wl1271: 11n Support, Add Definitions
[linux-2.6.git] / drivers / net / wireless / wl12xx / wl1271_main.c
index afab52b..5d5f4c6 100644 (file)
@@ -28,8 +28,8 @@
 #include <linux/crc32.h>
 #include <linux/etherdevice.h>
 #include <linux/vmalloc.h>
-#include <linux/inetdevice.h>
 #include <linux/platform_device.h>
+#include <linux/slab.h>
 
 #include "wl1271.h"
 #include "wl12xx_80211.h"
@@ -44,6 +44,7 @@
 #include "wl1271_cmd.h"
 #include "wl1271_boot.h"
 #include "wl1271_testmode.h"
+#include "wl1271_scan.h"
 
 #define WL1271_BOOT_RETRIES 3
 
@@ -54,7 +55,7 @@ static struct conf_drv_settings default_conf = {
                        [CONF_SG_HV3_MAX_OVERRIDE]                  = 0,
                        [CONF_SG_BT_NFS_SAMPLE_INTERVAL]            = 400,
                        [CONF_SG_BT_LOAD_RATIO]                     = 50,
-                       [CONF_SG_AUTO_PS_MODE]                      = 0,
+                       [CONF_SG_AUTO_PS_MODE]                      = 1,
                        [CONF_SG_AUTO_SCAN_PROBE_REQ]               = 170,
                        [CONF_SG_ACTIVE_SCAN_DURATION_FACTOR_HV3]   = 50,
                        [CONF_SG_ANTENNA_CONFIGURATION]             = 0,
@@ -116,36 +117,35 @@ static struct conf_drv_settings default_conf = {
        .tx = {
                .tx_energy_detection         = 0,
                .rc_conf                     = {
-                       .enabled_rates       = CONF_HW_BIT_RATE_1MBPS |
-                                              CONF_HW_BIT_RATE_2MBPS,
+                       .enabled_rates       = 0,
                        .short_retry_limit   = 10,
                        .long_retry_limit    = 10,
                        .aflags              = 0
                },
                .ac_conf_count               = 4,
                .ac_conf                     = {
-                       [0] = {
+                       [CONF_TX_AC_BE] = {
                                .ac          = CONF_TX_AC_BE,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = 3,
                                .tx_op_limit = 0,
                        },
-                       [1] = {
+                       [CONF_TX_AC_BK] = {
                                .ac          = CONF_TX_AC_BK,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = 7,
                                .tx_op_limit = 0,
                        },
-                       [2] = {
+                       [CONF_TX_AC_VI] = {
                                .ac          = CONF_TX_AC_VI,
                                .cw_min      = 15,
                                .cw_max      = 63,
                                .aifsn       = CONF_TX_AIFS_PIFS,
                                .tx_op_limit = 3008,
                        },
-                       [3] = {
+                       [CONF_TX_AC_VO] = {
                                .ac          = CONF_TX_AC_VO,
                                .cw_min      = 15,
                                .cw_max      = 63,
@@ -153,72 +153,50 @@ static struct conf_drv_settings default_conf = {
                                .tx_op_limit = 1504,
                        },
                },
-               .tid_conf_count = 7,
+               .tid_conf_count = 4,
                .tid_conf = {
-                       [0] = {
-                               .queue_id    = 0,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       },
-                       [1] = {
-                               .queue_id    = 1,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       },
-                       [2] = {
-                               .queue_id    = 2,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
+                       [CONF_TX_AC_BE] = {
+                               .queue_id    = CONF_TX_AC_BE,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
                                .tsid        = CONF_TX_AC_BE,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [3] = {
-                               .queue_id    = 3,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_BK] = {
+                               .queue_id    = CONF_TX_AC_BK,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_BK,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [4] = {
-                               .queue_id    = 4,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_VI] = {
+                               .queue_id    = CONF_TX_AC_VI,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_VI,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [5] = {
-                               .queue_id    = 5,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
+                       [CONF_TX_AC_VO] = {
+                               .queue_id    = CONF_TX_AC_VO,
+                               .channel_type = CONF_CHANNEL_TYPE_EDCF,
+                               .tsid        = CONF_TX_AC_VO,
                                .ps_scheme   = CONF_PS_SCHEME_LEGACY,
                                .ack_policy  = CONF_ACK_POLICY_LEGACY,
                                .apsd_conf   = {0, 0},
                        },
-                       [6] = {
-                               .queue_id    = 6,
-                               .channel_type = CONF_CHANNEL_TYPE_DCF,
-                               .tsid        = CONF_TX_AC_BE,
-                               .ps_scheme   = CONF_PS_SCHEME_LEGACY,
-                               .ack_policy  = CONF_ACK_POLICY_LEGACY,
-                               .apsd_conf   = {0, 0},
-                       }
                },
                .frag_threshold              = IEEE80211_MAX_FRAG_THRESHOLD,
                .tx_compl_timeout            = 700,
-               .tx_compl_threshold          = 4
+               .tx_compl_threshold          = 4,
+               .basic_rate                  = CONF_HW_BIT_RATE_1MBPS,
+               .basic_rate_5                = CONF_HW_BIT_RATE_6MBPS,
        },
        .conn = {
                .wake_up_event               = CONF_WAKE_UP_EVENT_DTIM,
-               .listen_interval             = 0,
+               .listen_interval             = 1,
                .bcn_filt_mode               = CONF_BCN_FILT_MODE_ENABLED,
                .bcn_filt_ie_count           = 1,
                .bcn_filt_ie = {
@@ -232,44 +210,15 @@ static struct conf_drv_settings default_conf = {
                .beacon_rx_timeout           = 10000,
                .broadcast_timeout           = 20000,
                .rx_broadcast_in_ps          = 1,
-               .ps_poll_threshold           = 20,
-               .sig_trigger_count           = 2,
-               .sig_trigger = {
-                       [0] = {
-                               .threshold   = -75,
-                               .pacing      = 500,
-                               .metric      = CONF_TRIG_METRIC_RSSI_BEACON,
-                               .type        = CONF_TRIG_EVENT_TYPE_EDGE,
-                               .direction   = CONF_TRIG_EVENT_DIR_LOW,
-                               .hysteresis  = 2,
-                               .index       = 0,
-                               .enable      = 1
-                       },
-                       [1] = {
-                               .threshold   = -75,
-                               .pacing      = 500,
-                               .metric      = CONF_TRIG_METRIC_RSSI_BEACON,
-                               .type        = CONF_TRIG_EVENT_TYPE_EDGE,
-                               .direction   = CONF_TRIG_EVENT_DIR_HIGH,
-                               .hysteresis  = 2,
-                               .index       = 1,
-                               .enable      = 1
-                       }
-               },
-               .sig_weights = {
-                       .rssi_bcn_avg_weight = 10,
-                       .rssi_pkt_avg_weight = 10,
-                       .snr_bcn_avg_weight  = 10,
-                       .snr_pkt_avg_weight  = 10
-               },
+               .ps_poll_threshold           = 10,
+               .ps_poll_recovery_period     = 700,
                .bet_enable                  = CONF_BET_MODE_ENABLE,
                .bet_max_consecutive         = 10,
-               .psm_entry_retries           = 3
-       },
-       .init = {
-               .radioparam = {
-                       .fem                 = 1,
-               }
+               .psm_entry_retries           = 5,
+               .psm_entry_nullfunc_retries  = 3,
+               .psm_entry_hangover_period   = 1,
+               .keep_alive_interval         = 55000,
+               .max_listen_interval         = 20,
        },
        .itrim = {
                .enable = false,
@@ -278,9 +227,36 @@ static struct conf_drv_settings default_conf = {
        .pm_config = {
                .host_clk_settling_time = 5000,
                .host_fast_wakeup_support = false
-       }
+       },
+       .roam_trigger = {
+               .trigger_pacing               = 1,
+               .avg_weight_rssi_beacon       = 20,
+               .avg_weight_rssi_data         = 10,
+               .avg_weight_snr_beacon        = 20,
+               .avg_weight_snr_data          = 10
+       },
+       .scan = {
+               .min_dwell_time_active        = 7500,
+               .max_dwell_time_active        = 30000,
+               .min_dwell_time_passive       = 30000,
+               .max_dwell_time_passive       = 60000,
+               .num_probe_reqs               = 2,
+       },
+       .rf = {
+               .tx_per_channel_power_compensation_2 = {
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+               },
+               .tx_per_channel_power_compensation_5 = {
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+               },
+       },
 };
 
