]> git.kernelconcepts.de Git - karo-tx-linux.git/blob - drivers/net/wireless/b43/main.c
projects / karo-tx-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdim...
[karo-tx-linux.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
126         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
127         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
128         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
129         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
130         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
131         {},
132 };
133 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
134 #endif
135
136 #ifdef CONFIG_B43_SSB
137 static const struct ssb_device_id b43_ssb_tbl[] = {
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
143         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
144         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
145         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
146         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
147         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
148         {},
149 };
150 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
151 #endif
152
153 /* Channel and ratetables are shared for all devices.
154  * They can't be const, because ieee80211 puts some precalculated
155  * data in there. This data is the same for all devices, so we don't
156  * get concurrency issues */
157 #define RATETAB_ENT(_rateid, _flags) \
158         {                                                               \
159                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
160                 .hw_value       = (_rateid),                            \
161                 .flags          = (_flags),                             \
162         }
163
164 /*
165  * NOTE: When changing this, sync with xmit.c's
166  *       b43_plcp_get_bitrate_idx_* functions!
167  */
168 static struct ieee80211_rate __b43_ratetable[] = {
169         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
170         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
171         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
172         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
173         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
176         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
177         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
178         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
179         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
180         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
181 };
182
183 #define b43_a_ratetable         (__b43_ratetable + 4)
184 #define b43_a_ratetable_size    8
185 #define b43_b_ratetable         (__b43_ratetable + 0)
186 #define b43_b_ratetable_size    4
187 #define b43_g_ratetable         (__b43_ratetable + 0)
188 #define b43_g_ratetable_size    12
189
190 #define CHAN2G(_channel, _freq, _flags) {                       \
191         .band                   = IEEE80211_BAND_2GHZ,          \
192         .center_freq            = (_freq),                      \
193         .hw_value               = (_channel),                   \
194         .flags                  = (_flags),                     \
195         .max_antenna_gain       = 0,                            \
196         .max_power              = 30,                           \
197 }
198 static struct ieee80211_channel b43_2ghz_chantable[] = {
199         CHAN2G(1, 2412, 0),
200         CHAN2G(2, 2417, 0),
201         CHAN2G(3, 2422, 0),
202         CHAN2G(4, 2427, 0),
203         CHAN2G(5, 2432, 0),
204         CHAN2G(6, 2437, 0),
205         CHAN2G(7, 2442, 0),
206         CHAN2G(8, 2447, 0),
207         CHAN2G(9, 2452, 0),
208         CHAN2G(10, 2457, 0),
209         CHAN2G(11, 2462, 0),
210         CHAN2G(12, 2467, 0),
211         CHAN2G(13, 2472, 0),
212         CHAN2G(14, 2484, 0),
213 };
214
215 /* No support for the last 3 channels (12, 13, 14) */
216 #define b43_2ghz_chantable_limited_size         11
217 #undef CHAN2G
218
219 #define CHAN4G(_channel, _flags) {                              \
220         .band                   = IEEE80211_BAND_5GHZ,          \
221         .center_freq            = 4000 + (5 * (_channel)),      \
222         .hw_value               = (_channel),                   \
223         .flags                  = (_flags),                     \
224         .max_antenna_gain       = 0,                            \
225         .max_power              = 30,                           \
226 }
227 #define CHAN5G(_channel, _flags) {                              \
228         .band                   = IEEE80211_BAND_5GHZ,          \
229         .center_freq            = 5000 + (5 * (_channel)),      \
230         .hw_value               = (_channel),                   \
231         .flags                  = (_flags),                     \
232         .max_antenna_gain       = 0,                            \
233         .max_power              = 30,                           \
234 }
235 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
236         CHAN4G(184, 0),         CHAN4G(186, 0),
237         CHAN4G(188, 0),         CHAN4G(190, 0),
238         CHAN4G(192, 0),         CHAN4G(194, 0),
239         CHAN4G(196, 0),         CHAN4G(198, 0),
240         CHAN4G(200, 0),         CHAN4G(202, 0),
241         CHAN4G(204, 0),         CHAN4G(206, 0),
242         CHAN4G(208, 0),         CHAN4G(210, 0),
243         CHAN4G(212, 0),         CHAN4G(214, 0),
244         CHAN4G(216, 0),         CHAN4G(218, 0),
245         CHAN4G(220, 0),         CHAN4G(222, 0),
246         CHAN4G(224, 0),         CHAN4G(226, 0),
247         CHAN4G(228, 0),
248         CHAN5G(32, 0),          CHAN5G(34, 0),
249         CHAN5G(36, 0),          CHAN5G(38, 0),
250         CHAN5G(40, 0),          CHAN5G(42, 0),
251         CHAN5G(44, 0),          CHAN5G(46, 0),
252         CHAN5G(48, 0),          CHAN5G(50, 0),
253         CHAN5G(52, 0),          CHAN5G(54, 0),
254         CHAN5G(56, 0),          CHAN5G(58, 0),
255         CHAN5G(60, 0),          CHAN5G(62, 0),
256         CHAN5G(64, 0),          CHAN5G(66, 0),
257         CHAN5G(68, 0),          CHAN5G(70, 0),
258         CHAN5G(72, 0),          CHAN5G(74, 0),
259         CHAN5G(76, 0),          CHAN5G(78, 0),
260         CHAN5G(80, 0),          CHAN5G(82, 0),
261         CHAN5G(84, 0),          CHAN5G(86, 0),
262         CHAN5G(88, 0),          CHAN5G(90, 0),
263         CHAN5G(92, 0),          CHAN5G(94, 0),
264         CHAN5G(96, 0),          CHAN5G(98, 0),
265         CHAN5G(100, 0),         CHAN5G(102, 0),
266         CHAN5G(104, 0),         CHAN5G(106, 0),
267         CHAN5G(108, 0),         CHAN5G(110, 0),
268         CHAN5G(112, 0),         CHAN5G(114, 0),
269         CHAN5G(116, 0),         CHAN5G(118, 0),
270         CHAN5G(120, 0),         CHAN5G(122, 0),
271         CHAN5G(124, 0),         CHAN5G(126, 0),
272         CHAN5G(128, 0),         CHAN5G(130, 0),
273         CHAN5G(132, 0),         CHAN5G(134, 0),
274         CHAN5G(136, 0),         CHAN5G(138, 0),
275         CHAN5G(140, 0),         CHAN5G(142, 0),
276         CHAN5G(144, 0),         CHAN5G(145, 0),
277         CHAN5G(146, 0),         CHAN5G(147, 0),
278         CHAN5G(148, 0),         CHAN5G(149, 0),
279         CHAN5G(150, 0),         CHAN5G(151, 0),
280         CHAN5G(152, 0),         CHAN5G(153, 0),
281         CHAN5G(154, 0),         CHAN5G(155, 0),
282         CHAN5G(156, 0),         CHAN5G(157, 0),
283         CHAN5G(158, 0),         CHAN5G(159, 0),
284         CHAN5G(160, 0),         CHAN5G(161, 0),
285         CHAN5G(162, 0),         CHAN5G(163, 0),
286         CHAN5G(164, 0),         CHAN5G(165, 0),
287         CHAN5G(166, 0),         CHAN5G(168, 0),
288         CHAN5G(170, 0),         CHAN5G(172, 0),
289         CHAN5G(174, 0),         CHAN5G(176, 0),
290         CHAN5G(178, 0),         CHAN5G(180, 0),
291         CHAN5G(182, 0),
292 };
293
294 static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
295         CHAN5G(36, 0),          CHAN5G(40, 0),
296         CHAN5G(44, 0),          CHAN5G(48, 0),
297         CHAN5G(149, 0),         CHAN5G(153, 0),
298         CHAN5G(157, 0),         CHAN5G(161, 0),
299         CHAN5G(165, 0),
300 };
301
302 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
303         CHAN5G(34, 0),          CHAN5G(36, 0),
304         CHAN5G(38, 0),          CHAN5G(40, 0),
305         CHAN5G(42, 0),          CHAN5G(44, 0),
306         CHAN5G(46, 0),          CHAN5G(48, 0),
307         CHAN5G(52, 0),          CHAN5G(56, 0),
308         CHAN5G(60, 0),          CHAN5G(64, 0),
309         CHAN5G(100, 0),         CHAN5G(104, 0),
310         CHAN5G(108, 0),         CHAN5G(112, 0),
311         CHAN5G(116, 0),         CHAN5G(120, 0),
312         CHAN5G(124, 0),         CHAN5G(128, 0),
313         CHAN5G(132, 0),         CHAN5G(136, 0),
314         CHAN5G(140, 0),         CHAN5G(149, 0),
315         CHAN5G(153, 0),         CHAN5G(157, 0),
316         CHAN5G(161, 0),         CHAN5G(165, 0),
317         CHAN5G(184, 0),         CHAN5G(188, 0),
318         CHAN5G(192, 0),         CHAN5G(196, 0),
319         CHAN5G(200, 0),         CHAN5G(204, 0),
320         CHAN5G(208, 0),         CHAN5G(212, 0),
321         CHAN5G(216, 0),
322 };
323 #undef CHAN4G
324 #undef CHAN5G
325
326 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
327         .band           = IEEE80211_BAND_5GHZ,
328         .channels       = b43_5ghz_nphy_chantable,
329         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
330         .bitrates       = b43_a_ratetable,
331         .n_bitrates     = b43_a_ratetable_size,
332 };
333
334 static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
335         .band           = IEEE80211_BAND_5GHZ,
336         .channels       = b43_5ghz_nphy_chantable_limited,
337         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
338         .bitrates       = b43_a_ratetable,
339         .n_bitrates     = b43_a_ratetable_size,
340 };
341
342 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
343         .band           = IEEE80211_BAND_5GHZ,
344         .channels       = b43_5ghz_aphy_chantable,
345         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
346         .bitrates       = b43_a_ratetable,
347         .n_bitrates     = b43_a_ratetable_size,
348 };
349
350 static struct ieee80211_supported_band b43_band_2GHz = {
351         .band           = IEEE80211_BAND_2GHZ,
352         .channels       = b43_2ghz_chantable,
353         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
354         .bitrates       = b43_g_ratetable,
355         .n_bitrates     = b43_g_ratetable_size,
356 };
357
358 static struct ieee80211_supported_band b43_band_2ghz_limited = {
359         .band           = IEEE80211_BAND_2GHZ,
360         .channels       = b43_2ghz_chantable,
361         .n_channels     = b43_2ghz_chantable_limited_size,
362         .bitrates       = b43_g_ratetable,
363         .n_bitrates     = b43_g_ratetable_size,
364 };
365
366 static void b43_wireless_core_exit(struct b43_wldev *dev);
367 static int b43_wireless_core_init(struct b43_wldev *dev);
368 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
369 static int b43_wireless_core_start(struct b43_wldev *dev);
370 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
371                                     struct ieee80211_vif *vif,
372                                     struct ieee80211_bss_conf *conf,
373                                     u32 changed);
374
375 static int b43_ratelimit(struct b43_wl *wl)
376 {
377         if (!wl || !wl->current_dev)
378                 return 1;
379         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
380                 return 1;
381         /* We are up and running.
382          * Ratelimit the messages to avoid DoS over the net. */
383         return net_ratelimit();
384 }
385
386 void b43info(struct b43_wl *wl, const char *fmt, ...)
387 {
388         struct va_format vaf;
389         va_list args;
390
391         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
392                 return;
393         if (!b43_ratelimit(wl))
394                 return;
395
396         va_start(args, fmt);
397
398         vaf.fmt = fmt;
399         vaf.va = &args;
400
401         printk(KERN_INFO "b43-%s: %pV",
402                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
403
404         va_end(args);
405 }
406
407 void b43err(struct b43_wl *wl, const char *fmt, ...)
408 {
409         struct va_format vaf;
410         va_list args;
411
412         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
413                 return;
414         if (!b43_ratelimit(wl))
415                 return;
416
417         va_start(args, fmt);
418
419         vaf.fmt = fmt;
420         vaf.va = &args;
421
422         printk(KERN_ERR "b43-%s ERROR: %pV",
423                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
424
425         va_end(args);
426 }
427
428 void b43warn(struct b43_wl *wl, const char *fmt, ...)
429 {
430         struct va_format vaf;
431         va_list args;
432
433         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
434                 return;
435         if (!b43_ratelimit(wl))
436                 return;
437
438         va_start(args, fmt);
439
440         vaf.fmt = fmt;
441         vaf.va = &args;
442
443         printk(KERN_WARNING "b43-%s warning: %pV",
444                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
445
446         va_end(args);
447 }
448
449 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
450 {
451         struct va_format vaf;
452         va_list args;
453
454         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
455                 return;
456
457         va_start(args, fmt);
458
459         vaf.fmt = fmt;
460         vaf.va = &args;
461
462         printk(KERN_DEBUG "b43-%s debug: %pV",
463                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
464
465         va_end(args);
466 }
467
468 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
469 {
470         u32 macctl;
471
472         B43_WARN_ON(offset % 4 != 0);
473
474         macctl = b43_read32(dev, B43_MMIO_MACCTL);
475         if (macctl & B43_MACCTL_BE)
476                 val = swab32(val);
477
478         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
479         mmiowb();
480         b43_write32(dev, B43_MMIO_RAM_DATA, val);
481 }
482
483 static inline void b43_shm_control_word(struct b43_wldev *dev,
484                                         u16 routing, u16 offset)
485 {
486         u32 control;
487
488         /* "offset" is the WORD offset. */
489         control = routing;
490         control <<= 16;
491         control |= offset;
492         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
493 }
494
495 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
496 {
497         u32 ret;
498
499         if (routing == B43_SHM_SHARED) {
500                 B43_WARN_ON(offset & 0x0001);
501                 if (offset & 0x0003) {
502                         /* Unaligned access */
503                         b43_shm_control_word(dev, routing, offset >> 2);
504                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
505                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
506                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
507
508                         goto out;
509                 }
510                 offset >>= 2;
511         }
512         b43_shm_control_word(dev, routing, offset);
513         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
514 out:
515         return ret;
516 }
517
518 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
519 {
520         u16 ret;
521
522         if (routing == B43_SHM_SHARED) {
523                 B43_WARN_ON(offset & 0x0001);
524                 if (offset & 0x0003) {
525                         /* Unaligned access */
526                         b43_shm_control_word(dev, routing, offset >> 2);
527                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
528
529                         goto out;
530                 }
531                 offset >>= 2;
532         }
533         b43_shm_control_word(dev, routing, offset);
534         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
535 out:
536         return ret;
537 }
538
539 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
540 {
541         if (routing == B43_SHM_SHARED) {
542                 B43_WARN_ON(offset & 0x0001);
543                 if (offset & 0x0003) {
544                         /* Unaligned access */
545                         b43_shm_control_word(dev, routing, offset >> 2);
546                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
547                                     value & 0xFFFF);
548                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
549                         b43_write16(dev, B43_MMIO_SHM_DATA,
550                                     (value >> 16) & 0xFFFF);
551                         return;
552                 }
553                 offset >>= 2;
554         }
555         b43_shm_control_word(dev, routing, offset);
556         b43_write32(dev, B43_MMIO_SHM_DATA, value);
557 }
558
559 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
560 {
561         if (routing == B43_SHM_SHARED) {
562                 B43_WARN_ON(offset & 0x0001);
563                 if (offset & 0x0003) {
564                         /* Unaligned access */
565                         b43_shm_control_word(dev, routing, offset >> 2);
566                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
567                         return;
568                 }
569                 offset >>= 2;
570         }
571         b43_shm_control_word(dev, routing, offset);
572         b43_write16(dev, B43_MMIO_SHM_DATA, value);
573 }
574
575 /* Read HostFlags */
576 u64 b43_hf_read(struct b43_wldev *dev)
577 {
578         u64 ret;
579
580         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
581         ret <<= 16;
582         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
583         ret <<= 16;
584         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
585
586         return ret;
587 }
588
589 /* Write HostFlags */
590 void b43_hf_write(struct b43_wldev *dev, u64 value)
591 {
592         u16 lo, mi, hi;
593
594         lo = (value & 0x00000000FFFFULL);
595         mi = (value & 0x0000FFFF0000ULL) >> 16;
596         hi = (value & 0xFFFF00000000ULL) >> 32;
597         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
598         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
599         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
600 }
601
602 /* Read the firmware capabilities bitmask (Opensource firmware only) */
603 static u16 b43_fwcapa_read(struct b43_wldev *dev)
604 {
605         B43_WARN_ON(!dev->fw.opensource);
606         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
607 }
608
609 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
610 {
611         u32 low, high;
612
613         B43_WARN_ON(dev->dev->core_rev < 3);
614
615         /* The hardware guarantees us an atomic read, if we
616          * read the low register first. */
617         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
618         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
619
620         *tsf = high;
621         *tsf <<= 32;
622         *tsf |= low;
623 }
624
625 static void b43_time_lock(struct b43_wldev *dev)
626 {
627         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
628         /* Commit the write */
629         b43_read32(dev, B43_MMIO_MACCTL);
630 }
631
632 static void b43_time_unlock(struct b43_wldev *dev)
633 {
634         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
635         /* Commit the write */
636         b43_read32(dev, B43_MMIO_MACCTL);
637 }
638
639 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
640 {
641         u32 low, high;
642
643         B43_WARN_ON(dev->dev->core_rev < 3);
644
645         low = tsf;
646         high = (tsf >> 32);
647         /* The hardware guarantees us an atomic write, if we
648          * write the low register first. */
649         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
650         mmiowb();
651         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
652         mmiowb();
653 }
654
655 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
656 {
657         b43_time_lock(dev);
658         b43_tsf_write_locked(dev, tsf);
659         b43_time_unlock(dev);
660 }
661
662 static
663 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
664 {
665         static const u8 zero_addr[ETH_ALEN] = { 0 };
666         u16 data;
667
668         if (!mac)
669                 mac = zero_addr;
670
671         offset |= 0x0020;
672         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
673
674         data = mac[0];
675         data |= mac[1] << 8;
676         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
677         data = mac[2];
678         data |= mac[3] << 8;
679         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
680         data = mac[4];
681         data |= mac[5] << 8;
682         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
683 }
684
685 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
686 {
687         const u8 *mac;
688         const u8 *bssid;
689         u8 mac_bssid[ETH_ALEN * 2];
690         int i;
691         u32 tmp;
692
693         bssid = dev->wl->bssid;
694         mac = dev->wl->mac_addr;
695
696         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
697
698         memcpy(mac_bssid, mac, ETH_ALEN);
699         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
700
701         /* Write our MAC address and BSSID to template ram */
702         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
703                 tmp = (u32) (mac_bssid[i + 0]);
704                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
705                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
706                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
707                 b43_ram_write(dev, 0x20 + i, tmp);
708         }
709 }
710
711 static void b43_upload_card_macaddress(struct b43_wldev *dev)
712 {
713         b43_write_mac_bssid_templates(dev);
714         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
715 }
716
717 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
718 {
719         /* slot_time is in usec. */
720         /* This test used to exit for all but a G PHY. */
721         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
722                 return;
723         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
724         /* Shared memory location 0x0010 is the slot time and should be
725          * set to slot_time; however, this register is initially 0 and changing
726          * the value adversely affects the transmit rate for BCM4311
727          * devices. Until this behavior is unterstood, delete this step
728          *
729          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
730          */
731 }
732
733 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
734 {
735         b43_set_slot_time(dev, 9);
736 }
737
738 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
739 {
740         b43_set_slot_time(dev, 20);
741 }
742
743 /* DummyTransmission function, as documented on
744  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
745  */
746 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
747 {
748         struct b43_phy *phy = &dev->phy;
749         unsigned int i, max_loop;
750         u16 value;
751         u32 buffer[5] = {
752                 0x00000000,
753                 0x00D40000,
754                 0x00000000,
755                 0x01000000,
756                 0x00000000,
757         };
758
759         if (ofdm) {
760                 max_loop = 0x1E;
761                 buffer[0] = 0x000201CC;
762         } else {
763                 max_loop = 0xFA;
764                 buffer[0] = 0x000B846E;
765         }
766
767         for (i = 0; i < 5; i++)
768                 b43_ram_write(dev, i * 4, buffer[i]);
769
770         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
771
772         if (dev->dev->core_rev < 11)
773                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
774         else
775                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
776
777         value = (ofdm ? 0x41 : 0x40);
778         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
779         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
780             phy->type == B43_PHYTYPE_LCN)
781                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
782
783         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
784         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
785
786         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
787         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
788         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
789         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
790
791         if (!pa_on && phy->type == B43_PHYTYPE_N)
792                 ; /*b43_nphy_pa_override(dev, false) */
793
794         switch (phy->type) {
795         case B43_PHYTYPE_N:
796         case B43_PHYTYPE_LCN:
797                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
798                 break;
799         case B43_PHYTYPE_LP:
800                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
801                 break;
802         default:
803                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
804         }
805         b43_read16(dev, B43_MMIO_TXE0_AUX);
806
807         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
808                 b43_radio_write16(dev, 0x0051, 0x0017);
809         for (i = 0x00; i < max_loop; i++) {
810                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
811                 if (value & 0x0080)
812                         break;
813                 udelay(10);
814         }
815         for (i = 0x00; i < 0x0A; i++) {
816                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
817                 if (value & 0x0400)
818                         break;
819                 udelay(10);
820         }
821         for (i = 0x00; i < 0x19; i++) {
822                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
823                 if (!(value & 0x0100))
824                         break;
825                 udelay(10);
826         }
827         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
828                 b43_radio_write16(dev, 0x0051, 0x0037);
829 }
830
831 static void key_write(struct b43_wldev *dev,
832                       u8 index, u8 algorithm, const u8 *key)
833 {
834         unsigned int i;
835         u32 offset;
836         u16 value;
837         u16 kidx;
838
839         /* Key index/algo block */
840         kidx = b43_kidx_to_fw(dev, index);
841         value = ((kidx << 4) | algorithm);
842         b43_shm_write16(dev, B43_SHM_SHARED,
843                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
844
845         /* Write the key to the Key Table Pointer offset */
846         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
848                 value = key[i];
849                 value |= (u16) (key[i + 1]) << 8;
850                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
851         }
852 }
853
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
855 {
856         u32 addrtmp[2] = { 0, 0, };
857         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
858
859         if (b43_new_kidx_api(dev))
860                 pairwise_keys_start = B43_NR_GROUP_KEYS;
861
862         B43_WARN_ON(index < pairwise_keys_start);
863         /* We have four default TX keys and possibly four default RX keys.
