]> git.kernelconcepts.de Git - karo-tx-linux.git/blob - drivers/net/wireless/b43/main.c
projects / karo-tx-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
USB: io_ti: Fix NULL dereference in chase_port()
[karo-tx-linux.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124         BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141         SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145
146 /* Channel and ratetables are shared for all devices.
147  * They can't be const, because ieee80211 puts some precalculated
148  * data in there. This data is the same for all devices, so we don't
149  * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151         {                                                               \
152                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
153                 .hw_value       = (_rateid),                            \
154                 .flags          = (_flags),                             \
155         }
156
157 /*
158  * NOTE: When changing this, sync with xmit.c's
159  *       b43_plcp_get_bitrate_idx_* functions!
160  */
161 static struct ieee80211_rate __b43_ratetable[] = {
162         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175
176 #define b43_a_ratetable         (__b43_ratetable + 4)
177 #define b43_a_ratetable_size    8
178 #define b43_b_ratetable         (__b43_ratetable + 0)
179 #define b43_b_ratetable_size    4
180 #define b43_g_ratetable         (__b43_ratetable + 0)
181 #define b43_g_ratetable_size    12
182
183 #define CHAN4G(_channel, _freq, _flags) {                       \
184         .band                   = IEEE80211_BAND_2GHZ,          \
185         .center_freq            = (_freq),                      \
186         .hw_value               = (_channel),                   \
187         .flags                  = (_flags),                     \
188         .max_antenna_gain       = 0,                            \
189         .max_power              = 30,                           \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192         CHAN4G(1, 2412, 0),
193         CHAN4G(2, 2417, 0),
194         CHAN4G(3, 2422, 0),
195         CHAN4G(4, 2427, 0),
196         CHAN4G(5, 2432, 0),
197         CHAN4G(6, 2437, 0),
198         CHAN4G(7, 2442, 0),
199         CHAN4G(8, 2447, 0),
200         CHAN4G(9, 2452, 0),
201         CHAN4G(10, 2457, 0),
202         CHAN4G(11, 2462, 0),
203         CHAN4G(12, 2467, 0),
204         CHAN4G(13, 2472, 0),
205         CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208
209 #define CHAN5G(_channel, _flags) {                              \
210         .band                   = IEEE80211_BAND_5GHZ,          \
211         .center_freq            = 5000 + (5 * (_channel)),      \
212         .hw_value               = (_channel),                   \
213         .flags                  = (_flags),                     \
214         .max_antenna_gain       = 0,                            \
215         .max_power              = 30,                           \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218         CHAN5G(32, 0),          CHAN5G(34, 0),
219         CHAN5G(36, 0),          CHAN5G(38, 0),
220         CHAN5G(40, 0),          CHAN5G(42, 0),
221         CHAN5G(44, 0),          CHAN5G(46, 0),
222         CHAN5G(48, 0),          CHAN5G(50, 0),
223         CHAN5G(52, 0),          CHAN5G(54, 0),
224         CHAN5G(56, 0),          CHAN5G(58, 0),
225         CHAN5G(60, 0),          CHAN5G(62, 0),
226         CHAN5G(64, 0),          CHAN5G(66, 0),
227         CHAN5G(68, 0),          CHAN5G(70, 0),
228         CHAN5G(72, 0),          CHAN5G(74, 0),
229         CHAN5G(76, 0),          CHAN5G(78, 0),
230         CHAN5G(80, 0),          CHAN5G(82, 0),
231         CHAN5G(84, 0),          CHAN5G(86, 0),
232         CHAN5G(88, 0),          CHAN5G(90, 0),
233         CHAN5G(92, 0),          CHAN5G(94, 0),
234         CHAN5G(96, 0),          CHAN5G(98, 0),
235         CHAN5G(100, 0),         CHAN5G(102, 0),
236         CHAN5G(104, 0),         CHAN5G(106, 0),
237         CHAN5G(108, 0),         CHAN5G(110, 0),
238         CHAN5G(112, 0),         CHAN5G(114, 0),
239         CHAN5G(116, 0),         CHAN5G(118, 0),
240         CHAN5G(120, 0),         CHAN5G(122, 0),
241         CHAN5G(124, 0),         CHAN5G(126, 0),
242         CHAN5G(128, 0),         CHAN5G(130, 0),
243         CHAN5G(132, 0),         CHAN5G(134, 0),
244         CHAN5G(136, 0),         CHAN5G(138, 0),
245         CHAN5G(140, 0),         CHAN5G(142, 0),
246         CHAN5G(144, 0),         CHAN5G(145, 0),
247         CHAN5G(146, 0),         CHAN5G(147, 0),
248         CHAN5G(148, 0),         CHAN5G(149, 0),
249         CHAN5G(150, 0),         CHAN5G(151, 0),
250         CHAN5G(152, 0),         CHAN5G(153, 0),
251         CHAN5G(154, 0),         CHAN5G(155, 0),
252         CHAN5G(156, 0),         CHAN5G(157, 0),
253         CHAN5G(158, 0),         CHAN5G(159, 0),
254         CHAN5G(160, 0),         CHAN5G(161, 0),
255         CHAN5G(162, 0),         CHAN5G(163, 0),
256         CHAN5G(164, 0),         CHAN5G(165, 0),
257         CHAN5G(166, 0),         CHAN5G(168, 0),
258         CHAN5G(170, 0),         CHAN5G(172, 0),
259         CHAN5G(174, 0),         CHAN5G(176, 0),
260         CHAN5G(178, 0),         CHAN5G(180, 0),
261         CHAN5G(182, 0),         CHAN5G(184, 0),
262         CHAN5G(186, 0),         CHAN5G(188, 0),
263         CHAN5G(190, 0),         CHAN5G(192, 0),
264         CHAN5G(194, 0),         CHAN5G(196, 0),
265         CHAN5G(198, 0),         CHAN5G(200, 0),
266         CHAN5G(202, 0),         CHAN5G(204, 0),
267         CHAN5G(206, 0),         CHAN5G(208, 0),
268         CHAN5G(210, 0),         CHAN5G(212, 0),
269         CHAN5G(214, 0),         CHAN5G(216, 0),
270         CHAN5G(218, 0),         CHAN5G(220, 0),
271         CHAN5G(222, 0),         CHAN5G(224, 0),
272         CHAN5G(226, 0),         CHAN5G(228, 0),
273 };
274
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276         CHAN5G(34, 0),          CHAN5G(36, 0),
277         CHAN5G(38, 0),          CHAN5G(40, 0),
278         CHAN5G(42, 0),          CHAN5G(44, 0),
279         CHAN5G(46, 0),          CHAN5G(48, 0),
280         CHAN5G(52, 0),          CHAN5G(56, 0),
281         CHAN5G(60, 0),          CHAN5G(64, 0),
282         CHAN5G(100, 0),         CHAN5G(104, 0),
283         CHAN5G(108, 0),         CHAN5G(112, 0),
284         CHAN5G(116, 0),         CHAN5G(120, 0),
285         CHAN5G(124, 0),         CHAN5G(128, 0),
286         CHAN5G(132, 0),         CHAN5G(136, 0),
287         CHAN5G(140, 0),         CHAN5G(149, 0),
288         CHAN5G(153, 0),         CHAN5G(157, 0),
289         CHAN5G(161, 0),         CHAN5G(165, 0),
290         CHAN5G(184, 0),         CHAN5G(188, 0),
291         CHAN5G(192, 0),         CHAN5G(196, 0),
292         CHAN5G(200, 0),         CHAN5G(204, 0),
293         CHAN5G(208, 0),         CHAN5G(212, 0),
294         CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299         .band           = IEEE80211_BAND_5GHZ,
300         .channels       = b43_5ghz_nphy_chantable,
301         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302         .bitrates       = b43_a_ratetable,
303         .n_bitrates     = b43_a_ratetable_size,
304 };
305
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307         .band           = IEEE80211_BAND_5GHZ,
308         .channels       = b43_5ghz_aphy_chantable,
309         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310         .bitrates       = b43_a_ratetable,
311         .n_bitrates     = b43_a_ratetable_size,
312 };
313
314 static struct ieee80211_supported_band b43_band_2GHz = {
315         .band           = IEEE80211_BAND_2GHZ,
316         .channels       = b43_2ghz_chantable,
317         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
318         .bitrates       = b43_g_ratetable,
319         .n_bitrates     = b43_g_ratetable_size,
320 };
321
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327                                     struct ieee80211_vif *vif,
328                                     struct ieee80211_bss_conf *conf,
329                                     u32 changed);
330
331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333         if (!wl || !wl->current_dev)
334                 return 1;
335         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336                 return 1;
337         /* We are up and running.
338          * Ratelimit the messages to avoid DoS over the net. */
339         return net_ratelimit();
340 }
341
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344         struct va_format vaf;
345         va_list args;
346
347         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348                 return;
349         if (!b43_ratelimit(wl))
350                 return;
351
352         va_start(args, fmt);
353
354         vaf.fmt = fmt;
355         vaf.va = &args;
356
357         printk(KERN_INFO "b43-%s: %pV",
358                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360         va_end(args);
361 }
362
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365         struct va_format vaf;
366         va_list args;
367
368         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369                 return;
370         if (!b43_ratelimit(wl))
371                 return;
372
373         va_start(args, fmt);
374
375         vaf.fmt = fmt;
376         vaf.va = &args;
377
378         printk(KERN_ERR "b43-%s ERROR: %pV",
379                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381         va_end(args);
382 }
383
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386         struct va_format vaf;
387         va_list args;
388
389         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390                 return;
391         if (!b43_ratelimit(wl))
392                 return;
393
394         va_start(args, fmt);
395
396         vaf.fmt = fmt;
397         vaf.va = &args;
398
399         printk(KERN_WARNING "b43-%s warning: %pV",
400                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402         va_end(args);
403 }
404
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407         struct va_format vaf;
408         va_list args;
409
410         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411                 return;
412
413         va_start(args, fmt);
414
415         vaf.fmt = fmt;
416         vaf.va = &args;
417
418         printk(KERN_DEBUG "b43-%s debug: %pV",
419                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421         va_end(args);
422 }
423
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426         u32 macctl;
427
428         B43_WARN_ON(offset % 4 != 0);
429
430         macctl = b43_read32(dev, B43_MMIO_MACCTL);
431         if (macctl & B43_MACCTL_BE)
432                 val = swab32(val);
433
434         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435         mmiowb();
436         b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440                                         u16 routing, u16 offset)
441 {
442         u32 control;
443
444         /* "offset" is the WORD offset. */
445         control = routing;
446         control <<= 16;
447         control |= offset;
448         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453         u32 ret;
454
455         if (routing == B43_SHM_SHARED) {
456                 B43_WARN_ON(offset & 0x0001);
457                 if (offset & 0x0003) {
458                         /* Unaligned access */
459                         b43_shm_control_word(dev, routing, offset >> 2);
460                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464                         goto out;
465                 }
466                 offset >>= 2;
467         }
468         b43_shm_control_word(dev, routing, offset);
469         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471         return ret;
472 }
473
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476         u16 ret;
477
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485                         goto out;
486                 }
487                 offset >>= 2;
488         }
489         b43_shm_control_word(dev, routing, offset);
490         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492         return ret;
493 }
494
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497         if (routing == B43_SHM_SHARED) {
498                 B43_WARN_ON(offset & 0x0001);
499                 if (offset & 0x0003) {
500                         /* Unaligned access */
501                         b43_shm_control_word(dev, routing, offset >> 2);
502                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503                                     value & 0xFFFF);
504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505                         b43_write16(dev, B43_MMIO_SHM_DATA,
506                                     (value >> 16) & 0xFFFF);
507                         return;
508                 }
509                 offset >>= 2;
510         }
511         b43_shm_control_word(dev, routing, offset);
512         b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517         if (routing == B43_SHM_SHARED) {
518                 B43_WARN_ON(offset & 0x0001);
519                 if (offset & 0x0003) {
520                         /* Unaligned access */
521                         b43_shm_control_word(dev, routing, offset >> 2);
522                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523                         return;
524                 }
525                 offset >>= 2;
526         }
527         b43_shm_control_word(dev, routing, offset);
528         b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534         u64 ret;
535
536         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537         ret <<= 16;
538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541
542         return ret;
543 }
544
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548         u16 lo, mi, hi;
549
550         lo = (value & 0x00000000FFFFULL);
551         mi = (value & 0x0000FFFF0000ULL) >> 16;
552         hi = (value & 0xFFFF00000000ULL) >> 32;
553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561         B43_WARN_ON(!dev->fw.opensource);
562         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567         u32 low, high;
568
569         B43_WARN_ON(dev->dev->core_rev < 3);
570
571         /* The hardware guarantees us an atomic read, if we
572          * read the low register first. */
573         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576         *tsf = high;
577         *tsf <<= 32;
578         *tsf |= low;
579 }
580
581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591         /* Commit the write */
592         b43_read32(dev, B43_MMIO_MACCTL);
593 }
594
595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597         u32 low, high;
598
599         B43_WARN_ON(dev->dev->core_rev < 3);
600
601         low = tsf;
602         high = (tsf >> 32);
603         /* The hardware guarantees us an atomic write, if we
604          * write the low register first. */
605         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606         mmiowb();
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608         mmiowb();
609 }
610
611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613         b43_time_lock(dev);
614         b43_tsf_write_locked(dev, tsf);
615         b43_time_unlock(dev);
616 }
617
618 static
619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621         static const u8 zero_addr[ETH_ALEN] = { 0 };
622         u16 data;
623
624         if (!mac)
625                 mac = zero_addr;
626
627         offset |= 0x0020;
628         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630         data = mac[0];
631         data |= mac[1] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[2];
634         data |= mac[3] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636         data = mac[4];
637         data |= mac[5] << 8;
638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640
641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643         const u8 *mac;
644         const u8 *bssid;
645         u8 mac_bssid[ETH_ALEN * 2];
646         int i;
647         u32 tmp;
648
649         bssid = dev->wl->bssid;
650         mac = dev->wl->mac_addr;
651
652         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654         memcpy(mac_bssid, mac, ETH_ALEN);
655         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657         /* Write our MAC address and BSSID to template ram */
658         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659                 tmp = (u32) (mac_bssid[i + 0]);
660                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663                 b43_ram_write(dev, 0x20 + i, tmp);
664         }
665 }
666
667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669         b43_write_mac_bssid_templates(dev);
670         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672
673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675         /* slot_time is in usec. */
676         /* This test used to exit for all but a G PHY. */
677         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678                 return;
679         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680         /* Shared memory location 0x0010 is the slot time and should be
681          * set to slot_time; however, this register is initially 0 and changing
682          * the value adversely affects the transmit rate for BCM4311
683          * devices. Until this behavior is unterstood, delete this step
684          *
685          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686          */
687 }
688
689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691         b43_set_slot_time(dev, 9);
692 }
693
694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696         b43_set_slot_time(dev, 20);
697 }
698
699 /* DummyTransmission function, as documented on
700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701  */
702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704         struct b43_phy *phy = &dev->phy;
705         unsigned int i, max_loop;
706         u16 value;
707         u32 buffer[5] = {
708                 0x00000000,
709                 0x00D40000,
710                 0x00000000,
711                 0x01000000,
712                 0x00000000,
713         };
714
715         if (ofdm) {
716                 max_loop = 0x1E;
717                 buffer[0] = 0x000201CC;
718         } else {
719                 max_loop = 0xFA;
720                 buffer[0] = 0x000B846E;
721         }
722
723         for (i = 0; i < 5; i++)
724                 b43_ram_write(dev, i * 4, buffer[i]);
725
726         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728         if (dev->dev->core_rev < 11)
729                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730         else
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733         value = (ofdm ? 0x41 : 0x40);
734         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736             phy->type == B43_PHYTYPE_LCN)
737                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747         if (!pa_on && phy->type == B43_PHYTYPE_N)
748                 ; /*b43_nphy_pa_override(dev, false) */
749
750         switch (phy->type) {
751         case B43_PHYTYPE_N:
752         case B43_PHYTYPE_LCN:
753                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754                 break;
755         case B43_PHYTYPE_LP:
756                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757                 break;
758         default:
759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760         }
761         b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764                 b43_radio_write16(dev, 0x0051, 0x0017);
765         for (i = 0x00; i < max_loop; i++) {
766                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767                 if (value & 0x0080)
768                         break;
769                 udelay(10);
770         }
771         for (i = 0x00; i < 0x0A; i++) {
772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773                 if (value & 0x0400)
774                         break;
775                 udelay(10);
776         }
777         for (i = 0x00; i < 0x19; i++) {
778                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779                 if (!(value & 0x0100))
780                         break;
781                 udelay(10);
782         }
783         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784                 b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786
787 static void key_write(struct b43_wldev *dev,
788                       u8 index, u8 algorithm, const u8 *key)
789 {
790         unsigned int i;
791         u32 offset;
792         u16 value;
793         u16 kidx;
794
795         /* Key index/algo block */
796         kidx = b43_kidx_to_fw(dev, index);
797         value = ((kidx << 4) | algorithm);
798         b43_shm_write16(dev, B43_SHM_SHARED,
799                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801         /* Write the key to the Key Table Pointer offset */
802         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804                 value = key[i];
805                 value |= (u16) (key[i + 1]) << 8;
806                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807         }
808 }
809
810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812         u32 addrtmp[2] = { 0, 0, };
813         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815         if (b43_new_kidx_api(dev))
816                 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818         B43_WARN_ON(index < pairwise_keys_start);
819         /* We have four default TX keys and possibly four default RX keys.
820          * Physical mac 0 is mapped to physical key 4 or 8, depending
821          * on the firmware version.
822          * So we must adjust the index here.
823          */
824         index -= pairwise_keys_start;
825         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827         if (addr) {
828                 addrtmp[0] = addr[0];
829                 addrtmp[0] |= ((u32) (addr[1]) << 8);
830                 addrtmp[0] |= ((u32) (addr[2]) << 16);
831                 addrtmp[0] |= ((u32) (addr[3]) << 24);
832                 addrtmp[1] = addr[4];
833                 addrtmp[1] |= ((u32) (addr[5]) << 8);
834         }
835
836         /* Receive match transmitter address (RCMTA) mechanism */
837         b43_shm_write32(dev, B43_SHM_RCMTA,
838                         (index * 2) + 0, addrtmp[0]);
839         b43_shm_write16(dev, B43_SHM_RCMTA,
840                         (index * 2) + 1, addrtmp[1]);
841 }
842
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844  * When a packet is received, the iv32 is checked.
845  * - if it doesn't the packet is returned without modification (and software
846  *   decryption can be done). That's what happen when iv16 wrap.
847  * - if it does, the rc4 key is computed, and decryption is tried.
848  *   Either it will success and B43_RX_MAC_DEC is returned,
849  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850  *   and the packet is not usable (it got modified by the ucode).
851  * So in order to never have B43_RX_MAC_DECERR, we should provide
852  * a iv32 and phase1key that match. Because we drop packets in case of
853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854  * packets will be lost without higher layer knowing (ie no resync possible
855  * until next wrap).
856  *
857  * NOTE : this should support 50 key like RCMTA because
858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859  */
860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861                 u16 *phase1key)
862 {
863         unsigned int i;
864         u32 offset;
865         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867         if (!modparam_hwtkip)
868                 return;
869
870         if (b43_new_kidx_api(dev))
871                 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873         B43_WARN_ON(index < pairwise_keys_start);
874         /* We have four default TX keys and possibly four default RX keys.
875          * Physical mac 0 is mapped to physical key 4 or 8, depending
876          * on the firmware version.
877          * So we must adjust the index here.
