status);
1108         first_addr = le32_to_cpu(wl->fw_status->log_start_addr);
1109         if (!first_addr)
1110                 goto out;
1111
1112         /* Traverse the memory blocks linked list */
1113         addr = first_addr;
1114         do {
1115                 memset(block, 0, WL12XX_HW_BLOCK_SIZE);
1116                 wl1271_read_hwaddr(wl, addr, block, WL12XX_HW_BLOCK_SIZE,
1117                                    false);
1118
1119                 /*
1120                  * Memory blocks are linked to one another. The first 4 bytes
1121                  * of each memory block hold the hardware address of the next
1122                  * one. The last memory block points to the first one.
1123                  */
1124                 addr = le32_to_cpup((__le32 *)block);
1125                 if (!wl12xx_copy_fwlog(wl, block + sizeof(addr),
1126                                        WL12XX_HW_BLOCK_SIZE - sizeof(addr)))
1127                         break;
1128         } while (addr && (addr != first_addr));
1129
1130         wake_up_interruptible(&wl->fwlog_waitq);
1131
1132 out:
1133         kfree(block);
1134 }
1135
1136 static void wl1271_recovery_work(struct work_struct *work)
1137 {
1138         struct wl1271 *wl =
1139                 container_of(work, struct wl1271, recovery_work);
1140         struct wl12xx_vif *wlvif;
1141         struct ieee80211_vif *vif;
1142
1143         mutex_lock(&wl->mutex);
1144
1145         if (wl->state != WL1271_STATE_ON)
1146                 goto out_unlock;
1147
1148         /* Avoid a recursive recovery */
1149         set_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags);
1150
1151         wl12xx_read_fwlog_panic(wl);
1152
1153         wl1271_info("Hardware recovery in progress. FW ver: %s pc: 0x%x",
1154                     wl->chip.fw_ver_str, wl1271_read32(wl, SCR_PAD4));
1155
1156         BUG_ON(bug_on_recovery);
1157
1158         /*
1159          * Advance security sequence number to overcome potential progress
1160          * in the firmware during recovery. This doens't hurt if the network is
1161          * not encrypted.
1162          */
1163         wl12xx_for_each_wlvif(wl, wlvif) {
1164                 if (test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags) ||
1165                     test_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags))
1166                         wlvif->tx_security_seq +=
1167                                 WL1271_TX_SQN_POST_RECOVERY_PADDING;
1168         }
1169
1170         /* Prevent spurious TX during FW restart */
1171         ieee80211_stop_queues(wl->hw);
1172
1173         if (wl->sched_scanning) {
1174                 ieee80211_sched_scan_stopped(wl->hw);
1175                 wl->sched_scanning = false;
1176         }
1177
1178         /* reboot the chipset */
1179         while (!list_empty(&wl->wlvif_list)) {
1180                 wlvif = list_first_entry(&wl->wlvif_list,
1181                                        struct wl12xx_vif, list);
1182                 vif = wl12xx_wlvif_to_vif(wlvif);
1183                 __wl1271_op_remove_interface(wl, vif, false);
1184         }
1185         mutex_unlock(&wl->mutex);
1186         wl1271_op_stop(wl->hw);
1187
1188         clear_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags);
1189
1190         ieee80211_restart_hw(wl->hw);
1191
1192         /*
1193          * Its safe to enable TX now - the queues are stopped after a request
1194          * to restart the HW.
1195          */
1196         ieee80211_wake_queues(wl->hw);
1197         return;
1198 out_unlock:
1199         mutex_unlock(&wl->mutex);
1200 }
1201
1202 static void wl1271_fw_wakeup(struct wl1271 *wl)
1203 {
1204         u32 elp_reg;
1205
1206         elp_reg = ELPCTRL_WAKE_UP;
1207         wl1271_raw_write32(wl, HW_ACCESS_ELP_CTRL_REG_ADDR, elp_reg);
1208 }
1209
1210 static int wl1271_setup(struct wl1271 *wl)
1211 {
1212         wl->fw_status = kmalloc(sizeof(*wl->fw_status), GFP_KERNEL);
1213         if (!wl->fw_status)
1214                 return -ENOMEM;
1215
1216         wl->tx_res_if = kmalloc(sizeof(*wl->tx_res_if), GFP_KERNEL);
1217         if (!wl->tx_res_if) {
1218                 kfree(wl->fw_status);
1219                 return -ENOMEM;
1220         }
1221
1222         return 0;
1223 }
1224
1225 static int wl1271_chip_wakeup(struct wl1271 *wl)
1226 {
1227         struct wl1271_partition_set partition;
1228         int ret = 0;
1229
1230         msleep(WL1271_PRE_POWER_ON_SLEEP);
1231         ret = wl1271_power_on(wl);
1232         if (ret < 0)
1233                 goto out;
1234         msleep(WL1271_POWER_ON_SLEEP);
1235         wl1271_io_reset(wl);
1236         wl1271_io_init(wl);
1237
1238         /* We don't need a real memory partition here, because we only want
1239          * to use the registers at this point. */
1240         memset(&partition, 0, sizeof(partition));
1241         partition.reg.start = REGISTERS_BASE;
1242         partition.reg.size = REGISTERS_DOWN_SIZE;
1243         wl1271_set_partition(wl, &partition);
1244
1245         /* ELP module wake up */
1246         wl1271_fw_wakeup(wl);
1247
1248         /* whal_FwCtrl_BootSm() */
1249
1250         /* 0. read chip id from CHIP_ID */
1251         wl->chip.id = wl1271_read32(wl, CHIP_ID_B);
1252
1253         /*
1254          * For wl127x based devices we could use the default block
1255          * size (512 bytes), but due to a bug in the sdio driver, we
1256          * need to set it explicitly after the chip is powered on.  To
1257          * simplify the code and since the performance impact is
1258          * negligible, we use the same block size for all different
1259          * chip types.
1260          */
1261         if (!wl1271_set_block_size(wl))
1262                 wl->quirks |= WL12XX_QUIRK_NO_BLOCKSIZE_ALIGNMENT;
1263
1264         switch (wl->chip.id) {
1265         case CHIP_ID_1271_PG10:
1266                 wl1271_warning("chip id 0x%x (1271 PG10) support is obsolete",
1267                                wl->chip.id);
1268
1269                 ret = wl1271_setup(wl);
1270                 if (ret < 0)
1271                         goto out;
1272                 wl->quirks |= WL12XX_QUIRK_NO_BLOCKSIZE_ALIGNMENT;
1273                 break;
1274
1275         case CHIP_ID_1271_PG20:
1276                 wl1271_debug(DEBUG_BOOT, "chip id 0x%x (1271 PG20)",
1277                              wl->chip.id);
1278
1279                 ret = wl1271_setup(wl);
1280                 if (ret < 0)
1281                         goto out;
1282                 wl->quirks |= WL12XX_QUIRK_NO_BLOCKSIZE_ALIGNMENT;
1283                 break;
1284
1285         case CHIP_ID_1283_PG20:
1286                 wl1271_debug(DEBUG_BOOT, "chip id 0x%x (1283 PG20)",
1287                              wl->chip.id);
1288
1289                 ret = wl1271_setup(wl);
1290                 if (ret < 0)
1291                         goto out;
1292                 break;
1293         case CHIP_ID_1283_PG10:
1294         default:
1295                 wl1271_warning("unsupported chip id: 0x%x", wl->chip.id);
1296                 ret = -ENODEV;
1297                 goto out;
1298         }
1299
1300         if (wl->fw == NULL) {
1301                 ret = wl1271_fetch_firmware(wl);
1302                 if (ret < 0)
1303                         goto out;
1304         }
1305
1306         /* No NVS from netlink, try to get it from the filesystem */
1307         if (wl->nvs == NULL) {
1308                 ret = wl1271_fetch_nvs(wl);
1309                 if (ret < 0)
1310                         goto out;
1311         }
1312
1313 out:
1314         return ret;
1315 }
1316
1317 int wl1271_plt_start(struct wl1271 *wl)
1318 {
1319         int retries = WL1271_BOOT_RETRIES;
1320         struct wiphy *wiphy = wl->hw->wiphy;
1321         int ret;
1322
1323         mutex_lock(&wl->mutex);
1324
1325         wl1271_notice("power up");
1326
1327         if (wl->state != WL1271_STATE_OFF) {
1328                 wl1271_error("cannot go into PLT state because not "
1329                              "in off state: %d", wl->state);
1330                 ret = -EBUSY;
1331                 goto out;
1332         }
1333
1334         while (retries) {
1335                 retries--;
1336                 ret = wl1271_chip_wakeup(wl);
1337                 if (ret < 0)
1338                         goto power_off;
1339
1340                 ret = wl1271_boot(wl);
1341                 if (ret < 0)
1342                         goto power_off;
1343
1344                 ret = wl1271_plt_init(wl);
1345                 if (ret < 0)
1346                         goto irq_disable;
1347
1348                 wl->state = WL1271_STATE_PLT;
1349                 wl1271_notice("firmware booted in PLT mode (%s)",
1350                               wl->chip.fw_ver_str);
1351
1352                 /* update hw/fw version info in wiphy struct */
1353                 wiphy->hw_version = wl->chip.id;
1354                 strncpy(wiphy->fw_version, wl->chip.fw_ver_str,
1355                         sizeof(wiphy->fw_version));
1356
1357                 goto out;
1358
1359 irq_disable:
1360                 mutex_unlock(&wl->mutex);
1361                 /* Unlocking the mutex in the middle of handling is
1362                    inherently unsafe. In this case we deem it safe to do,
1363                    because we need to let any possibly pending IRQ out of
1364                    the system (and while we are WL1271_STATE_OFF the IRQ
1365                    work function will not do anything.) Also, any other
1366                    possible concurrent operations will fail due to the
1367                    current state, hence the wl1271 struct should be safe. */
1368                 wl1271_disable_interrupts(wl);
1369                 wl1271_flush_deferred_work(wl);
1370                 cancel_work_sync(&wl->netstack_work);
1371                 mutex_lock(&wl->mutex);
1372 power_off:
1373                 wl1271_power_off(wl);
1374         }
1375
1376         wl1271_error("firmware boot in PLT mode failed despite %d retries",
1377                      WL1271_BOOT_RETRIES);
1378 out:
1379         mutex_unlock(&wl->mutex);
1380
1381         return ret;
1382 }
1383
1384 static int __wl1271_plt_stop(struct wl1271 *wl)
1385 {
1386         int ret = 0;
1387
1388         wl1271_notice("power down");
1389
1390         if (wl->state != WL1271_STATE_PLT) {
1391                 wl1271_error("cannot power down because not in PLT "
1392                              "state: %d", wl->state);
1393                 ret = -EBUSY;
1394                 goto out;
1395         }
1396
1397         wl1271_power_off(wl);
1398
1399         wl->state = WL1271_STATE_OFF;
1400         wl->rx_counter = 0;
1401
1402         mutex_unlock(&wl->mutex);
1403         wl1271_disable_interrupts(wl);
1404         wl1271_flush_deferred_work(wl);
1405         cancel_work_sync(&wl->netstack_work);
1406         cancel_work_sync(&wl->recovery_work);
1407         mutex_lock(&wl->mutex);
1408 out:
1409         return ret;
1410 }
1411
1412 int wl1271_plt_stop(struct wl1271 *wl)
1413 {
1414         int ret;
1415
1416         mutex_lock(&wl->mutex);
1417         ret = __wl1271_plt_stop(wl);
1418         mutex_unlock(&wl->mutex);
1419         return ret;
1420 }
1421
1422 static void wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
1423 {
1424         struct wl1271 *wl = hw->priv;
1425         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1426         struct ieee80211_vif *vif = info->control.vif;
1427         struct wl12xx_vif *wlvif = NULL;
1428         unsigned long flags;
1429         int q, mapping;
1430         u8 hlid;
1431
1432         if (vif)
1433                 wlvif = wl12xx_vif_to_data(vif);
1434
1435         mapping = skb_get_queue_mapping(skb);
1436         q = wl1271_tx_get_queue(mapping);
1437
1438         hlid = wl12xx_tx_get_hlid(wl, wlvif, skb);
1439
1440         spin_lock_irqsave(&wl->wl_lock, flags);
1441
1442         /* queue the packet */
1443         if (hlid == WL12XX_INVALID_LINK_ID ||
1444             (wlvif && !test_bit(hlid, wlvif->links_map))) {
1445                 wl1271_debug(DEBUG_TX, "DROP skb hlid %d q %d", hlid, q);
1446                 ieee80211_free_txskb(hw, skb);
1447                 goto out;
1448         }
1449
1450         wl1271_debug(DEBUG_TX, "queue skb hlid %d q %d", hlid, q);
1451         skb_queue_tail(&wl->links[hlid].tx_queue[q], skb);
1452
1453         wl->tx_queue_count[q]++;
1454
1455         /*
1456          * The workqueue is slow to process the tx_queue and we need stop
1457          * the queue here, otherwise the queue will get too long.
1458          */
1459         if (wl->tx_queue_count[q] >= WL1271_TX_QUEUE_HIGH_WATERMARK) {
1460                 wl1271_debug(DEBUG_TX, "op_tx: stopping queues for q %d", q);
1461                 ieee80211_stop_queue(wl->hw, mapping);
1462                 set_bit(q, &wl->stopped_queues_map);
1463         }
1464
1465         /*
1466          * The chip specific setup must run before the first TX packet -
1467          * before that, the tx_work will not be initialized!
1468          */
1469
1470         if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags) &&
1471             !test_bit(WL1271_FLAG_TX_PENDING, &wl->flags))
1472                 ieee80211_queue_work(wl->hw, &wl->tx_work);
1473
1474 out:
1475         spin_unlock_irqrestore(&wl->wl_lock, flags);
1476 }
1477
1478 int wl1271_tx_dummy_packet(struct wl1271 *wl)
1479 {
1480         unsigned long flags;
1481         int q;
1482
1483         /* no need to queue a new dummy packet if one is already pending */
1484         if (test_bit(WL1271_FLAG_DUMMY_PACKET_PENDING, &wl->flags))
1485                 return 0;
1486
1487         q = wl1271_tx_get_queue(skb_get_queue_mapping(wl->dummy_packet));
1488
1489         spin_lock_irqsave(&wl->wl_lock, flags);
1490         set_bit(WL1271_FLAG_DUMMY_PACKET_PENDING, &wl->flags);
1491         wl->tx_queue_count[q]++;
1492         spin_unlock_irqrestore(&wl->wl_lock, flags);
1493
1494         /* The FW is low on RX memory blocks, so send the dummy packet asap */
1495         if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags))
1496                 wl1271_tx_work_locked(wl);
1497
1498         /*
1499          * If the FW TX is busy, TX work will be scheduled by the threaded
1500          * interrupt handler function
1501          */
1502         return 0;
1503 }
1504
1505 /*
1506  * The size of the dummy packet should be at least 1400 bytes. However, in
1507  * order to minimize the number of bus transactions, aligning it to 512 bytes
1508  * boundaries could be beneficial, performance wise
1509  */
1510 #define TOTAL_TX_DUMMY_PACKET_SIZE (ALIGN(1400, 512))
1511
1512 static struct sk_buff *wl12xx_alloc_dummy_packet(struct wl1271 *wl)
1513 {
1514         struct sk_buff *skb;
1515         struct ieee80211_hdr_3addr *hdr;
1516         unsigned int dummy_packet_size;
1517
1518         dummy_packet_size = TOTAL_TX_DUMMY_PACKET_SIZE -
1519                             sizeof(struct wl1271_tx_hw_descr) - sizeof(*hdr);
1520
1521         skb = dev_alloc_skb(TOTAL_TX_DUMMY_PACKET_SIZE);
1522         if (!skb) {
1523                 wl1271_warning("Failed to allocate a dummy packet skb");
1524                 return NULL;
1525         }
1526
1527         skb_reserve(skb, sizeof(struct wl1271_tx_hw_descr));
1528
1529         hdr = (struct ieee80211_hdr_3addr *) skb_put(skb, sizeof(*hdr));
1530         memset(hdr, 0, sizeof(*hdr));
1531         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
1532                                          IEEE80211_STYPE_NULLFUNC |
1533                                          IEEE80211_FCTL_TODS);
1534
1535         memset(skb_put(skb, dummy_packet_size), 0, dummy_packet_size);
1536
1537         /* Dummy packets require the TID to be management */
1538         skb->priority = WL1271_TID_MGMT;
1539
1540         /* Initialize all fields that might be used */
1541         skb_set_queue_mapping(skb, 0);
1542         memset(IEEE80211_SKB_CB(skb), 0, sizeof(struct ieee80211_tx_info));
1543
1544         return skb;
1545 }
1546
1547
1548 static struct notifier_block wl1271_dev_notifier = {
1549         .notifier_call = wl1271_dev_notify,
1550 };
1551
1552 #ifdef CONFIG_PM
1553 static int wl1271_configure_suspend_sta(struct wl1271 *wl,
1554                                         struct wl12xx_vif *wlvif)
1555 {
1556         int ret = 0;
1557
1558         mutex_lock(&wl->mutex);
1559
1560         if (!test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags))
1561                 goto out_unlock;
1562
1563         ret = wl1271_ps_elp_wakeup(wl);
1564         if (ret < 0)
1565                 goto out_unlock;
1566
1567         /* enter psm if needed*/
1568         if (!test_bit(WLVIF_FLAG_PSM, &wlvif->flags)) {
1569                 DECLARE_COMPLETION_ONSTACK(compl);
1570
1571                 wlvif->ps_compl = &compl;
1572                 ret = wl1271_ps_set_mode(wl, wlvif, STATION_POWER_SAVE_MODE,
1573                                    wlvif->basic_rate, true);
1574                 if (ret < 0)
1575                         goto out_sleep;
1576
1577                 /* we must unlock here so we will be able to get events */
1578                 wl1271_ps_elp_sleep(wl);
1579                 mutex_unlock(&wl->mutex);
1580
1581                 ret = wait_for_completion_timeout(
1582                         &compl, msecs_to_jiffies(WL1271_PS_COMPLETE_TIMEOUT));
1583
1584                 mutex_lock(&wl->mutex);
1585                 if (ret <= 0) {
1586                         wl1271_warning("couldn't enter ps mode!");
1587                         ret = -EBUSY;
1588                         goto out_cleanup;
1589                 }
1590
1591                 ret = wl1271_ps_elp_wakeup(wl);
1592                 if (ret < 0)
1593                         goto out_cleanup;
1594         }
1595 out_sleep:
1596         wl1271_ps_elp_sleep(wl);
1597 out_cleanup:
1598         wlvif->ps_compl = NULL;
1599 out_unlock:
1600         mutex_unlock(&wl->mutex);
1601         return ret;
1602
1603 }
1604
1605 static int wl1271_configure_suspend_ap(struct wl1271 *wl,
1606                                        struct wl12xx_vif *wlvif)
1607 {
1608         int ret = 0;
1609
1610         mutex_lock(&wl->mutex);
1611
1612         if (!test_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags))
1613                 goto out_unlock;
1614
1615         ret = wl1271_ps_elp_wakeup(wl);
1616         if (ret < 0)
1617                 goto out_unlock;
1618
1619         ret = wl1271_acx_beacon_filter_opt(wl, wlvif, true);
1620
1621         wl1271_ps_elp_sleep(wl);
1622 out_unlock:
1623         mutex_unlock(&wl->mutex);
1624         return ret;
1625
1626 }
1627
1628 static int wl1271_configure_suspend(struct wl1271 *wl,
1629                                     struct wl12xx_vif *wlvif)
1630 {
1631         if (wlvif->bss_type == BSS_TYPE_STA_BSS)
1632                 return wl1271_configure_suspend_sta(wl, wlvif);
1633         if (wlvif->bss_type == BSS_TYPE_AP_BSS)
1634                 return wl1271_configure_suspend_ap(wl, wlvif);
1635         return 0;
1636 }
1637
1638 static void wl1271_configure_resume(struct wl1271 *wl,
1639                                     struct wl12xx_vif *wlvif)
1640 {
1641         int ret;
1642         bool is_sta = wlvif->bss_type == BSS_TYPE_STA_BSS;
1643         bool is_ap = wlvif->bss_type == BSS_TYPE_AP_BSS;
1644
1645         if (!is_sta && !is_ap)
1646                 return;
1647
1648         mutex_lock(&wl->mutex);
1649         ret = wl1271_ps_elp_wakeup(wl);
1650         if (ret < 0)
1651                 goto out;
1652
1653         if (is_sta) {
1654                 /* exit psm if it wasn't configured */
1655                 if (!test_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags))
1656                         wl1271_ps_set_mode(wl, wlvif, STATION_ACTIVE_MODE,
1657                                            wlvif->basic_rate, true);
1658         } else if (is_ap) {
1659                 wl1271_acx_beacon_filter_opt(wl, wlvif, false);
1660         }
1661
1662         wl1271_ps_elp_sleep(wl);
1663 out:
1664         mutex_unlock(&wl->mutex);
1665 }
1666
1667 static int wl1271_op_suspend(struct ieee80211_hw *hw,
1668                             struct cfg80211_wowlan *wow)
1669 {
1670         struct wl1271 *wl = hw->priv;
1671         struct wl12xx_vif *wlvif;
1672         int ret;
1673
1674         wl1271_debug(DEBUG_MAC80211, "mac80211 suspend wow=%d", !!wow);
1675         WARN_ON(!wow || !wow->any);
1676
1677         wl->wow_enabled = true;
1678         wl12xx_for_each_wlvif(wl, wlvif) {
1679                 ret = wl1271_configure_suspend(wl, wlvif);
1680                 if (ret < 0) {
1681                         wl1271_warning("couldn't prepare device to suspend");
1682                         return ret;
1683                 }
1684         }
1685         /* flush any remaining work */
1686         wl1271_debug(DEBUG_MAC80211, "flushing remaining works");
1687
1688         /*
1689          * disable and re-enable interrupts in order to flush
1690          * the threaded_irq
1691          */
1692         wl1271_disable_interrupts(wl);
1693
1694         /*
1695          * set suspended flag to avoid triggering a new threaded_irq
1696          * work. no need for spinlock as interrupts are disabled.