864          * Physical mac 0 is mapped to physical key 4 or 8, depending
865          * on the firmware version.
866          * So we must adjust the index here.
867          */
868         index -= pairwise_keys_start;
869         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
870
871         if (addr) {
872                 addrtmp[0] = addr[0];
873                 addrtmp[0] |= ((u32) (addr[1]) << 8);
874                 addrtmp[0] |= ((u32) (addr[2]) << 16);
875                 addrtmp[0] |= ((u32) (addr[3]) << 24);
876                 addrtmp[1] = addr[4];
877                 addrtmp[1] |= ((u32) (addr[5]) << 8);
878         }
879
880         /* Receive match transmitter address (RCMTA) mechanism */
881         b43_shm_write32(dev, B43_SHM_RCMTA,
882                         (index * 2) + 0, addrtmp[0]);
883         b43_shm_write16(dev, B43_SHM_RCMTA,
884                         (index * 2) + 1, addrtmp[1]);
885 }
886
887 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
888  * When a packet is received, the iv32 is checked.
889  * - if it doesn't the packet is returned without modification (and software
890  *   decryption can be done). That's what happen when iv16 wrap.
891  * - if it does, the rc4 key is computed, and decryption is tried.
892  *   Either it will success and B43_RX_MAC_DEC is returned,
893  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
894  *   and the packet is not usable (it got modified by the ucode).
895  * So in order to never have B43_RX_MAC_DECERR, we should provide
896  * a iv32 and phase1key that match. Because we drop packets in case of
897  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
898  * packets will be lost without higher layer knowing (ie no resync possible
899  * until next wrap).
900  *
901  * NOTE : this should support 50 key like RCMTA because
902  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
903  */
904 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
905                 u16 *phase1key)
906 {
907         unsigned int i;
908         u32 offset;
909         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
910
911         if (!modparam_hwtkip)
912                 return;
913
914         if (b43_new_kidx_api(dev))
915                 pairwise_keys_start = B43_NR_GROUP_KEYS;
916
917         B43_WARN_ON(index < pairwise_keys_start);
918         /* We have four default TX keys and possibly four default RX keys.
919          * Physical mac 0 is mapped to physical key 4 or 8, depending
920          * on the firmware version.
921          * So we must adjust the index here.
922          */
923         index -= pairwise_keys_start;
924         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
925
926         if (b43_debug(dev, B43_DBG_KEYS)) {
927                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
928                                 index, iv32);
929         }
930         /* Write the key to the  RX tkip shared mem */
931         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
932         for (i = 0; i < 10; i += 2) {
933                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
934                                 phase1key ? phase1key[i / 2] : 0);
935         }
936         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
937         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
938 }
939
940 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
941                                    struct ieee80211_vif *vif,
942                                    struct ieee80211_key_conf *keyconf,
943                                    struct ieee80211_sta *sta,
944                                    u32 iv32, u16 *phase1key)
945 {
946         struct b43_wl *wl = hw_to_b43_wl(hw);
947         struct b43_wldev *dev;
948         int index = keyconf->hw_key_idx;
949
950         if (B43_WARN_ON(!modparam_hwtkip))
951                 return;
952
953         /* This is only called from the RX path through mac80211, where
954          * our mutex is already locked. */
955         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
956         dev = wl->current_dev;
957         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
958
959         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
960
961         rx_tkip_phase1_write(dev, index, iv32, phase1key);
962         /* only pairwise TKIP keys are supported right now */
963         if (WARN_ON(!sta))
964                 return;
965         keymac_write(dev, index, sta->addr);
966 }
967
968 static void do_key_write(struct b43_wldev *dev,
969                          u8 index, u8 algorithm,
970                          const u8 *key, size_t key_len, const u8 *mac_addr)
971 {
972         u8 buf[B43_SEC_KEYSIZE] = { 0, };
973         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
974
975         if (b43_new_kidx_api(dev))
976                 pairwise_keys_start = B43_NR_GROUP_KEYS;
977
978         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
979         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
980
981         if (index >= pairwise_keys_start)
982                 keymac_write(dev, index, NULL); /* First zero out mac. */
983         if (algorithm == B43_SEC_ALGO_TKIP) {
984                 /*
985                  * We should provide an initial iv32, phase1key pair.
986                  * We could start with iv32=0 and compute the corresponding
987                  * phase1key, but this means calling ieee80211_get_tkip_key
988                  * with a fake skb (or export other tkip function).
989                  * Because we are lazy we hope iv32 won't start with
990                  * 0xffffffff and let's b43_op_update_tkip_key provide a
991                  * correct pair.
992                  */
993                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
994         } else if (index >= pairwise_keys_start) /* clear it */
995                 rx_tkip_phase1_write(dev, index, 0, NULL);
996         if (key)
997                 memcpy(buf, key, key_len);
998         key_write(dev, index, algorithm, buf);
999         if (index >= pairwise_keys_start)
1000                 keymac_write(dev, index, mac_addr);
1001
1002         dev->key[index].algorithm = algorithm;
1003 }
1004
1005 static int b43_key_write(struct b43_wldev *dev,
1006                          int index, u8 algorithm,
1007                          const u8 *key, size_t key_len,
1008                          const u8 *mac_addr,
1009                          struct ieee80211_key_conf *keyconf)
1010 {
1011         int i;
1012         int pairwise_keys_start;
1013
1014         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1015          *      - Temporal Encryption Key (128 bits)
1016          *      - Temporal Authenticator Tx MIC Key (64 bits)
1017          *      - Temporal Authenticator Rx MIC Key (64 bits)
1018          *
1019          *      Hardware only store TEK
1020          */
1021         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1022                 key_len = 16;
1023         if (key_len > B43_SEC_KEYSIZE)
1024                 return -EINVAL;
1025         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1026                 /* Check that we don't already have this key. */
1027                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1028         }
1029         if (index < 0) {
1030                 /* Pairwise key. Get an empty slot for the key. */
1031                 if (b43_new_kidx_api(dev))
1032                         pairwise_keys_start = B43_NR_GROUP_KEYS;
1033                 else
1034                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1035                 for (i = pairwise_keys_start;
1036                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1037                      i++) {
1038                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1039                         if (!dev->key[i].keyconf) {
1040                                 /* found empty */
1041                                 index = i;
1042                                 break;
1043                         }
1044                 }
1045                 if (index < 0) {
1046                         b43warn(dev->wl, "Out of hardware key memory\n");
1047                         return -ENOSPC;
1048                 }
1049         } else
1050                 B43_WARN_ON(index > 3);
1051
1052         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1053         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1054                 /* Default RX key */
1055                 B43_WARN_ON(mac_addr);
1056                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1057         }
1058         keyconf->hw_key_idx = index;
1059         dev->key[index].keyconf = keyconf;
1060
1061         return 0;
1062 }
1063
1064 static int b43_key_clear(struct b43_wldev *dev, int index)
1065 {
1066         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1067                 return -EINVAL;
1068         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1069                      NULL, B43_SEC_KEYSIZE, NULL);
1070         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1071                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1072                              NULL, B43_SEC_KEYSIZE, NULL);
1073         }
1074         dev->key[index].keyconf = NULL;
1075
1076         return 0;
1077 }
1078
1079 static void b43_clear_keys(struct b43_wldev *dev)
1080 {
1081         int i, count;
1082
1083         if (b43_new_kidx_api(dev))
1084                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1085         else
1086                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1087         for (i = 0; i < count; i++)
1088                 b43_key_clear(dev, i);
1089 }
1090
1091 static void b43_dump_keymemory(struct b43_wldev *dev)
1092 {
1093         unsigned int i, index, count, offset, pairwise_keys_start;
1094         u8 mac[ETH_ALEN];
1095         u16 algo;
1096         u32 rcmta0;
1097         u16 rcmta1;
1098         u64 hf;
1099         struct b43_key *key;
1100
1101         if (!b43_debug(dev, B43_DBG_KEYS))
1102                 return;
1103
1104         hf = b43_hf_read(dev);
1105         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1106                !!(hf & B43_HF_USEDEFKEYS));
1107         if (b43_new_kidx_api(dev)) {
1108                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1109                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1110         } else {
1111                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1112                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1113         }
1114         for (index = 0; index < count; index++) {
1115                 key = &(dev->key[index]);
1116                 printk(KERN_DEBUG "Key slot %02u: %s",
1117                        index, (key->keyconf == NULL) ? " " : "*");
1118                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1119                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1120                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1121                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1122                 }
1123
1124                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1125                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1126                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1127
1128                 if (index >= pairwise_keys_start) {
1129                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1130                                 printk("   TKIP: ");
1131                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1132                                 for (i = 0; i < 14; i += 2) {
1133                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1134                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1135                                 }
1136                         }
1137                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1138                                                 ((index - pairwise_keys_start) * 2) + 0);
1139                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1140                                                 ((index - pairwise_keys_start) * 2) + 1);
1141                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1142                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1143                         printk("   MAC: %pM", mac);
1144                 } else
1145                         printk("   DEFAULT KEY");
1146                 printk("\n");
1147         }
1148 }
1149
1150 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1151 {
1152         u32 macctl;
1153         u16 ucstat;
1154         bool hwps;
1155         bool awake;
1156         int i;
1157
1158         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1159                     (ps_flags & B43_PS_DISABLED));
1160         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1161
1162         if (ps_flags & B43_PS_ENABLED) {
1163                 hwps = true;
1164         } else if (ps_flags & B43_PS_DISABLED) {
1165                 hwps = false;
1166         } else {
1167                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1168                 //      and thus is not an AP and we are associated, set bit 25
1169         }
1170         if (ps_flags & B43_PS_AWAKE) {
1171                 awake = true;
1172         } else if (ps_flags & B43_PS_ASLEEP) {
1173                 awake = false;
1174         } else {
1175                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1176                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1177                 //      successful, set bit26
1178         }
1179
1180 /* FIXME: For now we force awake-on and hwps-off */
1181         hwps = false;
1182         awake = true;
1183
1184         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1185         if (hwps)
1186                 macctl |= B43_MACCTL_HWPS;
1187         else
1188                 macctl &= ~B43_MACCTL_HWPS;
1189         if (awake)
1190                 macctl |= B43_MACCTL_AWAKE;
1191         else
1192                 macctl &= ~B43_MACCTL_AWAKE;
1193         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1194         /* Commit write */
1195         b43_read32(dev, B43_MMIO_MACCTL);
1196         if (awake && dev->dev->core_rev >= 5) {
1197                 /* Wait for the microcode to wake up. */
1198                 for (i = 0; i < 100; i++) {
1199                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1200                                                 B43_SHM_SH_UCODESTAT);
1201                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1202                                 break;
1203                         udelay(10);
1204                 }
1205         }
1206 }
1207
1208 /* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1209 void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1210 {
1211         struct bcma_drv_cc *bcma_cc __maybe_unused;
1212         struct ssb_chipcommon *ssb_cc __maybe_unused;
1213
1214         switch (dev->dev->bus_type) {
1215 #ifdef CONFIG_B43_BCMA
1216         case B43_BUS_BCMA:
1217                 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1218
1219                 bcma_cc_write32(bcma_cc, BCMA_CC_CHIPCTL_ADDR, 0);
1220                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1221                 bcma_cc_set32(bcma_cc, BCMA_CC_CHIPCTL_DATA, 0x4);
1222                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1223                 break;
1224 #endif
1225 #ifdef CONFIG_B43_SSB
1226         case B43_BUS_SSB:
1227                 ssb_cc = &dev->dev->sdev->bus->chipco;
1228
1229                 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1230                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1231                 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1232                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1233                 break;
1234 #endif
1235         }
1236 }
1237
1238 #ifdef CONFIG_B43_BCMA
1239 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1240 {
1241         u32 flags;
1242
1243         /* Put PHY into reset */
1244         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1245         flags |= B43_BCMA_IOCTL_PHY_RESET;
1246         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1247         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1248         udelay(2);
1249
1250         b43_phy_take_out_of_reset(dev);
1251 }
1252
1253 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1254 {
1255         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1256                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1257         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1258                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1259         u32 flags;
1260
1261         flags = B43_BCMA_IOCTL_PHY_CLKEN;
1262         if (gmode)
1263                 flags |= B43_BCMA_IOCTL_GMODE;
1264         b43_device_enable(dev, flags);
1265
1266         if (dev->phy.type == B43_PHYTYPE_AC) {
1267                 u16 tmp;
1268
1269                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1270                 tmp &= ~B43_BCMA_IOCTL_DAC;
1271                 tmp |= 0x100;
1272                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1273
1274                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1275                 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1276                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1277
1278                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1279                 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1280                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1281         }
1282
1283         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1284         b43_bcma_phy_reset(dev);
1285         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1286 }
1287 #endif
1288
1289 #ifdef CONFIG_B43_SSB
1290 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1291 {
1292         u32 flags = 0;
1293
1294         if (gmode)
1295                 flags |= B43_TMSLOW_GMODE;
1296         flags |= B43_TMSLOW_PHYCLKEN;
1297         flags |= B43_TMSLOW_PHYRESET;
1298         if (dev->phy.type == B43_PHYTYPE_N)
1299                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1300         b43_device_enable(dev, flags);
1301         msleep(2);              /* Wait for the PLL to turn on. */
1302
1303         b43_phy_take_out_of_reset(dev);
1304 }
1305 #endif
1306
1307 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1308 {
1309         u32 macctl;
1310
1311         switch (dev->dev->bus_type) {
1312 #ifdef CONFIG_B43_BCMA
1313         case B43_BUS_BCMA:
1314                 b43_bcma_wireless_core_reset(dev, gmode);
1315                 break;
1316 #endif
1317 #ifdef CONFIG_B43_SSB
1318         case B43_BUS_SSB:
1319                 b43_ssb_wireless_core_reset(dev, gmode);
1320                 break;
1321 #endif
1322         }
1323
1324         /* Turn Analog ON, but only if we already know the PHY-type.
1325          * This protects against very early setup where we don't know the
1326          * PHY-type, yet. wireless_core_reset will be called once again later,
1327          * when we know the PHY-type. */
1328         if (dev->phy.ops)
1329                 dev->phy.ops->switch_analog(dev, 1);
1330
1331         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1332         macctl &= ~B43_MACCTL_GMODE;
1333         if (gmode)
1334                 macctl |= B43_MACCTL_GMODE;
1335         macctl |= B43_MACCTL_IHR_ENABLED;
1336         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1337 }
1338
1339 static void handle_irq_transmit_status(struct b43_wldev *dev)
1340 {
1341         u32 v0, v1;
1342         u16 tmp;
1343         struct b43_txstatus stat;
1344
1345         while (1) {
1346                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1347                 if (!(v0 & 0x00000001))
1348                         break;
1349                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1350
1351                 stat.cookie = (v0 >> 16);
1352                 stat.seq = (v1 & 0x0000FFFF);
1353                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1354                 tmp = (v0 & 0x0000FFFF);
1355                 stat.frame_count = ((tmp & 0xF000) >> 12);
1356                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1357                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1358                 stat.pm_indicated = !!(tmp & 0x0080);
1359                 stat.intermediate = !!(tmp & 0x0040);
1360                 stat.for_ampdu = !!(tmp & 0x0020);
1361                 stat.acked = !!(tmp & 0x0002);
1362
1363                 b43_handle_txstatus(dev, &stat);
1364         }
1365 }
1366
1367 static void drain_txstatus_queue(struct b43_wldev *dev)
1368 {
1369         u32 dummy;
1370
1371         if (dev->dev->core_rev < 5)
1372                 return;
1373         /* Read all entries from the microcode TXstatus FIFO
1374          * and throw them away.
1375          */
1376         while (1) {
1377                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1378                 if (!(dummy & 0x00000001))
1379                         break;
1380                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1381         }
1382 }
1383
1384 static u32 b43_jssi_read(struct b43_wldev *dev)
1385 {
1386         u32 val = 0;
1387
1388         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1389         val <<= 16;
1390         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1391
1392         return val;
1393 }
1394
1395 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1396 {
1397         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1398                         (jssi & 0x0000FFFF));
1399         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1400                         (jssi & 0xFFFF0000) >> 16);
1401 }
1402
1403 static void b43_generate_noise_sample(struct b43_wldev *dev)
1404 {
1405         b43_jssi_write(dev, 0x7F7F7F7F);
1406         b43_write32(dev, B43_MMIO_MACCMD,
1407                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1408 }
1409
1410 static void b43_calculate_link_quality(struct b43_wldev *dev)
1411 {
1412         /* Top half of Link Quality calculation. */
1413
1414         if (dev->phy.type != B43_PHYTYPE_G)
1415                 return;
1416         if (dev->noisecalc.calculation_running)
1417                 return;
1418         dev->noisecalc.calculation_running = true;
1419         dev->noisecalc.nr_samples = 0;
1420
1421         b43_generate_noise_sample(dev);
1422 }
1423
1424 static void handle_irq_noise(struct b43_wldev *dev)
1425 {
1426         struct b43_phy_g *phy = dev->phy.g;
1427         u16 tmp;
1428         u8 noise[4];
1429         u8 i, j;
1430         s32 average;
1431
1432         /* Bottom half of Link Quality calculation. */
1433
1434         if (dev->phy.type != B43_PHYTYPE_G)
1435                 return;
1436
1437         /* Possible race condition: It might be possible that the user
1438          * changed to a different channel in the meantime since we
1439          * started the calculation. We ignore that fact, since it's
1440          * not really that much of a problem. The background noise is
1441          * an estimation only anyway. Slightly wrong results will get damped
1442          * by the averaging of the 8 sample rounds. Additionally the
1443          * value is shortlived. So it will be replaced by the next noise
1444          * calculation round soon. */
1445
1446         B43_WARN_ON(!dev->noisecalc.calculation_running);
1447         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1448         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1449             noise[2] == 0x7F || noise[3] == 0x7F)
1450                 goto generate_new;
1451
1452         /* Get the noise samples. */
1453         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1454         i = dev->noisecalc.nr_samples;
1455         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1456         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1457         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1458         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1459         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1460         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1461         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1462         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1463         dev->noisecalc.nr_samples++;
1464         if (dev->noisecalc.nr_samples == 8) {
1465                 /* Calculate the Link Quality by the noise samples. */
1466                 average = 0;
1467                 for (i = 0; i < 8; i++) {
1468                         for (j = 0; j < 4; j++)
1469                                 average += dev->noisecalc.samples[i][j];
1470                 }
1471                 average /= (8 * 4);
1472                 average *= 125;
1473                 average += 64;
1474                 average /= 128;
1475                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1476                 tmp = (tmp / 128) & 0x1F;
1477                 if (tmp >= 8)
1478                         average += 2;
1479                 else
1480                         average -= 25;
1481                 if (tmp == 8)
1482                         average -= 72;
1483                 else
1484                         average -= 48;
1485
1486                 dev->stats.link_noise = average;
1487                 dev->noisecalc.calculation_running = false;
1488                 return;
1489         }
1490 generate_new:
1491         b43_generate_noise_sample(dev);
1492 }
1493
1494 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1495 {
1496         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1497                 ///TODO: PS TBTT
1498         } else {
1499                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1500                         b43_power_saving_ctl_bits(dev, 0);
1501         }
1502         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1503                 dev->dfq_valid = true;
1504 }
1505
1506 static void handle_irq_atim_end(struct b43_wldev *dev)
1507 {
1508         if (dev->dfq_valid) {
1509                 b43_write32(dev, B43_MMIO_MACCMD,
1510                             b43_read32(dev, B43_MMIO_MACCMD)
1511                             | B43_MACCMD_DFQ_VALID);
1512                 dev->dfq_valid = false;
1513         }
1514 }
1515
1516 static void handle_irq_pmq(struct b43_wldev *dev)
1517 {
1518         u32 tmp;
1519
1520         //TODO: AP mode.
1521
1522         while (1) {
1523                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1524                 if (!(tmp & 0x00000008))
1525                         break;
1526         }
1527         /* 16bit write is odd, but correct. */
1528         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1529 }
1530
1531 static void b43_write_template_common(struct b43_wldev *dev,
1532                                       const u8 *data, u16 size,
1533                                       u16 ram_offset,
1534                                       u16 shm_size_offset, u8 rate)
1535 {
1536         u32 i, tmp;
1537         struct b43_plcp_hdr4 plcp;
1538
1539         plcp.data = 0;
1540         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1541         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1542         ram_offset += sizeof(u32);
1543         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1544          * So leave the first two bytes of the next write blank.
1545          */
1546         tmp = (u32) (data[0]) << 16;
1547         tmp |= (u32) (data[1]) << 24;
1548         b43_ram_write(dev, ram_offset, tmp);
1549         ram_offset += sizeof(u32);
1550         for (i = 2; i < size; i += sizeof(u32)) {
1551                 tmp = (u32) (data[i + 0]);
1552                 if (i + 1 < size)
1553                         tmp |= (u32) (data[i + 1]) << 8;
1554                 if (i + 2 < size)
1555                         tmp |= (u32) (data[i + 2]) << 16;
1556                 if (i + 3 < size)
1557                         tmp |= (u32) (data[i + 3]) << 24;
1558                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1559         }
1560         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1561                         size + sizeof(struct b43_plcp_hdr6));
1562 }
1563
1564 /* Check if the use of the antenna that ieee80211 told us to
1565  * use is possible. This will fall back to DEFAULT.