+static void __wl1271_op_remove_interface(struct wl1271 *wl);
+
+
 static void wl1271_device_release(struct device *dev)
 {
 
@@ -298,6 +274,67 @@ static struct platform_device wl1271_device = {
 
 static LIST_HEAD(wl_list);
 
+static int wl1271_dev_notify(struct notifier_block *me, unsigned long what,
+                            void *arg)
+{
+       struct net_device *dev = arg;
+       struct wireless_dev *wdev;
+       struct wiphy *wiphy;
+       struct ieee80211_hw *hw;
+       struct wl1271 *wl;
+       struct wl1271 *wl_temp;
+       int ret = 0;
+
+       /* Check that this notification is for us. */
+       if (what != NETDEV_CHANGE)
+               return NOTIFY_DONE;
+
+       wdev = dev->ieee80211_ptr;
+       if (wdev == NULL)
+               return NOTIFY_DONE;
+
+       wiphy = wdev->wiphy;
+       if (wiphy == NULL)
+               return NOTIFY_DONE;
+
+       hw = wiphy_priv(wiphy);
+       if (hw == NULL)
+               return NOTIFY_DONE;
+
+       wl_temp = hw->priv;
+       list_for_each_entry(wl, &wl_list, list) {
+               if (wl == wl_temp)
+                       break;
+       }
+       if (wl != wl_temp)
+               return NOTIFY_DONE;
+
+       mutex_lock(&wl->mutex);
+
+       if (wl->state == WL1271_STATE_OFF)
+               goto out;
+
+       if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               goto out;
+
+       ret = wl1271_ps_elp_wakeup(wl, false);
+       if (ret < 0)
+               goto out;
+
+       if ((dev->operstate == IF_OPER_UP) &&
+           !test_and_set_bit(WL1271_FLAG_STA_STATE_SENT, &wl->flags)) {
+               wl1271_cmd_set_sta_state(wl);
+               wl1271_info("Association completed.");
+       }
+
+       wl1271_ps_elp_sleep(wl);
+
+out:
+       mutex_unlock(&wl->mutex);
+
+       return NOTIFY_OK;
+}
+
 static void wl1271_conf_init(struct wl1271 *wl)
 {
 
@@ -330,6 +367,10 @@ static int wl1271_plt_init(struct wl1271 *wl)
        if (ret < 0)
                return ret;
 
+       ret = wl1271_cmd_ext_radio_parms(wl);
+       if (ret < 0)
+               return ret;
+
        ret = wl1271_init_templates_config(wl);
        if (ret < 0)
                return ret;
@@ -367,8 +408,16 @@ static int wl1271_plt_init(struct wl1271 *wl)
        if (ret < 0)
                goto out_free_memmap;
 
-       /* Default TID configuration */
+       /* Default TID/AC configuration */
+       BUG_ON(wl->conf.tx.tid_conf_count != wl->conf.tx.ac_conf_count);
        for (i = 0; i < wl->conf.tx.tid_conf_count; i++) {
+               conf_ac = &wl->conf.tx.ac_conf[i];
+               ret = wl1271_acx_ac_cfg(wl, conf_ac->ac, conf_ac->cw_min,
+                                       conf_ac->cw_max, conf_ac->aifsn,
+                                       conf_ac->tx_op_limit);
+               if (ret < 0)
+                       goto out_free_memmap;
+
                conf_tid = &wl->conf.tx.tid_conf[i];
                ret = wl1271_acx_tid_cfg(wl, conf_tid->queue_id,
                                         conf_tid->channel_type,
@@ -381,16 +430,6 @@ static int wl1271_plt_init(struct wl1271 *wl)
                        goto out_free_memmap;
        }
 
-       /* Default AC configuration */
-       for (i = 0; i < wl->conf.tx.ac_conf_count; i++) {
-               conf_ac = &wl->conf.tx.ac_conf[i];
-               ret = wl1271_acx_ac_cfg(wl, conf_ac->ac, conf_ac->cw_min,
-                                       conf_ac->cw_max, conf_ac->aifsn,
-                                       conf_ac->tx_op_limit);
-               if (ret < 0)
-                       goto out_free_memmap;
-       }
-
        /* Enable data path */
        ret = wl1271_cmd_data_path(wl, 1);
        if (ret < 0)
@@ -442,9 +481,9 @@ static void wl1271_fw_status(struct wl1271 *wl,
                total += cnt;
        }
 
-       /* if more blocks are available now, schedule some tx work */
-       if (total && !skb_queue_empty(&wl->tx_queue))
-               ieee80211_queue_work(wl->hw, &wl->tx_work);
+       /* if more blocks are available now, tx work can be scheduled */
+       if (total)
+               clear_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags);
 
        /* update the host-chipset time offset */
        getnstimeofday(&ts);
@@ -484,6 +523,7 @@ static void wl1271_irq_work(struct work_struct *work)
                intr = le32_to_cpu(wl->fw_status->intr);
                if (!intr) {
                        wl1271_debug(DEBUG_IRQ, "Zero interrupt received.");
+                       spin_lock_irqsave(&wl->wl_lock, flags);
                        continue;
                }
 
@@ -497,6 +537,16 @@ static void wl1271_irq_work(struct work_struct *work)
                            (wl->tx_results_count & 0xff))
                                wl1271_tx_complete(wl);
 
+                       /* Check if any tx blocks were freed */
+                       if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags) &&
+                                       !skb_queue_empty(&wl->tx_queue)) {
+                               /*
+                                * In order to avoid starvation of the TX path,
+                                * call the work function directly.
+                                */
+                               wl1271_tx_work_locked(wl);
+                       }
+
                        wl1271_rx(wl, wl->fw_status);
                }
 
@@ -582,14 +632,7 @@ static int wl1271_fetch_nvs(struct wl1271 *wl)
                return ret;
        }
 
-       if (fw->size != sizeof(struct wl1271_nvs_file)) {
-               wl1271_error("nvs size is not as expected: %zu != %zu",
-                            fw->size, sizeof(struct wl1271_nvs_file));
-               ret = -EILSEQ;
-               goto out;
-       }
-
-       wl->nvs = kmalloc(sizeof(struct wl1271_nvs_file), GFP_KERNEL);
+       wl->nvs = kmemdup(fw->data, sizeof(struct wl1271_nvs_file), GFP_KERNEL);
 
        if (!wl->nvs) {
                wl1271_error("could not allocate memory for the nvs file");
@@ -597,7 +640,7 @@ static int wl1271_fetch_nvs(struct wl1271 *wl)
                goto out;
        }
 
-       memcpy(wl->nvs, fw->data, sizeof(struct wl1271_nvs_file));
+       wl->nvs_len = fw->size;
 
 out:
        release_firmware(fw);
@@ -605,6 +648,29 @@ out:
        return ret;
 }
 
+static void wl1271_recovery_work(struct work_struct *work)
+{
+       struct wl1271 *wl =
+               container_of(work, struct wl1271, recovery_work);
+
+       mutex_lock(&wl->mutex);
+
+       if (wl->state != WL1271_STATE_ON)
+               goto out;
+
+       wl1271_info("Hardware recovery in progress.");
+
+       if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               ieee80211_connection_loss(wl->vif);
+
+       /* reboot the chipset */
+       __wl1271_op_remove_interface(wl);
+       ieee80211_restart_hw(wl->hw);
+
+out:
+       mutex_unlock(&wl->mutex);
+}
+
 static void wl1271_fw_wakeup(struct wl1271 *wl)
 {
        u32 elp_reg;
@@ -625,8 +691,6 @@ static int wl1271_setup(struct wl1271 *wl)
                return -ENOMEM;
        }
 
-       INIT_WORK(&wl->irq_work, wl1271_irq_work);
-       INIT_WORK(&wl->tx_work, wl1271_tx_work);
        return 0;
 }
 
