wl1271: 11n Support, Add Definitions
[linux-2.6.git] / drivers / net / wireless / wl12xx / wl1271_main.c
index 6501d6e..5d5f4c6 100644 (file)
@@ -28,7 +28,8 @@
 #include <linux/crc32.h>
 #include <linux/etherdevice.h>
 #include <linux/vmalloc.h>
-#include <linux/inetdevice.h>
+#include <linux/platform_device.h>
+#include <linux/slab.h>
 
 #include "wl1271.h"
 #include "wl12xx_80211.h"
@@ -43,6 +44,7 @@
 #include "wl1271_cmd.h"
 #include "wl1271_boot.h"
 #include "wl1271_testmode.h"
+#include "wl1271_scan.h"
 
 #define WL1271_BOOT_RETRIES 3
 
@@ -53,7 +55,7 @@ static struct conf_drv_settings default_conf = {
                        [CONF_SG_HV3_MAX_OVERRIDE]                  = 0,
                        [CONF_SG_BT_NFS_SAMPLE_INTERVAL]            = 400,
                        [CONF_SG_BT_LOAD_RATIO]                     = 50,
-                       [CONF_SG_AUTO_PS_MODE]                      = 0,
+                       [CONF_SG_AUTO_PS_MODE]                      = 1,
                        [CONF_SG_AUTO_SCAN_PROBE_REQ]               = 170,
                        [CONF_SG_ACTIVE_SCAN_DURATION_FACTOR_HV3]   = 50,
                        [CONF_SG_ANTENNA_CONFIGURATION]             = 0,
@@ -115,36 +117,35 @@ static struct conf_drv_settings default_conf = {
        .tx = {
                .tx_energy_detection         = 0,
                .rc_conf                     = {
-                       .enabled_rates       = CONF_HW_BIT_RATE_1MBPS |
-                                              CONF_HW_BIT_RATE_2MBPS,
+                       .enabled_rates       = 0,
                        .short_retry_limit   = 10,
                        .long_retry_limit    = 10,
                        .aflags              = 0
                },
                .ac_conf_count               = 4,
                .ac_conf                     = {
-                       [0] = {
+                       [CONF_TX_AC_BE] = {
                                .ac          = CONF_TX_AC_BE,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = 3,
                                .tx_op_limit = 0,
                        },
-                       [1] = {
+                       [CONF_TX_AC_BK] = {
                                .ac          = CONF_TX_AC_BK,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = 7,
                                .tx_op_limit = 0,
                        },
-                       [2] = {
+                       [CONF_TX_AC_VI] = {
                                .ac          = CONF_TX_AC_VI,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = CONF_TX_AIFS_PIFS,
                                .tx_op_limit = 3008,
                        },
-                       [3] = {
+                       [CONF_TX_AC_VO] = {
                                .ac          = CONF_TX_AC_VO,
                                .cw_min      = 15,
                                .cw_max      = 63,
@@ -152,72 +153,50 @@ static struct conf_drv_settings default_conf = {
                                .tx_op_limit = 1504,
                        },
                },
-               .tid_conf_count = 7,
+               .tid_conf_count = 4,
                .tid_conf = {
-                       [0] = {
-                               .queue_id    = 0,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       },
-                       [1] = {
-                               .queue_id    = 1,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
+                       [CONF_TX_AC_BE] = {
+                               .queue_id    = CONF_TX_AC_BE,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
                                .tsid        = CONF_TX_AC_BE,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [2] = {
-                               .queue_id    = 2,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_BK] = {
+                               .queue_id    = CONF_TX_AC_BK,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_BK,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [3] = {
-                               .queue_id    = 3,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_VI] = {
+                               .queue_id    = CONF_TX_AC_VI,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_VI,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [4] = {
-                               .queue_id    = 4,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_VO] = {
+                               .queue_id    = CONF_TX_AC_VO,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_VO,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [5] = {
-                               .queue_id    = 5,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       },
-                       [6] = {
-                               .queue_id    = 6,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       }
                },
                .frag_threshold              = IEEE80211_MAX_FRAG_THRESHOLD,
                .tx_compl_timeout            = 700,
-               .tx_compl_threshold          = 4
+               .tx_compl_threshold          = 4,
+               .basic_rate                  = CONF_HW_BIT_RATE_1MBPS,
+               .basic_rate_5                = CONF_HW_BIT_RATE_6MBPS,
        },
        .conn = {
                .wake_up_event               = CONF_WAKE_UP_EVENT_DTIM,
-               .listen_interval             = 0,
+               .listen_interval             = 1,
                .bcn_filt_mode               = CONF_BCN_FILT_MODE_ENABLED,
                .bcn_filt_ie_count           = 1,
                .bcn_filt_ie = {
@@ -231,44 +210,15 @@ static struct conf_drv_settings default_conf = {
                .beacon_rx_timeout           = 10000,
                .broadcast_timeout           = 20000,
                .rx_broadcast_in_ps          = 1,
-               .ps_poll_threshold           = 20,
-               .sig_trigger_count           = 2,
-               .sig_trigger = {
-                       [0] = {
-                               .threshold   = -75,
-                               .pacing      = 500,
-                               .metric      = CONF_TRIG_METRIC_RSSI_BEACON,
-                               .type        = CONF_TRIG_EVENT_TYPE_EDGE,
-                               .direction   = CONF_TRIG_EVENT_DIR_LOW,
-                               .hysteresis  = 2,
-                               .index       = 0,
-                               .enable      = 1
-                       },
-                       [1] = {
-                               .threshold   = -75,
-                               .pacing      = 500,
-                               .metric      = CONF_TRIG_METRIC_RSSI_BEACON,
-                               .type        = CONF_TRIG_EVENT_TYPE_EDGE,
-                               .direction   = CONF_TRIG_EVENT_DIR_HIGH,
-                               .hysteresis  = 2,
-                               .index       = 1,
-                               .enable      = 1
-                       }
-               },
-               .sig_weights = {
-                       .rssi_bcn_avg_weight = 10,
-                       .rssi_pkt_avg_weight = 10,
-                       .snr_bcn_avg_weight  = 10,
-                       .snr_pkt_avg_weight  = 10
-               },
+               .ps_poll_threshold           = 10,
+               .ps_poll_recovery_period     = 700,
                .bet_enable                  = CONF_BET_MODE_ENABLE,
                .bet_max_consecutive         = 10,
-               .psm_entry_retries           = 3
-       },
-       .init = {
-               .radioparam = {
-                       .fem                 = 1,
-               }
+               .psm_entry_retries           = 5,
+               .psm_entry_nullfunc_retries  = 3,
+               .psm_entry_hangover_period   = 1,
+               .keep_alive_interval         = 55000,
+               .max_listen_interval         = 20,
        },
        .itrim = {
                .enable = false,
@@ -277,11 +227,114 @@ static struct conf_drv_settings default_conf = {
        .pm_config = {
                .host_clk_settling_time = 5000,
                .host_fast_wakeup_support = false
-       }
+       },
+       .roam_trigger = {
+               .trigger_pacing               = 1,
+               .avg_weight_rssi_beacon       = 20,
+               .avg_weight_rssi_data         = 10,
+               .avg_weight_snr_beacon        = 20,
+               .avg_weight_snr_data          = 10
+       },
+       .scan = {
+               .min_dwell_time_active        = 7500,
+               .max_dwell_time_active        = 30000,
+               .min_dwell_time_passive       = 30000,
+               .max_dwell_time_passive       = 60000,
+               .num_probe_reqs               = 2,
+       },
+       .rf = {
+               .tx_per_channel_power_compensation_2 = {
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+               },
+               .tx_per_channel_power_compensation_5 = {
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+               },
+       },
+};
+
+static void __wl1271_op_remove_interface(struct wl1271 *wl);
+
+
+static void wl1271_device_release(struct device *dev)
+{
+
+}
+
+static struct platform_device wl1271_device = {
+       .name           = "wl1271",
+       .id             = -1,
+
+       /* device model insists to have a release function */
+       .dev            = {
+               .release = wl1271_device_release,
+       },
 };
 
 static LIST_HEAD(wl_list);
 
+static int wl1271_dev_notify(struct notifier_block *me, unsigned long what,
+                            void *arg)
+{
+       struct net_device *dev = arg;
+       struct wireless_dev *wdev;
+       struct wiphy *wiphy;
+       struct ieee80211_hw *hw;
+       struct wl1271 *wl;
+       struct wl1271 *wl_temp;
+       int ret = 0;
+
+       /* Check that this notification is for us. */
+       if (what != NETDEV_CHANGE)
+               return NOTIFY_DONE;
+
+       wdev = dev->ieee80211_ptr;
+       if (wdev == NULL)
+               return NOTIFY_DONE;
+
+       wiphy = wdev->wiphy;
+       if (wiphy == NULL)
+               return NOTIFY_DONE;
+
+       hw = wiphy_priv(wiphy);
+       if (hw == NULL)
+               return NOTIFY_DONE;
+
+       wl_temp = hw->priv;
+       list_for_each_entry(wl, &wl_list, list) {
+               if (wl == wl_temp)
+                       break;
+       }
+       if (wl != wl_temp)
+               return NOTIFY_DONE;
+
+       mutex_lock(&wl->mutex);
+
+       if (wl->state == WL1271_STATE_OFF)
+               goto out;
+
+       if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               goto out;
+
+       ret = wl1271_ps_elp_wakeup(wl, false);
+       if (ret < 0)
+               goto out;
+
+       if ((dev->operstate == IF_OPER_UP) &&
+           !test_and_set_bit(WL1271_FLAG_STA_STATE_SENT, &wl->flags)) {
+               wl1271_cmd_set_sta_state(wl);
+               wl1271_info("Association completed.");
+       }
+
+       wl1271_ps_elp_sleep(wl);
+
+out:
+       mutex_unlock(&wl->mutex);
+
+       return NOTIFY_OK;
+}
+
 static void wl1271_conf_init(struct wl1271 *wl)
 {
 
@@ -314,6 +367,10 @@ static int wl1271_plt_init(struct wl1271 *wl)
        if (ret < 0)
                return ret;
 
+       ret = wl1271_cmd_ext_radio_parms(wl);
+       if (ret < 0)
+               return ret;
+
        ret = wl1271_init_templates_config(wl);
        if (ret < 0)
                return ret;
@@ -332,7 +389,7 @@ static int wl1271_plt_init(struct wl1271 *wl)
                goto out_free_memmap;
 