1697          */
1698         set_bit(WL1271_FLAG_SUSPENDED, &wl->flags);
1699
1700         wl1271_enable_interrupts(wl);
1701         flush_work(&wl->tx_work);
1702         wl12xx_for_each_wlvif(wl, wlvif) {
1703                 flush_delayed_work(&wlvif->pspoll_work);
1704         }
1705         flush_delayed_work(&wl->elp_work);
1706
1707         return 0;
1708 }
1709
1710 static int wl1271_op_resume(struct ieee80211_hw *hw)
1711 {
1712         struct wl1271 *wl = hw->priv;
1713         struct wl12xx_vif *wlvif;
1714         unsigned long flags;
1715         bool run_irq_work = false;
1716
1717         wl1271_debug(DEBUG_MAC80211, "mac80211 resume wow=%d",
1718                      wl->wow_enabled);
1719         WARN_ON(!wl->wow_enabled);
1720
1721         /*
1722          * re-enable irq_work enqueuing, and call irq_work directly if
1723          * there is a pending work.
1724          */
1725         spin_lock_irqsave(&wl->wl_lock, flags);
1726         clear_bit(WL1271_FLAG_SUSPENDED, &wl->flags);
1727         if (test_and_clear_bit(WL1271_FLAG_PENDING_WORK, &wl->flags))
1728                 run_irq_work = true;
1729         spin_unlock_irqrestore(&wl->wl_lock, flags);
1730
1731         if (run_irq_work) {
1732                 wl1271_debug(DEBUG_MAC80211,
1733                              "run postponed irq_work directly");
1734                 wl1271_irq(0, wl);
1735                 wl1271_enable_interrupts(wl);
1736         }
1737         wl12xx_for_each_wlvif(wl, wlvif) {
1738                 wl1271_configure_resume(wl, wlvif);
1739         }
1740         wl->wow_enabled = false;
1741
1742         return 0;
1743 }
1744 #endif
1745
1746 static int wl1271_op_start(struct ieee80211_hw *hw)
1747 {
1748         wl1271_debug(DEBUG_MAC80211, "mac80211 start");
1749
1750         /*
1751          * We have to delay the booting of the hardware because
1752          * we need to know the local MAC address before downloading and
1753          * initializing the firmware. The MAC address cannot be changed
1754          * after boot, and without the proper MAC address, the firmware
1755          * will not function properly.
1756          *
1757          * The MAC address is first known when the corresponding interface
1758          * is added. That is where we will initialize the hardware.
1759          */
1760
1761         return 0;
1762 }
1763
1764 static void wl1271_op_stop(struct ieee80211_hw *hw)
1765 {
1766         struct wl1271 *wl = hw->priv;
1767         int i;
1768
1769         wl1271_debug(DEBUG_MAC80211, "mac80211 stop");
1770
1771         mutex_lock(&wl->mutex);
1772         if (wl->state == WL1271_STATE_OFF) {
1773                 mutex_unlock(&wl->mutex);
1774                 return;
1775         }
1776         /*
1777          * this must be before the cancel_work calls below, so that the work
1778          * functions don't perform further work.
1779          */
1780         wl->state = WL1271_STATE_OFF;
1781         mutex_unlock(&wl->mutex);
1782
1783         mutex_lock(&wl_list_mutex);
1784         list_del(&wl->list);
1785         mutex_unlock(&wl_list_mutex);
1786
1787         wl1271_disable_interrupts(wl);
1788         wl1271_flush_deferred_work(wl);
1789         cancel_delayed_work_sync(&wl->scan_complete_work);
1790         cancel_work_sync(&wl->netstack_work);
1791         cancel_work_sync(&wl->tx_work);
1792         cancel_delayed_work_sync(&wl->elp_work);
1793
1794         /* let's notify MAC80211 about the remaining pending TX frames */
1795         wl12xx_tx_reset(wl, true);
1796         mutex_lock(&wl->mutex);
1797
1798         wl1271_power_off(wl);
1799
1800         wl->band = IEEE80211_BAND_2GHZ;
1801
1802         wl->rx_counter = 0;
1803         wl->power_level = WL1271_DEFAULT_POWER_LEVEL;
1804         wl->tx_blocks_available = 0;
1805         wl->tx_allocated_blocks = 0;
1806         wl->tx_results_count = 0;
1807         wl->tx_packets_count = 0;
1808         wl->time_offset = 0;
1809         wl->tx_spare_blocks = TX_HW_BLOCK_SPARE_DEFAULT;
1810         wl->ap_fw_ps_map = 0;
1811         wl->ap_ps_map = 0;
1812         wl->sched_scanning = false;
1813         memset(wl->roles_map, 0, sizeof(wl->roles_map));
1814         memset(wl->links_map, 0, sizeof(wl->links_map));
1815         memset(wl->roc_map, 0, sizeof(wl->roc_map));
1816         wl->active_sta_count = 0;
1817
1818         /* The system link is always allocated */
1819         __set_bit(WL12XX_SYSTEM_HLID, wl->links_map);
1820
1821         /*
1822          * this is performed after the cancel_work calls and the associated
1823          * mutex_lock, so that wl1271_op_add_interface does not accidentally
1824          * get executed before all these vars have been reset.
1825          */
1826         wl->flags = 0;
1827
1828         wl->tx_blocks_freed = 0;
1829
1830         for (i = 0; i < NUM_TX_QUEUES; i++) {
1831                 wl->tx_pkts_freed[i] = 0;
1832                 wl->tx_allocated_pkts[i] = 0;
1833         }
1834
1835         wl1271_debugfs_reset(wl);
1836
1837         kfree(wl->fw_status);
1838         wl->fw_status = NULL;
1839         kfree(wl->tx_res_if);
1840         wl->tx_res_if = NULL;
1841         kfree(wl->target_mem_map);
1842         wl->target_mem_map = NULL;
1843
1844         mutex_unlock(&wl->mutex);
1845 }
1846
1847 static int wl12xx_allocate_rate_policy(struct wl1271 *wl, u8 *idx)
1848 {
1849         u8 policy = find_first_zero_bit(wl->rate_policies_map,
1850                                         WL12XX_MAX_RATE_POLICIES);
1851         if (policy >= WL12XX_MAX_RATE_POLICIES)
1852                 return -EBUSY;
1853
1854         __set_bit(policy, wl->rate_policies_map);
1855         *idx = policy;
1856         return 0;
1857 }
1858
1859 static void wl12xx_free_rate_policy(struct wl1271 *wl, u8 *idx)
1860 {
1861         if (WARN_ON(*idx >= WL12XX_MAX_RATE_POLICIES))
1862                 return;
1863
1864         __clear_bit(*idx, wl->rate_policies_map);
1865         *idx = WL12XX_MAX_RATE_POLICIES;
1866 }
1867
1868 static u8 wl12xx_get_role_type(struct wl1271 *wl, struct wl12xx_vif *wlvif)
1869 {
1870         switch (wlvif->bss_type) {
1871         case BSS_TYPE_AP_BSS:
1872                 if (wlvif->p2p)
1873                         return WL1271_ROLE_P2P_GO;
1874                 else
1875                         return WL1271_ROLE_AP;
1876
1877         case BSS_TYPE_STA_BSS:
1878                 if (wlvif->p2p)
1879                         return WL1271_ROLE_P2P_CL;
1880                 else
1881                         return WL1271_ROLE_STA;
1882
1883         case BSS_TYPE_IBSS:
1884                 return WL1271_ROLE_IBSS;
1885
1886         default:
1887                 wl1271_error("invalid bss_type: %d", wlvif->bss_type);
1888         }
1889         return WL12XX_INVALID_ROLE_TYPE;
1890 }
1891
1892 static int wl12xx_init_vif_data(struct wl1271 *wl, struct ieee80211_vif *vif)
1893 {
1894         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
1895         int i;
1896
1897         /* clear everything but the persistent data */
1898         memset(wlvif, 0, offsetof(struct wl12xx_vif, persistent));
1899
1900         switch (ieee80211_vif_type_p2p(vif)) {
1901         case NL80211_IFTYPE_P2P_CLIENT:
1902                 wlvif->p2p = 1;
1903                 /* fall-through */
1904         case NL80211_IFTYPE_STATION:
1905                 wlvif->bss_type = BSS_TYPE_STA_BSS;
1906                 break;
1907         case NL80211_IFTYPE_ADHOC:
1908                 wlvif->bss_type = BSS_TYPE_IBSS;
1909                 break;
1910         case NL80211_IFTYPE_P2P_GO:
1911                 wlvif->p2p = 1;
1912                 /* fall-through */
1913         case NL80211_IFTYPE_AP:
1914                 wlvif->bss_type = BSS_TYPE_AP_BSS;
1915                 break;
1916         default:
1917                 wlvif->bss_type = MAX_BSS_TYPE;
1918                 return -EOPNOTSUPP;
1919         }
1920
1921         wlvif->role_id = WL12XX_INVALID_ROLE_ID;
1922         wlvif->dev_role_id = WL12XX_INVALID_ROLE_ID;
1923         wlvif->dev_hlid = WL12XX_INVALID_LINK_ID;
1924
1925         if (wlvif->bss_type == BSS_TYPE_STA_BSS ||
1926             wlvif->bss_type == BSS_TYPE_IBSS) {
1927                 /* init sta/ibss data */
1928                 wlvif->sta.hlid = WL12XX_INVALID_LINK_ID;
1929                 wl12xx_allocate_rate_policy(wl, &wlvif->sta.basic_rate_idx);
1930                 wl12xx_allocate_rate_policy(wl, &wlvif->sta.ap_rate_idx);
1931                 wl12xx_allocate_rate_policy(wl, &wlvif->sta.p2p_rate_idx);
1932         } else {
1933                 /* init ap data */
1934                 wlvif->ap.bcast_hlid = WL12XX_INVALID_LINK_ID;
1935                 wlvif->ap.global_hlid = WL12XX_INVALID_LINK_ID;
1936                 wl12xx_allocate_rate_policy(wl, &wlvif->ap.mgmt_rate_idx);
1937                 wl12xx_allocate_rate_policy(wl, &wlvif->ap.bcast_rate_idx);
1938                 for (i = 0; i < CONF_TX_MAX_AC_COUNT; i++)
1939                         wl12xx_allocate_rate_policy(wl,
1940                                                 &wlvif->ap.ucast_rate_idx[i]);
1941         }
1942
1943         wlvif->bitrate_masks[IEEE80211_BAND_2GHZ] = wl->conf.tx.basic_rate;
1944         wlvif->bitrate_masks[IEEE80211_BAND_5GHZ] = wl->conf.tx.basic_rate_5;
1945         wlvif->basic_rate_set = CONF_TX_RATE_MASK_BASIC;
1946         wlvif->basic_rate = CONF_TX_RATE_MASK_BASIC;
1947         wlvif->rate_set = CONF_TX_RATE_MASK_BASIC;
1948         wlvif->beacon_int = WL1271_DEFAULT_BEACON_INT;
1949
1950         /*
1951          * mac80211 configures some values globally, while we treat them
1952          * per-interface. thus, on init, we have to copy them from wl
1953          */
1954         wlvif->band = wl->band;
1955         wlvif->channel = wl->channel;
1956         wlvif->power_level = wl->power_level;
1957
1958         INIT_WORK(&wlvif->rx_streaming_enable_work,
1959                   wl1271_rx_streaming_enable_work);
1960         INIT_WORK(&wlvif->rx_streaming_disable_work,
1961                   wl1271_rx_streaming_disable_work);
1962         INIT_DELAYED_WORK(&wlvif->pspoll_work, wl1271_pspoll_work);
1963         INIT_LIST_HEAD(&wlvif->list);
1964
1965         setup_timer(&wlvif->rx_streaming_timer, wl1271_rx_streaming_timer,
1966                     (unsigned long) wlvif);
1967         return 0;
1968 }
1969
1970 static bool wl12xx_init_fw(struct wl1271 *wl)
1971 {
1972         int retries = WL1271_BOOT_RETRIES;
1973         bool booted = false;
1974         struct wiphy *wiphy = wl->hw->wiphy;
1975         int ret;
1976
1977         while (retries) {
1978                 retries--;
1979                 ret = wl1271_chip_wakeup(wl);
1980                 if (ret < 0)
1981                         goto power_off;
1982
1983                 ret = wl1271_boot(wl);
1984                 if (ret < 0)
1985                         goto power_off;
1986
1987                 ret = wl1271_hw_init(wl);
1988                 if (ret < 0)
1989                         goto irq_disable;
1990
1991                 booted = true;
1992                 break;
1993
1994 irq_disable:
1995                 mutex_unlock(&wl->mutex);
1996                 /* Unlocking the mutex in the middle of handling is
1997                    inherently unsafe. In this case we deem it safe to do,
1998                    because we need to let any possibly pending IRQ out of
1999                    the system (and while we are WL1271_STATE_OFF the IRQ
2000                    work function will not do anything.) Also, any other
2001                    possible concurrent operations will fail due to the
2002                    current state, hence the wl1271 struct should be safe. */
2003                 wl1271_disable_interrupts(wl);
2004                 wl1271_flush_deferred_work(wl);
2005                 cancel_work_sync(&wl->netstack_work);
2006                 mutex_lock(&wl->mutex);
2007 power_off:
2008                 wl1271_power_off(wl);
2009         }
2010
2011         if (!booted) {
2012                 wl1271_error("firmware boot failed despite %d retries",
2013                              WL1271_BOOT_RETRIES);
2014                 goto out;
2015         }
2016
2017         wl1271_info("firmware booted (%s)", wl->chip.fw_ver_str);
2018
2019         /* update hw/fw version info in wiphy struct */
2020         wiphy->hw_version = wl->chip.id;
2021         strncpy(wiphy->fw_version, wl->chip.fw_ver_str,
2022                 sizeof(wiphy->fw_version));
2023
2024         /*
2025          * Now we know if 11a is supported (info from the NVS), so disable
2026          * 11a channels if not supported
2027          */
2028         if (!wl->enable_11a)
2029                 wiphy->bands[IEEE80211_BAND_5GHZ]->n_channels = 0;
2030
2031         wl1271_debug(DEBUG_MAC80211, "11a is %ssupported",
2032                      wl->enable_11a ? "" : "not ");
2033
2034         wl->state = WL1271_STATE_ON;
2035 out:
2036         return booted;
2037 }
2038
2039 static int wl1271_op_add_interface(struct ieee80211_hw *hw,
2040                                    struct ieee80211_vif *vif)
2041 {
2042         struct wl1271 *wl = hw->priv;
2043         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
2044         int ret = 0;
2045         u8 role_type;
2046         bool booted = false;
2047
2048         wl1271_debug(DEBUG_MAC80211, "mac80211 add interface type %d mac %pM",
2049                      ieee80211_vif_type_p2p(vif), vif->addr);
2050
2051         mutex_lock(&wl->mutex);
2052         ret = wl1271_ps_elp_wakeup(wl);
2053         if (ret < 0)
2054                 goto out_unlock;
2055
2056         if (wl->vif) {
2057                 wl1271_debug(DEBUG_MAC80211,
2058                              "multiple vifs are not supported yet");
2059                 ret = -EBUSY;
2060                 goto out;
2061         }
2062
2063         /*
2064          * in some very corner case HW recovery scenarios its possible to
2065          * get here before __wl1271_op_remove_interface is complete, so
2066          * opt out if that is the case.
2067          */
2068         if (test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags) ||
2069             test_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags)) {
2070                 ret = -EBUSY;
2071                 goto out;
2072         }
2073
2074         ret = wl12xx_init_vif_data(wl, vif);
2075         if (ret < 0)
2076                 goto out;
2077
2078         wlvif->wl = wl;
2079         role_type = wl12xx_get_role_type(wl, wlvif);
2080         if (role_type == WL12XX_INVALID_ROLE_TYPE) {
2081                 ret = -EINVAL;
2082                 goto out;
2083         }
2084
2085         /*
2086          * TODO: after the nvs issue will be solved, move this block
2087          * to start(), and make sure here the driver is ON.
2088          */
2089         if (wl->state == WL1271_STATE_OFF) {
2090                 /*
2091                  * we still need this in order to configure the fw
2092                  * while uploading the nvs
2093                  */
2094                 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
2095
2096                 booted = wl12xx_init_fw(wl);
2097                 if (!booted) {
2098                         ret = -EINVAL;
2099                         goto out;
2100                 }
2101         }
2102
2103         if (wlvif->bss_type == BSS_TYPE_STA_BSS ||
2104             wlvif->bss_type == BSS_TYPE_IBSS) {
2105                 /*
2106                  * The device role is a special role used for
2107                  * rx and tx frames prior to association (as
2108                  * the STA role can get packets only from
2109                  * its associated bssid)
2110                  */
2111                 ret = wl12xx_cmd_role_enable(wl, vif->addr,
2112                                                  WL1271_ROLE_DEVICE,
2113                                                  &wlvif->dev_role_id);
2114                 if (ret < 0)
2115                         goto out;
2116         }
2117
2118         ret = wl12xx_cmd_role_enable(wl, vif->addr,
2119                                      role_type, &wlvif->role_id);
2120         if (ret < 0)
2121                 goto out;
2122
2123         ret = wl1271_init_vif_specific(wl, vif);
2124         if (ret < 0)
2125                 goto out;
2126
2127         wl->vif = vif;
2128         list_add(&wlvif->list, &wl->wlvif_list);
2129         set_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags);
2130
2131         if (wlvif->bss_type == BSS_TYPE_AP_BSS)
2132                 wl->ap_count++;
2133         else
2134                 wl->sta_count++;
2135 out:
2136         wl1271_ps_elp_sleep(wl);
2137 out_unlock:
2138         mutex_unlock(&wl->mutex);
2139
2140         mutex_lock(&wl_list_mutex);
2141         if (!ret)
2142                 list_add(&wl->list, &wl_list);
2143         mutex_unlock(&wl_list_mutex);
2144
2145         return ret;
2146 }
2147
2148 static void __wl1271_op_remove_interface(struct wl1271 *wl,
2149                                          struct ieee80211_vif *vif,
2150                                          bool reset_tx_queues)
2151 {
2152         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
2153         int i, ret;
2154
2155         wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface");
2156
2157         if (!test_and_clear_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags))
2158                 return;
2159
2160         wl->vif = NULL;
2161
2162         /* because of hardware recovery, we may get here twice */
2163         if (wl->state != WL1271_STATE_ON)
2164                 return;
2165
2166         wl1271_info("down");
2167
2168         /* enable dyn ps just in case (if left on due to fw crash etc) */
2169         if (wlvif->bss_type == BSS_TYPE_STA_BSS)
2170                 ieee80211_enable_dyn_ps(vif);
2171
2172         if (wl->scan.state != WL1271_SCAN_STATE_IDLE &&
2173             wl->scan_vif == vif) {
2174                 wl->scan.state = WL1271_SCAN_STATE_IDLE;
2175                 memset(wl->scan.scanned_ch, 0, sizeof(wl->scan.scanned_ch));
2176                 wl->scan_vif = NULL;
2177                 wl->scan.req = NULL;
2178                 ieee80211_scan_completed(wl->hw, true);
2179         }
2180
2181         if (!test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags)) {
2182                 /* disable active roles */
2183                 ret = wl1271_ps_elp_wakeup(wl);
2184                 if (ret < 0)
2185                         goto deinit;
2186
2187                 if (wlvif->bss_type == BSS_TYPE_STA_BSS) {
2188                         ret = wl12xx_cmd_role_disable(wl, &wlvif->dev_role_id);
2189                         if (ret < 0)
2190                                 goto deinit;
2191                 }
2192
2193                 ret = wl12xx_cmd_role_disable(wl, &wlvif->role_id);
2194                 if (ret < 0)
2195                         goto deinit;
2196
2197                 wl1271_ps_elp_sleep(wl);
2198         }
2199 deinit:
2200         /* clear all hlids (except system_hlid) */
2201         wlvif->dev_hlid = WL12XX_INVALID_LINK_ID;
2202
2203         if (wlvif->bss_type == BSS_TYPE_STA_BSS ||
2204             wlvif->bss_type == BSS_TYPE_IBSS) {
2205                 wlvif->sta.hlid = WL12XX_INVALID_LINK_ID;
2206                 wl12xx_free_rate_policy(wl, &wlvif->sta.basic_rate_idx);
2207                 wl12xx_free_rate_policy(wl, &wlvif->sta.ap_rate_idx);
2208                 wl12xx_free_rate_policy(wl, &wlvif->sta.p2p_rate_idx);
2209         } else {
2210                 wlvif->ap.bcast_hlid = WL12XX_INVALID_LINK_ID;
2211                 wlvif->ap.global_hlid = WL12XX_INVALID_LINK_ID;
2212                 wl12xx_free_rate_policy(wl, &wlvif->ap.mgmt_rate_idx);
2213                 wl12xx_free_rate_policy(wl, &wlvif->ap.bcast_rate_idx);
2214                 for (i = 0; i < CONF_TX_MAX_AC_COUNT; i++)
2215                         wl12xx_free_rate_policy(wl,
2216                                                 &wlvif->ap.ucast_rate_idx[i]);
2217         }
2218
2219         wl12xx_tx_reset_wlvif(wl, wlvif);
2220         wl1271_free_ap_keys(wl, wlvif);
2221         if (wl->last_wlvif == wlvif)
2222                 wl->last_wlvif = NULL;
2223         list_del(&wlvif->list);
2224         memset(wlvif->ap.sta_hlid_map, 0, sizeof(wlvif->ap.sta_hlid_map));
2225         wlvif->role_id = WL12XX_INVALID_ROLE_ID;
2226         wlvif->dev_role_id = WL12XX_INVALID_ROLE_ID;
2227
2228         if (wlvif->bss_type == BSS_TYPE_AP_BSS)
2229                 wl->ap_count--;
2230         else
2231                 wl->sta_count--;
2232
2233         mutex_unlock(&wl->mutex);
2234         del_timer_sync(&wlvif->rx_streaming_timer);
2235         cancel_work_sync(&wlvif->rx_streaming_enable_work);
2236         cancel_work_sync(&wlvif->rx_streaming_disable_work);
2237         cancel_delayed_work_sync(&wlvif->pspoll_work);
2238
2239         mutex_lock(&wl->mutex);
2240 }
2241
2242 static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
2243                                        struct ieee80211_vif *vif)
2244 {
2245         struct wl1271 *wl = hw->priv;
2246         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
2247         struct wl12xx_vif *iter;
2248
2249         mutex_lock(&wl->mutex);
2250
2251         if (wl->state == WL1271_STATE_OFF ||
2252             !test_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags))
2253                 goto out;
2254
2255         /*
2256          * wl->vif can be null here if someone shuts down the interface
2257          * just when hardware recovery has been started.