@@ -636,7 +700,9 @@ static int wl1271_chip_wakeup(struct wl1271 *wl)
        int ret = 0;
 
        msleep(WL1271_PRE_POWER_ON_SLEEP);
-       wl1271_power_on(wl);
+       ret = wl1271_power_on(wl);
+       if (ret < 0)
+               goto out;
        msleep(WL1271_POWER_ON_SLEEP);
        wl1271_io_reset(wl);
        wl1271_io_init(wl);
@@ -781,10 +847,12 @@ int wl1271_plt_stop(struct wl1271 *wl)
 out:
        mutex_unlock(&wl->mutex);
 
+       cancel_work_sync(&wl->irq_work);
+       cancel_work_sync(&wl->recovery_work);
+
        return ret;
 }
 
-
 static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
 {
        struct wl1271 *wl = hw->priv;
@@ -809,7 +877,8 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
         * before that, the tx_work will not be initialized!
         */
 
-       ieee80211_queue_work(wl->hw, &wl->tx_work);
+       if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags))
+               ieee80211_queue_work(wl->hw, &wl->tx_work);
 
        /*
         * The workqueue is slow to process the tx_queue and we need stop
@@ -827,93 +896,10 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
        return NETDEV_TX_OK;
 }
 
-static int wl1271_dev_notify(struct notifier_block *me, unsigned long what,
-                            void *arg)
-{
-       struct net_device *dev;
-       struct wireless_dev *wdev;
-       struct wiphy *wiphy;
-       struct ieee80211_hw *hw;
-       struct wl1271 *wl;
-       struct wl1271 *wl_temp;
-       struct in_device *idev;
-       struct in_ifaddr *ifa = arg;
-       int ret = 0;
-
-       /* FIXME: this ugly function should probably be implemented in the
-        * mac80211, and here should only be a simple callback handling actual
-        * setting of the filters. Now we need to dig up references to
-        * various structures to gain access to what we need.
-        * Also, because of this, there is no "initial" setting of the filter
-        * in "op_start", because we don't want to dig up struct net_device
-        * there - the filter will be set upon first change of the interface
-        * IP address. */
-
-       dev = ifa->ifa_dev->dev;
-
-       wdev = dev->ieee80211_ptr;
-       if (wdev == NULL)
-               return NOTIFY_DONE;
-
-       wiphy = wdev->wiphy;
-       if (wiphy == NULL)
-               return NOTIFY_DONE;
-
-       hw = wiphy_priv(wiphy);
-       if (hw == NULL)
-               return NOTIFY_DONE;
-
-       /* Check that the interface is one supported by this driver. */
-       wl_temp = hw->priv;
-       list_for_each_entry(wl, &wl_list, list) {
-               if (wl == wl_temp)
-                       break;
-       }
-       if (wl == NULL)
-               return NOTIFY_DONE;
-
-       /* Get the interface IP address for the device. "ifa" will become
-          NULL if:
-            - there is no IPV4 protocol address configured
-            - there are multiple (virtual) IPV4 addresses configured
-          When "ifa" is NULL, filtering will be disabled.
-       */
-       ifa = NULL;
-       idev = dev->ip_ptr;
-       if (idev)
-               ifa = idev->ifa_list;
-
-       if (ifa && ifa->ifa_next)
-               ifa = NULL;
-
-       mutex_lock(&wl->mutex);
-
-       if (wl->state == WL1271_STATE_OFF)
-               goto out;
-
-       ret = wl1271_ps_elp_wakeup(wl, false);
-       if (ret < 0)
-               goto out;
-       if (ifa)
-               ret = wl1271_acx_arp_ip_filter(wl, true,
-                                              (u8 *)&ifa->ifa_address,
-                                              ACX_IPV4_VERSION);
-       else
-               ret = wl1271_acx_arp_ip_filter(wl, false, NULL,
-                                              ACX_IPV4_VERSION);
-       wl1271_ps_elp_sleep(wl);
-
-out:
-       mutex_unlock(&wl->mutex);
-
-       return NOTIFY_OK;
-}
-
 static struct notifier_block wl1271_dev_notifier = {
        .notifier_call = wl1271_dev_notify,
 };
 
-
 static int wl1271_op_start(struct ieee80211_hw *hw)
 {
        wl1271_debug(DEBUG_MAC80211, "mac80211 start");
@@ -941,6 +927,7 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
                                   struct ieee80211_vif *vif)
 {
        struct wl1271 *wl = hw->priv;
+       struct wiphy *wiphy = hw->wiphy;
        int retries = WL1271_BOOT_RETRIES;
        int ret = 0;
 
@@ -994,6 +981,12 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
 
                wl->state = WL1271_STATE_ON;
                wl1271_info("firmware booted (%s)", wl->chip.fw_ver);
+
+               /* update hw/fw version info in wiphy struct */
+               wiphy->hw_version = wl->chip.id;
+               strncpy(wiphy->fw_version, wl->chip.fw_ver,
+                       sizeof(wiphy->fw_version));
+
                goto out;
 
 irq_disable:
@@ -1017,23 +1010,16 @@ power_off:
 out:
        mutex_unlock(&wl->mutex);
 
-       if (!ret) {
+       if (!ret)
                list_add(&wl->list, &wl_list);
-               register_inetaddr_notifier(&wl1271_dev_notifier);
-       }
 
        return ret;
 }
 
-static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
-                                      struct ieee80211_vif *vif)
+static void __wl1271_op_remove_interface(struct wl1271 *wl)
 {
-       struct wl1271 *wl = hw->priv;
        int i;
 
-       unregister_inetaddr_notifier(&wl1271_dev_notifier);
-
-       mutex_lock(&wl->mutex);
        wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface");
 
        wl1271_info("down");
@@ -1042,10 +1028,15 @@ static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
 
        WARN_ON(wl->state != WL1271_STATE_ON);
 
-       if (test_and_clear_bit(WL1271_FLAG_SCANNING, &wl->flags)) {
-               mutex_unlock(&wl->mutex);
+       /* enable dyn ps just in case (if left on due to fw crash etc) */
+       if (wl->bss_type == BSS_TYPE_STA_BSS)
+               ieee80211_enable_dyn_ps(wl->vif);
+
+       if (wl->scan.state != WL1271_SCAN_STATE_IDLE) {
+               wl->scan.state = WL1271_SCAN_STATE_IDLE;
+               kfree(wl->scan.scanned_ch);
+               wl->scan.scanned_ch = NULL;
                ieee80211_scan_completed(wl->hw, true);
-               mutex_lock(&wl->mutex);
        }
 
        wl->state = WL1271_STATE_OFF;
@@ -1054,13 +1045,16 @@ static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
 
        mutex_unlock(&wl->mutex);
 
+       cancel_delayed_work_sync(&wl->scan_complete_work);
        cancel_work_sync(&wl->irq_work);
        cancel_work_sync(&wl->tx_work);
+       cancel_delayed_work_sync(&wl->pspoll_work);
+       cancel_delayed_work_sync(&wl->elp_work);
 
        mutex_lock(&wl->mutex);
 
        /* let's notify MAC80211 about the remaining pending TX frames */
-       wl1271_tx_flush(wl);
+       wl1271_tx_reset(wl);
        wl1271_power_off(wl);
 
        memset(wl->bssid, 0, ETH_ALEN);
@@ -1090,7 +1084,26 @@ static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
                wl->tx_blocks_freed[i] = 0;
 
        wl1271_debugfs_reset(wl);
+
+       kfree(wl->fw_status);
+       wl->fw_status = NULL;
+       kfree(wl->tx_res_if);
+       wl->tx_res_if = NULL;
+       kfree(wl->target_mem_map);
+       wl->target_mem_map = NULL;
+}
+
+static void wl1271_op_remove_interface(struct ieee80211_hw *hw,
+                                      struct ieee80211_vif *vif)
+{
+       struct wl1271 *wl = hw->priv;
+
+       mutex_lock(&wl->mutex);
+       WARN_ON(wl->vif != vif);
+       __wl1271_op_remove_interface(wl);
        mutex_unlock(&wl->mutex);
+
+       cancel_work_sync(&wl->recovery_work);
 }
 
 static void wl1271_configure_filters(struct wl1271 *wl, unsigned int filters)
@@ -1127,14 +1140,13 @@ static void wl1271_configure_filters(struct wl1271 *wl, unsigned int filters)
        }
 }
 