        /* Initialize connection monitoring thresholds */
-       ret = wl1271_acx_conn_monit_params(wl);
+       ret = wl1271_acx_conn_monit_params(wl, false);
        if (ret < 0)
                goto out_free_memmap;
 
@@ -351,8 +408,16 @@ static int wl1271_plt_init(struct wl1271 *wl)
        if (ret < 0)
                goto out_free_memmap;
 
-       /* Default TID configuration */
+       /* Default TID/AC configuration */
+       BUG_ON(wl->conf.tx.tid_conf_count != wl->conf.tx.ac_conf_count);
        for (i = 0; i < wl->conf.tx.tid_conf_count; i++) {
+               conf_ac = &wl->conf.tx.ac_conf[i];
+               ret = wl1271_acx_ac_cfg(wl, conf_ac->ac, conf_ac->cw_min,
+                                       conf_ac->cw_max, conf_ac->aifsn,
+                                       conf_ac->tx_op_limit);
+               if (ret < 0)
+                       goto out_free_memmap;
+
                conf_tid = &wl->conf.tx.tid_conf[i];
                ret = wl1271_acx_tid_cfg(wl, conf_tid->queue_id,
                                         conf_tid->channel_type,
@@ -365,16 +430,6 @@ static int wl1271_plt_init(struct wl1271 *wl)
                        goto out_free_memmap;
        }
 
-       /* Default AC configuration */
-       for (i = 0; i < wl->conf.tx.ac_conf_count; i++) {
-               conf_ac = &wl->conf.tx.ac_conf[i];
-               ret = wl1271_acx_ac_cfg(wl, conf_ac->ac, conf_ac->cw_min,
-                                       conf_ac->cw_max, conf_ac->aifsn,
-                                       conf_ac->tx_op_limit);
-               if (ret < 0)
-                       goto out_free_memmap;
-       }
-
        /* Enable data path */
        ret = wl1271_cmd_data_path(wl, 1);
        if (ret < 0)
@@ -426,9 +481,9 @@ static void wl1271_fw_status(struct wl1271 *wl,
                total += cnt;
        }
 
-       /* if more blocks are available now, schedule some tx work */
-       if (total && !skb_queue_empty(&wl->tx_queue))
-               ieee80211_queue_work(wl->hw, &wl->tx_work);
+       /* if more blocks are available now, tx work can be scheduled */
+       if (total)
+               clear_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags);
 
        /* update the host-chipset time offset */
        getnstimeofday(&ts);
@@ -468,6 +523,7 @@ static void wl1271_irq_work(struct work_struct *work)
                intr = le32_to_cpu(wl->fw_status->intr);
                if (!intr) {
                        wl1271_debug(DEBUG_IRQ, "Zero interrupt received.");
+                       spin_lock_irqsave(&wl->wl_lock, flags);
                        continue;
                }
 
@@ -481,6 +537,16 @@ static void wl1271_irq_work(struct work_struct *work)
                            (wl->tx_results_count & 0xff))
                                wl1271_tx_complete(wl);
 
+                       /* Check if any tx blocks were freed */
+                       if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags) &&
+                                       !skb_queue_empty(&wl->tx_queue)) {
+                               /*
+                                * In order to avoid starvation of the TX path,
+                                * call the work function directly.
+                                */
+                               wl1271_tx_work_locked(wl);
+                       }
+
                        wl1271_rx(wl, wl->fw_status);
                }
 
@@ -554,40 +620,6 @@ out:
        return ret;
 }
 
-static int wl1271_update_mac_addr(struct wl1271 *wl)
-{
-       int ret = 0;
-       u8 *nvs_ptr = (u8 *)wl->nvs->nvs;
-
-       /* get mac address from the NVS */
-       wl->mac_addr[0] = nvs_ptr[11];
-       wl->mac_addr[1] = nvs_ptr[10];
-       wl->mac_addr[2] = nvs_ptr[6];
-       wl->mac_addr[3] = nvs_ptr[5];
-       wl->mac_addr[4] = nvs_ptr[4];
-       wl->mac_addr[5] = nvs_ptr[3];
-
-       /* FIXME: if it is a zero-address, we should bail out. Now, instead,
-          we randomize an address */
-       if (is_zero_ether_addr(wl->mac_addr)) {
-               static const u8 nokia_oui[3] = {0x00, 0x1f, 0xdf};
-               memcpy(wl->mac_addr, nokia_oui, 3);
-               get_random_bytes(wl->mac_addr + 3, 3);
-
-               /* update this address to the NVS */
-               nvs_ptr[11] = wl->mac_addr[0];
-               nvs_ptr[10] = wl->mac_addr[1];
-               nvs_ptr[6] = wl->mac_addr[2];
-               nvs_ptr[5] = wl->mac_addr[3];
-               nvs_ptr[4] = wl->mac_addr[4];
-               nvs_ptr[3] = wl->mac_addr[5];
-       }
-
-       SET_IEEE80211_PERM_ADDR(wl->hw, wl->mac_addr);
-
-       return ret;
-}
-
 static int wl1271_fetch_nvs(struct wl1271 *wl)
 {
        const struct firmware *fw;
@@ -600,14 +632,7 @@ static int wl1271_fetch_nvs(struct wl1271 *wl)
                return ret;
        }
 
-       if (fw->size != sizeof(struct wl1271_nvs_file)) {
-               wl1271_error("nvs size is not as expected: %zu != %zu",
-                            fw->size, sizeof(struct wl1271_nvs_file));
-               ret = -EILSEQ;
-               goto out;
-       }
-
-       wl->nvs = kmalloc(sizeof(struct wl1271_nvs_file), GFP_KERNEL);
+       wl->nvs = kmemdup(fw->data, sizeof(struct wl1271_nvs_file), GFP_KERNEL);
 
        if (!wl->nvs) {
                wl1271_error("could not allocate memory for the nvs file");
@@ -615,9 +640,7 @@ static int wl1271_fetch_nvs(struct wl1271 *wl)
                goto out;
        }
 
-       memcpy(wl->nvs, fw->data, sizeof(struct wl1271_nvs_file));
-
-       ret = wl1271_update_mac_addr(wl);
+       wl->nvs_len = fw->size;
 
 out:
        release_firmware(fw);
@@ -625,6 +648,29 @@ out:
        return ret;
 }
 
+static void wl1271_recovery_work(struct work_struct *work)
+{
+       struct wl1271 *wl =
+               container_of(work, struct wl1271, recovery_work);
+
+       mutex_lock(&wl->mutex);
+
+       if (wl->state != WL1271_STATE_ON)
+               goto out;
+
+       wl1271_info("Hardware recovery in progress.");
+
+       if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               ieee80211_connection_loss(wl->vif);
+
+       /* reboot the chipset */
+       __wl1271_op_remove_interface(wl);
+       ieee80211_restart_hw(wl->hw);
+
+out:
+       mutex_unlock(&wl->mutex);
+}
+
 static void wl1271_fw_wakeup(struct wl1271 *wl)
 {
        u32 elp_reg;
@@ -645,8 +691,6 @@ static int wl1271_setup(struct wl1271 *wl)
                return -ENOMEM;
        }
 
-       INIT_WORK(&wl->irq_work, wl1271_irq_work);
-       INIT_WORK(&wl->tx_work, wl1271_tx_work);
        return 0;
 }
 
@@ -656,7 +700,9 @@ static int wl1271_chip_wakeup(struct wl1271 *wl)
        int ret = 0;
 
        msleep(WL1271_PRE_POWER_ON_SLEEP);
-       wl1271_power_on(wl);
+       ret = wl1271_power_on(wl);
+       if (ret < 0)
+               goto out;
        msleep(WL1271_POWER_ON_SLEEP);
        wl1271_io_reset(wl);
        wl1271_io_init(wl);
@@ -801,10 +847,12 @@ int wl1271_plt_stop(struct wl1271 *wl)
 out:
        mutex_unlock(&wl->mutex);
 
+       cancel_work_sync(&wl->irq_work);
+       cancel_work_sync(&wl->recovery_work);
+
        return ret;
 }
 
-
 static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
 {
        struct wl1271 *wl = hw->priv;
@@ -829,7 +877,8 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
         * before that, the tx_work will not be initialized!
         */
 
-       ieee80211_queue_work(wl->hw, &wl->tx_work);
+       if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags))
+               ieee80211_queue_work(wl->hw, &wl->tx_work);
 
        /*
         * The workqueue is slow to process the tx_queue and we need stop
@@ -847,102 +896,67 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
        return NETDEV_TX_OK;
 }
 
-static int wl1271_dev_notify(struct notifier_block *me, unsigned long what,
-                            void *arg)
-{
-       struct net_device *dev;
-       struct wireless_dev *wdev;
-       struct wiphy *wiphy;
-       struct ieee80211_hw *hw;
-       struct wl1271 *wl;
-       struct wl1271 *wl_temp;
-       struct in_device *idev;
-       struct in_ifaddr *ifa = arg;
-       int ret = 0;
-
-       /* FIXME: this ugly function should probably be implemented in the
-        * mac80211, and here should only be a simple callback handling actual
-        * setting of the filters. Now we need to dig up references to
-        * various structures to gain access to what we need.
-        * Also, because of this, there is no "initial" setting of the filter
-        * in "op_start", because we don't want to dig up struct net_device
-        * there - the filter will be set upon first change of the interface
-        * IP address. */
-
-       dev = ifa->ifa_dev->dev;
-
-       wdev = dev->ieee80211_ptr;
-       if (wdev == NULL)
-               return NOTIFY_DONE;
-
-       wiphy = wdev->wiphy;
-       if (wiphy == NULL)
-               return NOTIFY_DONE;
-
-       hw = wiphy_priv(wiphy);
-       if (hw == NULL)
-               return NOTIFY_DONE;
-
-       /* Check that the interface is one supported by this driver. */
-       wl_temp = hw->priv;
-       list_for_each_entry(wl, &wl_list, list) {
-               if (wl == wl_temp)
-                       break;
-       }
-       if (wl == NULL)
-               return NOTIFY_DONE;
-
-       /* Get the interface IP address for the device. "ifa" will become
-          NULL if:
-            - there is no IPV4 protocol address configured
-            - there are multiple (virtual) IPV4 addresses configured
-          When "ifa" is NULL, filtering will be disabled.
-       */
-       ifa = NULL;
-       idev = dev->ip_ptr;
-       if (idev)
-               ifa = idev->ifa_list;
-
-       if (ifa && ifa->ifa_next)
-               ifa = NULL;
-
-       mutex_lock(&wl->mutex);
-
-       if (wl->state == WL1271_STATE_OFF)
-               goto out;
+static struct notifier_block wl1271_dev_notifier = {
+       .notifier_call = wl1271_dev_notify,
+};
 