878          */
879         index -= pairwise_keys_start;
880         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882         if (b43_debug(dev, B43_DBG_KEYS)) {
883                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884                                 index, iv32);
885         }
886         /* Write the key to the  RX tkip shared mem */
887         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888         for (i = 0; i < 10; i += 2) {
889                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890                                 phase1key ? phase1key[i / 2] : 0);
891         }
892         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895
896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897                                    struct ieee80211_vif *vif,
898                                    struct ieee80211_key_conf *keyconf,
899                                    struct ieee80211_sta *sta,
900                                    u32 iv32, u16 *phase1key)
901 {
902         struct b43_wl *wl = hw_to_b43_wl(hw);
903         struct b43_wldev *dev;
904         int index = keyconf->hw_key_idx;
905
906         if (B43_WARN_ON(!modparam_hwtkip))
907                 return;
908
909         /* This is only called from the RX path through mac80211, where
910          * our mutex is already locked. */
911         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912         dev = wl->current_dev;
913         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917         rx_tkip_phase1_write(dev, index, iv32, phase1key);
918         /* only pairwise TKIP keys are supported right now */
919         if (WARN_ON(!sta))
920                 return;
921         keymac_write(dev, index, sta->addr);
922 }
923
924 static void do_key_write(struct b43_wldev *dev,
925                          u8 index, u8 algorithm,
926                          const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928         u8 buf[B43_SEC_KEYSIZE] = { 0, };
929         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931         if (b43_new_kidx_api(dev))
932                 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937         if (index >= pairwise_keys_start)
938                 keymac_write(dev, index, NULL); /* First zero out mac. */
939         if (algorithm == B43_SEC_ALGO_TKIP) {
940                 /*
941                  * We should provide an initial iv32, phase1key pair.
942                  * We could start with iv32=0 and compute the corresponding
943                  * phase1key, but this means calling ieee80211_get_tkip_key
944                  * with a fake skb (or export other tkip function).
945                  * Because we are lazy we hope iv32 won't start with
946                  * 0xffffffff and let's b43_op_update_tkip_key provide a
947                  * correct pair.
948                  */
949                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950         } else if (index >= pairwise_keys_start) /* clear it */
951                 rx_tkip_phase1_write(dev, index, 0, NULL);
952         if (key)
953                 memcpy(buf, key, key_len);
954         key_write(dev, index, algorithm, buf);
955         if (index >= pairwise_keys_start)
956                 keymac_write(dev, index, mac_addr);
957
958         dev->key[index].algorithm = algorithm;
959 }
960
961 static int b43_key_write(struct b43_wldev *dev,
962                          int index, u8 algorithm,
963                          const u8 *key, size_t key_len,
964                          const u8 *mac_addr,
965                          struct ieee80211_key_conf *keyconf)
966 {
967         int i;
968         int pairwise_keys_start;
969
970         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971          *      - Temporal Encryption Key (128 bits)
972          *      - Temporal Authenticator Tx MIC Key (64 bits)
973          *      - Temporal Authenticator Rx MIC Key (64 bits)
974          *
975          *      Hardware only store TEK
976          */
977         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978                 key_len = 16;
979         if (key_len > B43_SEC_KEYSIZE)
980                 return -EINVAL;
981         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982                 /* Check that we don't already have this key. */
983                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984         }
985         if (index < 0) {
986                 /* Pairwise key. Get an empty slot for the key. */
987                 if (b43_new_kidx_api(dev))
988                         pairwise_keys_start = B43_NR_GROUP_KEYS;
989                 else
990                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991                 for (i = pairwise_keys_start;
992                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993                      i++) {
994                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995                         if (!dev->key[i].keyconf) {
996                                 /* found empty */
997                                 index = i;
998                                 break;
999                         }
1000                 }
1001                 if (index < 0) {
1002                         b43warn(dev->wl, "Out of hardware key memory\n");
1003                         return -ENOSPC;
1004                 }
1005         } else
1006                 B43_WARN_ON(index > 3);
1007
1008         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010                 /* Default RX key */
1011                 B43_WARN_ON(mac_addr);
1012                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013         }
1014         keyconf->hw_key_idx = index;
1015         dev->key[index].keyconf = keyconf;
1016
1017         return 0;
1018 }
1019
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023                 return -EINVAL;
1024         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025                      NULL, B43_SEC_KEYSIZE, NULL);
1026         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028                              NULL, B43_SEC_KEYSIZE, NULL);
1029         }
1030         dev->key[index].keyconf = NULL;
1031
1032         return 0;
1033 }
1034
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037         int i, count;
1038
1039         if (b43_new_kidx_api(dev))
1040                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041         else
1042                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043         for (i = 0; i < count; i++)
1044                 b43_key_clear(dev, i);
1045 }
1046
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049         unsigned int i, index, count, offset, pairwise_keys_start;
1050         u8 mac[ETH_ALEN];
1051         u16 algo;
1052         u32 rcmta0;
1053         u16 rcmta1;
1054         u64 hf;
1055         struct b43_key *key;
1056
1057         if (!b43_debug(dev, B43_DBG_KEYS))
1058                 return;
1059
1060         hf = b43_hf_read(dev);
1061         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1062                !!(hf & B43_HF_USEDEFKEYS));
1063         if (b43_new_kidx_api(dev)) {
1064                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066         } else {
1067                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069         }
1070         for (index = 0; index < count; index++) {
1071                 key = &(dev->key[index]);
1072                 printk(KERN_DEBUG "Key slot %02u: %s",
1073                        index, (key->keyconf == NULL) ? " " : "*");
1074                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078                 }
1079
1080                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1083
1084                 if (index >= pairwise_keys_start) {
1085                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086                                 printk("   TKIP: ");
1087                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088                                 for (i = 0; i < 14; i += 2) {
1089                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091                                 }
1092                         }
1093                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094                                                 ((index - pairwise_keys_start) * 2) + 0);
1095                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 1);
1097                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099                         printk("   MAC: %pM", mac);
1100                 } else
1101                         printk("   DEFAULT KEY");
1102                 printk("\n");
1103         }
1104 }
1105
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108         u32 macctl;
1109         u16 ucstat;
1110         bool hwps;
1111         bool awake;
1112         int i;
1113
1114         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115                     (ps_flags & B43_PS_DISABLED));
1116         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118         if (ps_flags & B43_PS_ENABLED) {
1119                 hwps = true;
1120         } else if (ps_flags & B43_PS_DISABLED) {
1121                 hwps = false;
1122         } else {
1123                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124                 //      and thus is not an AP and we are associated, set bit 25
1125         }
1126         if (ps_flags & B43_PS_AWAKE) {
1127                 awake = true;
1128         } else if (ps_flags & B43_PS_ASLEEP) {
1129                 awake = false;
1130         } else {
1131                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133                 //      successful, set bit26
1134         }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137         hwps = false;
1138         awake = true;
1139
1140         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141         if (hwps)
1142                 macctl |= B43_MACCTL_HWPS;
1143         else
1144                 macctl &= ~B43_MACCTL_HWPS;
1145         if (awake)
1146                 macctl |= B43_MACCTL_AWAKE;
1147         else
1148                 macctl &= ~B43_MACCTL_AWAKE;
1149         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150         /* Commit write */
1151         b43_read32(dev, B43_MMIO_MACCTL);
1152         if (awake && dev->dev->core_rev >= 5) {
1153                 /* Wait for the microcode to wake up. */
1154                 for (i = 0; i < 100; i++) {
1155                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156                                                 B43_SHM_SH_UCODESTAT);
1157                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158                                 break;
1159                         udelay(10);
1160                 }
1161         }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167         u32 flags;
1168
1169         /* Put PHY into reset */
1170         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171         flags |= B43_BCMA_IOCTL_PHY_RESET;
1172         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174         udelay(2);
1175
1176         /* Take PHY out of reset */
1177         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179         flags |= BCMA_IOCTL_FGC;
1180         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181         udelay(1);
1182
1183         /* Do not force clock anymore */
1184         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185         flags &= ~BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188 }
1189
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1193         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1194         b43_bcma_phy_reset(dev);
1195         bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1196 }
1197 #endif
1198
1199 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1200 {
1201         struct ssb_device *sdev = dev->dev->sdev;
1202         u32 tmslow;
1203         u32 flags = 0;
1204
1205         if (gmode)
1206                 flags |= B43_TMSLOW_GMODE;
1207         flags |= B43_TMSLOW_PHYCLKEN;
1208         flags |= B43_TMSLOW_PHYRESET;
1209         if (dev->phy.type == B43_PHYTYPE_N)
1210                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1211         b43_device_enable(dev, flags);
1212         msleep(2);              /* Wait for the PLL to turn on. */
1213
1214         /* Now take the PHY out of Reset again */
1215         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1216         tmslow |= SSB_TMSLOW_FGC;
1217         tmslow &= ~B43_TMSLOW_PHYRESET;
1218         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1219         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1220         msleep(1);
1221         tmslow &= ~SSB_TMSLOW_FGC;
1222         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1223         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1224         msleep(1);
1225 }
1226
1227 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1228 {
1229         u32 macctl;
1230
1231         switch (dev->dev->bus_type) {
1232 #ifdef CONFIG_B43_BCMA
1233         case B43_BUS_BCMA:
1234                 b43_bcma_wireless_core_reset(dev, gmode);
1235                 break;
1236 #endif
1237 #ifdef CONFIG_B43_SSB
1238         case B43_BUS_SSB:
1239                 b43_ssb_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242         }
1243
1244         /* Turn Analog ON, but only if we already know the PHY-type.
1245          * This protects against very early setup where we don't know the
1246          * PHY-type, yet. wireless_core_reset will be called once again later,
1247          * when we know the PHY-type. */
1248         if (dev->phy.ops)
1249                 dev->phy.ops->switch_analog(dev, 1);
1250
1251         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1252         macctl &= ~B43_MACCTL_GMODE;
1253         if (gmode)
1254                 macctl |= B43_MACCTL_GMODE;
1255         macctl |= B43_MACCTL_IHR_ENABLED;
1256         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1257 }
1258
1259 static void handle_irq_transmit_status(struct b43_wldev *dev)
1260 {
1261         u32 v0, v1;
1262         u16 tmp;
1263         struct b43_txstatus stat;
1264
1265         while (1) {
1266                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1267                 if (!(v0 & 0x00000001))
1268                         break;
1269                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1270
1271                 stat.cookie = (v0 >> 16);
1272                 stat.seq = (v1 & 0x0000FFFF);
1273                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1274                 tmp = (v0 & 0x0000FFFF);
1275                 stat.frame_count = ((tmp & 0xF000) >> 12);
1276                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1277                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1278                 stat.pm_indicated = !!(tmp & 0x0080);
1279                 stat.intermediate = !!(tmp & 0x0040);
1280                 stat.for_ampdu = !!(tmp & 0x0020);
1281                 stat.acked = !!(tmp & 0x0002);
1282
1283                 b43_handle_txstatus(dev, &stat);
1284         }
1285 }
1286
1287 static void drain_txstatus_queue(struct b43_wldev *dev)
1288 {
1289         u32 dummy;
1290
1291         if (dev->dev->core_rev < 5)
1292                 return;
1293         /* Read all entries from the microcode TXstatus FIFO
1294          * and throw them away.
1295          */
1296         while (1) {
1297                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1298                 if (!(dummy & 0x00000001))
1299                         break;
1300                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1301         }
1302 }
1303
1304 static u32 b43_jssi_read(struct b43_wldev *dev)
1305 {
1306         u32 val = 0;
1307
1308         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1309         val <<= 16;
1310         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1311
1312         return val;
1313 }
1314
1315 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1316 {
1317         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1318         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1319 }
1320
1321 static void b43_generate_noise_sample(struct b43_wldev *dev)
1322 {
1323         b43_jssi_write(dev, 0x7F7F7F7F);
1324         b43_write32(dev, B43_MMIO_MACCMD,
1325                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1326 }
1327
1328 static void b43_calculate_link_quality(struct b43_wldev *dev)
1329 {
1330         /* Top half of Link Quality calculation. */
1331
1332         if (dev->phy.type != B43_PHYTYPE_G)
1333                 return;
1334         if (dev->noisecalc.calculation_running)
1335                 return;
1336         dev->noisecalc.calculation_running = true;
1337         dev->noisecalc.nr_samples = 0;
1338
1339         b43_generate_noise_sample(dev);
1340 }
1341
1342 static void handle_irq_noise(struct b43_wldev *dev)
1343 {
1344         struct b43_phy_g *phy = dev->phy.g;
1345         u16 tmp;
1346         u8 noise[4];
1347         u8 i, j;
1348         s32 average;
1349
1350         /* Bottom half of Link Quality calculation. */
1351
1352         if (dev->phy.type != B43_PHYTYPE_G)
1353                 return;
1354
1355         /* Possible race condition: It might be possible that the user
1356          * changed to a different channel in the meantime since we
1357          * started the calculation. We ignore that fact, since it's
1358          * not really that much of a problem. The background noise is
1359          * an estimation only anyway. Slightly wrong results will get damped
1360          * by the averaging of the 8 sample rounds. Additionally the
1361          * value is shortlived. So it will be replaced by the next noise
1362          * calculation round soon. */
1363
1364         B43_WARN_ON(!dev->noisecalc.calculation_running);
1365         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1366         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1367             noise[2] == 0x7F || noise[3] == 0x7F)
1368                 goto generate_new;
1369
1370         /* Get the noise samples. */
1371         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1372         i = dev->noisecalc.nr_samples;
1373         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1374         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1375         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1376         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1377         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1378         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1379         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1380         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1381         dev->noisecalc.nr_samples++;
1382         if (dev->noisecalc.nr_samples == 8) {
1383                 /* Calculate the Link Quality by the noise samples. */
1384                 average = 0;
1385                 for (i = 0; i < 8; i++) {
1386                         for (j = 0; j < 4; j++)
1387                                 average += dev->noisecalc.samples[i][j];
1388                 }
1389                 average /= (8 * 4);
1390                 average *= 125;
1391                 average += 64;
1392                 average /= 128;
1393                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1394                 tmp = (tmp / 128) & 0x1F;
1395                 if (tmp >= 8)
1396                         average += 2;
1397                 else
1398                         average -= 25;
1399                 if (tmp == 8)
1400                         average -= 72;
1401                 else
1402                         average -= 48;
1403
1404                 dev->stats.link_noise = average;
1405                 dev->noisecalc.calculation_running = false;
1406                 return;
1407         }
1408 generate_new:
1409         b43_generate_noise_sample(dev);
1410 }
1411
1412 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1413 {
1414         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1415                 ///TODO: PS TBTT
1416         } else {
1417                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1418                         b43_power_saving_ctl_bits(dev, 0);
1419         }
1420         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1421                 dev->dfq_valid = true;
1422 }
1423
1424 static void handle_irq_atim_end(struct b43_wldev *dev)
1425 {
1426         if (dev->dfq_valid) {
1427                 b43_write32(dev, B43_MMIO_MACCMD,
1428                             b43_read32(dev, B43_MMIO_MACCMD)
1429                             | B43_MACCMD_DFQ_VALID);
1430                 dev->dfq_valid = false;
1431         }
1432 }
1433
1434 static void handle_irq_pmq(struct b43_wldev *dev)
1435 {
1436         u32 tmp;
1437
1438         //TODO: AP mode.
1439
1440         while (1) {
1441                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1442                 if (!(tmp & 0x00000008))
1443                         break;
1444         }
1445         /* 16bit write is odd, but correct. */
1446         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1447 }
1448
1449 static void b43_write_template_common(struct b43_wldev *dev,
1450                                       const u8 *data, u16 size,
1451                                       u16 ram_offset,
1452                                       u16 shm_size_offset, u8 rate)
1453 {
1454         u32 i, tmp;
1455         struct b43_plcp_hdr4 plcp;
1456
1457         plcp.data = 0;
1458         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1459         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1460         ram_offset += sizeof(u32);
1461         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1462          * So leave the first two bytes of the next write blank.
1463          */
1464         tmp = (u32) (data[0]) << 16;
1465         tmp |= (u32) (data[1]) << 24;
1466         b43_ram_write(dev, ram_offset, tmp);
1467         ram_offset += sizeof(u32);
1468         for (i = 2; i < size; i += sizeof(u32)) {
1469                 tmp = (u32) (data[i + 0]);
1470                 if (i + 1 < size)
1471                         tmp |= (u32) (data[i + 1]) << 8;
1472                 if (i + 2 < size)
1473                         tmp |= (u32) (data[i + 2]) << 16;
1474                 if (i + 3 < size)
1475                         tmp |= (u32) (data[i + 3]) << 24;
1476                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1477         }
1478         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1479                         size + sizeof(struct b43_plcp_hdr6));
1480 }
1481
1482 /* Check if the use of the antenna that ieee80211 told us to
1483  * use is possible. This will fall back to DEFAULT.
1484  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1485 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1486                                   u8 antenna_nr)
1487 {
1488         u8 antenna_mask;
1489
1490         if (antenna_nr == 0) {
1491                 /* Zero means "use default antenna". That's always OK. */
1492                 return 0;
1493         }
1494
1495         /* Get the mask of available antennas. */
1496         if (dev->phy.gmode)
1497                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1498         else
1499                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1500
1501         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1502                 /* This antenna is not available. Fall back to default. */
1503                 return 0;
1504         }
1505
1506         return antenna_nr;
1507 }
1508
1509 /* Convert a b43 antenna number value to the PHY TX control value. */
1510 static u16 b43_antenna_to_phyctl(int antenna)
1511 {
1512         switch (antenna) {
1513         case B43_ANTENNA0:
1514                 return B43_TXH_PHY_ANT0;
1515         case B43_ANTENNA1:
1516                 return B43_TXH_PHY_ANT1;
1517         case B43_ANTENNA2:
1518                 return B43_TXH_PHY_ANT2;
1519         case B43_ANTENNA3:
1520                 return B43_TXH_PHY_ANT3;
1521         case B43_ANTENNA_AUTO0:
1522         case B43_ANTENNA_AUTO1:
1523                 return B43_TXH_PHY_ANT01AUTO;
1524         }
1525         B43_WARN_ON(1);
1526         return 0;
1527 }
1528
1529 static void b43_write_beacon_template(struct b43_wldev *dev,
1530                                       u16 ram_offset,
1531                                       u16 shm_size_offset)
1532 {
1533         unsigned int i, len, variable_len;
1534         const struct ieee80211_mgmt *bcn;
1535         const u8 *ie;
1536         bool tim_found = false;
1537         unsigned int rate;
1538         u16 ctl;
1539         int antenna;
1540         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1541
1542         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1543         len = min((size_t) dev->wl->current_beacon->len,
1544                   0x200 - sizeof(struct b43_plcp_hdr6));
1545         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1546
1547         b43_write_template_common(dev, (const u8 *)bcn,
1548                                   len, ram_offset, shm_size_offset, rate);
1549
1550         /* Write the PHY TX control parameters. */
1551         antenna = B43_ANTENNA_DEFAULT;
1552         antenna = b43_antenna_to_phyctl(antenna);
1553         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1554         /* We can't send beacons with short preamble. Would get PHY errors. */
1555         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1556         ctl &= ~B43_TXH_PHY_ANT;
1557         ctl &= ~B43_TXH_PHY_ENC;
1558         ctl |= antenna;
1559         if (b43_is_cck_rate(rate))
1560                 ctl |= B43_TXH_PHY_ENC_CCK;
1561         else
1562                 ctl |= B43_TXH_PHY_ENC_OFDM;
1563         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1564
1565         /* Find the position of the TIM and the DTIM_period value
1566          * and write them to SHM. */
1567         ie = bcn->u.beacon.variable;
1568         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1569         for (i = 0; i < variable_len - 2; ) {
1570                 uint8_t ie_id, ie_len;
1571
1572                 ie_id = ie[i];
1573                 ie_len = ie[i + 1];
1574                 if (ie_id == 5) {
1575                         u16 tim_position;
1576                         u16 dtim_period;
1577                         /* This is the TIM Information Element */
1578
1579                         /* Check whether the ie_len is in the beacon data range. */
1580                         if (variable_len < ie_len + 2 + i)
1581                                 break;
1582                         /* A valid TIM is at least 4 bytes long. */
1583                         if (ie_len < 4)
1584                                 break;
1585                         tim_found = true;
1586
1587                         tim_position = sizeof(struct b43_plcp_hdr6);
1588                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1589                         tim_position += i;
1590
1591                         dtim_period = ie[i + 3];
1592
1593                         b43_shm_write16(dev, B43_SHM_SHARED,
1594                                         B43_SHM_SH_TIMBPOS, tim_position);
1595                         b43_shm_write16(dev, B43_SHM_SHARED,
1596                                         B43_SHM_SH_DTIMPER, dtim_period);
1597                         break;
1598                 }
1599                 i += ie_len + 2;
1600         }
1601         if (!tim_found) {
1602                 /*
1603                  * If ucode wants to modify TIM do it behind the beacon, this
1604                  * will happen, for example, when doing mesh networking.