1566  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1567 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1568                                   u8 antenna_nr)
1569 {
1570         u8 antenna_mask;
1571
1572         if (antenna_nr == 0) {
1573                 /* Zero means "use default antenna". That's always OK. */
1574                 return 0;
1575         }
1576
1577         /* Get the mask of available antennas. */
1578         if (dev->phy.gmode)
1579                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1580         else
1581                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1582
1583         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1584                 /* This antenna is not available. Fall back to default. */
1585                 return 0;
1586         }
1587
1588         return antenna_nr;
1589 }
1590
1591 /* Convert a b43 antenna number value to the PHY TX control value. */
1592 static u16 b43_antenna_to_phyctl(int antenna)
1593 {
1594         switch (antenna) {
1595         case B43_ANTENNA0:
1596                 return B43_TXH_PHY_ANT0;
1597         case B43_ANTENNA1:
1598                 return B43_TXH_PHY_ANT1;
1599         case B43_ANTENNA2:
1600                 return B43_TXH_PHY_ANT2;
1601         case B43_ANTENNA3:
1602                 return B43_TXH_PHY_ANT3;
1603         case B43_ANTENNA_AUTO0:
1604         case B43_ANTENNA_AUTO1:
1605                 return B43_TXH_PHY_ANT01AUTO;
1606         }
1607         B43_WARN_ON(1);
1608         return 0;
1609 }
1610
1611 static void b43_write_beacon_template(struct b43_wldev *dev,
1612                                       u16 ram_offset,
1613                                       u16 shm_size_offset)
1614 {
1615         unsigned int i, len, variable_len;
1616         const struct ieee80211_mgmt *bcn;
1617         const u8 *ie;
1618         bool tim_found = false;
1619         unsigned int rate;
1620         u16 ctl;
1621         int antenna;
1622         struct ieee80211_tx_info *info;
1623         unsigned long flags;
1624         struct sk_buff *beacon_skb;
1625
1626         spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1627         info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1628         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1629         /* Clone the beacon, so it cannot go away, while we write it to hw. */
1630         beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1631         spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1632
1633         if (!beacon_skb) {
1634                 b43dbg(dev->wl, "Could not upload beacon. "
1635                        "Failed to clone beacon skb.");
1636                 return;
1637         }
1638
1639         bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1640         len = min_t(size_t, beacon_skb->len,
1641                     0x200 - sizeof(struct b43_plcp_hdr6));
1642
1643         b43_write_template_common(dev, (const u8 *)bcn,
1644                                   len, ram_offset, shm_size_offset, rate);
1645
1646         /* Write the PHY TX control parameters. */
1647         antenna = B43_ANTENNA_DEFAULT;
1648         antenna = b43_antenna_to_phyctl(antenna);
1649         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1650         /* We can't send beacons with short preamble. Would get PHY errors. */
1651         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1652         ctl &= ~B43_TXH_PHY_ANT;
1653         ctl &= ~B43_TXH_PHY_ENC;
1654         ctl |= antenna;
1655         if (b43_is_cck_rate(rate))
1656                 ctl |= B43_TXH_PHY_ENC_CCK;
1657         else
1658                 ctl |= B43_TXH_PHY_ENC_OFDM;
1659         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1660
1661         /* Find the position of the TIM and the DTIM_period value
1662          * and write them to SHM. */
1663         ie = bcn->u.beacon.variable;
1664         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1665         for (i = 0; i < variable_len - 2; ) {
1666                 uint8_t ie_id, ie_len;
1667
1668                 ie_id = ie[i];
1669                 ie_len = ie[i + 1];
1670                 if (ie_id == 5) {
1671                         u16 tim_position;
1672                         u16 dtim_period;
1673                         /* This is the TIM Information Element */
1674
1675                         /* Check whether the ie_len is in the beacon data range. */
1676                         if (variable_len < ie_len + 2 + i)
1677                                 break;
1678                         /* A valid TIM is at least 4 bytes long. */
1679                         if (ie_len < 4)
1680                                 break;
1681                         tim_found = true;
1682
1683                         tim_position = sizeof(struct b43_plcp_hdr6);
1684                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1685                         tim_position += i;
1686
1687                         dtim_period = ie[i + 3];
1688
1689                         b43_shm_write16(dev, B43_SHM_SHARED,
1690                                         B43_SHM_SH_TIMBPOS, tim_position);
1691                         b43_shm_write16(dev, B43_SHM_SHARED,
1692                                         B43_SHM_SH_DTIMPER, dtim_period);
1693                         break;
1694                 }
1695                 i += ie_len + 2;
1696         }
1697         if (!tim_found) {
1698                 /*
1699                  * If ucode wants to modify TIM do it behind the beacon, this
1700                  * will happen, for example, when doing mesh networking.
1701                  */
1702                 b43_shm_write16(dev, B43_SHM_SHARED,
1703                                 B43_SHM_SH_TIMBPOS,
1704                                 len + sizeof(struct b43_plcp_hdr6));
1705                 b43_shm_write16(dev, B43_SHM_SHARED,
1706                                 B43_SHM_SH_DTIMPER, 0);
1707         }
1708         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1709
1710         dev_kfree_skb_any(beacon_skb);
1711 }
1712
1713 static void b43_upload_beacon0(struct b43_wldev *dev)
1714 {
1715         struct b43_wl *wl = dev->wl;
1716
1717         if (wl->beacon0_uploaded)
1718                 return;
1719         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1720         wl->beacon0_uploaded = true;
1721 }
1722
1723 static void b43_upload_beacon1(struct b43_wldev *dev)
1724 {
1725         struct b43_wl *wl = dev->wl;
1726
1727         if (wl->beacon1_uploaded)
1728                 return;
1729         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1730         wl->beacon1_uploaded = true;
1731 }
1732
1733 static void handle_irq_beacon(struct b43_wldev *dev)
1734 {
1735         struct b43_wl *wl = dev->wl;
1736         u32 cmd, beacon0_valid, beacon1_valid;
1737
1738         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1739             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1740             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1741                 return;
1742
1743         /* This is the bottom half of the asynchronous beacon update. */
1744
1745         /* Ignore interrupt in the future. */
1746         dev->irq_mask &= ~B43_IRQ_BEACON;
1747
1748         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1749         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1750         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1751
1752         /* Schedule interrupt manually, if busy. */
1753         if (beacon0_valid && beacon1_valid) {
1754                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1755                 dev->irq_mask |= B43_IRQ_BEACON;
1756                 return;
1757         }
1758
1759         if (unlikely(wl->beacon_templates_virgin)) {
1760                 /* We never uploaded a beacon before.
1761                  * Upload both templates now, but only mark one valid. */
1762                 wl->beacon_templates_virgin = false;
1763                 b43_upload_beacon0(dev);
1764                 b43_upload_beacon1(dev);
1765                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1766                 cmd |= B43_MACCMD_BEACON0_VALID;
1767                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1768         } else {
1769                 if (!beacon0_valid) {
1770                         b43_upload_beacon0(dev);
1771                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1772                         cmd |= B43_MACCMD_BEACON0_VALID;
1773                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1774                 } else if (!beacon1_valid) {
1775                         b43_upload_beacon1(dev);
1776                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1777                         cmd |= B43_MACCMD_BEACON1_VALID;
1778                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1779                 }
1780         }
1781 }
1782
1783 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1784 {
1785         u32 old_irq_mask = dev->irq_mask;
1786
1787         /* update beacon right away or defer to irq */
1788         handle_irq_beacon(dev);
1789         if (old_irq_mask != dev->irq_mask) {
1790                 /* The handler updated the IRQ mask. */
1791                 B43_WARN_ON(!dev->irq_mask);
1792                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1793                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1794                 } else {
1795                         /* Device interrupts are currently disabled. That means
1796                          * we just ran the hardirq handler and scheduled the
1797                          * IRQ thread. The thread will write the IRQ mask when
1798                          * it finished, so there's nothing to do here. Writing
1799                          * the mask _here_ would incorrectly re-enable IRQs. */
1800                 }
1801         }
1802 }
1803
1804 static void b43_beacon_update_trigger_work(struct work_struct *work)
1805 {
1806         struct b43_wl *wl = container_of(work, struct b43_wl,
1807                                          beacon_update_trigger);
1808         struct b43_wldev *dev;
1809
1810         mutex_lock(&wl->mutex);
1811         dev = wl->current_dev;
1812         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1813                 if (b43_bus_host_is_sdio(dev->dev)) {
1814                         /* wl->mutex is enough. */
1815                         b43_do_beacon_update_trigger_work(dev);
1816                         mmiowb();
1817                 } else {
1818                         spin_lock_irq(&wl->hardirq_lock);
1819                         b43_do_beacon_update_trigger_work(dev);
1820                         mmiowb();
1821                         spin_unlock_irq(&wl->hardirq_lock);
1822                 }
1823         }
1824         mutex_unlock(&wl->mutex);
1825 }
1826
1827 /* Asynchronously update the packet templates in template RAM. */
1828 static void b43_update_templates(struct b43_wl *wl)
1829 {
1830         struct sk_buff *beacon, *old_beacon;
1831         unsigned long flags;
1832
1833         /* This is the top half of the asynchronous beacon update.
1834          * The bottom half is the beacon IRQ.
1835          * Beacon update must be asynchronous to avoid sending an
1836          * invalid beacon. This can happen for example, if the firmware
1837          * transmits a beacon while we are updating it. */
1838
1839         /* We could modify the existing beacon and set the aid bit in
1840          * the TIM field, but that would probably require resizing and
1841          * moving of data within the beacon template.
1842          * Simply request a new beacon and let mac80211 do the hard work. */
1843         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1844         if (unlikely(!beacon))
1845                 return;
1846
1847         spin_lock_irqsave(&wl->beacon_lock, flags);
1848         old_beacon = wl->current_beacon;
1849         wl->current_beacon = beacon;
1850         wl->beacon0_uploaded = false;
1851         wl->beacon1_uploaded = false;
1852         spin_unlock_irqrestore(&wl->beacon_lock, flags);
1853
1854         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1855
1856         if (old_beacon)
1857                 dev_kfree_skb_any(old_beacon);
1858 }
1859
1860 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1861 {
1862         b43_time_lock(dev);
1863         if (dev->dev->core_rev >= 3) {
1864                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1865                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1866         } else {
1867                 b43_write16(dev, 0x606, (beacon_int >> 6));
1868                 b43_write16(dev, 0x610, beacon_int);
1869         }
1870         b43_time_unlock(dev);
1871         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1872 }
1873
1874 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1875 {
1876         u16 reason;
1877
1878         /* Read the register that contains the reason code for the panic. */
1879         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1880         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1881
1882         switch (reason) {
1883         default:
1884                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1885                 /* fallthrough */
1886         case B43_FWPANIC_DIE:
1887                 /* Do not restart the controller or firmware.
1888                  * The device is nonfunctional from now on.
1889                  * Restarting would result in this panic to trigger again,
1890                  * so we avoid that recursion. */
1891                 break;
1892         case B43_FWPANIC_RESTART:
1893                 b43_controller_restart(dev, "Microcode panic");
1894                 break;
1895         }
1896 }
1897
1898 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1899 {
1900         unsigned int i, cnt;
1901         u16 reason, marker_id, marker_line;
1902         __le16 *buf;
1903
1904         /* The proprietary firmware doesn't have this IRQ. */
1905         if (!dev->fw.opensource)
1906                 return;
1907
1908         /* Read the register that contains the reason code for this IRQ. */
1909         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1910
1911         switch (reason) {
1912         case B43_DEBUGIRQ_PANIC:
1913                 b43_handle_firmware_panic(dev);
1914                 break;
1915         case B43_DEBUGIRQ_DUMP_SHM:
1916                 if (!B43_DEBUG)
1917                         break; /* Only with driver debugging enabled. */
1918                 buf = kmalloc(4096, GFP_ATOMIC);
1919                 if (!buf) {
1920                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1921                         goto out;
1922                 }
1923                 for (i = 0; i < 4096; i += 2) {
1924                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1925                         buf[i / 2] = cpu_to_le16(tmp);
1926                 }
1927                 b43info(dev->wl, "Shared memory dump:\n");
1928                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1929                                16, 2, buf, 4096, 1);
1930                 kfree(buf);
1931                 break;
1932         case B43_DEBUGIRQ_DUMP_REGS:
1933                 if (!B43_DEBUG)
1934                         break; /* Only with driver debugging enabled. */
1935                 b43info(dev->wl, "Microcode register dump:\n");
1936                 for (i = 0, cnt = 0; i < 64; i++) {
1937                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1938                         if (cnt == 0)
1939                                 printk(KERN_INFO);
1940                         printk("r%02u: 0x%04X  ", i, tmp);
1941                         cnt++;
1942                         if (cnt == 6) {
1943                                 printk("\n");
1944                                 cnt = 0;
1945                         }
1946                 }
1947                 printk("\n");
1948                 break;
1949         case B43_DEBUGIRQ_MARKER:
1950                 if (!B43_DEBUG)
1951                         break; /* Only with driver debugging enabled. */
1952                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1953                                            B43_MARKER_ID_REG);
1954                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1955                                              B43_MARKER_LINE_REG);
1956                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1957                         "at line number %u\n",
1958                         marker_id, marker_line);
1959                 break;
1960         default:
1961                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1962                        reason);
1963         }
1964 out:
1965         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1966         b43_shm_write16(dev, B43_SHM_SCRATCH,
1967                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1968 }
1969
1970 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1971 {
1972         u32 reason;
1973         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1974         u32 merged_dma_reason = 0;
1975         int i;
1976
1977         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1978                 return;
1979
1980         reason = dev->irq_reason;
1981         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1982                 dma_reason[i] = dev->dma_reason[i];
1983                 merged_dma_reason |= dma_reason[i];
1984         }
1985
1986         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1987                 b43err(dev->wl, "MAC transmission error\n");
1988
1989         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1990                 b43err(dev->wl, "PHY transmission error\n");
1991                 rmb();
1992                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1993                         atomic_set(&dev->phy.txerr_cnt,
1994                                    B43_PHY_TX_BADNESS_LIMIT);
1995                         b43err(dev->wl, "Too many PHY TX errors, "
1996                                         "restarting the controller\n");
1997                         b43_controller_restart(dev, "PHY TX errors");
1998                 }
1999         }
2000
2001         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2002                 b43err(dev->wl,
2003                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2004                         dma_reason[0], dma_reason[1],
2005                         dma_reason[2], dma_reason[3],
2006                         dma_reason[4], dma_reason[5]);
2007                 b43err(dev->wl, "This device does not support DMA "
2008                                "on your system. It will now be switched to PIO.\n");
2009                 /* Fall back to PIO transfers if we get fatal DMA errors! */
2010                 dev->use_pio = true;
2011                 b43_controller_restart(dev, "DMA error");
2012                 return;
2013         }
2014
2015         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2016                 handle_irq_ucode_debug(dev);
2017         if (reason & B43_IRQ_TBTT_INDI)
2018                 handle_irq_tbtt_indication(dev);
2019         if (reason & B43_IRQ_ATIM_END)
2020                 handle_irq_atim_end(dev);
2021         if (reason & B43_IRQ_BEACON)
2022                 handle_irq_beacon(dev);
2023         if (reason & B43_IRQ_PMQ)
2024                 handle_irq_pmq(dev);
2025         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2026                 ;/* TODO */
2027         if (reason & B43_IRQ_NOISESAMPLE_OK)
2028                 handle_irq_noise(dev);
2029
2030         /* Check the DMA reason registers for received data. */
2031         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2032                 if (B43_DEBUG)
2033                         b43warn(dev->wl, "RX descriptor underrun\n");
2034                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2035         }
2036         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2037                 if (b43_using_pio_transfers(dev))
2038                         b43_pio_rx(dev->pio.rx_queue);
2039                 else
2040                         b43_dma_rx(dev->dma.rx_ring);
2041         }
2042         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2043         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2044         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2045         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2046         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2047
2048         if (reason & B43_IRQ_TX_OK)
2049                 handle_irq_transmit_status(dev);
2050
2051         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2052         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2053
2054 #if B43_DEBUG
2055         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2056                 dev->irq_count++;
2057                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2058                         if (reason & (1 << i))
2059                                 dev->irq_bit_count[i]++;
2060                 }
2061         }
2062 #endif
2063 }
2064
2065 /* Interrupt thread handler. Handles device interrupts in thread context. */
2066 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2067 {
2068         struct b43_wldev *dev = dev_id;
2069
2070         mutex_lock(&dev->wl->mutex);
2071         b43_do_interrupt_thread(dev);
2072         mmiowb();
2073         mutex_unlock(&dev->wl->mutex);
2074
2075         return IRQ_HANDLED;
2076 }
2077
2078 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2079 {
2080         u32 reason;
2081
2082         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2083          * On SDIO, this runs under wl->mutex. */
2084
2085         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2086         if (reason == 0xffffffff)       /* shared IRQ */
2087                 return IRQ_NONE;
2088         reason &= dev->irq_mask;
2089         if (!reason)
2090                 return IRQ_NONE;
2091
2092         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2093             & 0x0001FC00;
2094         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2095             & 0x0000DC00;
2096         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2097             & 0x0000DC00;
2098         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2099             & 0x0001DC00;
2100         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2101             & 0x0000DC00;
2102 /* Unused ring
2103         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2104             & 0x0000DC00;
2105 */
2106
2107         /* ACK the interrupt. */
2108         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2109         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2110         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2111         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2112         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2113         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2114 /* Unused ring
2115         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2116 */
2117
2118         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2119         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2120         /* Save the reason bitmasks for the IRQ thread handler. */
2121         dev->irq_reason = reason;
2122
2123         return IRQ_WAKE_THREAD;
2124 }
2125
2126 /* Interrupt handler top-half. This runs with interrupts disabled. */
2127 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2128 {
2129         struct b43_wldev *dev = dev_id;
2130         irqreturn_t ret;
2131
2132         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2133                 return IRQ_NONE;
2134
2135         spin_lock(&dev->wl->hardirq_lock);
2136         ret = b43_do_interrupt(dev);
2137         mmiowb();
2138         spin_unlock(&dev->wl->hardirq_lock);
2139
2140         return ret;
2141 }
2142
2143 /* SDIO interrupt handler. This runs in process context. */
2144 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2145 {
2146         struct b43_wl *wl = dev->wl;
2147         irqreturn_t ret;
2148
2149         mutex_lock(&wl->mutex);
2150
2151         ret = b43_do_interrupt(dev);
2152         if (ret == IRQ_WAKE_THREAD)
2153                 b43_do_interrupt_thread(dev);
2154
2155         mutex_unlock(&wl->mutex);
2156 }
2157
2158 void b43_do_release_fw(struct b43_firmware_file *fw)
2159 {
2160         release_firmware(fw->data);
2161         fw->data = NULL;
2162         fw->filename = NULL;
2163 }
2164
2165 static void b43_release_firmware(struct b43_wldev *dev)
2166 {
2167         complete(&dev->fw_load_complete);
2168         b43_do_release_fw(&dev->fw.ucode);
2169         b43_do_release_fw(&dev->fw.pcm);
2170         b43_do_release_fw(&dev->fw.initvals);
2171         b43_do_release_fw(&dev->fw.initvals_band);
2172 }
2173
2174 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2175 {
2176         const char text[] =
2177                 "You must go to " \
2178                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2179                 "and download the correct firmware for this driver version. " \
2180                 "Please carefully read all instructions on this website.\n";
2181
2182         if (error)
2183                 b43err(wl, text);
2184         else
2185                 b43warn(wl, text);
2186 }
2187
2188 static void b43_fw_cb(const struct firmware *firmware, void *context)
2189 {
2190         struct b43_request_fw_context *ctx = context;
2191
2192         ctx->blob = firmware;
2193         complete(&ctx->dev->fw_load_complete);
2194 }
2195
2196 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2197                       const char *name,
2198                       struct b43_firmware_file *fw, bool async)
2199 {
2200         struct b43_fw_header *hdr;
2201         u32 size;
2202         int err;
2203
2204         if (!name) {
2205                 /* Don't fetch anything. Free possibly cached firmware. */
2206                 /* FIXME: We should probably keep it anyway, to save some headache
2207                  * on suspend/resume with multiband devices. */
2208                 b43_do_release_fw(fw);
2209                 return 0;
2210         }
2211         if (fw->filename) {
2212                 if ((fw->type == ctx->req_type) &&
2213                     (strcmp(fw->filename, name) == 0))
2214                         return 0; /* Already have this fw. */
2215                 /* Free the cached firmware first. */
2216                 /* FIXME: We should probably do this later after we successfully
2217                  * got the new fw. This could reduce headache with multiband devices.