-       ret = wl1271_ps_elp_wakeup(wl, false);
-       if (ret < 0)
-               goto out;
-       if (ifa)
-               ret = wl1271_acx_arp_ip_filter(wl, true,
-                                              (u8 *)&ifa->ifa_address,
-                                              ACX_IPV4_VERSION);
-       else
-               ret = wl1271_acx_arp_ip_filter(wl, false, NULL,
-                                              ACX_IPV4_VERSION);
-       wl1271_ps_elp_sleep(wl);
+static int wl1271_op_start(struct ieee80211_hw *hw)
+{
+       wl1271_debug(DEBUG_MAC80211, "mac80211 start");
 
-out:
-       mutex_unlock(&wl->mutex);
+       /*
+        * We have to delay the booting of the hardware because
+        * we need to know the local MAC address before downloading and
+        * initializing the firmware. The MAC address cannot be changed
+        * after boot, and without the proper MAC address, the firmware
+        * will not function properly.
+        *
+        * The MAC address is first known when the corresponding interface
+        * is added. That is where we will initialize the hardware.
+        */
 
-       return NOTIFY_OK;
+       return 0;
 }
 
-static struct notifier_block wl1271_dev_notifier = {
-       .notifier_call = wl1271_dev_notify,
-};
-
+static void wl1271_op_stop(struct ieee80211_hw *hw)
+{
+       wl1271_debug(DEBUG_MAC80211, "mac80211 stop");
+}
 
-static int wl1271_op_start(struct ieee80211_hw *hw)
+static int wl1271_op_add_interface(struct ieee80211_hw *hw,
+                                  struct ieee80211_vif *vif)
 {
        struct wl1271 *wl = hw->priv;
+       struct wiphy *wiphy = hw->wiphy;
        int retries = WL1271_BOOT_RETRIES;
        int ret = 0;
 
-       wl1271_debug(DEBUG_MAC80211, "mac80211 start");
+       wl1271_debug(DEBUG_MAC80211, "mac80211 add interface type %d mac %pM",
+                    vif->type, vif->addr);
 
        mutex_lock(&wl->mutex);
+       if (wl->vif) {
+               ret = -EBUSY;
+               goto out;
+       }
+
+       wl->vif = vif;
+
+       switch (vif->type) {
+       case NL80211_IFTYPE_STATION:
+               wl->bss_type = BSS_TYPE_STA_BSS;
+               wl->set_bss_type = BSS_TYPE_STA_BSS;
+               break;
+       case NL80211_IFTYPE_ADHOC:
+               wl->bss_type = BSS_TYPE_IBSS;
+               wl->set_bss_type = BSS_TYPE_STA_BSS;
+               break;
+       default:
+               ret = -EOPNOTSUPP;
+               goto out;
+       }
+
+       memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
 
        if (wl->state != WL1271_STATE_OFF) {
                wl1271_error("cannot start because not in off state: %d",
@@ -967,6 +981,12 @@ static int wl1271_op_start(struct ieee80211_hw *hw)
 
                wl->state = WL1271_STATE_ON;
                wl1271_info("firmware booted (%s)", wl->chip.fw_ver);
+
+               /* update hw/fw version info in wiphy struct */
+               wiphy->hw_version = wl->chip.id;
+               strncpy(wiphy->fw_version, wl->chip.fw_ver,
+                       sizeof(wiphy->fw_version));
+
                goto out;
 
 irq_disable:
@@ -990,34 +1010,33 @@ power_off:
 out:
        mutex_unlock(&wl->mutex);
 
-       if (!ret) {
+       if (!ret)
                list_add(&wl->list, &wl_list);
-               register_inetaddr_notifier(&wl1271_dev_notifier);
-       }
 
        return ret;
 }
 
-static void wl1271_op_stop(struct ieee80211_hw *hw)
+static void __wl1271_op_remove_interface(struct wl1271 *wl)
 {
-       struct wl1271 *wl = hw->priv;
        int i;
 
-       wl1271_info("down");
+       wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface");
 
-       wl1271_debug(DEBUG_MAC80211, "mac80211 stop");
+       wl1271_info("down");
 
-       unregister_inetaddr_notifier(&wl1271_dev_notifier);
        list_del(&wl->list);
 
-       mutex_lock(&wl->mutex);
-
        WARN_ON(wl->state != WL1271_STATE_ON);
 
-       if (test_and_clear_bit(WL1271_FLAG_SCANNING, &wl->flags)) {
-               mutex_unlock(&wl->mutex);
+       /* enable dyn ps just in case (if left on due to fw crash etc) */
+       if (wl->bss_type == BSS_TYPE_STA_BSS)
+               ieee80211_enable_dyn_ps(wl->vif);
+
+       if (wl->scan.state != WL1271_SCAN_STATE_IDLE) {
+               wl->scan.state = WL1271_SCAN_STATE_IDLE;
+               kfree(wl->scan.scanned_ch);
+               wl->scan.scanned_ch = NULL;
                ieee80211_scan_completed(wl->hw, true);
-               mutex_lock(&wl->mutex);
        }
 
        wl->state = WL1271_STATE_OFF;
@@ -1026,19 +1045,23 @@ static void wl1271_op_stop(struct ieee80211_hw *hw)
 
        mutex_unlock(&wl->mutex);
 
+       cancel_delayed_work_sync(&wl->scan_complete_work);
        cancel_work_sync(&wl->irq_work);
        cancel_work_sync(&wl->tx_work);
+       cancel_delayed_work_sync(&wl->pspoll_work);
+       cancel_delayed_work_sync(&wl->elp_work);
 
        mutex_lock(&wl->mutex);
 
        /* let's notify MAC80211 about the remaining pending TX frames */
-       wl1271_tx_flush(wl);
+       wl1271_tx_reset(wl);
        wl1271_power_off(wl);
 
        memset(wl->bssid, 0, ETH_ALEN);
        memset(wl->ssid, 0, IW_ESSID_MAX_SIZE + 1);
        wl->ssid_len = 0;
        wl->bss_type = MAX_BSS_TYPE;
+       wl->set_bss_type = MAX_BSS_TYPE;
        wl->band = IEEE80211_BAND_2GHZ;
 
        wl->rx_counter = 0;
@@ -1054,155 +1077,147 @@ static void wl1271_op_stop(struct ieee80211_hw *hw)
        wl->rate_set = CONF_TX_RATE_MASK_BASIC;
        wl->sta_rate_set = 0;
        wl->flags = 0;
+       wl->vif = NULL;
+       wl->filters = 0;
 
        for (i = 0; i < NUM_TX_QUEUES; i++)
                wl->tx_blocks_freed[i] = 0;
 
        wl1271_debugfs_reset(wl);
-       mutex_unlock(&wl->mutex);
-}
-
-static int wl1271_op_add_interface(struct ieee80211_hw *hw,
-                                  struct ieee80211_vif *vif)
-{
-       struct wl1271 *wl = hw->priv;
-       int ret = 0;
-
-       wl1271_debug(DEBUG_MAC80211, "mac80211 add interface type %d mac %pM",
-                    vif->type, vif->addr);
 
-       mutex_lock(&wl->mutex);
-       if (wl->vif) {
-               ret = -EBUSY;
-               goto out;
-       }
-
-       wl->vif = vif;
-
-       switch (vif->type) {
-       case NL80211_IFTYPE_STATION:
-               wl->bss_type = BSS_TYPE_STA_BSS;
-               break;
-       case NL80211_IFTYPE_ADHOC:
-               wl->bss_type = BSS_TYPE_IBSS;
-               break;
-       default:
-               ret = -EOPNOTSUPP;
-               goto out;
-       }
-
-       /* FIXME: what if conf->mac_addr changes? */
-
-out:
-       mutex_unlock(&wl->mutex);
-       return ret;
+       kfree(wl->fw_status);
+       wl->fw_status = NULL;
+       kfree(wl->tx_res_if);
+       wl->tx_res_if = NULL;
+       kfree(wl->target_mem_map);
+       wl->target_mem_map = NULL;
 }
 
 static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
-                                        struct ieee80211_vif *vif)
+                                      struct ieee80211_vif *vif)
 {
        struct wl1271 *wl = hw->priv;
 
        mutex_lock(&wl->mutex);
-       wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface");
-       wl->vif = NULL;
+       WARN_ON(wl->vif != vif);
+       __wl1271_op_remove_interface(wl);
        mutex_unlock(&wl->mutex);
+
+       cancel_work_sync(&wl->recovery_work);
 }
 
-#if 0
-static int wl1271_op_config_interface(struct ieee80211_hw *hw,
-                                     struct ieee80211_vif *vif,
-                                     struct ieee80211_if_conf *conf)
+static void wl1271_configure_filters(struct wl1271 *wl, unsigned int filters)
 {
-       struct wl1271 *wl = hw->priv;
-       struct sk_buff *beacon;
-       int ret;
-
-       wl1271_debug(DEBUG_MAC80211, "mac80211 config_interface bssid %pM",
-                    conf->bssid);
-       wl1271_dump_ascii(DEBUG_MAC80211, "ssid: ", conf->ssid,
-                         conf->ssid_len);
-
-       mutex_lock(&wl->mutex);
-
-       ret = wl1271_ps_elp_wakeup(wl, false);
-       if (ret < 0)
-               goto out;
-
-       if (memcmp(wl->bssid, conf->bssid, ETH_ALEN)) {
-               wl1271_debug(DEBUG_MAC80211, "bssid changed");
+       wl->rx_config = WL1271_DEFAULT_RX_CONFIG;
+       wl->rx_filter = WL1271_DEFAULT_RX_FILTER;
 
-               memcpy(wl->bssid, conf->bssid, ETH_ALEN);
+       /* combine requested filters with current filter config */
+       filters = wl->filters | filters;
 
-               ret = wl1271_cmd_join(wl, wl->bss_type);
-               if (ret < 0)
-                       goto out_sleep;
+       wl1271_debug(DEBUG_FILTERS, "RX filters set: ");
 