1605                  */
1606                 b43_shm_write16(dev, B43_SHM_SHARED,
1607                                 B43_SHM_SH_TIMBPOS,
1608                                 len + sizeof(struct b43_plcp_hdr6));
1609                 b43_shm_write16(dev, B43_SHM_SHARED,
1610                                 B43_SHM_SH_DTIMPER, 0);
1611         }
1612         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1613 }
1614
1615 static void b43_upload_beacon0(struct b43_wldev *dev)
1616 {
1617         struct b43_wl *wl = dev->wl;
1618
1619         if (wl->beacon0_uploaded)
1620                 return;
1621         b43_write_beacon_template(dev, 0x68, 0x18);
1622         wl->beacon0_uploaded = true;
1623 }
1624
1625 static void b43_upload_beacon1(struct b43_wldev *dev)
1626 {
1627         struct b43_wl *wl = dev->wl;
1628
1629         if (wl->beacon1_uploaded)
1630                 return;
1631         b43_write_beacon_template(dev, 0x468, 0x1A);
1632         wl->beacon1_uploaded = true;
1633 }
1634
1635 static void handle_irq_beacon(struct b43_wldev *dev)
1636 {
1637         struct b43_wl *wl = dev->wl;
1638         u32 cmd, beacon0_valid, beacon1_valid;
1639
1640         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1641             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1642             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1643                 return;
1644
1645         /* This is the bottom half of the asynchronous beacon update. */
1646
1647         /* Ignore interrupt in the future. */
1648         dev->irq_mask &= ~B43_IRQ_BEACON;
1649
1650         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1651         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1652         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1653
1654         /* Schedule interrupt manually, if busy. */
1655         if (beacon0_valid && beacon1_valid) {
1656                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1657                 dev->irq_mask |= B43_IRQ_BEACON;
1658                 return;
1659         }
1660
1661         if (unlikely(wl->beacon_templates_virgin)) {
1662                 /* We never uploaded a beacon before.
1663                  * Upload both templates now, but only mark one valid. */
1664                 wl->beacon_templates_virgin = false;
1665                 b43_upload_beacon0(dev);
1666                 b43_upload_beacon1(dev);
1667                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1668                 cmd |= B43_MACCMD_BEACON0_VALID;
1669                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1670         } else {
1671                 if (!beacon0_valid) {
1672                         b43_upload_beacon0(dev);
1673                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1674                         cmd |= B43_MACCMD_BEACON0_VALID;
1675                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1676                 } else if (!beacon1_valid) {
1677                         b43_upload_beacon1(dev);
1678                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1679                         cmd |= B43_MACCMD_BEACON1_VALID;
1680                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1681                 }
1682         }
1683 }
1684
1685 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1686 {
1687         u32 old_irq_mask = dev->irq_mask;
1688
1689         /* update beacon right away or defer to irq */
1690         handle_irq_beacon(dev);
1691         if (old_irq_mask != dev->irq_mask) {
1692                 /* The handler updated the IRQ mask. */
1693                 B43_WARN_ON(!dev->irq_mask);
1694                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1695                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1696                 } else {
1697                         /* Device interrupts are currently disabled. That means
1698                          * we just ran the hardirq handler and scheduled the
1699                          * IRQ thread. The thread will write the IRQ mask when
1700                          * it finished, so there's nothing to do here. Writing
1701                          * the mask _here_ would incorrectly re-enable IRQs. */
1702                 }
1703         }
1704 }
1705
1706 static void b43_beacon_update_trigger_work(struct work_struct *work)
1707 {
1708         struct b43_wl *wl = container_of(work, struct b43_wl,
1709                                          beacon_update_trigger);
1710         struct b43_wldev *dev;
1711
1712         mutex_lock(&wl->mutex);
1713         dev = wl->current_dev;
1714         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1715                 if (b43_bus_host_is_sdio(dev->dev)) {
1716                         /* wl->mutex is enough. */
1717                         b43_do_beacon_update_trigger_work(dev);
1718                         mmiowb();
1719                 } else {
1720                         spin_lock_irq(&wl->hardirq_lock);
1721                         b43_do_beacon_update_trigger_work(dev);
1722                         mmiowb();
1723                         spin_unlock_irq(&wl->hardirq_lock);
1724                 }
1725         }
1726         mutex_unlock(&wl->mutex);
1727 }
1728
1729 /* Asynchronously update the packet templates in template RAM.
1730  * Locking: Requires wl->mutex to be locked. */
1731 static void b43_update_templates(struct b43_wl *wl)
1732 {
1733         struct sk_buff *beacon;
1734
1735         /* This is the top half of the ansynchronous beacon update.
1736          * The bottom half is the beacon IRQ.
1737          * Beacon update must be asynchronous to avoid sending an
1738          * invalid beacon. This can happen for example, if the firmware
1739          * transmits a beacon while we are updating it. */
1740
1741         /* We could modify the existing beacon and set the aid bit in
1742          * the TIM field, but that would probably require resizing and
1743          * moving of data within the beacon template.
1744          * Simply request a new beacon and let mac80211 do the hard work. */
1745         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1746         if (unlikely(!beacon))
1747                 return;
1748
1749         if (wl->current_beacon)
1750                 dev_kfree_skb_any(wl->current_beacon);
1751         wl->current_beacon = beacon;
1752         wl->beacon0_uploaded = false;
1753         wl->beacon1_uploaded = false;
1754         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1755 }
1756
1757 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1758 {
1759         b43_time_lock(dev);
1760         if (dev->dev->core_rev >= 3) {
1761                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1762                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1763         } else {
1764                 b43_write16(dev, 0x606, (beacon_int >> 6));
1765                 b43_write16(dev, 0x610, beacon_int);
1766         }
1767         b43_time_unlock(dev);
1768         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1769 }
1770
1771 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1772 {
1773         u16 reason;
1774
1775         /* Read the register that contains the reason code for the panic. */
1776         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1777         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1778
1779         switch (reason) {
1780         default:
1781                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1782                 /* fallthrough */
1783         case B43_FWPANIC_DIE:
1784                 /* Do not restart the controller or firmware.
1785                  * The device is nonfunctional from now on.
1786                  * Restarting would result in this panic to trigger again,
1787                  * so we avoid that recursion. */
1788                 break;
1789         case B43_FWPANIC_RESTART:
1790                 b43_controller_restart(dev, "Microcode panic");
1791                 break;
1792         }
1793 }
1794
1795 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1796 {
1797         unsigned int i, cnt;
1798         u16 reason, marker_id, marker_line;
1799         __le16 *buf;
1800
1801         /* The proprietary firmware doesn't have this IRQ. */
1802         if (!dev->fw.opensource)
1803                 return;
1804
1805         /* Read the register that contains the reason code for this IRQ. */
1806         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1807
1808         switch (reason) {
1809         case B43_DEBUGIRQ_PANIC:
1810                 b43_handle_firmware_panic(dev);
1811                 break;
1812         case B43_DEBUGIRQ_DUMP_SHM:
1813                 if (!B43_DEBUG)
1814                         break; /* Only with driver debugging enabled. */
1815                 buf = kmalloc(4096, GFP_ATOMIC);
1816                 if (!buf) {
1817                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1818                         goto out;
1819                 }
1820                 for (i = 0; i < 4096; i += 2) {
1821                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1822                         buf[i / 2] = cpu_to_le16(tmp);
1823                 }
1824                 b43info(dev->wl, "Shared memory dump:\n");
1825                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1826                                16, 2, buf, 4096, 1);
1827                 kfree(buf);
1828                 break;
1829         case B43_DEBUGIRQ_DUMP_REGS:
1830                 if (!B43_DEBUG)
1831                         break; /* Only with driver debugging enabled. */
1832                 b43info(dev->wl, "Microcode register dump:\n");
1833                 for (i = 0, cnt = 0; i < 64; i++) {
1834                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1835                         if (cnt == 0)
1836                                 printk(KERN_INFO);
1837                         printk("r%02u: 0x%04X  ", i, tmp);
1838                         cnt++;
1839                         if (cnt == 6) {
1840                                 printk("\n");
1841                                 cnt = 0;
1842                         }
1843                 }
1844                 printk("\n");
1845                 break;
1846         case B43_DEBUGIRQ_MARKER:
1847                 if (!B43_DEBUG)
1848                         break; /* Only with driver debugging enabled. */
1849                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1850                                            B43_MARKER_ID_REG);
1851                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1852                                              B43_MARKER_LINE_REG);
1853                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1854                         "at line number %u\n",
1855                         marker_id, marker_line);
1856                 break;
1857         default:
1858                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1859                        reason);
1860         }
1861 out:
1862         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1863         b43_shm_write16(dev, B43_SHM_SCRATCH,
1864                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1865 }
1866
1867 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1868 {
1869         u32 reason;
1870         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1871         u32 merged_dma_reason = 0;
1872         int i;
1873
1874         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1875                 return;
1876
1877         reason = dev->irq_reason;
1878         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1879                 dma_reason[i] = dev->dma_reason[i];
1880                 merged_dma_reason |= dma_reason[i];
1881         }
1882
1883         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1884                 b43err(dev->wl, "MAC transmission error\n");
1885
1886         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1887                 b43err(dev->wl, "PHY transmission error\n");
1888                 rmb();
1889                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1890                         atomic_set(&dev->phy.txerr_cnt,
1891                                    B43_PHY_TX_BADNESS_LIMIT);
1892                         b43err(dev->wl, "Too many PHY TX errors, "
1893                                         "restarting the controller\n");
1894                         b43_controller_restart(dev, "PHY TX errors");
1895                 }
1896         }
1897
1898         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1899                                           B43_DMAIRQ_NONFATALMASK))) {
1900                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1901                         b43err(dev->wl, "Fatal DMA error: "
1902                                "0x%08X, 0x%08X, 0x%08X, "
1903                                "0x%08X, 0x%08X, 0x%08X\n",
1904                                dma_reason[0], dma_reason[1],
1905                                dma_reason[2], dma_reason[3],
1906                                dma_reason[4], dma_reason[5]);
1907                         b43err(dev->wl, "This device does not support DMA "
1908                                "on your system. It will now be switched to PIO.\n");
1909                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1910                         dev->use_pio = true;
1911                         b43_controller_restart(dev, "DMA error");
1912                         return;
1913                 }
1914                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1915                         b43err(dev->wl, "DMA error: "
1916                                "0x%08X, 0x%08X, 0x%08X, "
1917                                "0x%08X, 0x%08X, 0x%08X\n",
1918                                dma_reason[0], dma_reason[1],
1919                                dma_reason[2], dma_reason[3],
1920                                dma_reason[4], dma_reason[5]);
1921                 }
1922         }
1923
1924         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1925                 handle_irq_ucode_debug(dev);
1926         if (reason & B43_IRQ_TBTT_INDI)
1927                 handle_irq_tbtt_indication(dev);
1928         if (reason & B43_IRQ_ATIM_END)
1929                 handle_irq_atim_end(dev);
1930         if (reason & B43_IRQ_BEACON)
1931                 handle_irq_beacon(dev);
1932         if (reason & B43_IRQ_PMQ)
1933                 handle_irq_pmq(dev);
1934         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1935                 ;/* TODO */
1936         if (reason & B43_IRQ_NOISESAMPLE_OK)
1937                 handle_irq_noise(dev);
1938
1939         /* Check the DMA reason registers for received data. */
1940         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941                 if (b43_using_pio_transfers(dev))
1942                         b43_pio_rx(dev->pio.rx_queue);
1943                 else
1944                         b43_dma_rx(dev->dma.rx_ring);
1945         }
1946         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952         if (reason & B43_IRQ_TX_OK)
1953                 handle_irq_transmit_status(dev);
1954
1955         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958 #if B43_DEBUG
1959         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960                 dev->irq_count++;
1961                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962                         if (reason & (1 << i))
1963                                 dev->irq_bit_count[i]++;
1964                 }
1965         }
1966 #endif
1967 }
1968
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972         struct b43_wldev *dev = dev_id;
1973
1974         mutex_lock(&dev->wl->mutex);
1975         b43_do_interrupt_thread(dev);
1976         mmiowb();
1977         mutex_unlock(&dev->wl->mutex);
1978
1979         return IRQ_HANDLED;
1980 }
1981
1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984         u32 reason;
1985
1986         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987          * On SDIO, this runs under wl->mutex. */
1988
1989         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990         if (reason == 0xffffffff)       /* shared IRQ */
1991                 return IRQ_NONE;
1992         reason &= dev->irq_mask;
1993         if (!reason)
1994                 return IRQ_NONE;
1995
1996         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997             & 0x0001DC00;
1998         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999             & 0x0000DC00;
2000         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003             & 0x0001DC00;
2004         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005             & 0x0000DC00;
2006 /* Unused ring
2007         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008             & 0x0000DC00;
2009 */
2010
2011         /* ACK the interrupt. */
2012         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021
2022         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024         /* Save the reason bitmasks for the IRQ thread handler. */
2025         dev->irq_reason = reason;
2026
2027         return IRQ_WAKE_THREAD;
2028 }
2029
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033         struct b43_wldev *dev = dev_id;
2034         irqreturn_t ret;
2035
2036         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037                 return IRQ_NONE;
2038
2039         spin_lock(&dev->wl->hardirq_lock);
2040         ret = b43_do_interrupt(dev);
2041         mmiowb();
2042         spin_unlock(&dev->wl->hardirq_lock);
2043
2044         return ret;
2045 }
2046
2047 /* SDIO interrupt handler. This runs in process context. */
2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050         struct b43_wl *wl = dev->wl;
2051         irqreturn_t ret;
2052
2053         mutex_lock(&wl->mutex);
2054
2055         ret = b43_do_interrupt(dev);
2056         if (ret == IRQ_WAKE_THREAD)
2057                 b43_do_interrupt_thread(dev);
2058
2059         mutex_unlock(&wl->mutex);
2060 }
2061
2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064         release_firmware(fw->data);
2065         fw->data = NULL;
2066         fw->filename = NULL;
2067 }
2068
2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071         b43_do_release_fw(&dev->fw.ucode);
2072         b43_do_release_fw(&dev->fw.pcm);
2073         b43_do_release_fw(&dev->fw.initvals);
2074         b43_do_release_fw(&dev->fw.initvals_band);
2075 }
2076
2077 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2078 {
2079         const char text[] =
2080                 "You must go to " \
2081                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2082                 "and download the correct firmware for this driver version. " \
2083                 "Please carefully read all instructions on this website.\n";
2084
2085         if (error)
2086                 b43err(wl, text);
2087         else
2088                 b43warn(wl, text);
2089 }
2090
2091 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2092                       const char *name,
2093                       struct b43_firmware_file *fw)
2094 {
2095         const struct firmware *blob;
2096         struct b43_fw_header *hdr;
2097         u32 size;
2098         int err;
2099
2100         if (!name) {
2101                 /* Don't fetch anything. Free possibly cached firmware. */
2102                 /* FIXME: We should probably keep it anyway, to save some headache
2103                  * on suspend/resume with multiband devices. */
2104                 b43_do_release_fw(fw);
2105                 return 0;
2106         }
2107         if (fw->filename) {
2108                 if ((fw->type == ctx->req_type) &&
2109                     (strcmp(fw->filename, name) == 0))
2110                         return 0; /* Already have this fw. */
2111                 /* Free the cached firmware first. */
2112                 /* FIXME: We should probably do this later after we successfully
2113                  * got the new fw. This could reduce headache with multiband devices.