-static int wl1271_join_channel(struct wl1271 *wl, int channel)
+static int wl1271_dummy_join(struct wl1271 *wl)
 {
        int ret = 0;
        /* we need to use a dummy BSSID for now */
        static const u8 dummy_bssid[ETH_ALEN] = { 0x0b, 0xad, 0xde,
                                                  0xad, 0xbe, 0xef };
 
-       wl->channel = channel;
        memcpy(wl->bssid, dummy_bssid, ETH_ALEN);
 
        /* pass through frames from all BSS */
@@ -1150,7 +1162,62 @@ out:
        return ret;
 }
 
-static int wl1271_unjoin_channel(struct wl1271 *wl)
+static int wl1271_join(struct wl1271 *wl, bool set_assoc)
+{
+       int ret;
+
+       /*
+        * One of the side effects of the JOIN command is that is clears
+        * WPA/WPA2 keys from the chipset. Performing a JOIN while associated
+        * to a WPA/WPA2 access point will therefore kill the data-path.
+        * Currently there is no supported scenario for JOIN during
+        * association - if it becomes a supported scenario, the WPA/WPA2 keys
+        * must be handled somehow.
+        *
+        */
+       if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               wl1271_info("JOIN while associated.");
+
+       if (set_assoc)
+               set_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
+
+       ret = wl1271_cmd_join(wl, wl->set_bss_type);
+       if (ret < 0)
+               goto out;
+
+       set_bit(WL1271_FLAG_JOINED, &wl->flags);
+
+       if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+               goto out;
+
+       /*
+        * The join command disable the keep-alive mode, shut down its process,
+        * and also clear the template config, so we need to reset it all after
+        * the join. The acx_aid starts the keep-alive process, and the order
+        * of the commands below is relevant.
+        */
+       ret = wl1271_acx_keep_alive_mode(wl, true);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_aid(wl, wl->aid);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_cmd_build_klv_null_data(wl);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_keep_alive_config(wl, CMD_TEMPL_KLV_IDX_NULL_DATA,
+                                          ACX_KEEP_ALIVE_TPL_VALID);
+       if (ret < 0)
+               goto out;
+
+out:
+       return ret;
+}
+
+static int wl1271_unjoin(struct wl1271 *wl)
 {
        int ret;
 
@@ -1160,7 +1227,6 @@ static int wl1271_unjoin_channel(struct wl1271 *wl)
                goto out;
 
        clear_bit(WL1271_FLAG_JOINED, &wl->flags);
-       wl->channel = 0;
        memset(wl->bssid, 0, ETH_ALEN);
 
        /* stop filterting packets based on bssid */
@@ -1170,6 +1236,68 @@ out:
        return ret;
 }
 
+static void wl1271_set_band_rate(struct wl1271 *wl)
+{
+       if (wl->band == IEEE80211_BAND_2GHZ)
+               wl->basic_rate_set = wl->conf.tx.basic_rate;
+       else
+               wl->basic_rate_set = wl->conf.tx.basic_rate_5;
+}
+
+static u32 wl1271_min_rate_get(struct wl1271 *wl)
+{
+       int i;
+       u32 rate = 0;
+
+       if (!wl->basic_rate_set) {
+               WARN_ON(1);
+               wl->basic_rate_set = wl->conf.tx.basic_rate;
+       }
+
+       for (i = 0; !rate; i++) {
+               if ((wl->basic_rate_set >> i) & 0x1)
+                       rate = 1 << i;
+       }
+
+       return rate;
+}
+
+static int wl1271_handle_idle(struct wl1271 *wl, bool idle)
+{
+       int ret;
+
+       if (idle) {
+               if (test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
+                       ret = wl1271_unjoin(wl);
+                       if (ret < 0)
+                               goto out;
+               }
+               wl->rate_set = wl1271_min_rate_get(wl);
+               wl->sta_rate_set = 0;
+               ret = wl1271_acx_rate_policies(wl);
+               if (ret < 0)
+                       goto out;
+               ret = wl1271_acx_keep_alive_config(
+                       wl, CMD_TEMPL_KLV_IDX_NULL_DATA,
+                       ACX_KEEP_ALIVE_TPL_INVALID);
+               if (ret < 0)
+                       goto out;
+               set_bit(WL1271_FLAG_IDLE, &wl->flags);
+       } else {
+               /* increment the session counter */
+               wl->session_counter++;
+               if (wl->session_counter >= SESSION_COUNTER_MAX)
+                       wl->session_counter = 0;
+               ret = wl1271_dummy_join(wl);
+               if (ret < 0)
+                       goto out;
+               clear_bit(WL1271_FLAG_IDLE, &wl->flags);
+       }
+
+out:
+       return ret;
+}
+
 static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
 {
        struct wl1271 *wl = hw->priv;
@@ -1184,39 +1312,66 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
                     conf->power_level,
                     conf->flags & IEEE80211_CONF_IDLE ? "idle" : "in use");
 
+       /*
+        * mac80211 will go to idle nearly immediately after transmitting some
+        * frames, such as the deauth. To make sure those frames reach the air,
+        * wait here until the TX queue is fully flushed.
+        */
+       if ((changed & IEEE80211_CONF_CHANGE_IDLE) &&
+           (conf->flags & IEEE80211_CONF_IDLE))
+               wl1271_tx_flush(wl);
+
        mutex_lock(&wl->mutex);
 
-       wl->band = conf->channel->band;
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               goto out;
 
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
 
-       if (changed & IEEE80211_CONF_CHANGE_IDLE) {
-               if (conf->flags & IEEE80211_CONF_IDLE &&
-                   test_bit(WL1271_FLAG_JOINED, &wl->flags))
-                       wl1271_unjoin_channel(wl);
-               else if (!(conf->flags & IEEE80211_CONF_IDLE))
-                       wl1271_join_channel(wl, channel);
-
-               if (conf->flags & IEEE80211_CONF_IDLE) {
-                       wl->rate_set = CONF_TX_RATE_MASK_BASIC;
-                       wl->sta_rate_set = 0;
-                       wl1271_acx_rate_policies(wl);
+       /* if the channel changes while joined, join again */
+       if (changed & IEEE80211_CONF_CHANGE_CHANNEL &&
+           ((wl->band != conf->channel->band) ||
+            (wl->channel != channel))) {
+               wl->band = conf->channel->band;
+               wl->channel = channel;
+
+               /*
+                * FIXME: the mac80211 should really provide a fixed rate
+                * to use here. for now, just use the smallest possible rate
+                * for the band as a fixed rate for association frames and
+                * other control messages.
+                */
+               if (!test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags))
+                       wl1271_set_band_rate(wl);
+
+               wl->basic_rate = wl1271_min_rate_get(wl);
+               ret = wl1271_acx_rate_policies(wl);
+               if (ret < 0)
+                       wl1271_warning("rate policy for update channel "
+                                      "failed %d", ret);
+
+               if (test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
+                       ret = wl1271_join(wl, false);
+                       if (ret < 0)
+                               wl1271_warning("cmd join to update channel "
+                                              "failed %d", ret);
                }
        }
 
-       /* if the channel changes while joined, join again */
-       if (channel != wl->channel &&
-           test_bit(WL1271_FLAG_JOINED, &wl->flags)) {
-               wl->channel = channel;
-               /* FIXME: maybe use CMD_CHANNEL_SWITCH for this? */
-               ret = wl1271_cmd_join(wl, wl->set_bss_type);
+       if (changed & IEEE80211_CONF_CHANGE_IDLE) {
+               ret = wl1271_handle_idle(wl, conf->flags & IEEE80211_CONF_IDLE);
                if (ret < 0)
-                       wl1271_warning("cmd join to update channel failed %d",
-                                      ret);
-       } else
-               wl->channel = channel;
+                       wl1271_warning("idle mode change failed %d", ret);
+       }
+
+       /*
+        * if mac80211 changes the PSM mode, make sure the mode is not
+        * incorrectly changed after the pspoll failure active window.
+        */
+       if (changed & IEEE80211_CONF_CHANGE_PS)
+               clear_bit(WL1271_FLAG_PSPOLL_FAILURE, &wl->flags);
 
        if (conf->flags & IEEE80211_CONF_PS &&
            !test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags)) {
@@ -1230,7 +1385,7 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
                if (test_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags)) {
                        wl1271_debug(DEBUG_PSM, "psm enabled");
                        ret = wl1271_ps_set_mode(wl, STATION_POWER_SAVE_MODE,
-                                                true);
+                                                wl->basic_rate, true);
                }
        } else if (!(conf->flags & IEEE80211_CONF_PS) &&
                   test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags)) {
@@ -1240,7 +1395,7 @@ static int wl1271_op_config(struct ieee80211_hw *hw, u32 changed)
 
                if (test_bit(WL1271_FLAG_PSM, &wl->flags))
                        ret = wl1271_ps_set_mode(wl, STATION_ACTIVE_MODE,
-                                                true);
+                                                wl->basic_rate, true);
        }
 
        if (conf->power_level != wl->power_level) {
@@ -1266,11 +1421,15 @@ struct wl1271_filter_params {
        u8 mc_list[ACX_MC_ADDRESS_GROUP_MAX][ETH_ALEN];
 };
 