-               ret = wl1271_cmd_build_null_data(wl);
-               if (ret < 0)
-                       goto out_sleep;
+       if (filters & FIF_PROMISC_IN_BSS) {
+               wl1271_debug(DEBUG_FILTERS, " - FIF_PROMISC_IN_BSS");
+               wl->rx_config &= ~CFG_UNI_FILTER_EN;
+               wl->rx_config |= CFG_BSSID_FILTER_EN;
        }
+       if (filters & FIF_BCN_PRBRESP_PROMISC) {
+               wl1271_debug(DEBUG_FILTERS, " - FIF_BCN_PRBRESP_PROMISC");
+               wl->rx_config &= ~CFG_BSSID_FILTER_EN;
+               wl->rx_config &= ~CFG_SSID_FILTER_EN;
+       }
+       if (filters & FIF_OTHER_BSS) {
+               wl1271_debug(DEBUG_FILTERS, " - FIF_OTHER_BSS");
+               wl->rx_config &= ~CFG_BSSID_FILTER_EN;
+       }
+       if (filters & FIF_CONTROL) {
+               wl1271_debug(DEBUG_FILTERS, " - FIF_CONTROL");
+               wl->rx_filter |= CFG_RX_CTL_EN;
+       }
+       if (filters & FIF_FCSFAIL) {
+               wl1271_debug(DEBUG_FILTERS, " - FIF_FCSFAIL");
+               wl->rx_filter |= CFG_RX_FCS_ERROR;
+       }
+}
 
-       wl->ssid_len = conf->ssid_len;
-       if (wl->ssid_len)
-               memcpy(wl->ssid, conf->ssid, wl->ssid_len);
-
-       if (conf->changed & IEEE80211_IFCC_BEACON) {
-               beacon = ieee80211_beacon_get(hw, vif);
-               ret = wl1271_cmd_template_set(wl, CMD_TEMPL_BEACON,
-                                             beacon->data, beacon->len);
-
-               if (ret < 0) {
-                       dev_kfree_skb(beacon);
-                       goto out_sleep;
-               }
+static int wl1271_dummy_join(struct wl1271 *wl)
+{
+       int ret = 0;
+       /* we need to use a dummy BSSID for now */
+       static const u8 dummy_bssid[ETH_ALEN] = { 0x0b, 0xad, 0xde,
+                                                 0xad, 0xbe, 0xef };
 
-               ret = wl1271_cmd_template_set(wl, CMD_TEMPL_PROBE_RESPONSE,
-                                             beacon->data, beacon->len);
+       memcpy(wl->bssid, dummy_bssid, ETH_ALEN);
 
-               dev_kfree_skb(beacon);
+       /* pass through frames from all BSS */
+       wl1271_configure_filters(wl, FIF_OTHER_BSS);
 
-               if (ret < 0)
-                       goto out_sleep;
-       }
+       ret = wl1271_cmd_join(wl, wl->set_bss_type);
+       if (ret < 0)
+               goto out;
 
-out_sleep:
-       wl1271_ps_elp_sleep(wl);
+       set_bit(WL1271_FLAG_JOINED, &wl->flags);
 
 out:
-       mutex_unlock(&wl->mutex);
-
        return ret;
 }
-#endif
 
-static int wl1271_join_channel(struct wl1271 *wl, int channel)
+static int wl1271_join(struct wl1271 *wl, bool set_assoc)
 {
-       int ret = 0;
-       /* we need to use a dummy BSSID for now */
-       static const u8 dummy_bssid[ETH_ALEN] = { 0x0b, 0xad, 0xde,
-                                                 0xad, 0xbe, 0xef };
+       int ret;
 
-       /* disable mac filter, so we hear everything */
-       wl->rx_config &= ~CFG_BSSID_FILTER_EN;
+       /*
+        * One of the side effects of the JOIN command is that is clears
+        * WPA/WPA2 keys from the chipset. Performing a JOIN while associated
+        * to a WPA/WPA2 access point will therefore kill the data-path.
+        * Currently there is no supported scenario for JOIN during
+        * association - if it becomes a supported scenario, the WPA/WPA2 keys
+        * must be handled somehow.
+        *
+        */
+       if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               wl1271_info("JOIN while associated.");
 
-       wl->channel = channel;
-       memcpy(wl->bssid, dummy_bssid, ETH_ALEN);
+       if (set_assoc)
+               set_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
 
-       /* the dummy join is performed always with STATION BSS type to allow
-          also ad-hoc mode to listen to the surroundings without sending any
-          beacons yet. */
-       ret = wl1271_cmd_join(wl, BSS_TYPE_STA_BSS);
+       ret = wl1271_cmd_join(wl, wl->set_bss_type);
        if (ret < 0)
                goto out;
 
        set_bit(WL1271_FLAG_JOINED, &wl->flags);
 
+       if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               goto out;
+
+       /*
+        * The join command disable the keep-alive mode, shut down its process,
+        * and also clear the template config, so we need to reset it all after
+        * the join. The acx_aid starts the keep-alive process, and the order
+        * of the commands below is relevant.
+        */
+       ret = wl1271_acx_keep_alive_mode(wl, true);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_aid(wl, wl->aid);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_cmd_build_klv_null_data(wl);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_keep_alive_config(wl, CMD_TEMPL_KLV_IDX_NULL_DATA,
+                                          ACX_KEEP_ALIVE_TPL_VALID);
+       if (ret < 0)
+               goto out;
+
 out:
        return ret;
 }
 
-static int wl1271_unjoin_channel(struct wl1271 *wl)
+static int wl1271_unjoin(struct wl1271 *wl)
 {
        int ret;
 
@@ -1212,9 +1227,72 @@ static int wl1271_unjoin_channel(struct wl1271 *wl)
                goto out;
 
        clear_bit(WL1271_FLAG_JOINED, &wl->flags);
-       wl->channel = 0;
        memset(wl->bssid, 0, ETH_ALEN);
-       wl->rx_config = WL1271_DEFAULT_RX_CONFIG;
+
+       /* stop filterting packets based on bssid */
+       wl1271_configure_filters(wl, FIF_OTHER_BSS);
+
+out:
+       return ret;
+}
+
+static void wl1271_set_band_rate(struct wl1271 *wl)
+{
+       if (wl->band == IEEE80211_BAND_2GHZ)
+               wl->basic_rate_set = wl->conf.tx.basic_rate;
+       else
+               wl->basic_rate_set = wl->conf.tx.basic_rate_5;
+}
+
+static u32 wl1271_min_rate_get(struct wl1271 *wl)
+{
+       int i;
+       u32 rate = 0;
+
+       if (!wl->basic_rate_set) {
+               WARN_ON(1);
+               wl->basic_rate_set = wl->conf.tx.basic_rate;
+       }
+
+       for (i = 0; !rate; i++) {
+               if ((wl->basic_rate_set >> i) & 0x1)
+                       rate = 1 << i;
+       }
+
+       return rate;
+}
+
+static int wl1271_handle_idle(struct wl1271 *wl, bool idle)
+{
+       int ret;
+
+       if (idle) {
+               if (test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
+                       ret = wl1271_unjoin(wl);
+                       if (ret < 0)
+                               goto out;
+               }
+               wl->rate_set = wl1271_min_rate_get(wl);
+               wl->sta_rate_set = 0;
+               ret = wl1271_acx_rate_policies(wl);
+               if (ret < 0)
+                       goto out;
+               ret = wl1271_acx_keep_alive_config(
+                       wl, CMD_TEMPL_KLV_IDX_NULL_DATA,
+                       ACX_KEEP_ALIVE_TPL_INVALID);
+               if (ret < 0)
+                       goto out;
+               set_bit(WL1271_FLAG_IDLE, &wl->flags);
+       } else {
+               /* increment the session counter */
+               wl->session_counter++;
+               if (wl->session_counter >= SESSION_COUNTER_MAX)
+                       wl->session_counter = 0;
+               ret = wl1271_dummy_join(wl);
+               if (ret < 0)
+                       goto out;
+               clear_bit(WL1271_FLAG_IDLE, &wl->flags);
+       }
 
 out:
        return ret;
@@ -1234,39 +1312,66 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
                     conf->power_level,
                     conf->flags & IEEE80211_CONF_IDLE ? "idle" : "in use");
 
+       /*
+        * mac80211 will go to idle nearly immediately after transmitting some
+        * frames, such as the deauth. To make sure those frames reach the air,
+        * wait here until the TX queue is fully flushed.
+        */
+       if ((changed & IEEE80211_CONF_CHANGE_IDLE) &&
+           (conf->flags & IEEE80211_CONF_IDLE))
+               wl1271_tx_flush(wl);
+
        mutex_lock(&wl->mutex);
 
-       wl->band = conf->channel->band;
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               goto out;
 
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
 
-       if (changed & IEEE80211_CONF_CHANGE_IDLE) {
-               if (conf->flags & IEEE80211_CONF_IDLE &&
-                   test_bit(WL1271_FLAG_JOINED, &wl->flags))
-                       wl1271_unjoin_channel(wl);
-               else if (!(conf->flags & IEEE80211_CONF_IDLE))
-                       wl1271_join_channel(wl, channel);
-
-               if (conf->flags & IEEE80211_CONF_IDLE) {
-                       wl->rate_set = CONF_TX_RATE_MASK_BASIC;
-                       wl->sta_rate_set = 0;
-                       wl1271_acx_rate_policies(wl);
+       /* if the channel changes while joined, join again */
+       if (changed & IEEE80211_CONF_CHANGE_CHANNEL &&
+           ((wl->band != conf->channel->band) ||
+            (wl->channel != channel))) {
+               wl->band = conf->channel->band;
+               wl->channel = channel;
+
+               /*
+                * FIXME: the mac80211 should really provide a fixed rate
+                * to use here. for now, just use the smallest possible rate
+                * for the band as a fixed rate for association frames and
+                * other control messages.
+                */
+               if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+                       wl1271_set_band_rate(wl);
+
+               wl->basic_rate = wl1271_min_rate_get(wl);
+               ret = wl1271_acx_rate_policies(wl);
+               if (ret < 0)
+                       wl1271_warning("rate policy for update channel "
+                                      "failed %d", ret);
+
+               if (test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
+                       ret = wl1271_join(wl, false);
+                       if (ret < 0)
+                               wl1271_warning("cmd join to update channel "
+                                              "failed %d", ret);
                }
        }
 