2114                  * We could also redesign this to cache the firmware for all possible
2115                  * bands all the time. */
2116                 b43_do_release_fw(fw);
2117         }
2118
2119         switch (ctx->req_type) {
2120         case B43_FWTYPE_PROPRIETARY:
2121                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2122                          "b43%s/%s.fw",
2123                          modparam_fwpostfix, name);
2124                 break;
2125         case B43_FWTYPE_OPENSOURCE:
2126                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2127                          "b43-open%s/%s.fw",
2128                          modparam_fwpostfix, name);
2129                 break;
2130         default:
2131                 B43_WARN_ON(1);
2132                 return -ENOSYS;
2133         }
2134         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2135         if (err == -ENOENT) {
2136                 snprintf(ctx->errors[ctx->req_type],
2137                          sizeof(ctx->errors[ctx->req_type]),
2138                          "Firmware file \"%s\" not found\n", ctx->fwname);
2139                 return err;
2140         } else if (err) {
2141                 snprintf(ctx->errors[ctx->req_type],
2142                          sizeof(ctx->errors[ctx->req_type]),
2143                          "Firmware file \"%s\" request failed (err=%d)\n",
2144                          ctx->fwname, err);
2145                 return err;
2146         }
2147         if (blob->size < sizeof(struct b43_fw_header))
2148                 goto err_format;
2149         hdr = (struct b43_fw_header *)(blob->data);
2150         switch (hdr->type) {
2151         case B43_FW_TYPE_UCODE:
2152         case B43_FW_TYPE_PCM:
2153                 size = be32_to_cpu(hdr->size);
2154                 if (size != blob->size - sizeof(struct b43_fw_header))
2155                         goto err_format;
2156                 /* fallthrough */
2157         case B43_FW_TYPE_IV:
2158                 if (hdr->ver != 1)
2159                         goto err_format;
2160                 break;
2161         default:
2162                 goto err_format;
2163         }
2164
2165         fw->data = blob;
2166         fw->filename = name;
2167         fw->type = ctx->req_type;
2168
2169         return 0;
2170
2171 err_format:
2172         snprintf(ctx->errors[ctx->req_type],
2173                  sizeof(ctx->errors[ctx->req_type]),
2174                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2175         release_firmware(blob);
2176
2177         return -EPROTO;
2178 }
2179
2180 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2181 {
2182         struct b43_wldev *dev = ctx->dev;
2183         struct b43_firmware *fw = &ctx->dev->fw;
2184         const u8 rev = ctx->dev->dev->core_rev;
2185         const char *filename;
2186         u32 tmshigh;
2187         int err;
2188
2189         /* Files for HT and LCN were found by trying one by one */
2190
2191         /* Get microcode */
2192         if ((rev >= 5) && (rev <= 10)) {
2193                 filename = "ucode5";
2194         } else if ((rev >= 11) && (rev <= 12)) {
2195                 filename = "ucode11";
2196         } else if (rev == 13) {
2197                 filename = "ucode13";
2198         } else if (rev == 14) {
2199                 filename = "ucode14";
2200         } else if (rev == 15) {
2201                 filename = "ucode15";
2202         } else {
2203                 switch (dev->phy.type) {
2204                 case B43_PHYTYPE_N:
2205                         if (rev >= 16)
2206                                 filename = "ucode16_mimo";
2207                         else
2208                                 goto err_no_ucode;
2209                         break;
2210                 case B43_PHYTYPE_HT:
2211                         if (rev == 29)
2212                                 filename = "ucode29_mimo";
2213                         else
2214                                 goto err_no_ucode;
2215                         break;
2216                 case B43_PHYTYPE_LCN:
2217                         if (rev == 24)
2218                                 filename = "ucode24_mimo";
2219                         else
2220                                 goto err_no_ucode;
2221                         break;
2222                 default:
2223                         goto err_no_ucode;
2224                 }
2225         }
2226         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2227         if (err)
2228                 goto err_load;
2229
2230         /* Get PCM code */
2231         if ((rev >= 5) && (rev <= 10))
2232                 filename = "pcm5";
2233         else if (rev >= 11)
2234                 filename = NULL;
2235         else
2236                 goto err_no_pcm;
2237         fw->pcm_request_failed = false;
2238         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2239         if (err == -ENOENT) {
2240                 /* We did not find a PCM file? Not fatal, but
2241                  * core rev <= 10 must do without hwcrypto then. */
2242                 fw->pcm_request_failed = true;
2243         } else if (err)
2244                 goto err_load;
2245
2246         /* Get initvals */
2247         switch (dev->phy.type) {
2248         case B43_PHYTYPE_A:
2249                 if ((rev >= 5) && (rev <= 10)) {
2250                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2251                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2252                                 filename = "a0g1initvals5";
2253                         else
2254                                 filename = "a0g0initvals5";
2255                 } else
2256                         goto err_no_initvals;
2257                 break;
2258         case B43_PHYTYPE_G:
2259                 if ((rev >= 5) && (rev <= 10))
2260                         filename = "b0g0initvals5";
2261                 else if (rev >= 13)
2262                         filename = "b0g0initvals13";
2263                 else
2264                         goto err_no_initvals;
2265                 break;
2266         case B43_PHYTYPE_N:
2267                 if (rev >= 16)
2268                         filename = "n0initvals16";
2269                 else if ((rev >= 11) && (rev <= 12))
2270                         filename = "n0initvals11";
2271                 else
2272                         goto err_no_initvals;
2273                 break;
2274         case B43_PHYTYPE_LP:
2275                 if (rev == 13)
2276                         filename = "lp0initvals13";
2277                 else if (rev == 14)
2278                         filename = "lp0initvals14";
2279                 else if (rev >= 15)
2280                         filename = "lp0initvals15";
2281                 else
2282                         goto err_no_initvals;
2283                 break;
2284         case B43_PHYTYPE_HT:
2285                 if (rev == 29)
2286                         filename = "ht0initvals29";
2287                 else
2288                         goto err_no_initvals;
2289                 break;
2290         case B43_PHYTYPE_LCN:
2291                 if (rev == 24)
2292                         filename = "lcn0initvals24";
2293                 else
2294                         goto err_no_initvals;
2295                 break;
2296         default:
2297                 goto err_no_initvals;
2298         }
2299         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2300         if (err)
2301                 goto err_load;
2302
2303         /* Get bandswitch initvals */
2304         switch (dev->phy.type) {
2305         case B43_PHYTYPE_A:
2306                 if ((rev >= 5) && (rev <= 10)) {
2307                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2308                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2309                                 filename = "a0g1bsinitvals5";
2310                         else
2311                                 filename = "a0g0bsinitvals5";
2312                 } else if (rev >= 11)
2313                         filename = NULL;
2314                 else
2315                         goto err_no_initvals;
2316                 break;
2317         case B43_PHYTYPE_G:
2318                 if ((rev >= 5) && (rev <= 10))
2319                         filename = "b0g0bsinitvals5";
2320                 else if (rev >= 11)
2321                         filename = NULL;
2322                 else
2323                         goto err_no_initvals;
2324                 break;
2325         case B43_PHYTYPE_N:
2326                 if (rev >= 16)
2327                         filename = "n0bsinitvals16";
2328                 else if ((rev >= 11) && (rev <= 12))
2329                         filename = "n0bsinitvals11";
2330                 else
2331                         goto err_no_initvals;
2332                 break;
2333         case B43_PHYTYPE_LP:
2334                 if (rev == 13)
2335                         filename = "lp0bsinitvals13";
2336                 else if (rev == 14)
2337                         filename = "lp0bsinitvals14";
2338                 else if (rev >= 15)
2339                         filename = "lp0bsinitvals15";
2340                 else
2341                         goto err_no_initvals;
2342                 break;
2343         case B43_PHYTYPE_HT:
2344                 if (rev == 29)
2345                         filename = "ht0bsinitvals29";
2346                 else
2347                         goto err_no_initvals;
2348                 break;
2349         case B43_PHYTYPE_LCN:
2350                 if (rev == 24)
2351                         filename = "lcn0bsinitvals24";
2352                 else
2353                         goto err_no_initvals;
2354                 break;
2355         default:
2356                 goto err_no_initvals;
2357         }
2358         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2359         if (err)
2360                 goto err_load;
2361
2362         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2363
2364         return 0;
2365
2366 err_no_ucode:
2367         err = ctx->fatal_failure = -EOPNOTSUPP;
2368         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2369                "is required for your device (wl-core rev %u)\n", rev);
2370         goto error;
2371
2372 err_no_pcm:
2373         err = ctx->fatal_failure = -EOPNOTSUPP;
2374         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2375                "is required for your device (wl-core rev %u)\n", rev);
2376         goto error;
2377
2378 err_no_initvals:
2379         err = ctx->fatal_failure = -EOPNOTSUPP;
2380         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2381                "is required for your device (wl-core rev %u)\n", rev);
2382         goto error;
2383
2384 err_load:
2385         /* We failed to load this firmware image. The error message
2386          * already is in ctx->errors. Return and let our caller decide
2387          * what to do. */
2388         goto error;
2389
2390 error:
2391         b43_release_firmware(dev);
2392         return err;
2393 }
2394
2395 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2396 static void b43_one_core_detach(struct b43_bus_dev *dev);
2397
2398 static void b43_request_firmware(struct work_struct *work)
2399 {
2400         struct b43_wl *wl = container_of(work,
2401                             struct b43_wl, firmware_load);
2402         struct b43_wldev *dev = wl->current_dev;
2403         struct b43_request_fw_context *ctx;
2404         unsigned int i;
2405         int err;
2406         const char *errmsg;
2407
2408         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2409         if (!ctx)
2410                 return;
2411         ctx->dev = dev;
2412
2413         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2414         err = b43_try_request_fw(ctx);
2415         if (!err)
2416                 goto start_ieee80211; /* Successfully loaded it. */
2417         /* Was fw version known? */
2418         if (ctx->fatal_failure)
2419                 goto out;
2420
2421         /* proprietary fw not found, try open source */
2422         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2423         err = b43_try_request_fw(ctx);
2424         if (!err)
2425                 goto start_ieee80211; /* Successfully loaded it. */
2426         if(ctx->fatal_failure)
2427                 goto out;
2428
2429         /* Could not find a usable firmware. Print the errors. */
2430         for (i = 0; i < B43_NR_FWTYPES; i++) {
2431                 errmsg = ctx->errors[i];
2432                 if (strlen(errmsg))
2433                         b43err(dev->wl, errmsg);
2434         }
2435         b43_print_fw_helptext(dev->wl, 1);
2436         goto out;
2437
2438 start_ieee80211:
2439         wl->hw->queues = B43_QOS_QUEUE_NUM;
2440         if (!modparam_qos || dev->fw.opensource)
2441                 wl->hw->queues = 1;
2442
2443         err = ieee80211_register_hw(wl->hw);
2444         if (err)
2445                 goto err_one_core_detach;
2446         wl->hw_registred = true;
2447         b43_leds_register(wl->current_dev);
2448         goto out;
2449
2450 err_one_core_detach:
2451         b43_one_core_detach(dev->dev);
2452
2453 out:
2454         kfree(ctx);
2455 }
2456
2457 static int b43_upload_microcode(struct b43_wldev *dev)
2458 {
2459         struct wiphy *wiphy = dev->wl->hw->wiphy;
2460         const size_t hdr_len = sizeof(struct b43_fw_header);
2461         const __be32 *data;
2462         unsigned int i, len;
2463         u16 fwrev, fwpatch, fwdate, fwtime;
2464         u32 tmp, macctl;
2465         int err = 0;
2466
2467         /* Jump the microcode PSM to offset 0 */
2468         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2469         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2470         macctl |= B43_MACCTL_PSM_JMP0;
2471         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2472         /* Zero out all microcode PSM registers and shared memory. */
2473         for (i = 0; i < 64; i++)
2474                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2475         for (i = 0; i < 4096; i += 2)
2476                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2477
2478         /* Upload Microcode. */
2479         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2480         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2481         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2482         for (i = 0; i < len; i++) {
2483                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2484                 udelay(10);
2485         }
2486
2487         if (dev->fw.pcm.data) {
2488                 /* Upload PCM data. */
2489                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2490                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2491                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2492                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2493                 /* No need for autoinc bit in SHM_HW */
2494                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2495                 for (i = 0; i < len; i++) {
2496                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2497                         udelay(10);
2498                 }
2499         }
2500
2501         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2502
2503         /* Start the microcode PSM */
2504         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2505                       B43_MACCTL_PSM_RUN);
2506
2507         /* Wait for the microcode to load and respond */
2508         i = 0;
2509         while (1) {
2510                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2511                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2512                         break;
2513                 i++;
2514                 if (i >= 20) {
2515                         b43err(dev->wl, "Microcode not responding\n");
2516                         b43_print_fw_helptext(dev->wl, 1);
2517                         err = -ENODEV;
2518                         goto error;
2519                 }
2520                 msleep(50);
2521         }
2522         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2523
2524         /* Get and check the revisions. */
2525         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2526         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2527         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2528         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2529
2530         if (fwrev <= 0x128) {
2531                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2532                        "binary drivers older than version 4.x is unsupported. "
2533                        "You must upgrade your firmware files.\n");
2534                 b43_print_fw_helptext(dev->wl, 1);
2535                 err = -EOPNOTSUPP;
2536                 goto error;
2537         }
2538         dev->fw.rev = fwrev;
2539         dev->fw.patch = fwpatch;
2540         if (dev->fw.rev >= 598)
2541                 dev->fw.hdr_format = B43_FW_HDR_598;
2542         else if (dev->fw.rev >= 410)
2543                 dev->fw.hdr_format = B43_FW_HDR_410;
2544         else
2545                 dev->fw.hdr_format = B43_FW_HDR_351;
2546         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2547
2548         dev->qos_enabled = dev->wl->hw->queues > 1;
2549         /* Default to firmware/hardware crypto acceleration. */
2550         dev->hwcrypto_enabled = true;
2551
2552         if (dev->fw.opensource) {
2553                 u16 fwcapa;
2554
2555                 /* Patchlevel info is encoded in the "time" field. */
2556                 dev->fw.patch = fwtime;
2557                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2558                         dev->fw.rev, dev->fw.patch);
2559
2560                 fwcapa = b43_fwcapa_read(dev);
2561                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2562                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2563                         /* Disable hardware crypto and fall back to software crypto. */
2564                         dev->hwcrypto_enabled = false;
2565                 }
2566                 /* adding QoS support should use an offline discovery mechanism */
2567                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2568         } else {
2569                 b43info(dev->wl, "Loading firmware version %u.%u "
2570                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2571                         fwrev, fwpatch,
2572                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2573                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2574                 if (dev->fw.pcm_request_failed) {
2575                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2576                                 "Hardware accelerated cryptography is disabled.\n");
2577                         b43_print_fw_helptext(dev->wl, 0);
2578                 }
2579         }
2580
2581         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2582                         dev->fw.rev, dev->fw.patch);
2583         wiphy->hw_version = dev->dev->core_id;
2584
2585         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2586                 /* We're over the deadline, but we keep support for old fw
2587                  * until it turns out to be in major conflict with something new. */
2588                 b43warn(dev->wl, "You are using an old firmware image. "
2589                         "Support for old firmware will be removed soon "
2590                         "(official deadline was July 2008).\n");
2591                 b43_print_fw_helptext(dev->wl, 0);
2592         }
2593
2594         return 0;
2595
2596 error:
2597         /* Stop the microcode PSM. */
2598         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2599                       B43_MACCTL_PSM_JMP0);
2600
2601         return err;
2602 }
2603
2604 static int b43_write_initvals(struct b43_wldev *dev,
2605                               const struct b43_iv *ivals,
2606                               size_t count,
2607                               size_t array_size)
2608 {
2609         const struct b43_iv *iv;
2610         u16 offset;
2611         size_t i;
2612         bool bit32;
2613
2614         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2615         iv = ivals;
2616         for (i = 0; i < count; i++) {
2617                 if (array_size < sizeof(iv->offset_size))
2618                         goto err_format;
2619                 array_size -= sizeof(iv->offset_size);
2620                 offset = be16_to_cpu(iv->offset_size);
2621                 bit32 = !!(offset & B43_IV_32BIT);
2622                 offset &= B43_IV_OFFSET_MASK;
2623                 if (offset >= 0x1000)
2624                         goto err_format;
2625                 if (bit32) {
2626                         u32 value;
2627
2628                         if (array_size < sizeof(iv->data.d32))
2629                                 goto err_format;
2630                         array_size -= sizeof(iv->data.d32);
2631
2632                         value = get_unaligned_be32(&iv->data.d32);
2633                         b43_write32(dev, offset, value);
2634
2635                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2636                                                         sizeof(__be16) +
2637                                                         sizeof(__be32));
2638                 } else {
2639                         u16 value;
2640
2641                         if (array_size < sizeof(iv->data.d16))
2642                                 goto err_format;
2643                         array_size -= sizeof(iv->data.d16);
2644
2645                         value = be16_to_cpu(iv->data.d16);
2646                         b43_write16(dev, offset, value);
2647
2648                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2649                                                         sizeof(__be16) +
2650                                                         sizeof(__be16));
2651                 }
2652         }
2653         if (array_size)
2654                 goto err_format;
2655
2656         return 0;
2657
2658 err_format:
2659         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2660         b43_print_fw_helptext(dev->wl, 1);
2661
2662         return -EPROTO;
2663 }
2664
2665 static int b43_upload_initvals(struct b43_wldev *dev)
2666 {
2667         const size_t hdr_len = sizeof(struct b43_fw_header);
2668         const struct b43_fw_header *hdr;
2669         struct b43_firmware *fw = &dev->fw;
2670         const struct b43_iv *ivals;
2671         size_t count;
2672         int err;
2673
2674         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2675         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2676         count = be32_to_cpu(hdr->size);
2677         err = b43_write_initvals(dev, ivals, count,
2678                                  fw->initvals.data->size - hdr_len);
2679         if (err)
2680                 goto out;
2681         if (fw->initvals_band.data) {
2682                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2683                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2684                 count = be32_to_cpu(hdr->size);
2685                 err = b43_write_initvals(dev, ivals, count,
2686                                          fw->initvals_band.data->size - hdr_len);
2687                 if (err)
2688                         goto out;
2689         }
2690 out:
2691
2692         return err;
2693 }
2694
2695 /* Initialize the GPIOs
2696  * http://bcm-specs.sipsolutions.net/GPIO
2697  */
2698 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2699 {
2700         struct ssb_bus *bus = dev->dev->sdev->bus;
2701
2702 #ifdef CONFIG_SSB_DRIVER_PCICORE
2703         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2704 #else
2705         return bus->chipco.dev;
2706 #endif
2707 }
2708
2709 static int b43_gpio_init(struct b43_wldev *dev)
2710 {
2711         struct ssb_device *gpiodev;
2712         u32 mask, set;
2713
2714         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2715         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2716
2717         mask = 0x0000001F;
2718         set = 0x0000000F;
2719         if (dev->dev->chip_id == 0x4301) {
2720                 mask |= 0x0060;
2721                 set |= 0x0060;
2722         } else if (dev->dev->chip_id == 0x5354) {
2723                 /* Don't allow overtaking buttons GPIOs */
2724                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2725         }
2726
2727         if (0 /* FIXME: conditional unknown */ ) {
2728                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2729                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2730                             | 0x0100);
2731                 /* BT Coexistance Input */
2732                 mask |= 0x0080;
2733                 set |= 0x0080;
2734                 /* BT Coexistance Out */
2735                 mask |= 0x0100;
2736                 set |= 0x0100;
2737         }
2738         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2739                 /* PA is controlled by gpio 9, let ucode handle it */
2740                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2741                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2742                             | 0x0200);
2743                 mask |= 0x0200;
2744                 set |= 0x0200;
2745         }
2746
2747         switch (dev->dev->bus_type) {
2748 #ifdef CONFIG_B43_BCMA
2749         case B43_BUS_BCMA:
2750                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2751                                 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2752                                         BCMA_CC_GPIOCTL) & ~mask) | set);
2753                 break;
2754 #endif
2755 #ifdef CONFIG_B43_SSB
2756         case B43_BUS_SSB:
2757                 gpiodev = b43_ssb_gpio_dev(dev);
2758                 if (gpiodev)
2759                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2760                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2761                                     & ~mask) | set);
2762                 break;
2763 #endif
2764         }
2765
2766         return 0;
2767 }
2768
2769 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2770 static void b43_gpio_cleanup(struct b43_wldev *dev)
2771 {
2772         struct ssb_device *gpiodev;
2773
2774         switch (dev->dev->bus_type) {
2775 #ifdef CONFIG_B43_BCMA
2776         case B43_BUS_BCMA:
2777                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2778                                 0);
2779                 break;
2780 #endif
2781 #ifdef CONFIG_B43_SSB
2782         case B43_BUS_SSB:
2783                 gpiodev = b43_ssb_gpio_dev(dev);
2784                 if (gpiodev)
2785                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2786                 break;
2787 #endif
2788         }
2789 }
2790
2791 /* http://bcm-specs.sipsolutions.net/EnableMac */
2792 void b43_mac_enable(struct b43_wldev *dev)
2793 {
2794         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2795                 u16 fwstate;
2796
2797                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2798                                          B43_SHM_SH_UCODESTAT);
2799                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2800                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2801                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2802                                "should be suspended, but current state is %u\n",
2803                                fwstate);
2804                 }
2805         }
2806
2807         dev->mac_suspended--;
2808         B43_WARN_ON(dev->mac_suspended < 0);
2809         if (dev->mac_suspended == 0) {
2810                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2811                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2812                             B43_IRQ_MAC_SUSPENDED);
2813                 /* Commit writes */
2814                 b43_read32(dev, B43_MMIO_MACCTL);
2815                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2816                 b43_power_saving_ctl_bits(dev, 0);
2817         }
2818 }
2819
2820 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2821 void b43_mac_suspend(struct b43_wldev *dev)
2822 {
2823         int i;
2824         u32 tmp;
2825
2826         might_sleep();
2827         B43_WARN_ON(dev->mac_suspended < 0);
2828
2829         if (dev->mac_suspended == 0) {
2830                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2831                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2832                 /* force pci to flush the write */
2833                 b43_read32(dev, B43_MMIO_MACCTL);
2834                 for (i = 35; i; i--) {
2835                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2836                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2837                                 goto out;
2838                         udelay(10);
2839                 }
2840                 /* Hm, it seems this will take some time. Use msleep(). */
2841                 for (i = 40; i; i--) {
2842                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2843                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2844                                 goto out;
2845                         msleep(1);
2846                 }
2847                 b43err(dev->wl, "MAC suspend failed\n");
2848         }
2849 out:
2850         dev->mac_suspended++;
2851 }
2852
2853 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2854 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2855 {
2856         u32 tmp;
2857
2858         switch (dev->dev->bus_type) {
2859 #ifdef CONFIG_B43_BCMA
2860         case B43_BUS_BCMA:
2861                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2862                 if (on)
2863                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2864                 else
2865                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2866                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2867                 break;
2868 #endif
2869 #ifdef CONFIG_B43_SSB
2870         case B43_BUS_SSB:
2871                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2872                 if (on)
2873                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2874                 else
2875                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2876                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2877                 break;
2878 #endif
2879         }
2880 }
2881
2882 static void b43_adjust_opmode(struct b43_wldev *dev)
2883 {
2884         struct b43_wl *wl = dev->wl;
2885         u32 ctl;
2886         u16 cfp_pretbtt;
2887
2888         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2889         /* Reset status to STA infrastructure mode. */
2890         ctl &= ~B43_MACCTL_AP;
2891         ctl &= ~B43_MACCTL_KEEP_CTL;
2892         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2893         ctl &= ~B43_MACCTL_KEEP_BAD;
2894         ctl &= ~B43_MACCTL_PROMISC;
2895         ctl &= ~B43_MACCTL_BEACPROMISC;
2896         ctl |= B43_MACCTL_INFRA;
2897
2898         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2899             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2900                 ctl |= B43_MACCTL_AP;
2901         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2902                 ctl &= ~B43_MACCTL_INFRA;
2903
2904         if (wl->filter_flags & FIF_CONTROL)
2905                 ctl |= B43_MACCTL_KEEP_CTL;
2906         if (wl->filter_flags & FIF_FCSFAIL)
2907                 ctl |= B43_MACCTL_KEEP_BAD;
2908         if (wl->filter_flags & FIF_PLCPFAIL)
2909                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2910         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2911                 ctl |= B43_MACCTL_PROMISC;
2912         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2913                 ctl |= B43_MACCTL_BEACPROMISC;
2914
2915         /* Workaround: On old hardware the HW-MAC-address-filter
2916          * doesn't work properly, so always run promisc in filter
2917          * it in software. */
2918         if (dev->dev->core_rev <= 4)
2919                 ctl |= B43_MACCTL_PROMISC;
2920
2921         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2922
2923         cfp_pretbtt = 2;
2924         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2925                 if (dev->dev->chip_id == 0x4306 &&
2926                     dev->dev->chip_rev == 3)
2927                         cfp_pretbtt = 100;
2928                 else
2929                         cfp_pretbtt = 50;
2930         }
2931         b43_write16(dev, 0x612, cfp_pretbtt);
2932
2933         /* FIXME: We don't currently implement the PMQ mechanism,
2934          *        so always disable it. If we want to implement PMQ,
2935          *        we need to enable it here (clear DISCPMQ) in AP mode.
