projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'omap/multiplatform-fixes', tag 'v3.8-rc5' into next/multiplatform
[firefly-linux-kernel-4.4.55.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124         BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141         SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145
146 /* Channel and ratetables are shared for all devices.
147  * They can't be const, because ieee80211 puts some precalculated
148  * data in there. This data is the same for all devices, so we don't
149  * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151         {                                                               \
152                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
153                 .hw_value       = (_rateid),                            \
154                 .flags          = (_flags),                             \
155         }
156
157 /*
158  * NOTE: When changing this, sync with xmit.c's
159  *       b43_plcp_get_bitrate_idx_* functions!
160  */
161 static struct ieee80211_rate __b43_ratetable[] = {
162         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175
176 #define b43_a_ratetable         (__b43_ratetable + 4)
177 #define b43_a_ratetable_size    8
178 #define b43_b_ratetable         (__b43_ratetable + 0)
179 #define b43_b_ratetable_size    4
180 #define b43_g_ratetable         (__b43_ratetable + 0)
181 #define b43_g_ratetable_size    12
182
183 #define CHAN4G(_channel, _freq, _flags) {                       \
184         .band                   = IEEE80211_BAND_2GHZ,          \
185         .center_freq            = (_freq),                      \
186         .hw_value               = (_channel),                   \
187         .flags                  = (_flags),                     \
188         .max_antenna_gain       = 0,                            \
189         .max_power              = 30,                           \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192         CHAN4G(1, 2412, 0),
193         CHAN4G(2, 2417, 0),
194         CHAN4G(3, 2422, 0),
195         CHAN4G(4, 2427, 0),
196         CHAN4G(5, 2432, 0),
197         CHAN4G(6, 2437, 0),
198         CHAN4G(7, 2442, 0),
199         CHAN4G(8, 2447, 0),
200         CHAN4G(9, 2452, 0),
201         CHAN4G(10, 2457, 0),
202         CHAN4G(11, 2462, 0),
203         CHAN4G(12, 2467, 0),
204         CHAN4G(13, 2472, 0),
205         CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208
209 #define CHAN5G(_channel, _flags) {                              \
210         .band                   = IEEE80211_BAND_5GHZ,          \
211         .center_freq            = 5000 + (5 * (_channel)),      \
212         .hw_value               = (_channel),                   \
213         .flags                  = (_flags),                     \
214         .max_antenna_gain       = 0,                            \
215         .max_power              = 30,                           \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218         CHAN5G(32, 0),          CHAN5G(34, 0),
219         CHAN5G(36, 0),          CHAN5G(38, 0),
220         CHAN5G(40, 0),          CHAN5G(42, 0),
221         CHAN5G(44, 0),          CHAN5G(46, 0),
222         CHAN5G(48, 0),          CHAN5G(50, 0),
223         CHAN5G(52, 0),          CHAN5G(54, 0),
224         CHAN5G(56, 0),          CHAN5G(58, 0),
225         CHAN5G(60, 0),          CHAN5G(62, 0),
226         CHAN5G(64, 0),          CHAN5G(66, 0),
227         CHAN5G(68, 0),          CHAN5G(70, 0),
228         CHAN5G(72, 0),          CHAN5G(74, 0),
229         CHAN5G(76, 0),          CHAN5G(78, 0),
230         CHAN5G(80, 0),          CHAN5G(82, 0),
231         CHAN5G(84, 0),          CHAN5G(86, 0),
232         CHAN5G(88, 0),          CHAN5G(90, 0),
233         CHAN5G(92, 0),          CHAN5G(94, 0),
234         CHAN5G(96, 0),          CHAN5G(98, 0),
235         CHAN5G(100, 0),         CHAN5G(102, 0),
236         CHAN5G(104, 0),         CHAN5G(106, 0),
237         CHAN5G(108, 0),         CHAN5G(110, 0),
238         CHAN5G(112, 0),         CHAN5G(114, 0),
239         CHAN5G(116, 0),         CHAN5G(118, 0),
240         CHAN5G(120, 0),         CHAN5G(122, 0),
241         CHAN5G(124, 0),         CHAN5G(126, 0),
242         CHAN5G(128, 0),         CHAN5G(130, 0),
243         CHAN5G(132, 0),         CHAN5G(134, 0),
244         CHAN5G(136, 0),         CHAN5G(138, 0),
245         CHAN5G(140, 0),         CHAN5G(142, 0),
246         CHAN5G(144, 0),         CHAN5G(145, 0),
247         CHAN5G(146, 0),         CHAN5G(147, 0),
248         CHAN5G(148, 0),         CHAN5G(149, 0),
249         CHAN5G(150, 0),         CHAN5G(151, 0),
250         CHAN5G(152, 0),         CHAN5G(153, 0),
251         CHAN5G(154, 0),         CHAN5G(155, 0),
252         CHAN5G(156, 0),         CHAN5G(157, 0),
253         CHAN5G(158, 0),         CHAN5G(159, 0),
254         CHAN5G(160, 0),         CHAN5G(161, 0),
255         CHAN5G(162, 0),         CHAN5G(163, 0),
256         CHAN5G(164, 0),         CHAN5G(165, 0),
257         CHAN5G(166, 0),         CHAN5G(168, 0),
258         CHAN5G(170, 0),         CHAN5G(172, 0),
259         CHAN5G(174, 0),         CHAN5G(176, 0),
260         CHAN5G(178, 0),         CHAN5G(180, 0),
261         CHAN5G(182, 0),         CHAN5G(184, 0),
262         CHAN5G(186, 0),         CHAN5G(188, 0),
263         CHAN5G(190, 0),         CHAN5G(192, 0),
264         CHAN5G(194, 0),         CHAN5G(196, 0),
265         CHAN5G(198, 0),         CHAN5G(200, 0),
266         CHAN5G(202, 0),         CHAN5G(204, 0),
267         CHAN5G(206, 0),         CHAN5G(208, 0),
268         CHAN5G(210, 0),         CHAN5G(212, 0),
269         CHAN5G(214, 0),         CHAN5G(216, 0),
270         CHAN5G(218, 0),         CHAN5G(220, 0),
271         CHAN5G(222, 0),         CHAN5G(224, 0),
272         CHAN5G(226, 0),         CHAN5G(228, 0),
273 };
274
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276         CHAN5G(34, 0),          CHAN5G(36, 0),
277         CHAN5G(38, 0),          CHAN5G(40, 0),
278         CHAN5G(42, 0),          CHAN5G(44, 0),
279         CHAN5G(46, 0),          CHAN5G(48, 0),
280         CHAN5G(52, 0),          CHAN5G(56, 0),
281         CHAN5G(60, 0),          CHAN5G(64, 0),
282         CHAN5G(100, 0),         CHAN5G(104, 0),
283         CHAN5G(108, 0),         CHAN5G(112, 0),
284         CHAN5G(116, 0),         CHAN5G(120, 0),
285         CHAN5G(124, 0),         CHAN5G(128, 0),
286         CHAN5G(132, 0),         CHAN5G(136, 0),
287         CHAN5G(140, 0),         CHAN5G(149, 0),
288         CHAN5G(153, 0),         CHAN5G(157, 0),
289         CHAN5G(161, 0),         CHAN5G(165, 0),
290         CHAN5G(184, 0),         CHAN5G(188, 0),
291         CHAN5G(192, 0),         CHAN5G(196, 0),
292         CHAN5G(200, 0),         CHAN5G(204, 0),
293         CHAN5G(208, 0),         CHAN5G(212, 0),
294         CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299         .band           = IEEE80211_BAND_5GHZ,
300         .channels       = b43_5ghz_nphy_chantable,
301         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302         .bitrates       = b43_a_ratetable,
303         .n_bitrates     = b43_a_ratetable_size,
304 };
305
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307         .band           = IEEE80211_BAND_5GHZ,
308         .channels       = b43_5ghz_aphy_chantable,
309         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310         .bitrates       = b43_a_ratetable,
311         .n_bitrates     = b43_a_ratetable_size,
312 };
313
314 static struct ieee80211_supported_band b43_band_2GHz = {
315         .band           = IEEE80211_BAND_2GHZ,
316         .channels       = b43_2ghz_chantable,
317         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
318         .bitrates       = b43_g_ratetable,
319         .n_bitrates     = b43_g_ratetable_size,
320 };
321
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327                                     struct ieee80211_vif *vif,
328                                     struct ieee80211_bss_conf *conf,
329                                     u32 changed);
330
331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333         if (!wl || !wl->current_dev)
334                 return 1;
335         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336                 return 1;
337         /* We are up and running.
338          * Ratelimit the messages to avoid DoS over the net. */
339         return net_ratelimit();
340 }
341
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344         struct va_format vaf;
345         va_list args;
346
347         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348                 return;
349         if (!b43_ratelimit(wl))
350                 return;
351
352         va_start(args, fmt);
353
354         vaf.fmt = fmt;
355         vaf.va = &args;
356
357         printk(KERN_INFO "b43-%s: %pV",
358                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360         va_end(args);
361 }
362
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365         struct va_format vaf;
366         va_list args;
367
368         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369                 return;
370         if (!b43_ratelimit(wl))
371                 return;
372
373         va_start(args, fmt);
374
375         vaf.fmt = fmt;
376         vaf.va = &args;
377
378         printk(KERN_ERR "b43-%s ERROR: %pV",
379                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381         va_end(args);
382 }
383
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386         struct va_format vaf;
387         va_list args;
388
389         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390                 return;
391         if (!b43_ratelimit(wl))
392                 return;
393
394         va_start(args, fmt);
395
396         vaf.fmt = fmt;
397         vaf.va = &args;
398
399         printk(KERN_WARNING "b43-%s warning: %pV",
400                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402         va_end(args);
403 }
404
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407         struct va_format vaf;
408         va_list args;
409
410         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411                 return;
412
413         va_start(args, fmt);
414
415         vaf.fmt = fmt;
416         vaf.va = &args;
417
418         printk(KERN_DEBUG "b43-%s debug: %pV",
419                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421         va_end(args);
422 }
423
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426         u32 macctl;
427
428         B43_WARN_ON(offset % 4 != 0);
429
430         macctl = b43_read32(dev, B43_MMIO_MACCTL);
431         if (macctl & B43_MACCTL_BE)
432                 val = swab32(val);
433
434         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435         mmiowb();
436         b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440                                         u16 routing, u16 offset)
441 {
442         u32 control;
443
444         /* "offset" is the WORD offset. */
445         control = routing;
446         control <<= 16;
447         control |= offset;
448         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453         u32 ret;
454
455         if (routing == B43_SHM_SHARED) {
456                 B43_WARN_ON(offset & 0x0001);
457                 if (offset & 0x0003) {
458                         /* Unaligned access */
459                         b43_shm_control_word(dev, routing, offset >> 2);
460                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464                         goto out;
465                 }
466                 offset >>= 2;
467         }
468         b43_shm_control_word(dev, routing, offset);
469         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471         return ret;
472 }
473
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476         u16 ret;
477
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485                         goto out;
486                 }
487                 offset >>= 2;
488         }
489         b43_shm_control_word(dev, routing, offset);
490         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492         return ret;
493 }
494
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497         if (routing == B43_SHM_SHARED) {
498                 B43_WARN_ON(offset & 0x0001);
499                 if (offset & 0x0003) {
500                         /* Unaligned access */
501                         b43_shm_control_word(dev, routing, offset >> 2);
502                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503                                     value & 0xFFFF);
504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505                         b43_write16(dev, B43_MMIO_SHM_DATA,
506                                     (value >> 16) & 0xFFFF);
507                         return;
508                 }
509                 offset >>= 2;
510         }
511         b43_shm_control_word(dev, routing, offset);
512         b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517         if (routing == B43_SHM_SHARED) {
518                 B43_WARN_ON(offset & 0x0001);
519                 if (offset & 0x0003) {
520                         /* Unaligned access */
521                         b43_shm_control_word(dev, routing, offset >> 2);
522                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523                         return;
524                 }
525                 offset >>= 2;
526         }
527         b43_shm_control_word(dev, routing, offset);
528         b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534         u64 ret;
535
536         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537         ret <<= 16;
538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541
542         return ret;
543 }
544
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548         u16 lo, mi, hi;
549
550         lo = (value & 0x00000000FFFFULL);
551         mi = (value & 0x0000FFFF0000ULL) >> 16;
552         hi = (value & 0xFFFF00000000ULL) >> 32;
553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561         B43_WARN_ON(!dev->fw.opensource);
562         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567         u32 low, high;
568
569         B43_WARN_ON(dev->dev->core_rev < 3);
570
571         /* The hardware guarantees us an atomic read, if we
572          * read the low register first. */
573         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576         *tsf = high;
577         *tsf <<= 32;
578         *tsf |= low;
579 }
580
581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591         /* Commit the write */
592         b43_read32(dev, B43_MMIO_MACCTL);
593 }
594
595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597         u32 low, high;
598
599         B43_WARN_ON(dev->dev->core_rev < 3);
600
601         low = tsf;
602         high = (tsf >> 32);
603         /* The hardware guarantees us an atomic write, if we
604          * write the low register first. */
605         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606         mmiowb();
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608         mmiowb();
609 }
610
611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613         b43_time_lock(dev);
614         b43_tsf_write_locked(dev, tsf);
615         b43_time_unlock(dev);
616 }
617
618 static
619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621         static const u8 zero_addr[ETH_ALEN] = { 0 };
622         u16 data;
623
624         if (!mac)
625                 mac = zero_addr;
626
627         offset |= 0x0020;
628         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630         data = mac[0];
631         data |= mac[1] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[2];
634         data |= mac[3] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636         data = mac[4];
637         data |= mac[5] << 8;
638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640
641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643         const u8 *mac;
644         const u8 *bssid;
645         u8 mac_bssid[ETH_ALEN * 2];
646         int i;
647         u32 tmp;
648
649         bssid = dev->wl->bssid;
650         mac = dev->wl->mac_addr;
651
652         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654         memcpy(mac_bssid, mac, ETH_ALEN);
655         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657         /* Write our MAC address and BSSID to template ram */
658         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659                 tmp = (u32) (mac_bssid[i + 0]);
660                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663                 b43_ram_write(dev, 0x20 + i, tmp);
664         }
665 }
666
667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669         b43_write_mac_bssid_templates(dev);
670         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672
673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675         /* slot_time is in usec. */
676         /* This test used to exit for all but a G PHY. */
677         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678                 return;
679         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680         /* Shared memory location 0x0010 is the slot time and should be
681          * set to slot_time; however, this register is initially 0 and changing
682          * the value adversely affects the transmit rate for BCM4311
683          * devices. Until this behavior is unterstood, delete this step
684          *
685          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686          */
687 }
688
689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691         b43_set_slot_time(dev, 9);
692 }
693
694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696         b43_set_slot_time(dev, 20);
697 }
698
699 /* DummyTransmission function, as documented on
700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701  */
702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704         struct b43_phy *phy = &dev->phy;
705         unsigned int i, max_loop;
706         u16 value;
707         u32 buffer[5] = {
708                 0x00000000,
709                 0x00D40000,
710                 0x00000000,
711                 0x01000000,
712                 0x00000000,
713         };
714
715         if (ofdm) {
716                 max_loop = 0x1E;
717                 buffer[0] = 0x000201CC;
718         } else {
719                 max_loop = 0xFA;
720                 buffer[0] = 0x000B846E;
721         }
722
723         for (i = 0; i < 5; i++)
724                 b43_ram_write(dev, i * 4, buffer[i]);
725
726         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728         if (dev->dev->core_rev < 11)
729                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730         else
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733         value = (ofdm ? 0x41 : 0x40);
734         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736             phy->type == B43_PHYTYPE_LCN)
737                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747         if (!pa_on && phy->type == B43_PHYTYPE_N)
748                 ; /*b43_nphy_pa_override(dev, false) */
749
750         switch (phy->type) {
751         case B43_PHYTYPE_N:
752         case B43_PHYTYPE_LCN:
753                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754                 break;
755         case B43_PHYTYPE_LP:
756                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757                 break;
758         default:
759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760         }
761         b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764                 b43_radio_write16(dev, 0x0051, 0x0017);
765         for (i = 0x00; i < max_loop; i++) {
766                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767                 if (value & 0x0080)
768                         break;
769                 udelay(10);
770         }
771         for (i = 0x00; i < 0x0A; i++) {
772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773                 if (value & 0x0400)
774                         break;
775                 udelay(10);
776         }
777         for (i = 0x00; i < 0x19; i++) {
778                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779                 if (!(value & 0x0100))
780                         break;
781                 udelay(10);
782         }
783         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784                 b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786
787 static void key_write(struct b43_wldev *dev,
788                       u8 index, u8 algorithm, const u8 *key)
789 {
790         unsigned int i;
791         u32 offset;
792         u16 value;
793         u16 kidx;
794
795         /* Key index/algo block */
796         kidx = b43_kidx_to_fw(dev, index);
797         value = ((kidx << 4) | algorithm);
798         b43_shm_write16(dev, B43_SHM_SHARED,
799                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801         /* Write the key to the Key Table Pointer offset */
802         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804                 value = key[i];
805                 value |= (u16) (key[i + 1]) << 8;
806                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807         }
808 }
809
810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812         u32 addrtmp[2] = { 0, 0, };
813         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815         if (b43_new_kidx_api(dev))
816                 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818         B43_WARN_ON(index < pairwise_keys_start);
819         /* We have four default TX keys and possibly four default RX keys.
820          * Physical mac 0 is mapped to physical key 4 or 8, depending
821          * on the firmware version.
822          * So we must adjust the index here.
823          */
824         index -= pairwise_keys_start;
825         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827         if (addr) {
828                 addrtmp[0] = addr[0];
829                 addrtmp[0] |= ((u32) (addr[1]) << 8);
830                 addrtmp[0] |= ((u32) (addr[2]) << 16);
831                 addrtmp[0] |= ((u32) (addr[3]) << 24);
832                 addrtmp[1] = addr[4];
833                 addrtmp[1] |= ((u32) (addr[5]) << 8);
834         }
835
836         /* Receive match transmitter address (RCMTA) mechanism */
837         b43_shm_write32(dev, B43_SHM_RCMTA,
838                         (index * 2) + 0, addrtmp[0]);
839         b43_shm_write16(dev, B43_SHM_RCMTA,
840                         (index * 2) + 1, addrtmp[1]);
841 }
842
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844  * When a packet is received, the iv32 is checked.
845  * - if it doesn't the packet is returned without modification (and software
846  *   decryption can be done). That's what happen when iv16 wrap.
847  * - if it does, the rc4 key is computed, and decryption is tried.
848  *   Either it will success and B43_RX_MAC_DEC is returned,
849  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850  *   and the packet is not usable (it got modified by the ucode).
851  * So in order to never have B43_RX_MAC_DECERR, we should provide
852  * a iv32 and phase1key that match. Because we drop packets in case of
853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854  * packets will be lost without higher layer knowing (ie no resync possible
855  * until next wrap).
856  *
857  * NOTE : this should support 50 key like RCMTA because
858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859  */
860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861                 u16 *phase1key)
862 {
863         unsigned int i;
864         u32 offset;
865         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867         if (!modparam_hwtkip)
868                 return;
869
870         if (b43_new_kidx_api(dev))
871                 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873         B43_WARN_ON(index < pairwise_keys_start);
874         /* We have four default TX keys and possibly four default RX keys.
875          * Physical mac 0 is mapped to physical key 4 or 8, depending
876          * on the firmware version.
877          * So we must adjust the index here.
878          */
879         index -= pairwise_keys_start;
880         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882         if (b43_debug(dev, B43_DBG_KEYS)) {
883                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884                                 index, iv32);
885         }
886         /* Write the key to the  RX tkip shared mem */
887         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888         for (i = 0; i < 10; i += 2) {
889                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890                                 phase1key ? phase1key[i / 2] : 0);
891         }
892         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895
896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897                                    struct ieee80211_vif *vif,
898                                    struct ieee80211_key_conf *keyconf,
899                                    struct ieee80211_sta *sta,
900                                    u32 iv32, u16 *phase1key)
901 {
902         struct b43_wl *wl = hw_to_b43_wl(hw);
903         struct b43_wldev *dev;
904         int index = keyconf->hw_key_idx;
905
906         if (B43_WARN_ON(!modparam_hwtkip))
907                 return;
908
909         /* This is only called from the RX path through mac80211, where
910          * our mutex is already locked. */
911         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912         dev = wl->current_dev;
913         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917         rx_tkip_phase1_write(dev, index, iv32, phase1key);
918         /* only pairwise TKIP keys are supported right now */
919         if (WARN_ON(!sta))
920                 return;
921         keymac_write(dev, index, sta->addr);
922 }
923
924 static void do_key_write(struct b43_wldev *dev,
925                          u8 index, u8 algorithm,
926                          const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928         u8 buf[B43_SEC_KEYSIZE] = { 0, };
929         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931         if (b43_new_kidx_api(dev))
932                 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937         if (index >= pairwise_keys_start)
938                 keymac_write(dev, index, NULL); /* First zero out mac. */
939         if (algorithm == B43_SEC_ALGO_TKIP) {
940                 /*
941                  * We should provide an initial iv32, phase1key pair.