-static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw, int mc_count,
-                                      struct dev_addr_list *mc_list)
+static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw,
+                                      struct netdev_hw_addr_list *mc_list)
 {
        struct wl1271_filter_params *fp;
-       int i;
+       struct netdev_hw_addr *ha;
+       struct wl1271 *wl = hw->priv;
+
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               return 0;
 
        fp = kzalloc(sizeof(*fp), GFP_ATOMIC);
        if (!fp) {
@@ -1279,21 +1438,16 @@ static u64 wl1271_op_prepare_multicast(struct ieee80211_hw *hw, int mc_count,
        }
 
        /* update multicast filtering parameters */
-       fp->enabled = true;
-       if (mc_count > ACX_MC_ADDRESS_GROUP_MAX) {
-               mc_count = 0;
-               fp->enabled = false;
-       }
-
        fp->mc_list_length = 0;
-       for (i = 0; i < mc_count; i++) {
-               if (mc_list->da_addrlen == ETH_ALEN) {
+       if (netdev_hw_addr_list_count(mc_list) > ACX_MC_ADDRESS_GROUP_MAX) {
+               fp->enabled = false;
+       } else {
+               fp->enabled = true;
+               netdev_hw_addr_list_for_each(ha, mc_list) {
                        memcpy(fp->mc_list[fp->mc_list_length],
-                              mc_list->da_addr, ETH_ALEN);
+                                       ha->addr, ETH_ALEN);
                        fp->mc_list_length++;
-               } else
-                       wl1271_warning("Unknown mc address length.");
-               mc_list = mc_list->next;
+               }
        }
 
        return (u64)(unsigned long)fp;
@@ -1318,15 +1472,16 @@ static void wl1271_op_configure_filter(struct ieee80211_hw *hw,
 
        mutex_lock(&wl->mutex);
 
-       if (wl->state == WL1271_STATE_OFF)
+       *total &= WL1271_SUPPORTED_FILTERS;
+       changed &= WL1271_SUPPORTED_FILTERS;
+
+       if (unlikely(wl->state == WL1271_STATE_OFF))
                goto out;
 
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
 
-       *total &= WL1271_SUPPORTED_FILTERS;
-       changed &= WL1271_SUPPORTED_FILTERS;
 
        if (*total & FIF_ALLMULTI)
                ret = wl1271_acx_group_address_tbl(wl, false, NULL, 0);
@@ -1380,7 +1535,7 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        wl1271_debug(DEBUG_CRYPT, "CMD: 0x%x", cmd);
        wl1271_dump(DEBUG_CRYPT, "ADDR: ", addr, ETH_ALEN);
        wl1271_debug(DEBUG_CRYPT, "Key: algo:0x%x, id:%d, len:%d flags 0x%x",
-                    key_conf->alg, key_conf->keyidx,
+                    key_conf->cipher, key_conf->keyidx,
                     key_conf->keylen, key_conf->flags);
        wl1271_dump(DEBUG_CRYPT, "KEY: ", key_conf->key, key_conf->keylen);
 
@@ -1396,28 +1551,34 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        if (ret < 0)
                goto out_unlock;
 
-       switch (key_conf->alg) {
-       case ALG_WEP:
+       switch (key_conf->cipher) {
+       case WLAN_CIPHER_SUITE_WEP40:
+       case WLAN_CIPHER_SUITE_WEP104:
                key_type = KEY_WEP;
 
                key_conf->hw_key_idx = key_conf->keyidx;
                break;
-       case ALG_TKIP:
+       case WLAN_CIPHER_SUITE_TKIP:
                key_type = KEY_TKIP;
 
                key_conf->hw_key_idx = key_conf->keyidx;
                tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
                tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
                break;
-       case ALG_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP:
                key_type = KEY_AES;
 
                key_conf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
                tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
                tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
                break;
+       case WL1271_CIPHER_SUITE_GEM:
+               key_type = KEY_GEM;
+               tx_seq_32 = WL1271_TX_SECURITY_HI32(wl->tx_security_seq);
+               tx_seq_16 = WL1271_TX_SECURITY_LO16(wl->tx_security_seq);
+               break;
        default:
-               wl1271_error("Unknown key algo 0x%x", key_conf->alg);
+               wl1271_error("Unknown key algo 0x%x", key_conf->cipher);
 
                ret = -EOPNOTSUPP;
                goto out_sleep;
@@ -1464,8 +1625,6 @@ static int wl1271_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
        default:
                wl1271_error("Unsupported key cmd 0x%x", cmd);
                ret = -EOPNOTSUPP;
-               goto out_sleep;
-
                break;
        }
 
@@ -1480,6 +1639,7 @@ out:
 }
 
 static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
+                            struct ieee80211_vif *vif,
                             struct cfg80211_scan_request *req)
 {
        struct wl1271 *wl = hw->priv;
@@ -1500,14 +1660,7 @@ static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
        if (ret < 0)
                goto out;
 
-       if (wl1271_11a_enabled())
-               ret = wl1271_cmd_scan(hw->priv, ssid, len,
-                                     req->ie, req->ie_len, 1, 0,
-                                     WL1271_SCAN_BAND_DUAL, 3);
-       else
-               ret = wl1271_cmd_scan(hw->priv, ssid, len,
-                                     req->ie, req->ie_len, 1, 0,
-                                     WL1271_SCAN_BAND_2_4_GHZ, 3);
+       ret = wl1271_scan(hw->priv, ssid, len, req);
 
        wl1271_ps_elp_sleep(wl);
 
@@ -1520,10 +1673,13 @@ out:
 static int wl1271_op_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
 {
        struct wl1271 *wl = hw->priv;
-       int ret;
+       int ret = 0;
 
        mutex_lock(&wl->mutex);
 
+       if (unlikely(wl->state == WL1271_STATE_OFF))
+               goto out;
+
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
@@ -1565,6 +1721,7 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
        enum wl1271_cmd_ps_mode mode;
        struct wl1271 *wl = hw->priv;
        bool do_join = false;
+       bool set_assoc = false;
        int ret;
 
        wl1271_debug(DEBUG_MAC80211, "mac80211 bss info changed");
@@ -1575,7 +1732,7 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
        if (ret < 0)
                goto out;
 
-       if ((changed && BSS_CHANGED_BEACON_INT) &&
+       if ((changed & BSS_CHANGED_BEACON_INT) &&
            (wl->bss_type == BSS_TYPE_IBSS)) {
                wl1271_debug(DEBUG_ADHOC, "ad-hoc beacon interval updated: %d",
                        bss_conf->beacon_int);
@@ -1584,7 +1741,7 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                do_join = true;
        }
 
-       if ((changed && BSS_CHANGED_BEACON) &&
+       if ((changed & BSS_CHANGED_BEACON) &&
            (wl->bss_type == BSS_TYPE_IBSS)) {
                struct sk_buff *beacon = ieee80211_beacon_get(hw, vif);
 
@@ -1596,7 +1753,8 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        wl1271_ssid_set(wl, beacon);
                        ret = wl1271_cmd_template_set(wl, CMD_TEMPL_BEACON,
                                                      beacon->data,
-                                                     beacon->len, 0);
+                                                     beacon->len, 0,
+                                                     wl1271_min_rate_get(wl));
 