2258          */
2259         wl12xx_for_each_wlvif(wl, iter) {
2260                 if (iter != wlvif)
2261                         continue;
2262
2263                 __wl1271_op_remove_interface(wl, vif, true);
2264                 break;
2265         }
2266         WARN_ON(iter != wlvif);
2267 out:
2268         mutex_unlock(&wl->mutex);
2269         cancel_work_sync(&wl->recovery_work);
2270 }
2271
2272 static int wl1271_join(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2273                           bool set_assoc)
2274 {
2275         int ret;
2276         bool is_ibss = (wlvif->bss_type == BSS_TYPE_IBSS);
2277
2278         /*
2279          * One of the side effects of the JOIN command is that is clears
2280          * WPA/WPA2 keys from the chipset. Performing a JOIN while associated
2281          * to a WPA/WPA2 access point will therefore kill the data-path.
2282          * Currently the only valid scenario for JOIN during association
2283          * is on roaming, in which case we will also be given new keys.
2284          * Keep the below message for now, unless it starts bothering
2285          * users who really like to roam a lot :)
2286          */
2287         if (test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags))
2288                 wl1271_info("JOIN while associated.");
2289
2290         if (set_assoc)
2291                 set_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags);
2292
2293         if (is_ibss)
2294                 ret = wl12xx_cmd_role_start_ibss(wl, wlvif);
2295         else
2296                 ret = wl12xx_cmd_role_start_sta(wl, wlvif);
2297         if (ret < 0)
2298                 goto out;
2299
2300         if (!test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags))
2301                 goto out;
2302
2303         /*
2304          * The join command disable the keep-alive mode, shut down its process,
2305          * and also clear the template config, so we need to reset it all after
2306          * the join. The acx_aid starts the keep-alive process, and the order
2307          * of the commands below is relevant.
2308          */
2309         ret = wl1271_acx_keep_alive_mode(wl, wlvif, true);
2310         if (ret < 0)
2311                 goto out;
2312
2313         ret = wl1271_acx_aid(wl, wlvif, wlvif->aid);
2314         if (ret < 0)
2315                 goto out;
2316
2317         ret = wl12xx_cmd_build_klv_null_data(wl, wlvif);
2318         if (ret < 0)
2319                 goto out;
2320
2321         ret = wl1271_acx_keep_alive_config(wl, wlvif,
2322                                            CMD_TEMPL_KLV_IDX_NULL_DATA,
2323                                            ACX_KEEP_ALIVE_TPL_VALID);
2324         if (ret < 0)
2325                 goto out;
2326
2327 out:
2328         return ret;
2329 }
2330
2331 static int wl1271_unjoin(struct wl1271 *wl, struct wl12xx_vif *wlvif)
2332 {
2333         int ret;
2334
2335         if (test_and_clear_bit(WLVIF_FLAG_CS_PROGRESS, &wlvif->flags)) {
2336                 struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
2337
2338                 wl12xx_cmd_stop_channel_switch(wl);
2339                 ieee80211_chswitch_done(vif, false);
2340         }
2341
2342         /* to stop listening to a channel, we disconnect */
2343         ret = wl12xx_cmd_role_stop_sta(wl, wlvif);
2344         if (ret < 0)
2345                 goto out;
2346
2347         /* reset TX security counters on a clean disconnect */
2348         wlvif->tx_security_last_seq_lsb = 0;
2349         wlvif->tx_security_seq = 0;
2350
2351 out:
2352         return ret;
2353 }
2354
2355 static void wl1271_set_band_rate(struct wl1271 *wl, struct wl12xx_vif *wlvif)
2356 {
2357         wlvif->basic_rate_set = wlvif->bitrate_masks[wlvif->band];
2358         wlvif->rate_set = wlvif->basic_rate_set;
2359 }
2360
2361 static bool wl12xx_is_roc(struct wl1271 *wl)
2362 {
2363         u8 role_id;
2364
2365         role_id = find_first_bit(wl->roc_map, WL12XX_MAX_ROLES);
2366         if (role_id >= WL12XX_MAX_ROLES)
2367                 return false;
2368
2369         return true;
2370 }
2371
2372 static int wl1271_sta_handle_idle(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2373                                   bool idle)
2374 {
2375         int ret;
2376
2377         if (idle) {
2378                 /* no need to croc if we weren't busy (e.g. during boot) */
2379                 if (wl12xx_is_roc(wl)) {
2380                         ret = wl12xx_stop_dev(wl, wlvif);
2381                         if (ret < 0)
2382                                 goto out;
2383                 }
2384                 wlvif->rate_set =
2385                         wl1271_tx_min_rate_get(wl, wlvif->basic_rate_set);
2386                 ret = wl1271_acx_sta_rate_policies(wl, wlvif);
2387                 if (ret < 0)
2388                         goto out;
2389                 ret = wl1271_acx_keep_alive_config(
2390                         wl, wlvif, CMD_TEMPL_KLV_IDX_NULL_DATA,
2391                         ACX_KEEP_ALIVE_TPL_INVALID);
2392                 if (ret < 0)
2393                         goto out;
2394                 set_bit(WL1271_FLAG_IDLE, &wl->flags);
2395         } else {
2396                 /* The current firmware only supports sched_scan in idle */
2397                 if (wl->sched_scanning) {
2398                         wl1271_scan_sched_scan_stop(wl);
2399                         ieee80211_sched_scan_stopped(wl->hw);
2400                 }
2401
2402                 ret = wl12xx_start_dev(wl, wlvif);
2403                 if (ret < 0)
2404                         goto out;
2405                 clear_bit(WL1271_FLAG_IDLE, &wl->flags);
2406         }
2407
2408 out:
2409         return ret;
2410 }
2411
2412 static int wl12xx_config_vif(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2413                              struct ieee80211_conf *conf, u32 changed)
2414 {
2415         bool is_ap = (wlvif->bss_type == BSS_TYPE_AP_BSS);
2416         int channel, ret;
2417
2418         channel = ieee80211_frequency_to_channel(conf->channel->center_freq);
2419
2420         /* if the channel changes while joined, join again */
2421         if (changed & IEEE80211_CONF_CHANGE_CHANNEL &&
2422             ((wlvif->band != conf->channel->band) ||
2423              (wlvif->channel != channel))) {
2424                 /* send all pending packets */
2425                 wl1271_tx_work_locked(wl);
2426                 wlvif->band = conf->channel->band;
2427                 wlvif->channel = channel;
2428
2429                 if (!is_ap) {
2430                         /*
2431                          * FIXME: the mac80211 should really provide a fixed
2432                          * rate to use here. for now, just use the smallest
2433                          * possible rate for the band as a fixed rate for
2434                          * association frames and other control messages.
2435                          */
2436                         if (!test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags))
2437                                 wl1271_set_band_rate(wl, wlvif);
2438
2439                         wlvif->basic_rate =
2440                                 wl1271_tx_min_rate_get(wl,
2441                                                        wlvif->basic_rate_set);
2442                         ret = wl1271_acx_sta_rate_policies(wl, wlvif);
2443                         if (ret < 0)
2444                                 wl1271_warning("rate policy for channel "
2445                                                "failed %d", ret);
2446
2447                         if (test_bit(WLVIF_FLAG_STA_ASSOCIATED,
2448                                      &wlvif->flags)) {
2449                                 if (wl12xx_is_roc(wl)) {
2450                                         /* roaming */
2451                                         ret = wl12xx_croc(wl,
2452                                                           wlvif->dev_role_id);
2453                                         if (ret < 0)
2454                                                 return ret;
2455                                 }
2456                                 ret = wl1271_join(wl, wlvif, false);
2457                                 if (ret < 0)
2458                                         wl1271_warning("cmd join on channel "
2459                                                        "failed %d", ret);
2460                         } else {
2461                                 /*
2462                                  * change the ROC channel. do it only if we are
2463                                  * not idle. otherwise, CROC will be called
2464                                  * anyway.
2465                                  */
2466                                 if (wl12xx_is_roc(wl) &&
2467                                     !(conf->flags & IEEE80211_CONF_IDLE)) {
2468                                         ret = wl12xx_stop_dev(wl, wlvif);
2469                                         if (ret < 0)
2470                                                 return ret;
2471
2472                                         ret = wl12xx_start_dev(wl, wlvif);
2473                                         if (ret < 0)
2474                                                 return ret;
2475                                 }
2476                         }
2477                 }
2478         }
2479
2480         /*
2481          * if mac80211 changes the PSM mode, make sure the mode is not
2482          * incorrectly changed after the pspoll failure active window.
2483          */
2484         if (changed & IEEE80211_CONF_CHANGE_PS)
2485                 clear_bit(WLVIF_FLAG_PSPOLL_FAILURE, &wlvif->flags);
2486
2487         if (conf->flags & IEEE80211_CONF_PS &&
2488             !test_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags)) {
2489                 set_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags);
2490
2491                 /*
2492                  * We enter PSM only if we're already associated.
2493                  * If we're not, we'll enter it when joining an SSID,
2494                  * through the bss_info_changed() hook.
2495                  */
2496                 if (test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags)) {
2497                         wl1271_debug(DEBUG_PSM, "psm enabled");
2498                         ret = wl1271_ps_set_mode(wl, wlvif,
2499                                                  STATION_POWER_SAVE_MODE,
2500                                                  wlvif->basic_rate, true);
2501                 }
2502         } else if (!(conf->flags & IEEE80211_CONF_PS) &&
2503                    test_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags)) {
2504                 wl1271_debug(DEBUG_PSM, "psm disabled");
2505
2506                 clear_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags);
2507
2508                 if (test_bit(WLVIF_FLAG_PSM, &wlvif->flags))
2509                         ret = wl1271_ps_set_mode(wl, wlvif,
2510                                                  STATION_ACTIVE_MODE,
2511                                                  wlvif->basic_rate, true);
2512         }
2513
2514         if (conf->power_level != wlvif->power_level) {
2515                 ret = wl1271_acx_tx_power(wl, wlvif, conf->power_level);
2516                 if (ret < 0)
2517                         return ret;
2518
2519                 wlvif->power_level = conf->power_level;
2520         }
2521
2522         return 0;
2523 }
2524
2525 static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
2526 {
2527         struct wl1271 *wl = hw->priv;
2528         struct wl12xx_vif *wlvif;
2529         struct ieee80211_conf *conf = &hw->conf;
2530         int channel, ret = 0;
2531
2532         channel = ieee80211_frequency_to_channel(conf->channel->center_freq);
2533
2534         wl1271_debug(DEBUG_MAC80211, "mac80211 config ch %d psm %s power %d %s"
2535                      " changed 0x%x",
2536                      channel,
2537                      conf->flags & IEEE80211_CONF_PS ? "on" : "off",
2538                      conf->power_level,
2539                      conf->flags & IEEE80211_CONF_IDLE ? "idle" : "in use",
2540                          changed);
2541
2542         /*
2543          * mac80211 will go to idle nearly immediately after transmitting some
2544          * frames, such as the deauth. To make sure those frames reach the air,
2545          * wait here until the TX queue is fully flushed.
2546          */
2547         if ((changed & IEEE80211_CONF_CHANGE_IDLE) &&
2548             (conf->flags & IEEE80211_CONF_IDLE))
2549                 wl1271_tx_flush(wl);
2550
2551         mutex_lock(&wl->mutex);
2552
2553         /* we support configuring the channel and band even while off */
2554         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
2555                 wl->band = conf->channel->band;
2556                 wl->channel = channel;
2557         }
2558
2559         if (changed & IEEE80211_CONF_CHANGE_POWER)
2560                 wl->power_level = conf->power_level;
2561
2562         if (unlikely(wl->state == WL1271_STATE_OFF))
2563                 goto out;
2564
2565         ret = wl1271_ps_elp_wakeup(wl);
2566         if (ret < 0)
2567                 goto out;
2568
2569         /* configure each interface */
2570         wl12xx_for_each_wlvif(wl, wlvif) {
2571                 ret = wl12xx_config_vif(wl, wlvif, conf, changed);
2572                 if (ret < 0)
2573                         goto out_sleep;
2574         }
2575
2576 out_sleep:
2577         wl1271_ps_elp_sleep(wl);
2578
2579 out:
2580         mutex_unlock(&wl->mutex);
2581
2582         return ret;
2583 }
2584
2585 struct wl1271_filter_params {
2586         bool enabled;
2587         int mc_list_length;
2588         u8 mc_list[ACX_MC_ADDRESS_GROUP_MAX][ETH_ALEN];
2589 };
2590
2591 static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw,
2592                                        struct netdev_hw_addr_list *mc_list)
2593 {
2594         struct wl1271_filter_params *fp;
2595         struct netdev_hw_addr *ha;
2596         struct wl1271 *wl = hw->priv;
2597
2598         if (unlikely(wl->state == WL1271_STATE_OFF))
2599                 return 0;
2600
2601         fp = kzalloc(sizeof(*fp), GFP_ATOMIC);
2602         if (!fp) {
2603                 wl1271_error("Out of memory setting filters.");
2604                 return 0;
2605         }
2606
2607         /* update multicast filtering parameters */
2608         fp->mc_list_length = 0;
2609         if (netdev_hw_addr_list_count(mc_list) > ACX_MC_ADDRESS_GROUP_MAX) {
2610                 fp->enabled = false;
2611         } else {
2612                 fp->enabled = true;
2613                 netdev_hw_addr_list_for_each(ha, mc_list) {
2614                         memcpy(fp->mc_list[fp->mc_list_length],
2615                                         ha->addr, ETH_ALEN);
2616                         fp->mc_list_length++;
2617                 }
2618         }
2619
2620         return (u64)(unsigned long)fp;
2621 }
2622
2623 #define WL1271_SUPPORTED_FILTERS (FIF_PROMISC_IN_BSS | \
2624                                   FIF_ALLMULTI | \
2625                                   FIF_FCSFAIL | \
2626                                   FIF_BCN_PRBRESP_PROMISC | \
2627                                   FIF_CONTROL | \
2628                                   FIF_OTHER_BSS)
2629
2630 static void wl1271_op_configure_filter(struct ieee80211_hw *hw,
2631                                        unsigned int changed,
2632                                        unsigned int *total, u64 multicast)
2633 {
2634         struct wl1271_filter_params *fp = (void *)(unsigned long)multicast;
2635         struct wl1271 *wl = hw->priv;
2636         struct wl12xx_vif *wlvif;
2637
2638         int ret;
2639
2640         wl1271_debug(DEBUG_MAC80211, "mac80211 configure filter changed %x"
2641                      " total %x", changed, *total);
2642
2643         mutex_lock(&wl->mutex);
2644
2645         *total &= WL1271_SUPPORTED_FILTERS;
2646         changed &= WL1271_SUPPORTED_FILTERS;
2647
2648         if (unlikely(wl->state == WL1271_STATE_OFF))
2649                 goto out;
2650
2651         ret = wl1271_ps_elp_wakeup(wl);
2652         if (ret < 0)
2653                 goto out;
2654
2655         wl12xx_for_each_wlvif(wl, wlvif) {
2656                 if (wlvif->bss_type != BSS_TYPE_AP_BSS) {
2657                         if (*total & FIF_ALLMULTI)
2658                                 ret = wl1271_acx_group_address_tbl(wl, wlvif,
2659                                                                    false,
2660                                                                    NULL, 0);
2661                         else if (fp)
2662                                 ret = wl1271_acx_group_address_tbl(wl, wlvif,
2663                                                         fp->enabled,
2664                                                         fp->mc_list,
2665                                                         fp->mc_list_length);
2666                         if (ret < 0)
2667                                 goto out_sleep;
2668                 }
2669         }
2670
2671         /*
2672          * the fw doesn't provide an api to configure the filters. instead,
2673          * the filters configuration is based on the active roles / ROC
2674          * state.
2675          */
2676
2677 out_sleep:
2678         wl1271_ps_elp_sleep(wl);
2679
2680 out:
2681         mutex_unlock(&wl->mutex);
2682         kfree(fp);
2683 }
2684
2685 static int wl1271_record_ap_key(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2686                                 u8 id, u8 key_type, u8 key_size,
2687                                 const u8 *key, u8 hlid, u32 tx_seq_32,
2688                                 u16 tx_seq_16)
2689 {
2690         struct wl1271_ap_key *ap_key;
2691         int i;
2692
2693         wl1271_debug(DEBUG_CRYPT, "record ap key id %d", (int)id);
2694
2695         if (key_size > MAX_KEY_SIZE)
2696                 return -EINVAL;
2697
2698         /*
2699          * Find next free entry in ap_keys. Also check we are not replacing
2700          * an existing key.