942                  * We could start with iv32=0 and compute the corresponding
943                  * phase1key, but this means calling ieee80211_get_tkip_key
944                  * with a fake skb (or export other tkip function).
945                  * Because we are lazy we hope iv32 won't start with
946                  * 0xffffffff and let's b43_op_update_tkip_key provide a
947                  * correct pair.
948                  */
949                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950         } else if (index >= pairwise_keys_start) /* clear it */
951                 rx_tkip_phase1_write(dev, index, 0, NULL);
952         if (key)
953                 memcpy(buf, key, key_len);
954         key_write(dev, index, algorithm, buf);
955         if (index >= pairwise_keys_start)
956                 keymac_write(dev, index, mac_addr);
957
958         dev->key[index].algorithm = algorithm;
959 }
960
961 static int b43_key_write(struct b43_wldev *dev,
962                          int index, u8 algorithm,
963                          const u8 *key, size_t key_len,
964                          const u8 *mac_addr,
965                          struct ieee80211_key_conf *keyconf)
966 {
967         int i;
968         int pairwise_keys_start;
969
970         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971          *      - Temporal Encryption Key (128 bits)
972          *      - Temporal Authenticator Tx MIC Key (64 bits)
973          *      - Temporal Authenticator Rx MIC Key (64 bits)
974          *
975          *      Hardware only store TEK
976          */
977         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978                 key_len = 16;
979         if (key_len > B43_SEC_KEYSIZE)
980                 return -EINVAL;
981         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982                 /* Check that we don't already have this key. */
983                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984         }
985         if (index < 0) {
986                 /* Pairwise key. Get an empty slot for the key. */
987                 if (b43_new_kidx_api(dev))
988                         pairwise_keys_start = B43_NR_GROUP_KEYS;
989                 else
990                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991                 for (i = pairwise_keys_start;
992                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993                      i++) {
994                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995                         if (!dev->key[i].keyconf) {
996                                 /* found empty */
997                                 index = i;
998                                 break;
999                         }
1000                 }
1001                 if (index < 0) {
1002                         b43warn(dev->wl, "Out of hardware key memory\n");
1003                         return -ENOSPC;
1004                 }
1005         } else
1006                 B43_WARN_ON(index > 3);
1007
1008         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010                 /* Default RX key */
1011                 B43_WARN_ON(mac_addr);
1012                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013         }
1014         keyconf->hw_key_idx = index;
1015         dev->key[index].keyconf = keyconf;
1016
1017         return 0;
1018 }
1019
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023                 return -EINVAL;
1024         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025                      NULL, B43_SEC_KEYSIZE, NULL);
1026         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028                              NULL, B43_SEC_KEYSIZE, NULL);
1029         }
1030         dev->key[index].keyconf = NULL;
1031
1032         return 0;
1033 }
1034
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037         int i, count;
1038
1039         if (b43_new_kidx_api(dev))
1040                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041         else
1042                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043         for (i = 0; i < count; i++)
1044                 b43_key_clear(dev, i);
1045 }
1046
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049         unsigned int i, index, count, offset, pairwise_keys_start;
1050         u8 mac[ETH_ALEN];
1051         u16 algo;
1052         u32 rcmta0;
1053         u16 rcmta1;
1054         u64 hf;
1055         struct b43_key *key;
1056
1057         if (!b43_debug(dev, B43_DBG_KEYS))
1058                 return;
1059
1060         hf = b43_hf_read(dev);
1061         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1062                !!(hf & B43_HF_USEDEFKEYS));
1063         if (b43_new_kidx_api(dev)) {
1064                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066         } else {
1067                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069         }
1070         for (index = 0; index < count; index++) {
1071                 key = &(dev->key[index]);
1072                 printk(KERN_DEBUG "Key slot %02u: %s",
1073                        index, (key->keyconf == NULL) ? " " : "*");
1074                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078                 }
1079
1080                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1083
1084                 if (index >= pairwise_keys_start) {
1085                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086                                 printk("   TKIP: ");
1087                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088                                 for (i = 0; i < 14; i += 2) {
1089                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091                                 }
1092                         }
1093                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094                                                 ((index - pairwise_keys_start) * 2) + 0);
1095                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 1);
1097                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099                         printk("   MAC: %pM", mac);
1100                 } else
1101                         printk("   DEFAULT KEY");
1102                 printk("\n");
1103         }
1104 }
1105
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108         u32 macctl;
1109         u16 ucstat;
1110         bool hwps;
1111         bool awake;
1112         int i;
1113
1114         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115                     (ps_flags & B43_PS_DISABLED));
1116         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118         if (ps_flags & B43_PS_ENABLED) {
1119                 hwps = true;
1120         } else if (ps_flags & B43_PS_DISABLED) {
1121                 hwps = false;
1122         } else {
1123                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124                 //      and thus is not an AP and we are associated, set bit 25
1125         }
1126         if (ps_flags & B43_PS_AWAKE) {
1127                 awake = true;
1128         } else if (ps_flags & B43_PS_ASLEEP) {
1129                 awake = false;
1130         } else {
1131                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133                 //      successful, set bit26
1134         }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137         hwps = false;
1138         awake = true;
1139
1140         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141         if (hwps)
1142                 macctl |= B43_MACCTL_HWPS;
1143         else
1144                 macctl &= ~B43_MACCTL_HWPS;
1145         if (awake)
1146                 macctl |= B43_MACCTL_AWAKE;
1147         else
1148                 macctl &= ~B43_MACCTL_AWAKE;
1149         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150         /* Commit write */
1151         b43_read32(dev, B43_MMIO_MACCTL);
1152         if (awake && dev->dev->core_rev >= 5) {
1153                 /* Wait for the microcode to wake up. */
1154                 for (i = 0; i < 100; i++) {
1155                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156                                                 B43_SHM_SH_UCODESTAT);
1157                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158                                 break;
1159                         udelay(10);
1160                 }
1161         }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167         u32 flags;
1168
1169         /* Put PHY into reset */
1170         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171         flags |= B43_BCMA_IOCTL_PHY_RESET;
1172         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174         udelay(2);
1175
1176         /* Take PHY out of reset */
1177         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179         flags |= BCMA_IOCTL_FGC;
1180         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181         udelay(1);
1182
1183         /* Do not force clock anymore */
1184         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185         flags &= ~BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188 }
1189
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1193         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1194         b43_bcma_phy_reset(dev);
1195         bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1196 }
1197 #endif
1198
1199 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1200 {
1201         struct ssb_device *sdev = dev->dev->sdev;
1202         u32 tmslow;
1203         u32 flags = 0;
1204
1205         if (gmode)
1206                 flags |= B43_TMSLOW_GMODE;
1207         flags |= B43_TMSLOW_PHYCLKEN;
1208         flags |= B43_TMSLOW_PHYRESET;
1209         if (dev->phy.type == B43_PHYTYPE_N)
1210                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1211         b43_device_enable(dev, flags);
1212         msleep(2);              /* Wait for the PLL to turn on. */
1213
1214         /* Now take the PHY out of Reset again */
1215         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1216         tmslow |= SSB_TMSLOW_FGC;
1217         tmslow &= ~B43_TMSLOW_PHYRESET;
1218         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1219         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1220         msleep(1);
1221         tmslow &= ~SSB_TMSLOW_FGC;
1222         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1223         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1224         msleep(1);
1225 }
1226
1227 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1228 {
1229         u32 macctl;
1230
1231         switch (dev->dev->bus_type) {
1232 #ifdef CONFIG_B43_BCMA
1233         case B43_BUS_BCMA:
1234                 b43_bcma_wireless_core_reset(dev, gmode);
1235                 break;
1236 #endif
1237 #ifdef CONFIG_B43_SSB
1238         case B43_BUS_SSB:
1239                 b43_ssb_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242         }
1243
1244         /* Turn Analog ON, but only if we already know the PHY-type.
1245          * This protects against very early setup where we don't know the
1246          * PHY-type, yet. wireless_core_reset will be called once again later,
1247          * when we know the PHY-type. */
1248         if (dev->phy.ops)
1249                 dev->phy.ops->switch_analog(dev, 1);
1250
1251         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1252         macctl &= ~B43_MACCTL_GMODE;
1253         if (gmode)
1254                 macctl |= B43_MACCTL_GMODE;
1255         macctl |= B43_MACCTL_IHR_ENABLED;
1256         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1257 }
1258
1259 static void handle_irq_transmit_status(struct b43_wldev *dev)
1260 {
1261         u32 v0, v1;
1262         u16 tmp;
1263         struct b43_txstatus stat;
1264
1265         while (1) {
1266                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1267                 if (!(v0 & 0x00000001))
1268                         break;
1269                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1270
1271                 stat.cookie = (v0 >> 16);
1272                 stat.seq = (v1 & 0x0000FFFF);
1273                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1274                 tmp = (v0 & 0x0000FFFF);
1275                 stat.frame_count = ((tmp & 0xF000) >> 12);
1276                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1277                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1278                 stat.pm_indicated = !!(tmp & 0x0080);
1279                 stat.intermediate = !!(tmp & 0x0040);
1280                 stat.for_ampdu = !!(tmp & 0x0020);
1281                 stat.acked = !!(tmp & 0x0002);
1282
1283                 b43_handle_txstatus(dev, &stat);
1284         }
1285 }
1286
1287 static void drain_txstatus_queue(struct b43_wldev *dev)
1288 {
1289         u32 dummy;
1290
1291         if (dev->dev->core_rev < 5)
1292                 return;
1293         /* Read all entries from the microcode TXstatus FIFO
1294          * and throw them away.
1295          */
1296         while (1) {
1297                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1298                 if (!(dummy & 0x00000001))
1299                         break;
1300                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1301         }
1302 }
1303
1304 static u32 b43_jssi_read(struct b43_wldev *dev)
1305 {
1306         u32 val = 0;
1307
1308         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1309         val <<= 16;
1310         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1311
1312         return val;
1313 }
1314
1315 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1316 {
1317         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1318         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1319 }
1320
1321 static void b43_generate_noise_sample(struct b43_wldev *dev)
1322 {
1323         b43_jssi_write(dev, 0x7F7F7F7F);
1324         b43_write32(dev, B43_MMIO_MACCMD,
1325                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1326 }
1327
1328 static void b43_calculate_link_quality(struct b43_wldev *dev)
1329 {
1330         /* Top half of Link Quality calculation. */
1331
1332         if (dev->phy.type != B43_PHYTYPE_G)
1333                 return;
1334         if (dev->noisecalc.calculation_running)
1335                 return;
1336         dev->noisecalc.calculation_running = true;
1337         dev->noisecalc.nr_samples = 0;
1338
1339         b43_generate_noise_sample(dev);
1340 }
1341
1342 static void handle_irq_noise(struct b43_wldev *dev)
1343 {
1344         struct b43_phy_g *phy = dev->phy.g;
1345         u16 tmp;
1346         u8 noise[4];
1347         u8 i, j;
1348         s32 average;
1349
1350         /* Bottom half of Link Quality calculation. */
1351
1352         if (dev->phy.type != B43_PHYTYPE_G)
1353                 return;
1354
1355         /* Possible race condition: It might be possible that the user
1356          * changed to a different channel in the meantime since we
1357          * started the calculation. We ignore that fact, since it's
1358          * not really that much of a problem. The background noise is
1359          * an estimation only anyway. Slightly wrong results will get damped
1360          * by the averaging of the 8 sample rounds. Additionally the
1361          * value is shortlived. So it will be replaced by the next noise
1362          * calculation round soon. */
1363
1364         B43_WARN_ON(!dev->noisecalc.calculation_running);
1365         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1366         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1367             noise[2] == 0x7F || noise[3] == 0x7F)
1368                 goto generate_new;
1369
1370         /* Get the noise samples. */
1371         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1372         i = dev->noisecalc.nr_samples;
1373         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1374         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1375         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1376         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1377         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1378         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1379         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1380         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1381         dev->noisecalc.nr_samples++;
1382         if (dev->noisecalc.nr_samples == 8) {
1383                 /* Calculate the Link Quality by the noise samples. */
1384                 average = 0;
1385                 for (i = 0; i < 8; i++) {
1386                         for (j = 0; j < 4; j++)
1387                                 average += dev->noisecalc.samples[i][j];
1388                 }
1389                 average /= (8 * 4);
1390                 average *= 125;
1391                 average += 64;
1392                 average /= 128;
1393                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1394                 tmp = (tmp / 128) & 0x1F;
1395                 if (tmp >= 8)
1396                         average += 2;
1397                 else
1398                         average -= 25;
1399                 if (tmp == 8)
1400                         average -= 72;
1401                 else
1402                         average -= 48;
1403
1404                 dev->stats.link_noise = average;
1405                 dev->noisecalc.calculation_running = false;
1406                 return;
1407         }
1408 generate_new:
1409         b43_generate_noise_sample(dev);
1410 }
1411
1412 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1413 {
1414         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1415                 ///TODO: PS TBTT
1416         } else {
1417                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1418                         b43_power_saving_ctl_bits(dev, 0);
1419         }
1420         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1421                 dev->dfq_valid = true;
1422 }
1423
1424 static void handle_irq_atim_end(struct b43_wldev *dev)
1425 {
1426         if (dev->dfq_valid) {
1427                 b43_write32(dev, B43_MMIO_MACCMD,
1428                             b43_read32(dev, B43_MMIO_MACCMD)
1429                             | B43_MACCMD_DFQ_VALID);
1430                 dev->dfq_valid = false;
1431         }
1432 }
1433
1434 static void handle_irq_pmq(struct b43_wldev *dev)
1435 {
1436         u32 tmp;
1437
1438         //TODO: AP mode.
1439
1440         while (1) {
1441                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1442                 if (!(tmp & 0x00000008))
1443                         break;
1444         }
1445         /* 16bit write is odd, but correct. */
1446         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1447 }
1448
1449 static void b43_write_template_common(struct b43_wldev *dev,
1450                                       const u8 *data, u16 size,
1451                                       u16 ram_offset,
1452                                       u16 shm_size_offset, u8 rate)
1453 {
1454         u32 i, tmp;
1455         struct b43_plcp_hdr4 plcp;
1456
1457         plcp.data = 0;
1458         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1459         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1460         ram_offset += sizeof(u32);
1461         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1462          * So leave the first two bytes of the next write blank.
1463          */
1464         tmp = (u32) (data[0]) << 16;
1465         tmp |= (u32) (data[1]) << 24;
1466         b43_ram_write(dev, ram_offset, tmp);
1467         ram_offset += sizeof(u32);
1468         for (i = 2; i < size; i += sizeof(u32)) {
1469                 tmp = (u32) (data[i + 0]);
1470                 if (i + 1 < size)
1471                         tmp |= (u32) (data[i + 1]) << 8;
1472                 if (i + 2 < size)
1473                         tmp |= (u32) (data[i + 2]) << 16;
1474                 if (i + 3 < size)
1475                         tmp |= (u32) (data[i + 3]) << 24;
1476                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1477         }
1478         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1479                         size + sizeof(struct b43_plcp_hdr6));
1480 }
1481
1482 /* Check if the use of the antenna that ieee80211 told us to
1483  * use is possible. This will fall back to DEFAULT.
1484  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1485 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1486                                   u8 antenna_nr)
1487 {
1488         u8 antenna_mask;
1489
1490         if (antenna_nr == 0) {
1491                 /* Zero means "use default antenna". That's always OK. */
1492                 return 0;
1493         }
1494
1495         /* Get the mask of available antennas. */
1496         if (dev->phy.gmode)
1497                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1498         else
1499                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1500
1501         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1502                 /* This antenna is not available. Fall back to default. */
1503                 return 0;
1504         }
1505
1506         return antenna_nr;
1507 }
1508
1509 /* Convert a b43 antenna number value to the PHY TX control value. */
1510 static u16 b43_antenna_to_phyctl(int antenna)
1511 {
1512         switch (antenna) {
1513         case B43_ANTENNA0:
1514                 return B43_TXH_PHY_ANT0;
1515         case B43_ANTENNA1:
1516                 return B43_TXH_PHY_ANT1;
1517         case B43_ANTENNA2:
1518                 return B43_TXH_PHY_ANT2;
1519         case B43_ANTENNA3:
1520                 return B43_TXH_PHY_ANT3;
1521         case B43_ANTENNA_AUTO0:
1522         case B43_ANTENNA_AUTO1:
1523                 return B43_TXH_PHY_ANT01AUTO;
1524         }
1525         B43_WARN_ON(1);
1526         return 0;
1527 }
1528
1529 static void b43_write_beacon_template(struct b43_wldev *dev,
1530                                       u16 ram_offset,
1531                                       u16 shm_size_offset)
1532 {
1533         unsigned int i, len, variable_len;
1534         const struct ieee80211_mgmt *bcn;
1535         const u8 *ie;
1536         bool tim_found = false;
1537         unsigned int rate;
1538         u16 ctl;
1539         int antenna;
1540         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1541
1542         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1543         len = min((size_t) dev->wl->current_beacon->len,
1544                   0x200 - sizeof(struct b43_plcp_hdr6));
1545         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1546
1547         b43_write_template_common(dev, (const u8 *)bcn,
1548                                   len, ram_offset, shm_size_offset, rate);
1549
1550         /* Write the PHY TX control parameters. */
1551         antenna = B43_ANTENNA_DEFAULT;
1552         antenna = b43_antenna_to_phyctl(antenna);
1553         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1554         /* We can't send beacons with short preamble. Would get PHY errors. */
1555         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1556         ctl &= ~B43_TXH_PHY_ANT;
1557         ctl &= ~B43_TXH_PHY_ENC;
1558         ctl |= antenna;
1559         if (b43_is_cck_rate(rate))
1560                 ctl |= B43_TXH_PHY_ENC_CCK;
1561         else
1562                 ctl |= B43_TXH_PHY_ENC_OFDM;
1563         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1564
1565         /* Find the position of the TIM and the DTIM_period value
1566          * and write them to SHM. */
1567         ie = bcn->u.beacon.variable;
1568         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1569         for (i = 0; i < variable_len - 2; ) {
1570                 uint8_t ie_id, ie_len;
1571
1572                 ie_id = ie[i];
1573                 ie_len = ie[i + 1];
1574                 if (ie_id == 5) {
1575                         u16 tim_position;
1576                         u16 dtim_period;
1577                         /* This is the TIM Information Element */
1578
1579                         /* Check whether the ie_len is in the beacon data range. */
1580                         if (variable_len < ie_len + 2 + i)
1581                                 break;
1582                         /* A valid TIM is at least 4 bytes long. */
1583                         if (ie_len < 4)
1584                                 break;
1585                         tim_found = true;
1586
1587                         tim_position = sizeof(struct b43_plcp_hdr6);
1588                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1589                         tim_position += i;
1590
1591                         dtim_period = ie[i + 3];
1592
1593                         b43_shm_write16(dev, B43_SHM_SHARED,
1594                                         B43_SHM_SH_TIMBPOS, tim_position);
1595                         b43_shm_write16(dev, B43_SHM_SHARED,
1596                                         B43_SHM_SH_DTIMPER, dtim_period);
1597                         break;
1598                 }
1599                 i += ie_len + 2;
1600         }
1601         if (!tim_found) {
1602                 /*
1603                  * If ucode wants to modify TIM do it behind the beacon, this
1604                  * will happen, for example, when doing mesh networking.
