drivers/net/wireless/b43/main.c

   1 /*
   2
   3   Broadcom B43 wireless driver
   4
   5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
   6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
   7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
   8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
   9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
  10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
  11
  12   SDIO support
  13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
  14
  15   Some parts of the code in this file are derived from the ipw2200
  16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
  17
  18   This program is free software; you can redistribute it and/or modify
  19   it under the terms of the GNU General Public License as published by
  20   the Free Software Foundation; either version 2 of the License, or
  21   (at your option) any later version.
  22
  23   This program is distributed in the hope that it will be useful,
  24   but WITHOUT ANY WARRANTY; without even the implied warranty of
  25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  26   GNU General Public License for more details.
  27
  28   You should have received a copy of the GNU General Public License
  29   along with this program; see the file COPYING.  If not, write to
  30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
  31   Boston, MA 02110-1301, USA.
  32
  33 */
  34
  35 #include <linux/delay.h>
  36 #include <linux/init.h>
  37 #include <linux/module.h>
  38 #include <linux/if_arp.h>
  39 #include <linux/etherdevice.h>
  40 #include <linux/firmware.h>
  41 #include <linux/workqueue.h>
  42 #include <linux/skbuff.h>
  43 #include <linux/io.h>
  44 #include <linux/dma-mapping.h>
  45 #include <linux/slab.h>
  46 #include <asm/unaligned.h>
  47
  48 #include "b43.h"
  49 #include "main.h"
  50 #include "debugfs.h"
  51 #include "phy_common.h"
  52 #include "phy_g.h"
  53 #include "phy_n.h"
  54 #include "dma.h"
  55 #include "pio.h"
  56 #include "sysfs.h"
  57 #include "xmit.h"
  58 #include "lo.h"
  59 #include "sdio.h"
  60 #include <linux/mmc/sdio_func.h>
  61
  62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
  63 MODULE_AUTHOR("Martin Langer");
  64 MODULE_AUTHOR("Stefano Brivio");
  65 MODULE_AUTHOR("Michael Buesch");
  66 MODULE_AUTHOR("Gábor Stefanik");
  67 MODULE_AUTHOR("Rafał Miłecki");
  68 MODULE_LICENSE("GPL");
  69
  70 MODULE_FIRMWARE("b43/ucode11.fw");
  71 MODULE_FIRMWARE("b43/ucode13.fw");
  72 MODULE_FIRMWARE("b43/ucode14.fw");
  73 MODULE_FIRMWARE("b43/ucode15.fw");
  74 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
  75 MODULE_FIRMWARE("b43/ucode5.fw");
  76 MODULE_FIRMWARE("b43/ucode9.fw");
  77
  78 static int modparam_bad_frames_preempt;
  79 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
  80 MODULE_PARM_DESC(bad_frames_preempt,
  81                  "enable(1) / disable(0) Bad Frames Preemption");
  82
  83 static char modparam_fwpostfix[16];
  84 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
  85 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
  86
  87 static int modparam_hwpctl;
  88 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
  89 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
  90
  91 static int modparam_nohwcrypt;
  92 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
  93 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
  94
  95 static int modparam_hwtkip;
  96 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
  97 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
  98
  99 static int modparam_qos = 1;
 100 module_param_named(qos, modparam_qos, int, 0444);
 101 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
 102
 103 static int modparam_btcoex = 1;
 104 module_param_named(btcoex, modparam_btcoex, int, 0444);
 105 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
 106
 107 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
 108 module_param_named(verbose, b43_modparam_verbose, int, 0644);
 109 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
 110
 111 static int b43_modparam_pio = 0;
 112 module_param_named(pio, b43_modparam_pio, int, 0644);
 113 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
 114
 115 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
 116 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
 117 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
 118
 119 #ifdef CONFIG_B43_BCMA
 120 static const struct bcma_device_id b43_bcma_tbl[] = {
 121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
 122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
 123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
 124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
 125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
 126         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
 127         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
 128         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
 129         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
 130         {},
 131 };
 132 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
 133 #endif
 134
 135 #ifdef CONFIG_B43_SSB
 136 static const struct ssb_device_id b43_ssb_tbl[] = {
 137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
 138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
 139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
 140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
 141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
 142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
 143         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
 144         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
 145         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
 146         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
 147         {},
 148 };
 149 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
 150 #endif
 151
 152 /* Channel and ratetables are shared for all devices.