                        if (ret < 0) {
                                dev_kfree_skb(beacon);
@@ -1611,7 +1769,8 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        ret = wl1271_cmd_template_set(wl,
                                                      CMD_TEMPL_PROBE_RESPONSE,
                                                      beacon->data,
-                                                     beacon->len, 0);
+                                                     beacon->len, 0,
+                                                     wl1271_min_rate_get(wl));
                        dev_kfree_skb(beacon);
                        if (ret < 0)
                                goto out_sleep;
@@ -1633,6 +1792,18 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                do_join = true;
        }
 
+       if (changed & BSS_CHANGED_CQM) {
+               bool enable = false;
+               if (bss_conf->cqm_rssi_thold)
+                       enable = true;
+               ret = wl1271_acx_rssi_snr_trigger(wl, enable,
+                                                 bss_conf->cqm_rssi_thold,
+                                                 bss_conf->cqm_rssi_hyst);
+               if (ret < 0)
+                       goto out;
+               wl->rssi_thold = bss_conf->cqm_rssi_thold;
+       }
+
        if ((changed & BSS_CHANGED_BSSID) &&
            /*
             * Now we know the correct bssid, so we send a new join command
@@ -1645,6 +1816,10 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        if (ret < 0)
                                goto out_sleep;
 
+                       ret = wl1271_build_qos_null_data(wl);
+                       if (ret < 0)
+                               goto out_sleep;
+
                        /* filter out all packets not from this BSSID */
                        wl1271_configure_filters(wl, 0);
 
@@ -1654,8 +1829,23 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
 
        if (changed & BSS_CHANGED_ASSOC) {
                if (bss_conf->assoc) {
+                       u32 rates;
                        wl->aid = bss_conf->aid;
-                       set_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
+                       set_assoc = true;
+
+                       wl->ps_poll_failures = 0;
+
+                       /*
+                        * use basic rates from AP, and determine lowest rate
+                        * to use with control frames.
+                        */
+                       rates = bss_conf->basic_rates;
+                       wl->basic_rate_set = wl1271_tx_enabled_rates_get(wl,
+                                                                        rates);
+                       wl->basic_rate = wl1271_min_rate_get(wl);
+                       ret = wl1271_acx_rate_policies(wl);
+                       if (ret < 0)
+                               goto out_sleep;
 
                        /*
                         * with wl1271, we don't need to update the
@@ -1676,10 +1866,6 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        ret = wl1271_cmd_build_probe_req(wl, NULL, 0,
                                                         NULL, 0, wl->band);
 
-                       ret = wl1271_acx_aid(wl, wl->aid);
-                       if (ret < 0)
-                               goto out_sleep;
-
                        /* enable the connection monitoring feature */
                        ret = wl1271_acx_conn_monit_params(wl, true);
                        if (ret < 0)
@@ -1689,17 +1875,34 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                        if (test_bit(WL1271_FLAG_PSM_REQUESTED, &wl->flags) &&
                            !test_bit(WL1271_FLAG_PSM, &wl->flags)) {
                                mode = STATION_POWER_SAVE_MODE;
-                               ret = wl1271_ps_set_mode(wl, mode, true);
+                               ret = wl1271_ps_set_mode(wl, mode,
+                                                        wl->basic_rate,
+                                                        true);
                                if (ret < 0)
                                        goto out_sleep;
                        }
                } else {
                        /* use defaults when not associated */
+                       clear_bit(WL1271_FLAG_STA_STATE_SENT, &wl->flags);
                        clear_bit(WL1271_FLAG_STA_ASSOCIATED, &wl->flags);
                        wl->aid = 0;
 
+                       /* re-enable dynamic ps - just in case */
+                       ieee80211_enable_dyn_ps(wl->vif);
+
+                       /* revert back to minimum rates for the current band */
+                       wl1271_set_band_rate(wl);
+                       wl->basic_rate = wl1271_min_rate_get(wl);
+                       ret = wl1271_acx_rate_policies(wl);
+                       if (ret < 0)
+                               goto out_sleep;
+
                        /* disable connection monitor features */
                        ret = wl1271_acx_conn_monit_params(wl, false);
+
+                       /* Disable the keep-alive feature */
+                       ret = wl1271_acx_keep_alive_mode(wl, false);
+
                        if (ret < 0)
                                goto out_sleep;
                }
@@ -1735,13 +1938,25 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
                }
        }
 
+       if (changed & BSS_CHANGED_ARP_FILTER) {
+               __be32 addr = bss_conf->arp_addr_list[0];
+               WARN_ON(wl->bss_type != BSS_TYPE_STA_BSS);
+
+               if (bss_conf->arp_addr_cnt == 1 && bss_conf->arp_filter_enabled)
+                       ret = wl1271_acx_arp_ip_filter(wl, true, addr);
+               else
+                       ret = wl1271_acx_arp_ip_filter(wl, false, addr);
+
+               if (ret < 0)
+                       goto out_sleep;
+       }
+
        if (do_join) {
-               ret = wl1271_cmd_join(wl, wl->set_bss_type);
+               ret = wl1271_join(wl, set_assoc);
                if (ret < 0) {
                        wl1271_warning("cmd join failed %d", ret);
                        goto out_sleep;
                }
-               set_bit(WL1271_FLAG_JOINED, &wl->flags);
        }
 
 out_sleep:
@@ -1794,6 +2009,48 @@ out:
        return ret;
 }
 
+static u64 wl1271_op_get_tsf(struct ieee80211_hw *hw)
+{
+
+       struct wl1271 *wl = hw->priv;
+       u64 mactime = ULLONG_MAX;
+       int ret;
+
+       wl1271_debug(DEBUG_MAC80211, "mac80211 get tsf");
+
+       mutex_lock(&wl->mutex);
+
+       ret = wl1271_ps_elp_wakeup(wl, false);
+       if (ret < 0)
+               goto out;
+
+       ret = wl1271_acx_tsf_info(wl, &mactime);
+       if (ret < 0)
+               goto out_sleep;
+
+out_sleep:
+       wl1271_ps_elp_sleep(wl);
+
+out:
+       mutex_unlock(&wl->mutex);
+       return mactime;
+}
+
+static int wl1271_op_get_survey(struct ieee80211_hw *hw, int idx,
+                               struct survey_info *survey)
+{
+       struct wl1271 *wl = hw->priv;
+       struct ieee80211_conf *conf = &hw->conf;
+       if (idx != 0)
+               return -ENOENT;
+       survey->channel = conf->channel;
+       survey->filled = SURVEY_INFO_NOISE_DBM;
+       survey->noise = wl->noise;
+       return 0;
+}
 
 /* can't be const, mac80211 writes to this */
 static struct ieee80211_rate wl1271_rates[] = {
@@ -1838,25 +2095,28 @@ static struct ieee80211_rate wl1271_rates[] = {
          .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
 };
 
-/* can't be const, mac80211 writes to this */
+/*
+ * Can't be const, mac80211 writes to this. The order of the channels here
+ * is designed to improve scanning.
+ */
 static struct ieee80211_channel wl1271_channels[] = {
        { .hw_value = 1, .center_freq = 2412, .max_power = 25 },
-       { .hw_value = 2, .center_freq = 2417, .max_power = 25 },
-       { .hw_value = 3, .center_freq = 2422, .max_power = 25 },
-       { .hw_value = 4, .center_freq = 2427, .max_power = 25 },
        { .hw_value = 5, .center_freq = 2432, .max_power = 25 },
-       { .hw_value = 6, .center_freq = 2437, .max_power = 25 },
-       { .hw_value = 7, .center_freq = 2442, .max_power = 25 },
-       { .hw_value = 8, .center_freq = 2447, .max_power = 25 },
        { .hw_value = 9, .center_freq = 2452, .max_power = 25 },
-       { .hw_value = 10, .center_freq = 2457, .max_power = 25 },
-       { .hw_value = 11, .center_freq = 2462, .max_power = 25 },
-       { .hw_value = 12, .center_freq = 2467, .max_power = 25 },
        { .hw_value = 13, .center_freq = 2472, .max_power = 25 },
+       { .hw_value = 4, .center_freq = 2427, .max_power = 25 },
+       { .hw_value = 8, .center_freq = 2447, .max_power = 25 },
+       { .hw_value = 12, .center_freq = 2467, .max_power = 25 },
+       { .hw_value = 3, .center_freq = 2422, .max_power = 25 },
+       { .hw_value = 7, .center_freq = 2442, .max_power = 25 },
+       { .hw_value = 11, .center_freq = 2462, .max_power = 25 },
+       { .hw_value = 2, .center_freq = 2417, .max_power = 25 },
+       { .hw_value = 6, .center_freq = 2437, .max_power = 25 },
+       { .hw_value = 10, .center_freq = 2457, .max_power = 25 },
 };
 