1605                  */
1606                 b43_shm_write16(dev, B43_SHM_SHARED,
1607                                 B43_SHM_SH_TIMBPOS,
1608                                 len + sizeof(struct b43_plcp_hdr6));
1609                 b43_shm_write16(dev, B43_SHM_SHARED,
1610                                 B43_SHM_SH_DTIMPER, 0);
1611         }
1612         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1613 }
1614
1615 static void b43_upload_beacon0(struct b43_wldev *dev)
1616 {
1617         struct b43_wl *wl = dev->wl;
1618
1619         if (wl->beacon0_uploaded)
1620                 return;
1621         b43_write_beacon_template(dev, 0x68, 0x18);
1622         wl->beacon0_uploaded = true;
1623 }
1624
1625 static void b43_upload_beacon1(struct b43_wldev *dev)
1626 {
1627         struct b43_wl *wl = dev->wl;
1628
1629         if (wl->beacon1_uploaded)
1630                 return;
1631         b43_write_beacon_template(dev, 0x468, 0x1A);
1632         wl->beacon1_uploaded = true;
1633 }
1634
1635 static void handle_irq_beacon(struct b43_wldev *dev)
1636 {
1637         struct b43_wl *wl = dev->wl;
1638         u32 cmd, beacon0_valid, beacon1_valid;
1639
1640         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1641             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1642             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1643                 return;
1644
1645         /* This is the bottom half of the asynchronous beacon update. */
1646
1647         /* Ignore interrupt in the future. */
1648         dev->irq_mask &= ~B43_IRQ_BEACON;
1649
1650         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1651         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1652         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1653
1654         /* Schedule interrupt manually, if busy. */
1655         if (beacon0_valid && beacon1_valid) {
1656                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1657                 dev->irq_mask |= B43_IRQ_BEACON;
1658                 return;
1659         }
1660
1661         if (unlikely(wl->beacon_templates_virgin)) {
1662                 /* We never uploaded a beacon before.
1663                  * Upload both templates now, but only mark one valid. */
1664                 wl->beacon_templates_virgin = false;
1665                 b43_upload_beacon0(dev);
1666                 b43_upload_beacon1(dev);
1667                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1668                 cmd |= B43_MACCMD_BEACON0_VALID;
1669                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1670         } else {
1671                 if (!beacon0_valid) {
1672                         b43_upload_beacon0(dev);
1673                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1674                         cmd |= B43_MACCMD_BEACON0_VALID;
1675                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1676                 } else if (!beacon1_valid) {
1677                         b43_upload_beacon1(dev);
1678                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1679                         cmd |= B43_MACCMD_BEACON1_VALID;
1680                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1681                 }
1682         }
1683 }
1684
1685 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1686 {
1687         u32 old_irq_mask = dev->irq_mask;
1688
1689         /* update beacon right away or defer to irq */
1690         handle_irq_beacon(dev);
1691         if (old_irq_mask != dev->irq_mask) {
1692                 /* The handler updated the IRQ mask. */
1693                 B43_WARN_ON(!dev->irq_mask);
1694                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1695                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1696                 } else {
1697                         /* Device interrupts are currently disabled. That means
1698                          * we just ran the hardirq handler and scheduled the
1699                          * IRQ thread. The thread will write the IRQ mask when
1700                          * it finished, so there's nothing to do here. Writing
1701                          * the mask _here_ would incorrectly re-enable IRQs. */
1702                 }
1703         }
1704 }
1705
1706 static void b43_beacon_update_trigger_work(struct work_struct *work)
1707 {
1708         struct b43_wl *wl = container_of(work, struct b43_wl,
1709                                          beacon_update_trigger);
1710         struct b43_wldev *dev;
1711
1712         mutex_lock(&wl->mutex);
1713         dev = wl->current_dev;
1714         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1715                 if (b43_bus_host_is_sdio(dev->dev)) {
1716                         /* wl->mutex is enough. */
1717                         b43_do_beacon_update_trigger_work(dev);
1718                         mmiowb();
1719                 } else {
1720                         spin_lock_irq(&wl->hardirq_lock);
1721                         b43_do_beacon_update_trigger_work(dev);
1722                         mmiowb();
1723                         spin_unlock_irq(&wl->hardirq_lock);
1724                 }
1725         }
1726         mutex_unlock(&wl->mutex);
1727 }
1728
1729 /* Asynchronously update the packet templates in template RAM.
1730  * Locking: Requires wl->mutex to be locked. */
1731 static void b43_update_templates(struct b43_wl *wl)
1732 {
1733         struct sk_buff *beacon;
1734
1735         /* This is the top half of the ansynchronous beacon update.
1736          * The bottom half is the beacon IRQ.
1737          * Beacon update must be asynchronous to avoid sending an
1738          * invalid beacon. This can happen for example, if the firmware
1739          * transmits a beacon while we are updating it. */
1740
1741         /* We could modify the existing beacon and set the aid bit in
1742          * the TIM field, but that would probably require resizing and
1743          * moving of data within the beacon template.
1744          * Simply request a new beacon and let mac80211 do the hard work. */
1745         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1746         if (unlikely(!beacon))
1747                 return;
1748
1749         if (wl->current_beacon)
1750                 dev_kfree_skb_any(wl->current_beacon);
1751         wl->current_beacon = beacon;
1752         wl->beacon0_uploaded = false;
1753         wl->beacon1_uploaded = false;
1754         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1755 }
1756
1757 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1758 {
1759         b43_time_lock(dev);
1760         if (dev->dev->core_rev >= 3) {
1761                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1762                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1763         } else {
1764                 b43_write16(dev, 0x606, (beacon_int >> 6));
1765                 b43_write16(dev, 0x610, beacon_int);
1766         }
1767         b43_time_unlock(dev);
1768         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1769 }
1770
1771 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1772 {
1773         u16 reason;
1774
1775         /* Read the register that contains the reason code for the panic. */
1776         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1777         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1778
1779         switch (reason) {
1780         default:
1781                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1782                 /* fallthrough */
1783         case B43_FWPANIC_DIE:
1784                 /* Do not restart the controller or firmware.
1785                  * The device is nonfunctional from now on.
1786                  * Restarting would result in this panic to trigger again,
1787                  * so we avoid that recursion. */
1788                 break;
1789         case B43_FWPANIC_RESTART:
1790                 b43_controller_restart(dev, "Microcode panic");
1791                 break;
1792         }
1793 }
1794
1795 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1796 {
1797         unsigned int i, cnt;
1798         u16 reason, marker_id, marker_line;
1799         __le16 *buf;
1800
1801         /* The proprietary firmware doesn't have this IRQ. */
1802         if (!dev->fw.opensource)
1803                 return;
1804
1805         /* Read the register that contains the reason code for this IRQ. */
1806         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1807
1808         switch (reason) {
1809         case B43_DEBUGIRQ_PANIC:
1810                 b43_handle_firmware_panic(dev);
1811                 break;
1812         case B43_DEBUGIRQ_DUMP_SHM:
1813                 if (!B43_DEBUG)
1814                         break; /* Only with driver debugging enabled. */
1815                 buf = kmalloc(4096, GFP_ATOMIC);
1816                 if (!buf) {
1817                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1818                         goto out;
1819                 }
1820                 for (i = 0; i < 4096; i += 2) {
1821                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1822                         buf[i / 2] = cpu_to_le16(tmp);
1823                 }
1824                 b43info(dev->wl, "Shared memory dump:\n");
1825                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1826                                16, 2, buf, 4096, 1);
1827                 kfree(buf);
1828                 break;
1829         case B43_DEBUGIRQ_DUMP_REGS:
1830                 if (!B43_DEBUG)
1831                         break; /* Only with driver debugging enabled. */
1832                 b43info(dev->wl, "Microcode register dump:\n");
1833                 for (i = 0, cnt = 0; i < 64; i++) {
1834                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1835                         if (cnt == 0)
1836                                 printk(KERN_INFO);
1837                         printk("r%02u: 0x%04X  ", i, tmp);
1838                         cnt++;
1839                         if (cnt == 6) {
1840                                 printk("\n");
1841                                 cnt = 0;
1842                         }
1843                 }
1844                 printk("\n");
1845                 break;
1846         case B43_DEBUGIRQ_MARKER:
1847                 if (!B43_DEBUG)
1848                         break; /* Only with driver debugging enabled. */
1849                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1850                                            B43_MARKER_ID_REG);
1851                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1852                                              B43_MARKER_LINE_REG);
1853                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1854                         "at line number %u\n",
1855                         marker_id, marker_line);
1856                 break;
1857         default:
1858                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1859                        reason);
1860         }
1861 out:
1862         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1863         b43_shm_write16(dev, B43_SHM_SCRATCH,
1864                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1865 }
1866
1867 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1868 {
1869         u32 reason;
1870         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1871         u32 merged_dma_reason = 0;
1872         int i;
1873
1874         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1875                 return;
1876
1877         reason = dev->irq_reason;
1878         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1879                 dma_reason[i] = dev->dma_reason[i];
1880                 merged_dma_reason |= dma_reason[i];
1881         }
1882
1883         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1884                 b43err(dev->wl, "MAC transmission error\n");
1885
1886         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1887                 b43err(dev->wl, "PHY transmission error\n");
1888                 rmb();
1889                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1890                         atomic_set(&dev->phy.txerr_cnt,
1891                                    B43_PHY_TX_BADNESS_LIMIT);
1892                         b43err(dev->wl, "Too many PHY TX errors, "
1893                                         "restarting the controller\n");
1894                         b43_controller_restart(dev, "PHY TX errors");
1895                 }
1896         }
1897
1898         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1899                                           B43_DMAIRQ_NONFATALMASK))) {
1900                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1901                         b43err(dev->wl, "Fatal DMA error: "
1902                                "0x%08X, 0x%08X, 0x%08X, "
1903                                "0x%08X, 0x%08X, 0x%08X\n",
1904                                dma_reason[0], dma_reason[1],
1905                                dma_reason[2], dma_reason[3],
1906                                dma_reason[4], dma_reason[5]);
1907                         b43err(dev->wl, "This device does not support DMA "
1908                                "on your system. It will now be switched to PIO.\n");
1909                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1910                         dev->use_pio = true;
1911                         b43_controller_restart(dev, "DMA error");
1912                         return;
1913                 }
1914                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1915                         b43err(dev->wl, "DMA error: "
1916                                "0x%08X, 0x%08X, 0x%08X, "
1917                                "0x%08X, 0x%08X, 0x%08X\n",
1918                                dma_reason[0], dma_reason[1],
1919                                dma_reason[2], dma_reason[3],
1920                                dma_reason[4], dma_reason[5]);
1921                 }
1922         }
1923
1924         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1925                 handle_irq_ucode_debug(dev);
1926         if (reason & B43_IRQ_TBTT_INDI)
1927                 handle_irq_tbtt_indication(dev);
1928         if (reason & B43_IRQ_ATIM_END)
1929                 handle_irq_atim_end(dev);
1930         if (reason & B43_IRQ_BEACON)
1931                 handle_irq_beacon(dev);
1932         if (reason & B43_IRQ_PMQ)
1933                 handle_irq_pmq(dev);
1934         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1935                 ;/* TODO */
1936         if (reason & B43_IRQ_NOISESAMPLE_OK)
1937                 handle_irq_noise(dev);
1938
1939         /* Check the DMA reason registers for received data. */
1940         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941                 if (b43_using_pio_transfers(dev))
1942                         b43_pio_rx(dev->pio.rx_queue);
1943                 else
1944                         b43_dma_rx(dev->dma.rx_ring);
1945         }
1946         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952         if (reason & B43_IRQ_TX_OK)
1953                 handle_irq_transmit_status(dev);
1954
1955         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958 #if B43_DEBUG
1959         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960                 dev->irq_count++;
1961                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962                         if (reason & (1 << i))
1963                                 dev->irq_bit_count[i]++;
1964                 }
1965         }
1966 #endif
1967 }
1968
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972         struct b43_wldev *dev = dev_id;
1973
1974         mutex_lock(&dev->wl->mutex);
1975         b43_do_interrupt_thread(dev);
1976         mmiowb();
1977         mutex_unlock(&dev->wl->mutex);
1978
1979         return IRQ_HANDLED;
1980 }
1981
1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984         u32 reason;
1985
1986         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987          * On SDIO, this runs under wl->mutex. */
1988
1989         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990         if (reason == 0xffffffff)       /* shared IRQ */
1991                 return IRQ_NONE;
1992         reason &= dev->irq_mask;
1993         if (!reason)
1994                 return IRQ_NONE;
1995
1996         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997             & 0x0001DC00;
1998         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999             & 0x0000DC00;
2000         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003             & 0x0001DC00;
2004         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005             & 0x0000DC00;
2006 /* Unused ring
2007         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008             & 0x0000DC00;
2009 */
2010
2011         /* ACK the interrupt. */
2012         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021
2022         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024         /* Save the reason bitmasks for the IRQ thread handler. */
2025         dev->irq_reason = reason;
2026
2027         return IRQ_WAKE_THREAD;
2028 }
2029
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033         struct b43_wldev *dev = dev_id;
2034         irqreturn_t ret;
2035
2036         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037                 return IRQ_NONE;
2038
2039         spin_lock(&dev->wl->hardirq_lock);
2040         ret = b43_do_interrupt(dev);
2041         mmiowb();
2042         spin_unlock(&dev->wl->hardirq_lock);
2043
2044         return ret;
2045 }
2046
2047 /* SDIO interrupt handler. This runs in process context. */
2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050         struct b43_wl *wl = dev->wl;
2051         irqreturn_t ret;
2052
2053         mutex_lock(&wl->mutex);
2054
2055         ret = b43_do_interrupt(dev);
2056         if (ret == IRQ_WAKE_THREAD)
2057                 b43_do_interrupt_thread(dev);
2058
2059         mutex_unlock(&wl->mutex);
2060 }
2061
2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064         release_firmware(fw->data);
2065         fw->data = NULL;
2066         fw->filename = NULL;
2067 }
2068
2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071         b43_do_release_fw(&dev->fw.ucode);
2072         b43_do_release_fw(&dev->fw.pcm);
2073         b43_do_release_fw(&dev->fw.initvals);
2074         b43_do_release_fw(&dev->fw.initvals_band);
2075 }
2076
2077 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2078 {
2079         const char text[] =
2080                 "You must go to " \
2081                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2082                 "and download the correct firmware for this driver version. " \
2083                 "Please carefully read all instructions on this website.\n";
2084
2085         if (error)
2086                 b43err(wl, text);
2087         else
2088                 b43warn(wl, text);
2089 }
2090
2091 static void b43_fw_cb(const struct firmware *firmware, void *context)
2092 {
2093         struct b43_request_fw_context *ctx = context;
2094
2095         ctx->blob = firmware;
2096         complete(&ctx->fw_load_complete);
2097 }
2098
2099 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2100                       const char *name,
2101                       struct b43_firmware_file *fw, bool async)
2102 {
2103         struct b43_fw_header *hdr;
2104         u32 size;
2105         int err;
2106
2107         if (!name) {
2108                 /* Don't fetch anything. Free possibly cached firmware. */
2109                 /* FIXME: We should probably keep it anyway, to save some headache
2110                  * on suspend/resume with multiband devices. */
2111                 b43_do_release_fw(fw);
2112                 return 0;
2113         }
2114         if (fw->filename) {
2115                 if ((fw->type == ctx->req_type) &&
2116                     (strcmp(fw->filename, name) == 0))
2117                         return 0; /* Already have this fw. */
2118                 /* Free the cached firmware first. */
2119                 /* FIXME: We should probably do this later after we successfully
2120                  * got the new fw. This could reduce headache with multiband devices.