-       /* if the channel changes while joined, join again */
-       if (channel != wl->channel &&
-           test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
-               wl->channel = channel;
-               /* FIXME: maybe use CMD_CHANNEL_SWITCH for this? */
-               ret = wl1271_cmd_join(wl, wl->bss_type);
+       if (changed & IEEE80211_CONF_CHANGE_IDLE) {
+               ret = wl1271_handle_idle(wl, conf->flags & IEEE80211_CONF_IDLE);
                if (ret < 0)
-                       wl1271_warning("cmd join to update channel failed %d",
-                                      ret);
-       } else
-               wl->channel = channel;
+                       wl1271_warning("idle mode change failed %d", ret);
+       }
+
+       /*
+        * if mac80211 changes the PSM mode, make sure the mode is not
+        * incorrectly changed after the pspoll failure active window.
+        */
+       if (changed & IEEE80211_CONF_CHANGE_PS)
+               clear_bit(WL1271_FLAG_PSPOLL_FAILURE, &wl->flags);
 
        if (conf->flags & IEEE80211_CONF_PS &&
            !test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags)) {
@@ -1280,7 +1385,7 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
                if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags)) {
                        wl1271_debug(DEBUG_PSM, "psm enabled");
                        ret = wl1271_ps_set_mode(wl, STATION_POWER_SAVE_MODE,
-                                                true);
+                                                wl->basic_rate, true);
                }
        } else if (!(conf->flags & IEEE80211_CONF_PS) &&
                   test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags)) {
@@ -1290,7 +1395,7 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
 
                if (test_bit(WL1271_FLAG_PSM, &wl->flags))
                        ret = wl1271_ps_set_mode(wl, STATION_ACTIVE_MODE,
-                                                true);
+                                                wl->basic_rate, true);
        }
 
        if (conf->power_level != wl->power_level) {
@@ -1316,11 +1421,15 @@ struct wl1271_filter_params {
        u8 mc_list[ACX_MC_ADDRESS_GROUP_MAX][ETH_ALEN];
 };
 
-static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw, int mc_count,
-                                      struct dev_addr_list *mc_list)
+static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw,
+                                      struct netdev_hw_addr_list *mc_list)
 {
        struct wl1271_filter_params *fp;
-       int i;
+       struct netdev_hw_addr *ha;
+       struct wl1271 *wl = hw->priv;
+
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               return 0;
 
        fp = kzalloc(sizeof(*fp), GFP_ATOMIC);
        if (!fp) {
@@ -1329,21 +1438,16 @@ static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw, int mc_count,
        }
 
        /* update multicast filtering parameters */
-       fp->enabled = true;
-       if (mc_count > ACX_MC_ADDRESS_GROUP_MAX) {
-               mc_count = 0;
-               fp->enabled = false;
-       }
-
        fp->mc_list_length = 0;
-       for (i = 0; i < mc_count; i++) {
-               if (mc_list->da_addrlen == ETH_ALEN) {
+       if (netdev_hw_addr_list_count(mc_list) > ACX_MC_ADDRESS_GROUP_MAX) {
+               fp->enabled = false;
+       } else {
+               fp->enabled = true;
+               netdev_hw_addr_list_for_each(ha, mc_list) {
                        memcpy(fp->mc_list[fp->mc_list_length],
-                              mc_list->da_addr, ETH_ALEN);
+                                       ha->addr, ETH_ALEN);
                        fp->mc_list_length++;
-               } else
-                       wl1271_warning("Unknown mc address length.");
-               mc_list = mc_list->next;
+               }
        }
 
        return (u64)(unsigned long)fp;
@@ -1368,15 +1472,16 @@ static void wl1271_op_configure_filter(struct ieee80211_hw *hw,
 
        mutex_lock(&wl->mutex);
 
-       if (wl->state == WL1271_STATE_OFF)
+       *total &= WL1271_SUPPORTED_FILTERS;
+       changed &= WL1271_SUPPORTED_FILTERS;
+
+       if (unlikely(wl->state == WL1271_STATE_OFF))
                goto out;
 
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
 
-       *total &= WL1271_SUPPORTED_FILTERS;
-       changed &= WL1271_SUPPORTED_FILTERS;
 
        if (*total & FIF_ALLMULTI)
                ret = wl1271_acx_group_address_tbl(wl, false, NULL, 0);
@@ -1387,14 +1492,14 @@ static void wl1271_op_configure_filter(struct ieee80211_hw *hw,
        if (ret < 0)
                goto out_sleep;
 
-       kfree(fp);
-
-       /* FIXME: We still need to set our filters properly */
-
        /* determine, whether supported filter values have changed */
        if (changed == 0)
                goto out_sleep;
 
+       /* configure filters */
+       wl->filters = *total;
+       wl1271_configure_filters(wl, 0);
+
        /* apply configured filters */
        ret = wl1271_acx_rx_config(wl, wl->rx_config, wl->rx_filter);
        if (ret < 0)
@@ -1405,6 +1510,7 @@ out_sleep:
 
 out:
        mutex_unlock(&wl->mutex);
+       kfree(fp);
 }
 
 static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
@@ -1429,7 +1535,7 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        wl1271_debug(DEBUG_CRYPT, "CMD: 0x%x", cmd);
        wl1271_dump(DEBUG_CRYPT, "ADDR: ", addr, ETH_ALEN);
        wl1271_debug(DEBUG_CRYPT, "Key: algo:0x%x, id:%d, len:%d flags 0x%x",
-                    key_conf->alg, key_conf->keyidx,
+                    key_conf->cipher, key_conf->keyidx,
                     key_conf->keylen, key_conf->flags);
        wl1271_dump(DEBUG_CRYPT, "KEY: ", key_conf->key, key_conf->keylen);
 
@@ -1445,28 +1551,34 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        if (ret < 0)
                goto out_unlock;
 
-       switch (key_conf->alg) {
-       case ALG_WEP:
+       switch (key_conf->cipher) {
+       case WLAN_CIPHER_SUITE_WEP40:
+       case WLAN_CIPHER_SUITE_WEP104:
                key_type = KEY_WEP;
 
                key_conf->hw_key_idx = key_conf->keyidx;
                break;
-       case ALG_TKIP:
+       case WLAN_CIPHER_SUITE_TKIP:
                key_type = KEY_TKIP;
 
                key_conf->hw_key_idx = key_conf->keyidx;
                tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
                tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
                break;
-       case ALG_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP:
                key_type = KEY_AES;
 
                key_conf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
                tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
                tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
                break;
+       case WL1271_CIPHER_SUITE_GEM:
+               key_type = KEY_GEM;
+               tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
+               tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
+               break;
        default:
-               wl1271_error("Unknown key algo 0x%x", key_conf->alg);
+               wl1271_error("Unknown key algo 0x%x", key_conf->cipher);
 
                ret = -EOPNOTSUPP;
                goto out_sleep;
@@ -1513,8 +1625,6 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        default:
                wl1271_error("Unsupported key cmd 0x%x", cmd);
                ret = -EOPNOTSUPP;
-               goto out_sleep;
-
                break;
        }
 
@@ -1529,6 +1639,7 @@ out:
 }
 
 static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
+                            struct ieee80211_vif *vif,
                             struct cfg80211_scan_request *req)
 {
        struct wl1271 *wl = hw->priv;
@@ -1549,12 +1660,7 @@ static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
        if (ret < 0)
                goto out;
 
-       if (wl1271_11a_enabled())
-               ret = wl1271_cmd_scan(hw->priv, ssid, len, 1, 0,
-                                     WL1271_SCAN_BAND_DUAL, 3);
-       else
-               ret = wl1271_cmd_scan(hw->priv, ssid, len, 1, 0,
-                                     WL1271_SCAN_BAND_2_4_GHZ, 3);
+       ret = wl1271_scan(hw->priv, ssid, len, req);
 
        wl1271_ps_elp_sleep(wl);
 
@@ -1567,10 +1673,13 @@ out:
 static int wl1271_op_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
 {
        struct wl1271 *wl = hw->priv;
-       int ret;
+       int ret = 0;
 
        mutex_lock(&wl->mutex);
 
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               goto out;
+
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
@@ -1612,6 +1721,7 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
        enum wl1271_cmd_ps_mode mode;
        struct wl1271 *wl = hw->priv;
        bool do_join = false;
+       bool set_assoc = false;
        int ret;
 
        wl1271_debug(DEBUG_MAC80211, "mac80211 bss info changed");
@@ -1622,20 +1732,29 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
        if (ret < 0)
                goto out;
 
-       if (wl->bss_type == BSS_TYPE_IBSS) {
-               /* FIXME: This implements rudimentary ad-hoc support -
-                  proper templates are on the wish list and notification
-                  on when they change. This patch will update the templates
-                  on every call to this function. */
+       if ((changed & BSS_CHANGED_BEACON_INT) &&
+           (wl->bss_type == BSS_TYPE_IBSS)) {
+               wl1271_debug(DEBUG_ADHOC, "ad-hoc beacon interval updated: %d",
+                       bss_conf->beacon_int);
+
+               wl->beacon_int = bss_conf->beacon_int;
+               do_join = true;
+       }
+
+       if ((changed & BSS_CHANGED_BEACON) &&
+           (wl->bss_type == BSS_TYPE_IBSS)) {
                struct sk_buff *beacon = ieee80211_beacon_get(hw, vif);
 
+               wl1271_debug(DEBUG_ADHOC, "ad-hoc beacon updated");
+
                if (beacon) {
                        struct ieee80211_hdr *hdr;
 
                        wl1271_ssid_set(wl, beacon);
                        ret = wl1271_cmd_template_set(wl, CMD_TEMPL_BEACON,
                                                      beacon->data,
-                                                     beacon->len);
+                                                     beacon->len, 0,
+                                                     wl1271_min_rate_get(wl));
 
                        if (ret < 0) {
                                dev_kfree_skb(beacon);
@@ -1650,7 +1769,8 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        ret = wl1271_cmd_template_set(wl,
                                                      CMD_TEMPL_PROBE_RESPONSE,
                                                      beacon->data,
-                                                     beacon->len);
+                                                     beacon->len, 0,
+                                                     wl1271_min_rate_get(wl));
                        dev_kfree_skb(beacon);
                        if (ret < 0)
                                goto out_sleep;
@@ -1660,20 +1780,48 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                }
        }
 