2701          */
2702         for (i = 0; i < MAX_NUM_KEYS; i++) {
2703                 if (wlvif->ap.recorded_keys[i] == NULL)
2704                         break;
2705
2706                 if (wlvif->ap.recorded_keys[i]->id == id) {
2707                         wl1271_warning("trying to record key replacement");
2708                         return -EINVAL;
2709                 }
2710         }
2711
2712         if (i == MAX_NUM_KEYS)
2713                 return -EBUSY;
2714
2715         ap_key = kzalloc(sizeof(*ap_key), GFP_KERNEL);
2716         if (!ap_key)
2717                 return -ENOMEM;
2718
2719         ap_key->id = id;
2720         ap_key->key_type = key_type;
2721         ap_key->key_size = key_size;
2722         memcpy(ap_key->key, key, key_size);
2723         ap_key->hlid = hlid;
2724         ap_key->tx_seq_32 = tx_seq_32;
2725         ap_key->tx_seq_16 = tx_seq_16;
2726
2727         wlvif->ap.recorded_keys[i] = ap_key;
2728         return 0;
2729 }
2730
2731 static void wl1271_free_ap_keys(struct wl1271 *wl, struct wl12xx_vif *wlvif)
2732 {
2733         int i;
2734
2735         for (i = 0; i < MAX_NUM_KEYS; i++) {
2736                 kfree(wlvif->ap.recorded_keys[i]);
2737                 wlvif->ap.recorded_keys[i] = NULL;
2738         }
2739 }
2740
2741 static int wl1271_ap_init_hwenc(struct wl1271 *wl, struct wl12xx_vif *wlvif)
2742 {
2743         int i, ret = 0;
2744         struct wl1271_ap_key *key;
2745         bool wep_key_added = false;
2746
2747         for (i = 0; i < MAX_NUM_KEYS; i++) {
2748                 u8 hlid;
2749                 if (wlvif->ap.recorded_keys[i] == NULL)
2750                         break;
2751
2752                 key = wlvif->ap.recorded_keys[i];
2753                 hlid = key->hlid;
2754                 if (hlid == WL12XX_INVALID_LINK_ID)
2755                         hlid = wlvif->ap.bcast_hlid;
2756
2757                 ret = wl1271_cmd_set_ap_key(wl, wlvif, KEY_ADD_OR_REPLACE,
2758                                             key->id, key->key_type,
2759                                             key->key_size, key->key,
2760                                             hlid, key->tx_seq_32,
2761                                             key->tx_seq_16);
2762                 if (ret < 0)
2763                         goto out;
2764
2765                 if (key->key_type == KEY_WEP)
2766                         wep_key_added = true;
2767         }
2768
2769         if (wep_key_added) {
2770                 ret = wl12xx_cmd_set_default_wep_key(wl, wlvif->default_key,
2771                                                      wlvif->ap.bcast_hlid);
2772                 if (ret < 0)
2773                         goto out;
2774         }
2775
2776 out:
2777         wl1271_free_ap_keys(wl, wlvif);
2778         return ret;
2779 }
2780
2781 static int wl1271_set_key(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2782                        u16 action, u8 id, u8 key_type,
2783                        u8 key_size, const u8 *key, u32 tx_seq_32,
2784                        u16 tx_seq_16, struct ieee80211_sta *sta)
2785 {
2786         int ret;
2787         bool is_ap = (wlvif->bss_type == BSS_TYPE_AP_BSS);
2788
2789         if (is_ap) {
2790                 struct wl1271_station *wl_sta;
2791                 u8 hlid;
2792
2793                 if (sta) {
2794                         wl_sta = (struct wl1271_station *)sta->drv_priv;
2795                         hlid = wl_sta->hlid;
2796                 } else {
2797                         hlid = wlvif->ap.bcast_hlid;
2798                 }
2799
2800                 if (!test_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags)) {
2801                         /*
2802                          * We do not support removing keys after AP shutdown.
2803                          * Pretend we do to make mac80211 happy.
2804                          */
2805                         if (action != KEY_ADD_OR_REPLACE)
2806                                 return 0;
2807
2808                         ret = wl1271_record_ap_key(wl, wlvif, id,
2809                                              key_type, key_size,
2810                                              key, hlid, tx_seq_32,
2811                                              tx_seq_16);
2812                 } else {
2813                         ret = wl1271_cmd_set_ap_key(wl, wlvif, action,
2814                                              id, key_type, key_size,
2815                                              key, hlid, tx_seq_32,
2816                                              tx_seq_16);
2817                 }
2818
2819                 if (ret < 0)
2820                         return ret;
2821         } else {
2822                 const u8 *addr;
2823                 static const u8 bcast_addr[ETH_ALEN] = {
2824                         0xff, 0xff, 0xff, 0xff, 0xff, 0xff
2825                 };
2826
2827                 /*
2828                  * A STA set to GEM cipher requires 2 tx spare blocks.
2829                  * Return to default value when GEM cipher key is removed
2830                  */
2831                 if (key_type == KEY_GEM) {
2832                         if (action == KEY_ADD_OR_REPLACE)
2833                                 wl->tx_spare_blocks = 2;
2834                         else if (action == KEY_REMOVE)
2835                                 wl->tx_spare_blocks = TX_HW_BLOCK_SPARE_DEFAULT;
2836                 }
2837
2838                 addr = sta ? sta->addr : bcast_addr;
2839
2840                 if (is_zero_ether_addr(addr)) {
2841                         /* We dont support TX only encryption */
2842                         return -EOPNOTSUPP;
2843                 }
2844
2845                 /* The wl1271 does not allow to remove unicast keys - they
2846                    will be cleared automatically on next CMD_JOIN. Ignore the
2847                    request silently, as we dont want the mac80211 to emit
2848                    an error message. */
2849                 if (action == KEY_REMOVE && !is_broadcast_ether_addr(addr))
2850                         return 0;
2851
2852                 /* don't remove key if hlid was already deleted */
2853                 if (action == KEY_REMOVE &&
2854                     wlvif->sta.hlid == WL12XX_INVALID_LINK_ID)
2855                         return 0;
2856
2857                 ret = wl1271_cmd_set_sta_key(wl, wlvif, action,
2858                                              id, key_type, key_size,
2859                                              key, addr, tx_seq_32,
2860                                              tx_seq_16);
2861                 if (ret < 0)
2862                         return ret;
2863
2864                 /* the default WEP key needs to be configured at least once */
2865                 if (key_type == KEY_WEP) {
2866                         ret = wl12xx_cmd_set_default_wep_key(wl,
2867                                                         wlvif->default_key,
2868                                                         wlvif->sta.hlid);
2869                         if (ret < 0)
2870                                 return ret;
2871                 }
2872         }
2873
2874         return 0;
2875 }
2876
2877 static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
2878                              struct ieee80211_vif *vif,
2879                              struct ieee80211_sta *sta,
2880                              struct ieee80211_key_conf *key_conf)
2881 {
2882         struct wl1271 *wl = hw->priv;
2883         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
2884         int ret;
2885         u32 tx_seq_32 = 0;
2886         u16 tx_seq_16 = 0;
2887         u8 key_type;
2888
2889         wl1271_debug(DEBUG_MAC80211, "mac80211 set key");
2890
2891         wl1271_debug(DEBUG_CRYPT, "CMD: 0x%x sta: %p", cmd, sta);
2892         wl1271_debug(DEBUG_CRYPT, "Key: algo:0x%x, id:%d, len:%d flags 0x%x",
2893                      key_conf->cipher, key_conf->keyidx,
2894                      key_conf->keylen, key_conf->flags);
2895         wl1271_dump(DEBUG_CRYPT, "KEY: ", key_conf->key, key_conf->keylen);
2896
2897         mutex_lock(&wl->mutex);
2898
2899         if (unlikely(wl->state == WL1271_STATE_OFF)) {
2900                 ret = -EAGAIN;
2901                 goto out_unlock;
2902         }
2903
2904         ret = wl1271_ps_elp_wakeup(wl);
2905         if (ret < 0)
2906                 goto out_unlock;
2907
2908         switch (key_conf->cipher) {
2909         case WLAN_CIPHER_SUITE_WEP40:
2910         case WLAN_CIPHER_SUITE_WEP104:
2911                 key_type = KEY_WEP;
2912
2913                 key_conf->hw_key_idx = key_conf->keyidx;
2914                 break;
2915         case WLAN_CIPHER_SUITE_TKIP:
2916                 key_type = KEY_TKIP;
2917
2918                 key_conf->hw_key_idx = key_conf->keyidx;
2919                 tx_seq_32 = WL1271_TX_SECURITY_HI32(wlvif->tx_security_seq);
2920                 tx_seq_16 = WL1271_TX_SECURITY_LO16(wlvif->tx_security_seq);
2921                 break;
2922         case WLAN_CIPHER_SUITE_CCMP:
2923                 key_type = KEY_AES;
2924
2925                 key_conf->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE;
2926                 tx_seq_32 = WL1271_TX_SECURITY_HI32(wlvif->tx_security_seq);
2927                 tx_seq_16 = WL1271_TX_SECURITY_LO16(wlvif->tx_security_seq);
2928                 break;
2929         case WL1271_CIPHER_SUITE_GEM:
2930                 key_type = KEY_GEM;
2931                 tx_seq_32 = WL1271_TX_SECURITY_HI32(wlvif->tx_security_seq);
2932                 tx_seq_16 = WL1271_TX_SECURITY_LO16(wlvif->tx_security_seq);
2933                 break;
2934         default:
2935                 wl1271_error("Unknown key algo 0x%x", key_conf->cipher);
2936
2937                 ret = -EOPNOTSUPP;
2938                 goto out_sleep;
2939         }
2940
2941         switch (cmd) {
2942         case SET_KEY:
2943                 ret = wl1271_set_key(wl, wlvif, KEY_ADD_OR_REPLACE,
2944                                  key_conf->keyidx, key_type,
2945                                  key_conf->keylen, key_conf->key,
2946                                  tx_seq_32, tx_seq_16, sta);
2947                 if (ret < 0) {
2948                         wl1271_error("Could not add or replace key");
2949                         goto out_sleep;
2950                 }
2951                 break;
2952
2953         case DISABLE_KEY:
2954                 ret = wl1271_set_key(wl, wlvif, KEY_REMOVE,
2955                                      key_conf->keyidx, key_type,
2956                                      key_conf->keylen, key_conf->key,
2957                                      0, 0, sta);
2958                 if (ret < 0) {
2959                         wl1271_error("Could not remove key");
2960                         goto out_sleep;
2961                 }
2962                 break;
2963
2964         default:
2965                 wl1271_error("Unsupported key cmd 0x%x", cmd);
2966                 ret = -EOPNOTSUPP;
2967                 break;
2968         }
2969
2970 out_sleep:
2971         wl1271_ps_elp_sleep(wl);
2972
2973 out_unlock:
2974         mutex_unlock(&wl->mutex);
2975
2976         return ret;
2977 }
2978
2979 static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
2980                              struct ieee80211_vif *vif,
2981                              struct cfg80211_scan_request *req)
2982 {
2983         struct wl1271 *wl = hw->priv;
2984         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
2985
2986         int ret;
2987         u8 *ssid = NULL;
2988         size_t len = 0;
2989
2990         wl1271_debug(DEBUG_MAC80211, "mac80211 hw scan");
2991
2992         if (req->n_ssids) {
2993                 ssid = req->ssids[0].ssid;
2994                 len = req->ssids[0].ssid_len;
2995         }
2996
2997         mutex_lock(&wl->mutex);
2998
2999         if (wl->state == WL1271_STATE_OFF) {
3000                 /*
3001                  * We cannot return -EBUSY here because cfg80211 will expect
3002                  * a call to ieee80211_scan_completed if we do - in this case
3003                  * there won't be any call.
3004                  */
3005                 ret = -EAGAIN;
3006                 goto out;
3007         }
3008
3009         ret = wl1271_ps_elp_wakeup(wl);
3010         if (ret < 0)
3011                 goto out;
3012
3013         /* cancel ROC before scanning */
3014         if (wl12xx_is_roc(wl)) {
3015                 if (test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags)) {
3016                         /* don't allow scanning right now */
3017                         ret = -EBUSY;
3018                         goto out_sleep;
3019                 }
3020                 wl12xx_stop_dev(wl, wlvif);
3021         }
3022
3023         ret = wl1271_scan(hw->priv, vif, ssid, len, req);
3024 out_sleep:
3025         wl1271_ps_elp_sleep(wl);
3026 out:
3027         mutex_unlock(&wl->mutex);
3028
3029         return ret;
3030 }
3031
3032 static void wl1271_op_cancel_hw_scan(struct ieee80211_hw *hw,
3033                                      struct ieee80211_vif *vif)
3034 {
3035         struct wl1271 *wl = hw->priv;
3036         int ret;
3037
3038         wl1271_debug(DEBUG_MAC80211, "mac80211 cancel hw scan");
3039
3040         mutex_lock(&wl->mutex);
3041
3042         if (wl->state == WL1271_STATE_OFF)
3043                 goto out;
3044
3045         if (wl->scan.state == WL1271_SCAN_STATE_IDLE)
3046                 goto out;
3047
3048         ret = wl1271_ps_elp_wakeup(wl);
3049         if (ret < 0)
3050                 goto out;
3051
3052         if (wl->scan.state != WL1271_SCAN_STATE_DONE) {
3053                 ret = wl1271_scan_stop(wl);
3054                 if (ret < 0)
3055                         goto out_sleep;
3056         }
3057         wl->scan.state = WL1271_SCAN_STATE_IDLE;
3058         memset(wl->scan.scanned_ch, 0, sizeof(wl->scan.scanned_ch));
3059         wl->scan_vif = NULL;
3060         wl->scan.req = NULL;
3061         ieee80211_scan_completed(wl->hw, true);
3062
3063 out_sleep:
3064         wl1271_ps_elp_sleep(wl);
3065 out:
3066         mutex_unlock(&wl->mutex);
3067
3068         cancel_delayed_work_sync(&wl->scan_complete_work);
3069 }
3070
3071 static int wl1271_op_sched_scan_start(struct ieee80211_hw *hw,
3072                                       struct ieee80211_vif *vif,
3073                                       struct cfg80211_sched_scan_request *req,
3074                                       struct ieee80211_sched_scan_ies *ies)
3075 {
3076         struct wl1271 *wl = hw->priv;
3077         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3078         int ret;
3079
3080         wl1271_debug(DEBUG_MAC80211, "wl1271_op_sched_scan_start");
3081
3082         mutex_lock(&wl->mutex);
3083
3084         ret = wl1271_ps_elp_wakeup(wl);
3085         if (ret < 0)
3086                 goto out;
3087
3088         ret = wl1271_scan_sched_scan_config(wl, wlvif, req, ies);
3089         if (ret < 0)
3090                 goto out_sleep;
3091
3092         ret = wl1271_scan_sched_scan_start(wl, wlvif);
3093         if (ret < 0)
3094                 goto out_sleep;
3095
3096         wl->sched_scanning = true;
3097
3098 out_sleep:
3099         wl1271_ps_elp_sleep(wl);
3100 out:
3101         mutex_unlock(&wl->mutex);
3102         return ret;
3103 }
3104
3105 static void wl1271_op_sched_scan_stop(struct ieee80211_hw *hw,
3106                                       struct ieee80211_vif *vif)
3107 {
3108         struct wl1271 *wl = hw->priv;
3109         int ret;
3110
3111         wl1271_debug(DEBUG_MAC80211, "wl1271_op_sched_scan_stop");
3112
3113         mutex_lock(&wl->mutex);
3114
3115         ret = wl1271_ps_elp_wakeup(wl);
3116         if (ret < 0)
3117                 goto out;
3118
3119         wl1271_scan_sched_scan_stop(wl);
3120
3121         wl1271_ps_elp_sleep(wl);
3122 out:
3123         mutex_unlock(&wl->mutex);
3124 }
3125
3126 static int wl1271_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
3127 {
3128         struct wl1271 *wl = hw->priv;
3129         int ret = 0;
3130
3131         mutex_lock(&wl->mutex);
3132
3133         if (unlikely(wl->state == WL1271_STATE_OFF)) {
3134                 ret = -EAGAIN;
3135                 goto out;
3136         }
3137
3138         ret = wl1271_ps_elp_wakeup(wl);
3139         if (ret < 0)
3140                 goto out;
3141
3142         ret = wl1271_acx_frag_threshold(wl, value);
3143         if (ret < 0)
3144                 wl1271_warning("wl1271_op_set_frag_threshold failed: %d", ret);
3145
3146         wl1271_ps_elp_sleep(wl);
3147
3148 out:
3149         mutex_unlock(&wl->mutex);
3150
3151         return ret;
3152 }
3153
3154 static int wl1271_op_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
3155 {
3156         struct wl1271 *wl = hw->priv;
3157         struct wl12xx_vif *wlvif;
3158         int ret = 0;
3159
3160         mutex_lock(&wl->mutex);
3161
3162         if (unlikely(wl->state == WL1271_STATE_OFF)) {
3163                 ret = -EAGAIN;
3164                 goto out;
3165         }
3166
3167         ret = wl1271_ps_elp_wakeup(wl);
3168         if (ret < 0)
3169                 goto out;
3170
3171         wl12xx_for_each_wlvif(wl, wlvif) {
3172                 ret = wl1271_acx_rts_threshold(wl, wlvif, value);
3173                 if (ret < 0)
3174                         wl1271_warning("set rts threshold failed: %d", ret);
3175         }
3176         wl1271_ps_elp_sleep(wl);
3177
3178 out:
3179         mutex_unlock(&wl->mutex);
3180
3181         return ret;
3182 }
3183
3184 static int wl1271_ssid_set(struct ieee80211_vif *vif, struct sk_buff *skb,
3185                             int offset)
3186 {
3187         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3188         u8 ssid_len;
3189         const u8 *ptr = cfg80211_find_ie(WLAN_EID_SSID, skb->data + offset,
3190                                          skb->len - offset);
3191
3192         if (!ptr) {
3193                 wl1271_error("No SSID in IEs!");
3194                 return -ENOENT;
3195         }
3196
3197         ssid_len = ptr[1];
3198         if (ssid_len > IEEE80211_MAX_SSID_LEN) {
3199                 wl1271_error("SSID is too long!");
3200                 return -EINVAL;
3201         }
3202
3203         wlvif->ssid_len = ssid_len;
3204         memcpy(wlvif->ssid, ptr+2, ssid_len);
3205         return 0;
3206 }
3207
3208 static void wl12xx_remove_ie(struct sk_buff *skb, u8 eid, int ieoffset)
3209 {
3210         int len;
3211         const u8 *next, *end = skb->data + skb->len;
3212         u8 *ie = (u8 *)cfg80211_find_ie(eid, skb->data + ieoffset,
3213                                         skb->len - ieoffset);
3214         if (!ie)
3215                 return;
3216         len = ie[1] + 2;
3217         next = ie + len;
3218         memmove(ie, next, end - next);
3219         skb_trim(skb, skb->len - len);
3220 }
3221
3222 static void wl12xx_remove_vendor_ie(struct sk_buff *skb,
3223                                             unsigned int oui, u8 oui_type,
3224                                             int ieoffset)
3225 {
3226         int len;
3227         const u8 *next, *end = skb->data + skb->len;
3228         u8 *ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
3229                                                skb->data + ieoffset,
3230                                                skb->len - ieoffset);
3231         if (!ie)
3232                 return;
3233         len = ie[1] + 2;
3234         next = ie + len;
3235         memmove(ie, next, end - next);
3236         skb_trim(skb, skb->len - len);
3237 }
3238
3239 static int wl1271_ap_set_probe_resp_tmpl(struct wl1271 *wl, u32 rates,
3240                                          struct ieee80211_vif *vif)
3241 {
3242         struct sk_buff *skb;
3243         int ret;
3244
3245         skb = ieee80211_proberesp_get(wl->hw, vif);
3246         if (!skb)
3247                 return -EOPNOTSUPP;
3248
3249         ret = wl1271_cmd_template_set(wl,
3250                                       CMD_TEMPL_AP_PROBE_RESPONSE,
3251                                       skb->data,
3252                                       skb->len, 0,
3253                                       rates);
3254
3255         dev_kfree_skb(skb);
3256         return ret;
3257 }
3258
3259 static int wl1271_ap_set_probe_resp_tmpl_legacy(struct wl1271 *wl,
3260                                              struct ieee80211_vif *vif,
3261                                              u8 *probe_rsp_data,
3262                                              size_t probe_rsp_len,
3263                                              u32 rates)
3264 {
3265         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3266         struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
3267         u8 probe_rsp_templ[WL1271_CMD_TEMPL_MAX_SIZE];
3268         int ssid_ie_offset, ie_offset, templ_len;
3269         const u8 *ptr;
3270
3271         /* no need to change probe response if the SSID is set correctly */
3272         if (wlvif->ssid_len > 0)
3273                 return wl1271_cmd_template_set(wl,
3274                                                CMD_TEMPL_AP_PROBE_RESPONSE,
3275                                                probe_rsp_data,
3276                                                probe_rsp_len, 0,
3277                                                rates);
3278
3279         if (probe_rsp_len + bss_conf->ssid_len > WL1271_CMD_TEMPL_MAX_SIZE) {
3280                 wl1271_error("probe_rsp template too big");
3281                 return -EINVAL;
3282         }
3283
3284         /* start searching from IE offset */
3285         ie_offset = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
3286
3287         ptr = cfg80211_find_ie(WLAN_EID_SSID, probe_rsp_data + ie_offset,
3288                                probe_rsp_len - ie_offset);
3289         if (!ptr) {
3290                 wl1271_error("No SSID in beacon!");
3291                 return -EINVAL;
3292         }
3293
3294         ssid_ie_offset = ptr - probe_rsp_data;
3295         ptr += (ptr[1] + 2);
3296
3297         memcpy(probe_rsp_templ, probe_rsp_data, ssid_ie_offset);
3298
3299         /* insert SSID from bss_conf */
3300         probe_rsp_templ[ssid_ie_offset] = WLAN_EID_SSID;
3301         probe_rsp_templ[ssid_ie_offset + 1] = bss_conf->ssid_len;
3302         memcpy(probe_rsp_templ + ssid_ie_offset + 2,
3303                bss_conf->ssid, bss_conf->ssid_len);
3304         templ_len = ssid_ie_offset + 2 + bss_conf->ssid_len;
3305
3306         memcpy(probe_rsp_templ + ssid_ie_offset + 2 + bss_conf->ssid_len,
3307                ptr, probe_rsp_len - (ptr - probe_rsp_data));
3308         templ_len += probe_rsp_len - (ptr - probe_rsp_data);
3309
3310         return wl1271_cmd_template_set(wl,
3311                                        CMD_TEMPL_AP_PROBE_RESPONSE,
3312                                        probe_rsp_templ,
3313                                        templ_len, 0,
3314                                        rates);
3315 }
3316
3317 static int wl1271_bss_erp_info_changed(struct wl1271 *wl,
3318                                        struct ieee80211_vif *vif,
3319                                        struct ieee80211_bss_conf *bss_conf,
3320                                        u32 changed)
3321 {
3322         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3323         int ret = 0;
3324
3325         if (changed & BSS_CHANGED_ERP_SLOT) {
3326                 if (bss_conf->use_short_slot)
3327                         ret = wl1271_acx_slot(wl, wlvif, SLOT_TIME_SHORT);
3328                 else
3329                         ret = wl1271_acx_slot(wl, wlvif, SLOT_TIME_LONG);
3330                 if (ret < 0) {
3331                         wl1271_warning("Set slot time failed %d", ret);
3332                         goto out;
3333                 }
3334         }
3335
3336         if (changed & BSS_CHANGED_ERP_PREAMBLE) {
3337                 if (bss_conf->use_short_preamble)
3338                         wl1271_acx_set_preamble(wl, wlvif, ACX_PREAMBLE_SHORT);
3339                 else
3340                         wl1271_acx_set_preamble(wl, wlvif, ACX_PREAMBLE_LONG);
3341         }
3342
3343         if (changed & BSS_CHANGED_ERP_CTS_PROT) {
3344                 if (bss_conf->use_cts_prot)
3345                         ret = wl1271_acx_cts_protect(wl, wlvif,
3346                                                      CTSPROTECT_ENABLE);
3347                 else
3348                         ret = wl1271_acx_cts_protect(wl, wlvif,
3349                                                      CTSPROTECT_DISABLE);
3350                 if (ret < 0) {
3351                         wl1271_warning("Set ctsprotect failed %d", ret);
3352                         goto out;
3353                 }
3354         }
3355
3356 out:
3357         return ret;
3358 }
3359
3360 static int wl1271_bss_beacon_info_changed(struct wl1271 *wl,
3361                                           struct ieee80211_vif *vif,
3362                                           struct ieee80211_bss_conf *bss_conf,
3363                                           u32 changed)
3364 {
3365         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3366         bool is_ap = (wlvif->bss_type == BSS_TYPE_AP_BSS);
3367         int ret = 0;
3368
3369         if ((changed & BSS_CHANGED_BEACON_INT)) {
3370                 wl1271_debug(DEBUG_MASTER, "beacon interval updated: %d",
3371                         bss_conf->beacon_int);
3372
3373                 wlvif->beacon_int = bss_conf->beacon_int;
3374         }
3375
3376         if ((changed & BSS_CHANGED_AP_PROBE_RESP) && is_ap) {
3377                 u32 rate = wl1271_tx_min_rate_get(wl, wlvif->basic_rate_set);
3378                 if (!wl1271_ap_set_probe_resp_tmpl(wl, rate, vif)) {
3379                         wl1271_debug(DEBUG_AP, "probe response updated");
3380                         set_bit(WLVIF_FLAG_AP_PROBE_RESP_SET, &wlvif->flags);
3381                 }
3382         }
3383
3384         if ((changed & BSS_CHANGED_BEACON)) {
3385                 struct ieee80211_hdr *hdr;
3386                 u32 min_rate;
3387                 int ieoffset = offsetof(struct ieee80211_mgmt,
3388                                         u.beacon.variable);
3389                 struct sk_buff *beacon = ieee80211_beacon_get(wl->hw, vif);
3390                 u16 tmpl_id;
3391
3392                 if (!beacon) {
3393                         ret = -EINVAL;
3394                         goto out;
3395                 }
3396
3397                 wl1271_debug(DEBUG_MASTER, "beacon updated");
3398
3399                 ret = wl1271_ssid_set(vif, beacon, ieoffset);
3400                 if (ret < 0) {
3401                         dev_kfree_skb(beacon);
3402                         goto out;
3403                 }
3404                 min_rate = wl1271_tx_min_rate_get(wl, wlvif->basic_rate_set);
3405                 tmpl_id = is_ap ? CMD_TEMPL_AP_BEACON :
3406                                   CMD_TEMPL_BEACON;
3407                 ret = wl1271_cmd_template_set(wl, tmpl_id,
3408                                               beacon->data,
3409                                               beacon->len, 0,
3410                                               min_rate);
3411                 if (ret < 0) {
3412                         dev_kfree_skb(beacon);
3413                         goto out;
3414                 }
3415
3416                 /*
3417                  * In case we already have a probe-resp beacon set explicitly
3418                  * by usermode, don't use the beacon data.