2121                  * We could also redesign this to cache the firmware for all possible
2122                  * bands all the time. */
2123                 b43_do_release_fw(fw);
2124         }
2125
2126         switch (ctx->req_type) {
2127         case B43_FWTYPE_PROPRIETARY:
2128                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2129                          "b43%s/%s.fw",
2130                          modparam_fwpostfix, name);
2131                 break;
2132         case B43_FWTYPE_OPENSOURCE:
2133                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2134                          "b43-open%s/%s.fw",
2135                          modparam_fwpostfix, name);
2136                 break;
2137         default:
2138                 B43_WARN_ON(1);
2139                 return -ENOSYS;
2140         }
2141         if (async) {
2142                 /* do this part asynchronously */
2143                 init_completion(&ctx->fw_load_complete);
2144                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2145                                               ctx->dev->dev->dev, GFP_KERNEL,
2146                                               ctx, b43_fw_cb);
2147                 if (err < 0) {
2148                         pr_err("Unable to load firmware\n");
2149                         return err;
2150                 }
2151                 /* stall here until fw ready */
2152                 wait_for_completion(&ctx->fw_load_complete);
2153                 if (ctx->blob)
2154                         goto fw_ready;
2155         /* On some ARM systems, the async request will fail, but the next sync
2156          * request works. For this reason, we dall through here
2157          */
2158         }
2159         err = request_firmware(&ctx->blob, ctx->fwname,
2160                                ctx->dev->dev->dev);
2161         if (err == -ENOENT) {
2162                 snprintf(ctx->errors[ctx->req_type],
2163                          sizeof(ctx->errors[ctx->req_type]),
2164                          "Firmware file \"%s\" not found\n",
2165                          ctx->fwname);
2166                 return err;
2167         } else if (err) {
2168                 snprintf(ctx->errors[ctx->req_type],
2169                          sizeof(ctx->errors[ctx->req_type]),
2170                          "Firmware file \"%s\" request failed (err=%d)\n",
2171                          ctx->fwname, err);
2172                 return err;
2173         }
2174 fw_ready:
2175         if (ctx->blob->size < sizeof(struct b43_fw_header))
2176                 goto err_format;
2177         hdr = (struct b43_fw_header *)(ctx->blob->data);
2178         switch (hdr->type) {
2179         case B43_FW_TYPE_UCODE:
2180         case B43_FW_TYPE_PCM:
2181                 size = be32_to_cpu(hdr->size);
2182                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2183                         goto err_format;
2184                 /* fallthrough */
2185         case B43_FW_TYPE_IV:
2186                 if (hdr->ver != 1)
2187                         goto err_format;
2188                 break;
2189         default:
2190                 goto err_format;
2191         }
2192
2193         fw->data = ctx->blob;
2194         fw->filename = name;
2195         fw->type = ctx->req_type;
2196
2197         return 0;
2198
2199 err_format:
2200         snprintf(ctx->errors[ctx->req_type],
2201                  sizeof(ctx->errors[ctx->req_type]),
2202                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2203         release_firmware(ctx->blob);
2204
2205         return -EPROTO;
2206 }
2207
2208 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2209 {
2210         struct b43_wldev *dev = ctx->dev;
2211         struct b43_firmware *fw = &ctx->dev->fw;
2212         const u8 rev = ctx->dev->dev->core_rev;
2213         const char *filename;
2214         u32 tmshigh;
2215         int err;
2216
2217         /* Files for HT and LCN were found by trying one by one */
2218
2219         /* Get microcode */
2220         if ((rev >= 5) && (rev <= 10)) {
2221                 filename = "ucode5";
2222         } else if ((rev >= 11) && (rev <= 12)) {
2223                 filename = "ucode11";
2224         } else if (rev == 13) {
2225                 filename = "ucode13";
2226         } else if (rev == 14) {
2227                 filename = "ucode14";
2228         } else if (rev == 15) {
2229                 filename = "ucode15";
2230         } else {
2231                 switch (dev->phy.type) {
2232                 case B43_PHYTYPE_N:
2233                         if (rev >= 16)
2234                                 filename = "ucode16_mimo";
2235                         else
2236                                 goto err_no_ucode;
2237                         break;
2238                 case B43_PHYTYPE_HT:
2239                         if (rev == 29)
2240                                 filename = "ucode29_mimo";
2241                         else
2242                                 goto err_no_ucode;
2243                         break;
2244                 case B43_PHYTYPE_LCN:
2245                         if (rev == 24)
2246                                 filename = "ucode24_mimo";
2247                         else
2248                                 goto err_no_ucode;
2249                         break;
2250                 default:
2251                         goto err_no_ucode;
2252                 }
2253         }
2254         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2255         if (err)
2256                 goto err_load;
2257
2258         /* Get PCM code */
2259         if ((rev >= 5) && (rev <= 10))
2260                 filename = "pcm5";
2261         else if (rev >= 11)
2262                 filename = NULL;
2263         else
2264                 goto err_no_pcm;
2265         fw->pcm_request_failed = false;
2266         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2267         if (err == -ENOENT) {
2268                 /* We did not find a PCM file? Not fatal, but
2269                  * core rev <= 10 must do without hwcrypto then. */
2270                 fw->pcm_request_failed = true;
2271         } else if (err)
2272                 goto err_load;
2273
2274         /* Get initvals */
2275         switch (dev->phy.type) {
2276         case B43_PHYTYPE_A:
2277                 if ((rev >= 5) && (rev <= 10)) {
2278                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2279                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2280                                 filename = "a0g1initvals5";
2281                         else
2282                                 filename = "a0g0initvals5";
2283                 } else
2284                         goto err_no_initvals;
2285                 break;
2286         case B43_PHYTYPE_G:
2287                 if ((rev >= 5) && (rev <= 10))
2288                         filename = "b0g0initvals5";
2289                 else if (rev >= 13)
2290                         filename = "b0g0initvals13";
2291                 else
2292                         goto err_no_initvals;
2293                 break;
2294         case B43_PHYTYPE_N:
2295                 if (rev >= 16)
2296                         filename = "n0initvals16";
2297                 else if ((rev >= 11) && (rev <= 12))
2298                         filename = "n0initvals11";
2299                 else
2300                         goto err_no_initvals;
2301                 break;
2302         case B43_PHYTYPE_LP:
2303                 if (rev == 13)
2304                         filename = "lp0initvals13";
2305                 else if (rev == 14)
2306                         filename = "lp0initvals14";
2307                 else if (rev >= 15)
2308                         filename = "lp0initvals15";
2309                 else
2310                         goto err_no_initvals;
2311                 break;
2312         case B43_PHYTYPE_HT:
2313                 if (rev == 29)
2314                         filename = "ht0initvals29";
2315                 else
2316                         goto err_no_initvals;
2317                 break;
2318         case B43_PHYTYPE_LCN:
2319                 if (rev == 24)
2320                         filename = "lcn0initvals24";
2321                 else
2322                         goto err_no_initvals;
2323                 break;
2324         default:
2325                 goto err_no_initvals;
2326         }
2327         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2328         if (err)
2329                 goto err_load;
2330
2331         /* Get bandswitch initvals */
2332         switch (dev->phy.type) {
2333         case B43_PHYTYPE_A:
2334                 if ((rev >= 5) && (rev <= 10)) {
2335                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2336                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2337                                 filename = "a0g1bsinitvals5";
2338                         else
2339                                 filename = "a0g0bsinitvals5";
2340                 } else if (rev >= 11)
2341                         filename = NULL;
2342                 else
2343                         goto err_no_initvals;
2344                 break;
2345         case B43_PHYTYPE_G:
2346                 if ((rev >= 5) && (rev <= 10))
2347                         filename = "b0g0bsinitvals5";
2348                 else if (rev >= 11)
2349                         filename = NULL;
2350                 else
2351                         goto err_no_initvals;
2352                 break;
2353         case B43_PHYTYPE_N:
2354                 if (rev >= 16)
2355                         filename = "n0bsinitvals16";
2356                 else if ((rev >= 11) && (rev <= 12))
2357                         filename = "n0bsinitvals11";
2358                 else
2359                         goto err_no_initvals;
2360                 break;
2361         case B43_PHYTYPE_LP:
2362                 if (rev == 13)
2363                         filename = "lp0bsinitvals13";
2364                 else if (rev == 14)
2365                         filename = "lp0bsinitvals14";
2366                 else if (rev >= 15)
2367                         filename = "lp0bsinitvals15";
2368                 else
2369                         goto err_no_initvals;
2370                 break;
2371         case B43_PHYTYPE_HT:
2372                 if (rev == 29)
2373                         filename = "ht0bsinitvals29";
2374                 else
2375                         goto err_no_initvals;
2376                 break;
2377         case B43_PHYTYPE_LCN:
2378                 if (rev == 24)
2379                         filename = "lcn0bsinitvals24";
2380                 else
2381                         goto err_no_initvals;
2382                 break;
2383         default:
2384                 goto err_no_initvals;
2385         }
2386         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2387         if (err)
2388                 goto err_load;
2389
2390         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2391
2392         return 0;
2393
2394 err_no_ucode:
2395         err = ctx->fatal_failure = -EOPNOTSUPP;
2396         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2397                "is required for your device (wl-core rev %u)\n", rev);
2398         goto error;
2399
2400 err_no_pcm:
2401         err = ctx->fatal_failure = -EOPNOTSUPP;
2402         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2403                "is required for your device (wl-core rev %u)\n", rev);
2404         goto error;
2405
2406 err_no_initvals:
2407         err = ctx->fatal_failure = -EOPNOTSUPP;
2408         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2409                "is required for your device (wl-core rev %u)\n", rev);
2410         goto error;
2411
2412 err_load:
2413         /* We failed to load this firmware image. The error message
2414          * already is in ctx->errors. Return and let our caller decide
2415          * what to do. */
2416         goto error;
2417
2418 error:
2419         b43_release_firmware(dev);
2420         return err;
2421 }
2422
2423 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2424 static void b43_one_core_detach(struct b43_bus_dev *dev);
2425
2426 static void b43_request_firmware(struct work_struct *work)
2427 {
2428         struct b43_wl *wl = container_of(work,
2429                             struct b43_wl, firmware_load);
2430         struct b43_wldev *dev = wl->current_dev;
2431         struct b43_request_fw_context *ctx;
2432         unsigned int i;
2433         int err;
2434         const char *errmsg;
2435
2436         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2437         if (!ctx)
2438                 return;
2439         ctx->dev = dev;
2440
2441         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2442         err = b43_try_request_fw(ctx);
2443         if (!err)
2444                 goto start_ieee80211; /* Successfully loaded it. */
2445         /* Was fw version known? */
2446         if (ctx->fatal_failure)
2447                 goto out;
2448
2449         /* proprietary fw not found, try open source */
2450         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2451         err = b43_try_request_fw(ctx);
2452         if (!err)
2453                 goto start_ieee80211; /* Successfully loaded it. */
2454         if(ctx->fatal_failure)
2455                 goto out;
2456
2457         /* Could not find a usable firmware. Print the errors. */
2458         for (i = 0; i < B43_NR_FWTYPES; i++) {
2459                 errmsg = ctx->errors[i];
2460                 if (strlen(errmsg))
2461                         b43err(dev->wl, errmsg);
2462         }
2463         b43_print_fw_helptext(dev->wl, 1);
2464         goto out;
2465
2466 start_ieee80211:
2467         wl->hw->queues = B43_QOS_QUEUE_NUM;
2468         if (!modparam_qos || dev->fw.opensource)
2469                 wl->hw->queues = 1;
2470
2471         err = ieee80211_register_hw(wl->hw);
2472         if (err)
2473                 goto err_one_core_detach;
2474         wl->hw_registred = true;
2475         b43_leds_register(wl->current_dev);
2476         goto out;
2477
2478 err_one_core_detach:
2479         b43_one_core_detach(dev->dev);
2480
2481 out:
2482         kfree(ctx);
2483 }
2484
2485 static int b43_upload_microcode(struct b43_wldev *dev)
2486 {
2487         struct wiphy *wiphy = dev->wl->hw->wiphy;
2488         const size_t hdr_len = sizeof(struct b43_fw_header);
2489         const __be32 *data;
2490         unsigned int i, len;
2491         u16 fwrev, fwpatch, fwdate, fwtime;
2492         u32 tmp, macctl;
2493         int err = 0;
2494
2495         /* Jump the microcode PSM to offset 0 */
2496         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2497         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2498         macctl |= B43_MACCTL_PSM_JMP0;
2499         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2500         /* Zero out all microcode PSM registers and shared memory. */
2501         for (i = 0; i < 64; i++)
2502                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2503         for (i = 0; i < 4096; i += 2)
2504                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2505
2506         /* Upload Microcode. */
2507         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2508         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2509         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2510         for (i = 0; i < len; i++) {
2511                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2512                 udelay(10);
2513         }
2514
2515         if (dev->fw.pcm.data) {
2516                 /* Upload PCM data. */
2517                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2518                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2519                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2520                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2521                 /* No need for autoinc bit in SHM_HW */
2522                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2523                 for (i = 0; i < len; i++) {
2524                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2525                         udelay(10);
2526                 }
2527         }
2528
2529         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2530
2531         /* Start the microcode PSM */
2532         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2533                       B43_MACCTL_PSM_RUN);
2534
2535         /* Wait for the microcode to load and respond */
2536         i = 0;
2537         while (1) {
2538                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2539                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2540                         break;
2541                 i++;
2542                 if (i >= 20) {
2543                         b43err(dev->wl, "Microcode not responding\n");
2544                         b43_print_fw_helptext(dev->wl, 1);
2545                         err = -ENODEV;
2546                         goto error;
2547                 }
2548                 msleep(50);
2549         }
2550         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2551
2552         /* Get and check the revisions. */
2553         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2554         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2555         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2556         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2557
2558         if (fwrev <= 0x128) {
2559                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2560                        "binary drivers older than version 4.x is unsupported. "
2561                        "You must upgrade your firmware files.\n");
2562                 b43_print_fw_helptext(dev->wl, 1);
2563                 err = -EOPNOTSUPP;
2564                 goto error;
2565         }
2566         dev->fw.rev = fwrev;
2567         dev->fw.patch = fwpatch;
2568         if (dev->fw.rev >= 598)
2569                 dev->fw.hdr_format = B43_FW_HDR_598;
2570         else if (dev->fw.rev >= 410)
2571                 dev->fw.hdr_format = B43_FW_HDR_410;
2572         else
2573                 dev->fw.hdr_format = B43_FW_HDR_351;
2574         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2575
2576         dev->qos_enabled = dev->wl->hw->queues > 1;
2577         /* Default to firmware/hardware crypto acceleration. */
2578         dev->hwcrypto_enabled = true;
2579
2580         if (dev->fw.opensource) {
2581                 u16 fwcapa;
2582
2583                 /* Patchlevel info is encoded in the "time" field. */
2584                 dev->fw.patch = fwtime;
2585                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2586                         dev->fw.rev, dev->fw.patch);
2587
2588                 fwcapa = b43_fwcapa_read(dev);
2589                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2590                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2591                         /* Disable hardware crypto and fall back to software crypto. */
2592                         dev->hwcrypto_enabled = false;
2593                 }
2594                 /* adding QoS support should use an offline discovery mechanism */
2595                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2596         } else {
2597                 b43info(dev->wl, "Loading firmware version %u.%u "
2598                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2599                         fwrev, fwpatch,
2600                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2601                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2602                 if (dev->fw.pcm_request_failed) {
2603                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2604                                 "Hardware accelerated cryptography is disabled.\n");
2605                         b43_print_fw_helptext(dev->wl, 0);
2606                 }
2607         }
2608
2609         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2610                         dev->fw.rev, dev->fw.patch);
2611         wiphy->hw_version = dev->dev->core_id;
2612
2613         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2614                 /* We're over the deadline, but we keep support for old fw
2615                  * until it turns out to be in major conflict with something new. */
2616                 b43warn(dev->wl, "You are using an old firmware image. "
2617                         "Support for old firmware will be removed soon "
2618                         "(official deadline was July 2008).\n");
2619                 b43_print_fw_helptext(dev->wl, 0);
2620         }
2621
2622         return 0;
2623
2624 error:
2625         /* Stop the microcode PSM. */
2626         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2627                       B43_MACCTL_PSM_JMP0);
2628
2629         return err;
2630 }
2631
2632 static int b43_write_initvals(struct b43_wldev *dev,
2633                               const struct b43_iv *ivals,
2634                               size_t count,
2635                               size_t array_size)
2636 {
2637         const struct b43_iv *iv;
2638         u16 offset;
2639         size_t i;
2640         bool bit32;
2641
2642         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2643         iv = ivals;
2644         for (i = 0; i < count; i++) {
2645                 if (array_size < sizeof(iv->offset_size))
2646                         goto err_format;
2647                 array_size -= sizeof(iv->offset_size);
2648                 offset = be16_to_cpu(iv->offset_size);
2649                 bit32 = !!(offset & B43_IV_32BIT);
2650                 offset &= B43_IV_OFFSET_MASK;
2651                 if (offset >= 0x1000)
2652                         goto err_format;
2653                 if (bit32) {
2654                         u32 value;
2655
2656                         if (array_size < sizeof(iv->data.d32))
2657                                 goto err_format;
2658                         array_size -= sizeof(iv->data.d32);
2659
2660                         value = get_unaligned_be32(&iv->data.d32);
2661                         b43_write32(dev, offset, value);
2662
2663                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2664                                                         sizeof(__be16) +
2665                                                         sizeof(__be32));
2666                 } else {
2667                         u16 value;
2668
2669                         if (array_size < sizeof(iv->data.d16))
2670                                 goto err_format;
2671                         array_size -= sizeof(iv->data.d16);
2672
2673                         value = be16_to_cpu(iv->data.d16);
2674                         b43_write16(dev, offset, value);
2675
2676                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2677                                                         sizeof(__be16) +
2678                                                         sizeof(__be16));
2679                 }
2680         }
2681         if (array_size)
2682                 goto err_format;
2683
2684         return 0;
2685
2686 err_format:
2687         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2688         b43_print_fw_helptext(dev->wl, 1);
2689
2690         return -EPROTO;
2691 }
2692
2693 static int b43_upload_initvals(struct b43_wldev *dev)
2694 {
2695         const size_t hdr_len = sizeof(struct b43_fw_header);
2696         const struct b43_fw_header *hdr;
2697         struct b43_firmware *fw = &dev->fw;
2698         const struct b43_iv *ivals;
2699         size_t count;
2700         int err;
2701
2702         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2703         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2704         count = be32_to_cpu(hdr->size);
2705         err = b43_write_initvals(dev, ivals, count,
2706                                  fw->initvals.data->size - hdr_len);
2707         if (err)
2708                 goto out;
2709         if (fw->initvals_band.data) {
2710                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2711                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2712                 count = be32_to_cpu(hdr->size);
2713                 err = b43_write_initvals(dev, ivals, count,
2714                                          fw->initvals_band.data->size - hdr_len);
2715                 if (err)
2716                         goto out;
2717         }
2718 out:
2719
2720         return err;
2721 }
2722
2723 /* Initialize the GPIOs
2724  * http://bcm-specs.sipsolutions.net/GPIO
2725  */
2726 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2727 {
2728         struct ssb_bus *bus = dev->dev->sdev->bus;
2729
2730 #ifdef CONFIG_SSB_DRIVER_PCICORE
2731         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2732 #else
2733         return bus->chipco.dev;
2734 #endif
2735 }
2736
2737 static int b43_gpio_init(struct b43_wldev *dev)
2738 {
2739         struct ssb_device *gpiodev;
2740         u32 mask, set;
2741
2742         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2743         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2744
2745         mask = 0x0000001F;
2746         set = 0x0000000F;
2747         if (dev->dev->chip_id == 0x4301) {
2748                 mask |= 0x0060;
2749                 set |= 0x0060;
2750         } else if (dev->dev->chip_id == 0x5354) {
2751                 /* Don't allow overtaking buttons GPIOs */
2752                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2753         }
2754
2755         if (0 /* FIXME: conditional unknown */ ) {
2756                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2757                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2758                             | 0x0100);
2759                 /* BT Coexistance Input */
2760                 mask |= 0x0080;
2761                 set |= 0x0080;
2762                 /* BT Coexistance Out */
2763                 mask |= 0x0100;
2764                 set |= 0x0100;
2765         }
2766         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2767                 /* PA is controlled by gpio 9, let ucode handle it */
2768                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2769                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2770                             | 0x0200);
2771                 mask |= 0x0200;
2772                 set |= 0x0200;
2773         }
2774
2775         switch (dev->dev->bus_type) {
2776 #ifdef CONFIG_B43_BCMA
2777         case B43_BUS_BCMA:
2778                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2779                                 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2780                                         BCMA_CC_GPIOCTL) & ~mask) | set);
2781                 break;
2782 #endif
2783 #ifdef CONFIG_B43_SSB
2784         case B43_BUS_SSB:
2785                 gpiodev = b43_ssb_gpio_dev(dev);
2786                 if (gpiodev)
2787                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2788                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2789                                     & ~mask) | set);
2790                 break;
2791 #endif
2792         }
2793
2794         return 0;
2795 }
2796
2797 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2798 static void b43_gpio_cleanup(struct b43_wldev *dev)
2799 {
2800         struct ssb_device *gpiodev;
2801
2802         switch (dev->dev->bus_type) {
2803 #ifdef CONFIG_B43_BCMA
2804         case B43_BUS_BCMA:
2805                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2806                                 0);
2807                 break;
2808 #endif
2809 #ifdef CONFIG_B43_SSB
2810         case B43_BUS_SSB:
2811                 gpiodev = b43_ssb_gpio_dev(dev);
2812                 if (gpiodev)
2813                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2814                 break;
2815 #endif
2816         }
2817 }
2818
2819 /* http://bcm-specs.sipsolutions.net/EnableMac */
2820 void b43_mac_enable(struct b43_wldev *dev)
2821 {
2822         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2823                 u16 fwstate;
2824
2825                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2826                                          B43_SHM_SH_UCODESTAT);
2827                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2828                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2829                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2830                                "should be suspended, but current state is %u\n",
2831                                fwstate);
2832                 }
2833         }
2834
2835         dev->mac_suspended--;
2836         B43_WARN_ON(dev->mac_suspended < 0);
2837         if (dev->mac_suspended == 0) {
2838                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2839                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2840                             B43_IRQ_MAC_SUSPENDED);
2841                 /* Commit writes */
2842                 b43_read32(dev, B43_MMIO_MACCTL);
2843                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2844                 b43_power_saving_ctl_bits(dev, 0);
2845         }
2846 }
2847
2848 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2849 void b43_mac_suspend(struct b43_wldev *dev)
2850 {
2851         int i;
2852         u32 tmp;
2853
2854         might_sleep();
2855         B43_WARN_ON(dev->mac_suspended < 0);
2856
2857         if (dev->mac_suspended == 0) {
2858                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2859                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2860                 /* force pci to flush the write */
2861                 b43_read32(dev, B43_MMIO_MACCTL);
2862                 for (i = 35; i; i--) {
2863                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2864                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2865                                 goto out;
2866                         udelay(10);
2867                 }
2868                 /* Hm, it seems this will take some time. Use msleep(). */
2869                 for (i = 40; i; i--) {
2870                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2871                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2872                                 goto out;
2873                         msleep(1);
2874                 }
2875                 b43err(dev->wl, "MAC suspend failed\n");
2876         }
2877 out:
2878         dev->mac_suspended++;
2879 }
2880
2881 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2882 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2883 {
2884         u32 tmp;
2885
2886         switch (dev->dev->bus_type) {
2887 #ifdef CONFIG_B43_BCMA
2888         case B43_BUS_BCMA:
2889                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2890                 if (on)
2891                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2892                 else
2893                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2894                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2895                 break;
2896 #endif
2897 #ifdef CONFIG_B43_SSB
2898         case B43_BUS_SSB:
2899                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2900                 if (on)
2901                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2902                 else
2903                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2904                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2905                 break;
2906 #endif
2907         }
2908 }
2909
2910 static void b43_adjust_opmode(struct b43_wldev *dev)
2911 {
2912         struct b43_wl *wl = dev->wl;
2913         u32 ctl;
2914         u16 cfp_pretbtt;
2915
2916         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2917         /* Reset status to STA infrastructure mode. */
2918         ctl &= ~B43_MACCTL_AP;
2919         ctl &= ~B43_MACCTL_KEEP_CTL;
2920         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2921         ctl &= ~B43_MACCTL_KEEP_BAD;
2922         ctl &= ~B43_MACCTL_PROMISC;
2923         ctl &= ~B43_MACCTL_BEACPROMISC;
2924         ctl |= B43_MACCTL_INFRA;
2925
2926         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2927             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2928                 ctl |= B43_MACCTL_AP;
2929         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2930                 ctl &= ~B43_MACCTL_INFRA;
2931
2932         if (wl->filter_flags & FIF_CONTROL)
2933                 ctl |= B43_MACCTL_KEEP_CTL;
2934         if (wl->filter_flags & FIF_FCSFAIL)
2935                 ctl |= B43_MACCTL_KEEP_BAD;
2936         if (wl->filter_flags & FIF_PLCPFAIL)
2937                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2938         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2939                 ctl |= B43_MACCTL_PROMISC;
2940         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2941                 ctl |= B43_MACCTL_BEACPROMISC;
2942
2943         /* Workaround: On old hardware the HW-MAC-address-filter
2944          * doesn't work properly, so always run promisc in filter
2945          * it in software. */
2946         if (dev->dev->core_rev <= 4)
2947                 ctl |= B43_MACCTL_PROMISC;
2948
2949         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2950
2951         cfp_pretbtt = 2;
2952         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2953                 if (dev->dev->chip_id == 0x4306 &&
2954                     dev->dev->chip_rev == 3)
2955                         cfp_pretbtt = 100;
2956                 else
2957                         cfp_pretbtt = 50;
2958         }
2959         b43_write16(dev, 0x612, cfp_pretbtt);
2960
2961         /* FIXME: We don't currently implement the PMQ mechanism,
2962          *        so always disable it. If we want to implement PMQ,
2963          *        we need to enable it here (clear DISCPMQ) in AP mode.