2936          */
2937         if (0  /* ctl & B43_MACCTL_AP */)
2938                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2939         else
2940                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2941 }
2942
2943 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2944 {
2945         u16 offset;
2946
2947         if (is_ofdm) {
2948                 offset = 0x480;
2949                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2950         } else {
2951                 offset = 0x4C0;
2952                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2953         }
2954         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2955                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2956 }
2957
2958 static void b43_rate_memory_init(struct b43_wldev *dev)
2959 {
2960         switch (dev->phy.type) {
2961         case B43_PHYTYPE_A:
2962         case B43_PHYTYPE_G:
2963         case B43_PHYTYPE_N:
2964         case B43_PHYTYPE_LP:
2965         case B43_PHYTYPE_HT:
2966         case B43_PHYTYPE_LCN:
2967                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2968                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2969                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2970                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2971                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2972                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2973                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2974                 if (dev->phy.type == B43_PHYTYPE_A)
2975                         break;
2976                 /* fallthrough */
2977         case B43_PHYTYPE_B:
2978                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2979                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2980                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2981                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2982                 break;
2983         default:
2984                 B43_WARN_ON(1);
2985         }
2986 }
2987
2988 /* Set the default values for the PHY TX Control Words. */
2989 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2990 {
2991         u16 ctl = 0;
2992
2993         ctl |= B43_TXH_PHY_ENC_CCK;
2994         ctl |= B43_TXH_PHY_ANT01AUTO;
2995         ctl |= B43_TXH_PHY_TXPWR;
2996
2997         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2998         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2999         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3000 }
3001
3002 /* Set the TX-Antenna for management frames sent by firmware. */
3003 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3004 {
3005         u16 ant;
3006         u16 tmp;
3007
3008         ant = b43_antenna_to_phyctl(antenna);
3009
3010         /* For ACK/CTS */
3011         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3012         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3013         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3014         /* For Probe Resposes */
3015         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3016         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3017         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3018 }
3019
3020 /* This is the opposite of b43_chip_init() */
3021 static void b43_chip_exit(struct b43_wldev *dev)
3022 {
3023         b43_phy_exit(dev);
3024         b43_gpio_cleanup(dev);
3025         /* firmware is released later */
3026 }
3027
3028 /* Initialize the chip
3029  * http://bcm-specs.sipsolutions.net/ChipInit
3030  */
3031 static int b43_chip_init(struct b43_wldev *dev)
3032 {
3033         struct b43_phy *phy = &dev->phy;
3034         int err;
3035         u32 macctl;
3036         u16 value16;
3037
3038         /* Initialize the MAC control */
3039         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3040         if (dev->phy.gmode)
3041                 macctl |= B43_MACCTL_GMODE;
3042         macctl |= B43_MACCTL_INFRA;
3043         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3044
3045         err = b43_upload_microcode(dev);
3046         if (err)
3047                 goto out;       /* firmware is released later */
3048
3049         err = b43_gpio_init(dev);
3050         if (err)
3051                 goto out;       /* firmware is released later */
3052
3053         err = b43_upload_initvals(dev);
3054         if (err)
3055                 goto err_gpio_clean;
3056
3057         /* Turn the Analog on and initialize the PHY. */
3058         phy->ops->switch_analog(dev, 1);
3059         err = b43_phy_init(dev);
3060         if (err)
3061                 goto err_gpio_clean;
3062
3063         /* Disable Interference Mitigation. */
3064         if (phy->ops->interf_mitigation)
3065                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3066
3067         /* Select the antennae */
3068         if (phy->ops->set_rx_antenna)
3069                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3070         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3071
3072         if (phy->type == B43_PHYTYPE_B) {
3073                 value16 = b43_read16(dev, 0x005E);
3074                 value16 |= 0x0004;
3075                 b43_write16(dev, 0x005E, value16);
3076         }
3077         b43_write32(dev, 0x0100, 0x01000000);
3078         if (dev->dev->core_rev < 5)
3079                 b43_write32(dev, 0x010C, 0x01000000);
3080
3081         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3082         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3083
3084         /* Probe Response Timeout value */
3085         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3086         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3087
3088         /* Initially set the wireless operation mode. */
3089         b43_adjust_opmode(dev);
3090
3091         if (dev->dev->core_rev < 3) {
3092                 b43_write16(dev, 0x060E, 0x0000);
3093                 b43_write16(dev, 0x0610, 0x8000);
3094                 b43_write16(dev, 0x0604, 0x0000);
3095                 b43_write16(dev, 0x0606, 0x0200);
3096         } else {
3097                 b43_write32(dev, 0x0188, 0x80000000);
3098                 b43_write32(dev, 0x018C, 0x02000000);
3099         }
3100         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3101         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3102         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3103         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3104         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3105         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3106         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3107
3108         b43_mac_phy_clock_set(dev, true);
3109
3110         switch (dev->dev->bus_type) {
3111 #ifdef CONFIG_B43_BCMA
3112         case B43_BUS_BCMA:
3113                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3114                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3115                 break;
3116 #endif
3117 #ifdef CONFIG_B43_SSB
3118         case B43_BUS_SSB:
3119                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3120                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3121                 break;
3122 #endif
3123         }
3124
3125         err = 0;
3126         b43dbg(dev->wl, "Chip initialized\n");
3127 out:
3128         return err;
3129
3130 err_gpio_clean:
3131         b43_gpio_cleanup(dev);
3132         return err;
3133 }
3134
3135 static void b43_periodic_every60sec(struct b43_wldev *dev)
3136 {
3137         const struct b43_phy_operations *ops = dev->phy.ops;
3138
3139         if (ops->pwork_60sec)
3140                 ops->pwork_60sec(dev);
3141
3142         /* Force check the TX power emission now. */
3143         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3144 }
3145
3146 static void b43_periodic_every30sec(struct b43_wldev *dev)
3147 {
3148         /* Update device statistics. */
3149         b43_calculate_link_quality(dev);
3150 }
3151
3152 static void b43_periodic_every15sec(struct b43_wldev *dev)
3153 {
3154         struct b43_phy *phy = &dev->phy;
3155         u16 wdr;
3156
3157         if (dev->fw.opensource) {
3158                 /* Check if the firmware is still alive.
3159                  * It will reset the watchdog counter to 0 in its idle loop. */
3160                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3161                 if (unlikely(wdr)) {
3162                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3163                         b43_controller_restart(dev, "Firmware watchdog");
3164                         return;
3165                 } else {
3166                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3167                                         B43_WATCHDOG_REG, 1);
3168                 }
3169         }
3170
3171         if (phy->ops->pwork_15sec)
3172                 phy->ops->pwork_15sec(dev);
3173
3174         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3175         wmb();
3176
3177 #if B43_DEBUG
3178         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3179                 unsigned int i;
3180
3181                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3182                        dev->irq_count / 15,
3183                        dev->tx_count / 15,
3184                        dev->rx_count / 15);
3185                 dev->irq_count = 0;
3186                 dev->tx_count = 0;
3187                 dev->rx_count = 0;
3188                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3189                         if (dev->irq_bit_count[i]) {
3190                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3191                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3192                                 dev->irq_bit_count[i] = 0;
3193                         }
3194                 }
3195         }
3196 #endif
3197 }
3198
3199 static void do_periodic_work(struct b43_wldev *dev)
3200 {
3201         unsigned int state;
3202
3203         state = dev->periodic_state;
3204         if (state % 4 == 0)
3205                 b43_periodic_every60sec(dev);
3206         if (state % 2 == 0)
3207                 b43_periodic_every30sec(dev);
3208         b43_periodic_every15sec(dev);
3209 }
3210
3211 /* Periodic work locking policy:
3212  *      The whole periodic work handler is protected by
3213  *      wl->mutex. If another lock is needed somewhere in the
3214  *      pwork callchain, it's acquired in-place, where it's needed.
3215  */
3216 static void b43_periodic_work_handler(struct work_struct *work)
3217 {
3218         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3219                                              periodic_work.work);
3220         struct b43_wl *wl = dev->wl;
3221         unsigned long delay;
3222
3223         mutex_lock(&wl->mutex);
3224
3225         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3226                 goto out;
3227         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3228                 goto out_requeue;
3229
3230         do_periodic_work(dev);
3231
3232         dev->periodic_state++;
3233 out_requeue:
3234         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3235                 delay = msecs_to_jiffies(50);
3236         else
3237                 delay = round_jiffies_relative(HZ * 15);
3238         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3239 out:
3240         mutex_unlock(&wl->mutex);
3241 }
3242
3243 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3244 {
3245         struct delayed_work *work = &dev->periodic_work;
3246
3247         dev->periodic_state = 0;
3248         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3249         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3250 }
3251
3252 /* Check if communication with the device works correctly. */
3253 static int b43_validate_chipaccess(struct b43_wldev *dev)
3254 {
3255         u32 v, backup0, backup4;
3256
3257         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3258         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3259
3260         /* Check for read/write and endianness problems. */
3261         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3262         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3263                 goto error;
3264         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3265         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3266                 goto error;
3267
3268         /* Check if unaligned 32bit SHM_SHARED access works properly.
3269          * However, don't bail out on failure, because it's noncritical. */
3270         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3271         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3272         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3273         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3274         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3275                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3276         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3277         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3278             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3279             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3280             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3281                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3282
3283         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3284         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3285
3286         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3287                 /* The 32bit register shadows the two 16bit registers
3288                  * with update sideeffects. Validate this. */
3289                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3290                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3291                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3292                         goto error;
3293                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3294                         goto error;
3295         }
3296         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3297
3298         v = b43_read32(dev, B43_MMIO_MACCTL);
3299         v |= B43_MACCTL_GMODE;
3300         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3301                 goto error;
3302
3303         return 0;
3304 error:
3305         b43err(dev->wl, "Failed to validate the chipaccess\n");
3306         return -ENODEV;
3307 }
3308
3309 static void b43_security_init(struct b43_wldev *dev)
3310 {
3311         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3312         /* KTP is a word address, but we address SHM bytewise.
3313          * So multiply by two.
3314          */
3315         dev->ktp *= 2;
3316         /* Number of RCMTA address slots */
3317         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3318         /* Clear the key memory. */
3319         b43_clear_keys(dev);
3320 }
3321
3322 #ifdef CONFIG_B43_HWRNG
3323 static int b43_rng_read(struct hwrng *rng, u32 *data)
3324 {
3325         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3326         struct b43_wldev *dev;
3327         int count = -ENODEV;
3328
3329         mutex_lock(&wl->mutex);
3330         dev = wl->current_dev;
3331         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3332                 *data = b43_read16(dev, B43_MMIO_RNG);
3333                 count = sizeof(u16);
3334         }
3335         mutex_unlock(&wl->mutex);
3336
3337         return count;
3338 }
3339 #endif /* CONFIG_B43_HWRNG */
3340
3341 static void b43_rng_exit(struct b43_wl *wl)
3342 {
3343 #ifdef CONFIG_B43_HWRNG
3344         if (wl->rng_initialized)
3345                 hwrng_unregister(&wl->rng);
3346 #endif /* CONFIG_B43_HWRNG */
3347 }
3348
3349 static int b43_rng_init(struct b43_wl *wl)
3350 {
3351         int err = 0;
3352
3353 #ifdef CONFIG_B43_HWRNG
3354         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3355                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3356         wl->rng.name = wl->rng_name;
3357         wl->rng.data_read = b43_rng_read;
3358         wl->rng.priv = (unsigned long)wl;
3359         wl->rng_initialized = true;
3360         err = hwrng_register(&wl->rng);
3361         if (err) {
3362                 wl->rng_initialized = false;
3363                 b43err(wl, "Failed to register the random "
3364                        "number generator (%d)\n", err);
3365         }
3366 #endif /* CONFIG_B43_HWRNG */
3367
3368         return err;
3369 }
3370
3371 static void b43_tx_work(struct work_struct *work)
3372 {
3373         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3374         struct b43_wldev *dev;
3375         struct sk_buff *skb;
3376         int queue_num;
3377         int err = 0;
3378
3379         mutex_lock(&wl->mutex);
3380         dev = wl->current_dev;
3381         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3382                 mutex_unlock(&wl->mutex);
3383                 return;
3384         }
3385
3386         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3387                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3388                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3389                         if (b43_using_pio_transfers(dev))
3390                                 err = b43_pio_tx(dev, skb);
3391                         else
3392                                 err = b43_dma_tx(dev, skb);
3393                         if (err == -ENOSPC) {
3394                                 wl->tx_queue_stopped[queue_num] = 1;
3395                                 ieee80211_stop_queue(wl->hw, queue_num);
3396                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3397                                 break;
3398                         }
3399                         if (unlikely(err))
3400                                 ieee80211_free_txskb(wl->hw, skb);
3401                         err = 0;
3402                 }
3403
3404                 if (!err)
3405                         wl->tx_queue_stopped[queue_num] = 0;
3406         }
3407
3408 #if B43_DEBUG
3409         dev->tx_count++;
3410 #endif
3411         mutex_unlock(&wl->mutex);
3412 }
3413
3414 static void b43_op_tx(struct ieee80211_hw *hw,
3415                       struct ieee80211_tx_control *control,
3416                       struct sk_buff *skb)
3417 {
3418         struct b43_wl *wl = hw_to_b43_wl(hw);
3419
3420         if (unlikely(skb->len < 2 + 2 + 6)) {
3421                 /* Too short, this can't be a valid frame. */
3422                 ieee80211_free_txskb(hw, skb);
3423                 return;
3424         }
3425         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3426
3427         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3428         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3429                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3430         } else {
3431                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3432         }
3433 }
3434
3435 static void b43_qos_params_upload(struct b43_wldev *dev,
3436                                   const struct ieee80211_tx_queue_params *p,
3437                                   u16 shm_offset)
3438 {
3439         u16 params[B43_NR_QOSPARAMS];
3440         int bslots, tmp;
3441         unsigned int i;
3442
3443         if (!dev->qos_enabled)
3444                 return;
3445
3446         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3447
3448         memset(&params, 0, sizeof(params));
3449
3450         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3451         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3452         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3453         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3454         params[B43_QOSPARAM_AIFS] = p->aifs;
3455         params[B43_QOSPARAM_BSLOTS] = bslots;
3456         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3457
3458         for (i = 0; i < ARRAY_SIZE(params); i++) {
3459                 if (i == B43_QOSPARAM_STATUS) {
3460                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3461                                              shm_offset + (i * 2));
3462                         /* Mark the parameters as updated. */
3463                         tmp |= 0x100;
3464                         b43_shm_write16(dev, B43_SHM_SHARED,
3465                                         shm_offset + (i * 2),
3466                                         tmp);
3467                 } else {
3468                         b43_shm_write16(dev, B43_SHM_SHARED,
3469                                         shm_offset + (i * 2),
3470                                         params[i]);
3471                 }
3472         }
3473 }
3474
3475 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3476 static const u16 b43_qos_shm_offsets[] = {
3477         /* [mac80211-queue-nr] = SHM_OFFSET, */
3478         [0] = B43_QOS_VOICE,
3479         [1] = B43_QOS_VIDEO,
3480         [2] = B43_QOS_BESTEFFORT,
3481         [3] = B43_QOS_BACKGROUND,
3482 };
3483
3484 /* Update all QOS parameters in hardware. */
3485 static void b43_qos_upload_all(struct b43_wldev *dev)
3486 {
3487         struct b43_wl *wl = dev->wl;
3488         struct b43_qos_params *params;
3489         unsigned int i;
3490
3491         if (!dev->qos_enabled)
3492                 return;
3493
3494         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3495                      ARRAY_SIZE(wl->qos_params));
3496
3497         b43_mac_suspend(dev);
3498         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3499                 params = &(wl->qos_params[i]);
3500                 b43_qos_params_upload(dev, &(params->p),
3501                                       b43_qos_shm_offsets[i]);
3502         }
3503         b43_mac_enable(dev);
3504 }
3505
3506 static void b43_qos_clear(struct b43_wl *wl)
3507 {
3508         struct b43_qos_params *params;
3509         unsigned int i;
3510
3511         /* Initialize QoS parameters to sane defaults. */
3512
3513         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3514                      ARRAY_SIZE(wl->qos_params));
3515
3516         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3517                 params = &(wl->qos_params[i]);
3518
3519                 switch (b43_qos_shm_offsets[i]) {
3520                 case B43_QOS_VOICE:
3521                         params->p.txop = 0;
3522                         params->p.aifs = 2;
3523                         params->p.cw_min = 0x0001;
3524                         params->p.cw_max = 0x0001;
3525                         break;
3526                 case B43_QOS_VIDEO:
3527                         params->p.txop = 0;
3528                         params->p.aifs = 2;
3529                         params->p.cw_min = 0x0001;
3530                         params->p.cw_max = 0x0001;
3531                         break;
3532                 case B43_QOS_BESTEFFORT:
3533                         params->p.txop = 0;
3534                         params->p.aifs = 3;
3535                         params->p.cw_min = 0x0001;
3536                         params->p.cw_max = 0x03FF;
3537                         break;
3538                 case B43_QOS_BACKGROUND:
3539                         params->p.txop = 0;
3540                         params->p.aifs = 7;
3541                         params->p.cw_min = 0x0001;
3542                         params->p.cw_max = 0x03FF;
3543                         break;
3544                 default:
3545                         B43_WARN_ON(1);
3546                 }
3547         }
3548 }
3549
3550 /* Initialize the core's QOS capabilities */
3551 static void b43_qos_init(struct b43_wldev *dev)
3552 {
3553         if (!dev->qos_enabled) {
3554                 /* Disable QOS support. */
3555                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3556                 b43_write16(dev, B43_MMIO_IFSCTL,
3557                             b43_read16(dev, B43_MMIO_IFSCTL)
3558                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3559                 b43dbg(dev->wl, "QoS disabled\n");
3560                 return;
3561         }
3562
3563         /* Upload the current QOS parameters. */
3564         b43_qos_upload_all(dev);
3565
3566         /* Enable QOS support. */
3567         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3568         b43_write16(dev, B43_MMIO_IFSCTL,
3569                     b43_read16(dev, B43_MMIO_IFSCTL)
3570                     | B43_MMIO_IFSCTL_USE_EDCF);
3571         b43dbg(dev->wl, "QoS enabled\n");
3572 }
3573
3574 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3575                           struct ieee80211_vif *vif, u16 _queue,
3576                           const struct ieee80211_tx_queue_params *params)
3577 {
3578         struct b43_wl *wl = hw_to_b43_wl(hw);
3579         struct b43_wldev *dev;
3580         unsigned int queue = (unsigned int)_queue;
3581         int err = -ENODEV;
3582
3583         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3584                 /* Queue not available or don't support setting
3585                  * params on this queue. Return success to not
3586                  * confuse mac80211. */
3587                 return 0;
3588         }
3589         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3590                      ARRAY_SIZE(wl->qos_params));
3591
3592         mutex_lock(&wl->mutex);
3593         dev = wl->current_dev;
3594         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3595                 goto out_unlock;
3596
3597         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3598         b43_mac_suspend(dev);
3599         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3600                               b43_qos_shm_offsets[queue]);
3601         b43_mac_enable(dev);
3602         err = 0;
3603
3604 out_unlock:
3605         mutex_unlock(&wl->mutex);
3606
3607         return err;
3608 }
3609
3610 static int b43_op_get_stats(struct ieee80211_hw *hw,