3419                  */
3420                 if (test_bit(WLVIF_FLAG_AP_PROBE_RESP_SET, &wlvif->flags))
3421                         goto end_bcn;
3422
3423                 /* remove TIM ie from probe response */
3424                 wl12xx_remove_ie(beacon, WLAN_EID_TIM, ieoffset);
3425
3426                 /*
3427                  * remove p2p ie from probe response.
3428                  * the fw reponds to probe requests that don't include
3429                  * the p2p ie. probe requests with p2p ie will be passed,
3430                  * and will be responded by the supplicant (the spec
3431                  * forbids including the p2p ie when responding to probe
3432                  * requests that didn't include it).
3433                  */
3434                 wl12xx_remove_vendor_ie(beacon, WLAN_OUI_WFA,
3435                                         WLAN_OUI_TYPE_WFA_P2P, ieoffset);
3436
3437                 hdr = (struct ieee80211_hdr *) beacon->data;
3438                 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
3439                                                  IEEE80211_STYPE_PROBE_RESP);
3440                 if (is_ap)
3441                         ret = wl1271_ap_set_probe_resp_tmpl_legacy(wl, vif,
3442                                                 beacon->data,
3443                                                 beacon->len,
3444                                                 min_rate);
3445                 else
3446                         ret = wl1271_cmd_template_set(wl,
3447                                                 CMD_TEMPL_PROBE_RESPONSE,
3448                                                 beacon->data,
3449                                                 beacon->len, 0,
3450                                                 min_rate);
3451 end_bcn:
3452                 dev_kfree_skb(beacon);
3453                 if (ret < 0)
3454                         goto out;
3455         }
3456
3457 out:
3458         if (ret != 0)
3459                 wl1271_error("beacon info change failed: %d", ret);
3460         return ret;
3461 }
3462
3463 /* AP mode changes */
3464 static void wl1271_bss_info_changed_ap(struct wl1271 *wl,
3465                                        struct ieee80211_vif *vif,
3466                                        struct ieee80211_bss_conf *bss_conf,
3467                                        u32 changed)
3468 {
3469         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3470         int ret = 0;
3471
3472         if ((changed & BSS_CHANGED_BASIC_RATES)) {
3473                 u32 rates = bss_conf->basic_rates;
3474
3475                 wlvif->basic_rate_set = wl1271_tx_enabled_rates_get(wl, rates,
3476                                                                  wlvif->band);
3477                 wlvif->basic_rate = wl1271_tx_min_rate_get(wl,
3478                                                         wlvif->basic_rate_set);
3479
3480                 ret = wl1271_init_ap_rates(wl, wlvif);
3481                 if (ret < 0) {
3482                         wl1271_error("AP rate policy change failed %d", ret);
3483                         goto out;
3484                 }
3485
3486                 ret = wl1271_ap_init_templates(wl, vif);
3487                 if (ret < 0)
3488                         goto out;
3489         }
3490
3491         ret = wl1271_bss_beacon_info_changed(wl, vif, bss_conf, changed);
3492         if (ret < 0)
3493                 goto out;
3494
3495         if ((changed & BSS_CHANGED_BEACON_ENABLED)) {
3496                 if (bss_conf->enable_beacon) {
3497                         if (!test_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags)) {
3498                                 ret = wl12xx_cmd_role_start_ap(wl, wlvif);
3499                                 if (ret < 0)
3500                                         goto out;
3501
3502                                 ret = wl1271_ap_init_hwenc(wl, wlvif);
3503                                 if (ret < 0)
3504                                         goto out;
3505
3506                                 set_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags);
3507                                 wl1271_debug(DEBUG_AP, "started AP");
3508                         }
3509                 } else {
3510                         if (test_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags)) {
3511                                 ret = wl12xx_cmd_role_stop_ap(wl, wlvif);
3512                                 if (ret < 0)
3513                                         goto out;
3514
3515                                 clear_bit(WLVIF_FLAG_AP_STARTED, &wlvif->flags);
3516                                 clear_bit(WLVIF_FLAG_AP_PROBE_RESP_SET,
3517                                           &wlvif->flags);
3518                                 wl1271_debug(DEBUG_AP, "stopped AP");
3519                         }
3520                 }
3521         }
3522
3523         ret = wl1271_bss_erp_info_changed(wl, vif, bss_conf, changed);
3524         if (ret < 0)
3525                 goto out;
3526
3527         /* Handle HT information change */
3528         if ((changed & BSS_CHANGED_HT) &&
3529             (bss_conf->channel_type != NL80211_CHAN_NO_HT)) {
3530                 ret = wl1271_acx_set_ht_information(wl, wlvif,
3531                                         bss_conf->ht_operation_mode);
3532                 if (ret < 0) {
3533                         wl1271_warning("Set ht information failed %d", ret);
3534                         goto out;
3535                 }
3536         }
3537
3538 out:
3539         return;
3540 }
3541
3542 /* STA/IBSS mode changes */
3543 static void wl1271_bss_info_changed_sta(struct wl1271 *wl,
3544                                         struct ieee80211_vif *vif,
3545                                         struct ieee80211_bss_conf *bss_conf,
3546                                         u32 changed)
3547 {
3548         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3549         bool do_join = false, set_assoc = false;
3550         bool is_ibss = (wlvif->bss_type == BSS_TYPE_IBSS);
3551         bool ibss_joined = false;
3552         u32 sta_rate_set = 0;
3553         int ret;
3554         struct ieee80211_sta *sta;
3555         bool sta_exists = false;
3556         struct ieee80211_sta_ht_cap sta_ht_cap;
3557
3558         if (is_ibss) {
3559                 ret = wl1271_bss_beacon_info_changed(wl, vif, bss_conf,
3560                                                      changed);
3561                 if (ret < 0)
3562                         goto out;
3563         }
3564
3565         if (changed & BSS_CHANGED_IBSS) {
3566                 if (bss_conf->ibss_joined) {
3567                         set_bit(WLVIF_FLAG_IBSS_JOINED, &wlvif->flags);
3568                         ibss_joined = true;
3569                 } else {
3570                         if (test_and_clear_bit(WLVIF_FLAG_IBSS_JOINED,
3571                                                &wlvif->flags)) {
3572                                 wl1271_unjoin(wl, wlvif);
3573                                 wl12xx_start_dev(wl, wlvif);
3574                         }
3575                 }
3576         }
3577
3578         if ((changed & BSS_CHANGED_BEACON_INT) && ibss_joined)
3579                 do_join = true;
3580
3581         /* Need to update the SSID (for filtering etc) */
3582         if ((changed & BSS_CHANGED_BEACON) && ibss_joined)
3583                 do_join = true;
3584
3585         if ((changed & BSS_CHANGED_BEACON_ENABLED) && ibss_joined) {
3586                 wl1271_debug(DEBUG_ADHOC, "ad-hoc beaconing: %s",
3587                              bss_conf->enable_beacon ? "enabled" : "disabled");
3588
3589                 do_join = true;
3590         }
3591
3592         if (changed & BSS_CHANGED_IDLE) {
3593                 ret = wl1271_sta_handle_idle(wl, wlvif, bss_conf->idle);
3594                 if (ret < 0)
3595                         wl1271_warning("idle mode change failed %d", ret);
3596         }
3597
3598         if ((changed & BSS_CHANGED_CQM)) {
3599                 bool enable = false;
3600                 if (bss_conf->cqm_rssi_thold)
3601                         enable = true;
3602                 ret = wl1271_acx_rssi_snr_trigger(wl, wlvif, enable,
3603                                                   bss_conf->cqm_rssi_thold,
3604                                                   bss_conf->cqm_rssi_hyst);
3605                 if (ret < 0)
3606                         goto out;
3607                 wlvif->rssi_thold = bss_conf->cqm_rssi_thold;
3608         }
3609
3610         if (changed & BSS_CHANGED_BSSID)
3611                 if (!is_zero_ether_addr(bss_conf->bssid)) {
3612                         ret = wl12xx_cmd_build_null_data(wl, wlvif);
3613                         if (ret < 0)
3614                                 goto out;
3615
3616                         ret = wl1271_build_qos_null_data(wl, vif);
3617                         if (ret < 0)
3618                                 goto out;
3619
3620                         /* Need to update the BSSID (for filtering etc) */
3621                         do_join = true;
3622                 }
3623
3624         if (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_HT)) {
3625                 rcu_read_lock();
3626                 sta = ieee80211_find_sta(vif, bss_conf->bssid);
3627                 if (!sta)
3628                         goto sta_not_found;
3629
3630                 /* save the supp_rates of the ap */
3631                 sta_rate_set = sta->supp_rates[wl->hw->conf.channel->band];
3632                 if (sta->ht_cap.ht_supported)
3633                         sta_rate_set |=
3634                             (sta->ht_cap.mcs.rx_mask[0] << HW_HT_RATES_OFFSET);
3635                 sta_ht_cap = sta->ht_cap;
3636                 sta_exists = true;
3637
3638 sta_not_found:
3639                 rcu_read_unlock();
3640         }
3641
3642         if ((changed & BSS_CHANGED_ASSOC)) {
3643                 if (bss_conf->assoc) {
3644                         u32 rates;
3645                         int ieoffset;
3646                         wlvif->aid = bss_conf->aid;
3647                         set_assoc = true;
3648
3649                         wlvif->ps_poll_failures = 0;
3650
3651                         /*
3652                          * use basic rates from AP, and determine lowest rate
3653                          * to use with control frames.
3654                          */
3655                         rates = bss_conf->basic_rates;
3656                         wlvif->basic_rate_set =
3657                                 wl1271_tx_enabled_rates_get(wl, rates,
3658                                                             wlvif->band);
3659                         wlvif->basic_rate =
3660                                 wl1271_tx_min_rate_get(wl,
3661                                                        wlvif->basic_rate_set);
3662                         if (sta_rate_set)
3663                                 wlvif->rate_set =
3664                                         wl1271_tx_enabled_rates_get(wl,
3665                                                                 sta_rate_set,
3666                                                                 wlvif->band);
3667                         ret = wl1271_acx_sta_rate_policies(wl, wlvif);
3668                         if (ret < 0)
3669                                 goto out;
3670
3671                         /*
3672                          * with wl1271, we don't need to update the
3673                          * beacon_int and dtim_period, because the firmware
3674                          * updates it by itself when the first beacon is
3675                          * received after a join.
3676                          */
3677                         ret = wl1271_cmd_build_ps_poll(wl, wlvif, wlvif->aid);
3678                         if (ret < 0)
3679                                 goto out;
3680
3681                         /*
3682                          * Get a template for hardware connection maintenance
3683                          */
3684                         dev_kfree_skb(wlvif->probereq);
3685                         wlvif->probereq = wl1271_cmd_build_ap_probe_req(wl,
3686                                                                         wlvif,
3687                                                                         NULL);
3688                         ieoffset = offsetof(struct ieee80211_mgmt,
3689                                             u.probe_req.variable);
3690                         wl1271_ssid_set(vif, wlvif->probereq, ieoffset);
3691
3692                         /* enable the connection monitoring feature */
3693                         ret = wl1271_acx_conn_monit_params(wl, wlvif, true);
3694                         if (ret < 0)
3695                                 goto out;
3696                 } else {
3697                         /* use defaults when not associated */
3698                         bool was_assoc =
3699                             !!test_and_clear_bit(WLVIF_FLAG_STA_ASSOCIATED,
3700                                                  &wlvif->flags);
3701                         bool was_ifup =
3702                             !!test_and_clear_bit(WLVIF_FLAG_STA_STATE_SENT,
3703                                                  &wlvif->flags);
3704                         wlvif->aid = 0;
3705
3706                         /* free probe-request template */
3707                         dev_kfree_skb(wlvif->probereq);
3708                         wlvif->probereq = NULL;
3709
3710                         /* re-enable dynamic ps - just in case */
3711                         ieee80211_enable_dyn_ps(vif);
3712
3713                         /* revert back to minimum rates for the current band */
3714                         wl1271_set_band_rate(wl, wlvif);
3715                         wlvif->basic_rate =
3716                                 wl1271_tx_min_rate_get(wl,
3717                                                        wlvif->basic_rate_set);
3718                         ret = wl1271_acx_sta_rate_policies(wl, wlvif);
3719                         if (ret < 0)
3720                                 goto out;
3721
3722                         /* disable connection monitor features */
3723                         ret = wl1271_acx_conn_monit_params(wl, wlvif, false);
3724
3725                         /* Disable the keep-alive feature */
3726                         ret = wl1271_acx_keep_alive_mode(wl, wlvif, false);
3727                         if (ret < 0)
3728                                 goto out;
3729
3730                         /* restore the bssid filter and go to dummy bssid */
3731                         if (was_assoc) {
3732                                 u32 conf_flags = wl->hw->conf.flags;
3733                                 /*
3734                                  * we might have to disable roc, if there was
3735                                  * no IF_OPER_UP notification.
3736                                  */
3737                                 if (!was_ifup) {
3738                                         ret = wl12xx_croc(wl, wlvif->role_id);
3739                                         if (ret < 0)
3740                                                 goto out;
3741                                 }
3742                                 /*
3743                                  * (we also need to disable roc in case of
3744                                  * roaming on the same channel. until we will
3745                                  * have a better flow...)
3746                                  */
3747                                 if (test_bit(wlvif->dev_role_id, wl->roc_map)) {
3748                                         ret = wl12xx_croc(wl,
3749                                                           wlvif->dev_role_id);
3750                                         if (ret < 0)
3751                                                 goto out;
3752                                 }
3753
3754                                 wl1271_unjoin(wl, wlvif);
3755                                 if (!(conf_flags & IEEE80211_CONF_IDLE))
3756                                         wl12xx_start_dev(wl, wlvif);
3757                         }
3758                 }
3759         }
3760
3761         if (changed & BSS_CHANGED_IBSS) {
3762                 wl1271_debug(DEBUG_ADHOC, "ibss_joined: %d",
3763                              bss_conf->ibss_joined);
3764
3765                 if (bss_conf->ibss_joined) {
3766                         u32 rates = bss_conf->basic_rates;
3767                         wlvif->basic_rate_set =
3768                                 wl1271_tx_enabled_rates_get(wl, rates,
3769                                                             wlvif->band);
3770                         wlvif->basic_rate =
3771                                 wl1271_tx_min_rate_get(wl,
3772                                                        wlvif->basic_rate_set);
3773
3774                         /* by default, use 11b + OFDM rates */
3775                         wlvif->rate_set = CONF_TX_IBSS_DEFAULT_RATES;
3776                         ret = wl1271_acx_sta_rate_policies(wl, wlvif);
3777                         if (ret < 0)
3778                                 goto out;
3779                 }
3780         }
3781
3782         ret = wl1271_bss_erp_info_changed(wl, vif, bss_conf, changed);
3783         if (ret < 0)
3784                 goto out;
3785
3786         if (changed & BSS_CHANGED_ARP_FILTER) {
3787                 __be32 addr = bss_conf->arp_addr_list[0];
3788                 WARN_ON(wlvif->bss_type != BSS_TYPE_STA_BSS);
3789
3790                 if (bss_conf->arp_addr_cnt == 1 &&
3791                     bss_conf->arp_filter_enabled) {
3792                         /*
3793                          * The template should have been configured only upon
3794                          * association. however, it seems that the correct ip
3795                          * isn't being set (when sending), so we have to
3796                          * reconfigure the template upon every ip change.
3797                          */
3798                         ret = wl1271_cmd_build_arp_rsp(wl, wlvif, addr);
3799                         if (ret < 0) {
3800                                 wl1271_warning("build arp rsp failed: %d", ret);
3801                                 goto out;
3802                         }
3803
3804                         ret = wl1271_acx_arp_ip_filter(wl, wlvif,
3805                                 ACX_ARP_FILTER_ARP_FILTERING,
3806                                 addr);
3807                 } else
3808                         ret = wl1271_acx_arp_ip_filter(wl, wlvif, 0, addr);
3809
3810                 if (ret < 0)
3811                         goto out;
3812         }
3813
3814         if (do_join) {
3815                 ret = wl1271_join(wl, wlvif, set_assoc);
3816                 if (ret < 0) {
3817                         wl1271_warning("cmd join failed %d", ret);
3818                         goto out;
3819                 }
3820
3821                 /* ROC until connected (after EAPOL exchange) */
3822                 if (!is_ibss) {
3823                         ret = wl12xx_roc(wl, wlvif, wlvif->role_id);
3824                         if (ret < 0)
3825                                 goto out;
3826
3827                         wl1271_check_operstate(wl, wlvif,
3828                                                ieee80211_get_operstate(vif));
3829                 }
3830                 /*
3831                  * stop device role if started (we might already be in
3832                  * STA role). TODO: make it better.