2964          */
2965         if (0  /* ctl & B43_MACCTL_AP */)
2966                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2967         else
2968                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2969 }
2970
2971 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2972 {
2973         u16 offset;
2974
2975         if (is_ofdm) {
2976                 offset = 0x480;
2977                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2978         } else {
2979                 offset = 0x4C0;
2980                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2981         }
2982         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2983                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2984 }
2985
2986 static void b43_rate_memory_init(struct b43_wldev *dev)
2987 {
2988         switch (dev->phy.type) {
2989         case B43_PHYTYPE_A:
2990         case B43_PHYTYPE_G:
2991         case B43_PHYTYPE_N:
2992         case B43_PHYTYPE_LP:
2993         case B43_PHYTYPE_HT:
2994         case B43_PHYTYPE_LCN:
2995                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2996                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2997                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2998                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2999                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3001                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3002                 if (dev->phy.type == B43_PHYTYPE_A)
3003                         break;
3004                 /* fallthrough */
3005         case B43_PHYTYPE_B:
3006                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3007                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3008                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3009                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3010                 break;
3011         default:
3012                 B43_WARN_ON(1);
3013         }
3014 }
3015
3016 /* Set the default values for the PHY TX Control Words. */
3017 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3018 {
3019         u16 ctl = 0;
3020
3021         ctl |= B43_TXH_PHY_ENC_CCK;
3022         ctl |= B43_TXH_PHY_ANT01AUTO;
3023         ctl |= B43_TXH_PHY_TXPWR;
3024
3025         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3026         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3027         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3028 }
3029
3030 /* Set the TX-Antenna for management frames sent by firmware. */
3031 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3032 {
3033         u16 ant;
3034         u16 tmp;
3035
3036         ant = b43_antenna_to_phyctl(antenna);
3037
3038         /* For ACK/CTS */
3039         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3040         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3041         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3042         /* For Probe Resposes */
3043         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3044         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3045         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3046 }
3047
3048 /* This is the opposite of b43_chip_init() */
3049 static void b43_chip_exit(struct b43_wldev *dev)
3050 {
3051         b43_phy_exit(dev);
3052         b43_gpio_cleanup(dev);
3053         /* firmware is released later */
3054 }
3055
3056 /* Initialize the chip
3057  * http://bcm-specs.sipsolutions.net/ChipInit
3058  */
3059 static int b43_chip_init(struct b43_wldev *dev)
3060 {
3061         struct b43_phy *phy = &dev->phy;
3062         int err;
3063         u32 macctl;
3064         u16 value16;
3065
3066         /* Initialize the MAC control */
3067         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3068         if (dev->phy.gmode)
3069                 macctl |= B43_MACCTL_GMODE;
3070         macctl |= B43_MACCTL_INFRA;
3071         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3072
3073         err = b43_upload_microcode(dev);
3074         if (err)
3075                 goto out;       /* firmware is released later */
3076
3077         err = b43_gpio_init(dev);
3078         if (err)
3079                 goto out;       /* firmware is released later */
3080
3081         err = b43_upload_initvals(dev);
3082         if (err)
3083                 goto err_gpio_clean;
3084
3085         /* Turn the Analog on and initialize the PHY. */
3086         phy->ops->switch_analog(dev, 1);
3087         err = b43_phy_init(dev);
3088         if (err)
3089                 goto err_gpio_clean;
3090
3091         /* Disable Interference Mitigation. */
3092         if (phy->ops->interf_mitigation)
3093                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3094
3095         /* Select the antennae */
3096         if (phy->ops->set_rx_antenna)
3097                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3098         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3099
3100         if (phy->type == B43_PHYTYPE_B) {
3101                 value16 = b43_read16(dev, 0x005E);
3102                 value16 |= 0x0004;
3103                 b43_write16(dev, 0x005E, value16);
3104         }
3105         b43_write32(dev, 0x0100, 0x01000000);
3106         if (dev->dev->core_rev < 5)
3107                 b43_write32(dev, 0x010C, 0x01000000);
3108
3109         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3110         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3111
3112         /* Probe Response Timeout value */
3113         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3114         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3115
3116         /* Initially set the wireless operation mode. */
3117         b43_adjust_opmode(dev);
3118
3119         if (dev->dev->core_rev < 3) {
3120                 b43_write16(dev, 0x060E, 0x0000);
3121                 b43_write16(dev, 0x0610, 0x8000);
3122                 b43_write16(dev, 0x0604, 0x0000);
3123                 b43_write16(dev, 0x0606, 0x0200);
3124         } else {
3125                 b43_write32(dev, 0x0188, 0x80000000);
3126                 b43_write32(dev, 0x018C, 0x02000000);
3127         }
3128         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3129         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3130         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3131         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3132         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3133         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3134         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3135
3136         b43_mac_phy_clock_set(dev, true);
3137
3138         switch (dev->dev->bus_type) {
3139 #ifdef CONFIG_B43_BCMA
3140         case B43_BUS_BCMA:
3141                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3142                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3143                 break;
3144 #endif
3145 #ifdef CONFIG_B43_SSB
3146         case B43_BUS_SSB:
3147                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3148                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3149                 break;
3150 #endif
3151         }
3152
3153         err = 0;
3154         b43dbg(dev->wl, "Chip initialized\n");
3155 out:
3156         return err;
3157
3158 err_gpio_clean:
3159         b43_gpio_cleanup(dev);
3160         return err;
3161 }
3162
3163 static void b43_periodic_every60sec(struct b43_wldev *dev)
3164 {
3165         const struct b43_phy_operations *ops = dev->phy.ops;
3166
3167         if (ops->pwork_60sec)
3168                 ops->pwork_60sec(dev);
3169
3170         /* Force check the TX power emission now. */
3171         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3172 }
3173
3174 static void b43_periodic_every30sec(struct b43_wldev *dev)
3175 {
3176         /* Update device statistics. */
3177         b43_calculate_link_quality(dev);
3178 }
3179
3180 static void b43_periodic_every15sec(struct b43_wldev *dev)
3181 {
3182         struct b43_phy *phy = &dev->phy;
3183         u16 wdr;
3184
3185         if (dev->fw.opensource) {
3186                 /* Check if the firmware is still alive.
3187                  * It will reset the watchdog counter to 0 in its idle loop. */
3188                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3189                 if (unlikely(wdr)) {
3190                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3191                         b43_controller_restart(dev, "Firmware watchdog");
3192                         return;
3193                 } else {
3194                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3195                                         B43_WATCHDOG_REG, 1);
3196                 }
3197         }
3198
3199         if (phy->ops->pwork_15sec)
3200                 phy->ops->pwork_15sec(dev);
3201
3202         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3203         wmb();
3204
3205 #if B43_DEBUG
3206         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3207                 unsigned int i;
3208
3209                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3210                        dev->irq_count / 15,
3211                        dev->tx_count / 15,
3212                        dev->rx_count / 15);
3213                 dev->irq_count = 0;
3214                 dev->tx_count = 0;
3215                 dev->rx_count = 0;
3216                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3217                         if (dev->irq_bit_count[i]) {
3218                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3219                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3220                                 dev->irq_bit_count[i] = 0;
3221                         }
3222                 }
3223         }
3224 #endif
3225 }
3226
3227 static void do_periodic_work(struct b43_wldev *dev)
3228 {
3229         unsigned int state;
3230
3231         state = dev->periodic_state;
3232         if (state % 4 == 0)
3233                 b43_periodic_every60sec(dev);
3234         if (state % 2 == 0)
3235                 b43_periodic_every30sec(dev);
3236         b43_periodic_every15sec(dev);
3237 }
3238
3239 /* Periodic work locking policy:
3240  *      The whole periodic work handler is protected by
3241  *      wl->mutex. If another lock is needed somewhere in the
3242  *      pwork callchain, it's acquired in-place, where it's needed.
3243  */
3244 static void b43_periodic_work_handler(struct work_struct *work)
3245 {
3246         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3247                                              periodic_work.work);
3248         struct b43_wl *wl = dev->wl;
3249         unsigned long delay;
3250
3251         mutex_lock(&wl->mutex);
3252
3253         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3254                 goto out;
3255         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3256                 goto out_requeue;
3257
3258         do_periodic_work(dev);
3259
3260         dev->periodic_state++;
3261 out_requeue:
3262         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3263                 delay = msecs_to_jiffies(50);
3264         else
3265                 delay = round_jiffies_relative(HZ * 15);
3266         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3267 out:
3268         mutex_unlock(&wl->mutex);
3269 }
3270
3271 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3272 {
3273         struct delayed_work *work = &dev->periodic_work;
3274
3275         dev->periodic_state = 0;
3276         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3277         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3278 }
3279
3280 /* Check if communication with the device works correctly. */
3281 static int b43_validate_chipaccess(struct b43_wldev *dev)
3282 {
3283         u32 v, backup0, backup4;
3284
3285         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3286         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3287
3288         /* Check for read/write and endianness problems. */
3289         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3290         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3291                 goto error;
3292         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3293         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3294                 goto error;
3295
3296         /* Check if unaligned 32bit SHM_SHARED access works properly.
3297          * However, don't bail out on failure, because it's noncritical. */
3298         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3299         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3300         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3301         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3302         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3303                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3304         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3305         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3306             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3307             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3308             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3309                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3310
3311         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3312         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3313
3314         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3315                 /* The 32bit register shadows the two 16bit registers
3316                  * with update sideeffects. Validate this. */
3317                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3318                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3319                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3320                         goto error;
3321                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3322                         goto error;
3323         }
3324         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3325
3326         v = b43_read32(dev, B43_MMIO_MACCTL);
3327         v |= B43_MACCTL_GMODE;
3328         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3329                 goto error;
3330
3331         return 0;
3332 error:
3333         b43err(dev->wl, "Failed to validate the chipaccess\n");
3334         return -ENODEV;
3335 }
3336
3337 static void b43_security_init(struct b43_wldev *dev)
3338 {
3339         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3340         /* KTP is a word address, but we address SHM bytewise.
3341          * So multiply by two.
3342          */
3343         dev->ktp *= 2;
3344         /* Number of RCMTA address slots */
3345         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3346         /* Clear the key memory. */
3347         b43_clear_keys(dev);
3348 }
3349
3350 #ifdef CONFIG_B43_HWRNG
3351 static int b43_rng_read(struct hwrng *rng, u32 *data)
3352 {
3353         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3354         struct b43_wldev *dev;
3355         int count = -ENODEV;
3356
3357         mutex_lock(&wl->mutex);
3358         dev = wl->current_dev;
3359         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3360                 *data = b43_read16(dev, B43_MMIO_RNG);
3361                 count = sizeof(u16);
3362         }
3363         mutex_unlock(&wl->mutex);
3364
3365         return count;
3366 }
3367 #endif /* CONFIG_B43_HWRNG */
3368
3369 static void b43_rng_exit(struct b43_wl *wl)
3370 {
3371 #ifdef CONFIG_B43_HWRNG
3372         if (wl->rng_initialized)
3373                 hwrng_unregister(&wl->rng);
3374 #endif /* CONFIG_B43_HWRNG */
3375 }
3376
3377 static int b43_rng_init(struct b43_wl *wl)
3378 {
3379         int err = 0;
3380
3381 #ifdef CONFIG_B43_HWRNG
3382         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3383                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3384         wl->rng.name = wl->rng_name;
3385         wl->rng.data_read = b43_rng_read;
3386         wl->rng.priv = (unsigned long)wl;
3387         wl->rng_initialized = true;
3388         err = hwrng_register(&wl->rng);
3389         if (err) {
3390                 wl->rng_initialized = false;
3391                 b43err(wl, "Failed to register the random "
3392                        "number generator (%d)\n", err);
3393         }
3394 #endif /* CONFIG_B43_HWRNG */
3395
3396         return err;
3397 }
3398
3399 static void b43_tx_work(struct work_struct *work)
3400 {
3401         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3402         struct b43_wldev *dev;
3403         struct sk_buff *skb;
3404         int queue_num;
3405         int err = 0;
3406
3407         mutex_lock(&wl->mutex);
3408         dev = wl->current_dev;
3409         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3410                 mutex_unlock(&wl->mutex);
3411                 return;
3412         }
3413
3414         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3415                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3416                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3417                         if (b43_using_pio_transfers(dev))
3418                                 err = b43_pio_tx(dev, skb);
3419                         else
3420                                 err = b43_dma_tx(dev, skb);
3421                         if (err == -ENOSPC) {
3422                                 wl->tx_queue_stopped[queue_num] = 1;
3423                                 ieee80211_stop_queue(wl->hw, queue_num);
3424                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3425                                 break;
3426                         }
3427                         if (unlikely(err))
3428                                 ieee80211_free_txskb(wl->hw, skb);
3429                         err = 0;
3430                 }
3431
3432                 if (!err)
3433                         wl->tx_queue_stopped[queue_num] = 0;
3434         }
3435
3436 #if B43_DEBUG
3437         dev->tx_count++;
3438 #endif
3439         mutex_unlock(&wl->mutex);
3440 }
3441
3442 static void b43_op_tx(struct ieee80211_hw *hw,
3443                       struct ieee80211_tx_control *control,
3444                       struct sk_buff *skb)
3445 {
3446         struct b43_wl *wl = hw_to_b43_wl(hw);
3447
3448         if (unlikely(skb->len < 2 + 2 + 6)) {
3449                 /* Too short, this can't be a valid frame. */
3450                 ieee80211_free_txskb(hw, skb);
3451                 return;
3452         }
3453         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3454
3455         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3456         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3457                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3458         } else {
3459                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3460         }
3461 }
3462
3463 static void b43_qos_params_upload(struct b43_wldev *dev,
3464                                   const struct ieee80211_tx_queue_params *p,
3465                                   u16 shm_offset)
3466 {
3467         u16 params[B43_NR_QOSPARAMS];
3468         int bslots, tmp;
3469         unsigned int i;
3470
3471         if (!dev->qos_enabled)
3472                 return;
3473
3474         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3475
3476         memset(&params, 0, sizeof(params));
3477
3478         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3479         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3480         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3481         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3482         params[B43_QOSPARAM_AIFS] = p->aifs;
3483         params[B43_QOSPARAM_BSLOTS] = bslots;
3484         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3485
3486         for (i = 0; i < ARRAY_SIZE(params); i++) {
3487                 if (i == B43_QOSPARAM_STATUS) {
3488                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3489                                              shm_offset + (i * 2));
3490                         /* Mark the parameters as updated. */
3491                         tmp |= 0x100;
3492                         b43_shm_write16(dev, B43_SHM_SHARED,
3493                                         shm_offset + (i * 2),
3494                                         tmp);
3495                 } else {
3496                         b43_shm_write16(dev, B43_SHM_SHARED,
3497                                         shm_offset + (i * 2),
3498                                         params[i]);
3499                 }
3500         }
3501 }
3502
3503 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3504 static const u16 b43_qos_shm_offsets[] = {
3505         /* [mac80211-queue-nr] = SHM_OFFSET, */
3506         [0] = B43_QOS_VOICE,
3507         [1] = B43_QOS_VIDEO,
3508         [2] = B43_QOS_BESTEFFORT,
3509         [3] = B43_QOS_BACKGROUND,
3510 };
3511
3512 /* Update all QOS parameters in hardware. */
3513 static void b43_qos_upload_all(struct b43_wldev *dev)
3514 {
3515         struct b43_wl *wl = dev->wl;
3516         struct b43_qos_params *params;
3517         unsigned int i;
3518
3519         if (!dev->qos_enabled)
3520                 return;
3521
3522         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3523                      ARRAY_SIZE(wl->qos_params));
3524
3525         b43_mac_suspend(dev);
3526         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3527                 params = &(wl->qos_params[i]);
3528                 b43_qos_params_upload(dev, &(params->p),
3529                                       b43_qos_shm_offsets[i]);
3530         }
3531         b43_mac_enable(dev);
3532 }
3533
3534 static void b43_qos_clear(struct b43_wl *wl)
3535 {
3536         struct b43_qos_params *params;
3537         unsigned int i;
3538
3539         /* Initialize QoS parameters to sane defaults. */
3540
3541         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3542                      ARRAY_SIZE(wl->qos_params));
3543
3544         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3545                 params = &(wl->qos_params[i]);
3546
3547                 switch (b43_qos_shm_offsets[i]) {
3548                 case B43_QOS_VOICE:
3549                         params->p.txop = 0;
3550                         params->p.aifs = 2;
3551                         params->p.cw_min = 0x0001;
3552                         params->p.cw_max = 0x0001;
3553                         break;
3554                 case B43_QOS_VIDEO:
3555                         params->p.txop = 0;
3556                         params->p.aifs = 2;
3557                         params->p.cw_min = 0x0001;
3558                         params->p.cw_max = 0x0001;
3559                         break;
3560                 case B43_QOS_BESTEFFORT:
3561                         params->p.txop = 0;
3562                         params->p.aifs = 3;
3563                         params->p.cw_min = 0x0001;
3564                         params->p.cw_max = 0x03FF;
3565                         break;
3566                 case B43_QOS_BACKGROUND:
3567                         params->p.txop = 0;
3568                         params->p.aifs = 7;
3569                         params->p.cw_min = 0x0001;
3570                         params->p.cw_max = 0x03FF;
3571                         break;
3572                 default:
3573                         B43_WARN_ON(1);
3574                 }
3575         }
3576 }
3577
3578 /* Initialize the core's QOS capabilities */
3579 static void b43_qos_init(struct b43_wldev *dev)
3580 {
3581         if (!dev->qos_enabled) {
3582                 /* Disable QOS support. */
3583                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3584                 b43_write16(dev, B43_MMIO_IFSCTL,
3585                             b43_read16(dev, B43_MMIO_IFSCTL)
3586                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3587                 b43dbg(dev->wl, "QoS disabled\n");
3588                 return;
3589         }
3590
3591         /* Upload the current QOS parameters. */
3592         b43_qos_upload_all(dev);
3593
3594         /* Enable QOS support. */
3595         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3596         b43_write16(dev, B43_MMIO_IFSCTL,
3597                     b43_read16(dev, B43_MMIO_IFSCTL)
3598                     | B43_MMIO_IFSCTL_USE_EDCF);
3599         b43dbg(dev->wl, "QoS enabled\n");
3600 }
3601
3602 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3603                           struct ieee80211_vif *vif, u16 _queue,
3604                           const struct ieee80211_tx_queue_params *params)
3605 {
3606         struct b43_wl *wl = hw_to_b43_wl(hw);
3607         struct b43_wldev *dev;
3608         unsigned int queue = (unsigned int)_queue;
3609         int err = -ENODEV;
3610
3611         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3612                 /* Queue not available or don't support setting
3613                  * params on this queue. Return success to not
3614                  * confuse mac80211. */
3615                 return 0;
3616         }
3617         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3618                      ARRAY_SIZE(wl->qos_params));
3619
3620         mutex_lock(&wl->mutex);
3621         dev = wl->current_dev;
3622         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3623                 goto out_unlock;
3624
3625         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3626         b43_mac_suspend(dev);
3627         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3628                               b43_qos_shm_offsets[queue]);
3629         b43_mac_enable(dev);
3630         err = 0;
3631
3632 out_unlock:
3633         mutex_unlock(&wl->mutex);
3634
3635         return err;
3636 }
3637
3638 static int b43_op_get_stats(struct ieee80211_hw *hw,