 /* mapping to indexes for wl1271_rates */
-const static u8 wl1271_rate_to_idx_2ghz[] = {
+static const u8 wl1271_rate_to_idx_2ghz[] = {
        /* MCS rates are used only with 11n */
        CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS7 */
        CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS6 */
@@ -1885,6 +2145,21 @@ const static u8 wl1271_rate_to_idx_2ghz[] = {
        0                              /* CONF_HW_RXTX_RATE_1    */
 };
 
+/* 11n STA capabilities */
+#define HW_RX_HIGHEST_RATE     72
+
+#define WL1271_HT_CAP { \
+       .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20, \
+       .ht_supported = true, \
+       .ampdu_factor = IEEE80211_HT_MAX_AMPDU_8K, \
+       .ampdu_density = IEEE80211_HT_MPDU_DENSITY_8, \
+       .mcs = { \
+               .rx_mask = { 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, }, \
+               .rx_highest = cpu_to_le16(HW_RX_HIGHEST_RATE), \
+               .tx_params = IEEE80211_HT_MCS_TX_DEFINED, \
+               }, \
+}
+
 /* can't be const, mac80211 writes to this */
 static struct ieee80211_supported_band wl1271_band_2ghz = {
        .channels = wl1271_channels,
@@ -1921,54 +2196,57 @@ static struct ieee80211_rate wl1271_rates_5ghz[] = {
          .hw_value_short = CONF_HW_BIT_RATE_54MBPS, },
 };
 
-/* 5 GHz band channels for WL1273 */
+/*
+ * 5 GHz band channels for WL1273 - can't be const, mac80211 writes to this.
+ * The order of the channels here is designed to improve scanning.
+ */
 static struct ieee80211_channel wl1271_channels_5ghz[] = {
        { .hw_value = 183, .center_freq = 4915},
-       { .hw_value = 184, .center_freq = 4920},
-       { .hw_value = 185, .center_freq = 4925},
-       { .hw_value = 187, .center_freq = 4935},
        { .hw_value = 188, .center_freq = 4940},
-       { .hw_value = 189, .center_freq = 4945},
-       { .hw_value = 192, .center_freq = 4960},
-       { .hw_value = 196, .center_freq = 4980},
-       { .hw_value = 7, .center_freq = 5035},
        { .hw_value = 8, .center_freq = 5040},
-       { .hw_value = 9, .center_freq = 5045},
-       { .hw_value = 11, .center_freq = 5055},
-       { .hw_value = 12, .center_freq = 5060},
-       { .hw_value = 16, .center_freq = 5080},
        { .hw_value = 34, .center_freq = 5170},
-       { .hw_value = 36, .center_freq = 5180},
-       { .hw_value = 38, .center_freq = 5190},
-       { .hw_value = 40, .center_freq = 5200},
-       { .hw_value = 42, .center_freq = 5210},
        { .hw_value = 44, .center_freq = 5220},
-       { .hw_value = 46, .center_freq = 5230},
-       { .hw_value = 48, .center_freq = 5240},
-       { .hw_value = 52, .center_freq = 5260},
-       { .hw_value = 56, .center_freq = 5280},
        { .hw_value = 60, .center_freq = 5300},
-       { .hw_value = 64, .center_freq = 5320},
-       { .hw_value = 100, .center_freq = 5500},
-       { .hw_value = 104, .center_freq = 5520},
-       { .hw_value = 108, .center_freq = 5540},
        { .hw_value = 112, .center_freq = 5560},
-       { .hw_value = 116, .center_freq = 5580},
-       { .hw_value = 120, .center_freq = 5600},
-       { .hw_value = 124, .center_freq = 5620},
-       { .hw_value = 128, .center_freq = 5640},
        { .hw_value = 132, .center_freq = 5660},
+       { .hw_value = 157, .center_freq = 5785},
+       { .hw_value = 184, .center_freq = 4920},
+       { .hw_value = 189, .center_freq = 4945},
+       { .hw_value = 9, .center_freq = 5045},
+       { .hw_value = 36, .center_freq = 5180},
+       { .hw_value = 46, .center_freq = 5230},
+       { .hw_value = 64, .center_freq = 5320},
+       { .hw_value = 116, .center_freq = 5580},
        { .hw_value = 136, .center_freq = 5680},
+       { .hw_value = 192, .center_freq = 4960},
+       { .hw_value = 11, .center_freq = 5055},
+       { .hw_value = 38, .center_freq = 5190},
+       { .hw_value = 48, .center_freq = 5240},
+       { .hw_value = 100, .center_freq = 5500},
+       { .hw_value = 120, .center_freq = 5600},
        { .hw_value = 140, .center_freq = 5700},
+       { .hw_value = 185, .center_freq = 4925},
+       { .hw_value = 196, .center_freq = 4980},
+       { .hw_value = 12, .center_freq = 5060},
+       { .hw_value = 40, .center_freq = 5200},
+       { .hw_value = 52, .center_freq = 5260},
+       { .hw_value = 104, .center_freq = 5520},
+       { .hw_value = 124, .center_freq = 5620},
        { .hw_value = 149, .center_freq = 5745},
-       { .hw_value = 153, .center_freq = 5765},
-       { .hw_value = 157, .center_freq = 5785},
        { .hw_value = 161, .center_freq = 5805},
+       { .hw_value = 187, .center_freq = 4935},
+       { .hw_value = 7, .center_freq = 5035},
+       { .hw_value = 16, .center_freq = 5080},
+       { .hw_value = 42, .center_freq = 5210},
+       { .hw_value = 56, .center_freq = 5280},
+       { .hw_value = 108, .center_freq = 5540},
+       { .hw_value = 128, .center_freq = 5640},
+       { .hw_value = 153, .center_freq = 5765},
        { .hw_value = 165, .center_freq = 5825},
 };
 
 /* mapping to indexes for wl1271_rates_5ghz */
-const static u8 wl1271_rate_to_idx_5ghz[] = {
+static const u8 wl1271_rate_to_idx_5ghz[] = {
        /* MCS rates are used only with 11n */
        CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS7 */
        CONF_HW_RXTX_RATE_UNSUPPORTED, /* CONF_HW_RXTX_RATE_MCS6 */
@@ -2004,7 +2282,7 @@ static struct ieee80211_supported_band wl1271_band_5ghz = {
        .n_bitrates = ARRAY_SIZE(wl1271_rates_5ghz),
 };
 
-const static u8 *wl1271_band_rate_to_idx[] = {
+static const u8 *wl1271_band_rate_to_idx[] = {
        [IEEE80211_BAND_2GHZ] = wl1271_rate_to_idx_2ghz,
        [IEEE80211_BAND_5GHZ] = wl1271_rate_to_idx_5ghz
 };
@@ -2023,6 +2301,8 @@ static const struct ieee80211_ops wl1271_ops = {
        .bss_info_changed = wl1271_op_bss_info_changed,
        .set_rts_threshold = wl1271_op_set_rts_threshold,
        .conf_tx = wl1271_op_conf_tx,
+       .get_tsf = wl1271_op_get_tsf,
+       .get_survey = wl1271_op_get_survey,
        CFG80211_TESTMODE_CMD(wl1271_tm_cmd)
 };
 
@@ -2054,8 +2334,7 @@ static ssize_t wl1271_sysfs_show_bt_coex_state(struct device *dev,
        struct wl1271 *wl = dev_get_drvdata(dev);
        ssize_t len;
 
-       /* FIXME: what's the maximum length of buf? page size?*/
-       len = 500;
+       len = PAGE_SIZE;
 
        mutex_lock(&wl->mutex);
        len = snprintf(buf, len, "%d\n\n0 - off\n1 - on\n",
@@ -2109,6 +2388,28 @@ static DEVICE_ATTR(bt_coex_state, S_IRUGO | S_IWUSR,
                   wl1271_sysfs_show_bt_coex_state,
                   wl1271_sysfs_store_bt_coex_state);
 