3833                  */
3834                 if (wlvif->dev_role_id != WL12XX_INVALID_ROLE_ID) {
3835                         ret = wl12xx_stop_dev(wl, wlvif);
3836                         if (ret < 0)
3837                                 goto out;
3838                 }
3839
3840                 /* If we want to go in PSM but we're not there yet */
3841                 if (test_bit(WLVIF_FLAG_PSM_REQUESTED, &wlvif->flags) &&
3842                     !test_bit(WLVIF_FLAG_PSM, &wlvif->flags)) {
3843                         enum wl1271_cmd_ps_mode mode;
3844
3845                         mode = STATION_POWER_SAVE_MODE;
3846                         ret = wl1271_ps_set_mode(wl, wlvif, mode,
3847                                                  wlvif->basic_rate,
3848                                                  true);
3849                         if (ret < 0)
3850                                 goto out;
3851                 }
3852         }
3853
3854         /* Handle new association with HT. Do this after join. */
3855         if (sta_exists) {
3856                 if ((changed & BSS_CHANGED_HT) &&
3857                     (bss_conf->channel_type != NL80211_CHAN_NO_HT)) {
3858                         ret = wl1271_acx_set_ht_capabilities(wl,
3859                                                              &sta_ht_cap,
3860                                                              true,
3861                                                              wlvif->sta.hlid);
3862                         if (ret < 0) {
3863                                 wl1271_warning("Set ht cap true failed %d",
3864                                                ret);
3865                                 goto out;
3866                         }
3867                 }
3868                 /* handle new association without HT and disassociation */
3869                 else if (changed & BSS_CHANGED_ASSOC) {
3870                         ret = wl1271_acx_set_ht_capabilities(wl,
3871                                                              &sta_ht_cap,
3872                                                              false,
3873                                                              wlvif->sta.hlid);
3874                         if (ret < 0) {
3875                                 wl1271_warning("Set ht cap false failed %d",
3876                                                ret);
3877                                 goto out;
3878                         }
3879                 }
3880         }
3881
3882         /* Handle HT information change. Done after join. */
3883         if ((changed & BSS_CHANGED_HT) &&
3884             (bss_conf->channel_type != NL80211_CHAN_NO_HT)) {
3885                 ret = wl1271_acx_set_ht_information(wl, wlvif,
3886                                         bss_conf->ht_operation_mode);
3887                 if (ret < 0) {
3888                         wl1271_warning("Set ht information failed %d", ret);
3889                         goto out;
3890                 }
3891         }
3892
3893 out:
3894         return;
3895 }
3896
3897 static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
3898                                        struct ieee80211_vif *vif,
3899                                        struct ieee80211_bss_conf *bss_conf,
3900                                        u32 changed)
3901 {
3902         struct wl1271 *wl = hw->priv;
3903         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3904         bool is_ap = (wlvif->bss_type == BSS_TYPE_AP_BSS);
3905         int ret;
3906
3907         wl1271_debug(DEBUG_MAC80211, "mac80211 bss info changed 0x%x",
3908                      (int)changed);
3909
3910         mutex_lock(&wl->mutex);
3911
3912         if (unlikely(wl->state == WL1271_STATE_OFF))
3913                 goto out;
3914
3915         if (unlikely(!test_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags)))
3916                 goto out;
3917
3918         ret = wl1271_ps_elp_wakeup(wl);
3919         if (ret < 0)
3920                 goto out;
3921
3922         if (is_ap)
3923                 wl1271_bss_info_changed_ap(wl, vif, bss_conf, changed);
3924         else
3925                 wl1271_bss_info_changed_sta(wl, vif, bss_conf, changed);
3926
3927         wl1271_ps_elp_sleep(wl);
3928
3929 out:
3930         mutex_unlock(&wl->mutex);
3931 }
3932
3933 static int wl1271_op_conf_tx(struct ieee80211_hw *hw,
3934                              struct ieee80211_vif *vif, u16 queue,
3935                              const struct ieee80211_tx_queue_params *params)
3936 {
3937         struct wl1271 *wl = hw->priv;
3938         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
3939         u8 ps_scheme;
3940         int ret = 0;
3941
3942         mutex_lock(&wl->mutex);
3943
3944         wl1271_debug(DEBUG_MAC80211, "mac80211 conf tx %d", queue);
3945
3946         if (params->uapsd)
3947                 ps_scheme = CONF_PS_SCHEME_UPSD_TRIGGER;
3948         else
3949                 ps_scheme = CONF_PS_SCHEME_LEGACY;
3950
3951         if (wl->state == WL1271_STATE_OFF) {
3952                 /*
3953                  * If the state is off, the parameters will be recorded and
3954                  * configured on init. This happens in AP-mode.
3955                  */
3956                 struct conf_tx_ac_category *conf_ac =
3957                         &wl->conf.tx.ac_conf[wl1271_tx_get_queue(queue)];
3958                 struct conf_tx_tid *conf_tid =
3959                         &wl->conf.tx.tid_conf[wl1271_tx_get_queue(queue)];
3960
3961                 conf_ac->ac = wl1271_tx_get_queue(queue);
3962                 conf_ac->cw_min = (u8)params->cw_min;
3963                 conf_ac->cw_max = params->cw_max;
3964                 conf_ac->aifsn = params->aifs;
3965                 conf_ac->tx_op_limit = params->txop << 5;
3966
3967                 conf_tid->queue_id = wl1271_tx_get_queue(queue);
3968                 conf_tid->channel_type = CONF_CHANNEL_TYPE_EDCF;
3969                 conf_tid->tsid = wl1271_tx_get_queue(queue);
3970                 conf_tid->ps_scheme = ps_scheme;
3971                 conf_tid->ack_policy = CONF_ACK_POLICY_LEGACY;
3972                 conf_tid->apsd_conf[0] = 0;
3973                 conf_tid->apsd_conf[1] = 0;
3974                 goto out;
3975         }
3976
3977         ret = wl1271_ps_elp_wakeup(wl);
3978         if (ret < 0)
3979                 goto out;
3980
3981         /*
3982          * the txop is confed in units of 32us by the mac80211,
3983          * we need us
3984          */
3985         ret = wl1271_acx_ac_cfg(wl, wlvif, wl1271_tx_get_queue(queue),
3986                                 params->cw_min, params->cw_max,
3987                                 params->aifs, params->txop << 5);
3988         if (ret < 0)
3989                 goto out_sleep;
3990
3991         ret = wl1271_acx_tid_cfg(wl, wlvif, wl1271_tx_get_queue(queue),
3992                                  CONF_CHANNEL_TYPE_EDCF,
3993                                  wl1271_tx_get_queue(queue),
3994                                  ps_scheme, CONF_ACK_POLICY_LEGACY,
3995                                  0, 0);
3996
3997 out_sleep:
3998         wl1271_ps_elp_sleep(wl);
3999
4000 out:
4001         mutex_unlock(&wl->mutex);
4002
4003         return ret;
4004 }
4005
4006 static u64 wl1271_op_get_tsf(struct ieee80211_hw *hw,
4007                              struct ieee80211_vif *vif)
4008 {
4009
4010         struct wl1271 *wl = hw->priv;
4011         u64 mactime = ULLONG_MAX;
4012         int ret;
4013
4014         wl1271_debug(DEBUG_MAC80211, "mac80211 get tsf");
4015
4016         mutex_lock(&wl->mutex);
4017
4018         if (unlikely(wl->state == WL1271_STATE_OFF))
4019                 goto out;
4020
4021         ret = wl1271_ps_elp_wakeup(wl);
4022         if (ret < 0)
4023                 goto out;
4024
4025         ret = wl1271_acx_tsf_info(wl, &mactime);
4026         if (ret < 0)
4027                 goto out_sleep;
4028
4029 out_sleep:
4030         wl1271_ps_elp_sleep(wl);
4031
4032 out:
4033         mutex_unlock(&wl->mutex);
4034         return mactime;
4035 }
4036
4037 static int wl1271_op_get_survey(struct ieee80211_hw *hw, int idx,
4038                                 struct survey_info *survey)
4039 {
4040         struct wl1271 *wl = hw->priv;
4041         struct ieee80211_conf *conf = &hw->conf;
4042
4043         if (idx != 0)
4044                 return -ENOENT;
4045
4046         survey->channel = conf->channel;
4047         survey->filled = SURVEY_INFO_NOISE_DBM;
4048         survey->noise = wl->noise;
4049
4050         return 0;
4051 }
4052
4053 static int wl1271_allocate_sta(struct wl1271 *wl,
4054                              struct wl12xx_vif *wlvif,
4055                              struct ieee80211_sta *sta)
4056 {
4057         struct wl1271_station *wl_sta;
4058         int ret;
4059
4060
4061         if (wl->active_sta_count >= AP_MAX_STATIONS) {
4062                 wl1271_warning("could not allocate HLID - too much stations");
4063                 return -EBUSY;
4064         }
4065
4066         wl_sta = (struct wl1271_station *)sta->drv_priv;
4067         ret = wl12xx_allocate_link(wl, wlvif, &wl_sta->hlid);
4068         if (ret < 0) {
4069                 wl1271_warning("could not allocate HLID - too many links");
4070                 return -EBUSY;
4071         }
4072
4073         set_bit(wl_sta->hlid, wlvif->ap.sta_hlid_map);
4074         memcpy(wl->links[wl_sta->hlid].addr, sta->addr, ETH_ALEN);
4075         wl->active_sta_count++;
4076         return 0;
4077 }
4078
4079 void wl1271_free_sta(struct wl1271 *wl, struct wl12xx_vif *wlvif, u8 hlid)
4080 {
4081         if (!test_bit(hlid, wlvif->ap.sta_hlid_map))
4082                 return;
4083
4084         clear_bit(hlid, wlvif->ap.sta_hlid_map);
4085         memset(wl->links[hlid].addr, 0, ETH_ALEN);
4086         wl->links[hlid].ba_bitmap = 0;
4087         wl1271_tx_reset_link_queues(wl, hlid);
4088         __clear_bit(hlid, &wl->ap_ps_map);
4089         __clear_bit(hlid, (unsigned long *)&wl->ap_fw_ps_map);
4090         wl12xx_free_link(wl, wlvif, &hlid);
4091         wl->active_sta_count--;
4092 }
4093
4094 static int wl1271_op_sta_add(struct ieee80211_hw *hw,
4095                              struct ieee80211_vif *vif,
4096                              struct ieee80211_sta *sta)
4097 {
4098         struct wl1271 *wl = hw->priv;
4099         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
4100         struct wl1271_station *wl_sta;
4101         int ret = 0;
4102         u8 hlid;
4103
4104         mutex_lock(&wl->mutex);
4105
4106         if (unlikely(wl->state == WL1271_STATE_OFF))
4107                 goto out;
4108
4109         if (wlvif->bss_type != BSS_TYPE_AP_BSS)
4110                 goto out;
4111
4112         wl1271_debug(DEBUG_MAC80211, "mac80211 add sta %d", (int)sta->aid);
4113
4114         ret = wl1271_allocate_sta(wl, wlvif, sta);
4115         if (ret < 0)
4116                 goto out;
4117
4118         wl_sta = (struct wl1271_station *)sta->drv_priv;
4119         hlid = wl_sta->hlid;
4120
4121         ret = wl1271_ps_elp_wakeup(wl);
4122         if (ret < 0)
4123                 goto out_free_sta;
4124
4125         ret = wl12xx_cmd_add_peer(wl, wlvif, sta, hlid);
4126         if (ret < 0)
4127                 goto out_sleep;
4128
4129         ret = wl12xx_cmd_set_peer_state(wl, hlid);
4130         if (ret < 0)
4131                 goto out_sleep;
4132
4133         ret = wl1271_acx_set_ht_capabilities(wl, &sta->ht_cap, true, hlid);
4134         if (ret < 0)
4135                 goto out_sleep;
4136
4137 out_sleep:
4138         wl1271_ps_elp_sleep(wl);
4139
4140 out_free_sta:
4141         if (ret < 0)
4142                 wl1271_free_sta(wl, wlvif, hlid);
4143
4144 out:
4145         mutex_unlock(&wl->mutex);
4146         return ret;
4147 }
4148
4149 static int wl1271_op_sta_remove(struct ieee80211_hw *hw,
4150                                 struct ieee80211_vif *vif,
4151                                 struct ieee80211_sta *sta)
4152 {
4153         struct wl1271 *wl = hw->priv;
4154         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
4155         struct wl1271_station *wl_sta;
4156         int ret = 0, id;
4157
4158         mutex_lock(&wl->mutex);
4159
4160         if (unlikely(wl->state == WL1271_STATE_OFF))
4161                 goto out;
4162
4163         if (wlvif->bss_type != BSS_TYPE_AP_BSS)
4164                 goto out;
4165
4166         wl1271_debug(DEBUG_MAC80211, "mac80211 remove sta %d", (int)sta->aid);
4167
4168         wl_sta = (struct wl1271_station *)sta->drv_priv;
4169         id = wl_sta->hlid;
4170         if (WARN_ON(!test_bit(id, wlvif->ap.sta_hlid_map)))
4171                 goto out;
4172
4173         ret = wl1271_ps_elp_wakeup(wl);
4174         if (ret < 0)
4175                 goto out;
4176
4177         ret = wl12xx_cmd_remove_peer(wl, wl_sta->hlid);
4178         if (ret < 0)
4179                 goto out_sleep;
4180
4181         wl1271_free_sta(wl, wlvif, wl_sta->hlid);
4182
4183 out_sleep:
4184         wl1271_ps_elp_sleep(wl);
4185
4186 out:
4187         mutex_unlock(&wl->mutex);
4188         return ret;
4189 }
4190
4191 static int wl1271_op_ampdu_action(struct ieee80211_hw *hw,
4192                                   struct ieee80211_vif *vif,
4193                                   enum ieee80211_ampdu_mlme_action action,
4194                                   struct ieee80211_sta *sta, u16 tid, u16 *ssn,
4195                                   u8 buf_size)
4196 {
4197         struct wl1271 *wl = hw->priv;
4198         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
4199         int ret;
4200         u8 hlid, *ba_bitmap;
4201
4202         wl1271_debug(DEBUG_MAC80211, "mac80211 ampdu action %d tid %d", action,
4203                      tid);
4204
4205         /* sanity check - the fields in FW are only 8bits wide */
4206         if (WARN_ON(tid > 0xFF))
4207                 return -ENOTSUPP;
4208
4209         mutex_lock(&wl->mutex);
4210
4211         if (unlikely(wl->state == WL1271_STATE_OFF)) {
4212                 ret = -EAGAIN;
4213                 goto out;
4214         }
4215
4216         if (wlvif->bss_type == BSS_TYPE_STA_BSS) {
4217                 hlid = wlvif->sta.hlid;
4218                 ba_bitmap = &wlvif->sta.ba_rx_bitmap;
4219         } else if (wlvif->bss_type == BSS_TYPE_AP_BSS) {
4220                 struct wl1271_station *wl_sta;
4221
4222                 wl_sta = (struct wl1271_station *)sta->drv_priv;
4223                 hlid = wl_sta->hlid;
4224                 ba_bitmap = &wl->links[hlid].ba_bitmap;
4225         } else {
4226                 ret = -EINVAL;
4227                 goto out;
4228         }
4229
4230         ret = wl1271_ps_elp_wakeup(wl);
4231         if (ret < 0)
4232                 goto out;
4233
4234         wl1271_debug(DEBUG_MAC80211, "mac80211 ampdu: Rx tid %d action %d",
4235                      tid, action);
4236
4237         switch (action) {
4238         case IEEE80211_AMPDU_RX_START:
4239                 if (!wlvif->ba_support || !wlvif->ba_allowed) {
4240                         ret = -ENOTSUPP;
4241                         break;
4242                 }
4243
4244                 if (wl->ba_rx_session_count >= RX_BA_MAX_SESSIONS) {
4245                         ret = -EBUSY;
4246                         wl1271_error("exceeded max RX BA sessions");
4247                         break;
4248                 }
4249
4250                 if (*ba_bitmap & BIT(tid)) {
4251                         ret = -EINVAL;
4252                         wl1271_error("cannot enable RX BA session on active "
4253                                      "tid: %d", tid);
4254                         break;
4255                 }
4256
4257                 ret = wl12xx_acx_set_ba_receiver_session(wl, tid, *ssn, true,
4258                                                          hlid);
4259                 if (!ret) {
4260                         *ba_bitmap |= BIT(tid);
4261                         wl->ba_rx_session_count++;
4262                 }
4263                 break;
4264
4265         case IEEE80211_AMPDU_RX_STOP:
4266                 if (!(*ba_bitmap & BIT(tid))) {
4267                         ret = -EINVAL;
4268                         wl1271_error("no active RX BA session on tid: %d",
4269                                      tid);
4270                         break;
4271                 }
4272
4273                 ret = wl12xx_acx_set_ba_receiver_session(wl, tid, 0, false,
4274                                                          hlid);
4275                 if (!ret) {
4276                         *ba_bitmap &= ~BIT(tid);
4277                         wl->ba_rx_session_count--;
4278                 }
4279                 break;
4280
4281         /*
4282          * The BA initiator session management in FW independently.
4283          * Falling break here on purpose for all TX APDU commands.