+       if ((changed & BSS_CHANGED_BEACON_ENABLED) &&
+           (wl->bss_type == BSS_TYPE_IBSS)) {
+               wl1271_debug(DEBUG_ADHOC, "ad-hoc beaconing: %s",
+                            bss_conf->enable_beacon ? "enabled" : "disabled");
+
+               if (bss_conf->enable_beacon)
+                       wl->set_bss_type = BSS_TYPE_IBSS;
+               else
+                       wl->set_bss_type = BSS_TYPE_STA_BSS;
+               do_join = true;
+       }
+
+       if (changed & BSS_CHANGED_CQM) {
+               bool enable = false;
+               if (bss_conf->cqm_rssi_thold)
+                       enable = true;
+               ret = wl1271_acx_rssi_snr_trigger(wl, enable,
+                                                 bss_conf->cqm_rssi_thold,
+                                                 bss_conf->cqm_rssi_hyst);
+               if (ret < 0)
+                       goto out;
+               wl->rssi_thold = bss_conf->cqm_rssi_thold;
+       }
+
        if ((changed & BSS_CHANGED_BSSID) &&
            /*
             * Now we know the correct bssid, so we send a new join command
             * and enable the BSSID filter
             */
            memcmp(wl->bssid, bss_conf->bssid, ETH_ALEN)) {
-                       wl->rx_config |= CFG_BSSID_FILTER_EN;
                        memcpy(wl->bssid, bss_conf->bssid, ETH_ALEN);
+
                        ret = wl1271_cmd_build_null_data(wl);
-                       if (ret < 0) {
-                               wl1271_warning("cmd buld null data failed %d",
-                                              ret);
+                       if (ret < 0)
                                goto out_sleep;
-                       }
+
+                       ret = wl1271_build_qos_null_data(wl);
+                       if (ret < 0)
+                               goto out_sleep;
+
+                       /* filter out all packets not from this BSSID */
+                       wl1271_configure_filters(wl, 0);
 
                        /* Need to update the BSSID (for filtering etc) */
                        do_join = true;
@@ -1681,8 +1829,23 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
 
        if (changed & BSS_CHANGED_ASSOC) {
                if (bss_conf->assoc) {
+                       u32 rates;
                        wl->aid = bss_conf->aid;
-                       set_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
+                       set_assoc = true;
+
+                       wl->ps_poll_failures = 0;
+
+                       /*
+                        * use basic rates from AP, and determine lowest rate
+                        * to use with control frames.
+                        */
+                       rates = bss_conf->basic_rates;
+                       wl->basic_rate_set = wl1271_tx_enabled_rates_get(wl,
+                                                                        rates);
+                       wl->basic_rate = wl1271_min_rate_get(wl);
+                       ret = wl1271_acx_rate_policies(wl);
+                       if (ret < 0)
+                               goto out_sleep;
 
                        /*
                         * with wl1271, we don't need to update the
@@ -1694,7 +1857,17 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        if (ret < 0)
                                goto out_sleep;
 
-                       ret = wl1271_acx_aid(wl, wl->aid);
+                       /*
+                        * The SSID is intentionally set to NULL here - the
+                        * firmware will set the probe request with a
+                        * broadcast SSID regardless of what we set in the
+                        * template.
+                        */
+                       ret = wl1271_cmd_build_probe_req(wl, NULL, 0,
+                                                        NULL, 0, wl->band);
+
+                       /* enable the connection monitoring feature */
+                       ret = wl1271_acx_conn_monit_params(wl, true);
                        if (ret < 0)
                                goto out_sleep;
 
@@ -1702,14 +1875,36 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        if (test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags) &&
                            !test_bit(WL1271_FLAG_PSM, &wl->flags)) {
                                mode = STATION_POWER_SAVE_MODE;
-                               ret = wl1271_ps_set_mode(wl, mode, true);
+                               ret = wl1271_ps_set_mode(wl, mode,
+                                                        wl->basic_rate,
+                                                        true);
                                if (ret < 0)
                                        goto out_sleep;
                        }
                } else {
                        /* use defaults when not associated */
+                       clear_bit(WL1271_FLAG_STA_STATE_SENT, &wl->flags);
                        clear_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
                        wl->aid = 0;
+
+                       /* re-enable dynamic ps - just in case */
+                       ieee80211_enable_dyn_ps(wl->vif);
+
+                       /* revert back to minimum rates for the current band */
+                       wl1271_set_band_rate(wl);
+                       wl->basic_rate = wl1271_min_rate_get(wl);
+                       ret = wl1271_acx_rate_policies(wl);
+                       if (ret < 0)
+                               goto out_sleep;
+
+                       /* disable connection monitor features */
+                       ret = wl1271_acx_conn_monit_params(wl, false);
+
+                       /* Disable the keep-alive feature */
+                       ret = wl1271_acx_keep_alive_mode(wl, false);
+
+                       if (ret < 0)
+                               goto out_sleep;
                }
 
        }
@@ -1743,13 +1938,25 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                }
        }
 
+       if (changed & BSS_CHANGED_ARP_FILTER) {
+               __be32 addr = bss_conf->arp_addr_list[0];
+               WARN_ON(wl->bss_type != BSS_TYPE_STA_BSS);
+
+               if (bss_conf->arp_addr_cnt == 1 && bss_conf->arp_filter_enabled)
+                       ret = wl1271_acx_arp_ip_filter(wl, true, addr);
+               else
+                       ret = wl1271_acx_arp_ip_filter(wl, false, addr);
+
+               if (ret < 0)
+                       goto out_sleep;
+       }
+
        if (do_join) {
-               ret = wl1271_cmd_join(wl, wl->bss_type);
+               ret = wl1271_join(wl, set_assoc);
                if (ret < 0) {
                        wl1271_warning("cmd join failed %d", ret);
                        goto out_sleep;
                }
-               set_bit(WL1271_FLAG_JOINED, &wl->flags);
        }
 
 out_sleep:
@@ -1763,6 +1970,7 @@ static int wl1271_op_conf_tx(struct ieee80211_hw *hw, u16 queue,
                             const struct ieee80211_tx_queue_params *params)
 {
        struct wl1271 *wl = hw->priv;
+       u8 ps_scheme;
        int ret;
 
        mutex_lock(&wl->mutex);
@@ -1780,11 +1988,15 @@ static int wl1271_op_conf_tx(struct ieee80211_hw *hw, u16 queue,
        if (ret < 0)
                goto out_sleep;
 
+       if (params->uapsd)
+               ps_scheme = CONF_PS_SCHEME_UPSD_TRIGGER;
+       else
+               ps_scheme = CONF_PS_SCHEME_LEGACY;
+
        ret = wl1271_acx_tid_cfg(wl, wl1271_tx_get_queue(queue),
                                 CONF_CHANNEL_TYPE_EDCF,
                                 wl1271_tx_get_queue(queue),
-                                CONF_PS_SCHEME_LEGACY_PSPOLL,
-                                CONF_ACK_POLICY_LEGACY, 0, 0);
+                                ps_scheme, CONF_ACK_POLICY_LEGACY, 0, 0);
        if (ret < 0)
                goto out_sleep;
 
@@ -1797,6 +2009,48 @@ out:
        return ret;
 }
 
+static u64 wl1271_op_get_tsf(struct ieee80211_hw *hw)
+{
+
+       struct wl1271 *wl = hw->priv;
+       u64 mactime = ULLONG_MAX;
+       int ret;
+
+       wl1271_debug(DEBUG_MAC80211, "mac80211 get tsf");
+
+       mutex_lock(&wl->mutex);
+
+       ret = wl1271_ps_elp_wakeup(wl, false);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_tsf_info(wl, &mactime);
+       if (ret < 0)
+               goto out_sleep;
+
+out_sleep:
+       wl1271_ps_elp_sleep(wl);
+
+out:
+       mutex_unlock(&wl->mutex);
+       return mactime;
+}
+
+static int wl1271_op_get_survey(struct ieee80211_hw *hw, int idx,
+                               struct survey_info *survey)
+{
+       struct wl1271 *wl = hw->priv;
+       struct ieee80211_conf *conf = &hw->conf;
+       if (idx != 0)
+               return -ENOENT;
+       survey->channel = conf->channel;
+       survey->filled = SURVEY_INFO_NOISE_DBM;
+       survey->noise = wl->noise;
+       return 0;
+}
 
 /* can't be const, mac80211 writes to this */
 static struct ieee80211_rate wl1271_rates[] = {
@@ -1841,23 +2095,71 @@ static struct ieee80211_rate wl1271_rates[] = {
          .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
 };
 
-/* can't be const, mac80211 writes to this */
+/*
+ * Can't be const, mac80211 writes to this. The order of the channels here
+ * is designed to improve scanning.
+ */
 static struct ieee80211_channel wl1271_channels[] = {
        { .hw_value = 1, .center_freq = 2412, .max_power = 25 },
-       { .hw_value = 2, .center_freq = 2417, .max_power = 25 },
-       { .hw_value = 3, .center_freq = 2422, .max_power = 25 },
-       { .hw_value = 4, .center_freq = 2427, .max_power = 25 },
        { .hw_value = 5, .center_freq = 2432, .max_power = 25 },
-       { .hw_value = 6, .center_freq = 2437, .max_power = 25 },
-       { .hw_value = 7, .center_freq = 2442, .max_power = 25 },
-       { .hw_value = 8, .center_freq = 2447, .max_power = 25 },
        { .hw_value = 9, .center_freq = 2452, .max_power = 25 },
-       { .hw_value = 10, .center_freq = 2457, .max_power = 25 },
-       { .hw_value = 11, .center_freq = 2462, .max_power = 25 },
-       { .hw_value = 12, .center_freq = 2467, .max_power = 25 },
        { .hw_value = 13, .center_freq = 2472, .max_power = 25 },
+       { .hw_value = 4, .center_freq = 2427, .max_power = 25 },
+       { .hw_value = 8, .center_freq = 2447, .max_power = 25 },
+       { .hw_value = 12, .center_freq = 2467, .max_power = 25 },
+       { .hw_value = 3, .center_freq = 2422, .max_power = 25 },
+       { .hw_value = 7, .center_freq = 2442, .max_power = 25 },
+       { .hw_value = 11, .center_freq = 2462, .max_power = 25 },
+       { .hw_value = 2, .center_freq = 2417, .max_power = 25 },
+       { .hw_value = 6, .center_freq = 2437, .max_power = 25 },
+       { .hw_value = 10, .center_freq = 2457, .max_power = 25 },
 };
 