2218                  * We could also redesign this to cache the firmware for all possible
2219                  * bands all the time. */
2220                 b43_do_release_fw(fw);
2221         }
2222
2223         switch (ctx->req_type) {
2224         case B43_FWTYPE_PROPRIETARY:
2225                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2226                          "b43%s/%s.fw",
2227                          modparam_fwpostfix, name);
2228                 break;
2229         case B43_FWTYPE_OPENSOURCE:
2230                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2231                          "b43-open%s/%s.fw",
2232                          modparam_fwpostfix, name);
2233                 break;
2234         default:
2235                 B43_WARN_ON(1);
2236                 return -ENOSYS;
2237         }
2238         if (async) {
2239                 /* do this part asynchronously */
2240                 init_completion(&ctx->dev->fw_load_complete);
2241                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2242                                               ctx->dev->dev->dev, GFP_KERNEL,
2243                                               ctx, b43_fw_cb);
2244                 if (err < 0) {
2245                         pr_err("Unable to load firmware\n");
2246                         return err;
2247                 }
2248                 wait_for_completion(&ctx->dev->fw_load_complete);
2249                 if (ctx->blob)
2250                         goto fw_ready;
2251         /* On some ARM systems, the async request will fail, but the next sync
2252          * request works. For this reason, we fall through here
2253          */
2254         }
2255         err = request_firmware(&ctx->blob, ctx->fwname,
2256                                ctx->dev->dev->dev);
2257         if (err == -ENOENT) {
2258                 snprintf(ctx->errors[ctx->req_type],
2259                          sizeof(ctx->errors[ctx->req_type]),
2260                          "Firmware file \"%s\" not found\n",
2261                          ctx->fwname);
2262                 return err;
2263         } else if (err) {
2264                 snprintf(ctx->errors[ctx->req_type],
2265                          sizeof(ctx->errors[ctx->req_type]),
2266                          "Firmware file \"%s\" request failed (err=%d)\n",
2267                          ctx->fwname, err);
2268                 return err;
2269         }
2270 fw_ready:
2271         if (ctx->blob->size < sizeof(struct b43_fw_header))
2272                 goto err_format;
2273         hdr = (struct b43_fw_header *)(ctx->blob->data);
2274         switch (hdr->type) {
2275         case B43_FW_TYPE_UCODE:
2276         case B43_FW_TYPE_PCM:
2277                 size = be32_to_cpu(hdr->size);
2278                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2279                         goto err_format;
2280                 /* fallthrough */
2281         case B43_FW_TYPE_IV:
2282                 if (hdr->ver != 1)
2283                         goto err_format;
2284                 break;
2285         default:
2286                 goto err_format;
2287         }
2288
2289         fw->data = ctx->blob;
2290         fw->filename = name;
2291         fw->type = ctx->req_type;
2292
2293         return 0;
2294
2295 err_format:
2296         snprintf(ctx->errors[ctx->req_type],
2297                  sizeof(ctx->errors[ctx->req_type]),
2298                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2299         release_firmware(ctx->blob);
2300
2301         return -EPROTO;
2302 }
2303
2304 /* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2305 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2306 {
2307         struct b43_wldev *dev = ctx->dev;
2308         struct b43_firmware *fw = &ctx->dev->fw;
2309         struct b43_phy *phy = &dev->phy;
2310         const u8 rev = ctx->dev->dev->core_rev;
2311         const char *filename;
2312         int err;
2313
2314         /* Get microcode */
2315         filename = NULL;
2316         switch (rev) {
2317         case 42:
2318                 if (phy->type == B43_PHYTYPE_AC)
2319                         filename = "ucode42";
2320                 break;
2321         case 40:
2322                 if (phy->type == B43_PHYTYPE_AC)
2323                         filename = "ucode40";
2324                 break;
2325         case 33:
2326                 if (phy->type == B43_PHYTYPE_LCN40)
2327                         filename = "ucode33_lcn40";
2328                 break;
2329         case 30:
2330                 if (phy->type == B43_PHYTYPE_N)
2331                         filename = "ucode30_mimo";
2332                 break;
2333         case 29:
2334                 if (phy->type == B43_PHYTYPE_HT)
2335                         filename = "ucode29_mimo";
2336                 break;
2337         case 26:
2338                 if (phy->type == B43_PHYTYPE_HT)
2339                         filename = "ucode26_mimo";
2340                 break;
2341         case 28:
2342         case 25:
2343                 if (phy->type == B43_PHYTYPE_N)
2344                         filename = "ucode25_mimo";
2345                 else if (phy->type == B43_PHYTYPE_LCN)
2346                         filename = "ucode25_lcn";
2347                 break;
2348         case 24:
2349                 if (phy->type == B43_PHYTYPE_LCN)
2350                         filename = "ucode24_lcn";
2351                 break;
2352         case 23:
2353                 if (phy->type == B43_PHYTYPE_N)
2354                         filename = "ucode16_mimo";
2355                 break;
2356         case 16 ... 19:
2357                 if (phy->type == B43_PHYTYPE_N)
2358                         filename = "ucode16_mimo";
2359                 else if (phy->type == B43_PHYTYPE_LP)
2360                         filename = "ucode16_lp";
2361                 break;
2362         case 15:
2363                 filename = "ucode15";
2364                 break;
2365         case 14:
2366                 filename = "ucode14";
2367                 break;
2368         case 13:
2369                 filename = "ucode13";
2370                 break;
2371         case 11 ... 12:
2372                 filename = "ucode11";
2373                 break;
2374         case 5 ... 10:
2375                 filename = "ucode5";
2376                 break;
2377         }
2378         if (!filename)
2379                 goto err_no_ucode;
2380         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2381         if (err)
2382                 goto err_load;
2383
2384         /* Get PCM code */
2385         if ((rev >= 5) && (rev <= 10))
2386                 filename = "pcm5";
2387         else if (rev >= 11)
2388                 filename = NULL;
2389         else
2390                 goto err_no_pcm;
2391         fw->pcm_request_failed = false;
2392         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2393         if (err == -ENOENT) {
2394                 /* We did not find a PCM file? Not fatal, but
2395                  * core rev <= 10 must do without hwcrypto then. */
2396                 fw->pcm_request_failed = true;
2397         } else if (err)
2398                 goto err_load;
2399
2400         /* Get initvals */
2401         filename = NULL;
2402         switch (dev->phy.type) {
2403         case B43_PHYTYPE_G:
2404                 if (rev == 13)
2405                         filename = "b0g0initvals13";
2406                 else if (rev >= 5 && rev <= 10)
2407                         filename = "b0g0initvals5";
2408                 break;
2409         case B43_PHYTYPE_N:
2410                 if (rev == 30)
2411                         filename = "n16initvals30";
2412                 else if (rev == 28 || rev == 25)
2413                         filename = "n0initvals25";
2414                 else if (rev == 24)
2415                         filename = "n0initvals24";
2416                 else if (rev == 23)
2417                         filename = "n0initvals16"; /* What about n0initvals22? */
2418                 else if (rev >= 16 && rev <= 18)
2419                         filename = "n0initvals16";
2420                 else if (rev >= 11 && rev <= 12)
2421                         filename = "n0initvals11";
2422                 break;
2423         case B43_PHYTYPE_LP:
2424                 if (rev >= 16 && rev <= 18)
2425                         filename = "lp0initvals16";
2426                 else if (rev == 15)
2427                         filename = "lp0initvals15";
2428                 else if (rev == 14)
2429                         filename = "lp0initvals14";
2430                 else if (rev == 13)
2431                         filename = "lp0initvals13";
2432                 break;
2433         case B43_PHYTYPE_HT:
2434                 if (rev == 29)
2435                         filename = "ht0initvals29";
2436                 else if (rev == 26)
2437                         filename = "ht0initvals26";
2438                 break;
2439         case B43_PHYTYPE_LCN:
2440                 if (rev == 24)
2441                         filename = "lcn0initvals24";
2442                 break;
2443         case B43_PHYTYPE_LCN40:
2444                 if (rev == 33)
2445                         filename = "lcn400initvals33";
2446                 break;
2447         case B43_PHYTYPE_AC:
2448                 if (rev == 42)
2449                         filename = "ac1initvals42";
2450                 else if (rev == 40)
2451                         filename = "ac0initvals40";
2452                 break;
2453         }
2454         if (!filename)
2455                 goto err_no_initvals;
2456         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2457         if (err)
2458                 goto err_load;
2459
2460         /* Get bandswitch initvals */
2461         filename = NULL;
2462         switch (dev->phy.type) {
2463         case B43_PHYTYPE_G:
2464                 if (rev == 13)
2465                         filename = "b0g0bsinitvals13";
2466                 else if (rev >= 5 && rev <= 10)
2467                         filename = "b0g0bsinitvals5";
2468                 break;
2469         case B43_PHYTYPE_N:
2470                 if (rev == 30)
2471                         filename = "n16bsinitvals30";
2472                 else if (rev == 28 || rev == 25)
2473                         filename = "n0bsinitvals25";
2474                 else if (rev == 24)
2475                         filename = "n0bsinitvals24";
2476                 else if (rev == 23)
2477                         filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2478                 else if (rev >= 16 && rev <= 18)
2479                         filename = "n0bsinitvals16";
2480                 else if (rev >= 11 && rev <= 12)
2481                         filename = "n0bsinitvals11";
2482                 break;
2483         case B43_PHYTYPE_LP:
2484                 if (rev >= 16 && rev <= 18)
2485                         filename = "lp0bsinitvals16";
2486                 else if (rev == 15)
2487                         filename = "lp0bsinitvals15";
2488                 else if (rev == 14)
2489                         filename = "lp0bsinitvals14";
2490                 else if (rev == 13)
2491                         filename = "lp0bsinitvals13";
2492                 break;
2493         case B43_PHYTYPE_HT:
2494                 if (rev == 29)
2495                         filename = "ht0bsinitvals29";
2496                 else if (rev == 26)
2497                         filename = "ht0bsinitvals26";
2498                 break;
2499         case B43_PHYTYPE_LCN:
2500                 if (rev == 24)
2501                         filename = "lcn0bsinitvals24";
2502                 break;
2503         case B43_PHYTYPE_LCN40:
2504                 if (rev == 33)
2505                         filename = "lcn400bsinitvals33";
2506                 break;
2507         case B43_PHYTYPE_AC:
2508                 if (rev == 42)
2509                         filename = "ac1bsinitvals42";
2510                 else if (rev == 40)
2511                         filename = "ac0bsinitvals40";
2512                 break;
2513         }
2514         if (!filename)
2515                 goto err_no_initvals;
2516         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2517         if (err)
2518                 goto err_load;
2519
2520         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2521
2522         return 0;
2523
2524 err_no_ucode:
2525         err = ctx->fatal_failure = -EOPNOTSUPP;
2526         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2527                "is required for your device (wl-core rev %u)\n", rev);
2528         goto error;
2529
2530 err_no_pcm:
2531         err = ctx->fatal_failure = -EOPNOTSUPP;
2532         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2533                "is required for your device (wl-core rev %u)\n", rev);
2534         goto error;
2535
2536 err_no_initvals:
2537         err = ctx->fatal_failure = -EOPNOTSUPP;
2538         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2539                "is required for your device (wl-core rev %u)\n", rev);
2540         goto error;
2541
2542 err_load:
2543         /* We failed to load this firmware image. The error message
2544          * already is in ctx->errors. Return and let our caller decide
2545          * what to do. */
2546         goto error;
2547
2548 error:
2549         b43_release_firmware(dev);
2550         return err;
2551 }
2552
2553 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2554 static void b43_one_core_detach(struct b43_bus_dev *dev);
2555 static int b43_rng_init(struct b43_wl *wl);
2556
2557 static void b43_request_firmware(struct work_struct *work)
2558 {
2559         struct b43_wl *wl = container_of(work,
2560                             struct b43_wl, firmware_load);
2561         struct b43_wldev *dev = wl->current_dev;
2562         struct b43_request_fw_context *ctx;
2563         unsigned int i;
2564         int err;
2565         const char *errmsg;
2566
2567         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2568         if (!ctx)
2569                 return;
2570         ctx->dev = dev;
2571
2572         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2573         err = b43_try_request_fw(ctx);
2574         if (!err)
2575                 goto start_ieee80211; /* Successfully loaded it. */
2576         /* Was fw version known? */
2577         if (ctx->fatal_failure)
2578                 goto out;
2579
2580         /* proprietary fw not found, try open source */
2581         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2582         err = b43_try_request_fw(ctx);
2583         if (!err)
2584                 goto start_ieee80211; /* Successfully loaded it. */
2585         if(ctx->fatal_failure)
2586                 goto out;
2587
2588         /* Could not find a usable firmware. Print the errors. */
2589         for (i = 0; i < B43_NR_FWTYPES; i++) {
2590                 errmsg = ctx->errors[i];
2591                 if (strlen(errmsg))
2592                         b43err(dev->wl, "%s", errmsg);
2593         }
2594         b43_print_fw_helptext(dev->wl, 1);
2595         goto out;
2596
2597 start_ieee80211:
2598         wl->hw->queues = B43_QOS_QUEUE_NUM;
2599         if (!modparam_qos || dev->fw.opensource)
2600                 wl->hw->queues = 1;
2601
2602         err = ieee80211_register_hw(wl->hw);
2603         if (err)
2604                 goto err_one_core_detach;
2605         wl->hw_registred = true;
2606         b43_leds_register(wl->current_dev);
2607
2608         /* Register HW RNG driver */
2609         b43_rng_init(wl);
2610
2611         goto out;
2612
2613 err_one_core_detach:
2614         b43_one_core_detach(dev->dev);
2615
2616 out:
2617         kfree(ctx);
2618 }
2619
2620 static int b43_upload_microcode(struct b43_wldev *dev)
2621 {
2622         struct wiphy *wiphy = dev->wl->hw->wiphy;
2623         const size_t hdr_len = sizeof(struct b43_fw_header);
2624         const __be32 *data;
2625         unsigned int i, len;
2626         u16 fwrev, fwpatch, fwdate, fwtime;
2627         u32 tmp, macctl;
2628         int err = 0;
2629
2630         /* Jump the microcode PSM to offset 0 */
2631         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2632         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2633         macctl |= B43_MACCTL_PSM_JMP0;
2634         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2635         /* Zero out all microcode PSM registers and shared memory. */
2636         for (i = 0; i < 64; i++)
2637                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2638         for (i = 0; i < 4096; i += 2)
2639                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2640
2641         /* Upload Microcode. */
2642         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2643         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2644         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2645         for (i = 0; i < len; i++) {
2646                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2647                 udelay(10);
2648         }
2649
2650         if (dev->fw.pcm.data) {
2651                 /* Upload PCM data. */
2652                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2653                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2654                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2655                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2656                 /* No need for autoinc bit in SHM_HW */
2657                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2658                 for (i = 0; i < len; i++) {
2659                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2660                         udelay(10);
2661                 }
2662         }
2663
2664         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2665
2666         /* Start the microcode PSM */
2667         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2668                       B43_MACCTL_PSM_RUN);
2669
2670         /* Wait for the microcode to load and respond */
2671         i = 0;
2672         while (1) {
2673                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2674                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2675                         break;
2676                 i++;
2677                 if (i >= 20) {
2678                         b43err(dev->wl, "Microcode not responding\n");
2679                         b43_print_fw_helptext(dev->wl, 1);
2680                         err = -ENODEV;
2681                         goto error;
2682                 }
2683                 msleep(50);
2684         }
2685         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2686
2687         /* Get and check the revisions. */
2688         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2689         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2690         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2691         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2692
2693         if (fwrev <= 0x128) {
2694                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2695                        "binary drivers older than version 4.x is unsupported. "
2696                        "You must upgrade your firmware files.\n");
2697                 b43_print_fw_helptext(dev->wl, 1);
2698                 err = -EOPNOTSUPP;
2699                 goto error;
2700         }
2701         dev->fw.rev = fwrev;
2702         dev->fw.patch = fwpatch;
2703         if (dev->fw.rev >= 598)
2704                 dev->fw.hdr_format = B43_FW_HDR_598;
2705         else if (dev->fw.rev >= 410)
2706                 dev->fw.hdr_format = B43_FW_HDR_410;
2707         else
2708                 dev->fw.hdr_format = B43_FW_HDR_351;
2709         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2710
2711         dev->qos_enabled = dev->wl->hw->queues > 1;
2712         /* Default to firmware/hardware crypto acceleration. */
2713         dev->hwcrypto_enabled = true;
2714
2715         if (dev->fw.opensource) {
2716                 u16 fwcapa;
2717
2718                 /* Patchlevel info is encoded in the "time" field. */
2719                 dev->fw.patch = fwtime;
2720                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2721                         dev->fw.rev, dev->fw.patch);
2722
2723                 fwcapa = b43_fwcapa_read(dev);
2724                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2725                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2726                         /* Disable hardware crypto and fall back to software crypto. */
2727                         dev->hwcrypto_enabled = false;
2728                 }
2729                 /* adding QoS support should use an offline discovery mechanism */
2730                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2731         } else {
2732                 b43info(dev->wl, "Loading firmware version %u.%u "
2733                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2734                         fwrev, fwpatch,
2735                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2736                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2737                 if (dev->fw.pcm_request_failed) {
2738                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2739                                 "Hardware accelerated cryptography is disabled.\n");
2740                         b43_print_fw_helptext(dev->wl, 0);
2741                 }
2742         }
2743
2744         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2745                         dev->fw.rev, dev->fw.patch);
2746         wiphy->hw_version = dev->dev->core_id;
2747
2748         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2749                 /* We're over the deadline, but we keep support for old fw
2750                  * until it turns out to be in major conflict with something new. */
2751                 b43warn(dev->wl, "You are using an old firmware image. "
2752                         "Support for old firmware will be removed soon "
2753                         "(official deadline was July 2008).\n");
2754                 b43_print_fw_helptext(dev->wl, 0);
2755         }
2756
2757         return 0;
2758
2759 error:
2760         /* Stop the microcode PSM. */
2761         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2762                       B43_MACCTL_PSM_JMP0);
2763
2764         return err;
2765 }
2766
2767 static int b43_write_initvals(struct b43_wldev *dev,
2768                               const struct b43_iv *ivals,
2769                               size_t count,
2770                               size_t array_size)
2771 {
2772         const struct b43_iv *iv;
2773         u16 offset;
2774         size_t i;
2775         bool bit32;
2776
2777         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2778         iv = ivals;
2779         for (i = 0; i < count; i++) {
2780                 if (array_size < sizeof(iv->offset_size))
2781                         goto err_format;
2782                 array_size -= sizeof(iv->offset_size);
2783                 offset = be16_to_cpu(iv->offset_size);
2784                 bit32 = !!(offset & B43_IV_32BIT);
2785                 offset &= B43_IV_OFFSET_MASK;
2786                 if (offset >= 0x1000)
2787                         goto err_format;
2788                 if (bit32) {
2789                         u32 value;
2790
2791                         if (array_size < sizeof(iv->data.d32))
2792                                 goto err_format;
2793                         array_size -= sizeof(iv->data.d32);
2794
2795                         value = get_unaligned_be32(&iv->data.d32);
2796                         b43_write32(dev, offset, value);
2797
2798                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2799                                                         sizeof(__be16) +
2800                                                         sizeof(__be32));
2801                 } else {
2802                         u16 value;
2803
2804                         if (array_size < sizeof(iv->data.d16))
2805                                 goto err_format;
2806                         array_size -= sizeof(iv->data.d16);
2807
2808                         value = be16_to_cpu(iv->data.d16);
2809                         b43_write16(dev, offset, value);
2810
2811                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2812                                                         sizeof(__be16) +
2813                                                         sizeof(__be16));
2814                 }
2815         }
2816         if (array_size)
2817                 goto err_format;
2818
2819         return 0;
2820
2821 err_format:
2822         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2823         b43_print_fw_helptext(dev->wl, 1);
2824
2825         return -EPROTO;
2826 }
2827
2828 static int b43_upload_initvals(struct b43_wldev *dev)
2829 {
2830         const size_t hdr_len = sizeof(struct b43_fw_header);
2831         const struct b43_fw_header *hdr;
2832         struct b43_firmware *fw = &dev->fw;
2833         const struct b43_iv *ivals;
2834         size_t count;
2835
2836         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2837         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2838         count = be32_to_cpu(hdr->size);
2839         return b43_write_initvals(dev, ivals, count,
2840                                  fw->initvals.data->size - hdr_len);
2841 }
2842
2843 static int b43_upload_initvals_band(struct b43_wldev *dev)
2844 {
2845         const size_t hdr_len = sizeof(struct b43_fw_header);
2846         const struct b43_fw_header *hdr;
2847         struct b43_firmware *fw = &dev->fw;
2848         const struct b43_iv *ivals;
2849         size_t count;
2850
2851         if (!fw->initvals_band.data)
2852                 return 0;
2853
2854         hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2855         ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2856         count = be32_to_cpu(hdr->size);
2857         return b43_write_initvals(dev, ivals, count,
2858                                   fw->initvals_band.data->size - hdr_len);
2859 }
2860
2861 /* Initialize the GPIOs
2862  * http://bcm-specs.sipsolutions.net/GPIO
2863  */
2864
2865 #ifdef CONFIG_B43_SSB
2866 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2867 {
2868         struct ssb_bus *bus = dev->dev->sdev->bus;
2869
2870 #ifdef CONFIG_SSB_DRIVER_PCICORE
2871         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2872 #else
2873         return bus->chipco.dev;
2874 #endif
2875 }
2876 #endif
2877
2878 static int b43_gpio_init(struct b43_wldev *dev)
2879 {
2880 #ifdef CONFIG_B43_SSB
2881         struct ssb_device *gpiodev;
2882 #endif
2883         u32 mask, set;
2884
2885         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2886         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2887
2888         mask = 0x0000001F;
2889         set = 0x0000000F;
2890         if (dev->dev->chip_id == 0x4301) {
2891                 mask |= 0x0060;
2892                 set |= 0x0060;
2893         } else if (dev->dev->chip_id == 0x5354) {
2894                 /* Don't allow overtaking buttons GPIOs */
2895                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2896         }
2897
2898         if (0 /* FIXME: conditional unknown */ ) {
2899                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2900                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2901                             | 0x0100);
2902                 /* BT Coexistance Input */
2903                 mask |= 0x0080;
2904                 set |= 0x0080;
2905                 /* BT Coexistance Out */
2906                 mask |= 0x0100;
2907                 set |= 0x0100;
2908         }
2909         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2910                 /* PA is controlled by gpio 9, let ucode handle it */
2911                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2912                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2913                             | 0x0200);
2914                 mask |= 0x0200;
2915                 set |= 0x0200;
2916         }
2917
2918         switch (dev->dev->bus_type) {
2919 #ifdef CONFIG_B43_BCMA
2920         case B43_BUS_BCMA:
2921                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2922                 break;
2923 #endif
2924 #ifdef CONFIG_B43_SSB
2925         case B43_BUS_SSB:
2926                 gpiodev = b43_ssb_gpio_dev(dev);
2927                 if (gpiodev)
2928                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2929                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2930                                     & ~mask) | set);
2931                 break;
2932 #endif
2933         }
2934
2935         return 0;
2936 }
2937
2938 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2939 static void b43_gpio_cleanup(struct b43_wldev *dev)
2940 {
2941 #ifdef CONFIG_B43_SSB
2942         struct ssb_device *gpiodev;
2943 #endif
2944
2945         switch (dev->dev->bus_type) {
2946 #ifdef CONFIG_B43_BCMA
2947         case B43_BUS_BCMA:
2948                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2949                 break;
2950 #endif
2951 #ifdef CONFIG_B43_SSB
2952         case B43_BUS_SSB:
2953                 gpiodev = b43_ssb_gpio_dev(dev);
2954                 if (gpiodev)
2955                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2956                 break;
2957 #endif
2958         }
2959 }
2960
2961 /* http://bcm-specs.sipsolutions.net/EnableMac */
2962 void b43_mac_enable(struct b43_wldev *dev)
2963 {
2964         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2965                 u16 fwstate;
2966
2967                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2968                                          B43_SHM_SH_UCODESTAT);
2969                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2970                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2971                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2972                                "should be suspended, but current state is %u\n",
2973                                fwstate);
2974                 }
2975         }
2976
2977         dev->mac_suspended--;
2978         B43_WARN_ON(dev->mac_suspended < 0);
2979         if (dev->mac_suspended == 0) {
2980                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2981                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2982                             B43_IRQ_MAC_SUSPENDED);
2983                 /* Commit writes */
2984                 b43_read32(dev, B43_MMIO_MACCTL);
2985                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2986                 b43_power_saving_ctl_bits(dev, 0);
2987         }
2988 }
2989
2990 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2991 void b43_mac_suspend(struct b43_wldev *dev)
2992 {
2993         int i;
2994         u32 tmp;
2995
2996         might_sleep();
2997         B43_WARN_ON(dev->mac_suspended < 0);
2998
2999         if (dev->mac_suspended == 0) {
3000                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3001                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3002                 /* force pci to flush the write */
3003                 b43_read32(dev, B43_MMIO_MACCTL);
3004                 for (i = 35; i; i--) {
3005                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3006                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3007                                 goto out;
3008                         udelay(10);
3009                 }
3010                 /* Hm, it seems this will take some time. Use msleep(). */
3011                 for (i = 40; i; i--) {
3012                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3013                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3014                                 goto out;
3015                         msleep(1);
3016                 }
3017                 b43err(dev->wl, "MAC suspend failed\n");
3018         }
3019 out:
3020         dev->mac_suspended++;
3021 }
3022
3023 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3024 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3025 {
3026         u32 tmp;
3027
3028         switch (dev->dev->bus_type) {
3029 #ifdef CONFIG_B43_BCMA
3030         case B43_BUS_BCMA:
3031                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3032                 if (on)
3033                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3034                 else
3035                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3036                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3037                 break;
3038 #endif
3039 #ifdef CONFIG_B43_SSB
3040         case B43_BUS_SSB:
3041                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3042                 if (on)
3043                         tmp |= B43_TMSLOW_MACPHYCLKEN;
3044                 else
3045                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3046                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3047                 break;
3048 #endif
3049         }
3050 }
3051
3052 /* brcms_b_switch_macfreq */
3053 void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3054 {
3055         u16 chip_id = dev->dev->chip_id;
3056
3057         if (chip_id == BCMA_CHIP_ID_BCM4331) {
3058                 switch (spurmode) {
3059                 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3060                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3061                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3062                         break;
3063                 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3064                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3065                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3066                         break;
3067                 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3068                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3069                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3070                         break;
3071                 }
3072         } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3073             chip_id == BCMA_CHIP_ID_BCM43217 ||
3074             chip_id == BCMA_CHIP_ID_BCM43222 ||
3075             chip_id == BCMA_CHIP_ID_BCM43224 ||
3076             chip_id == BCMA_CHIP_ID_BCM43225 ||
3077             chip_id == BCMA_CHIP_ID_BCM43227 ||
3078             chip_id == BCMA_CHIP_ID_BCM43228) {
3079                 switch (spurmode) {
3080                 case 2: /* 126 Mhz */
3081                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3082                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3083                         break;
3084                 case 1: /* 123 Mhz */
3085                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3086                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3087                         break;
3088                 default: /* 120 Mhz */
3089                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3090                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3091                         break;
3092                 }
3093         } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3094                 switch (spurmode) {
3095                 case 1: /* 82 Mhz */
3096                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3097                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3098                         break;
3099                 default: /* 80 Mhz */
3100                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3101                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3102                         break;
3103                 }
3104         }
3105 }
3106
3107 static void b43_adjust_opmode(struct b43_wldev *dev)
3108 {
3109         struct b43_wl *wl = dev->wl;
3110         u32 ctl;
3111         u16 cfp_pretbtt;
3112
3113         ctl = b43_read32(dev, B43_MMIO_MACCTL);
3114         /* Reset status to STA infrastructure mode. */
3115         ctl &= ~B43_MACCTL_AP;
3116         ctl &= ~B43_MACCTL_KEEP_CTL;
3117         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3118         ctl &= ~B43_MACCTL_KEEP_BAD;
3119         ctl &= ~B43_MACCTL_PROMISC;
3120         ctl &= ~B43_MACCTL_BEACPROMISC;
3121         ctl |= B43_MACCTL_INFRA;
3122
3123         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3124             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3125                 ctl |= B43_MACCTL_AP;
3126         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3127                 ctl &= ~B43_MACCTL_INFRA;
3128
3129         if (wl->filter_flags & FIF_CONTROL)
3130                 ctl |= B43_MACCTL_KEEP_CTL;
3131         if (wl->filter_flags & FIF_FCSFAIL)
3132                 ctl |= B43_MACCTL_KEEP_BAD;
3133         if (wl->filter_flags & FIF_PLCPFAIL)
3134                 ctl |= B43_MACCTL_KEEP_BADPLCP;
3135         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3136                 ctl |= B43_MACCTL_BEACPROMISC;
3137
3138         /* Workaround: On old hardware the HW-MAC-address-filter
3139          * doesn't work properly, so always run promisc in filter
3140          * it in software. */
3141         if (dev->dev->core_rev <= 4)
3142                 ctl |= B43_MACCTL_PROMISC;
3143
3144         b43_write32(dev, B43_MMIO_MACCTL, ctl);
3145
3146         cfp_pretbtt = 2;
3147         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3148                 if (dev->dev->chip_id == 0x4306 &&
3149                     dev->dev->chip_rev == 3)
3150                         cfp_pretbtt = 100;
3151                 else
3152                         cfp_pretbtt = 50;
3153         }
3154         b43_write16(dev, 0x612, cfp_pretbtt);
3155
3156         /* FIXME: We don't currently implement the PMQ mechanism,
3157          *        so always disable it. If we want to implement PMQ,
3158          *        we need to enable it here (clear DISCPMQ) in AP mode.