3611                             struct ieee80211_low_level_stats *stats)
3612 {
3613         struct b43_wl *wl = hw_to_b43_wl(hw);
3614
3615         mutex_lock(&wl->mutex);
3616         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3617         mutex_unlock(&wl->mutex);
3618
3619         return 0;
3620 }
3621
3622 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3623 {
3624         struct b43_wl *wl = hw_to_b43_wl(hw);
3625         struct b43_wldev *dev;
3626         u64 tsf;
3627
3628         mutex_lock(&wl->mutex);
3629         dev = wl->current_dev;
3630
3631         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3632                 b43_tsf_read(dev, &tsf);
3633         else
3634                 tsf = 0;
3635
3636         mutex_unlock(&wl->mutex);
3637
3638         return tsf;
3639 }
3640
3641 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3642                            struct ieee80211_vif *vif, u64 tsf)
3643 {
3644         struct b43_wl *wl = hw_to_b43_wl(hw);
3645         struct b43_wldev *dev;
3646
3647         mutex_lock(&wl->mutex);
3648         dev = wl->current_dev;
3649
3650         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3651                 b43_tsf_write(dev, tsf);
3652
3653         mutex_unlock(&wl->mutex);
3654 }
3655
3656 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3657 {
3658         u32 tmp;
3659
3660         switch (dev->dev->bus_type) {
3661 #ifdef CONFIG_B43_BCMA
3662         case B43_BUS_BCMA:
3663                 b43err(dev->wl,
3664                        "Putting PHY into reset not supported on BCMA\n");
3665                 break;
3666 #endif
3667 #ifdef CONFIG_B43_SSB
3668         case B43_BUS_SSB:
3669                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3670                 tmp &= ~B43_TMSLOW_GMODE;
3671                 tmp |= B43_TMSLOW_PHYRESET;
3672                 tmp |= SSB_TMSLOW_FGC;
3673                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3674                 msleep(1);
3675
3676                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3677                 tmp &= ~SSB_TMSLOW_FGC;
3678                 tmp |= B43_TMSLOW_PHYRESET;
3679                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3680                 msleep(1);
3681
3682                 break;
3683 #endif
3684         }
3685 }
3686
3687 static const char *band_to_string(enum ieee80211_band band)
3688 {
3689         switch (band) {
3690         case IEEE80211_BAND_5GHZ:
3691                 return "5";
3692         case IEEE80211_BAND_2GHZ:
3693                 return "2.4";
3694         default:
3695                 break;
3696         }
3697         B43_WARN_ON(1);
3698         return "";
3699 }
3700
3701 /* Expects wl->mutex locked */
3702 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3703 {
3704         struct b43_wldev *up_dev = NULL;
3705         struct b43_wldev *down_dev;
3706         struct b43_wldev *d;
3707         int err;
3708         bool uninitialized_var(gmode);
3709         int prev_status;
3710
3711         /* Find a device and PHY which supports the band. */
3712         list_for_each_entry(d, &wl->devlist, list) {
3713                 switch (chan->band) {
3714                 case IEEE80211_BAND_5GHZ:
3715                         if (d->phy.supports_5ghz) {
3716                                 up_dev = d;
3717                                 gmode = false;
3718                         }
3719                         break;
3720                 case IEEE80211_BAND_2GHZ:
3721                         if (d->phy.supports_2ghz) {
3722                                 up_dev = d;
3723                                 gmode = true;
3724                         }
3725                         break;
3726                 default:
3727                         B43_WARN_ON(1);
3728                         return -EINVAL;
3729                 }
3730                 if (up_dev)
3731                         break;
3732         }
3733         if (!up_dev) {
3734                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3735                        band_to_string(chan->band));
3736                 return -ENODEV;
3737         }
3738         if ((up_dev == wl->current_dev) &&
3739             (!!wl->current_dev->phy.gmode == !!gmode)) {
3740                 /* This device is already running. */
3741                 return 0;
3742         }
3743         b43dbg(wl, "Switching to %s-GHz band\n",
3744                band_to_string(chan->band));
3745         down_dev = wl->current_dev;
3746
3747         prev_status = b43_status(down_dev);
3748         /* Shutdown the currently running core. */
3749         if (prev_status >= B43_STAT_STARTED)
3750                 down_dev = b43_wireless_core_stop(down_dev);
3751         if (prev_status >= B43_STAT_INITIALIZED)
3752                 b43_wireless_core_exit(down_dev);
3753
3754         if (down_dev != up_dev) {
3755                 /* We switch to a different core, so we put PHY into
3756                  * RESET on the old core. */
3757                 b43_put_phy_into_reset(down_dev);
3758         }
3759
3760         /* Now start the new core. */
3761         up_dev->phy.gmode = gmode;
3762         if (prev_status >= B43_STAT_INITIALIZED) {
3763                 err = b43_wireless_core_init(up_dev);
3764                 if (err) {
3765                         b43err(wl, "Fatal: Could not initialize device for "
3766                                "selected %s-GHz band\n",
3767                                band_to_string(chan->band));
3768                         goto init_failure;
3769                 }
3770         }
3771         if (prev_status >= B43_STAT_STARTED) {
3772                 err = b43_wireless_core_start(up_dev);
3773                 if (err) {
3774                         b43err(wl, "Fatal: Could not start device for "
3775                                "selected %s-GHz band\n",
3776                                band_to_string(chan->band));
3777                         b43_wireless_core_exit(up_dev);
3778                         goto init_failure;
3779                 }
3780         }
3781         B43_WARN_ON(b43_status(up_dev) != prev_status);
3782
3783         wl->current_dev = up_dev;
3784
3785         return 0;
3786 init_failure:
3787         /* Whoops, failed to init the new core. No core is operating now. */
3788         wl->current_dev = NULL;
3789         return err;
3790 }
3791
3792 /* Write the short and long frame retry limit values. */
3793 static void b43_set_retry_limits(struct b43_wldev *dev,
3794                                  unsigned int short_retry,
3795                                  unsigned int long_retry)
3796 {
3797         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3798          * the chip-internal counter. */
3799         short_retry = min(short_retry, (unsigned int)0xF);
3800         long_retry = min(long_retry, (unsigned int)0xF);
3801
3802         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3803                         short_retry);
3804         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3805                         long_retry);
3806 }
3807
3808 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3809 {
3810         struct b43_wl *wl = hw_to_b43_wl(hw);
3811         struct b43_wldev *dev;
3812         struct b43_phy *phy;
3813         struct ieee80211_conf *conf = &hw->conf;
3814         int antenna;
3815         int err = 0;
3816         bool reload_bss = false;
3817
3818         mutex_lock(&wl->mutex);
3819
3820         dev = wl->current_dev;
3821
3822         /* Switch the band (if necessary). This might change the active core. */
3823         err = b43_switch_band(wl, conf->channel);
3824         if (err)
3825                 goto out_unlock_mutex;
3826
3827         /* Need to reload all settings if the core changed */
3828         if (dev != wl->current_dev) {
3829                 dev = wl->current_dev;
3830                 changed = ~0;
3831                 reload_bss = true;
3832         }
3833
3834         phy = &dev->phy;
3835
3836         if (conf_is_ht(conf))
3837                 phy->is_40mhz =
3838                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3839         else
3840                 phy->is_40mhz = false;
3841
3842         b43_mac_suspend(dev);
3843
3844         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3845                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3846                                           conf->long_frame_max_tx_count);
3847         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3848         if (!changed)
3849                 goto out_mac_enable;
3850
3851         /* Switch to the requested channel.
3852          * The firmware takes care of races with the TX handler. */
3853         if (conf->channel->hw_value != phy->channel)
3854                 b43_switch_channel(dev, conf->channel->hw_value);
3855
3856         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3857
3858         /* Adjust the desired TX power level. */
3859         if (conf->power_level != 0) {
3860                 if (conf->power_level != phy->desired_txpower) {
3861                         phy->desired_txpower = conf->power_level;
3862                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3863                                                    B43_TXPWR_IGNORE_TSSI);
3864                 }
3865         }
3866
3867         /* Antennas for RX and management frame TX. */
3868         antenna = B43_ANTENNA_DEFAULT;
3869         b43_mgmtframe_txantenna(dev, antenna);
3870         antenna = B43_ANTENNA_DEFAULT;
3871         if (phy->ops->set_rx_antenna)
3872                 phy->ops->set_rx_antenna(dev, antenna);
3873
3874         if (wl->radio_enabled != phy->radio_on) {
3875                 if (wl->radio_enabled) {
3876                         b43_software_rfkill(dev, false);
3877                         b43info(dev->wl, "Radio turned on by software\n");
3878                         if (!dev->radio_hw_enable) {
3879                                 b43info(dev->wl, "The hardware RF-kill button "
3880                                         "still turns the radio physically off. "
3881                                         "Press the button to turn it on.\n");
3882                         }
3883                 } else {
3884                         b43_software_rfkill(dev, true);
3885                         b43info(dev->wl, "Radio turned off by software\n");
3886                 }
3887         }
3888
3889 out_mac_enable:
3890         b43_mac_enable(dev);
3891 out_unlock_mutex:
3892         mutex_unlock(&wl->mutex);
3893
3894         if (wl->vif && reload_bss)
3895                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3896
3897         return err;
3898 }
3899
3900 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3901 {
3902         struct ieee80211_supported_band *sband =
3903                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3904         struct ieee80211_rate *rate;
3905         int i;
3906         u16 basic, direct, offset, basic_offset, rateptr;
3907
3908         for (i = 0; i < sband->n_bitrates; i++) {
3909                 rate = &sband->bitrates[i];
3910
3911                 if (b43_is_cck_rate(rate->hw_value)) {
3912                         direct = B43_SHM_SH_CCKDIRECT;
3913                         basic = B43_SHM_SH_CCKBASIC;
3914                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3915                         offset &= 0xF;
3916                 } else {
3917                         direct = B43_SHM_SH_OFDMDIRECT;
3918                         basic = B43_SHM_SH_OFDMBASIC;
3919                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3920                         offset &= 0xF;
3921                 }
3922
3923                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3924
3925                 if (b43_is_cck_rate(rate->hw_value)) {
3926                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3927                         basic_offset &= 0xF;
3928                 } else {
3929                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3930                         basic_offset &= 0xF;
3931                 }
3932
3933                 /*
3934                  * Get the pointer that we need to point to
3935                  * from the direct map
3936                  */
3937                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3938                                          direct + 2 * basic_offset);
3939                 /* and write it to the basic map */
3940                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3941                                 rateptr);
3942         }
3943 }
3944
3945 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3946                                     struct ieee80211_vif *vif,
3947                                     struct ieee80211_bss_conf *conf,
3948                                     u32 changed)
3949 {
3950         struct b43_wl *wl = hw_to_b43_wl(hw);
3951         struct b43_wldev *dev;
3952
3953         mutex_lock(&wl->mutex);
3954
3955         dev = wl->current_dev;
3956         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3957                 goto out_unlock_mutex;
3958
3959         B43_WARN_ON(wl->vif != vif);
3960
3961         if (changed & BSS_CHANGED_BSSID) {
3962                 if (conf->bssid)
3963                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3964                 else
3965                         memset(wl->bssid, 0, ETH_ALEN);
3966         }
3967
3968         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3969                 if (changed & BSS_CHANGED_BEACON &&
3970                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3971                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3972                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3973                         b43_update_templates(wl);
3974
3975                 if (changed & BSS_CHANGED_BSSID)
3976                         b43_write_mac_bssid_templates(dev);
3977         }
3978
3979         b43_mac_suspend(dev);
3980
3981         /* Update templates for AP/mesh mode. */
3982         if (changed & BSS_CHANGED_BEACON_INT &&
3983             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3984              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3985              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3986             conf->beacon_int)
3987                 b43_set_beacon_int(dev, conf->beacon_int);
3988
3989         if (changed & BSS_CHANGED_BASIC_RATES)
3990                 b43_update_basic_rates(dev, conf->basic_rates);
3991
3992         if (changed & BSS_CHANGED_ERP_SLOT) {
3993                 if (conf->use_short_slot)
3994                         b43_short_slot_timing_enable(dev);
3995                 else
3996                         b43_short_slot_timing_disable(dev);
3997         }
3998
3999         b43_mac_enable(dev);
4000 out_unlock_mutex:
4001         mutex_unlock(&wl->mutex);
4002 }
4003
4004 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4005                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4006                           struct ieee80211_key_conf *key)
4007 {
4008         struct b43_wl *wl = hw_to_b43_wl(hw);
4009         struct b43_wldev *dev;
4010         u8 algorithm;
4011         u8 index;
4012         int err;
4013         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4014
4015         if (modparam_nohwcrypt)
4016                 return -ENOSPC; /* User disabled HW-crypto */
4017
4018         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4019              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4020             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4021              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4022             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4023                 /*
4024                  * For now, disable hw crypto for the RSN IBSS group keys. This
4025                  * could be optimized in the future, but until that gets
4026                  * implemented, use of software crypto for group addressed
4027                  * frames is a acceptable to allow RSN IBSS to be used.
4028                  */
4029                 return -EOPNOTSUPP;
4030         }
4031
4032         mutex_lock(&wl->mutex);
4033
4034         dev = wl->current_dev;
4035         err = -ENODEV;
4036         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4037                 goto out_unlock;
4038
4039         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4040                 /* We don't have firmware for the crypto engine.
4041                  * Must use software-crypto. */
4042                 err = -EOPNOTSUPP;
4043                 goto out_unlock;
4044         }
4045
4046         err = -EINVAL;
4047         switch (key->cipher) {
4048         case WLAN_CIPHER_SUITE_WEP40:
4049                 algorithm = B43_SEC_ALGO_WEP40;
4050                 break;
4051         case WLAN_CIPHER_SUITE_WEP104:
4052                 algorithm = B43_SEC_ALGO_WEP104;
4053                 break;
4054         case WLAN_CIPHER_SUITE_TKIP:
4055                 algorithm = B43_SEC_ALGO_TKIP;
4056                 break;
4057         case WLAN_CIPHER_SUITE_CCMP:
4058                 algorithm = B43_SEC_ALGO_AES;
4059                 break;
4060         default:
4061                 B43_WARN_ON(1);
4062                 goto out_unlock;
4063         }
4064         index = (u8) (key->keyidx);
4065         if (index > 3)
4066                 goto out_unlock;
4067
4068         switch (cmd) {
4069         case SET_KEY:
4070                 if (algorithm == B43_SEC_ALGO_TKIP &&
4071                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4072                     !modparam_hwtkip)) {
4073                         /* We support only pairwise key */
4074                         err = -EOPNOTSUPP;
4075                         goto out_unlock;
4076                 }
4077
4078                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4079                         if (WARN_ON(!sta)) {
4080                                 err = -EOPNOTSUPP;
4081                                 goto out_unlock;
4082                         }
4083                         /* Pairwise key with an assigned MAC address. */
4084                         err = b43_key_write(dev, -1, algorithm,
4085                                             key->key, key->keylen,
4086                                             sta->addr, key);
4087                 } else {
4088                         /* Group key */
4089                         err = b43_key_write(dev, index, algorithm,
4090                                             key->key, key->keylen, NULL, key);
4091                 }
4092                 if (err)
4093                         goto out_unlock;
4094
4095                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4096                     algorithm == B43_SEC_ALGO_WEP104) {
4097                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4098                 } else {
4099                         b43_hf_write(dev,
4100                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4101                 }
4102                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4103                 if (algorithm == B43_SEC_ALGO_TKIP)
4104                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4105                 break;
4106         case DISABLE_KEY: {
4107                 err = b43_key_clear(dev, key->hw_key_idx);
4108                 if (err)
4109                         goto out_unlock;
4110                 break;
4111         }
4112         default:
4113                 B43_WARN_ON(1);
4114         }
4115
4116 out_unlock:
4117         if (!err) {
4118                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4119                        "mac: %pM\n",
4120                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4121                        sta ? sta->addr : bcast_addr);
4122                 b43_dump_keymemory(dev);
4123         }
4124         mutex_unlock(&wl->mutex);
4125
4126         return err;
4127 }
4128
4129 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4130                                     unsigned int changed, unsigned int *fflags,
4131                                     u64 multicast)
4132 {
4133         struct b43_wl *wl = hw_to_b43_wl(hw);
4134         struct b43_wldev *dev;
4135
4136         mutex_lock(&wl->mutex);
4137         dev = wl->current_dev;
4138         if (!dev) {
4139                 *fflags = 0;
4140                 goto out_unlock;
4141         }
4142
4143         *fflags &= FIF_PROMISC_IN_BSS |
4144                   FIF_ALLMULTI |
4145                   FIF_FCSFAIL |
4146                   FIF_PLCPFAIL |
4147                   FIF_CONTROL |
4148                   FIF_OTHER_BSS |
4149                   FIF_BCN_PRBRESP_PROMISC;
4150
4151         changed &= FIF_PROMISC_IN_BSS |
4152                    FIF_ALLMULTI |
4153                    FIF_FCSFAIL |
4154                    FIF_PLCPFAIL |
4155                    FIF_CONTROL |
4156                    FIF_OTHER_BSS |
4157                    FIF_BCN_PRBRESP_PROMISC;
4158
4159         wl->filter_flags = *fflags;
4160
4161         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4162                 b43_adjust_opmode(dev);
4163
4164 out_unlock:
4165         mutex_unlock(&wl->mutex);
4166 }
4167
4168 /* Locking: wl->mutex
4169  * Returns the current dev. This might be different from the passed in dev,
4170  * because the core might be gone away while we unlocked the mutex. */
4171 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4172 {
4173         struct b43_wl *wl;
4174         struct b43_wldev *orig_dev;
4175         u32 mask;
4176         int queue_num;
4177
4178         if (!dev)
4179                 return NULL;
4180         wl = dev->wl;
4181 redo:
4182         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4183                 return dev;
4184
4185         /* Cancel work. Unlock to avoid deadlocks. */
4186         mutex_unlock(&wl->mutex);
4187         cancel_delayed_work_sync(&dev->periodic_work);
4188         cancel_work_sync(&wl->tx_work);
4189         cancel_work_sync(&wl->firmware_load);
4190         mutex_lock(&wl->mutex);
4191         dev = wl->current_dev;
4192         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4193                 /* Whoops, aliens ate up the device while we were unlocked. */
4194                 return dev;
4195         }
4196
4197         /* Disable interrupts on the device. */
4198         b43_set_status(dev, B43_STAT_INITIALIZED);
4199         if (b43_bus_host_is_sdio(dev->dev)) {
4200                 /* wl->mutex is locked. That is enough. */
4201                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4202                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4203         } else {
4204                 spin_lock_irq(&wl->hardirq_lock);
4205                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4206                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4207                 spin_unlock_irq(&wl->hardirq_lock);
4208         }
4209         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4210         orig_dev = dev;
4211         mutex_unlock(&wl->mutex);
4212         if (b43_bus_host_is_sdio(dev->dev)) {
4213                 b43_sdio_free_irq(dev);
4214         } else {
4215                 synchronize_irq(dev->dev->irq);
4216                 free_irq(dev->dev->irq, dev);
4217         }
4218         mutex_lock(&wl->mutex);
4219         dev = wl->current_dev;
4220         if (!dev)
4221                 return dev;
4222         if (dev != orig_dev) {
4223                 if (b43_status(dev) >= B43_STAT_STARTED)
4224                         goto redo;
4225                 return dev;
4226         }
4227         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4228         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4229
4230         /* Drain all TX queues. */
4231         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4232                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4233                         struct sk_buff *skb;
4234
4235                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4236                         ieee80211_free_txskb(wl->hw, skb);
4237                 }
4238         }
4239
4240         b43_mac_suspend(dev);
4241         b43_leds_exit(dev);
4242         b43dbg(wl, "Wireless interface stopped\n");
4243
4244         return dev;
4245 }
4246
4247 /* Locking: wl->mutex */
4248 static int b43_wireless_core_start(struct b43_wldev *dev)
4249 {
4250         int err;
4251
4252         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4253
4254         drain_txstatus_queue(dev);
4255         if (b43_bus_host_is_sdio(dev->dev)) {
4256                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4257                 if (err) {
4258                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4259                         goto out;
4260                 }
4261         } else {
4262                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4263                                            b43_interrupt_thread_handler,
4264                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4265                 if (err) {
4266                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4267                                dev->dev->irq);
4268                         goto out;
4269                 }
4270         }
4271
4272         /* We are ready to run. */
4273         ieee80211_wake_queues(dev->wl->hw);
4274         b43_set_status(dev, B43_STAT_STARTED);
4275
4276         /* Start data flow (TX/RX). */
4277         b43_mac_enable(dev);
4278         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4279
4280         /* Start maintenance work */
4281         b43_periodic_tasks_setup(dev);
4282
4283         b43_leds_init(dev);
4284
4285         b43dbg(dev->wl, "Wireless interface started\n");
4286 out:
4287         return err;
4288 }
4289
4290 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4291 {