4284          */
4285         case IEEE80211_AMPDU_TX_START:
4286         case IEEE80211_AMPDU_TX_STOP:
4287         case IEEE80211_AMPDU_TX_OPERATIONAL:
4288                 ret = -EINVAL;
4289                 break;
4290
4291         default:
4292                 wl1271_error("Incorrect ampdu action id=%x\n", action);
4293                 ret = -EINVAL;
4294         }
4295
4296         wl1271_ps_elp_sleep(wl);
4297
4298 out:
4299         mutex_unlock(&wl->mutex);
4300
4301         return ret;
4302 }
4303
4304 static int wl12xx_set_bitrate_mask(struct ieee80211_hw *hw,
4305                                    struct ieee80211_vif *vif,
4306                                    const struct cfg80211_bitrate_mask *mask)
4307 {
4308         struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
4309         struct wl1271 *wl = hw->priv;
4310         int i, ret = 0;
4311
4312         wl1271_debug(DEBUG_MAC80211, "mac80211 set_bitrate_mask 0x%x 0x%x",
4313                 mask->control[NL80211_BAND_2GHZ].legacy,
4314                 mask->control[NL80211_BAND_5GHZ].legacy);
4315
4316         mutex_lock(&wl->mutex);
4317
4318         for (i = 0; i < IEEE80211_NUM_BANDS; i++)
4319                 wlvif->bitrate_masks[i] =
4320                         wl1271_tx_enabled_rates_get(wl,
4321                                                     mask->control[i].legacy,
4322                                                     i);
4323
4324         if (unlikely(wl->state == WL1271_STATE_OFF))
4325                 goto out;
4326
4327         if (wlvif->bss_type == BSS_TYPE_STA_BSS &&
4328             !test_bit(WLVIF_FLAG_STA_ASSOCIATED, &wlvif->flags)) {
4329
4330                 ret = wl1271_ps_elp_wakeup(wl);
4331                 if (ret < 0)
4332                         goto out;
4333
4334                 wl1271_set_band_rate(wl, wlvif);
4335                 wlvif->basic_rate =
4336                         wl1271_tx_min_rate_get(wl, wlvif->basic_rate_set);
4337                 ret = wl1271_acx_sta_rate_policies(wl, wlvif);
4338
4339                 wl1271_ps_elp_sleep(wl);
4340         }
4341 out:
4342         mutex_unlock(&wl->mutex);
4343
4344         return ret;
4345 }
4346
4347 static void wl12xx_op_channel_switch(struct ieee80211_hw *hw,
4348                                      struct ieee80211_channel_switch *ch_switch)
4349 {
4350         struct wl1271 *wl = hw->priv;
4351         struct wl12xx_vif *wlvif;
4352         int ret;
4353
4354         wl1271_debug(DEBUG_MAC80211, "mac80211 channel switch");
4355
4356         mutex_lock(&wl->mutex);
4357
4358         if (unlikely(wl->state == WL1271_STATE_OFF)) {
4359                 wl12xx_for_each_wlvif_sta(wl, wlvif) {
4360                         struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
4361                         ieee80211_chswitch_done(vif, false);
4362                 }
4363                 goto out;
4364         }
4365
4366         ret = wl1271_ps_elp_wakeup(wl);
4367         if (ret < 0)
4368                 goto out;
4369
4370         /* TODO: change mac80211 to pass vif as param */
4371         wl12xx_for_each_wlvif_sta(wl, wlvif) {
4372                 ret = wl12xx_cmd_channel_switch(wl, ch_switch);
4373
4374                 if (!ret)
4375                         set_bit(WLVIF_FLAG_CS_PROGRESS, &wlvif->flags);
4376         }
4377
4378         wl1271_ps_elp_sleep(wl);
4379
4380 out:
4381         mutex_unlock(&wl->mutex);
4382 }
4383
4384 static bool wl1271_tx_frames_pending(struct ieee80211_hw *hw)
4385 {
4386         struct wl1271 *wl = hw->priv;
4387         bool ret = false;
4388
4389         mutex_lock(&wl->mutex);
4390
4391         if (unlikely(wl->state == WL1271_STATE_OFF))
4392                 goto out;
4393
4394         /* packets are considered pending if in the TX queue or the FW */
4395         ret = (wl1271_tx_total_queue_count(wl) > 0) || (wl->tx_frames_cnt > 0);
4396 out:
4397         mutex_unlock(&wl->mutex);
4398
4399         return ret;
4400 }
4401
4402 /* can't be const, mac80211 writes to this */
4403 static struct ieee80211_rate wl1271_rates[] = {
4404         { .bitrate = 10,
4405           .hw_value = CONF_HW_BIT_RATE_1MBPS,
4406           .hw_value_short = CONF_HW_BIT_RATE_1MBPS, },
4407         { .bitrate = 20,
4408           .hw_value = CONF_HW_BIT_RATE_2MBPS,
4409           .hw_value_short = CONF_HW_BIT_RATE_2MBPS,
4410           .flags = IEEE80211_RATE_SHORT_PREAMBLE },
4411         { .bitrate = 55,
4412           .hw_value = CONF_HW_BIT_RATE_5_5MBPS,
4413           .hw_value_short = CONF_HW_BIT_RATE_5_5MBPS,
4414           .flags = IEEE80211_RATE_SHORT_PREAMBLE },
4415         { .bitrate = 110,
4416           .hw_value = CONF_HW_BIT_RATE_11MBPS,
4417           .hw_value_short = CONF_HW_BIT_RATE_11MBPS,
4418           .flags = IEEE80211_RATE_SHORT_PREAMBLE },
4419         { .bitrate = 60,
4420           .hw_value = CONF_HW_BIT_RATE_6MBPS,
4421           .hw_value_short = CONF_HW_BIT_RATE_6MBPS, },
4422         { .bitrate = 90,
4423           .hw_value = CONF_HW_BIT_RATE_9MBPS,
4424           .hw_value_short = CONF_HW_BIT_RATE_9MBPS, },
4425         { .bitrate = 120,
4426           .hw_value = CONF_HW_BIT_RATE_12MBPS,
4427           .hw_value_short = CONF_HW_BIT_RATE_12MBPS, },
4428         { .bitrate = 180,
4429           .hw_value = CONF_HW_BIT_RATE_18MBPS,
4430           .hw_value_short = CONF_HW_BIT_RATE_18MBPS, },
4431         { .bitrate = 240,
4432           .hw_value = CONF_HW_BIT_RATE_24MBPS,
4433           .hw_value_short = CONF_HW_BIT_RATE_24MBPS, },
4434         { .bitrate = 360,
4435          .hw_value = CONF_HW_BIT_RATE_36MBPS,
4436          .hw_value_short = CONF_HW_BIT_RATE_36MBPS, },
4437         { .bitrate = 480,
4438           .hw_value = CONF_HW_BIT_RATE_48MBPS,
4439           .hw_value_short = CONF_HW_BIT_RATE_48MBPS, },
4440         { .bitrate = 540,
4441           .hw_value = CONF_HW_BIT_RATE_54MBPS,
4442           .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
4443 };
4444
4445 /* can't be const, mac80211 writes to this */
4446 static struct ieee80211_channel wl1271_channels[] = {
4447         { .hw_value = 1, .center_freq = 2412, .max_power = 25 },
4448         { .hw_value = 2, .center_freq = 2417, .max_power = 25 },
4449         { .hw_value = 3, .center_freq = 2422, .max_power = 25 },
4450         { .hw_value = 4, .center_freq = 2427, .max_power = 25 },
4451         { .hw_value = 5, .center_freq = 2432, .max_power = 25 },
4452         { .hw_value = 6, .center_freq = 2437, .max_power = 25 },
4453         { .hw_value = 7, .center_freq = 2442, .max_power = 25 },
4454         { .hw_value = 8, .center_freq = 2447, .max_power = 25 },
4455         { .hw_value = 9, .center_freq = 2452, .max_power = 25 },
4456         { .hw_value = 10, .center_freq = 2457, .max_power = 25 },
4457         { .hw_value = 11, .center_freq = 2462, .max_power = 25 },
4458         { .hw_value = 12, .center_freq = 2467, .max_power = 25 },
4459         { .hw_value = 13, .center_freq = 2472, .max_power = 25 },
4460         { .hw_value = 14, .center_freq = 2484, .max_power = 25 },
4461 };
4462
4463 /* mapping to indexes for wl1271_rates */
4464 static const u8 wl1271_rate_to_idx_2ghz[] = {
4465         /* MCS rates are used only with 11n */
4466         7,                            /* CONF_HW_RXTX_RATE_MCS7 */
4467         6,                            /* CONF_HW_RXTX_RATE_MCS6 */
4468         5,                            /* CONF_HW_RXTX_RATE_MCS5 */
4469         4,                            /* CONF_HW_RXTX_RATE_MCS4 */
4470         3,                            /* CONF_HW_RXTX_RATE_MCS3 */
4471         2,                            /* CONF_HW_RXTX_RATE_MCS2 */
4472         1,                            /* CONF_HW_RXTX_RATE_MCS1 */
4473         0,                            /* CONF_HW_RXTX_RATE_MCS0 */
4474
4475         11,                            /* CONF_HW_RXTX_RATE_54   */
4476         10,                            /* CONF_HW_RXTX_RATE_48   */
4477         9,                             /* CONF_HW_RXTX_RATE_36   */
4478         8,                             /* CONF_HW_RXTX_RATE_24   */
4479
4480         /* TI-specific rate */
4481         CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_22   */
4482
4483         7,                             /* CONF_HW_RXTX_RATE_18   */
4484         6,                             /* CONF_HW_RXTX_RATE_12   */
4485         3,                             /* CONF_HW_RXTX_RATE_11   */
4486         5,                             /* CONF_HW_RXTX_RATE_9    */
4487         4,                             /* CONF_HW_RXTX_RATE_6    */
4488         2,                             /* CONF_HW_RXTX_RATE_5_5  */
4489         1,                             /* CONF_HW_RXTX_RATE_2    */
4490         0                              /* CONF_HW_RXTX_RATE_1    */
4491 };
4492
4493 /* 11n STA capabilities */
4494 #define HW_RX_HIGHEST_RATE      72
4495
4496 #define WL12XX_HT_CAP { \
4497         .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20 | \
4498                (1 << IEEE80211_HT_CAP_RX_STBC_SHIFT), \
4499         .ht_supported = true, \
4500         .ampdu_factor = IEEE80211_HT_MAX_AMPDU_8K, \
4501         .ampdu_density = IEEE80211_HT_MPDU_DENSITY_8, \
4502         .mcs = { \
4503                 .rx_mask = { 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, }, \
4504                 .rx_highest = cpu_to_le16(HW_RX_HIGHEST_RATE), \
4505                 .tx_params = IEEE80211_HT_MCS_TX_DEFINED, \
4506                 }, \
4507 }
4508
4509 /* can't be const, mac80211 writes to this */
4510 static struct ieee80211_supported_band wl1271_band_2ghz = {
4511         .channels = wl1271_channels,
4512         .n_channels = ARRAY_SIZE(wl1271_channels),
4513         .bitrates = wl1271_rates,
4514         .n_bitrates = ARRAY_SIZE(wl1271_rates),
4515         .ht_cap = WL12XX_HT_CAP,
4516 };
4517
4518 /* 5 GHz data rates for WL1273 */
4519 static struct ieee80211_rate wl1271_rates_5ghz[] = {
4520         { .bitrate = 60,
4521           .hw_value = CONF_HW_BIT_RATE_6MBPS,
4522           .hw_value_short = CONF_HW_BIT_RATE_6MBPS, },
4523         { .bitrate = 90,
4524           .hw_value = CONF_HW_BIT_RATE_9MBPS,
4525           .hw_value_short = CONF_HW_BIT_RATE_9MBPS, },
4526         { .bitrate = 120,
4527           .hw_value = CONF_HW_BIT_RATE_12MBPS,
4528           .hw_value_short = CONF_HW_BIT_RATE_12MBPS, },
4529         { .bitrate = 180,
4530           .hw_value = CONF_HW_BIT_RATE_18MBPS,
4531           .hw_value_short = CONF_HW_BIT_RATE_18MBPS, },
4532         { .bitrate = 240,
4533           .hw_value = CONF_HW_BIT_RATE_24MBPS,
4534           .hw_value_short = CONF_HW_BIT_RATE_24MBPS, },
4535         { .bitrate = 360,
4536          .hw_value = CONF_HW_BIT_RATE_36MBPS,
4537          .hw_value_short = CONF_HW_BIT_RATE_36MBPS, },
4538         { .bitrate = 480,
4539           .hw_value = CONF_HW_BIT_RATE_48MBPS,
4540           .hw_value_short = CONF_HW_BIT_RATE_48MBPS, },
4541         { .bitrate = 540,
4542           .hw_value = CONF_HW_BIT_RATE_54MBPS,
4543           .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
4544 };
4545
4546 /* 5 GHz band channels for WL1273 */
4547 static struct ieee80211_channel wl1271_channels_5ghz[] = {
4548         { .hw_value = 7, .center_freq = 5035, .max_power = 25 },
4549         { .hw_value = 8, .center_freq = 5040, .max_power = 25 },
4550         { .hw_value = 9, .center_freq = 5045, .max_power = 25 },
4551         { .hw_value = 11, .center_freq = 5055, .max_power = 25 },
4552         { .hw_value = 12, .center_freq = 5060, .max_power = 25 },
4553         { .hw_value = 16, .center_freq = 5080, .max_power = 25 },
4554         { .hw_value = 34, .center_freq = 5170, .max_power = 25 },
4555         { .hw_value = 36, .center_freq = 5180, .max_power = 25 },
4556         { .hw_value = 38, .center_freq = 5190, .max_power = 25 },
4557         { .hw_value = 40, .center_freq = 5200, .max_power = 25 },
4558         { .hw_value = 42, .center_freq = 5210, .max_power = 25 },
4559         { .hw_value = 44, .center_freq = 5220, .max_power = 25 },
4560         { .hw_value = 46, .center_freq = 5230, .max_power = 25 },
4561         { .hw_value = 48, .center_freq = 5240, .max_power = 25 },
4562         { .hw_value = 52, .center_freq = 5260, .max_power = 25 },
4563         { .hw_value = 56, .center_freq = 5280, .max_power = 25 },
4564         { .hw_value = 60, .center_freq = 5300, .max_power = 25 },
4565         { .hw_value = 64, .center_freq = 5320, .max_power = 25 },
4566         { .hw_value = 100, .center_freq = 5500, .max_power = 25 },
4567         { .hw_value = 104, .center_freq = 5520, .max_power = 25 },
4568         { .hw_value = 108, .center_freq = 5540, .max_power = 25 },
4569         { .hw_value = 112, .center_freq = 5560, .max_power = 25 },
4570         { .hw_value = 116, .center_freq = 5580, .max_power = 25 },
4571         { .hw_value = 120, .center_freq = 5600, .max_power = 25 },
4572         { .hw_value = 124, .center_freq = 5620, .max_power = 25 },
4573         { .hw_value = 128, .center_freq = 5640, .max_power = 25 },
4574         { .hw_value = 132, .center_freq = 5660, .max_power = 25 },
4575         { .hw_value = 136, .center_freq = 5680, .max_power = 25 },
4576         { .hw_value = 140, .center_freq = 5700, .max_power = 25 },
4577         { .hw_value = 149, .center_freq = 5745, .max_power = 25 },
4578         { .hw_value = 153, .center_freq = 5765, .max_power = 25 },
4579         { .hw_value = 157, .center_freq = 5785, .max_power = 25 },
4580         { .hw_value = 161, .center_freq = 5805, .max_power = 25 },
4581         { .hw_value = 165, .center_freq = 5825, .max_power = 25 },
4582 };
4583
4584 /* mapping to indexes for wl1271_rates_5ghz */
4585 static const u8 wl1271_rate_to_idx_5ghz[] = {
4586         /* MCS rates are used only with 11n */
4587         7,                            /* CONF_HW_RXTX_RATE_MCS7 */
4588         6,                            /* CONF_HW_RXTX_RATE_MCS6 */
4589         5,                            /* CONF_HW_RXTX_RATE_MCS5 */
4590         4,                            /* CONF_HW_RXTX_RATE_MCS4 */
4591         3,                            /* CONF_HW_RXTX_RATE_MCS3 */
4592         2,                            /* CONF_HW_RXTX_RATE_MCS2 */
4593         1,                            /* CONF_HW_RXTX_RATE_MCS1 */
4594         0,                            /* CONF_HW_RXTX_RATE_MCS0 */
4595
4596         7,                             /* CONF_HW_RXTX_RATE_54   */
4597         6,                             /* CONF_HW_RXTX_RATE_48   */
4598         5,                             /* CONF_HW_RXTX_RATE_36   */
4599         4,                             /* CONF_HW_RXTX_RATE_24   */
4600
4601         /* TI-specific rate */
4602         CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_22   */
4603
4604         3,                             /* CONF_HW_RXTX_RATE_18   */
4605         2,                             /* CONF_HW_RXTX_RATE_12   */
4606         CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_11   */
4607         1,                             /* CONF_HW_RXTX_RATE_9    */
4608         0,                             /* CONF_HW_RXTX_RATE_6    */
4609         CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_5_5  */
4610         CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_2    */
4611         CONF_HW_RXTX_RATE_UNSUPPORTED  /* CONF_HW_RXTX_RATE_1    */
4612 };
4613
4614 static struct ieee80211_supported_band wl1271_band_5ghz = {
4615         .channels = wl1271_channels_5ghz,
4616         .n_channels = ARRAY_SIZE(wl1271_channels_5ghz),
4617         .bitrates = wl1271_rates_5ghz,
4618         .n_bitrates = ARRAY_SIZE(wl1271_rates_5ghz),
4619         .ht_cap = WL12XX_HT_CAP,
4620 };
4621
4622 static const u8 *wl1271_band_rate_to_idx[] = {
4623         [IEEE80211_BAND_2GHZ] = wl1271_rate_to_idx_2ghz,
4624         [IEEE80211_BAND_5GHZ] = wl1271_rate_to_idx_5ghz
4625 };
4626
4627 static const struct ieee80211_ops wl1271_ops = {
4628         .start = wl1271_op_start,
4629         .stop = wl1271_op_stop,
4630         .add_interface = wl1271_op_add_interface,
4631         .remove_interface = wl1271_op_remove_interface,
4632 #ifdef CONFIG_PM
4633         .suspend = wl1271_op_suspend,
4634         .resume = wl1271_op_resume,
4635 #endif
4636         .config = wl1271_op_config,
4637         .prepare_multicast = wl1271_op_prepare_multicast,
4638         .configure_filter = wl1271_op_configure_filter,
4639         .tx = wl1271_op_tx,
4640         .set_key = wl1271_op_set_key,
4641         .hw_scan = wl1271_op_hw_scan,
4642         .cancel_hw_scan = wl1271_op_cancel_hw_scan,
4643         .sched_scan_start = wl1271_op_sched_scan_start,
4644         .sched_scan_stop = wl1271_op_sched_scan_stop,
4645         .bss_info_changed = wl1271_op_bss_info_changed,
4646         .set_frag_threshold = wl1271_op_set_frag_threshold,
4647         .set_rts_threshold = wl1271_op_set_rts_threshold,
4648         .conf_tx = wl1271_op_conf_tx,
4649         .get_tsf = wl1271_op_get_tsf,
4650         .get_survey = wl1271_op_get_survey,
4651         .sta_add = wl1271_op_sta_add,
4652         .sta_remove = wl1271_op_sta_remove,
4653         .ampdu_action = wl1271_op_ampdu_action,
4654         .tx_frames_pending = wl1271_tx_frames_pending,
4655         .set_bitrate_mask = wl12xx_set_bitrate_mask,
4656         .channel_switch = wl12xx_op_channel_switch,
4657         CFG80211_TESTMODE_CMD(wl1271_tm_cmd)
4658 };
4659
4660
4661 u8 wl1271_rate_to_idx(int rate, enum ieee80211_band band)
4662 {
4663         u8 idx;
4664
4665         BUG_ON(band >= sizeof(wl1271_band_rate_to_idx)/sizeof(u8 *));
4666
4667         if (unlikely(rate >= CONF_HW_RXTX_RATE_MAX)) {
4668                 wl1271_error("Illegal RX rate from HW: %d", rate);
4669                 return 0;
4670         }
4671
4672         idx = wl1271_band_rate_to_idx[band][rate];
4673         if (unlikely(idx == CONF_HW_RXTX_RATE_UNSUPPORTED)) {
4674                 wl1271_error("Unsupported RX rate from HW: %d", rate);
4675                 return 0;
4676         }
4677
4678         return idx;
4679 }
4680
4681 static ssize_t wl1271_sysfs_show_bt_coex_state(struct device *dev,
4682                                                struct device_attribute *attr,
4683                                                char *buf)
4684 {
4685         struct wl1271 *wl = dev_get_drvdata(dev);
4686         ssize_t len;
4687
4688         len = PAGE_SIZE;
4689
4690         mutex_lock(&wl->mutex);
4691         len = snprintf(buf, len, "%d\n\n0 - off\n1 - on\n",
4692                        wl->sg_enabled);
4693         mutex_unlock(&wl->mutex);
4694
4695         return len;
4696
4697 }
4698
4699 static ssize_t wl1271_sysfs_store_bt_coex_state(struct device *dev,
4700                                                 struct device_attribute *attr,
4701                                                 const char *buf, size_t count)
4702 {
4703         struct wl1271 *wl = dev_get_drvdata(dev);
4704         unsigned long res;
4705         int ret;
4706
4707         ret = kstrtoul(buf, 10, &res);
4708         if (ret < 0) {
4709                 wl1271_warning("incorrect value written to bt_coex_mode");
4710                 return count;
4711         }
4712
4713         mutex_lock(&wl->mutex);
4714
4715         res = !!res;
4716
4717         if (res == wl->sg_enabled)
4718                 goto out;
4719
4720         wl->sg_enabled = res;
4721
4722         if (wl->state == WL1271_STATE_OFF)
4723                 goto out;
4724
4725         ret = wl1271_ps_elp_wakeup(wl);
4726         if (ret < 0)
4727                 goto out;
4728
4729         wl1271_acx_sg_enable(wl, wl->sg_enabled);
4730         wl1271_ps_elp_sleep(wl);
4731
4732  out:
4733         mutex_unlock(&wl->mutex);
4734         return count;
4735 }
4736
4737 static DEVICE_ATTR(bt_coex_state, S_IRUGO | S_IWUSR,
4738                    wl1271_sysfs_show_bt_coex_state,
4739                    wl1271_sysfs_store_bt_coex_state);
4740
4741 static ssize_t wl1271_sysfs_show_hw_pg_ver(struct device *dev,
4742                                            struct device_attribute *attr,
4743                                            char *buf)
4744 {
4745         struct wl1271 *wl = dev_get_drvdata(dev);
4746         ssize_t len;
4747
4748         len = PAGE_SIZE;
4749
4750         mutex_lock(&wl->mutex);
4751         if (wl->hw_pg_ver >= 0)
4752                 len = snprintf(buf, len, "%d\n", wl->hw_pg_ver);
4753         else
4754                 len = snprintf(buf, len, "n/a\n");
4755         mutex_unlock(&wl->mutex);
4756
4757         return len;
4758 }
4759
4760 static DEVICE_ATTR(hw_pg_ver, S_IRUGO,
4761                    wl1271_sysfs_show_hw_pg_ver, NULL);
4762
4763 static ssize_t wl1271_sysfs_read_fwlog(struct file *filp, struct kobject *kobj,
4764                                        struct bin_attribute *bin_attr,
4765                                        char *buffer, loff_t pos, size_t count)
4766 {
4767         struct device *dev = container_of(kobj, struct device, kobj);
4768         struct wl1271 *wl = dev_get_drvdata(dev);
4769         ssize_t len;
4770         int ret;
4771
4772         ret = mutex_lock_interruptible(&wl->mutex);
4773         if (ret < 0)
4774                 return -ERESTARTSYS;
4775
4776         /* Let only one thread read the log at a time, blocking others */
4777         while (wl->fwlog_size == 0) {
4778                 DEFINE_WAIT(wait);
4779
4780                 prepare_to_wait_exclusive(&wl->fwlog_waitq,
4781                                           &wait,
4782                                           TASK_INTERRUPTIBLE);
4783
4784                 if (wl->fwlog_size != 0) {
4785                         finish_wait(&wl->fwlog_waitq, &wait);
4786                         break;
4787                 }
4788
4789                 mutex_unlock(&wl->mutex);
4790
4791                 schedule();
4792                 finish_wait(&wl->fwlog_waitq, &wait);
4793
4794                 if (signal_pending(current))
4795                         return -ERESTARTSYS;
4796
4797                 ret = mutex_lock_interruptible(&wl->mutex);
4798                 if (ret < 0)
4799                         return -ERESTARTSYS;
4800         }
4801
4802         /* Check if the fwlog is still valid */
4803         if (wl->fwlog_size < 0) {
4804                 mutex_unlock(&wl->mutex);
4805                 return 0;
4806         }
4807
4808         /* Seeking is not supported - old logs are not kept. Disregard pos. */
4809         len = min(count, (size_t)wl->fwlog_size);
4810         wl->fwlog_size -= len;
4811         memcpy(buffer, wl->fwlog, len);
4812
4813         /* Make room for new messages */
4814         memmove(wl->fwlog, wl->fwlog + len, wl->fwlog_size);
4815
4816         mutex_unlock(&wl->mutex);
4817
4818         return len;
4819 }
4820
4821 static struct bin_attribute fwlog_attr = {
4822         .attr = {.name = "fwlog", .mode = S_IRUSR},
4823         .read = wl1271_sysfs_read_fwlog,
4824 };
4825
4826 static int wl1271_register_hw(struct wl1271 *wl)
4827 {
4828         int ret;
4829
4830         if (wl->mac80211_registered)
4831                 return 0;
4832
4833         ret = wl1271_fetch_nvs(wl);
4834         if (ret == 0) {
4835                 /* NOTE: The wl->nvs->nvs element must be first, in
4836                  * order to simplify the casting, we assume it is at
4837                  * the beginning of the wl->nvs structure.