3159          */
3160         if (0  /* ctl & B43_MACCTL_AP */)
3161                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3162         else
3163                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3164 }
3165
3166 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3167 {
3168         u16 offset;
3169
3170         if (is_ofdm) {
3171                 offset = 0x480;
3172                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3173         } else {
3174                 offset = 0x4C0;
3175                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3176         }
3177         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3178                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
3179 }
3180
3181 static void b43_rate_memory_init(struct b43_wldev *dev)
3182 {
3183         switch (dev->phy.type) {
3184         case B43_PHYTYPE_A:
3185         case B43_PHYTYPE_G:
3186         case B43_PHYTYPE_N:
3187         case B43_PHYTYPE_LP:
3188         case B43_PHYTYPE_HT:
3189         case B43_PHYTYPE_LCN:
3190                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3191                 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3192                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3193                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3194                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3195                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3196                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3197                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3198                 if (dev->phy.type == B43_PHYTYPE_A)
3199                         break;
3200                 /* fallthrough */
3201         case B43_PHYTYPE_B:
3202                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3203                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3204                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3205                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3206                 break;
3207         default:
3208                 B43_WARN_ON(1);
3209         }
3210 }
3211
3212 /* Set the default values for the PHY TX Control Words. */
3213 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3214 {
3215         u16 ctl = 0;
3216
3217         ctl |= B43_TXH_PHY_ENC_CCK;
3218         ctl |= B43_TXH_PHY_ANT01AUTO;
3219         ctl |= B43_TXH_PHY_TXPWR;
3220
3221         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3222         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3223         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3224 }
3225
3226 /* Set the TX-Antenna for management frames sent by firmware. */
3227 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3228 {
3229         u16 ant;
3230         u16 tmp;
3231
3232         ant = b43_antenna_to_phyctl(antenna);
3233
3234         /* For ACK/CTS */
3235         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3236         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3237         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3238         /* For Probe Resposes */
3239         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3240         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3241         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3242 }
3243
3244 /* This is the opposite of b43_chip_init() */
3245 static void b43_chip_exit(struct b43_wldev *dev)
3246 {
3247         b43_phy_exit(dev);
3248         b43_gpio_cleanup(dev);
3249         /* firmware is released later */
3250 }
3251
3252 /* Initialize the chip
3253  * http://bcm-specs.sipsolutions.net/ChipInit
3254  */
3255 static int b43_chip_init(struct b43_wldev *dev)
3256 {
3257         struct b43_phy *phy = &dev->phy;
3258         int err;
3259         u32 macctl;
3260         u16 value16;
3261
3262         /* Initialize the MAC control */
3263         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3264         if (dev->phy.gmode)
3265                 macctl |= B43_MACCTL_GMODE;
3266         macctl |= B43_MACCTL_INFRA;
3267         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3268
3269         err = b43_upload_microcode(dev);
3270         if (err)
3271                 goto out;       /* firmware is released later */
3272
3273         err = b43_gpio_init(dev);
3274         if (err)
3275                 goto out;       /* firmware is released later */
3276
3277         err = b43_upload_initvals(dev);
3278         if (err)
3279                 goto err_gpio_clean;
3280
3281         err = b43_upload_initvals_band(dev);
3282         if (err)
3283                 goto err_gpio_clean;
3284
3285         /* Turn the Analog on and initialize the PHY. */
3286         phy->ops->switch_analog(dev, 1);
3287         err = b43_phy_init(dev);
3288         if (err)
3289                 goto err_gpio_clean;
3290
3291         /* Disable Interference Mitigation. */
3292         if (phy->ops->interf_mitigation)
3293                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3294
3295         /* Select the antennae */
3296         if (phy->ops->set_rx_antenna)
3297                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3298         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3299
3300         if (phy->type == B43_PHYTYPE_B) {
3301                 value16 = b43_read16(dev, 0x005E);
3302                 value16 |= 0x0004;
3303                 b43_write16(dev, 0x005E, value16);
3304         }
3305         b43_write32(dev, 0x0100, 0x01000000);
3306         if (dev->dev->core_rev < 5)
3307                 b43_write32(dev, 0x010C, 0x01000000);
3308
3309         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3310         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3311
3312         /* Probe Response Timeout value */
3313         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3314         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3315
3316         /* Initially set the wireless operation mode. */
3317         b43_adjust_opmode(dev);
3318
3319         if (dev->dev->core_rev < 3) {
3320                 b43_write16(dev, 0x060E, 0x0000);
3321                 b43_write16(dev, 0x0610, 0x8000);
3322                 b43_write16(dev, 0x0604, 0x0000);
3323                 b43_write16(dev, 0x0606, 0x0200);
3324         } else {
3325                 b43_write32(dev, 0x0188, 0x80000000);
3326                 b43_write32(dev, 0x018C, 0x02000000);
3327         }
3328         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3329         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3330         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3331         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3332         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3333         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3334         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3335
3336         b43_mac_phy_clock_set(dev, true);
3337
3338         switch (dev->dev->bus_type) {
3339 #ifdef CONFIG_B43_BCMA
3340         case B43_BUS_BCMA:
3341                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3342                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3343                 break;
3344 #endif
3345 #ifdef CONFIG_B43_SSB
3346         case B43_BUS_SSB:
3347                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3348                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3349                 break;
3350 #endif
3351         }
3352
3353         err = 0;
3354         b43dbg(dev->wl, "Chip initialized\n");
3355 out:
3356         return err;
3357
3358 err_gpio_clean:
3359         b43_gpio_cleanup(dev);
3360         return err;
3361 }
3362
3363 static void b43_periodic_every60sec(struct b43_wldev *dev)
3364 {
3365         const struct b43_phy_operations *ops = dev->phy.ops;
3366
3367         if (ops->pwork_60sec)
3368                 ops->pwork_60sec(dev);
3369
3370         /* Force check the TX power emission now. */
3371         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3372 }
3373
3374 static void b43_periodic_every30sec(struct b43_wldev *dev)
3375 {
3376         /* Update device statistics. */
3377         b43_calculate_link_quality(dev);
3378 }
3379
3380 static void b43_periodic_every15sec(struct b43_wldev *dev)
3381 {
3382         struct b43_phy *phy = &dev->phy;
3383         u16 wdr;
3384
3385         if (dev->fw.opensource) {
3386                 /* Check if the firmware is still alive.
3387                  * It will reset the watchdog counter to 0 in its idle loop. */
3388                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3389                 if (unlikely(wdr)) {
3390                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3391                         b43_controller_restart(dev, "Firmware watchdog");
3392                         return;
3393                 } else {
3394                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3395                                         B43_WATCHDOG_REG, 1);
3396                 }
3397         }
3398
3399         if (phy->ops->pwork_15sec)
3400                 phy->ops->pwork_15sec(dev);
3401
3402         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3403         wmb();
3404
3405 #if B43_DEBUG
3406         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3407                 unsigned int i;
3408
3409                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3410                        dev->irq_count / 15,
3411                        dev->tx_count / 15,
3412                        dev->rx_count / 15);
3413                 dev->irq_count = 0;
3414                 dev->tx_count = 0;
3415                 dev->rx_count = 0;
3416                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3417                         if (dev->irq_bit_count[i]) {
3418                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3419                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3420                                 dev->irq_bit_count[i] = 0;
3421                         }
3422                 }
3423         }
3424 #endif
3425 }
3426
3427 static void do_periodic_work(struct b43_wldev *dev)
3428 {
3429         unsigned int state;
3430
3431         state = dev->periodic_state;
3432         if (state % 4 == 0)
3433                 b43_periodic_every60sec(dev);
3434         if (state % 2 == 0)
3435                 b43_periodic_every30sec(dev);
3436         b43_periodic_every15sec(dev);
3437 }
3438
3439 /* Periodic work locking policy:
3440  *      The whole periodic work handler is protected by
3441  *      wl->mutex. If another lock is needed somewhere in the
3442  *      pwork callchain, it's acquired in-place, where it's needed.
3443  */
3444 static void b43_periodic_work_handler(struct work_struct *work)
3445 {
3446         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3447                                              periodic_work.work);
3448         struct b43_wl *wl = dev->wl;
3449         unsigned long delay;
3450
3451         mutex_lock(&wl->mutex);
3452
3453         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3454                 goto out;
3455         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3456                 goto out_requeue;
3457
3458         do_periodic_work(dev);
3459
3460         dev->periodic_state++;
3461 out_requeue:
3462         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3463                 delay = msecs_to_jiffies(50);
3464         else
3465                 delay = round_jiffies_relative(HZ * 15);
3466         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3467 out:
3468         mutex_unlock(&wl->mutex);
3469 }
3470
3471 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3472 {
3473         struct delayed_work *work = &dev->periodic_work;
3474
3475         dev->periodic_state = 0;
3476         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3477         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3478 }
3479
3480 /* Check if communication with the device works correctly. */
3481 static int b43_validate_chipaccess(struct b43_wldev *dev)
3482 {
3483         u32 v, backup0, backup4;
3484
3485         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3486         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3487
3488         /* Check for read/write and endianness problems. */
3489         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3490         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3491                 goto error;
3492         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3493         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3494                 goto error;
3495
3496         /* Check if unaligned 32bit SHM_SHARED access works properly.
3497          * However, don't bail out on failure, because it's noncritical. */
3498         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3499         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3500         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3501         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3502         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3503                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3504         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3505         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3506             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3507             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3508             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3509                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3510
3511         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3512         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3513
3514         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3515                 /* The 32bit register shadows the two 16bit registers
3516                  * with update sideeffects. Validate this. */
3517                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3518                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3519                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3520                         goto error;
3521                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3522                         goto error;
3523         }
3524         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3525
3526         v = b43_read32(dev, B43_MMIO_MACCTL);
3527         v |= B43_MACCTL_GMODE;
3528         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3529                 goto error;
3530
3531         return 0;
3532 error:
3533         b43err(dev->wl, "Failed to validate the chipaccess\n");
3534         return -ENODEV;
3535 }
3536
3537 static void b43_security_init(struct b43_wldev *dev)
3538 {
3539         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3540         /* KTP is a word address, but we address SHM bytewise.
3541          * So multiply by two.
3542          */
3543         dev->ktp *= 2;
3544         /* Number of RCMTA address slots */
3545         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3546         /* Clear the key memory. */
3547         b43_clear_keys(dev);
3548 }
3549
3550 #ifdef CONFIG_B43_HWRNG
3551 static int b43_rng_read(struct hwrng *rng, u32 *data)
3552 {
3553         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3554         struct b43_wldev *dev;
3555         int count = -ENODEV;
3556
3557         mutex_lock(&wl->mutex);
3558         dev = wl->current_dev;
3559         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3560                 *data = b43_read16(dev, B43_MMIO_RNG);
3561                 count = sizeof(u16);
3562         }
3563         mutex_unlock(&wl->mutex);
3564
3565         return count;
3566 }
3567 #endif /* CONFIG_B43_HWRNG */
3568
3569 static void b43_rng_exit(struct b43_wl *wl)
3570 {
3571 #ifdef CONFIG_B43_HWRNG
3572         if (wl->rng_initialized)
3573                 hwrng_unregister(&wl->rng);
3574 #endif /* CONFIG_B43_HWRNG */
3575 }
3576
3577 static int b43_rng_init(struct b43_wl *wl)
3578 {
3579         int err = 0;
3580
3581 #ifdef CONFIG_B43_HWRNG
3582         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3583                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3584         wl->rng.name = wl->rng_name;
3585         wl->rng.data_read = b43_rng_read;
3586         wl->rng.priv = (unsigned long)wl;
3587         wl->rng_initialized = true;
3588         err = hwrng_register(&wl->rng);
3589         if (err) {
3590                 wl->rng_initialized = false;
3591                 b43err(wl, "Failed to register the random "
3592                        "number generator (%d)\n", err);
3593         }
3594 #endif /* CONFIG_B43_HWRNG */
3595
3596         return err;
3597 }
3598
3599 static void b43_tx_work(struct work_struct *work)
3600 {
3601         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3602         struct b43_wldev *dev;
3603         struct sk_buff *skb;
3604         int queue_num;
3605         int err = 0;
3606
3607         mutex_lock(&wl->mutex);
3608         dev = wl->current_dev;
3609         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3610                 mutex_unlock(&wl->mutex);
3611                 return;
3612         }
3613
3614         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3615                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3616                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3617                         if (b43_using_pio_transfers(dev))
3618                                 err = b43_pio_tx(dev, skb);
3619                         else
3620                                 err = b43_dma_tx(dev, skb);
3621                         if (err == -ENOSPC) {
3622                                 wl->tx_queue_stopped[queue_num] = 1;
3623                                 ieee80211_stop_queue(wl->hw, queue_num);
3624                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3625                                 break;
3626                         }
3627                         if (unlikely(err))
3628                                 ieee80211_free_txskb(wl->hw, skb);
3629                         err = 0;
3630                 }
3631
3632                 if (!err)
3633                         wl->tx_queue_stopped[queue_num] = 0;
3634         }
3635
3636 #if B43_DEBUG
3637         dev->tx_count++;
3638 #endif
3639         mutex_unlock(&wl->mutex);
3640 }
3641
3642 static void b43_op_tx(struct ieee80211_hw *hw,
3643                       struct ieee80211_tx_control *control,
3644                       struct sk_buff *skb)
3645 {
3646         struct b43_wl *wl = hw_to_b43_wl(hw);
3647
3648         if (unlikely(skb->len < 2 + 2 + 6)) {
3649                 /* Too short, this can't be a valid frame. */
3650                 ieee80211_free_txskb(hw, skb);
3651                 return;
3652         }
3653         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3654
3655         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3656         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3657                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3658         } else {
3659                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3660         }
3661 }
3662
3663 static void b43_qos_params_upload(struct b43_wldev *dev,
3664                                   const struct ieee80211_tx_queue_params *p,
3665                                   u16 shm_offset)
3666 {
3667         u16 params[B43_NR_QOSPARAMS];
3668         int bslots, tmp;
3669         unsigned int i;
3670
3671         if (!dev->qos_enabled)
3672                 return;
3673
3674         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3675
3676         memset(&params, 0, sizeof(params));
3677
3678         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3679         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3680         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3681         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3682         params[B43_QOSPARAM_AIFS] = p->aifs;
3683         params[B43_QOSPARAM_BSLOTS] = bslots;
3684         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3685
3686         for (i = 0; i < ARRAY_SIZE(params); i++) {
3687                 if (i == B43_QOSPARAM_STATUS) {
3688                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3689                                              shm_offset + (i * 2));
3690                         /* Mark the parameters as updated. */
3691                         tmp |= 0x100;
3692                         b43_shm_write16(dev, B43_SHM_SHARED,
3693                                         shm_offset + (i * 2),
3694                                         tmp);
3695                 } else {
3696                         b43_shm_write16(dev, B43_SHM_SHARED,
3697                                         shm_offset + (i * 2),
3698                                         params[i]);
3699                 }
3700         }
3701 }
3702
3703 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3704 static const u16 b43_qos_shm_offsets[] = {
3705         /* [mac80211-queue-nr] = SHM_OFFSET, */
3706         [0] = B43_QOS_VOICE,
3707         [1] = B43_QOS_VIDEO,
3708         [2] = B43_QOS_BESTEFFORT,
3709         [3] = B43_QOS_BACKGROUND,
3710 };
3711
3712 /* Update all QOS parameters in hardware. */
3713 static void b43_qos_upload_all(struct b43_wldev *dev)
3714 {
3715         struct b43_wl *wl = dev->wl;
3716         struct b43_qos_params *params;
3717         unsigned int i;
3718
3719         if (!dev->qos_enabled)
3720                 return;
3721
3722         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3723                      ARRAY_SIZE(wl->qos_params));
3724
3725         b43_mac_suspend(dev);
3726         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3727                 params = &(wl->qos_params[i]);
3728                 b43_qos_params_upload(dev, &(params->p),
3729                                       b43_qos_shm_offsets[i]);
3730         }
3731         b43_mac_enable(dev);
3732 }
3733
3734 static void b43_qos_clear(struct b43_wl *wl)
3735 {
3736         struct b43_qos_params *params;
3737         unsigned int i;
3738
3739         /* Initialize QoS parameters to sane defaults. */
3740
3741         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3742                      ARRAY_SIZE(wl->qos_params));
3743
3744         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3745                 params = &(wl->qos_params[i]);
3746
3747                 switch (b43_qos_shm_offsets[i]) {
3748                 case B43_QOS_VOICE:
3749                         params->p.txop = 0;
3750                         params->p.aifs = 2;
3751                         params->p.cw_min = 0x0001;
3752                         params->p.cw_max = 0x0001;
3753                         break;
3754                 case B43_QOS_VIDEO:
3755                         params->p.txop = 0;
3756                         params->p.aifs = 2;
3757                         params->p.cw_min = 0x0001;
3758                         params->p.cw_max = 0x0001;
3759                         break;
3760                 case B43_QOS_BESTEFFORT:
3761                         params->p.txop = 0;
3762                         params->p.aifs = 3;
3763                         params->p.cw_min = 0x0001;
3764                         params->p.cw_max = 0x03FF;
3765                         break;
3766                 case B43_QOS_BACKGROUND:
3767                         params->p.txop = 0;
3768                         params->p.aifs = 7;
3769                         params->p.cw_min = 0x0001;
3770                         params->p.cw_max = 0x03FF;
3771                         break;
3772                 default:
3773                         B43_WARN_ON(1);
3774                 }
3775         }
3776 }
3777
3778 /* Initialize the core's QOS capabilities */
3779 static void b43_qos_init(struct b43_wldev *dev)
3780 {
3781         if (!dev->qos_enabled) {
3782                 /* Disable QOS support. */
3783                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3784                 b43_write16(dev, B43_MMIO_IFSCTL,
3785                             b43_read16(dev, B43_MMIO_IFSCTL)
3786                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3787                 b43dbg(dev->wl, "QoS disabled\n");
3788                 return;
3789         }
3790
3791         /* Upload the current QOS parameters. */
3792         b43_qos_upload_all(dev);
3793
3794         /* Enable QOS support. */
3795         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3796         b43_write16(dev, B43_MMIO_IFSCTL,
3797                     b43_read16(dev, B43_MMIO_IFSCTL)
3798                     | B43_MMIO_IFSCTL_USE_EDCF);
3799         b43dbg(dev->wl, "QoS enabled\n");
3800 }
3801
3802 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3803                           struct ieee80211_vif *vif, u16 _queue,
3804                           const struct ieee80211_tx_queue_params *params)
3805 {
3806         struct b43_wl *wl = hw_to_b43_wl(hw);
3807         struct b43_wldev *dev;
3808         unsigned int queue = (unsigned int)_queue;
3809         int err = -ENODEV;
3810
3811         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3812                 /* Queue not available or don't support setting
3813                  * params on this queue. Return success to not
3814                  * confuse mac80211. */
3815                 return 0;
3816         }
3817         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3818                      ARRAY_SIZE(wl->qos_params));
3819
3820         mutex_lock(&wl->mutex);
3821         dev = wl->current_dev;
3822         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3823                 goto out_unlock;
3824
3825         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3826         b43_mac_suspend(dev);
3827         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3828                               b43_qos_shm_offsets[queue]);