+/* mapping to indexes for wl1271_rates */
+static const u8 wl1271_rate_to_idx_2ghz[] = {
+       /* MCS rates are used only with 11n */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS7 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS6 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS5 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS4 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS3 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS2 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS1 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS0 */
+
+       11,                            /* CONF_HW_RXTX_RATE_54   */
+       10,                            /* CONF_HW_RXTX_RATE_48   */
+       9,                             /* CONF_HW_RXTX_RATE_36   */
+       8,                             /* CONF_HW_RXTX_RATE_24   */
+
+       /* TI-specific rate */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_22   */
+
+       7,                             /* CONF_HW_RXTX_RATE_18   */
+       6,                             /* CONF_HW_RXTX_RATE_12   */
+       3,                             /* CONF_HW_RXTX_RATE_11   */
+       5,                             /* CONF_HW_RXTX_RATE_9    */
+       4,                             /* CONF_HW_RXTX_RATE_6    */
+       2,                             /* CONF_HW_RXTX_RATE_5_5  */
+       1,                             /* CONF_HW_RXTX_RATE_2    */
+       0                              /* CONF_HW_RXTX_RATE_1    */
+};
+
+/* 11n STA capabilities */
+#define HW_RX_HIGHEST_RATE     72
+
+#define WL1271_HT_CAP { \
+       .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20, \
+       .ht_supported = true, \
+       .ampdu_factor = IEEE80211_HT_MAX_AMPDU_8K, \
+       .ampdu_density = IEEE80211_HT_MPDU_DENSITY_8, \
+       .mcs = { \
+               .rx_mask = { 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, }, \
+               .rx_highest = cpu_to_le16(HW_RX_HIGHEST_RATE), \
+               .tx_params = IEEE80211_HT_MCS_TX_DEFINED, \
+               }, \
+}
+
 /* can't be const, mac80211 writes to this */
 static struct ieee80211_supported_band wl1271_band_2ghz = {
        .channels = wl1271_channels,
@@ -1894,52 +2196,84 @@ static struct ieee80211_rate wl1271_rates_5ghz[] = {
          .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
 };
 
-/* 5 GHz band channels for WL1273 */
+/*
+ * 5 GHz band channels for WL1273 - can't be const, mac80211 writes to this.
+ * The order of the channels here is designed to improve scanning.
+ */
 static struct ieee80211_channel wl1271_channels_5ghz[] = {
        { .hw_value = 183, .center_freq = 4915},
-       { .hw_value = 184, .center_freq = 4920},
-       { .hw_value = 185, .center_freq = 4925},
-       { .hw_value = 187, .center_freq = 4935},
        { .hw_value = 188, .center_freq = 4940},
-       { .hw_value = 189, .center_freq = 4945},
-       { .hw_value = 192, .center_freq = 4960},
-       { .hw_value = 196, .center_freq = 4980},
-       { .hw_value = 7, .center_freq = 5035},
        { .hw_value = 8, .center_freq = 5040},
-       { .hw_value = 9, .center_freq = 5045},
-       { .hw_value = 11, .center_freq = 5055},
-       { .hw_value = 12, .center_freq = 5060},
-       { .hw_value = 16, .center_freq = 5080},
        { .hw_value = 34, .center_freq = 5170},
-       { .hw_value = 36, .center_freq = 5180},
-       { .hw_value = 38, .center_freq = 5190},
-       { .hw_value = 40, .center_freq = 5200},
-       { .hw_value = 42, .center_freq = 5210},
        { .hw_value = 44, .center_freq = 5220},
-       { .hw_value = 46, .center_freq = 5230},
-       { .hw_value = 48, .center_freq = 5240},
-       { .hw_value = 52, .center_freq = 5260},
-       { .hw_value = 56, .center_freq = 5280},
        { .hw_value = 60, .center_freq = 5300},
-       { .hw_value = 64, .center_freq = 5320},
-       { .hw_value = 100, .center_freq = 5500},
-       { .hw_value = 104, .center_freq = 5520},
-       { .hw_value = 108, .center_freq = 5540},
        { .hw_value = 112, .center_freq = 5560},
-       { .hw_value = 116, .center_freq = 5580},
-       { .hw_value = 120, .center_freq = 5600},
-       { .hw_value = 124, .center_freq = 5620},
-       { .hw_value = 128, .center_freq = 5640},
        { .hw_value = 132, .center_freq = 5660},
+       { .hw_value = 157, .center_freq = 5785},
+       { .hw_value = 184, .center_freq = 4920},
+       { .hw_value = 189, .center_freq = 4945},
+       { .hw_value = 9, .center_freq = 5045},
+       { .hw_value = 36, .center_freq = 5180},
+       { .hw_value = 46, .center_freq = 5230},
+       { .hw_value = 64, .center_freq = 5320},
+       { .hw_value = 116, .center_freq = 5580},
        { .hw_value = 136, .center_freq = 5680},
+       { .hw_value = 192, .center_freq = 4960},
+       { .hw_value = 11, .center_freq = 5055},
+       { .hw_value = 38, .center_freq = 5190},
+       { .hw_value = 48, .center_freq = 5240},
+       { .hw_value = 100, .center_freq = 5500},
+       { .hw_value = 120, .center_freq = 5600},
        { .hw_value = 140, .center_freq = 5700},
+       { .hw_value = 185, .center_freq = 4925},
+       { .hw_value = 196, .center_freq = 4980},
+       { .hw_value = 12, .center_freq = 5060},
+       { .hw_value = 40, .center_freq = 5200},
+       { .hw_value = 52, .center_freq = 5260},
+       { .hw_value = 104, .center_freq = 5520},
+       { .hw_value = 124, .center_freq = 5620},
        { .hw_value = 149, .center_freq = 5745},
-       { .hw_value = 153, .center_freq = 5765},
-       { .hw_value = 157, .center_freq = 5785},
        { .hw_value = 161, .center_freq = 5805},
+       { .hw_value = 187, .center_freq = 4935},
+       { .hw_value = 7, .center_freq = 5035},
+       { .hw_value = 16, .center_freq = 5080},
+       { .hw_value = 42, .center_freq = 5210},
+       { .hw_value = 56, .center_freq = 5280},
+       { .hw_value = 108, .center_freq = 5540},
+       { .hw_value = 128, .center_freq = 5640},
+       { .hw_value = 153, .center_freq = 5765},
        { .hw_value = 165, .center_freq = 5825},
 };
 
+/* mapping to indexes for wl1271_rates_5ghz */
+static const u8 wl1271_rate_to_idx_5ghz[] = {
+       /* MCS rates are used only with 11n */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS7 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS6 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS5 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS4 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS3 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS2 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS1 */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS0 */
+
+       7,                             /* CONF_HW_RXTX_RATE_54   */
+       6,                             /* CONF_HW_RXTX_RATE_48   */
+       5,                             /* CONF_HW_RXTX_RATE_36   */
+       4,                             /* CONF_HW_RXTX_RATE_24   */
+
+       /* TI-specific rate */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_22   */
+
+       3,                             /* CONF_HW_RXTX_RATE_18   */
+       2,                             /* CONF_HW_RXTX_RATE_12   */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_11   */
+       1,                             /* CONF_HW_RXTX_RATE_9    */
+       0,                             /* CONF_HW_RXTX_RATE_6    */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_5_5  */
+       CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_2    */
+       CONF_HW_RXTX_RATE_UNSUPPORTED  /* CONF_HW_RXTX_RATE_1    */
+};
 
 static struct ieee80211_supported_band wl1271_band_5ghz = {
        .channels = wl1271_channels_5ghz,
@@ -1948,13 +2282,17 @@ static struct ieee80211_supported_band wl1271_band_5ghz = {
        .n_bitrates = ARRAY_SIZE(wl1271_rates_5ghz),
 };
 
+static const u8 *wl1271_band_rate_to_idx[] = {
+       [IEEE80211_BAND_2GHZ] = wl1271_rate_to_idx_2ghz,
+       [IEEE80211_BAND_5GHZ] = wl1271_rate_to_idx_5ghz
+};
+
 static const struct ieee80211_ops wl1271_ops = {
        .start = wl1271_op_start,
        .stop = wl1271_op_stop,
        .add_interface = wl1271_op_add_interface,
        .remove_interface = wl1271_op_remove_interface,
        .config = wl1271_op_config,
-/*     .config_interface = wl1271_op_config_interface, */
        .prepare_multicast = wl1271_op_prepare_multicast,
        .configure_filter = wl1271_op_configure_filter,
        .tx = wl1271_op_tx,
@@ -1963,9 +2301,115 @@ static const struct ieee80211_ops wl1271_ops = {
        .bss_info_changed = wl1271_op_bss_info_changed,
        .set_rts_threshold = wl1271_op_set_rts_threshold,
        .conf_tx = wl1271_op_conf_tx,
+       .get_tsf = wl1271_op_get_tsf,
+       .get_survey = wl1271_op_get_survey,
        CFG80211_TESTMODE_CMD(wl1271_tm_cmd)
 };
 