4292         switch (phy_type) {
4293         case B43_PHYTYPE_A:
4294                 return "A";
4295         case B43_PHYTYPE_B:
4296                 return "B";
4297         case B43_PHYTYPE_G:
4298                 return "G";
4299         case B43_PHYTYPE_N:
4300                 return "N";
4301         case B43_PHYTYPE_LP:
4302                 return "LP";
4303         case B43_PHYTYPE_SSLPN:
4304                 return "SSLPN";
4305         case B43_PHYTYPE_HT:
4306                 return "HT";
4307         case B43_PHYTYPE_LCN:
4308                 return "LCN";
4309         case B43_PHYTYPE_LCNXN:
4310                 return "LCNXN";
4311         case B43_PHYTYPE_LCN40:
4312                 return "LCN40";
4313         case B43_PHYTYPE_AC:
4314                 return "AC";
4315         }
4316         return "UNKNOWN";
4317 }
4318
4319 /* Get PHY and RADIO versioning numbers */
4320 static int b43_phy_versioning(struct b43_wldev *dev)
4321 {
4322         struct b43_phy *phy = &dev->phy;
4323         u32 tmp;
4324         u8 analog_type;
4325         u8 phy_type;
4326         u8 phy_rev;
4327         u16 radio_manuf;
4328         u16 radio_ver;
4329         u16 radio_rev;
4330         int unsupported = 0;
4331
4332         /* Get PHY versioning */
4333         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4334         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4335         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4336         phy_rev = (tmp & B43_PHYVER_VERSION);
4337         switch (phy_type) {
4338         case B43_PHYTYPE_A:
4339                 if (phy_rev >= 4)
4340                         unsupported = 1;
4341                 break;
4342         case B43_PHYTYPE_B:
4343                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4344                     && phy_rev != 7)
4345                         unsupported = 1;
4346                 break;
4347         case B43_PHYTYPE_G:
4348                 if (phy_rev > 9)
4349                         unsupported = 1;
4350                 break;
4351 #ifdef CONFIG_B43_PHY_N
4352         case B43_PHYTYPE_N:
4353                 if (phy_rev > 9)
4354                         unsupported = 1;
4355                 break;
4356 #endif
4357 #ifdef CONFIG_B43_PHY_LP
4358         case B43_PHYTYPE_LP:
4359                 if (phy_rev > 2)
4360                         unsupported = 1;
4361                 break;
4362 #endif
4363 #ifdef CONFIG_B43_PHY_HT
4364         case B43_PHYTYPE_HT:
4365                 if (phy_rev > 1)
4366                         unsupported = 1;
4367                 break;
4368 #endif
4369 #ifdef CONFIG_B43_PHY_LCN
4370         case B43_PHYTYPE_LCN:
4371                 if (phy_rev > 1)
4372                         unsupported = 1;
4373                 break;
4374 #endif
4375         default:
4376                 unsupported = 1;
4377         }
4378         if (unsupported) {
4379                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4380                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4381                        phy_rev);
4382                 return -EOPNOTSUPP;
4383         }
4384         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4385                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4386
4387         /* Get RADIO versioning */
4388         if (dev->dev->core_rev >= 24) {
4389                 u16 radio24[3];
4390
4391                 for (tmp = 0; tmp < 3; tmp++) {
4392                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4393                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4394                 }
4395
4396                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4397                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4398
4399                 radio_manuf = 0x17F;
4400                 radio_ver = (radio24[2] << 8) | radio24[1];
4401                 radio_rev = (radio24[0] & 0xF);
4402         } else {
4403                 if (dev->dev->chip_id == 0x4317) {
4404                         if (dev->dev->chip_rev == 0)
4405                                 tmp = 0x3205017F;
4406                         else if (dev->dev->chip_rev == 1)
4407                                 tmp = 0x4205017F;
4408                         else
4409                                 tmp = 0x5205017F;
4410                 } else {
4411                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4412                                     B43_RADIOCTL_ID);
4413                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4414                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4415                                     B43_RADIOCTL_ID);
4416                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4417                                 << 16;
4418                 }
4419                 radio_manuf = (tmp & 0x00000FFF);
4420                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4421                 radio_rev = (tmp & 0xF0000000) >> 28;
4422         }
4423
4424         if (radio_manuf != 0x17F /* Broadcom */)
4425                 unsupported = 1;
4426         switch (phy_type) {
4427         case B43_PHYTYPE_A:
4428                 if (radio_ver != 0x2060)
4429                         unsupported = 1;
4430                 if (radio_rev != 1)
4431                         unsupported = 1;
4432                 if (radio_manuf != 0x17F)
4433                         unsupported = 1;
4434                 break;
4435         case B43_PHYTYPE_B:
4436                 if ((radio_ver & 0xFFF0) != 0x2050)
4437                         unsupported = 1;
4438                 break;
4439         case B43_PHYTYPE_G:
4440                 if (radio_ver != 0x2050)
4441                         unsupported = 1;
4442                 break;
4443         case B43_PHYTYPE_N:
4444                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4445                         unsupported = 1;
4446                 break;
4447         case B43_PHYTYPE_LP:
4448                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4449                         unsupported = 1;
4450                 break;
4451         case B43_PHYTYPE_HT:
4452                 if (radio_ver != 0x2059)
4453                         unsupported = 1;
4454                 break;
4455         case B43_PHYTYPE_LCN:
4456                 if (radio_ver != 0x2064)
4457                         unsupported = 1;
4458                 break;
4459         default:
4460                 B43_WARN_ON(1);
4461         }
4462         if (unsupported) {
4463                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4464                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4465                        radio_manuf, radio_ver, radio_rev);
4466                 return -EOPNOTSUPP;
4467         }
4468         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4469                radio_manuf, radio_ver, radio_rev);
4470
4471         phy->radio_manuf = radio_manuf;
4472         phy->radio_ver = radio_ver;
4473         phy->radio_rev = radio_rev;
4474
4475         phy->analog = analog_type;
4476         phy->type = phy_type;
4477         phy->rev = phy_rev;
4478
4479         return 0;
4480 }
4481
4482 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4483                                       struct b43_phy *phy)
4484 {
4485         phy->hardware_power_control = !!modparam_hwpctl;
4486         phy->next_txpwr_check_time = jiffies;
4487         /* PHY TX errors counter. */
4488         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4489
4490 #if B43_DEBUG
4491         phy->phy_locked = false;
4492         phy->radio_locked = false;
4493 #endif
4494 }
4495
4496 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4497 {
4498         dev->dfq_valid = false;
4499
4500         /* Assume the radio is enabled. If it's not enabled, the state will
4501          * immediately get fixed on the first periodic work run. */
4502         dev->radio_hw_enable = true;
4503
4504         /* Stats */
4505         memset(&dev->stats, 0, sizeof(dev->stats));
4506
4507         setup_struct_phy_for_init(dev, &dev->phy);
4508
4509         /* IRQ related flags */
4510         dev->irq_reason = 0;
4511         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4512         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4513         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4514                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4515
4516         dev->mac_suspended = 1;
4517
4518         /* Noise calculation context */
4519         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4520 }
4521
4522 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4523 {
4524         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4525         u64 hf;
4526
4527         if (!modparam_btcoex)
4528                 return;
4529         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4530                 return;
4531         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4532                 return;
4533
4534         hf = b43_hf_read(dev);
4535         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4536                 hf |= B43_HF_BTCOEXALT;
4537         else
4538                 hf |= B43_HF_BTCOEX;
4539         b43_hf_write(dev, hf);
4540 }
4541
4542 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4543 {
4544         if (!modparam_btcoex)
4545                 return;
4546         //TODO
4547 }
4548
4549 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4550 {
4551         struct ssb_bus *bus;
4552         u32 tmp;
4553
4554         if (dev->dev->bus_type != B43_BUS_SSB)
4555                 return;
4556
4557         bus = dev->dev->sdev->bus;
4558
4559         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4560             (bus->chip_id == 0x4312)) {
4561                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4562                 tmp &= ~SSB_IMCFGLO_REQTO;
4563                 tmp &= ~SSB_IMCFGLO_SERTO;
4564                 tmp |= 0x3;
4565                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4566                 ssb_commit_settings(bus);
4567         }
4568 }
4569
4570 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4571 {
4572         u16 pu_delay;
4573
4574         /* The time value is in microseconds. */
4575         if (dev->phy.type == B43_PHYTYPE_A)
4576                 pu_delay = 3700;
4577         else
4578                 pu_delay = 1050;
4579         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4580                 pu_delay = 500;
4581         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4582                 pu_delay = max(pu_delay, (u16)2400);
4583
4584         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4585 }
4586
4587 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4588 static void b43_set_pretbtt(struct b43_wldev *dev)
4589 {
4590         u16 pretbtt;
4591
4592         /* The time value is in microseconds. */
4593         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4594                 pretbtt = 2;
4595         } else {
4596                 if (dev->phy.type == B43_PHYTYPE_A)
4597                         pretbtt = 120;
4598                 else
4599                         pretbtt = 250;
4600         }
4601         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4602         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4603 }
4604
4605 /* Shutdown a wireless core */
4606 /* Locking: wl->mutex */
4607 static void b43_wireless_core_exit(struct b43_wldev *dev)
4608 {
4609         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4610         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4611                 return;
4612
4613         /* Unregister HW RNG driver */
4614         b43_rng_exit(dev->wl);
4615
4616         b43_set_status(dev, B43_STAT_UNINIT);
4617
4618         /* Stop the microcode PSM. */
4619         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4620                       B43_MACCTL_PSM_JMP0);
4621
4622         b43_dma_free(dev);
4623         b43_pio_free(dev);
4624         b43_chip_exit(dev);
4625         dev->phy.ops->switch_analog(dev, 0);
4626         if (dev->wl->current_beacon) {
4627                 dev_kfree_skb_any(dev->wl->current_beacon);
4628                 dev->wl->current_beacon = NULL;
4629         }
4630
4631         b43_device_disable(dev, 0);
4632         b43_bus_may_powerdown(dev);
4633 }
4634
4635 /* Initialize a wireless core */
4636 static int b43_wireless_core_init(struct b43_wldev *dev)
4637 {
4638         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4639         struct b43_phy *phy = &dev->phy;
4640         int err;
4641         u64 hf;
4642
4643         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4644
4645         err = b43_bus_powerup(dev, 0);
4646         if (err)
4647                 goto out;
4648         if (!b43_device_is_enabled(dev))
4649                 b43_wireless_core_reset(dev, phy->gmode);
4650
4651         /* Reset all data structures. */
4652         setup_struct_wldev_for_init(dev);
4653         phy->ops->prepare_structs(dev);
4654
4655         /* Enable IRQ routing to this device. */
4656         switch (dev->dev->bus_type) {
4657 #ifdef CONFIG_B43_BCMA
4658         case B43_BUS_BCMA:
4659                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4660                                       dev->dev->bdev, true);
4661                 break;
4662 #endif
4663 #ifdef CONFIG_B43_SSB
4664         case B43_BUS_SSB:
4665                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4666                                                dev->dev->sdev);
4667                 break;
4668 #endif
4669         }
4670
4671         b43_imcfglo_timeouts_workaround(dev);
4672         b43_bluetooth_coext_disable(dev);
4673         if (phy->ops->prepare_hardware) {
4674                 err = phy->ops->prepare_hardware(dev);
4675                 if (err)
4676                         goto err_busdown;
4677         }
4678         err = b43_chip_init(dev);
4679         if (err)
4680                 goto err_busdown;
4681         b43_shm_write16(dev, B43_SHM_SHARED,
4682                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4683         hf = b43_hf_read(dev);
4684         if (phy->type == B43_PHYTYPE_G) {
4685                 hf |= B43_HF_SYMW;
4686                 if (phy->rev == 1)
4687                         hf |= B43_HF_GDCW;
4688                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4689                         hf |= B43_HF_OFDMPABOOST;
4690         }
4691         if (phy->radio_ver == 0x2050) {
4692                 if (phy->radio_rev == 6)
4693                         hf |= B43_HF_4318TSSI;
4694                 if (phy->radio_rev < 6)
4695                         hf |= B43_HF_VCORECALC;
4696         }
4697         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4698                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4699 #ifdef CONFIG_SSB_DRIVER_PCICORE
4700         if (dev->dev->bus_type == B43_BUS_SSB &&
4701             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4702             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4703                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4704 #endif
4705         hf &= ~B43_HF_SKCFPUP;
4706         b43_hf_write(dev, hf);
4707
4708         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4709                              B43_DEFAULT_LONG_RETRY_LIMIT);
4710         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4711         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4712
4713         /* Disable sending probe responses from firmware.
4714          * Setting the MaxTime to one usec will always trigger
4715          * a timeout, so we never send any probe resp.
4716          * A timeout of zero is infinite. */
4717         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4718
4719         b43_rate_memory_init(dev);
4720         b43_set_phytxctl_defaults(dev);
4721
4722         /* Minimum Contention Window */
4723         if (phy->type == B43_PHYTYPE_B)
4724                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4725         else
4726                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4727         /* Maximum Contention Window */
4728         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4729
4730         if (b43_bus_host_is_pcmcia(dev->dev) ||
4731             b43_bus_host_is_sdio(dev->dev)) {
4732                 dev->__using_pio_transfers = true;
4733                 err = b43_pio_init(dev);
4734         } else if (dev->use_pio) {
4735                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4736                         "This should not be needed and will result in lower "
4737                         "performance.\n");
4738                 dev->__using_pio_transfers = true;
4739                 err = b43_pio_init(dev);
4740         } else {
4741                 dev->__using_pio_transfers = false;
4742                 err = b43_dma_init(dev);
4743         }
4744         if (err)
4745                 goto err_chip_exit;
4746         b43_qos_init(dev);
4747         b43_set_synth_pu_delay(dev, 1);
4748         b43_bluetooth_coext_enable(dev);
4749
4750         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4751         b43_upload_card_macaddress(dev);
4752         b43_security_init(dev);
4753
4754         ieee80211_wake_queues(dev->wl->hw);
4755
4756         b43_set_status(dev, B43_STAT_INITIALIZED);
4757
4758         /* Register HW RNG driver */
4759         b43_rng_init(dev->wl);
4760
4761 out:
4762         return err;
4763
4764 err_chip_exit:
4765         b43_chip_exit(dev);
4766 err_busdown:
4767         b43_bus_may_powerdown(dev);
4768         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4769         return err;
4770 }
4771
4772 static int b43_op_add_interface(struct ieee80211_hw *hw,
4773                                 struct ieee80211_vif *vif)
4774 {
4775         struct b43_wl *wl = hw_to_b43_wl(hw);
4776         struct b43_wldev *dev;
4777         int err = -EOPNOTSUPP;
4778
4779         /* TODO: allow WDS/AP devices to coexist */
4780
4781         if (vif->type != NL80211_IFTYPE_AP &&
4782             vif->type != NL80211_IFTYPE_MESH_POINT &&
4783             vif->type != NL80211_IFTYPE_STATION &&
4784             vif->type != NL80211_IFTYPE_WDS &&
4785             vif->type != NL80211_IFTYPE_ADHOC)
4786                 return -EOPNOTSUPP;
4787
4788         mutex_lock(&wl->mutex);
4789         if (wl->operating)
4790                 goto out_mutex_unlock;
4791
4792         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4793
4794         dev = wl->current_dev;
4795         wl->operating = true;
4796         wl->vif = vif;
4797         wl->if_type = vif->type;
4798         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4799
4800         b43_adjust_opmode(dev);
4801         b43_set_pretbtt(dev);
4802         b43_set_synth_pu_delay(dev, 0);
4803         b43_upload_card_macaddress(dev);
4804
4805         err = 0;
4806  out_mutex_unlock:
4807         mutex_unlock(&wl->mutex);
4808
4809         if (err == 0)
4810                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4811
4812         return err;
4813 }
4814
4815 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4816                                     struct ieee80211_vif *vif)
4817 {
4818         struct b43_wl *wl = hw_to_b43_wl(hw);
4819         struct b43_wldev *dev = wl->current_dev;
4820
4821         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4822
4823         mutex_lock(&wl->mutex);
4824
4825         B43_WARN_ON(!wl->operating);
4826         B43_WARN_ON(wl->vif != vif);
4827         wl->vif = NULL;
4828
4829         wl->operating = false;
4830
4831         b43_adjust_opmode(dev);
4832         memset(wl->mac_addr, 0, ETH_ALEN);
4833         b43_upload_card_macaddress(dev);
4834
4835         mutex_unlock(&wl->mutex);
4836 }
4837
4838 static int b43_op_start(struct ieee80211_hw *hw)
4839 {
4840         struct b43_wl *wl = hw_to_b43_wl(hw);
4841         struct b43_wldev *dev = wl->current_dev;
4842         int did_init = 0;
4843         int err = 0;
4844
4845         /* Kill all old instance specific information to make sure
4846          * the card won't use it in the short timeframe between start
4847          * and mac80211 reconfiguring it. */
4848         memset(wl->bssid, 0, ETH_ALEN);
4849         memset(wl->mac_addr, 0, ETH_ALEN);
4850         wl->filter_flags = 0;
4851         wl->radiotap_enabled = false;
4852         b43_qos_clear(wl);
4853         wl->beacon0_uploaded = false;
4854         wl->beacon1_uploaded = false;
4855         wl->beacon_templates_virgin = true;
4856         wl->radio_enabled = true;
4857
4858         mutex_lock(&wl->mutex);
4859
4860         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4861                 err = b43_wireless_core_init(dev);
4862                 if (err)
4863                         goto out_mutex_unlock;
4864                 did_init = 1;
4865         }
4866
4867         if (b43_status(dev) < B43_STAT_STARTED) {
4868                 err = b43_wireless_core_start(dev);
4869                 if (err) {
4870                         if (did_init)
4871                                 b43_wireless_core_exit(dev);
4872                         goto out_mutex_unlock;
4873                 }
4874         }
4875
4876         /* XXX: only do if device doesn't support rfkill irq */
4877         wiphy_rfkill_start_polling(hw->wiphy);
4878
4879  out_mutex_unlock:
4880         mutex_unlock(&wl->mutex);
4881
4882         /*
4883          * Configuration may have been overwritten during initialization.
4884          * Reload the configuration, but only if initialization was
4885          * successful. Reloading the configuration after a failed init
4886          * may hang the system.
4887          */
4888         if (!err)
4889                 b43_op_config(hw, ~0);
4890
4891         return err;
4892 }
4893
4894 static void b43_op_stop(struct ieee80211_hw *hw)
4895 {
4896         struct b43_wl *wl = hw_to_b43_wl(hw);
4897         struct b43_wldev *dev = wl->current_dev;
4898
4899         cancel_work_sync(&(wl->beacon_update_trigger));
4900
4901         if (!dev)
4902                 goto out;
4903
4904         mutex_lock(&wl->mutex);
4905         if (b43_status(dev) >= B43_STAT_STARTED) {
4906                 dev = b43_wireless_core_stop(dev);
4907                 if (!dev)
4908                         goto out_unlock;
4909         }
4910         b43_wireless_core_exit(dev);
4911         wl->radio_enabled = false;
4912
4913 out_unlock:
4914         mutex_unlock(&wl->mutex);
4915 out:
4916         cancel_work_sync(&(wl->txpower_adjust_work));
4917 }
4918
4919 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4920                                  struct ieee80211_sta *sta, bool set)
4921 {
4922         struct b43_wl *wl = hw_to_b43_wl(hw);
4923
4924         /* FIXME: add locking */
4925         b43_update_templates(wl);
4926
4927         return 0;
4928 }
4929
4930 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4931                               struct ieee80211_vif *vif,
4932                               enum sta_notify_cmd notify_cmd,
4933                               struct ieee80211_sta *sta)
4934 {
4935         struct b43_wl *wl = hw_to_b43_wl(hw);
4936
4937         B43_WARN_ON(!vif || wl->vif != vif);
4938 }
4939
4940 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4941 {
4942         struct b43_wl *wl = hw_to_b43_wl(hw);
4943         struct b43_wldev *dev;
4944
4945         mutex_lock(&wl->mutex);
4946         dev = wl->current_dev;
4947         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4948                 /* Disable CFP update during scan on other channels. */
4949                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4950         }
4951         mutex_unlock(&wl->mutex);
4952 }
4953
4954 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4955 {
4956         struct b43_wl *wl = hw_to_b43_wl(hw);
4957         struct b43_wldev *dev;
4958
4959         mutex_lock(&wl->mutex);
4960         dev = wl->current_dev;
4961         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4962                 /* Re-enable CFP update. */
4963                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4964         }
4965         mutex_unlock(&wl->mutex);
4966 }
4967
4968 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4969                              struct survey_info *survey)
4970 {
4971         struct b43_wl *wl = hw_to_b43_wl(hw);
4972         struct b43_wldev *dev = wl->current_dev;
4973         struct ieee80211_conf *conf = &hw->conf;
4974
4975         if (idx != 0)
4976                 return -ENOENT;
4977
4978         survey->channel = conf->channel;
4979         survey->filled = SURVEY_INFO_NOISE_DBM;
4980         survey->noise = dev->stats.link_noise;
4981
4982         return 0;
4983 }
4984
4985 static const struct ieee80211_ops b43_hw_ops = {
4986         .tx                     = b43_op_tx,
4987         .conf_tx                = b43_op_conf_tx,
4988         .add_interface          = b43_op_add_interface,
4989         .remove_interface       = b43_op_remove_interface,
4990         .config                 = b43_op_config,
4991         .bss_info_changed       = b43_op_bss_info_changed,
4992         .configure_filter       = b43_op_configure_filter,
4993         .set_key                = b43_op_set_key,
4994         .update_tkip_key        = b43_op_update_tkip_key,
4995         .get_stats              = b43_op_get_stats,
4996         .get_tsf                = b43_op_get_tsf,
4997         .set_tsf                = b43_op_set_tsf,
4998         .start                  = b43_op_start,
4999         .stop                   = b43_op_stop,
5000         .set_tim                = b43_op_beacon_set_tim,
5001         .sta_notify             = b43_op_sta_notify,
5002         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5003         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5004         .get_survey             = b43_op_get_survey,
5005         .rfkill_poll            = b43_rfkill_poll,
5006 };
5007
5008 /* Hard-reset the chip. Do not call this directly.