3829         b43_mac_enable(dev);
3830         err = 0;
3831
3832 out_unlock:
3833         mutex_unlock(&wl->mutex);
3834
3835         return err;
3836 }
3837
3838 static int b43_op_get_stats(struct ieee80211_hw *hw,
3839                             struct ieee80211_low_level_stats *stats)
3840 {
3841         struct b43_wl *wl = hw_to_b43_wl(hw);
3842
3843         mutex_lock(&wl->mutex);
3844         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3845         mutex_unlock(&wl->mutex);
3846
3847         return 0;
3848 }
3849
3850 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3851 {
3852         struct b43_wl *wl = hw_to_b43_wl(hw);
3853         struct b43_wldev *dev;
3854         u64 tsf;
3855
3856         mutex_lock(&wl->mutex);
3857         dev = wl->current_dev;
3858
3859         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3860                 b43_tsf_read(dev, &tsf);
3861         else
3862                 tsf = 0;
3863
3864         mutex_unlock(&wl->mutex);
3865
3866         return tsf;
3867 }
3868
3869 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3870                            struct ieee80211_vif *vif, u64 tsf)
3871 {
3872         struct b43_wl *wl = hw_to_b43_wl(hw);
3873         struct b43_wldev *dev;
3874
3875         mutex_lock(&wl->mutex);
3876         dev = wl->current_dev;
3877
3878         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3879                 b43_tsf_write(dev, tsf);
3880
3881         mutex_unlock(&wl->mutex);
3882 }
3883
3884 static const char *band_to_string(enum ieee80211_band band)
3885 {
3886         switch (band) {
3887         case IEEE80211_BAND_5GHZ:
3888                 return "5";
3889         case IEEE80211_BAND_2GHZ:
3890                 return "2.4";
3891         default:
3892                 break;
3893         }
3894         B43_WARN_ON(1);
3895         return "";
3896 }
3897
3898 /* Expects wl->mutex locked */
3899 static int b43_switch_band(struct b43_wldev *dev,
3900                            struct ieee80211_channel *chan)
3901 {
3902         struct b43_phy *phy = &dev->phy;
3903         bool gmode;
3904         u32 tmp;
3905
3906         switch (chan->band) {
3907         case IEEE80211_BAND_5GHZ:
3908                 gmode = false;
3909                 break;
3910         case IEEE80211_BAND_2GHZ:
3911                 gmode = true;
3912                 break;
3913         default:
3914                 B43_WARN_ON(1);
3915                 return -EINVAL;
3916         }
3917
3918         if (!((gmode && phy->supports_2ghz) ||
3919               (!gmode && phy->supports_5ghz))) {
3920                 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3921                        band_to_string(chan->band));
3922                 return -ENODEV;
3923         }
3924
3925         if (!!phy->gmode == !!gmode) {
3926                 /* This device is already running. */
3927                 return 0;
3928         }
3929
3930         b43dbg(dev->wl, "Switching to %s GHz band\n",
3931                band_to_string(chan->band));
3932
3933         /* Some new devices don't need disabling radio for band switching */
3934         if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3935                 b43_software_rfkill(dev, true);
3936
3937         phy->gmode = gmode;
3938         b43_phy_put_into_reset(dev);
3939         switch (dev->dev->bus_type) {
3940 #ifdef CONFIG_B43_BCMA
3941         case B43_BUS_BCMA:
3942                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3943                 if (gmode)
3944                         tmp |= B43_BCMA_IOCTL_GMODE;
3945                 else
3946                         tmp &= ~B43_BCMA_IOCTL_GMODE;
3947                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3948                 break;
3949 #endif
3950 #ifdef CONFIG_B43_SSB
3951         case B43_BUS_SSB:
3952                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3953                 if (gmode)
3954                         tmp |= B43_TMSLOW_GMODE;
3955                 else
3956                         tmp &= ~B43_TMSLOW_GMODE;
3957                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3958                 break;
3959 #endif
3960         }
3961         b43_phy_take_out_of_reset(dev);
3962
3963         b43_upload_initvals_band(dev);
3964
3965         b43_phy_init(dev);
3966
3967         return 0;
3968 }
3969
3970 static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3971 {
3972         interval = min_t(u16, interval, (u16)0xFF);
3973         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3974 }
3975
3976 /* Write the short and long frame retry limit values. */
3977 static void b43_set_retry_limits(struct b43_wldev *dev,
3978                                  unsigned int short_retry,
3979                                  unsigned int long_retry)
3980 {
3981         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3982          * the chip-internal counter. */
3983         short_retry = min(short_retry, (unsigned int)0xF);
3984         long_retry = min(long_retry, (unsigned int)0xF);
3985
3986         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3987                         short_retry);
3988         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3989                         long_retry);
3990 }
3991
3992 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3993 {
3994         struct b43_wl *wl = hw_to_b43_wl(hw);
3995         struct b43_wldev *dev = wl->current_dev;
3996         struct b43_phy *phy = &dev->phy;
3997         struct ieee80211_conf *conf = &hw->conf;
3998         int antenna;
3999         int err = 0;
4000
4001         mutex_lock(&wl->mutex);
4002         b43_mac_suspend(dev);
4003
4004         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4005                 b43_set_beacon_listen_interval(dev, conf->listen_interval);
4006
4007         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4008                 phy->chandef = &conf->chandef;
4009                 phy->channel = conf->chandef.chan->hw_value;
4010
4011                 /* Switch the band (if necessary). */
4012                 err = b43_switch_band(dev, conf->chandef.chan);
4013                 if (err)
4014                         goto out_mac_enable;
4015
4016                 /* Switch to the requested channel.
4017                  * The firmware takes care of races with the TX handler.
4018                  */
4019                 b43_switch_channel(dev, phy->channel);
4020         }
4021
4022         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4023                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4024                                           conf->long_frame_max_tx_count);
4025         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4026         if (!changed)
4027                 goto out_mac_enable;
4028
4029         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4030
4031         /* Adjust the desired TX power level. */
4032         if (conf->power_level != 0) {
4033                 if (conf->power_level != phy->desired_txpower) {
4034                         phy->desired_txpower = conf->power_level;
4035                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4036                                                    B43_TXPWR_IGNORE_TSSI);
4037                 }
4038         }
4039
4040         /* Antennas for RX and management frame TX. */
4041         antenna = B43_ANTENNA_DEFAULT;
4042         b43_mgmtframe_txantenna(dev, antenna);
4043         antenna = B43_ANTENNA_DEFAULT;
4044         if (phy->ops->set_rx_antenna)
4045                 phy->ops->set_rx_antenna(dev, antenna);
4046
4047         if (wl->radio_enabled != phy->radio_on) {
4048                 if (wl->radio_enabled) {
4049                         b43_software_rfkill(dev, false);
4050                         b43info(dev->wl, "Radio turned on by software\n");
4051                         if (!dev->radio_hw_enable) {
4052                                 b43info(dev->wl, "The hardware RF-kill button "
4053                                         "still turns the radio physically off. "
4054                                         "Press the button to turn it on.\n");
4055                         }
4056                 } else {
4057                         b43_software_rfkill(dev, true);
4058                         b43info(dev->wl, "Radio turned off by software\n");
4059                 }
4060         }
4061
4062 out_mac_enable:
4063         b43_mac_enable(dev);
4064         mutex_unlock(&wl->mutex);
4065
4066         return err;
4067 }
4068
4069 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4070 {
4071         struct ieee80211_supported_band *sband =
4072                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4073         struct ieee80211_rate *rate;
4074         int i;
4075         u16 basic, direct, offset, basic_offset, rateptr;
4076
4077         for (i = 0; i < sband->n_bitrates; i++) {
4078                 rate = &sband->bitrates[i];
4079
4080                 if (b43_is_cck_rate(rate->hw_value)) {
4081                         direct = B43_SHM_SH_CCKDIRECT;
4082                         basic = B43_SHM_SH_CCKBASIC;
4083                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4084                         offset &= 0xF;
4085                 } else {
4086                         direct = B43_SHM_SH_OFDMDIRECT;
4087                         basic = B43_SHM_SH_OFDMBASIC;
4088                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4089                         offset &= 0xF;
4090                 }
4091
4092                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4093
4094                 if (b43_is_cck_rate(rate->hw_value)) {
4095                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4096                         basic_offset &= 0xF;
4097                 } else {
4098                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4099                         basic_offset &= 0xF;
4100                 }
4101
4102                 /*
4103                  * Get the pointer that we need to point to
4104                  * from the direct map
4105                  */
4106                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4107                                          direct + 2 * basic_offset);
4108                 /* and write it to the basic map */
4109                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4110                                 rateptr);
4111         }
4112 }
4113
4114 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4115                                     struct ieee80211_vif *vif,
4116                                     struct ieee80211_bss_conf *conf,
4117                                     u32 changed)
4118 {
4119         struct b43_wl *wl = hw_to_b43_wl(hw);
4120         struct b43_wldev *dev;
4121
4122         mutex_lock(&wl->mutex);
4123
4124         dev = wl->current_dev;
4125         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4126                 goto out_unlock_mutex;
4127
4128         B43_WARN_ON(wl->vif != vif);
4129
4130         if (changed & BSS_CHANGED_BSSID) {
4131                 if (conf->bssid)
4132                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4133                 else
4134                         eth_zero_addr(wl->bssid);
4135         }
4136
4137         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4138                 if (changed & BSS_CHANGED_BEACON &&
4139                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4140                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4141                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4142                         b43_update_templates(wl);
4143
4144                 if (changed & BSS_CHANGED_BSSID)
4145                         b43_write_mac_bssid_templates(dev);
4146         }
4147
4148         b43_mac_suspend(dev);
4149
4150         /* Update templates for AP/mesh mode. */
4151         if (changed & BSS_CHANGED_BEACON_INT &&
4152             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4153              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4154              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4155             conf->beacon_int)
4156                 b43_set_beacon_int(dev, conf->beacon_int);
4157
4158         if (changed & BSS_CHANGED_BASIC_RATES)
4159                 b43_update_basic_rates(dev, conf->basic_rates);
4160
4161         if (changed & BSS_CHANGED_ERP_SLOT) {
4162                 if (conf->use_short_slot)
4163                         b43_short_slot_timing_enable(dev);
4164                 else
4165                         b43_short_slot_timing_disable(dev);
4166         }
4167
4168         b43_mac_enable(dev);
4169 out_unlock_mutex:
4170         mutex_unlock(&wl->mutex);
4171 }
4172
4173 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4174                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4175                           struct ieee80211_key_conf *key)
4176 {
4177         struct b43_wl *wl = hw_to_b43_wl(hw);
4178         struct b43_wldev *dev;
4179         u8 algorithm;
4180         u8 index;
4181         int err;
4182         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4183
4184         if (modparam_nohwcrypt)
4185                 return -ENOSPC; /* User disabled HW-crypto */
4186
4187         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4188              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4189             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4190              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4191             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4192                 /*
4193                  * For now, disable hw crypto for the RSN IBSS group keys. This
4194                  * could be optimized in the future, but until that gets
4195                  * implemented, use of software crypto for group addressed
4196                  * frames is a acceptable to allow RSN IBSS to be used.
4197                  */
4198                 return -EOPNOTSUPP;
4199         }
4200
4201         mutex_lock(&wl->mutex);
4202
4203         dev = wl->current_dev;
4204         err = -ENODEV;
4205         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4206                 goto out_unlock;
4207
4208         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4209                 /* We don't have firmware for the crypto engine.
4210                  * Must use software-crypto. */
4211                 err = -EOPNOTSUPP;
4212                 goto out_unlock;
4213         }
4214
4215         err = -EINVAL;
4216         switch (key->cipher) {
4217         case WLAN_CIPHER_SUITE_WEP40:
4218                 algorithm = B43_SEC_ALGO_WEP40;
4219                 break;
4220         case WLAN_CIPHER_SUITE_WEP104:
4221                 algorithm = B43_SEC_ALGO_WEP104;
4222                 break;
4223         case WLAN_CIPHER_SUITE_TKIP:
4224                 algorithm = B43_SEC_ALGO_TKIP;
4225                 break;
4226         case WLAN_CIPHER_SUITE_CCMP:
4227                 algorithm = B43_SEC_ALGO_AES;
4228                 break;
4229         default:
4230                 B43_WARN_ON(1);
4231                 goto out_unlock;
4232         }
4233         index = (u8) (key->keyidx);
4234         if (index > 3)
4235                 goto out_unlock;
4236
4237         switch (cmd) {
4238         case SET_KEY:
4239                 if (algorithm == B43_SEC_ALGO_TKIP &&
4240                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4241                     !modparam_hwtkip)) {
4242                         /* We support only pairwise key */
4243                         err = -EOPNOTSUPP;
4244                         goto out_unlock;
4245                 }
4246
4247                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4248                         if (WARN_ON(!sta)) {
4249                                 err = -EOPNOTSUPP;
4250                                 goto out_unlock;
4251                         }
4252                         /* Pairwise key with an assigned MAC address. */
4253                         err = b43_key_write(dev, -1, algorithm,
4254                                             key->key, key->keylen,
4255                                             sta->addr, key);
4256                 } else {
4257                         /* Group key */
4258                         err = b43_key_write(dev, index, algorithm,
4259                                             key->key, key->keylen, NULL, key);
4260                 }
4261                 if (err)
4262                         goto out_unlock;
4263
4264                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4265                     algorithm == B43_SEC_ALGO_WEP104) {
4266                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4267                 } else {
4268                         b43_hf_write(dev,
4269                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4270                 }
4271                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4272                 if (algorithm == B43_SEC_ALGO_TKIP)
4273                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4274                 break;
4275         case DISABLE_KEY: {
4276                 err = b43_key_clear(dev, key->hw_key_idx);
4277                 if (err)
4278                         goto out_unlock;
4279                 break;
4280         }
4281         default:
4282                 B43_WARN_ON(1);
4283         }
4284
4285 out_unlock:
4286         if (!err) {
4287                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4288                        "mac: %pM\n",
4289                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4290                        sta ? sta->addr : bcast_addr);
4291                 b43_dump_keymemory(dev);
4292         }
4293         mutex_unlock(&wl->mutex);
4294
4295         return err;
4296 }
4297
4298 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4299                                     unsigned int changed, unsigned int *fflags,
4300                                     u64 multicast)
4301 {
4302         struct b43_wl *wl = hw_to_b43_wl(hw);
4303         struct b43_wldev *dev;
4304
4305         mutex_lock(&wl->mutex);
4306         dev = wl->current_dev;
4307         if (!dev) {
4308                 *fflags = 0;
4309                 goto out_unlock;
4310         }
4311
4312         *fflags &= FIF_ALLMULTI |
4313                   FIF_FCSFAIL |
4314                   FIF_PLCPFAIL |
4315                   FIF_CONTROL |
4316                   FIF_OTHER_BSS |
4317                   FIF_BCN_PRBRESP_PROMISC;
4318
4319         changed &= FIF_ALLMULTI |
4320                    FIF_FCSFAIL |
4321                    FIF_PLCPFAIL |
4322                    FIF_CONTROL |
4323                    FIF_OTHER_BSS |
4324                    FIF_BCN_PRBRESP_PROMISC;
4325
4326         wl->filter_flags = *fflags;
4327
4328         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4329                 b43_adjust_opmode(dev);
4330
4331 out_unlock:
4332         mutex_unlock(&wl->mutex);
4333 }
4334
4335 /* Locking: wl->mutex
4336  * Returns the current dev. This might be different from the passed in dev,
4337  * because the core might be gone away while we unlocked the mutex. */
4338 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4339 {
4340         struct b43_wl *wl;
4341         struct b43_wldev *orig_dev;
4342         u32 mask;
4343         int queue_num;
4344
4345         if (!dev)
4346                 return NULL;
4347         wl = dev->wl;
4348 redo:
4349         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4350                 return dev;
4351
4352         /* Cancel work. Unlock to avoid deadlocks. */
4353         mutex_unlock(&wl->mutex);
4354         cancel_delayed_work_sync(&dev->periodic_work);
4355         cancel_work_sync(&wl->tx_work);
4356         b43_leds_stop(dev);
4357         mutex_lock(&wl->mutex);
4358         dev = wl->current_dev;
4359         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4360                 /* Whoops, aliens ate up the device while we were unlocked. */
4361                 return dev;
4362         }
4363
4364         /* Disable interrupts on the device. */
4365         b43_set_status(dev, B43_STAT_INITIALIZED);
4366         if (b43_bus_host_is_sdio(dev->dev)) {
4367                 /* wl->mutex is locked. That is enough. */
4368                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4369                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4370         } else {
4371                 spin_lock_irq(&wl->hardirq_lock);
4372                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4373                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4374                 spin_unlock_irq(&wl->hardirq_lock);
4375         }
4376         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4377         orig_dev = dev;
4378         mutex_unlock(&wl->mutex);
4379         if (b43_bus_host_is_sdio(dev->dev)) {
4380                 b43_sdio_free_irq(dev);
4381         } else {
4382                 synchronize_irq(dev->dev->irq);
4383                 free_irq(dev->dev->irq, dev);
4384         }
4385         mutex_lock(&wl->mutex);
4386         dev = wl->current_dev;
4387         if (!dev)
4388                 return dev;
4389         if (dev != orig_dev) {
4390                 if (b43_status(dev) >= B43_STAT_STARTED)
4391                         goto redo;
4392                 return dev;
4393         }
4394         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4395         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4396
4397         /* Drain all TX queues. */
4398         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4399                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4400                         struct sk_buff *skb;
4401
4402                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4403                         ieee80211_free_txskb(wl->hw, skb);
4404                 }
4405         }
4406
4407         b43_mac_suspend(dev);
4408         b43_leds_exit(dev);
4409         b43dbg(wl, "Wireless interface stopped\n");
4410
4411         return dev;
4412 }
4413
4414 /* Locking: wl->mutex */
4415 static int b43_wireless_core_start(struct b43_wldev *dev)
4416 {
4417         int err;
4418
4419         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4420
4421         drain_txstatus_queue(dev);
4422         if (b43_bus_host_is_sdio(dev->dev)) {
4423                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4424                 if (err) {
4425                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4426                         goto out;
4427                 }
4428         } else {
4429                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4430                                            b43_interrupt_thread_handler,
4431                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4432                 if (err) {
4433                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4434                                dev->dev->irq);
4435                         goto out;
4436                 }
4437         }
4438
4439         /* We are ready to run. */
4440         ieee80211_wake_queues(dev->wl->hw);
4441         b43_set_status(dev, B43_STAT_STARTED);
4442
4443         /* Start data flow (TX/RX). */
4444         b43_mac_enable(dev);
4445         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4446
4447         /* Start maintenance work */
4448         b43_periodic_tasks_setup(dev);
4449
4450         b43_leds_init(dev);
4451
4452         b43dbg(dev->wl, "Wireless interface started\n");
4453 out:
4454         return err;
4455 }
4456
4457 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4458 {
4459         switch (phy_type) {
4460         case B43_PHYTYPE_A:
4461                 return "A";
4462         case B43_PHYTYPE_B:
4463                 return "B";
4464         case B43_PHYTYPE_G:
4465                 return "G";
4466         case B43_PHYTYPE_N:
4467                 return "N";
4468         case B43_PHYTYPE_LP:
4469                 return "LP";
4470         case B43_PHYTYPE_SSLPN:
4471                 return "SSLPN";
4472         case B43_PHYTYPE_HT:
4473                 return "HT";
4474         case B43_PHYTYPE_LCN:
4475                 return "LCN";
4476         case B43_PHYTYPE_LCNXN:
4477                 return "LCNXN";
4478         case B43_PHYTYPE_LCN40:
4479                 return "LCN40";
4480         case B43_PHYTYPE_AC:
4481                 return "AC";
4482         }
4483         return "UNKNOWN";
4484 }
4485
4486 /* Get PHY and RADIO versioning numbers */
4487 static int b43_phy_versioning(struct b43_wldev *dev)
4488 {
4489         struct b43_phy *phy = &dev->phy;
4490         const u8 core_rev = dev->dev->core_rev;
4491         u32 tmp;
4492         u8 analog_type;
4493         u8 phy_type;
4494         u8 phy_rev;
4495         u16 radio_manuf;
4496         u16 radio_id;
4497         u16 radio_rev;
4498         u8 radio_ver;
4499         int unsupported = 0;
4500
4501         /* Get PHY versioning */
4502         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4503         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4504         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4505         phy_rev = (tmp & B43_PHYVER_VERSION);
4506
4507         /* LCNXN is continuation of N which run out of revisions */
4508         if (phy_type == B43_PHYTYPE_LCNXN) {
4509                 phy_type = B43_PHYTYPE_N;
4510                 phy_rev += 16;
4511         }
4512
4513         switch (phy_type) {
4514 #ifdef CONFIG_B43_PHY_G
4515         case B43_PHYTYPE_G:
4516                 if (phy_rev > 9)
4517                         unsupported = 1;
4518                 break;
4519 #endif
4520 #ifdef CONFIG_B43_PHY_N
4521         case B43_PHYTYPE_N:
4522                 if (phy_rev >= 19)
4523                         unsupported = 1;
4524                 break;
4525 #endif