+
+u8 wl1271_rate_to_idx(struct wl1271 *wl, int rate)
+{
+       u8 idx;
+
+       BUG_ON(wl->band >= sizeof(wl1271_band_rate_to_idx)/sizeof(u8 *));
+
+       if (unlikely(rate >= CONF_HW_RXTX_RATE_MAX)) {
+               wl1271_error("Illegal RX rate from HW: %d", rate);
+               return 0;
+       }
+
+       idx = wl1271_band_rate_to_idx[wl->band][rate];
+       if (unlikely(idx == CONF_HW_RXTX_RATE_UNSUPPORTED)) {
+               wl1271_error("Unsupported RX rate from HW: %d", rate);
+               return 0;
+       }
+
+       return idx;
+}
+
+static ssize_t wl1271_sysfs_show_bt_coex_state(struct device *dev,
+                                              struct device_attribute *attr,
+                                              char *buf)
+{
+       struct wl1271 *wl = dev_get_drvdata(dev);
+       ssize_t len;
+
+       len = PAGE_SIZE;
+
+       mutex_lock(&wl->mutex);
+       len = snprintf(buf, len, "%d\n\n0 - off\n1 - on\n",
+                      wl->sg_enabled);
+       mutex_unlock(&wl->mutex);
+
+       return len;
+
+}
+
+static ssize_t wl1271_sysfs_store_bt_coex_state(struct device *dev,
+                                               struct device_attribute *attr,
+                                               const char *buf, size_t count)
+{
+       struct wl1271 *wl = dev_get_drvdata(dev);
+       unsigned long res;
+       int ret;
+
+       ret = strict_strtoul(buf, 10, &res);
+
+       if (ret < 0) {
+               wl1271_warning("incorrect value written to bt_coex_mode");
+               return count;
+       }
+
+       mutex_lock(&wl->mutex);
+
+       res = !!res;
+
+       if (res == wl->sg_enabled)
+               goto out;
+
+       wl->sg_enabled = res;
+
+       if (wl->state == WL1271_STATE_OFF)
+               goto out;
+
+       ret = wl1271_ps_elp_wakeup(wl, false);
+       if (ret < 0)
+               goto out;
+
+       wl1271_acx_sg_enable(wl, wl->sg_enabled);
+       wl1271_ps_elp_sleep(wl);
+
+ out:
+       mutex_unlock(&wl->mutex);
+       return count;
+}
+
+static DEVICE_ATTR(bt_coex_state, S_IRUGO | S_IWUSR,
+                  wl1271_sysfs_show_bt_coex_state,
+                  wl1271_sysfs_store_bt_coex_state);
+
+static ssize_t wl1271_sysfs_show_hw_pg_ver(struct device *dev,
+                                          struct device_attribute *attr,
+                                          char *buf)
+{
+       struct wl1271 *wl = dev_get_drvdata(dev);
+       ssize_t len;
+
+       len = PAGE_SIZE;
+
+       mutex_lock(&wl->mutex);
+       if (wl->hw_pg_ver >= 0)
+               len = snprintf(buf, len, "%d\n", wl->hw_pg_ver);
+       else
+               len = snprintf(buf, len, "n/a\n");
+       mutex_unlock(&wl->mutex);
+
+       return len;
+}
+
+static DEVICE_ATTR(hw_pg_ver, S_IRUGO | S_IWUSR,
+                  wl1271_sysfs_show_hw_pg_ver, NULL);
+
 int wl1271_register_hw(struct wl1271 *wl)
 {
        int ret;
@@ -1983,14 +2427,33 @@ int wl1271_register_hw(struct wl1271 *wl)
 
        wl->mac80211_registered = true;
 
+       register_netdevice_notifier(&wl1271_dev_notifier);
+
        wl1271_notice("loaded");
 
        return 0;
 }
 EXPORT_SYMBOL_GPL(wl1271_register_hw);
 
+void wl1271_unregister_hw(struct wl1271 *wl)
+{
+       unregister_netdevice_notifier(&wl1271_dev_notifier);
+       ieee80211_unregister_hw(wl->hw);
+       wl->mac80211_registered = false;
+
+}
+EXPORT_SYMBOL_GPL(wl1271_unregister_hw);
+
 int wl1271_init_ieee80211(struct wl1271 *wl)
 {
+       static const u32 cipher_suites[] = {
+               WLAN_CIPHER_SUITE_WEP40,
+               WLAN_CIPHER_SUITE_WEP104,
+               WLAN_CIPHER_SUITE_TKIP,
+               WLAN_CIPHER_SUITE_CCMP,
+               WL1271_CIPHER_SUITE_GEM,
+       };
+
        /* The tx descriptor buffer and the TKIP space. */
        wl->hw->extra_tx_headroom = WL1271_TKIP_IV_SPACE +
                sizeof(struct wl1271_tx_hw_descr);
@@ -1998,20 +2461,27 @@ int wl1271_init_ieee80211(struct wl1271 *wl)
        /* unit us */
        /* FIXME: find a proper value */
        wl->hw->channel_change_time = 10000;
+       wl->hw->max_listen_interval = wl->conf.conn.max_listen_interval;
 
        wl->hw->flags = IEEE80211_HW_SIGNAL_DBM |
-               IEEE80211_HW_NOISE_DBM |
                IEEE80211_HW_BEACON_FILTER |
                IEEE80211_HW_SUPPORTS_PS |
-               IEEE80211_HW_HAS_RATE_CONTROL;
+               IEEE80211_HW_SUPPORTS_UAPSD |
+               IEEE80211_HW_HAS_RATE_CONTROL |
+               IEEE80211_HW_CONNECTION_MONITOR |
+               IEEE80211_HW_SUPPORTS_CQM_RSSI;
+
+       wl->hw->wiphy->cipher_suites = cipher_suites;
+       wl->hw->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
 
        wl->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
                BIT(NL80211_IFTYPE_ADHOC);
        wl->hw->wiphy->max_scan_ssids = 1;
        wl->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &wl1271_band_2ghz;
+       wl->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &wl1271_band_5ghz;
 
-       if (wl1271_11a_enabled())
-               wl->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &wl1271_band_5ghz;
+       wl->hw->queues = 4;
+       wl->hw->max_rates = 1;
 
        SET_IEEE80211_DEV(wl->hw, wl1271_wl_to_dev(wl));
 
@@ -2024,13 +2494,23 @@ EXPORT_SYMBOL_GPL(wl1271_init_ieee80211);
 struct ieee80211_hw *wl1271_alloc_hw(void)
 {
        struct ieee80211_hw *hw;
+       struct platform_device *plat_dev = NULL;
        struct wl1271 *wl;
-       int i;
+       int i, ret;
+       unsigned int order;
 
        hw = ieee80211_alloc_hw(sizeof(*wl), &wl1271_ops);
        if (!hw) {
                wl1271_error("could not alloc ieee80211_hw");
-               return ERR_PTR(-ENOMEM);
+               ret = -ENOMEM;
+               goto err_hw_alloc;
+       }
+
+       plat_dev = kmemdup(&wl1271_device, sizeof(wl1271_device), GFP_KERNEL);
+       if (!plat_dev) {
+               wl1271_error("could not allocate platform_device");
+               ret = -ENOMEM;
+               goto err_plat_alloc;
        }
 
        wl = hw->priv;
@@ -2039,11 +2519,18 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
        INIT_LIST_HEAD(&wl->list);
 
        wl->hw = hw;
+       wl->plat_dev = plat_dev;
 
        skb_queue_head_init(&wl->tx_queue);
 
        INIT_DELAYED_WORK(&wl->elp_work, wl1271_elp_work);
+       INIT_DELAYED_WORK(&wl->pspoll_work, wl1271_pspoll_work);
+       INIT_WORK(&wl->irq_work, wl1271_irq_work);
+       INIT_WORK(&wl->tx_work, wl1271_tx_work);
+       INIT_WORK(&wl->recovery_work, wl1271_recovery_work);
+       INIT_DELAYED_WORK(&wl->scan_complete_work, wl1271_scan_complete_work);
        wl->channel = WL1271_DEFAULT_CHANNEL;
+       wl->beacon_int = WL1271_DEFAULT_BEACON_INT;
        wl->default_key = 0;
        wl->rx_counter = 0;
        wl->rx_config = WL1271_DEFAULT_RX_CONFIG;
@@ -2051,12 +2538,16 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
        wl->psm_entry_retry = 0;
        wl->power_level = WL1271_DEFAULT_POWER_LEVEL;
        wl->basic_rate_set = CONF_TX_RATE_MASK_BASIC;
+       wl->basic_rate = CONF_TX_RATE_MASK_BASIC;
        wl->rate_set = CONF_TX_RATE_MASK_BASIC;
        wl->sta_rate_set = 0;
        wl->band = IEEE80211_BAND_2GHZ;
        wl->vif = NULL;
        wl->flags = 0;
+       wl->sg_enabled = true;
+       wl->hw_pg_ver = -1;
 
+       memset(wl->tx_frames_map, 0, sizeof(wl->tx_frames_map));
        for (i = 0; i < ACX_TX_DESCRIPTORS; i++)
                wl->tx_frames[i] = NULL;
 
@@ -2070,17 +2561,68 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
 
        wl1271_debugfs_init(wl);
 
+       order = get_order(WL1271_AGGR_BUFFER_SIZE);
+       wl->aggr_buf = (u8 *)__get_free_pages(GFP_KERNEL, order);
+       if (!wl->aggr_buf) {
+               ret = -ENOMEM;
+               goto err_hw;
+       }
+
+       /* Register platform device */
+       ret = platform_device_register(wl->plat_dev);
+       if (ret) {
+               wl1271_error("couldn't register platform device");
+               goto err_aggr;
+       }
+       dev_set_drvdata(&wl->plat_dev->dev, wl);
+
+       /* Create sysfs file to control bt coex state */
+       ret = device_create_file(&wl->plat_dev->dev, &dev_attr_bt_coex_state);
+       if (ret < 0) {
+               wl1271_error("failed to create sysfs file bt_coex_state");
+               goto err_platform;
+       }
+
+       /* Create sysfs file to get HW PG version */
+       ret = device_create_file(&wl->plat_dev->dev, &dev_attr_hw_pg_ver);
+       if (ret < 0) {
+               wl1271_error("failed to create sysfs file hw_pg_ver");
+               goto err_bt_coex_state;
+       }
+
        return hw;
+
+err_bt_coex_state:
+       device_remove_file(&wl->plat_dev->dev, &dev_attr_bt_coex_state);
+
+err_platform:
+       platform_device_unregister(wl->plat_dev);
+
+err_aggr:
+       free_pages((unsigned long)wl->aggr_buf, order);
+
+err_hw:
+       wl1271_debugfs_exit(wl);
+       kfree(plat_dev);
+
+err_plat_alloc:
+       ieee80211_free_hw(hw);
+
+err_hw_alloc:
+
+       return ERR_PTR(ret);
 }
 EXPORT_SYMBOL_GPL(wl1271_alloc_hw);
 
 int wl1271_free_hw(struct wl1271 *wl)
 {
-       ieee80211_unregister_hw(wl->hw);
+       platform_device_unregister(wl->plat_dev);
+       free_pages((unsigned long)wl->aggr_buf,
+                       get_order(WL1271_AGGR_BUFFER_SIZE));
+       kfree(wl->plat_dev);
 
        wl1271_debugfs_exit(wl);
 
-       kfree(wl->target_mem_map);
        vfree(wl->fw);
        wl->fw = NULL;
        kfree(wl->nvs);