+static ssize_t wl1271_sysfs_show_hw_pg_ver(struct device *dev,
+                                          struct device_attribute *attr,
+                                          char *buf)
+{
+       struct wl1271 *wl = dev_get_drvdata(dev);
+       ssize_t len;
+
+       len = PAGE_SIZE;
+
+       mutex_lock(&wl->mutex);
+       if (wl->hw_pg_ver >= 0)
+               len = snprintf(buf, len, "%d\n", wl->hw_pg_ver);
+       else
+               len = snprintf(buf, len, "n/a\n");
+       mutex_unlock(&wl->mutex);
+
+       return len;
+}
+
+static DEVICE_ATTR(hw_pg_ver, S_IRUGO | S_IWUSR,
+                  wl1271_sysfs_show_hw_pg_ver, NULL);
+
 int wl1271_register_hw(struct wl1271 *wl)
 {
        int ret;
@@ -2126,6 +2427,8 @@ int wl1271_register_hw(struct wl1271 *wl)
 
        wl->mac80211_registered = true;
 
+       register_netdevice_notifier(&wl1271_dev_notifier);
+
        wl1271_notice("loaded");
 
        return 0;
@@ -2134,6 +2437,7 @@ EXPORT_SYMBOL_GPL(wl1271_register_hw);
 
 void wl1271_unregister_hw(struct wl1271 *wl)
 {
+       unregister_netdevice_notifier(&wl1271_dev_notifier);
        ieee80211_unregister_hw(wl->hw);
        wl->mac80211_registered = false;
 
@@ -2142,6 +2446,14 @@ EXPORT_SYMBOL_GPL(wl1271_unregister_hw);
 
 int wl1271_init_ieee80211(struct wl1271 *wl)
 {
+       static const u32 cipher_suites[] = {
+               WLAN_CIPHER_SUITE_WEP40,
+               WLAN_CIPHER_SUITE_WEP104,
+               WLAN_CIPHER_SUITE_TKIP,
+               WLAN_CIPHER_SUITE_CCMP,
+               WL1271_CIPHER_SUITE_GEM,
+       };
+
        /* The tx descriptor buffer and the TKIP space. */
        wl->hw->extra_tx_headroom = WL1271_TKIP_IV_SPACE +
                sizeof(struct wl1271_tx_hw_descr);
@@ -2149,22 +2461,24 @@ int wl1271_init_ieee80211(struct wl1271 *wl)
        /* unit us */
        /* FIXME: find a proper value */
        wl->hw->channel_change_time = 10000;
+       wl->hw->max_listen_interval = wl->conf.conn.max_listen_interval;
 
        wl->hw->flags = IEEE80211_HW_SIGNAL_DBM |
-               IEEE80211_HW_NOISE_DBM |
                IEEE80211_HW_BEACON_FILTER |
                IEEE80211_HW_SUPPORTS_PS |
                IEEE80211_HW_SUPPORTS_UAPSD |
                IEEE80211_HW_HAS_RATE_CONTROL |
-               IEEE80211_HW_CONNECTION_MONITOR;
+               IEEE80211_HW_CONNECTION_MONITOR |
+               IEEE80211_HW_SUPPORTS_CQM_RSSI;
+
+       wl->hw->wiphy->cipher_suites = cipher_suites;
+       wl->hw->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
 
        wl->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
                BIT(NL80211_IFTYPE_ADHOC);
        wl->hw->wiphy->max_scan_ssids = 1;
        wl->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &wl1271_band_2ghz;
-
-       if (wl1271_11a_enabled())
-               wl->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &wl1271_band_5ghz;
+       wl->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &wl1271_band_5ghz;
 
        wl->hw->queues = 4;
        wl->hw->max_rates = 1;
@@ -2183,6 +2497,7 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
        struct platform_device *plat_dev = NULL;
        struct wl1271 *wl;
        int i, ret;
+       unsigned int order;
 
        hw = ieee80211_alloc_hw(sizeof(*wl), &wl1271_ops);
        if (!hw) {
@@ -2191,15 +2506,13 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
                goto err_hw_alloc;
        }
 
-       plat_dev = kmalloc(sizeof(wl1271_device), GFP_KERNEL);
+       plat_dev = kmemdup(&wl1271_device, sizeof(wl1271_device), GFP_KERNEL);
        if (!plat_dev) {
                wl1271_error("could not allocate platform_device");
                ret = -ENOMEM;
                goto err_plat_alloc;
        }
 
-       memcpy(plat_dev, &wl1271_device, sizeof(wl1271_device));
-
        wl = hw->priv;
        memset(wl, 0, sizeof(*wl));
 
@@ -2211,6 +2524,11 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
        skb_queue_head_init(&wl->tx_queue);
 
        INIT_DELAYED_WORK(&wl->elp_work, wl1271_elp_work);
+       INIT_DELAYED_WORK(&wl->pspoll_work, wl1271_pspoll_work);
+       INIT_WORK(&wl->irq_work, wl1271_irq_work);
+       INIT_WORK(&wl->tx_work, wl1271_tx_work);
+       INIT_WORK(&wl->recovery_work, wl1271_recovery_work);
+       INIT_DELAYED_WORK(&wl->scan_complete_work, wl1271_scan_complete_work);
        wl->channel = WL1271_DEFAULT_CHANNEL;
        wl->beacon_int = WL1271_DEFAULT_BEACON_INT;
        wl->default_key = 0;
@@ -2220,13 +2538,16 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
        wl->psm_entry_retry = 0;
        wl->power_level = WL1271_DEFAULT_POWER_LEVEL;
        wl->basic_rate_set = CONF_TX_RATE_MASK_BASIC;
+       wl->basic_rate = CONF_TX_RATE_MASK_BASIC;
        wl->rate_set = CONF_TX_RATE_MASK_BASIC;
        wl->sta_rate_set = 0;
        wl->band = IEEE80211_BAND_2GHZ;
        wl->vif = NULL;
        wl->flags = 0;
        wl->sg_enabled = true;
+       wl->hw_pg_ver = -1;
 
+       memset(wl->tx_frames_map, 0, sizeof(wl->tx_frames_map));
        for (i = 0; i < ACX_TX_DESCRIPTORS; i++)
                wl->tx_frames[i] = NULL;
 
@@ -2240,11 +2561,18 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
 
        wl1271_debugfs_init(wl);
 
+       order = get_order(WL1271_AGGR_BUFFER_SIZE);
+       wl->aggr_buf = (u8 *)__get_free_pages(GFP_KERNEL, order);
+       if (!wl->aggr_buf) {
+               ret = -ENOMEM;
+               goto err_hw;
+       }
+
        /* Register platform device */
        ret = platform_device_register(wl->plat_dev);
        if (ret) {
                wl1271_error("couldn't register platform device");
-               goto err_hw;
+               goto err_aggr;
        }
        dev_set_drvdata(&wl->plat_dev->dev, wl);
 
@@ -2255,11 +2583,24 @@ struct ieee80211_hw *wl1271_alloc_hw(void)
                goto err_platform;
        }
 
+       /* Create sysfs file to get HW PG version */
+       ret = device_create_file(&wl->plat_dev->dev, &dev_attr_hw_pg_ver);
+       if (ret < 0) {
+               wl1271_error("failed to create sysfs file hw_pg_ver");
+               goto err_bt_coex_state;
+       }
+
        return hw;
 
+err_bt_coex_state:
+       device_remove_file(&wl->plat_dev->dev, &dev_attr_bt_coex_state);
+
 err_platform:
        platform_device_unregister(wl->plat_dev);
 
+err_aggr:
+       free_pages((unsigned long)wl->aggr_buf, order);
+
 err_hw:
        wl1271_debugfs_exit(wl);
        kfree(plat_dev);
@@ -2276,11 +2617,12 @@ EXPORT_SYMBOL_GPL(wl1271_alloc_hw);
 int wl1271_free_hw(struct wl1271 *wl)
 {
        platform_device_unregister(wl->plat_dev);
+       free_pages((unsigned long)wl->aggr_buf,
+                       get_order(WL1271_AGGR_BUFFER_SIZE));
        kfree(wl->plat_dev);
 
        wl1271_debugfs_exit(wl);
 
-       kfree(wl->target_mem_map);
        vfree(wl->fw);
        wl->fw = NULL;
        kfree(wl->nvs);