4526 #ifdef CONFIG_B43_PHY_LP
4527         case B43_PHYTYPE_LP:
4528                 if (phy_rev > 2)
4529                         unsupported = 1;
4530                 break;
4531 #endif
4532 #ifdef CONFIG_B43_PHY_HT
4533         case B43_PHYTYPE_HT:
4534                 if (phy_rev > 1)
4535                         unsupported = 1;
4536                 break;
4537 #endif
4538 #ifdef CONFIG_B43_PHY_LCN
4539         case B43_PHYTYPE_LCN:
4540                 if (phy_rev > 1)
4541                         unsupported = 1;
4542                 break;
4543 #endif
4544 #ifdef CONFIG_B43_PHY_AC
4545         case B43_PHYTYPE_AC:
4546                 if (phy_rev > 1)
4547                         unsupported = 1;
4548                 break;
4549 #endif
4550         default:
4551                 unsupported = 1;
4552         }
4553         if (unsupported) {
4554                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4555                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4556                        phy_rev);
4557                 return -EOPNOTSUPP;
4558         }
4559         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4560                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4561
4562         /* Get RADIO versioning */
4563         if (core_rev == 40 || core_rev == 42) {
4564                 radio_manuf = 0x17F;
4565
4566                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4567                 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4568
4569                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4570                 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4571
4572                 radio_ver = 0; /* Is there version somewhere? */
4573         } else if (core_rev >= 24) {
4574                 u16 radio24[3];
4575
4576                 for (tmp = 0; tmp < 3; tmp++) {
4577                         b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4578                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4579                 }
4580
4581                 radio_manuf = 0x17F;
4582                 radio_id = (radio24[2] << 8) | radio24[1];
4583                 radio_rev = (radio24[0] & 0xF);
4584                 radio_ver = (radio24[0] & 0xF0) >> 4;
4585         } else {
4586                 if (dev->dev->chip_id == 0x4317) {
4587                         if (dev->dev->chip_rev == 0)
4588                                 tmp = 0x3205017F;
4589                         else if (dev->dev->chip_rev == 1)
4590                                 tmp = 0x4205017F;
4591                         else
4592                                 tmp = 0x5205017F;
4593                 } else {
4594                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4595                                      B43_RADIOCTL_ID);
4596                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4597                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4598                                      B43_RADIOCTL_ID);
4599                         tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4600                 }
4601                 radio_manuf = (tmp & 0x00000FFF);
4602                 radio_id = (tmp & 0x0FFFF000) >> 12;
4603                 radio_rev = (tmp & 0xF0000000) >> 28;
4604                 radio_ver = 0; /* Probably not available on old hw */
4605         }
4606
4607         if (radio_manuf != 0x17F /* Broadcom */)
4608                 unsupported = 1;
4609         switch (phy_type) {
4610         case B43_PHYTYPE_A:
4611                 if (radio_id != 0x2060)
4612                         unsupported = 1;
4613                 if (radio_rev != 1)
4614                         unsupported = 1;
4615                 if (radio_manuf != 0x17F)
4616                         unsupported = 1;
4617                 break;
4618         case B43_PHYTYPE_B:
4619                 if ((radio_id & 0xFFF0) != 0x2050)
4620                         unsupported = 1;
4621                 break;
4622         case B43_PHYTYPE_G:
4623                 if (radio_id != 0x2050)
4624                         unsupported = 1;
4625                 break;
4626         case B43_PHYTYPE_N:
4627                 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4628                     radio_id != 0x2057)
4629                         unsupported = 1;
4630                 if (radio_id == 0x2057 &&
4631                     !(radio_rev == 9 || radio_rev == 14))
4632                         unsupported = 1;
4633                 break;
4634         case B43_PHYTYPE_LP:
4635                 if (radio_id != 0x2062 && radio_id != 0x2063)
4636                         unsupported = 1;
4637                 break;
4638         case B43_PHYTYPE_HT:
4639                 if (radio_id != 0x2059)
4640                         unsupported = 1;
4641                 break;
4642         case B43_PHYTYPE_LCN:
4643                 if (radio_id != 0x2064)
4644                         unsupported = 1;
4645                 break;
4646         case B43_PHYTYPE_AC:
4647                 if (radio_id != 0x2069)
4648                         unsupported = 1;
4649                 break;
4650         default:
4651                 B43_WARN_ON(1);
4652         }
4653         if (unsupported) {
4654                 b43err(dev->wl,
4655                        "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4656                        radio_manuf, radio_id, radio_rev, radio_ver);
4657                 return -EOPNOTSUPP;
4658         }
4659         b43info(dev->wl,
4660                 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4661                 radio_manuf, radio_id, radio_rev, radio_ver);
4662
4663         /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4664         phy->radio_manuf = radio_manuf;
4665         phy->radio_ver = radio_id;
4666         phy->radio_rev = radio_rev;
4667
4668         phy->analog = analog_type;
4669         phy->type = phy_type;
4670         phy->rev = phy_rev;
4671
4672         return 0;
4673 }
4674
4675 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4676                                       struct b43_phy *phy)
4677 {
4678         phy->hardware_power_control = !!modparam_hwpctl;
4679         phy->next_txpwr_check_time = jiffies;
4680         /* PHY TX errors counter. */
4681         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4682
4683 #if B43_DEBUG
4684         phy->phy_locked = false;
4685         phy->radio_locked = false;
4686 #endif
4687 }
4688
4689 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4690 {
4691         dev->dfq_valid = false;
4692
4693         /* Assume the radio is enabled. If it's not enabled, the state will
4694          * immediately get fixed on the first periodic work run. */
4695         dev->radio_hw_enable = true;
4696
4697         /* Stats */
4698         memset(&dev->stats, 0, sizeof(dev->stats));
4699
4700         setup_struct_phy_for_init(dev, &dev->phy);
4701
4702         /* IRQ related flags */
4703         dev->irq_reason = 0;
4704         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4705         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4706         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4707                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4708
4709         dev->mac_suspended = 1;
4710
4711         /* Noise calculation context */
4712         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4713 }
4714
4715 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4716 {
4717         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4718         u64 hf;
4719
4720         if (!modparam_btcoex)
4721                 return;
4722         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4723                 return;
4724         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4725                 return;
4726
4727         hf = b43_hf_read(dev);
4728         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4729                 hf |= B43_HF_BTCOEXALT;
4730         else
4731                 hf |= B43_HF_BTCOEX;
4732         b43_hf_write(dev, hf);
4733 }
4734
4735 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4736 {
4737         if (!modparam_btcoex)
4738                 return;
4739         //TODO
4740 }
4741
4742 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4743 {
4744         struct ssb_bus *bus;
4745         u32 tmp;
4746
4747 #ifdef CONFIG_B43_SSB
4748         if (dev->dev->bus_type != B43_BUS_SSB)
4749                 return;
4750 #else
4751         return;
4752 #endif
4753
4754         bus = dev->dev->sdev->bus;
4755
4756         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4757             (bus->chip_id == 0x4312)) {
4758                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4759                 tmp &= ~SSB_IMCFGLO_REQTO;
4760                 tmp &= ~SSB_IMCFGLO_SERTO;
4761                 tmp |= 0x3;
4762                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4763                 ssb_commit_settings(bus);
4764         }
4765 }
4766
4767 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4768 {
4769         u16 pu_delay;
4770
4771         /* The time value is in microseconds. */
4772         if (dev->phy.type == B43_PHYTYPE_A)
4773                 pu_delay = 3700;
4774         else
4775                 pu_delay = 1050;
4776         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4777                 pu_delay = 500;
4778         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4779                 pu_delay = max(pu_delay, (u16)2400);
4780
4781         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4782 }
4783
4784 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4785 static void b43_set_pretbtt(struct b43_wldev *dev)
4786 {
4787         u16 pretbtt;
4788
4789         /* The time value is in microseconds. */
4790         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4791                 pretbtt = 2;
4792         } else {
4793                 if (dev->phy.type == B43_PHYTYPE_A)
4794                         pretbtt = 120;
4795                 else
4796                         pretbtt = 250;
4797         }
4798         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4799         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4800 }
4801
4802 /* Shutdown a wireless core */
4803 /* Locking: wl->mutex */
4804 static void b43_wireless_core_exit(struct b43_wldev *dev)
4805 {
4806         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4807         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4808                 return;
4809
4810         b43_set_status(dev, B43_STAT_UNINIT);
4811
4812         /* Stop the microcode PSM. */
4813         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4814                       B43_MACCTL_PSM_JMP0);
4815
4816         switch (dev->dev->bus_type) {
4817 #ifdef CONFIG_B43_BCMA
4818         case B43_BUS_BCMA:
4819                 bcma_host_pci_down(dev->dev->bdev->bus);
4820                 break;
4821 #endif
4822 #ifdef CONFIG_B43_SSB
4823         case B43_BUS_SSB:
4824                 /* TODO */
4825                 break;
4826 #endif
4827         }
4828
4829         b43_dma_free(dev);
4830         b43_pio_free(dev);
4831         b43_chip_exit(dev);
4832         dev->phy.ops->switch_analog(dev, 0);
4833         if (dev->wl->current_beacon) {
4834                 dev_kfree_skb_any(dev->wl->current_beacon);
4835                 dev->wl->current_beacon = NULL;
4836         }
4837
4838         b43_device_disable(dev, 0);
4839         b43_bus_may_powerdown(dev);
4840 }
4841
4842 /* Initialize a wireless core */
4843 static int b43_wireless_core_init(struct b43_wldev *dev)
4844 {
4845         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4846         struct b43_phy *phy = &dev->phy;
4847         int err;
4848         u64 hf;
4849
4850         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4851
4852         err = b43_bus_powerup(dev, 0);
4853         if (err)
4854                 goto out;
4855         if (!b43_device_is_enabled(dev))
4856                 b43_wireless_core_reset(dev, phy->gmode);
4857
4858         /* Reset all data structures. */
4859         setup_struct_wldev_for_init(dev);
4860         phy->ops->prepare_structs(dev);
4861
4862         /* Enable IRQ routing to this device. */
4863         switch (dev->dev->bus_type) {
4864 #ifdef CONFIG_B43_BCMA
4865         case B43_BUS_BCMA:
4866                 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4867                                       dev->dev->bdev, true);
4868                 bcma_host_pci_up(dev->dev->bdev->bus);
4869                 break;
4870 #endif
4871 #ifdef CONFIG_B43_SSB
4872         case B43_BUS_SSB:
4873                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4874                                                dev->dev->sdev);
4875                 break;
4876 #endif
4877         }
4878
4879         b43_imcfglo_timeouts_workaround(dev);
4880         b43_bluetooth_coext_disable(dev);
4881         if (phy->ops->prepare_hardware) {
4882                 err = phy->ops->prepare_hardware(dev);
4883                 if (err)
4884                         goto err_busdown;
4885         }
4886         err = b43_chip_init(dev);
4887         if (err)
4888                 goto err_busdown;
4889         b43_shm_write16(dev, B43_SHM_SHARED,
4890                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4891         hf = b43_hf_read(dev);
4892         if (phy->type == B43_PHYTYPE_G) {
4893                 hf |= B43_HF_SYMW;
4894                 if (phy->rev == 1)
4895                         hf |= B43_HF_GDCW;
4896                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4897                         hf |= B43_HF_OFDMPABOOST;
4898         }
4899         if (phy->radio_ver == 0x2050) {
4900                 if (phy->radio_rev == 6)
4901                         hf |= B43_HF_4318TSSI;
4902                 if (phy->radio_rev < 6)
4903                         hf |= B43_HF_VCORECALC;
4904         }
4905         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4906                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4907 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4908         if (dev->dev->bus_type == B43_BUS_SSB &&
4909             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4910             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4911                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4912 #endif
4913         hf &= ~B43_HF_SKCFPUP;
4914         b43_hf_write(dev, hf);
4915
4916         /* tell the ucode MAC capabilities */
4917         if (dev->dev->core_rev >= 13) {
4918                 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4919
4920                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4921                                 mac_hw_cap & 0xffff);
4922                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4923                                 (mac_hw_cap >> 16) & 0xffff);
4924         }
4925
4926         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4927                              B43_DEFAULT_LONG_RETRY_LIMIT);
4928         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4929         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4930
4931         /* Disable sending probe responses from firmware.
4932          * Setting the MaxTime to one usec will always trigger
4933          * a timeout, so we never send any probe resp.
4934          * A timeout of zero is infinite. */
4935         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4936
4937         b43_rate_memory_init(dev);
4938         b43_set_phytxctl_defaults(dev);
4939
4940         /* Minimum Contention Window */
4941         if (phy->type == B43_PHYTYPE_B)
4942                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4943         else
4944                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4945         /* Maximum Contention Window */
4946         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4947
4948         /* write phytype and phyvers */
4949         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4950         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4951
4952         if (b43_bus_host_is_pcmcia(dev->dev) ||
4953             b43_bus_host_is_sdio(dev->dev)) {
4954                 dev->__using_pio_transfers = true;
4955                 err = b43_pio_init(dev);
4956         } else if (dev->use_pio) {
4957                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4958                         "This should not be needed and will result in lower "
4959                         "performance.\n");
4960                 dev->__using_pio_transfers = true;
4961                 err = b43_pio_init(dev);
4962         } else {
4963                 dev->__using_pio_transfers = false;
4964                 err = b43_dma_init(dev);
4965         }
4966         if (err)
4967                 goto err_chip_exit;
4968         b43_qos_init(dev);
4969         b43_set_synth_pu_delay(dev, 1);
4970         b43_bluetooth_coext_enable(dev);
4971
4972         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4973         b43_upload_card_macaddress(dev);
4974         b43_security_init(dev);
4975
4976         ieee80211_wake_queues(dev->wl->hw);
4977
4978         b43_set_status(dev, B43_STAT_INITIALIZED);
4979
4980 out:
4981         return err;
4982
4983 err_chip_exit:
4984         b43_chip_exit(dev);
4985 err_busdown:
4986         b43_bus_may_powerdown(dev);
4987         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4988         return err;
4989 }
4990
4991 static int b43_op_add_interface(struct ieee80211_hw *hw,
4992                                 struct ieee80211_vif *vif)
4993 {
4994         struct b43_wl *wl = hw_to_b43_wl(hw);
4995         struct b43_wldev *dev;
4996         int err = -EOPNOTSUPP;
4997
4998         /* TODO: allow WDS/AP devices to coexist */
4999
5000         if (vif->type != NL80211_IFTYPE_AP &&
5001             vif->type != NL80211_IFTYPE_MESH_POINT &&
5002             vif->type != NL80211_IFTYPE_STATION &&
5003             vif->type != NL80211_IFTYPE_WDS &&
5004             vif->type != NL80211_IFTYPE_ADHOC)
5005                 return -EOPNOTSUPP;
5006
5007         mutex_lock(&wl->mutex);
5008         if (wl->operating)
5009                 goto out_mutex_unlock;
5010
5011         b43dbg(wl, "Adding Interface type %d\n", vif->type);
5012
5013         dev = wl->current_dev;
5014         wl->operating = true;
5015         wl->vif = vif;
5016         wl->if_type = vif->type;
5017         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5018
5019         b43_adjust_opmode(dev);
5020         b43_set_pretbtt(dev);
5021         b43_set_synth_pu_delay(dev, 0);
5022         b43_upload_card_macaddress(dev);
5023
5024         err = 0;
5025  out_mutex_unlock:
5026         mutex_unlock(&wl->mutex);
5027
5028         if (err == 0)
5029                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5030
5031         return err;
5032 }
5033
5034 static void b43_op_remove_interface(struct ieee80211_hw *hw,
5035                                     struct ieee80211_vif *vif)
5036 {
5037         struct b43_wl *wl = hw_to_b43_wl(hw);
5038         struct b43_wldev *dev = wl->current_dev;
5039
5040         b43dbg(wl, "Removing Interface type %d\n", vif->type);
5041
5042         mutex_lock(&wl->mutex);
5043
5044         B43_WARN_ON(!wl->operating);
5045         B43_WARN_ON(wl->vif != vif);
5046         wl->vif = NULL;
5047
5048         wl->operating = false;
5049
5050         b43_adjust_opmode(dev);
5051         eth_zero_addr(wl->mac_addr);
5052         b43_upload_card_macaddress(dev);
5053
5054         mutex_unlock(&wl->mutex);
5055 }
5056
5057 static int b43_op_start(struct ieee80211_hw *hw)
5058 {
5059         struct b43_wl *wl = hw_to_b43_wl(hw);
5060         struct b43_wldev *dev = wl->current_dev;
5061         int did_init = 0;
5062         int err = 0;
5063
5064         /* Kill all old instance specific information to make sure
5065          * the card won't use it in the short timeframe between start
5066          * and mac80211 reconfiguring it. */
5067         eth_zero_addr(wl->bssid);
5068         eth_zero_addr(wl->mac_addr);
5069         wl->filter_flags = 0;
5070         wl->radiotap_enabled = false;
5071         b43_qos_clear(wl);
5072         wl->beacon0_uploaded = false;
5073         wl->beacon1_uploaded = false;
5074         wl->beacon_templates_virgin = true;
5075         wl->radio_enabled = true;
5076
5077         mutex_lock(&wl->mutex);
5078
5079         if (b43_status(dev) < B43_STAT_INITIALIZED) {
5080                 err = b43_wireless_core_init(dev);
5081                 if (err)
5082                         goto out_mutex_unlock;
5083                 did_init = 1;
5084         }
5085
5086         if (b43_status(dev) < B43_STAT_STARTED) {
5087                 err = b43_wireless_core_start(dev);
5088                 if (err) {
5089                         if (did_init)
5090                                 b43_wireless_core_exit(dev);
5091                         goto out_mutex_unlock;
5092                 }
5093         }
5094
5095         /* XXX: only do if device doesn't support rfkill irq */
5096         wiphy_rfkill_start_polling(hw->wiphy);
5097
5098  out_mutex_unlock:
5099         mutex_unlock(&wl->mutex);
5100
5101         /*
5102          * Configuration may have been overwritten during initialization.
5103          * Reload the configuration, but only if initialization was
5104          * successful. Reloading the configuration after a failed init
5105          * may hang the system.
5106          */
5107         if (!err)
5108                 b43_op_config(hw, ~0);
5109
5110         return err;
5111 }
5112
5113 static void b43_op_stop(struct ieee80211_hw *hw)
5114 {
5115         struct b43_wl *wl = hw_to_b43_wl(hw);
5116         struct b43_wldev *dev = wl->current_dev;
5117
5118         cancel_work_sync(&(wl->beacon_update_trigger));
5119
5120         if (!dev)
5121                 goto out;
5122
5123         mutex_lock(&wl->mutex);
5124         if (b43_status(dev) >= B43_STAT_STARTED) {
5125                 dev = b43_wireless_core_stop(dev);
5126                 if (!dev)
5127                         goto out_unlock;
5128         }
5129         b43_wireless_core_exit(dev);
5130         wl->radio_enabled = false;
5131
5132 out_unlock:
5133         mutex_unlock(&wl->mutex);
5134 out:
5135         cancel_work_sync(&(wl->txpower_adjust_work));
5136 }
5137
5138 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5139                                  struct ieee80211_sta *sta, bool set)
5140 {
5141         struct b43_wl *wl = hw_to_b43_wl(hw);
5142
5143         b43_update_templates(wl);
5144
5145         return 0;
5146 }
5147
5148 static void b43_op_sta_notify(struct ieee80211_hw *hw,
5149                               struct ieee80211_vif *vif,
5150                               enum sta_notify_cmd notify_cmd,
5151                               struct ieee80211_sta *sta)
5152 {
5153         struct b43_wl *wl = hw_to_b43_wl(hw);
5154
5155         B43_WARN_ON(!vif || wl->vif != vif);
5156 }
5157
5158 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5159                                           struct ieee80211_vif *vif,
5160                                           const u8 *mac_addr)
5161 {
5162         struct b43_wl *wl = hw_to_b43_wl(hw);
5163         struct b43_wldev *dev;
5164
5165         mutex_lock(&wl->mutex);
5166         dev = wl->current_dev;
5167         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5168                 /* Disable CFP update during scan on other channels. */
5169                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5170         }
5171         mutex_unlock(&wl->mutex);
5172 }
5173
5174 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5175                                              struct ieee80211_vif *vif)
5176 {
5177         struct b43_wl *wl = hw_to_b43_wl(hw);
5178         struct b43_wldev *dev;
5179
5180         mutex_lock(&wl->mutex);
5181         dev = wl->current_dev;
5182         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5183                 /* Re-enable CFP update. */
5184                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5185         }
5186         mutex_unlock(&wl->mutex);
5187 }
5188
5189 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5190                              struct survey_info *survey)
5191 {
5192         struct b43_wl *wl = hw_to_b43_wl(hw);
5193         struct b43_wldev *dev = wl->current_dev;
5194         struct ieee80211_conf *conf = &hw->conf;
5195
5196         if (idx != 0)
5197                 return -ENOENT;
5198
5199         survey->channel = conf->chandef.chan;
5200         survey->filled = SURVEY_INFO_NOISE_DBM;
5201         survey->noise = dev->stats.link_noise;
5202
5203         return 0;
5204 }
5205
5206 static const struct ieee80211_ops b43_hw_ops = {
5207         .tx                     = b43_op_tx,
5208         .conf_tx                = b43_op_conf_tx,
5209         .add_interface          = b43_op_add_interface,
5210         .remove_interface       = b43_op_remove_interface,
5211         .config                 = b43_op_config,
5212         .bss_info_changed       = b43_op_bss_info_changed,
5213         .configure_filter       = b43_op_configure_filter,
5214         .set_key                = b43_op_set_key,
5215         .update_tkip_key        = b43_op_update_tkip_key,
5216         .get_stats              = b43_op_get_stats,
5217         .get_tsf                = b43_op_get_tsf,
5218         .set_tsf                = b43_op_set_tsf,
5219         .start                  = b43_op_start,
5220         .stop                   = b43_op_stop,
5221         .set_tim                = b43_op_beacon_set_tim,
5222         .sta_notify             = b43_op_sta_notify,
5223         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5224         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5225         .get_survey             = b43_op_get_survey,
5226         .rfkill_poll            = b43_rfkill_poll,
5227 };
5228
5229 /* Hard-reset the chip. Do not call this directly.