3639                             struct ieee80211_low_level_stats *stats)
3640 {
3641         struct b43_wl *wl = hw_to_b43_wl(hw);
3642
3643         mutex_lock(&wl->mutex);
3644         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3645         mutex_unlock(&wl->mutex);
3646
3647         return 0;
3648 }
3649
3650 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3651 {
3652         struct b43_wl *wl = hw_to_b43_wl(hw);
3653         struct b43_wldev *dev;
3654         u64 tsf;
3655
3656         mutex_lock(&wl->mutex);
3657         dev = wl->current_dev;
3658
3659         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3660                 b43_tsf_read(dev, &tsf);
3661         else
3662                 tsf = 0;
3663
3664         mutex_unlock(&wl->mutex);
3665
3666         return tsf;
3667 }
3668
3669 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3670                            struct ieee80211_vif *vif, u64 tsf)
3671 {
3672         struct b43_wl *wl = hw_to_b43_wl(hw);
3673         struct b43_wldev *dev;
3674
3675         mutex_lock(&wl->mutex);
3676         dev = wl->current_dev;
3677
3678         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3679                 b43_tsf_write(dev, tsf);
3680
3681         mutex_unlock(&wl->mutex);
3682 }
3683
3684 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3685 {
3686         u32 tmp;
3687
3688         switch (dev->dev->bus_type) {
3689 #ifdef CONFIG_B43_BCMA
3690         case B43_BUS_BCMA:
3691                 b43err(dev->wl,
3692                        "Putting PHY into reset not supported on BCMA\n");
3693                 break;
3694 #endif
3695 #ifdef CONFIG_B43_SSB
3696         case B43_BUS_SSB:
3697                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3698                 tmp &= ~B43_TMSLOW_GMODE;
3699                 tmp |= B43_TMSLOW_PHYRESET;
3700                 tmp |= SSB_TMSLOW_FGC;
3701                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3702                 msleep(1);
3703
3704                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3705                 tmp &= ~SSB_TMSLOW_FGC;
3706                 tmp |= B43_TMSLOW_PHYRESET;
3707                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3708                 msleep(1);
3709
3710                 break;
3711 #endif
3712         }
3713 }
3714
3715 static const char *band_to_string(enum ieee80211_band band)
3716 {
3717         switch (band) {
3718         case IEEE80211_BAND_5GHZ:
3719                 return "5";
3720         case IEEE80211_BAND_2GHZ:
3721                 return "2.4";
3722         default:
3723                 break;
3724         }
3725         B43_WARN_ON(1);
3726         return "";
3727 }
3728
3729 /* Expects wl->mutex locked */
3730 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3731 {
3732         struct b43_wldev *up_dev = NULL;
3733         struct b43_wldev *down_dev;
3734         struct b43_wldev *d;
3735         int err;
3736         bool uninitialized_var(gmode);
3737         int prev_status;
3738
3739         /* Find a device and PHY which supports the band. */
3740         list_for_each_entry(d, &wl->devlist, list) {
3741                 switch (chan->band) {
3742                 case IEEE80211_BAND_5GHZ:
3743                         if (d->phy.supports_5ghz) {
3744                                 up_dev = d;
3745                                 gmode = false;
3746                         }
3747                         break;
3748                 case IEEE80211_BAND_2GHZ:
3749                         if (d->phy.supports_2ghz) {
3750                                 up_dev = d;
3751                                 gmode = true;
3752                         }
3753                         break;
3754                 default:
3755                         B43_WARN_ON(1);
3756                         return -EINVAL;
3757                 }
3758                 if (up_dev)
3759                         break;
3760         }
3761         if (!up_dev) {
3762                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3763                        band_to_string(chan->band));
3764                 return -ENODEV;
3765         }
3766         if ((up_dev == wl->current_dev) &&
3767             (!!wl->current_dev->phy.gmode == !!gmode)) {
3768                 /* This device is already running. */
3769                 return 0;
3770         }
3771         b43dbg(wl, "Switching to %s-GHz band\n",
3772                band_to_string(chan->band));
3773         down_dev = wl->current_dev;
3774
3775         prev_status = b43_status(down_dev);
3776         /* Shutdown the currently running core. */
3777         if (prev_status >= B43_STAT_STARTED)
3778                 down_dev = b43_wireless_core_stop(down_dev);
3779         if (prev_status >= B43_STAT_INITIALIZED)
3780                 b43_wireless_core_exit(down_dev);
3781
3782         if (down_dev != up_dev) {
3783                 /* We switch to a different core, so we put PHY into
3784                  * RESET on the old core. */
3785                 b43_put_phy_into_reset(down_dev);
3786         }
3787
3788         /* Now start the new core. */
3789         up_dev->phy.gmode = gmode;
3790         if (prev_status >= B43_STAT_INITIALIZED) {
3791                 err = b43_wireless_core_init(up_dev);
3792                 if (err) {
3793                         b43err(wl, "Fatal: Could not initialize device for "
3794                                "selected %s-GHz band\n",
3795                                band_to_string(chan->band));
3796                         goto init_failure;
3797                 }
3798         }
3799         if (prev_status >= B43_STAT_STARTED) {
3800                 err = b43_wireless_core_start(up_dev);
3801                 if (err) {
3802                         b43err(wl, "Fatal: Could not start device for "
3803                                "selected %s-GHz band\n",
3804                                band_to_string(chan->band));
3805                         b43_wireless_core_exit(up_dev);
3806                         goto init_failure;
3807                 }
3808         }
3809         B43_WARN_ON(b43_status(up_dev) != prev_status);
3810
3811         wl->current_dev = up_dev;
3812
3813         return 0;
3814 init_failure:
3815         /* Whoops, failed to init the new core. No core is operating now. */
3816         wl->current_dev = NULL;
3817         return err;
3818 }
3819
3820 /* Write the short and long frame retry limit values. */
3821 static void b43_set_retry_limits(struct b43_wldev *dev,
3822                                  unsigned int short_retry,
3823                                  unsigned int long_retry)
3824 {
3825         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3826          * the chip-internal counter. */
3827         short_retry = min(short_retry, (unsigned int)0xF);
3828         long_retry = min(long_retry, (unsigned int)0xF);
3829
3830         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3831                         short_retry);
3832         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3833                         long_retry);
3834 }
3835
3836 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3837 {
3838         struct b43_wl *wl = hw_to_b43_wl(hw);
3839         struct b43_wldev *dev;
3840         struct b43_phy *phy;
3841         struct ieee80211_conf *conf = &hw->conf;
3842         int antenna;
3843         int err = 0;
3844         bool reload_bss = false;
3845
3846         mutex_lock(&wl->mutex);
3847
3848         dev = wl->current_dev;
3849
3850         /* Switch the band (if necessary). This might change the active core. */
3851         err = b43_switch_band(wl, conf->channel);
3852         if (err)
3853                 goto out_unlock_mutex;
3854
3855         /* Need to reload all settings if the core changed */
3856         if (dev != wl->current_dev) {
3857                 dev = wl->current_dev;
3858                 changed = ~0;
3859                 reload_bss = true;
3860         }
3861
3862         phy = &dev->phy;
3863
3864         if (conf_is_ht(conf))
3865                 phy->is_40mhz =
3866                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3867         else
3868                 phy->is_40mhz = false;
3869
3870         b43_mac_suspend(dev);
3871
3872         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3873                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3874                                           conf->long_frame_max_tx_count);
3875         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3876         if (!changed)
3877                 goto out_mac_enable;
3878
3879         /* Switch to the requested channel.
3880          * The firmware takes care of races with the TX handler. */
3881         if (conf->channel->hw_value != phy->channel)
3882                 b43_switch_channel(dev, conf->channel->hw_value);
3883
3884         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3885
3886         /* Adjust the desired TX power level. */
3887         if (conf->power_level != 0) {
3888                 if (conf->power_level != phy->desired_txpower) {
3889                         phy->desired_txpower = conf->power_level;
3890                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3891                                                    B43_TXPWR_IGNORE_TSSI);
3892                 }
3893         }
3894
3895         /* Antennas for RX and management frame TX. */
3896         antenna = B43_ANTENNA_DEFAULT;
3897         b43_mgmtframe_txantenna(dev, antenna);
3898         antenna = B43_ANTENNA_DEFAULT;
3899         if (phy->ops->set_rx_antenna)
3900                 phy->ops->set_rx_antenna(dev, antenna);
3901
3902         if (wl->radio_enabled != phy->radio_on) {
3903                 if (wl->radio_enabled) {
3904                         b43_software_rfkill(dev, false);
3905                         b43info(dev->wl, "Radio turned on by software\n");
3906                         if (!dev->radio_hw_enable) {
3907                                 b43info(dev->wl, "The hardware RF-kill button "
3908                                         "still turns the radio physically off. "
3909                                         "Press the button to turn it on.\n");
3910                         }
3911                 } else {
3912                         b43_software_rfkill(dev, true);
3913                         b43info(dev->wl, "Radio turned off by software\n");
3914                 }
3915         }
3916
3917 out_mac_enable:
3918         b43_mac_enable(dev);
3919 out_unlock_mutex:
3920         mutex_unlock(&wl->mutex);
3921
3922         if (wl->vif && reload_bss)
3923                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3924
3925         return err;
3926 }
3927
3928 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3929 {
3930         struct ieee80211_supported_band *sband =
3931                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3932         struct ieee80211_rate *rate;
3933         int i;
3934         u16 basic, direct, offset, basic_offset, rateptr;
3935
3936         for (i = 0; i < sband->n_bitrates; i++) {
3937                 rate = &sband->bitrates[i];
3938
3939                 if (b43_is_cck_rate(rate->hw_value)) {
3940                         direct = B43_SHM_SH_CCKDIRECT;
3941                         basic = B43_SHM_SH_CCKBASIC;
3942                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3943                         offset &= 0xF;
3944                 } else {
3945                         direct = B43_SHM_SH_OFDMDIRECT;
3946                         basic = B43_SHM_SH_OFDMBASIC;
3947                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3948                         offset &= 0xF;
3949                 }
3950
3951                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3952
3953                 if (b43_is_cck_rate(rate->hw_value)) {
3954                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3955                         basic_offset &= 0xF;
3956                 } else {
3957                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3958                         basic_offset &= 0xF;
3959                 }
3960
3961                 /*
3962                  * Get the pointer that we need to point to
3963                  * from the direct map
3964                  */
3965                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3966                                          direct + 2 * basic_offset);
3967                 /* and write it to the basic map */
3968                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3969                                 rateptr);
3970         }
3971 }
3972
3973 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3974                                     struct ieee80211_vif *vif,
3975                                     struct ieee80211_bss_conf *conf,
3976                                     u32 changed)
3977 {
3978         struct b43_wl *wl = hw_to_b43_wl(hw);
3979         struct b43_wldev *dev;
3980
3981         mutex_lock(&wl->mutex);
3982
3983         dev = wl->current_dev;
3984         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3985                 goto out_unlock_mutex;
3986
3987         B43_WARN_ON(wl->vif != vif);
3988
3989         if (changed & BSS_CHANGED_BSSID) {
3990                 if (conf->bssid)
3991                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3992                 else
3993                         memset(wl->bssid, 0, ETH_ALEN);
3994         }
3995
3996         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3997                 if (changed & BSS_CHANGED_BEACON &&
3998                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3999                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4000                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4001                         b43_update_templates(wl);
4002
4003                 if (changed & BSS_CHANGED_BSSID)
4004                         b43_write_mac_bssid_templates(dev);
4005         }
4006
4007         b43_mac_suspend(dev);
4008
4009         /* Update templates for AP/mesh mode. */
4010         if (changed & BSS_CHANGED_BEACON_INT &&
4011             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4012              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4013              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4014             conf->beacon_int)
4015                 b43_set_beacon_int(dev, conf->beacon_int);
4016
4017         if (changed & BSS_CHANGED_BASIC_RATES)
4018                 b43_update_basic_rates(dev, conf->basic_rates);
4019
4020         if (changed & BSS_CHANGED_ERP_SLOT) {
4021                 if (conf->use_short_slot)
4022                         b43_short_slot_timing_enable(dev);
4023                 else
4024                         b43_short_slot_timing_disable(dev);
4025         }
4026
4027         b43_mac_enable(dev);
4028 out_unlock_mutex:
4029         mutex_unlock(&wl->mutex);
4030 }
4031
4032 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4033                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4034                           struct ieee80211_key_conf *key)
4035 {
4036         struct b43_wl *wl = hw_to_b43_wl(hw);
4037         struct b43_wldev *dev;
4038         u8 algorithm;
4039         u8 index;
4040         int err;
4041         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4042
4043         if (modparam_nohwcrypt)
4044                 return -ENOSPC; /* User disabled HW-crypto */
4045
4046         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4047              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4048             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4049              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4050             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4051                 /*
4052                  * For now, disable hw crypto for the RSN IBSS group keys. This
4053                  * could be optimized in the future, but until that gets
4054                  * implemented, use of software crypto for group addressed
4055                  * frames is a acceptable to allow RSN IBSS to be used.
4056                  */
4057                 return -EOPNOTSUPP;
4058         }
4059
4060         mutex_lock(&wl->mutex);
4061
4062         dev = wl->current_dev;
4063         err = -ENODEV;
4064         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4065                 goto out_unlock;
4066
4067         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4068                 /* We don't have firmware for the crypto engine.
4069                  * Must use software-crypto. */
4070                 err = -EOPNOTSUPP;
4071                 goto out_unlock;
4072         }
4073
4074         err = -EINVAL;
4075         switch (key->cipher) {
4076         case WLAN_CIPHER_SUITE_WEP40:
4077                 algorithm = B43_SEC_ALGO_WEP40;
4078                 break;
4079         case WLAN_CIPHER_SUITE_WEP104:
4080                 algorithm = B43_SEC_ALGO_WEP104;
4081                 break;
4082         case WLAN_CIPHER_SUITE_TKIP:
4083                 algorithm = B43_SEC_ALGO_TKIP;
4084                 break;
4085         case WLAN_CIPHER_SUITE_CCMP:
4086                 algorithm = B43_SEC_ALGO_AES;
4087                 break;
4088         default:
4089                 B43_WARN_ON(1);
4090                 goto out_unlock;
4091         }
4092         index = (u8) (key->keyidx);
4093         if (index > 3)
4094                 goto out_unlock;
4095
4096         switch (cmd) {
4097         case SET_KEY:
4098                 if (algorithm == B43_SEC_ALGO_TKIP &&
4099                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4100                     !modparam_hwtkip)) {
4101                         /* We support only pairwise key */
4102                         err = -EOPNOTSUPP;
4103                         goto out_unlock;
4104                 }
4105
4106                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4107                         if (WARN_ON(!sta)) {
4108                                 err = -EOPNOTSUPP;
4109                                 goto out_unlock;
4110                         }
4111                         /* Pairwise key with an assigned MAC address. */
4112                         err = b43_key_write(dev, -1, algorithm,
4113                                             key->key, key->keylen,
4114                                             sta->addr, key);
4115                 } else {
4116                         /* Group key */
4117                         err = b43_key_write(dev, index, algorithm,
4118                                             key->key, key->keylen, NULL, key);
4119                 }
4120                 if (err)
4121                         goto out_unlock;
4122
4123                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4124                     algorithm == B43_SEC_ALGO_WEP104) {
4125                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4126                 } else {
4127                         b43_hf_write(dev,
4128                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4129                 }
4130                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4131                 if (algorithm == B43_SEC_ALGO_TKIP)
4132                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4133                 break;
4134         case DISABLE_KEY: {
4135                 err = b43_key_clear(dev, key->hw_key_idx);
4136                 if (err)
4137                         goto out_unlock;
4138                 break;
4139         }
4140         default:
4141                 B43_WARN_ON(1);
4142         }
4143
4144 out_unlock:
4145         if (!err) {
4146                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4147                        "mac: %pM\n",
4148                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4149                        sta ? sta->addr : bcast_addr);
4150                 b43_dump_keymemory(dev);
4151         }
4152         mutex_unlock(&wl->mutex);
4153
4154         return err;
4155 }
4156
4157 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4158                                     unsigned int changed, unsigned int *fflags,
4159                                     u64 multicast)
4160 {
4161         struct b43_wl *wl = hw_to_b43_wl(hw);
4162         struct b43_wldev *dev;
4163
4164         mutex_lock(&wl->mutex);
4165         dev = wl->current_dev;
4166         if (!dev) {
4167                 *fflags = 0;
4168                 goto out_unlock;
4169         }
4170
4171         *fflags &= FIF_PROMISC_IN_BSS |
4172                   FIF_ALLMULTI |
4173                   FIF_FCSFAIL |
4174                   FIF_PLCPFAIL |
4175                   FIF_CONTROL |
4176                   FIF_OTHER_BSS |
4177                   FIF_BCN_PRBRESP_PROMISC;
4178
4179         changed &= FIF_PROMISC_IN_BSS |
4180                    FIF_ALLMULTI |
4181                    FIF_FCSFAIL |
4182                    FIF_PLCPFAIL |
4183                    FIF_CONTROL |
4184                    FIF_OTHER_BSS |
4185                    FIF_BCN_PRBRESP_PROMISC;
4186
4187         wl->filter_flags = *fflags;
4188
4189         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4190                 b43_adjust_opmode(dev);
4191
4192 out_unlock:
4193         mutex_unlock(&wl->mutex);
4194 }
4195
4196 /* Locking: wl->mutex
4197  * Returns the current dev. This might be different from the passed in dev,
4198  * because the core might be gone away while we unlocked the mutex. */
4199 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4200 {
4201         struct b43_wl *wl;
4202         struct b43_wldev *orig_dev;
4203         u32 mask;
4204         int queue_num;
4205
4206         if (!dev)
4207                 return NULL;
4208         wl = dev->wl;
4209 redo:
4210         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4211                 return dev;
4212
4213         /* Cancel work. Unlock to avoid deadlocks. */
4214         mutex_unlock(&wl->mutex);
4215         cancel_delayed_work_sync(&dev->periodic_work);
4216         cancel_work_sync(&wl->tx_work);
4217         cancel_work_sync(&wl->firmware_load);
4218         mutex_lock(&wl->mutex);
4219         dev = wl->current_dev;
4220         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4221                 /* Whoops, aliens ate up the device while we were unlocked. */
4222                 return dev;
4223         }
4224
4225         /* Disable interrupts on the device. */
4226         b43_set_status(dev, B43_STAT_INITIALIZED);
4227         if (b43_bus_host_is_sdio(dev->dev)) {
4228                 /* wl->mutex is locked. That is enough. */
4229                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4230                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4231         } else {
4232                 spin_lock_irq(&wl->hardirq_lock);
4233                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4234                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4235                 spin_unlock_irq(&wl->hardirq_lock);
4236         }
4237         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4238         orig_dev = dev;
4239         mutex_unlock(&wl->mutex);
4240         if (b43_bus_host_is_sdio(dev->dev)) {
4241                 b43_sdio_free_irq(dev);
4242         } else {
4243                 synchronize_irq(dev->dev->irq);
4244                 free_irq(dev->dev->irq, dev);
4245         }
4246         mutex_lock(&wl->mutex);
4247         dev = wl->current_dev;
4248         if (!dev)
4249                 return dev;
4250         if (dev != orig_dev) {
4251                 if (b43_status(dev) >= B43_STAT_STARTED)
4252                         goto redo;
4253                 return dev;
4254         }
4255         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4256         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4257
4258         /* Drain all TX queues. */
4259         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4260                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4261                         struct sk_buff *skb;
4262
4263                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4264                         ieee80211_free_txskb(wl->hw, skb);
4265                 }
4266         }
4267
4268         b43_mac_suspend(dev);
4269         b43_leds_exit(dev);
4270         b43dbg(wl, "Wireless interface stopped\n");
4271
4272         return dev;
4273 }
4274
4275 /* Locking: wl->mutex */
4276 static int b43_wireless_core_start(struct b43_wldev *dev)
4277 {
4278         int err;
4279
4280         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4281
4282         drain_txstatus_queue(dev);
4283         if (b43_bus_host_is_sdio(dev->dev)) {
4284                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4285                 if (err) {
4286                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4287                         goto out;
4288                 }
4289         } else {
4290                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4291                                            b43_interrupt_thread_handler,
4292                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4293                 if (err) {
4294                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4295                                dev->dev->irq);
4296                         goto out;
4297                 }
4298         }
4299
4300         /* We are ready to run. */
4301         ieee80211_wake_queues(dev->wl->hw);
4302         b43_set_status(dev, B43_STAT_STARTED);
4303
4304         /* Start data flow (TX/RX). */
4305         b43_mac_enable(dev);
4306         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4307
4308         /* Start maintenance work */
4309         b43_periodic_tasks_setup(dev);
4310
4311         b43_leds_init(dev);
4312
4313         b43dbg(dev->wl, "Wireless interface started\n");
4314 out:
4315         return err;
4316 }
4317
4318 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4319 {
4320         switch (phy_type) {