5009  * Use b43_controller_restart()
5010  */
5011 static void b43_chip_reset(struct work_struct *work)
5012 {
5013         struct b43_wldev *dev =
5014             container_of(work, struct b43_wldev, restart_work);
5015         struct b43_wl *wl = dev->wl;
5016         int err = 0;
5017         int prev_status;
5018
5019         mutex_lock(&wl->mutex);
5020
5021         prev_status = b43_status(dev);
5022         /* Bring the device down... */
5023         if (prev_status >= B43_STAT_STARTED) {
5024                 dev = b43_wireless_core_stop(dev);
5025                 if (!dev) {
5026                         err = -ENODEV;
5027                         goto out;
5028                 }
5029         }
5030         if (prev_status >= B43_STAT_INITIALIZED)
5031                 b43_wireless_core_exit(dev);
5032
5033         /* ...and up again. */
5034         if (prev_status >= B43_STAT_INITIALIZED) {
5035                 err = b43_wireless_core_init(dev);
5036                 if (err)
5037                         goto out;
5038         }
5039         if (prev_status >= B43_STAT_STARTED) {
5040                 err = b43_wireless_core_start(dev);
5041                 if (err) {
5042                         b43_wireless_core_exit(dev);
5043                         goto out;
5044                 }
5045         }
5046 out:
5047         if (err)
5048                 wl->current_dev = NULL; /* Failed to init the dev. */
5049         mutex_unlock(&wl->mutex);
5050
5051         if (err) {
5052                 b43err(wl, "Controller restart FAILED\n");
5053                 return;
5054         }
5055
5056         /* reload configuration */
5057         b43_op_config(wl->hw, ~0);
5058         if (wl->vif)
5059                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5060
5061         b43info(wl, "Controller restarted\n");
5062 }
5063
5064 static int b43_setup_bands(struct b43_wldev *dev,
5065                            bool have_2ghz_phy, bool have_5ghz_phy)
5066 {
5067         struct ieee80211_hw *hw = dev->wl->hw;
5068
5069         if (have_2ghz_phy)
5070                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5071         if (dev->phy.type == B43_PHYTYPE_N) {
5072                 if (have_5ghz_phy)
5073                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5074         } else {
5075                 if (have_5ghz_phy)
5076                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5077         }
5078
5079         dev->phy.supports_2ghz = have_2ghz_phy;
5080         dev->phy.supports_5ghz = have_5ghz_phy;
5081
5082         return 0;
5083 }
5084
5085 static void b43_wireless_core_detach(struct b43_wldev *dev)
5086 {
5087         /* We release firmware that late to not be required to re-request
5088          * is all the time when we reinit the core. */
5089         b43_release_firmware(dev);
5090         b43_phy_free(dev);
5091 }
5092
5093 static int b43_wireless_core_attach(struct b43_wldev *dev)
5094 {
5095         struct b43_wl *wl = dev->wl;
5096         struct pci_dev *pdev = NULL;
5097         int err;
5098         u32 tmp;
5099         bool have_2ghz_phy = false, have_5ghz_phy = false;
5100
5101         /* Do NOT do any device initialization here.
5102          * Do it in wireless_core_init() instead.
5103          * This function is for gathering basic information about the HW, only.
5104          * Also some structs may be set up here. But most likely you want to have
5105          * that in core_init(), too.
5106          */
5107
5108 #ifdef CONFIG_B43_SSB
5109         if (dev->dev->bus_type == B43_BUS_SSB &&
5110             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5111                 pdev = dev->dev->sdev->bus->host_pci;
5112 #endif
5113
5114         err = b43_bus_powerup(dev, 0);
5115         if (err) {
5116                 b43err(wl, "Bus powerup failed\n");
5117                 goto out;
5118         }
5119
5120         /* Get the PHY type. */
5121         switch (dev->dev->bus_type) {
5122 #ifdef CONFIG_B43_BCMA
5123         case B43_BUS_BCMA:
5124                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5125                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5126                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5127                 break;
5128 #endif
5129 #ifdef CONFIG_B43_SSB
5130         case B43_BUS_SSB:
5131                 if (dev->dev->core_rev >= 5) {
5132                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5133                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5134                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5135                 } else
5136                         B43_WARN_ON(1);
5137                 break;
5138 #endif
5139         }
5140
5141         dev->phy.gmode = have_2ghz_phy;
5142         dev->phy.radio_on = true;
5143         b43_wireless_core_reset(dev, dev->phy.gmode);
5144
5145         err = b43_phy_versioning(dev);
5146         if (err)
5147                 goto err_powerdown;
5148         /* Check if this device supports multiband. */
5149         if (!pdev ||
5150             (pdev->device != 0x4312 &&
5151              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5152                 /* No multiband support. */
5153                 have_2ghz_phy = false;
5154                 have_5ghz_phy = false;
5155                 switch (dev->phy.type) {
5156                 case B43_PHYTYPE_A:
5157                         have_5ghz_phy = true;
5158                         break;
5159                 case B43_PHYTYPE_LP: //FIXME not always!
5160 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5161                         have_5ghz_phy = 1;
5162 #endif
5163                 case B43_PHYTYPE_G:
5164                 case B43_PHYTYPE_N:
5165                 case B43_PHYTYPE_HT:
5166                 case B43_PHYTYPE_LCN:
5167                         have_2ghz_phy = true;
5168                         break;
5169                 default:
5170                         B43_WARN_ON(1);
5171                 }
5172         }
5173         if (dev->phy.type == B43_PHYTYPE_A) {
5174                 /* FIXME */
5175                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5176                 err = -EOPNOTSUPP;
5177                 goto err_powerdown;
5178         }
5179         if (1 /* disable A-PHY */) {
5180                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5181                 if (dev->phy.type != B43_PHYTYPE_N &&
5182                     dev->phy.type != B43_PHYTYPE_LP) {
5183                         have_2ghz_phy = true;
5184                         have_5ghz_phy = false;
5185                 }
5186         }
5187
5188         err = b43_phy_allocate(dev);
5189         if (err)
5190                 goto err_powerdown;
5191
5192         dev->phy.gmode = have_2ghz_phy;
5193         b43_wireless_core_reset(dev, dev->phy.gmode);
5194
5195         err = b43_validate_chipaccess(dev);
5196         if (err)
5197                 goto err_phy_free;
5198         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5199         if (err)
5200                 goto err_phy_free;
5201
5202         /* Now set some default "current_dev" */
5203         if (!wl->current_dev)
5204                 wl->current_dev = dev;
5205         INIT_WORK(&dev->restart_work, b43_chip_reset);
5206
5207         dev->phy.ops->switch_analog(dev, 0);
5208         b43_device_disable(dev, 0);
5209         b43_bus_may_powerdown(dev);
5210
5211 out:
5212         return err;
5213
5214 err_phy_free:
5215         b43_phy_free(dev);
5216 err_powerdown:
5217         b43_bus_may_powerdown(dev);
5218         return err;
5219 }
5220
5221 static void b43_one_core_detach(struct b43_bus_dev *dev)
5222 {
5223         struct b43_wldev *wldev;
5224         struct b43_wl *wl;
5225
5226         /* Do not cancel ieee80211-workqueue based work here.
5227          * See comment in b43_remove(). */
5228
5229         wldev = b43_bus_get_wldev(dev);
5230         wl = wldev->wl;
5231         b43_debugfs_remove_device(wldev);
5232         b43_wireless_core_detach(wldev);
5233         list_del(&wldev->list);
5234         wl->nr_devs--;
5235         b43_bus_set_wldev(dev, NULL);
5236         kfree(wldev);
5237 }
5238
5239 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5240 {
5241         struct b43_wldev *wldev;
5242         int err = -ENOMEM;
5243
5244         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5245         if (!wldev)
5246                 goto out;
5247
5248         wldev->use_pio = b43_modparam_pio;
5249         wldev->dev = dev;
5250         wldev->wl = wl;
5251         b43_set_status(wldev, B43_STAT_UNINIT);
5252         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5253         INIT_LIST_HEAD(&wldev->list);
5254
5255         err = b43_wireless_core_attach(wldev);
5256         if (err)
5257                 goto err_kfree_wldev;
5258
5259         list_add(&wldev->list, &wl->devlist);
5260         wl->nr_devs++;
5261         b43_bus_set_wldev(dev, wldev);
5262         b43_debugfs_add_device(wldev);
5263
5264       out:
5265         return err;
5266
5267       err_kfree_wldev:
5268         kfree(wldev);
5269         return err;
5270 }
5271
5272 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5273         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5274         (pdev->device == _device) &&                                    \
5275         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5276         (pdev->subsystem_device == _subdevice)                          )
5277
5278 static void b43_sprom_fixup(struct ssb_bus *bus)
5279 {
5280         struct pci_dev *pdev;
5281
5282         /* boardflags workarounds */
5283         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5284             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5285                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5286         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5287             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5288                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5289         if (bus->bustype == SSB_BUSTYPE_PCI) {
5290                 pdev = bus->host_pci;
5291                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5292                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5293                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5294                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5295                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5296                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5297                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5298                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5299         }
5300 }
5301
5302 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5303 {
5304         struct ieee80211_hw *hw = wl->hw;
5305
5306         ssb_set_devtypedata(dev->sdev, NULL);
5307         ieee80211_free_hw(hw);
5308 }
5309
5310 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5311 {
5312         struct ssb_sprom *sprom = dev->bus_sprom;
5313         struct ieee80211_hw *hw;
5314         struct b43_wl *wl;
5315         char chip_name[6];
5316         int queue_num;
5317
5318         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5319         if (!hw) {
5320                 b43err(NULL, "Could not allocate ieee80211 device\n");
5321                 return ERR_PTR(-ENOMEM);
5322         }
5323         wl = hw_to_b43_wl(hw);
5324
5325         /* fill hw info */
5326         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5327                     IEEE80211_HW_SIGNAL_DBM;
5328
5329         hw->wiphy->interface_modes =
5330                 BIT(NL80211_IFTYPE_AP) |
5331                 BIT(NL80211_IFTYPE_MESH_POINT) |
5332                 BIT(NL80211_IFTYPE_STATION) |
5333                 BIT(NL80211_IFTYPE_WDS) |
5334                 BIT(NL80211_IFTYPE_ADHOC);
5335
5336         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5337
5338         wl->hw_registred = false;
5339         hw->max_rates = 2;
5340         SET_IEEE80211_DEV(hw, dev->dev);
5341         if (is_valid_ether_addr(sprom->et1mac))
5342                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5343         else
5344                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5345
5346         /* Initialize struct b43_wl */
5347         wl->hw = hw;
5348         mutex_init(&wl->mutex);
5349         spin_lock_init(&wl->hardirq_lock);
5350         INIT_LIST_HEAD(&wl->devlist);
5351         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5352         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5353         INIT_WORK(&wl->tx_work, b43_tx_work);
5354
5355         /* Initialize queues and flags. */
5356         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5357                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5358                 wl->tx_queue_stopped[queue_num] = 0;
5359         }
5360
5361         snprintf(chip_name, ARRAY_SIZE(chip_name),
5362                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5363         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5364                 dev->core_rev);
5365         return wl;
5366 }
5367
5368 #ifdef CONFIG_B43_BCMA
5369 static int b43_bcma_probe(struct bcma_device *core)
5370 {
5371         struct b43_bus_dev *dev;
5372         struct b43_wl *wl;
5373         int err;
5374
5375         dev = b43_bus_dev_bcma_init(core);
5376         if (!dev)
5377                 return -ENODEV;
5378
5379         wl = b43_wireless_init(dev);
5380         if (IS_ERR(wl)) {
5381                 err = PTR_ERR(wl);
5382                 goto bcma_out;
5383         }
5384
5385         err = b43_one_core_attach(dev, wl);
5386         if (err)
5387                 goto bcma_err_wireless_exit;
5388
5389         /* setup and start work to load firmware */
5390         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5391         schedule_work(&wl->firmware_load);
5392
5393 bcma_out:
5394         return err;
5395
5396 bcma_err_wireless_exit:
5397         ieee80211_free_hw(wl->hw);
5398         return err;
5399 }
5400
5401 static void b43_bcma_remove(struct bcma_device *core)
5402 {
5403         struct b43_wldev *wldev = bcma_get_drvdata(core);
5404         struct b43_wl *wl = wldev->wl;
5405
5406         /* We must cancel any work here before unregistering from ieee80211,
5407          * as the ieee80211 unreg will destroy the workqueue. */
5408         cancel_work_sync(&wldev->restart_work);
5409
5410         B43_WARN_ON(!wl);
5411         if (!wldev->fw.ucode.data)
5412                 return;                 /* NULL if firmware never loaded */
5413         if (wl->current_dev == wldev && wl->hw_registred) {
5414                 b43_leds_stop(wldev);
5415                 ieee80211_unregister_hw(wl->hw);
5416         }
5417
5418         b43_one_core_detach(wldev->dev);
5419
5420         b43_leds_unregister(wl);
5421
5422         ieee80211_free_hw(wl->hw);
5423 }
5424
5425 static struct bcma_driver b43_bcma_driver = {
5426         .name           = KBUILD_MODNAME,
5427         .id_table       = b43_bcma_tbl,
5428         .probe          = b43_bcma_probe,
5429         .remove         = b43_bcma_remove,
5430 };
5431 #endif
5432
5433 #ifdef CONFIG_B43_SSB
5434 static
5435 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5436 {
5437         struct b43_bus_dev *dev;
5438         struct b43_wl *wl;
5439         int err;
5440         int first = 0;
5441
5442         dev = b43_bus_dev_ssb_init(sdev);
5443         if (!dev)
5444                 return -ENOMEM;
5445
5446         wl = ssb_get_devtypedata(sdev);
5447         if (!wl) {
5448                 /* Probing the first core. Must setup common struct b43_wl */
5449                 first = 1;
5450                 b43_sprom_fixup(sdev->bus);
5451                 wl = b43_wireless_init(dev);
5452                 if (IS_ERR(wl)) {
5453                         err = PTR_ERR(wl);
5454                         goto out;
5455                 }
5456                 ssb_set_devtypedata(sdev, wl);
5457                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5458         }
5459         err = b43_one_core_attach(dev, wl);
5460         if (err)
5461                 goto err_wireless_exit;
5462
5463         /* setup and start work to load firmware */
5464         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5465         schedule_work(&wl->firmware_load);
5466
5467       out:
5468         return err;
5469
5470       err_wireless_exit:
5471         if (first)
5472                 b43_wireless_exit(dev, wl);
5473         return err;
5474 }
5475
5476 static void b43_ssb_remove(struct ssb_device *sdev)
5477 {
5478         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5479         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5480         struct b43_bus_dev *dev = wldev->dev;
5481
5482         /* We must cancel any work here before unregistering from ieee80211,
5483          * as the ieee80211 unreg will destroy the workqueue. */
5484         cancel_work_sync(&wldev->restart_work);
5485
5486         B43_WARN_ON(!wl);
5487         if (!wldev->fw.ucode.data)
5488                 return;                 /* NULL if firmware never loaded */
5489         if (wl->current_dev == wldev && wl->hw_registred) {
5490                 b43_leds_stop(wldev);
5491                 ieee80211_unregister_hw(wl->hw);
5492         }
5493
5494         b43_one_core_detach(dev);
5495
5496         if (list_empty(&wl->devlist)) {
5497                 b43_leds_unregister(wl);
5498                 /* Last core on the chip unregistered.
5499                  * We can destroy common struct b43_wl.
5500                  */
5501                 b43_wireless_exit(dev, wl);
5502         }
5503 }
5504
5505 static struct ssb_driver b43_ssb_driver = {
5506         .name           = KBUILD_MODNAME,
5507         .id_table       = b43_ssb_tbl,
5508         .probe          = b43_ssb_probe,
5509         .remove         = b43_ssb_remove,
5510 };
5511 #endif /* CONFIG_B43_SSB */
5512
5513 /* Perform a hardware reset. This can be called from any context. */
5514 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5515 {
5516         /* Must avoid requeueing, if we are in shutdown. */
5517         if (b43_status(dev) < B43_STAT_INITIALIZED)
5518                 return;
5519         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5520         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5521 }
5522
5523 static void b43_print_driverinfo(void)
5524 {
5525         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5526                    *feat_leds = "", *feat_sdio = "";
5527
5528 #ifdef CONFIG_B43_PCI_AUTOSELECT
5529         feat_pci = "P";
5530 #endif
5531 #ifdef CONFIG_B43_PCMCIA
5532         feat_pcmcia = "M";
5533 #endif
5534 #ifdef CONFIG_B43_PHY_N
5535         feat_nphy = "N";
5536 #endif
5537 #ifdef CONFIG_B43_LEDS
5538         feat_leds = "L";
5539 #endif
5540 #ifdef CONFIG_B43_SDIO
5541         feat_sdio = "S";
5542 #endif
5543         printk(KERN_INFO "Broadcom 43xx driver loaded "
5544                "[ Features: %s%s%s%s%s ]\n",
5545                feat_pci, feat_pcmcia, feat_nphy,
5546                feat_leds, feat_sdio);
5547 }
5548
5549 static int __init b43_init(void)
5550 {
5551         int err;
5552
5553         b43_debugfs_init();
5554         err = b43_pcmcia_init();
5555         if (err)
5556                 goto err_dfs_exit;
5557         err = b43_sdio_init();
5558         if (err)
5559                 goto err_pcmcia_exit;
5560 #ifdef CONFIG_B43_BCMA
5561         err = bcma_driver_register(&b43_bcma_driver);
5562         if (err)
5563                 goto err_sdio_exit;
5564 #endif
5565 #ifdef CONFIG_B43_SSB
5566         err = ssb_driver_register(&b43_ssb_driver);
5567         if (err)
5568                 goto err_bcma_driver_exit;
5569 #endif
5570         b43_print_driverinfo();
5571
5572         return err;
5573
5574 #ifdef CONFIG_B43_SSB
5575 err_bcma_driver_exit:
5576 #endif
5577 #ifdef CONFIG_B43_BCMA
5578         bcma_driver_unregister(&b43_bcma_driver);
5579 err_sdio_exit:
5580 #endif
5581         b43_sdio_exit();
5582 err_pcmcia_exit:
5583         b43_pcmcia_exit();
5584 err_dfs_exit:
5585         b43_debugfs_exit();
5586         return err;
5587 }
5588
5589 static void __exit b43_exit(void)
5590 {
5591 #ifdef CONFIG_B43_SSB
5592         ssb_driver_unregister(&b43_ssb_driver);
5593 #endif
5594 #ifdef CONFIG_B43_BCMA
5595         bcma_driver_unregister(&b43_bcma_driver);
5596 #endif
5597         b43_sdio_exit();
5598         b43_pcmcia_exit();
5599         b43_debugfs_exit();
5600 }
5601
5602 module_init(b43_init)
5603 module_exit(b43_exit)
Linux kernel for KaRo TX COM modules