4838                  */
4839                 u8 *nvs_ptr = (u8 *)wl->nvs;
4840
4841                 wl->mac_addr[0] = nvs_ptr[11];
4842                 wl->mac_addr[1] = nvs_ptr[10];
4843                 wl->mac_addr[2] = nvs_ptr[6];
4844                 wl->mac_addr[3] = nvs_ptr[5];
4845                 wl->mac_addr[4] = nvs_ptr[4];
4846                 wl->mac_addr[5] = nvs_ptr[3];
4847         }
4848
4849         SET_IEEE80211_PERM_ADDR(wl->hw, wl->mac_addr);
4850
4851         ret = ieee80211_register_hw(wl->hw);
4852         if (ret < 0) {
4853                 wl1271_error("unable to register mac80211 hw: %d", ret);
4854                 return ret;
4855         }
4856
4857         wl->mac80211_registered = true;
4858
4859         wl1271_debugfs_init(wl);
4860
4861         register_netdevice_notifier(&wl1271_dev_notifier);
4862
4863         wl1271_notice("loaded");
4864
4865         return 0;
4866 }
4867
4868 static void wl1271_unregister_hw(struct wl1271 *wl)
4869 {
4870         if (wl->state == WL1271_STATE_PLT)
4871                 __wl1271_plt_stop(wl);
4872
4873         unregister_netdevice_notifier(&wl1271_dev_notifier);
4874         ieee80211_unregister_hw(wl->hw);
4875         wl->mac80211_registered = false;
4876
4877 }
4878
4879 static int wl1271_init_ieee80211(struct wl1271 *wl)
4880 {
4881         static const u32 cipher_suites[] = {
4882                 WLAN_CIPHER_SUITE_WEP40,
4883                 WLAN_CIPHER_SUITE_WEP104,
4884                 WLAN_CIPHER_SUITE_TKIP,
4885                 WLAN_CIPHER_SUITE_CCMP,
4886                 WL1271_CIPHER_SUITE_GEM,
4887         };
4888
4889         /* The tx descriptor buffer and the TKIP space. */
4890         wl->hw->extra_tx_headroom = WL1271_TKIP_IV_SPACE +
4891                 sizeof(struct wl1271_tx_hw_descr);
4892
4893         /* unit us */
4894         /* FIXME: find a proper value */
4895         wl->hw->channel_change_time = 10000;
4896         wl->hw->max_listen_interval = wl->conf.conn.max_listen_interval;
4897
4898         wl->hw->flags = IEEE80211_HW_SIGNAL_DBM |
4899                 IEEE80211_HW_BEACON_FILTER |
4900                 IEEE80211_HW_SUPPORTS_PS |
4901                 IEEE80211_HW_SUPPORTS_UAPSD |
4902                 IEEE80211_HW_HAS_RATE_CONTROL |
4903                 IEEE80211_HW_CONNECTION_MONITOR |
4904                 IEEE80211_HW_SUPPORTS_CQM_RSSI |
4905                 IEEE80211_HW_REPORTS_TX_ACK_STATUS |
4906                 IEEE80211_HW_SPECTRUM_MGMT |
4907                 IEEE80211_HW_AP_LINK_PS |
4908                 IEEE80211_HW_AMPDU_AGGREGATION |
4909                 IEEE80211_HW_TX_AMPDU_SETUP_IN_HW;
4910
4911         wl->hw->wiphy->cipher_suites = cipher_suites;
4912         wl->hw->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
4913
4914         wl->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
4915                 BIT(NL80211_IFTYPE_ADHOC) | BIT(NL80211_IFTYPE_AP) |
4916                 BIT(NL80211_IFTYPE_P2P_CLIENT) | BIT(NL80211_IFTYPE_P2P_GO);
4917         wl->hw->wiphy->max_scan_ssids = 1;
4918         wl->hw->wiphy->max_sched_scan_ssids = 16;
4919         wl->hw->wiphy->max_match_sets = 16;
4920         /*
4921          * Maximum length of elements in scanning probe request templates
4922          * should be the maximum length possible for a template, without
4923          * the IEEE80211 header of the template
4924          */
4925         wl->hw->wiphy->max_scan_ie_len = WL1271_CMD_TEMPL_DFLT_SIZE -
4926                         sizeof(struct ieee80211_header);
4927
4928         wl->hw->wiphy->max_sched_scan_ie_len = WL1271_CMD_TEMPL_DFLT_SIZE -
4929                 sizeof(struct ieee80211_header);
4930
4931         wl->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
4932
4933         /* make sure all our channels fit in the scanned_ch bitmask */
4934         BUILD_BUG_ON(ARRAY_SIZE(wl1271_channels) +
4935                      ARRAY_SIZE(wl1271_channels_5ghz) >
4936                      WL1271_MAX_CHANNELS);
4937         /*
4938          * We keep local copies of the band structs because we need to
4939          * modify them on a per-device basis.
4940          */
4941         memcpy(&wl->bands[IEEE80211_BAND_2GHZ], &wl1271_band_2ghz,
4942                sizeof(wl1271_band_2ghz));
4943         memcpy(&wl->bands[IEEE80211_BAND_5GHZ], &wl1271_band_5ghz,
4944                sizeof(wl1271_band_5ghz));
4945
4946         wl->hw->wiphy->bands[IEEE80211_BAND_2GHZ] =
4947                 &wl->bands[IEEE80211_BAND_2GHZ];
4948         wl->hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
4949                 &wl->bands[IEEE80211_BAND_5GHZ];
4950
4951         wl->hw->queues = 4;
4952         wl->hw->max_rates = 1;
4953
4954         wl->hw->wiphy->reg_notifier = wl1271_reg_notify;
4955
4956         /* the FW answers probe-requests in AP-mode */
4957         wl->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
4958         wl->hw->wiphy->probe_resp_offload =
4959                 NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
4960                 NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
4961                 NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
4962
4963         SET_IEEE80211_DEV(wl->hw, wl->dev);
4964
4965         wl->hw->sta_data_size = sizeof(struct wl1271_station);
4966         wl->hw->vif_data_size = sizeof(struct wl12xx_vif);
4967
4968         wl->hw->max_rx_aggregation_subframes = 8;
4969
4970         return 0;
4971 }
4972
4973 #define WL1271_DEFAULT_CHANNEL 0
4974
4975 static struct ieee80211_hw *wl1271_alloc_hw(void)
4976 {
4977         struct ieee80211_hw *hw;
4978         struct wl1271 *wl;
4979         int i, j, ret;
4980         unsigned int order;
4981
4982         BUILD_BUG_ON(AP_MAX_STATIONS > WL12XX_MAX_LINKS);
4983
4984         hw = ieee80211_alloc_hw(sizeof(*wl), &wl1271_ops);
4985         if (!hw) {
4986                 wl1271_error("could not alloc ieee80211_hw");
4987                 ret = -ENOMEM;
4988                 goto err_hw_alloc;
4989         }
4990
4991         wl = hw->priv;
4992         memset(wl, 0, sizeof(*wl));
4993
4994         INIT_LIST_HEAD(&wl->list);
4995         INIT_LIST_HEAD(&wl->wlvif_list);
4996
4997         wl->hw = hw;
4998
4999         for (i = 0; i < NUM_TX_QUEUES; i++)
5000                 for (j = 0; j < WL12XX_MAX_LINKS; j++)
5001                         skb_queue_head_init(&wl->links[j].tx_queue[i]);
5002
5003         skb_queue_head_init(&wl->deferred_rx_queue);
5004         skb_queue_head_init(&wl->deferred_tx_queue);
5005
5006         INIT_DELAYED_WORK(&wl->elp_work, wl1271_elp_work);
5007         INIT_WORK(&wl->netstack_work, wl1271_netstack_work);
5008         INIT_WORK(&wl->tx_work, wl1271_tx_work);
5009         INIT_WORK(&wl->recovery_work, wl1271_recovery_work);
5010         INIT_DELAYED_WORK(&wl->scan_complete_work, wl1271_scan_complete_work);
5011
5012         wl->freezable_wq = create_freezable_workqueue("wl12xx_wq");
5013         if (!wl->freezable_wq) {
5014                 ret = -ENOMEM;
5015                 goto err_hw;
5016         }
5017
5018         wl->channel = WL1271_DEFAULT_CHANNEL;
5019         wl->rx_counter = 0;
5020         wl->power_level = WL1271_DEFAULT_POWER_LEVEL;
5021         wl->band = IEEE80211_BAND_2GHZ;
5022         wl->vif = NULL;
5023         wl->flags = 0;
5024         wl->sg_enabled = true;
5025         wl->hw_pg_ver = -1;
5026         wl->ap_ps_map = 0;
5027         wl->ap_fw_ps_map = 0;
5028         wl->quirks = 0;
5029         wl->platform_quirks = 0;
5030         wl->sched_scanning = false;
5031         wl->tx_spare_blocks = TX_HW_BLOCK_SPARE_DEFAULT;
5032         wl->system_hlid = WL12XX_SYSTEM_HLID;
5033         wl->active_sta_count = 0;
5034         wl->fwlog_size = 0;
5035         init_waitqueue_head(&wl->fwlog_waitq);
5036
5037         /* The system link is always allocated */
5038         __set_bit(WL12XX_SYSTEM_HLID, wl->links_map);
5039
5040         memset(wl->tx_frames_map, 0, sizeof(wl->tx_frames_map));
5041         for (i = 0; i < ACX_TX_DESCRIPTORS; i++)
5042                 wl->tx_frames[i] = NULL;
5043
5044         spin_lock_init(&wl->wl_lock);
5045
5046         wl->state = WL1271_STATE_OFF;
5047         mutex_init(&wl->mutex);
5048
5049         /* Apply default driver configuration. */
5050         wl1271_conf_init(wl);
5051
5052         order = get_order(WL1271_AGGR_BUFFER_SIZE);
5053         wl->aggr_buf = (u8 *)__get_free_pages(GFP_KERNEL, order);
5054         if (!wl->aggr_buf) {
5055                 ret = -ENOMEM;
5056                 goto err_wq;
5057         }
5058
5059         wl->dummy_packet = wl12xx_alloc_dummy_packet(wl);
5060         if (!wl->dummy_packet) {
5061                 ret = -ENOMEM;
5062                 goto err_aggr;
5063         }
5064
5065         /* Allocate one page for the FW log */
5066         wl->fwlog = (u8 *)get_zeroed_page(GFP_KERNEL);
5067         if (!wl->fwlog) {
5068                 ret = -ENOMEM;
5069                 goto err_dummy_packet;
5070         }
5071
5072         return hw;
5073
5074 err_dummy_packet:
5075         dev_kfree_skb(wl->dummy_packet);
5076
5077 err_aggr:
5078         free_pages((unsigned long)wl->aggr_buf, order);
5079
5080 err_wq:
5081         destroy_workqueue(wl->freezable_wq);
5082
5083 err_hw:
5084         wl1271_debugfs_exit(wl);
5085         ieee80211_free_hw(hw);
5086
5087 err_hw_alloc:
5088
5089         return ERR_PTR(ret);
5090 }
5091
5092 static int wl1271_free_hw(struct wl1271 *wl)
5093 {
5094         /* Unblock any fwlog readers */
5095         mutex_lock(&wl->mutex);
5096         wl->fwlog_size = -1;
5097         wake_up_interruptible_all(&wl->fwlog_waitq);
5098         mutex_unlock(&wl->mutex);
5099
5100         device_remove_bin_file(wl->dev, &fwlog_attr);
5101
5102         device_remove_file(wl->dev, &dev_attr_hw_pg_ver);
5103
5104         device_remove_file(wl->dev, &dev_attr_bt_coex_state);
5105         free_page((unsigned long)wl->fwlog);
5106         dev_kfree_skb(wl->dummy_packet);
5107         free_pages((unsigned long)wl->aggr_buf,
5108                         get_order(WL1271_AGGR_BUFFER_SIZE));
5109
5110         wl1271_debugfs_exit(wl);
5111
5112         vfree(wl->fw);
5113         wl->fw = NULL;
5114         kfree(wl->nvs);
5115         wl->nvs = NULL;
5116
5117         kfree(wl->fw_status);
5118         kfree(wl->tx_res_if);
5119         destroy_workqueue(wl->freezable_wq);
5120
5121         ieee80211_free_hw(wl->hw);
5122
5123         return 0;
5124 }
5125
5126 static irqreturn_t wl12xx_hardirq(int irq, void *cookie)
5127 {
5128         struct wl1271 *wl = cookie;
5129         unsigned long flags;
5130
5131         wl1271_debug(DEBUG_IRQ, "IRQ");
5132
5133         /* complete the ELP completion */
5134         spin_lock_irqsave(&wl->wl_lock, flags);
5135         set_bit(WL1271_FLAG_IRQ_RUNNING, &wl->flags);
5136         if (wl->elp_compl) {
5137                 complete(wl->elp_compl);
5138                 wl->elp_compl = NULL;
5139         }
5140
5141         if (test_bit(WL1271_FLAG_SUSPENDED, &wl->flags)) {
5142                 /* don't enqueue a work right now. mark it as pending */
5143                 set_bit(WL1271_FLAG_PENDING_WORK, &wl->flags);
5144                 wl1271_debug(DEBUG_IRQ, "should not enqueue work");
5145                 disable_irq_nosync(wl->irq);
5146                 pm_wakeup_event(wl->dev, 0);
5147                 spin_unlock_irqrestore(&wl->wl_lock, flags);
5148                 return IRQ_HANDLED;
5149         }
5150         spin_unlock_irqrestore(&wl->wl_lock, flags);
5151
5152         return IRQ_WAKE_THREAD;
5153 }
5154
5155 static int __devinit wl12xx_probe(struct platform_device *pdev)
5156 {
5157         struct wl12xx_platform_data *pdata = pdev->dev.platform_data;
5158         struct ieee80211_hw *hw;
5159         struct wl1271 *wl;
5160         unsigned long irqflags;
5161         int ret = -ENODEV;
5162
5163         hw = wl1271_alloc_hw();
5164         if (IS_ERR(hw)) {
5165                 wl1271_error("can't allocate hw");
5166                 ret = PTR_ERR(hw);
5167                 goto out;
5168         }
5169
5170         wl = hw->priv;
5171         wl->irq = platform_get_irq(pdev, 0);
5172         wl->ref_clock = pdata->board_ref_clock;
5173         wl->tcxo_clock = pdata->board_tcxo_clock;
5174         wl->platform_quirks = pdata->platform_quirks;
5175         wl->set_power = pdata->set_power;
5176         wl->dev = &pdev->dev;
5177         wl->if_ops = pdata->ops;
5178
5179         platform_set_drvdata(pdev, wl);
5180
5181         if (wl->platform_quirks & WL12XX_PLATFORM_QUIRK_EDGE_IRQ)
5182                 irqflags = IRQF_TRIGGER_RISING;
5183         else
5184                 irqflags = IRQF_TRIGGER_HIGH | IRQF_ONESHOT;
5185
5186         ret = request_threaded_irq(wl->irq, wl12xx_hardirq, wl1271_irq,
5187                                    irqflags,
5188                                    pdev->name, wl);
5189         if (ret < 0) {
5190                 wl1271_error("request_irq() failed: %d", ret);
5191                 goto out_free_hw;
5192         }
5193
5194         ret = enable_irq_wake(wl->irq);
5195         if (!ret) {
5196                 wl->irq_wake_enabled = true;
5197                 device_init_wakeup(wl->dev, 1);
5198                 if (pdata->pwr_in_suspend)
5199                         hw->wiphy->wowlan.flags = WIPHY_WOWLAN_ANY;
5200
5201         }
5202         disable_irq(wl->irq);
5203
5204         ret = wl1271_init_ieee80211(wl);
5205         if (ret)
5206                 goto out_irq;
5207
5208         ret = wl1271_register_hw(wl);
5209         if (ret)
5210                 goto out_irq;
5211
5212         /* Create sysfs file to control bt coex state */
5213         ret = device_create_file(wl->dev, &dev_attr_bt_coex_state);
5214         if (ret < 0) {
5215                 wl1271_error("failed to create sysfs file bt_coex_state");
5216                 goto out_irq;
5217         }
5218
5219         /* Create sysfs file to get HW PG version */
5220         ret = device_create_file(wl->dev, &dev_attr_hw_pg_ver);
5221         if (ret < 0) {
5222                 wl1271_error("failed to create sysfs file hw_pg_ver");
5223                 goto out_bt_coex_state;
5224         }
5225
5226         /* Create sysfs file for the FW log */
5227         ret = device_create_bin_file(wl->dev, &fwlog_attr);
5228         if (ret < 0) {
5229                 wl1271_error("failed to create sysfs file fwlog");
5230                 goto out_hw_pg_ver;
5231         }
5232
5233         return 0;
5234
5235 out_hw_pg_ver:
5236         device_remove_file(wl->dev, &dev_attr_hw_pg_ver);
5237
5238 out_bt_coex_state:
5239         device_remove_file(wl->dev, &dev_attr_bt_coex_state);
5240
5241 out_irq:
5242         free_irq(wl->irq, wl);
5243
5244 out_free_hw:
5245         wl1271_free_hw(wl);
5246
5247 out:
5248         return ret;
5249 }
5250
5251 static int __devexit wl12xx_remove(struct platform_device *pdev)
5252 {
5253         struct wl1271 *wl = platform_get_drvdata(pdev);
5254
5255         if (wl->irq_wake_enabled) {
5256                 device_init_wakeup(wl->dev, 0);
5257                 disable_irq_wake(wl->irq);
5258         }
5259         wl1271_unregister_hw(wl);
5260         free_irq(wl->irq, wl);
5261         wl1271_free_hw(wl);
5262
5263         return 0;
5264 }
5265
5266 static const struct platform_device_id wl12xx_id_table[] __devinitconst = {
5267         { "wl12xx", 0 },
5268         {  } /* Terminating Entry */
5269 };
5270 MODULE_DEVICE_TABLE(platform, wl12xx_id_table);
5271
5272 static struct platform_driver wl12xx_driver = {
5273         .probe          = wl12xx_probe,
5274         .remove         = __devexit_p(wl12xx_remove),
5275         .id_table       = wl12xx_id_table,
5276         .driver = {
5277                 .name   = "wl12xx_driver",
5278                 .owner  = THIS_MODULE,
5279         }
5280 };
5281
5282 static int __init wl12xx_init(void)
5283 {
5284         return platform_driver_register(&wl12xx_driver);
5285 }
5286 module_init(wl12xx_init);
5287
5288 static void __exit wl12xx_exit(void)
5289 {
5290         platform_driver_unregister(&wl12xx_driver);
5291 }
5292 module_exit(wl12xx_exit);
5293
5294 u32 wl12xx_debug_level = DEBUG_NONE;
5295 EXPORT_SYMBOL_GPL(wl12xx_debug_level);
5296 module_param_named(debug_level, wl12xx_debug_level, uint, S_IRUSR | S_IWUSR);
5297 MODULE_PARM_DESC(debug_level, "wl12xx debugging level");
5298
5299 module_param_named(fwlog, fwlog_param, charp, 0);
5300 MODULE_PARM_DESC(keymap,
5301                  "FW logger options: continuous, ondemand, dbgpins or disable");
5302
5303 module_param(bug_on_recovery, bool, S_IRUSR | S_IWUSR);
5304 MODULE_PARM_DESC(bug_on_recovery, "BUG() on fw recovery");
5305
5306 MODULE_LICENSE("GPL");
5307 MODULE_AUTHOR("Luciano Coelho <coelho@ti.com>");
5308 MODULE_AUTHOR("Juuso Oikarinen <juuso.oikarinen@nokia.com>");