5230  * Use b43_controller_restart()
5231  */
5232 static void b43_chip_reset(struct work_struct *work)
5233 {
5234         struct b43_wldev *dev =
5235             container_of(work, struct b43_wldev, restart_work);
5236         struct b43_wl *wl = dev->wl;
5237         int err = 0;
5238         int prev_status;
5239
5240         mutex_lock(&wl->mutex);
5241
5242         prev_status = b43_status(dev);
5243         /* Bring the device down... */
5244         if (prev_status >= B43_STAT_STARTED) {
5245                 dev = b43_wireless_core_stop(dev);
5246                 if (!dev) {
5247                         err = -ENODEV;
5248                         goto out;
5249                 }
5250         }
5251         if (prev_status >= B43_STAT_INITIALIZED)
5252                 b43_wireless_core_exit(dev);
5253
5254         /* ...and up again. */
5255         if (prev_status >= B43_STAT_INITIALIZED) {
5256                 err = b43_wireless_core_init(dev);
5257                 if (err)
5258                         goto out;
5259         }
5260         if (prev_status >= B43_STAT_STARTED) {
5261                 err = b43_wireless_core_start(dev);
5262                 if (err) {
5263                         b43_wireless_core_exit(dev);
5264                         goto out;
5265                 }
5266         }
5267 out:
5268         if (err)
5269                 wl->current_dev = NULL; /* Failed to init the dev. */
5270         mutex_unlock(&wl->mutex);
5271
5272         if (err) {
5273                 b43err(wl, "Controller restart FAILED\n");
5274                 return;
5275         }
5276
5277         /* reload configuration */
5278         b43_op_config(wl->hw, ~0);
5279         if (wl->vif)
5280                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5281
5282         b43info(wl, "Controller restarted\n");
5283 }
5284
5285 static int b43_setup_bands(struct b43_wldev *dev,
5286                            bool have_2ghz_phy, bool have_5ghz_phy)
5287 {
5288         struct ieee80211_hw *hw = dev->wl->hw;
5289         struct b43_phy *phy = &dev->phy;
5290         bool limited_2g;
5291         bool limited_5g;
5292
5293         /* We don't support all 2 GHz channels on some devices */
5294         limited_2g = phy->radio_ver == 0x2057 &&
5295                      (phy->radio_rev == 9 || phy->radio_rev == 14);
5296         limited_5g = phy->radio_ver == 0x2057 &&
5297                      phy->radio_rev == 9;
5298
5299         if (have_2ghz_phy)
5300                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = limited_2g ?
5301                         &b43_band_2ghz_limited : &b43_band_2GHz;
5302         if (dev->phy.type == B43_PHYTYPE_N) {
5303                 if (have_5ghz_phy)
5304                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = limited_5g ?
5305                                 &b43_band_5GHz_nphy_limited :
5306                                 &b43_band_5GHz_nphy;
5307         } else {
5308                 if (have_5ghz_phy)
5309                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5310         }
5311
5312         dev->phy.supports_2ghz = have_2ghz_phy;
5313         dev->phy.supports_5ghz = have_5ghz_phy;
5314
5315         return 0;
5316 }
5317
5318 static void b43_wireless_core_detach(struct b43_wldev *dev)
5319 {
5320         /* We release firmware that late to not be required to re-request
5321          * is all the time when we reinit the core. */
5322         b43_release_firmware(dev);
5323         b43_phy_free(dev);
5324 }
5325
5326 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5327                                 bool *have_5ghz_phy)
5328 {
5329         u16 dev_id = 0;
5330
5331 #ifdef CONFIG_B43_BCMA
5332         if (dev->dev->bus_type == B43_BUS_BCMA &&
5333             dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5334                 dev_id = dev->dev->bdev->bus->host_pci->device;
5335 #endif
5336 #ifdef CONFIG_B43_SSB
5337         if (dev->dev->bus_type == B43_BUS_SSB &&
5338             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5339                 dev_id = dev->dev->sdev->bus->host_pci->device;
5340 #endif
5341         /* Override with SPROM value if available */
5342         if (dev->dev->bus_sprom->dev_id)
5343                 dev_id = dev->dev->bus_sprom->dev_id;
5344
5345         /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5346         switch (dev_id) {
5347         case 0x4324: /* BCM4306 */
5348         case 0x4312: /* BCM4311 */
5349         case 0x4319: /* BCM4318 */
5350         case 0x4328: /* BCM4321 */
5351         case 0x432b: /* BCM4322 */
5352         case 0x4350: /* BCM43222 */
5353         case 0x4353: /* BCM43224 */
5354         case 0x0576: /* BCM43224 */
5355         case 0x435f: /* BCM6362 */
5356         case 0x4331: /* BCM4331 */
5357         case 0x4359: /* BCM43228 */
5358         case 0x43a0: /* BCM4360 */
5359         case 0x43b1: /* BCM4352 */
5360                 /* Dual band devices */
5361                 *have_2ghz_phy = true;
5362                 *have_5ghz_phy = true;
5363                 return;
5364         case 0x4321: /* BCM4306 */
5365                 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5366                 if (dev->phy.type != B43_PHYTYPE_G)
5367                         break;
5368                 /* fall through */
5369         case 0x4313: /* BCM4311 */
5370         case 0x431a: /* BCM4318 */
5371         case 0x432a: /* BCM4321 */
5372         case 0x432d: /* BCM4322 */
5373         case 0x4352: /* BCM43222 */
5374         case 0x435a: /* BCM43228 */
5375         case 0x4333: /* BCM4331 */
5376         case 0x43a2: /* BCM4360 */
5377         case 0x43b3: /* BCM4352 */
5378                 /* 5 GHz only devices */
5379                 *have_2ghz_phy = false;
5380                 *have_5ghz_phy = true;
5381                 return;
5382         }
5383
5384         /* As a fallback, try to guess using PHY type */
5385         switch (dev->phy.type) {
5386         case B43_PHYTYPE_A:
5387                 *have_2ghz_phy = false;
5388                 *have_5ghz_phy = true;
5389                 return;
5390         case B43_PHYTYPE_G:
5391         case B43_PHYTYPE_N:
5392         case B43_PHYTYPE_LP:
5393         case B43_PHYTYPE_HT:
5394         case B43_PHYTYPE_LCN:
5395                 *have_2ghz_phy = true;
5396                 *have_5ghz_phy = false;
5397                 return;
5398         }
5399
5400         B43_WARN_ON(1);
5401 }
5402
5403 static int b43_wireless_core_attach(struct b43_wldev *dev)
5404 {
5405         struct b43_wl *wl = dev->wl;
5406         struct b43_phy *phy = &dev->phy;
5407         int err;
5408         u32 tmp;
5409         bool have_2ghz_phy = false, have_5ghz_phy = false;
5410
5411         /* Do NOT do any device initialization here.
5412          * Do it in wireless_core_init() instead.
5413          * This function is for gathering basic information about the HW, only.
5414          * Also some structs may be set up here. But most likely you want to have
5415          * that in core_init(), too.
5416          */
5417
5418         err = b43_bus_powerup(dev, 0);
5419         if (err) {
5420                 b43err(wl, "Bus powerup failed\n");
5421                 goto out;
5422         }
5423
5424         phy->do_full_init = true;
5425
5426         /* Try to guess supported bands for the first init needs */
5427         switch (dev->dev->bus_type) {
5428 #ifdef CONFIG_B43_BCMA
5429         case B43_BUS_BCMA:
5430                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5431                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5432                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5433                 break;
5434 #endif
5435 #ifdef CONFIG_B43_SSB
5436         case B43_BUS_SSB:
5437                 if (dev->dev->core_rev >= 5) {
5438                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5439                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5440                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5441                 } else
5442                         B43_WARN_ON(1);
5443                 break;
5444 #endif
5445         }
5446
5447         dev->phy.gmode = have_2ghz_phy;
5448         b43_wireless_core_reset(dev, dev->phy.gmode);
5449
5450         /* Get the PHY type. */
5451         err = b43_phy_versioning(dev);
5452         if (err)
5453                 goto err_powerdown;
5454
5455         /* Get real info about supported bands */
5456         b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5457
5458         /* We don't support 5 GHz on some PHYs yet */
5459         if (have_5ghz_phy) {
5460                 switch (dev->phy.type) {
5461                 case B43_PHYTYPE_A:
5462                 case B43_PHYTYPE_G:
5463                 case B43_PHYTYPE_LP:
5464                 case B43_PHYTYPE_HT:
5465                         b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5466                         have_5ghz_phy = false;
5467                 }
5468         }
5469
5470         if (!have_2ghz_phy && !have_5ghz_phy) {
5471                 b43err(wl, "b43 can't support any band on this device\n");
5472                 err = -EOPNOTSUPP;
5473                 goto err_powerdown;
5474         }
5475
5476         err = b43_phy_allocate(dev);
5477         if (err)
5478                 goto err_powerdown;
5479
5480         dev->phy.gmode = have_2ghz_phy;
5481         b43_wireless_core_reset(dev, dev->phy.gmode);
5482
5483         err = b43_validate_chipaccess(dev);
5484         if (err)
5485                 goto err_phy_free;
5486         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5487         if (err)
5488                 goto err_phy_free;
5489
5490         /* Now set some default "current_dev" */
5491         if (!wl->current_dev)
5492                 wl->current_dev = dev;
5493         INIT_WORK(&dev->restart_work, b43_chip_reset);
5494
5495         dev->phy.ops->switch_analog(dev, 0);
5496         b43_device_disable(dev, 0);
5497         b43_bus_may_powerdown(dev);
5498
5499 out:
5500         return err;
5501
5502 err_phy_free:
5503         b43_phy_free(dev);
5504 err_powerdown:
5505         b43_bus_may_powerdown(dev);
5506         return err;
5507 }
5508
5509 static void b43_one_core_detach(struct b43_bus_dev *dev)
5510 {
5511         struct b43_wldev *wldev;
5512         struct b43_wl *wl;
5513
5514         /* Do not cancel ieee80211-workqueue based work here.
5515          * See comment in b43_remove(). */
5516
5517         wldev = b43_bus_get_wldev(dev);
5518         wl = wldev->wl;
5519         b43_debugfs_remove_device(wldev);
5520         b43_wireless_core_detach(wldev);
5521         list_del(&wldev->list);
5522         b43_bus_set_wldev(dev, NULL);
5523         kfree(wldev);
5524 }
5525
5526 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5527 {
5528         struct b43_wldev *wldev;
5529         int err = -ENOMEM;
5530
5531         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5532         if (!wldev)
5533                 goto out;
5534
5535         wldev->use_pio = b43_modparam_pio;
5536         wldev->dev = dev;
5537         wldev->wl = wl;
5538         b43_set_status(wldev, B43_STAT_UNINIT);
5539         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5540         INIT_LIST_HEAD(&wldev->list);
5541
5542         err = b43_wireless_core_attach(wldev);
5543         if (err)
5544                 goto err_kfree_wldev;
5545
5546         b43_bus_set_wldev(dev, wldev);
5547         b43_debugfs_add_device(wldev);
5548
5549       out:
5550         return err;
5551
5552       err_kfree_wldev:
5553         kfree(wldev);
5554         return err;
5555 }
5556
5557 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5558         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5559         (pdev->device == _device) &&                                    \
5560         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5561         (pdev->subsystem_device == _subdevice)                          )
5562
5563 #ifdef CONFIG_B43_SSB
5564 static void b43_sprom_fixup(struct ssb_bus *bus)
5565 {
5566         struct pci_dev *pdev;
5567
5568         /* boardflags workarounds */
5569         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5570             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5571                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5572         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5573             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5574                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5575         if (bus->bustype == SSB_BUSTYPE_PCI) {
5576                 pdev = bus->host_pci;
5577                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5578                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5579                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5580                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5581                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5582                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5583                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5584                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5585         }
5586 }
5587
5588 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5589 {
5590         struct ieee80211_hw *hw = wl->hw;
5591
5592         ssb_set_devtypedata(dev->sdev, NULL);
5593         ieee80211_free_hw(hw);
5594 }
5595 #endif
5596
5597 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5598 {
5599         struct ssb_sprom *sprom = dev->bus_sprom;
5600         struct ieee80211_hw *hw;
5601         struct b43_wl *wl;
5602         char chip_name[6];
5603         int queue_num;
5604
5605         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5606         if (!hw) {
5607                 b43err(NULL, "Could not allocate ieee80211 device\n");
5608                 return ERR_PTR(-ENOMEM);
5609         }
5610         wl = hw_to_b43_wl(hw);
5611
5612         /* fill hw info */
5613         ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5614         ieee80211_hw_set(hw, SIGNAL_DBM);
5615
5616         hw->wiphy->interface_modes =
5617                 BIT(NL80211_IFTYPE_AP) |
5618                 BIT(NL80211_IFTYPE_MESH_POINT) |
5619                 BIT(NL80211_IFTYPE_STATION) |
5620                 BIT(NL80211_IFTYPE_WDS) |
5621                 BIT(NL80211_IFTYPE_ADHOC);
5622
5623         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5624
5625         wl->hw_registred = false;
5626         hw->max_rates = 2;
5627         SET_IEEE80211_DEV(hw, dev->dev);
5628         if (is_valid_ether_addr(sprom->et1mac))
5629                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5630         else
5631                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5632
5633         /* Initialize struct b43_wl */
5634         wl->hw = hw;
5635         mutex_init(&wl->mutex);
5636         spin_lock_init(&wl->hardirq_lock);
5637         spin_lock_init(&wl->beacon_lock);
5638         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5639         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5640         INIT_WORK(&wl->tx_work, b43_tx_work);
5641
5642         /* Initialize queues and flags. */
5643         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5644                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5645                 wl->tx_queue_stopped[queue_num] = 0;
5646         }
5647
5648         snprintf(chip_name, ARRAY_SIZE(chip_name),
5649                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5650         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5651                 dev->core_rev);
5652         return wl;
5653 }
5654
5655 #ifdef CONFIG_B43_BCMA
5656 static int b43_bcma_probe(struct bcma_device *core)
5657 {
5658         struct b43_bus_dev *dev;
5659         struct b43_wl *wl;
5660         int err;
5661
5662         if (!modparam_allhwsupport &&
5663             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5664                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5665                 return -ENOTSUPP;
5666         }
5667
5668         dev = b43_bus_dev_bcma_init(core);
5669         if (!dev)
5670                 return -ENODEV;
5671
5672         wl = b43_wireless_init(dev);
5673         if (IS_ERR(wl)) {
5674                 err = PTR_ERR(wl);
5675                 goto bcma_out;
5676         }
5677
5678         err = b43_one_core_attach(dev, wl);
5679         if (err)
5680                 goto bcma_err_wireless_exit;
5681
5682         /* setup and start work to load firmware */
5683         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5684         schedule_work(&wl->firmware_load);
5685
5686 bcma_out:
5687         return err;
5688
5689 bcma_err_wireless_exit:
5690         ieee80211_free_hw(wl->hw);
5691         return err;
5692 }
5693
5694 static void b43_bcma_remove(struct bcma_device *core)
5695 {
5696         struct b43_wldev *wldev = bcma_get_drvdata(core);
5697         struct b43_wl *wl = wldev->wl;
5698
5699         /* We must cancel any work here before unregistering from ieee80211,
5700          * as the ieee80211 unreg will destroy the workqueue. */
5701         cancel_work_sync(&wldev->restart_work);
5702         cancel_work_sync(&wl->firmware_load);
5703
5704         B43_WARN_ON(!wl);
5705         if (!wldev->fw.ucode.data)
5706                 return;                 /* NULL if firmware never loaded */
5707         if (wl->current_dev == wldev && wl->hw_registred) {
5708                 b43_leds_stop(wldev);
5709                 ieee80211_unregister_hw(wl->hw);
5710         }
5711
5712         b43_one_core_detach(wldev->dev);
5713
5714         /* Unregister HW RNG driver */
5715         b43_rng_exit(wl);
5716
5717         b43_leds_unregister(wl);
5718
5719         ieee80211_free_hw(wl->hw);
5720 }
5721
5722 static struct bcma_driver b43_bcma_driver = {
5723         .name           = KBUILD_MODNAME,
5724         .id_table       = b43_bcma_tbl,
5725         .probe          = b43_bcma_probe,
5726         .remove         = b43_bcma_remove,
5727 };
5728 #endif
5729
5730 #ifdef CONFIG_B43_SSB
5731 static
5732 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5733 {
5734         struct b43_bus_dev *dev;
5735         struct b43_wl *wl;
5736         int err;
5737
5738         dev = b43_bus_dev_ssb_init(sdev);
5739         if (!dev)
5740                 return -ENOMEM;
5741
5742         wl = ssb_get_devtypedata(sdev);
5743         if (wl) {
5744                 b43err(NULL, "Dual-core devices are not supported\n");
5745                 err = -ENOTSUPP;
5746                 goto err_ssb_kfree_dev;
5747         }
5748
5749         b43_sprom_fixup(sdev->bus);
5750
5751         wl = b43_wireless_init(dev);
5752         if (IS_ERR(wl)) {
5753                 err = PTR_ERR(wl);
5754                 goto err_ssb_kfree_dev;
5755         }
5756         ssb_set_devtypedata(sdev, wl);
5757         B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5758
5759         err = b43_one_core_attach(dev, wl);
5760         if (err)
5761                 goto err_ssb_wireless_exit;
5762
5763         /* setup and start work to load firmware */
5764         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5765         schedule_work(&wl->firmware_load);
5766
5767         return err;
5768
5769 err_ssb_wireless_exit:
5770         b43_wireless_exit(dev, wl);
5771 err_ssb_kfree_dev:
5772         kfree(dev);
5773         return err;
5774 }
5775
5776 static void b43_ssb_remove(struct ssb_device *sdev)
5777 {
5778         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5779         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5780         struct b43_bus_dev *dev = wldev->dev;
5781
5782         /* We must cancel any work here before unregistering from ieee80211,
5783          * as the ieee80211 unreg will destroy the workqueue. */
5784         cancel_work_sync(&wldev->restart_work);
5785         cancel_work_sync(&wl->firmware_load);
5786
5787         B43_WARN_ON(!wl);
5788         if (!wldev->fw.ucode.data)
5789                 return;                 /* NULL if firmware never loaded */
5790         if (wl->current_dev == wldev && wl->hw_registred) {
5791                 b43_leds_stop(wldev);
5792                 ieee80211_unregister_hw(wl->hw);
5793         }
5794
5795         b43_one_core_detach(dev);
5796
5797         /* Unregister HW RNG driver */
5798         b43_rng_exit(wl);
5799
5800         b43_leds_unregister(wl);
5801         b43_wireless_exit(dev, wl);
5802 }
5803
5804 static struct ssb_driver b43_ssb_driver = {
5805         .name           = KBUILD_MODNAME,
5806         .id_table       = b43_ssb_tbl,
5807         .probe          = b43_ssb_probe,
5808         .remove         = b43_ssb_remove,
5809 };
5810 #endif /* CONFIG_B43_SSB */
5811
5812 /* Perform a hardware reset. This can be called from any context. */
5813 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5814 {
5815         /* Must avoid requeueing, if we are in shutdown. */
5816         if (b43_status(dev) < B43_STAT_INITIALIZED)
5817                 return;
5818         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5819         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5820 }
5821
5822 static void b43_print_driverinfo(void)
5823 {
5824         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5825                    *feat_leds = "", *feat_sdio = "";
5826
5827 #ifdef CONFIG_B43_PCI_AUTOSELECT
5828         feat_pci = "P";
5829 #endif
5830 #ifdef CONFIG_B43_PCMCIA
5831         feat_pcmcia = "M";
5832 #endif
5833 #ifdef CONFIG_B43_PHY_N
5834         feat_nphy = "N";
5835 #endif
5836 #ifdef CONFIG_B43_LEDS
5837         feat_leds = "L";
5838 #endif
5839 #ifdef CONFIG_B43_SDIO
5840         feat_sdio = "S";
5841 #endif
5842         printk(KERN_INFO "Broadcom 43xx driver loaded "
5843                "[ Features: %s%s%s%s%s ]\n",
5844                feat_pci, feat_pcmcia, feat_nphy,
5845                feat_leds, feat_sdio);
5846 }
5847
5848 static int __init b43_init(void)
5849 {
5850         int err;
5851
5852         b43_debugfs_init();
5853         err = b43_pcmcia_init();
5854         if (err)
5855                 goto err_dfs_exit;
5856         err = b43_sdio_init();
5857         if (err)
5858                 goto err_pcmcia_exit;
5859 #ifdef CONFIG_B43_BCMA
5860         err = bcma_driver_register(&b43_bcma_driver);
5861         if (err)
5862                 goto err_sdio_exit;
5863 #endif
5864 #ifdef CONFIG_B43_SSB
5865         err = ssb_driver_register(&b43_ssb_driver);
5866         if (err)
5867                 goto err_bcma_driver_exit;
5868 #endif
5869         b43_print_driverinfo();
5870
5871         return err;
5872
5873 #ifdef CONFIG_B43_SSB
5874 err_bcma_driver_exit:
5875 #endif
5876 #ifdef CONFIG_B43_BCMA
5877         bcma_driver_unregister(&b43_bcma_driver);
5878 err_sdio_exit:
5879 #endif
5880         b43_sdio_exit();
5881 err_pcmcia_exit:
5882         b43_pcmcia_exit();
5883 err_dfs_exit:
5884         b43_debugfs_exit();
5885         return err;
5886 }
5887
5888 static void __exit b43_exit(void)
5889 {
5890 #ifdef CONFIG_B43_SSB
5891         ssb_driver_unregister(&b43_ssb_driver);
5892 #endif
5893 #ifdef CONFIG_B43_BCMA
5894         bcma_driver_unregister(&b43_bcma_driver);
5895 #endif
5896         b43_sdio_exit();
5897         b43_pcmcia_exit();
5898         b43_debugfs_exit();
5899 }
5900
5901 module_init(b43_init)
5902 module_exit(b43_exit)
Linux kernel for KaRo TX COM modules