4321         case B43_PHYTYPE_A:
4322                 return "A";
4323         case B43_PHYTYPE_B:
4324                 return "B";
4325         case B43_PHYTYPE_G:
4326                 return "G";
4327         case B43_PHYTYPE_N:
4328                 return "N";
4329         case B43_PHYTYPE_LP:
4330                 return "LP";
4331         case B43_PHYTYPE_SSLPN:
4332                 return "SSLPN";
4333         case B43_PHYTYPE_HT:
4334                 return "HT";
4335         case B43_PHYTYPE_LCN:
4336                 return "LCN";
4337         case B43_PHYTYPE_LCNXN:
4338                 return "LCNXN";
4339         case B43_PHYTYPE_LCN40:
4340                 return "LCN40";
4341         case B43_PHYTYPE_AC:
4342                 return "AC";
4343         }
4344         return "UNKNOWN";
4345 }
4346
4347 /* Get PHY and RADIO versioning numbers */
4348 static int b43_phy_versioning(struct b43_wldev *dev)
4349 {
4350         struct b43_phy *phy = &dev->phy;
4351         u32 tmp;
4352         u8 analog_type;
4353         u8 phy_type;
4354         u8 phy_rev;
4355         u16 radio_manuf;
4356         u16 radio_ver;
4357         u16 radio_rev;
4358         int unsupported = 0;
4359
4360         /* Get PHY versioning */
4361         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4362         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4363         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4364         phy_rev = (tmp & B43_PHYVER_VERSION);
4365         switch (phy_type) {
4366         case B43_PHYTYPE_A:
4367                 if (phy_rev >= 4)
4368                         unsupported = 1;
4369                 break;
4370         case B43_PHYTYPE_B:
4371                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4372                     && phy_rev != 7)
4373                         unsupported = 1;
4374                 break;
4375         case B43_PHYTYPE_G:
4376                 if (phy_rev > 9)
4377                         unsupported = 1;
4378                 break;
4379 #ifdef CONFIG_B43_PHY_N
4380         case B43_PHYTYPE_N:
4381                 if (phy_rev > 9)
4382                         unsupported = 1;
4383                 break;
4384 #endif
4385 #ifdef CONFIG_B43_PHY_LP
4386         case B43_PHYTYPE_LP:
4387                 if (phy_rev > 2)
4388                         unsupported = 1;
4389                 break;
4390 #endif
4391 #ifdef CONFIG_B43_PHY_HT
4392         case B43_PHYTYPE_HT:
4393                 if (phy_rev > 1)
4394                         unsupported = 1;
4395                 break;
4396 #endif
4397 #ifdef CONFIG_B43_PHY_LCN
4398         case B43_PHYTYPE_LCN:
4399                 if (phy_rev > 1)
4400                         unsupported = 1;
4401                 break;
4402 #endif
4403         default:
4404                 unsupported = 1;
4405         }
4406         if (unsupported) {
4407                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4408                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4409                        phy_rev);
4410                 return -EOPNOTSUPP;
4411         }
4412         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4413                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4414
4415         /* Get RADIO versioning */
4416         if (dev->dev->core_rev >= 24) {
4417                 u16 radio24[3];
4418
4419                 for (tmp = 0; tmp < 3; tmp++) {
4420                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4421                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4422                 }
4423
4424                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4425                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4426
4427                 radio_manuf = 0x17F;
4428                 radio_ver = (radio24[2] << 8) | radio24[1];
4429                 radio_rev = (radio24[0] & 0xF);
4430         } else {
4431                 if (dev->dev->chip_id == 0x4317) {
4432                         if (dev->dev->chip_rev == 0)
4433                                 tmp = 0x3205017F;
4434                         else if (dev->dev->chip_rev == 1)
4435                                 tmp = 0x4205017F;
4436                         else
4437                                 tmp = 0x5205017F;
4438                 } else {
4439                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4440                                     B43_RADIOCTL_ID);
4441                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4442                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4443                                     B43_RADIOCTL_ID);
4444                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4445                                 << 16;
4446                 }
4447                 radio_manuf = (tmp & 0x00000FFF);
4448                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4449                 radio_rev = (tmp & 0xF0000000) >> 28;
4450         }
4451
4452         if (radio_manuf != 0x17F /* Broadcom */)
4453                 unsupported = 1;
4454         switch (phy_type) {
4455         case B43_PHYTYPE_A:
4456                 if (radio_ver != 0x2060)
4457                         unsupported = 1;
4458                 if (radio_rev != 1)
4459                         unsupported = 1;
4460                 if (radio_manuf != 0x17F)
4461                         unsupported = 1;
4462                 break;
4463         case B43_PHYTYPE_B:
4464                 if ((radio_ver & 0xFFF0) != 0x2050)
4465                         unsupported = 1;
4466                 break;
4467         case B43_PHYTYPE_G:
4468                 if (radio_ver != 0x2050)
4469                         unsupported = 1;
4470                 break;
4471         case B43_PHYTYPE_N:
4472                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4473                         unsupported = 1;
4474                 break;
4475         case B43_PHYTYPE_LP:
4476                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4477                         unsupported = 1;
4478                 break;
4479         case B43_PHYTYPE_HT:
4480                 if (radio_ver != 0x2059)
4481                         unsupported = 1;
4482                 break;
4483         case B43_PHYTYPE_LCN:
4484                 if (radio_ver != 0x2064)
4485                         unsupported = 1;
4486                 break;
4487         default:
4488                 B43_WARN_ON(1);
4489         }
4490         if (unsupported) {
4491                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4492                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4493                        radio_manuf, radio_ver, radio_rev);
4494                 return -EOPNOTSUPP;
4495         }
4496         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4497                radio_manuf, radio_ver, radio_rev);
4498
4499         phy->radio_manuf = radio_manuf;
4500         phy->radio_ver = radio_ver;
4501         phy->radio_rev = radio_rev;
4502
4503         phy->analog = analog_type;
4504         phy->type = phy_type;
4505         phy->rev = phy_rev;
4506
4507         return 0;
4508 }
4509
4510 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4511                                       struct b43_phy *phy)
4512 {
4513         phy->hardware_power_control = !!modparam_hwpctl;
4514         phy->next_txpwr_check_time = jiffies;
4515         /* PHY TX errors counter. */
4516         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4517
4518 #if B43_DEBUG
4519         phy->phy_locked = false;
4520         phy->radio_locked = false;
4521 #endif
4522 }
4523
4524 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4525 {
4526         dev->dfq_valid = false;
4527
4528         /* Assume the radio is enabled. If it's not enabled, the state will
4529          * immediately get fixed on the first periodic work run. */
4530         dev->radio_hw_enable = true;
4531
4532         /* Stats */
4533         memset(&dev->stats, 0, sizeof(dev->stats));
4534
4535         setup_struct_phy_for_init(dev, &dev->phy);
4536
4537         /* IRQ related flags */
4538         dev->irq_reason = 0;
4539         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4540         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4541         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4542                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4543
4544         dev->mac_suspended = 1;
4545
4546         /* Noise calculation context */
4547         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4548 }
4549
4550 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4551 {
4552         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4553         u64 hf;
4554
4555         if (!modparam_btcoex)
4556                 return;
4557         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4558                 return;
4559         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4560                 return;
4561
4562         hf = b43_hf_read(dev);
4563         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4564                 hf |= B43_HF_BTCOEXALT;
4565         else
4566                 hf |= B43_HF_BTCOEX;
4567         b43_hf_write(dev, hf);
4568 }
4569
4570 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4571 {
4572         if (!modparam_btcoex)
4573                 return;
4574         //TODO
4575 }
4576
4577 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4578 {
4579         struct ssb_bus *bus;
4580         u32 tmp;
4581
4582         if (dev->dev->bus_type != B43_BUS_SSB)
4583                 return;
4584
4585         bus = dev->dev->sdev->bus;
4586
4587         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4588             (bus->chip_id == 0x4312)) {
4589                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4590                 tmp &= ~SSB_IMCFGLO_REQTO;
4591                 tmp &= ~SSB_IMCFGLO_SERTO;
4592                 tmp |= 0x3;
4593                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4594                 ssb_commit_settings(bus);
4595         }
4596 }
4597
4598 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4599 {
4600         u16 pu_delay;
4601
4602         /* The time value is in microseconds. */
4603         if (dev->phy.type == B43_PHYTYPE_A)
4604                 pu_delay = 3700;
4605         else
4606                 pu_delay = 1050;
4607         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4608                 pu_delay = 500;
4609         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4610                 pu_delay = max(pu_delay, (u16)2400);
4611
4612         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4613 }
4614
4615 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4616 static void b43_set_pretbtt(struct b43_wldev *dev)
4617 {
4618         u16 pretbtt;
4619
4620         /* The time value is in microseconds. */
4621         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4622                 pretbtt = 2;
4623         } else {
4624                 if (dev->phy.type == B43_PHYTYPE_A)
4625                         pretbtt = 120;
4626                 else
4627                         pretbtt = 250;
4628         }
4629         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4630         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4631 }
4632
4633 /* Shutdown a wireless core */
4634 /* Locking: wl->mutex */
4635 static void b43_wireless_core_exit(struct b43_wldev *dev)
4636 {
4637         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4638         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4639                 return;
4640
4641         /* Unregister HW RNG driver */
4642         b43_rng_exit(dev->wl);
4643
4644         b43_set_status(dev, B43_STAT_UNINIT);
4645
4646         /* Stop the microcode PSM. */
4647         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4648                       B43_MACCTL_PSM_JMP0);
4649
4650         b43_dma_free(dev);
4651         b43_pio_free(dev);
4652         b43_chip_exit(dev);
4653         dev->phy.ops->switch_analog(dev, 0);
4654         if (dev->wl->current_beacon) {
4655                 dev_kfree_skb_any(dev->wl->current_beacon);
4656                 dev->wl->current_beacon = NULL;
4657         }
4658
4659         b43_device_disable(dev, 0);
4660         b43_bus_may_powerdown(dev);
4661 }
4662
4663 /* Initialize a wireless core */
4664 static int b43_wireless_core_init(struct b43_wldev *dev)
4665 {
4666         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4667         struct b43_phy *phy = &dev->phy;
4668         int err;
4669         u64 hf;
4670
4671         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4672
4673         err = b43_bus_powerup(dev, 0);
4674         if (err)
4675                 goto out;
4676         if (!b43_device_is_enabled(dev))
4677                 b43_wireless_core_reset(dev, phy->gmode);
4678
4679         /* Reset all data structures. */
4680         setup_struct_wldev_for_init(dev);
4681         phy->ops->prepare_structs(dev);
4682
4683         /* Enable IRQ routing to this device. */
4684         switch (dev->dev->bus_type) {
4685 #ifdef CONFIG_B43_BCMA
4686         case B43_BUS_BCMA:
4687                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4688                                       dev->dev->bdev, true);
4689                 break;
4690 #endif
4691 #ifdef CONFIG_B43_SSB
4692         case B43_BUS_SSB:
4693                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4694                                                dev->dev->sdev);
4695                 break;
4696 #endif
4697         }
4698
4699         b43_imcfglo_timeouts_workaround(dev);
4700         b43_bluetooth_coext_disable(dev);
4701         if (phy->ops->prepare_hardware) {
4702                 err = phy->ops->prepare_hardware(dev);
4703                 if (err)
4704                         goto err_busdown;
4705         }
4706         err = b43_chip_init(dev);
4707         if (err)
4708                 goto err_busdown;
4709         b43_shm_write16(dev, B43_SHM_SHARED,
4710                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4711         hf = b43_hf_read(dev);
4712         if (phy->type == B43_PHYTYPE_G) {
4713                 hf |= B43_HF_SYMW;
4714                 if (phy->rev == 1)
4715                         hf |= B43_HF_GDCW;
4716                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4717                         hf |= B43_HF_OFDMPABOOST;
4718         }
4719         if (phy->radio_ver == 0x2050) {
4720                 if (phy->radio_rev == 6)
4721                         hf |= B43_HF_4318TSSI;
4722                 if (phy->radio_rev < 6)
4723                         hf |= B43_HF_VCORECALC;
4724         }
4725         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4726                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4727 #ifdef CONFIG_SSB_DRIVER_PCICORE
4728         if (dev->dev->bus_type == B43_BUS_SSB &&
4729             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4730             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4731                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4732 #endif
4733         hf &= ~B43_HF_SKCFPUP;
4734         b43_hf_write(dev, hf);
4735
4736         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4737                              B43_DEFAULT_LONG_RETRY_LIMIT);
4738         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4739         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4740
4741         /* Disable sending probe responses from firmware.
4742          * Setting the MaxTime to one usec will always trigger
4743          * a timeout, so we never send any probe resp.
4744          * A timeout of zero is infinite. */
4745         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4746
4747         b43_rate_memory_init(dev);
4748         b43_set_phytxctl_defaults(dev);
4749
4750         /* Minimum Contention Window */
4751         if (phy->type == B43_PHYTYPE_B)
4752                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4753         else
4754                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4755         /* Maximum Contention Window */
4756         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4757
4758         if (b43_bus_host_is_pcmcia(dev->dev) ||
4759             b43_bus_host_is_sdio(dev->dev)) {
4760                 dev->__using_pio_transfers = true;
4761                 err = b43_pio_init(dev);
4762         } else if (dev->use_pio) {
4763                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4764                         "This should not be needed and will result in lower "
4765                         "performance.\n");
4766                 dev->__using_pio_transfers = true;
4767                 err = b43_pio_init(dev);
4768         } else {
4769                 dev->__using_pio_transfers = false;
4770                 err = b43_dma_init(dev);
4771         }
4772         if (err)
4773                 goto err_chip_exit;
4774         b43_qos_init(dev);
4775         b43_set_synth_pu_delay(dev, 1);
4776         b43_bluetooth_coext_enable(dev);
4777
4778         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4779         b43_upload_card_macaddress(dev);
4780         b43_security_init(dev);
4781
4782         ieee80211_wake_queues(dev->wl->hw);
4783
4784         b43_set_status(dev, B43_STAT_INITIALIZED);
4785
4786         /* Register HW RNG driver */
4787         b43_rng_init(dev->wl);
4788
4789 out:
4790         return err;
4791
4792 err_chip_exit:
4793         b43_chip_exit(dev);
4794 err_busdown:
4795         b43_bus_may_powerdown(dev);
4796         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4797         return err;
4798 }
4799
4800 static int b43_op_add_interface(struct ieee80211_hw *hw,
4801                                 struct ieee80211_vif *vif)
4802 {
4803         struct b43_wl *wl = hw_to_b43_wl(hw);
4804         struct b43_wldev *dev;
4805         int err = -EOPNOTSUPP;
4806
4807         /* TODO: allow WDS/AP devices to coexist */
4808
4809         if (vif->type != NL80211_IFTYPE_AP &&
4810             vif->type != NL80211_IFTYPE_MESH_POINT &&
4811             vif->type != NL80211_IFTYPE_STATION &&
4812             vif->type != NL80211_IFTYPE_WDS &&
4813             vif->type != NL80211_IFTYPE_ADHOC)
4814                 return -EOPNOTSUPP;
4815
4816         mutex_lock(&wl->mutex);
4817         if (wl->operating)
4818                 goto out_mutex_unlock;
4819
4820         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4821
4822         dev = wl->current_dev;
4823         wl->operating = true;
4824         wl->vif = vif;
4825         wl->if_type = vif->type;
4826         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4827
4828         b43_adjust_opmode(dev);
4829         b43_set_pretbtt(dev);
4830         b43_set_synth_pu_delay(dev, 0);
4831         b43_upload_card_macaddress(dev);
4832
4833         err = 0;
4834  out_mutex_unlock:
4835         mutex_unlock(&wl->mutex);
4836
4837         if (err == 0)
4838                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4839
4840         return err;
4841 }
4842
4843 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4844                                     struct ieee80211_vif *vif)
4845 {
4846         struct b43_wl *wl = hw_to_b43_wl(hw);
4847         struct b43_wldev *dev = wl->current_dev;
4848
4849         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4850
4851         mutex_lock(&wl->mutex);
4852
4853         B43_WARN_ON(!wl->operating);
4854         B43_WARN_ON(wl->vif != vif);
4855         wl->vif = NULL;
4856
4857         wl->operating = false;
4858
4859         b43_adjust_opmode(dev);
4860         memset(wl->mac_addr, 0, ETH_ALEN);
4861         b43_upload_card_macaddress(dev);
4862
4863         mutex_unlock(&wl->mutex);
4864 }
4865
4866 static int b43_op_start(struct ieee80211_hw *hw)
4867 {
4868         struct b43_wl *wl = hw_to_b43_wl(hw);
4869         struct b43_wldev *dev = wl->current_dev;
4870         int did_init = 0;
4871         int err = 0;
4872
4873         /* Kill all old instance specific information to make sure
4874          * the card won't use it in the short timeframe between start
4875          * and mac80211 reconfiguring it. */
4876         memset(wl->bssid, 0, ETH_ALEN);
4877         memset(wl->mac_addr, 0, ETH_ALEN);
4878         wl->filter_flags = 0;
4879         wl->radiotap_enabled = false;
4880         b43_qos_clear(wl);
4881         wl->beacon0_uploaded = false;
4882         wl->beacon1_uploaded = false;
4883         wl->beacon_templates_virgin = true;
4884         wl->radio_enabled = true;
4885
4886         mutex_lock(&wl->mutex);
4887
4888         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4889                 err = b43_wireless_core_init(dev);
4890                 if (err)
4891                         goto out_mutex_unlock;
4892                 did_init = 1;
4893         }
4894
4895         if (b43_status(dev) < B43_STAT_STARTED) {
4896                 err = b43_wireless_core_start(dev);
4897                 if (err) {
4898                         if (did_init)
4899                                 b43_wireless_core_exit(dev);
4900                         goto out_mutex_unlock;
4901                 }
4902         }
4903
4904         /* XXX: only do if device doesn't support rfkill irq */
4905         wiphy_rfkill_start_polling(hw->wiphy);
4906
4907  out_mutex_unlock:
4908         mutex_unlock(&wl->mutex);
4909
4910         /*
4911          * Configuration may have been overwritten during initialization.
4912          * Reload the configuration, but only if initialization was
4913          * successful. Reloading the configuration after a failed init
4914          * may hang the system.
4915          */
4916         if (!err)
4917                 b43_op_config(hw, ~0);
4918
4919         return err;
4920 }
4921
4922 static void b43_op_stop(struct ieee80211_hw *hw)
4923 {
4924         struct b43_wl *wl = hw_to_b43_wl(hw);
4925         struct b43_wldev *dev = wl->current_dev;
4926
4927         cancel_work_sync(&(wl->beacon_update_trigger));
4928
4929         if (!dev)
4930                 goto out;
4931
4932         mutex_lock(&wl->mutex);
4933         if (b43_status(dev) >= B43_STAT_STARTED) {
4934                 dev = b43_wireless_core_stop(dev);
4935                 if (!dev)
4936                         goto out_unlock;
4937         }
4938         b43_wireless_core_exit(dev);
4939         wl->radio_enabled = false;
4940
4941 out_unlock:
4942         mutex_unlock(&wl->mutex);
4943 out:
4944         cancel_work_sync(&(wl->txpower_adjust_work));
4945 }
4946
4947 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4948                                  struct ieee80211_sta *sta, bool set)
4949 {
4950         struct b43_wl *wl = hw_to_b43_wl(hw);
4951
4952         /* FIXME: add locking */
4953         b43_update_templates(wl);
4954
4955         return 0;
4956 }
4957
4958 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4959                               struct ieee80211_vif *vif,
4960                               enum sta_notify_cmd notify_cmd,
4961                               struct ieee80211_sta *sta)
4962 {
4963         struct b43_wl *wl = hw_to_b43_wl(hw);
4964
4965         B43_WARN_ON(!vif || wl->vif != vif);
4966 }
4967
4968 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4969 {
4970         struct b43_wl *wl = hw_to_b43_wl(hw);
4971         struct b43_wldev *dev;
4972
4973         mutex_lock(&wl->mutex);
4974         dev = wl->current_dev;
4975         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4976                 /* Disable CFP update during scan on other channels. */
4977                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4978         }
4979         mutex_unlock(&wl->mutex);
4980 }
4981
4982 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4983 {
4984         struct b43_wl *wl = hw_to_b43_wl(hw);
4985         struct b43_wldev *dev;
4986
4987         mutex_lock(&wl->mutex);
4988         dev = wl->current_dev;
4989         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4990                 /* Re-enable CFP update. */
4991                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4992         }
4993         mutex_unlock(&wl->mutex);
4994 }
4995
4996 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4997                              struct survey_info *survey)
4998 {
4999         struct b43_wl *wl = hw_to_b43_wl(hw);
5000         struct b43_wldev *dev = wl->current_dev;
5001         struct ieee80211_conf *conf = &hw->conf;
5002
5003         if (idx != 0)
5004                 return -ENOENT;
5005
5006         survey->channel = conf->channel;
5007         survey->filled = SURVEY_INFO_NOISE_DBM;
5008         survey->noise = dev->stats.link_noise;
5009
5010         return 0;
5011 }
5012
5013 static const struct ieee80211_ops b43_hw_ops = {
5014         .tx                     = b43_op_tx,
5015         .conf_tx                = b43_op_conf_tx,
5016         .add_interface          = b43_op_add_interface,
5017         .remove_interface       = b43_op_remove_interface,
5018         .config                 = b43_op_config,
5019         .bss_info_changed       = b43_op_bss_info_changed,
5020         .configure_filter       = b43_op_configure_filter,
5021         .set_key                = b43_op_set_key,
5022         .update_tkip_key        = b43_op_update_tkip_key,
5023         .get_stats              = b43_op_get_stats,
5024         .get_tsf                = b43_op_get_tsf,
5025         .set_tsf                = b43_op_set_tsf,
5026         .start                  = b43_op_start,
5027         .stop                   = b43_op_stop,
5028         .set_tim                = b43_op_beacon_set_tim,
5029         .sta_notify             = b43_op_sta_notify,
5030         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5031         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5032         .get_survey             = b43_op_get_survey,
5033         .rfkill_poll            = b43_rfkill_poll,
5034 };
5035
5036 /* Hard-reset the chip. Do not call this directly.
5037  * Use b43_controller_restart()
5038  */
5039 static void b43_chip_reset(struct work_struct *work)
5040 {
5041         struct b43_wldev *dev =
5042             container_of(work, struct b43_wldev, restart_work);
5043         struct b43_wl *wl = dev->wl;
5044         int err = 0;
5045         int prev_status;
5046
5047         mutex_lock(&wl->mutex);
5048
5049         prev_status = b43_status(dev);
5050         /* Bring the device down... */
5051         if (prev_status >= B43_STAT_STARTED) {
5052                 dev = b43_wireless_core_stop(dev);
5053                 if (!dev) {
5054                         err = -ENODEV;
5055                         goto out;
5056                 }
5057         }
5058         if (prev_status >= B43_STAT_INITIALIZED)
5059                 b43_wireless_core_exit(dev);
5060
5061         /* ...and up again. */
5062         if (prev_status >= B43_STAT_INITIALIZED) {
5063                 err = b43_wireless_core_init(dev);
5064                 if (err)
5065                         goto out;
5066         }
5067         if (prev_status >= B43_STAT_STARTED) {
5068                 err = b43_wireless_core_start(dev);
5069                 if (err) {
5070                         b43_wireless_core_exit(dev);
5071                         goto out;
5072                 }
5073         }
5074 out:
5075         if (err)
5076                 wl->current_dev = NULL; /* Failed to init the dev. */
5077         mutex_unlock(&wl->mutex);
5078
5079         if (err) {
5080                 b43err(wl, "Controller restart FAILED\n");
5081                 return;
5082         }
5083
5084         /* reload configuration */
5085         b43_op_config(wl->hw, ~0);
5086         if (wl->vif)
5087                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5088
5089         b43info(wl, "Controller restarted\n");
5090 }
5091
5092 static int b43_setup_bands(struct b43_wldev *dev,
5093                            bool have_2ghz_phy, bool have_5ghz_phy)
5094 {
5095         struct ieee80211_hw *hw = dev->wl->hw;
5096
5097         if (have_2ghz_phy)
5098                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5099         if (dev->phy.type == B43_PHYTYPE_N) {
5100                 if (have_5ghz_phy)
5101                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5102         } else {
5103                 if (have_5ghz_phy)
5104                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5105         }
5106
5107         dev->phy.supports_2ghz = have_2ghz_phy;
5108         dev->phy.supports_5ghz = have_5ghz_phy;
5109
5110         return 0;
5111 }
5112
5113 static void b43_wireless_core_detach(struct b43_wldev *dev)
5114 {
5115         /* We release firmware that late to not be required to re-request
5116          * is all the time when we reinit the core. */
5117         b43_release_firmware(dev);
5118         b43_phy_free(dev);
5119 }
5120
5121 static int b43_wireless_core_attach(struct b43_wldev *dev)
5122 {
5123         struct b43_wl *wl = dev->wl;
5124         struct pci_dev *pdev = NULL;
5125         int err;
5126         u32 tmp;
5127         bool have_2ghz_phy = false, have_5ghz_phy = false;
5128
5129         /* Do NOT do any device initialization here.
5130          * Do it in wireless_core_init() instead.
5131          * This function is for gathering basic information about the HW, only.
5132          * Also some structs may be set up here. But most likely you want to have
5133          * that in core_init(), too.
5134          */
5135
5136 #ifdef CONFIG_B43_SSB
5137         if (dev->dev->bus_type == B43_BUS_SSB &&
5138             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5139                 pdev = dev->dev->sdev->bus->host_pci;
5140 #endif
5141
5142         err = b43_bus_powerup(dev, 0);
5143         if (err) {
5144                 b43err(wl, "Bus powerup failed\n");
5145                 goto out;
5146         }
5147
5148         /* Get the PHY type. */
5149         switch (dev->dev->bus_type) {
5150 #ifdef CONFIG_B43_BCMA
5151         case B43_BUS_BCMA:
5152                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5153                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5154                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5155                 break;
5156 #endif
5157 #ifdef CONFIG_B43_SSB
5158         case B43_BUS_SSB:
5159                 if (dev->dev->core_rev >= 5) {
5160                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5161                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5162                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5163                 } else
5164                         B43_WARN_ON(1);
5165                 break;
5166 #endif
5167         }
5168
5169         dev->phy.gmode = have_2ghz_phy;
5170         dev->phy.radio_on = true;
5171         b43_wireless_core_reset(dev, dev->phy.gmode);
5172
5173         err = b43_phy_versioning(dev);
5174         if (err)
5175                 goto err_powerdown;
5176         /* Check if this device supports multiband. */
5177         if (!pdev ||
5178             (pdev->device != 0x4312 &&
5179              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5180                 /* No multiband support. */
5181                 have_2ghz_phy = false;
5182                 have_5ghz_phy = false;
5183                 switch (dev->phy.type) {
5184                 case B43_PHYTYPE_A:
5185                         have_5ghz_phy = true;
5186                         break;
5187                 case B43_PHYTYPE_LP: //FIXME not always!
5188 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5189                         have_5ghz_phy = 1;
5190 #endif
5191                 case B43_PHYTYPE_G:
5192                 case B43_PHYTYPE_N:
5193                 case B43_PHYTYPE_HT:
5194                 case B43_PHYTYPE_LCN:
5195                         have_2ghz_phy = true;
5196                         break;
5197                 default:
5198                         B43_WARN_ON(1);
5199                 }
5200         }
5201         if (dev->phy.type == B43_PHYTYPE_A) {
5202                 /* FIXME */
5203                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5204                 err = -EOPNOTSUPP;
5205                 goto err_powerdown;
5206         }
5207         if (1 /* disable A-PHY */) {
5208                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5209                 if (dev->phy.type != B43_PHYTYPE_N &&
5210                     dev->phy.type != B43_PHYTYPE_LP) {
5211                         have_2ghz_phy = true;
5212                         have_5ghz_phy = false;
5213                 }
5214         }
5215
5216         err = b43_phy_allocate(dev);
5217         if (err)
5218                 goto err_powerdown;
5219
5220         dev->phy.gmode = have_2ghz_phy;
5221         b43_wireless_core_reset(dev, dev->phy.gmode);
5222
5223         err = b43_validate_chipaccess(dev);
5224         if (err)
5225                 goto err_phy_free;
5226         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5227         if (err)
5228                 goto err_phy_free;
5229
5230         /* Now set some default "current_dev" */
5231         if (!wl->current_dev)
5232                 wl->current_dev = dev;
5233         INIT_WORK(&dev->restart_work, b43_chip_reset);
5234
5235         dev->phy.ops->switch_analog(dev, 0);
5236         b43_device_disable(dev, 0);
5237         b43_bus_may_powerdown(dev);
5238
5239 out:
5240         return err;
5241
5242 err_phy_free:
5243         b43_phy_free(dev);
5244 err_powerdown:
5245         b43_bus_may_powerdown(dev);
5246         return err;
5247 }
5248
5249 static void b43_one_core_detach(struct b43_bus_dev *dev)
5250 {
5251         struct b43_wldev *wldev;
5252         struct b43_wl *wl;
5253
5254         /* Do not cancel ieee80211-workqueue based work here.
5255          * See comment in b43_remove(). */
5256
5257         wldev = b43_bus_get_wldev(dev);
5258         wl = wldev->wl;
5259         b43_debugfs_remove_device(wldev);
5260         b43_wireless_core_detach(wldev);
5261         list_del(&wldev->list);
5262         wl->nr_devs--;
5263         b43_bus_set_wldev(dev, NULL);
5264         kfree(wldev);
5265 }
5266
5267 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5268 {
5269         struct b43_wldev *wldev;
5270         int err = -ENOMEM;
5271
5272         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5273         if (!wldev)
5274                 goto out;
5275
5276         wldev->use_pio = b43_modparam_pio;
5277         wldev->dev = dev;
5278         wldev->wl = wl;
5279         b43_set_status(wldev, B43_STAT_UNINIT);
5280         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5281         INIT_LIST_HEAD(&wldev->list);
5282
5283         err = b43_wireless_core_attach(wldev);
5284         if (err)
5285                 goto err_kfree_wldev;
5286
5287         list_add(&wldev->list, &wl->devlist);
5288         wl->nr_devs++;
5289         b43_bus_set_wldev(dev, wldev);
5290         b43_debugfs_add_device(wldev);
5291
5292       out:
5293         return err;
5294
5295       err_kfree_wldev:
5296         kfree(wldev);
5297         return err;
5298 }
5299
5300 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5301         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5302         (pdev->device == _device) &&                                    \
5303         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5304         (pdev->subsystem_device == _subdevice)                          )
5305
5306 static void b43_sprom_fixup(struct ssb_bus *bus)
5307 {
5308         struct pci_dev *pdev;
5309
5310         /* boardflags workarounds */
5311         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5312             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5313                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5314         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5315             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5316                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5317         if (bus->bustype == SSB_BUSTYPE_PCI) {
5318                 pdev = bus->host_pci;
5319                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5320                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5321                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5322                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5323                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5324                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5325                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5326                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5327         }
5328 }
5329
5330 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5331 {
5332         struct ieee80211_hw *hw = wl->hw;
5333
5334         ssb_set_devtypedata(dev->sdev, NULL);
5335         ieee80211_free_hw(hw);
5336 }
5337
5338 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5339 {
5340         struct ssb_sprom *sprom = dev->bus_sprom;
5341         struct ieee80211_hw *hw;
5342         struct b43_wl *wl;
5343         char chip_name[6];
5344         int queue_num;
5345
5346         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5347         if (!hw) {
5348                 b43err(NULL, "Could not allocate ieee80211 device\n");
5349                 return ERR_PTR(-ENOMEM);
5350         }
5351         wl = hw_to_b43_wl(hw);
5352
5353         /* fill hw info */
5354         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5355                     IEEE80211_HW_SIGNAL_DBM;
5356
5357         hw->wiphy->interface_modes =
5358                 BIT(NL80211_IFTYPE_AP) |
5359                 BIT(NL80211_IFTYPE_MESH_POINT) |
5360                 BIT(NL80211_IFTYPE_STATION) |
5361                 BIT(NL80211_IFTYPE_WDS) |
5362                 BIT(NL80211_IFTYPE_ADHOC);
5363
5364         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5365
5366         wl->hw_registred = false;
5367         hw->max_rates = 2;
5368         SET_IEEE80211_DEV(hw, dev->dev);
5369         if (is_valid_ether_addr(sprom->et1mac))
5370                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5371         else
5372                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5373
5374         /* Initialize struct b43_wl */
5375         wl->hw = hw;
5376         mutex_init(&wl->mutex);
5377         spin_lock_init(&wl->hardirq_lock);
5378         INIT_LIST_HEAD(&wl->devlist);
5379         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5380         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5381         INIT_WORK(&wl->tx_work, b43_tx_work);
5382
5383         /* Initialize queues and flags. */
5384         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5385                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5386                 wl->tx_queue_stopped[queue_num] = 0;
5387         }
5388
5389         snprintf(chip_name, ARRAY_SIZE(chip_name),
5390                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5391         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5392                 dev->core_rev);
5393         return wl;
5394 }
5395
5396 #ifdef CONFIG_B43_BCMA
5397 static int b43_bcma_probe(struct bcma_device *core)
5398 {
5399         struct b43_bus_dev *dev;
5400         struct b43_wl *wl;
5401         int err;
5402
5403         dev = b43_bus_dev_bcma_init(core);
5404         if (!dev)
5405                 return -ENODEV;
5406
5407         wl = b43_wireless_init(dev);
5408         if (IS_ERR(wl)) {
5409                 err = PTR_ERR(wl);
5410                 goto bcma_out;
5411         }
5412
5413         err = b43_one_core_attach(dev, wl);
5414         if (err)
5415                 goto bcma_err_wireless_exit;
5416
5417         /* setup and start work to load firmware */
5418         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5419         schedule_work(&wl->firmware_load);
5420
5421 bcma_out:
5422         return err;
5423
5424 bcma_err_wireless_exit:
5425         ieee80211_free_hw(wl->hw);
5426         return err;
5427 }
5428
5429 static void b43_bcma_remove(struct bcma_device *core)
5430 {
5431         struct b43_wldev *wldev = bcma_get_drvdata(core);
5432         struct b43_wl *wl = wldev->wl;
5433
5434         /* We must cancel any work here before unregistering from ieee80211,
5435          * as the ieee80211 unreg will destroy the workqueue. */
5436         cancel_work_sync(&wldev->restart_work);
5437
5438         B43_WARN_ON(!wl);
5439         if (!wldev->fw.ucode.data)
5440                 return;                 /* NULL if firmware never loaded */
5441         if (wl->current_dev == wldev && wl->hw_registred) {
5442                 b43_leds_stop(wldev);
5443                 ieee80211_unregister_hw(wl->hw);
5444         }
5445
5446         b43_one_core_detach(wldev->dev);
5447
5448         b43_leds_unregister(wl);
5449
5450         ieee80211_free_hw(wl->hw);
5451 }
5452
5453 static struct bcma_driver b43_bcma_driver = {
5454         .name           = KBUILD_MODNAME,
5455         .id_table       = b43_bcma_tbl,
5456         .probe          = b43_bcma_probe,
5457         .remove         = b43_bcma_remove,
5458 };
5459 #endif
5460
5461 #ifdef CONFIG_B43_SSB
5462 static
5463 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5464 {
5465         struct b43_bus_dev *dev;
5466         struct b43_wl *wl;
5467         int err;
5468         int first = 0;
5469
5470         dev = b43_bus_dev_ssb_init(sdev);
5471         if (!dev)
5472                 return -ENOMEM;
5473
5474         wl = ssb_get_devtypedata(sdev);
5475         if (!wl) {
5476                 /* Probing the first core. Must setup common struct b43_wl */
5477                 first = 1;
5478                 b43_sprom_fixup(sdev->bus);
5479                 wl = b43_wireless_init(dev);
5480                 if (IS_ERR(wl)) {
5481                         err = PTR_ERR(wl);
5482                         goto out;
5483                 }
5484                 ssb_set_devtypedata(sdev, wl);
5485                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5486         }
5487         err = b43_one_core_attach(dev, wl);
5488         if (err)
5489                 goto err_wireless_exit;
5490
5491         /* setup and start work to load firmware */
5492         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5493         schedule_work(&wl->firmware_load);
5494
5495       out:
5496         return err;
5497
5498       err_wireless_exit:
5499         if (first)
5500                 b43_wireless_exit(dev, wl);
5501         return err;
5502 }
5503
5504 static void b43_ssb_remove(struct ssb_device *sdev)
5505 {
5506         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5507         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5508         struct b43_bus_dev *dev = wldev->dev;
5509
5510         /* We must cancel any work here before unregistering from ieee80211,
5511          * as the ieee80211 unreg will destroy the workqueue. */
5512         cancel_work_sync(&wldev->restart_work);
5513
5514         B43_WARN_ON(!wl);
5515         if (!wldev->fw.ucode.data)
5516                 return;                 /* NULL if firmware never loaded */
5517         if (wl->current_dev == wldev && wl->hw_registred) {
5518                 b43_leds_stop(wldev);
5519                 ieee80211_unregister_hw(wl->hw);
5520         }
5521
5522         b43_one_core_detach(dev);
5523
5524         if (list_empty(&wl->devlist)) {
5525                 b43_leds_unregister(wl);
5526                 /* Last core on the chip unregistered.
5527                  * We can destroy common struct b43_wl.
5528                  */
5529                 b43_wireless_exit(dev, wl);
5530         }
5531 }
5532
5533 static struct ssb_driver b43_ssb_driver = {
5534         .name           = KBUILD_MODNAME,
5535         .id_table       = b43_ssb_tbl,
5536         .probe          = b43_ssb_probe,
5537         .remove         = b43_ssb_remove,
5538 };
5539 #endif /* CONFIG_B43_SSB */
5540
5541 /* Perform a hardware reset. This can be called from any context. */
5542 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5543 {
5544         /* Must avoid requeueing, if we are in shutdown. */
5545         if (b43_status(dev) < B43_STAT_INITIALIZED)
5546                 return;
5547         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5548         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5549 }
5550
5551 static void b43_print_driverinfo(void)
5552 {
5553         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5554                    *feat_leds = "", *feat_sdio = "";
5555
5556 #ifdef CONFIG_B43_PCI_AUTOSELECT
5557         feat_pci = "P";
5558 #endif
5559 #ifdef CONFIG_B43_PCMCIA
5560         feat_pcmcia = "M";
5561 #endif
5562 #ifdef CONFIG_B43_PHY_N
5563         feat_nphy = "N";
5564 #endif
5565 #ifdef CONFIG_B43_LEDS
5566         feat_leds = "L";
5567 #endif
5568 #ifdef CONFIG_B43_SDIO
5569         feat_sdio = "S";
5570 #endif
5571         printk(KERN_INFO "Broadcom 43xx driver loaded "
5572                "[ Features: %s%s%s%s%s ]\n",
5573                feat_pci, feat_pcmcia, feat_nphy,
5574                feat_leds, feat_sdio);
5575 }
5576
5577 static int __init b43_init(void)
5578 {
5579         int err;
5580
5581         b43_debugfs_init();
5582         err = b43_pcmcia_init();
5583         if (err)
5584                 goto err_dfs_exit;
5585         err = b43_sdio_init();
5586         if (err)
5587                 goto err_pcmcia_exit;
5588 #ifdef CONFIG_B43_BCMA
5589         err = bcma_driver_register(&b43_bcma_driver);
5590         if (err)
5591                 goto err_sdio_exit;
5592 #endif
5593 #ifdef CONFIG_B43_SSB
5594         err = ssb_driver_register(&b43_ssb_driver);
5595         if (err)
5596                 goto err_bcma_driver_exit;
5597 #endif
5598         b43_print_driverinfo();
5599
5600         return err;
5601
5602 #ifdef CONFIG_B43_SSB
5603 err_bcma_driver_exit:
5604 #endif
5605 #ifdef CONFIG_B43_BCMA
5606         bcma_driver_unregister(&b43_bcma_driver);
5607 err_sdio_exit:
5608 #endif
5609         b43_sdio_exit();
5610 err_pcmcia_exit:
5611         b43_pcmcia_exit();
5612 err_dfs_exit:
5613         b43_debugfs_exit();
5614         return err;
5615 }
5616
5617 static void __exit b43_exit(void)
5618 {
5619 #ifdef CONFIG_B43_SSB
5620         ssb_driver_unregister(&b43_ssb_driver);
5621 #endif
5622 #ifdef CONFIG_B43_BCMA
5623         bcma_driver_unregister(&b43_bcma_driver);
5624 #endif
5625         b43_sdio_exit();
5626         b43_pcmcia_exit();
5627         b43_debugfs_exit();
5628 }
5629
5630 module_init(b43_init)
5631 module_exit(b43_exit)
Unnamed repository; edit this file 'description' to name the repository.