 153  * They can't be const, because ieee80211 puts some precalculated
 154  * data in there. This data is the same for all devices, so we don't
 155  * get concurrency issues */
 156 #define RATETAB_ENT(_rateid, _flags) \
 157         {                                                               \
 158                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
 159                 .hw_value       = (_rateid),                            \
 160                 .flags          = (_flags),                             \
 161         }
 162
 163 /*
 164  * NOTE: When changing this, sync with xmit.c's
 165  *       b43_plcp_get_bitrate_idx_* functions!
 166  */
 167 static struct ieee80211_rate __b43_ratetable[] = {
 168         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
 169         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
 170         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
 171         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
 172         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
 173         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
 174         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
 175         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
 176         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
 177         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
 178         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
 179         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
 180 };
 181
 182 #define b43_a_ratetable         (__b43_ratetable + 4)
 183 #define b43_a_ratetable_size    8
 184 #define b43_b_ratetable         (__b43_ratetable + 0)
 185 #define b43_b_ratetable_size    4
 186 #define b43_g_ratetable         (__b43_ratetable + 0)
 187 #define b43_g_ratetable_size    12
 188
 189 #define CHAN2G(_channel, _freq, _flags) {                       \
 190         .band                   = IEEE80211_BAND_2GHZ,          \
 191         .center_freq            = (_freq),                      \
 192         .hw_value               = (_channel),                   \
 193         .flags                  = (_flags),                     \
 194         .max_antenna_gain       = 0,                            \
 195         .max_power              = 30,                           \
 196 }
 197 static struct ieee80211_channel b43_2ghz_chantable[] = {
 198         CHAN2G(1, 2412, 0),
 199         CHAN2G(2, 2417, 0),
 200         CHAN2G(3, 2422, 0),
 201         CHAN2G(4, 2427, 0),
 202         CHAN2G(5, 2432, 0),
 203         CHAN2G(6, 2437, 0),
 204         CHAN2G(7, 2442, 0),
 205         CHAN2G(8, 2447, 0),
 206         CHAN2G(9, 2452, 0),
 207         CHAN2G(10, 2457, 0),
 208         CHAN2G(11, 2462, 0),
 209         CHAN2G(12, 2467, 0),
 210         CHAN2G(13, 2472, 0),
 211         CHAN2G(14, 2484, 0),
 212 };
 213
 214 /* No support for the last 3 channels (12, 13, 14) */
 215 #define b43_2ghz_chantable_limited_size         11
 216 #undef CHAN2G
 217
 218 #define CHAN4G(_channel, _flags) {                              \
 219         .band                   = IEEE80211_BAND_5GHZ,          \
 220         .center_freq            = 4000 + (5 * (_channel)),      \
 221         .hw_value               = (_channel),                   \
 222         .flags                  = (_flags),                     \
 223         .max_antenna_gain       = 0,                            \
 224         .max_power              = 30,                           \
 225 }
 226 #define CHAN5G(_channel, _flags) {                              \
 227         .band                   = IEEE80211_BAND_5GHZ,          \
 228         .center_freq            = 5000 + (5 * (_channel)),      \
 229         .hw_value               = (_channel),                   \
 230         .flags                  = (_flags),                     \
 231         .max_antenna_gain       = 0,                            \
 232         .max_power              = 30,                           \
 233 }
 234 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
 235         CHAN4G(184, 0),         CHAN4G(186, 0),
 236         CHAN4G(188, 0),         CHAN4G(190, 0),
 237         CHAN4G(192, 0),         CHAN4G(194, 0),
 238         CHAN4G(196, 0),         CHAN4G(198, 0),
 239         CHAN4G(200, 0),         CHAN4G(202, 0),
 240         CHAN4G(204, 0),         CHAN4G(206, 0),
 241         CHAN4G(208, 0),         CHAN4G(210, 0),
 242         CHAN4G(212, 0),         CHAN4G(214, 0),
 243         CHAN4G(216, 0),         CHAN4G(218, 0),
 244         CHAN4G(220, 0),         CHAN4G(222, 0),
 245         CHAN4G(224, 0),         CHAN4G(226, 0),
 246         CHAN4G(228, 0),
 247         CHAN5G(32, 0),          CHAN5G(34, 0),
 248         CHAN5G(36, 0),          CHAN5G(38, 0),
 249         CHAN5G(40, 0),          CHAN5G(42, 0),
 250         CHAN5G(44, 0),          CHAN5G(46, 0),
 251         CHAN5G(48, 0),          CHAN5G(50, 0),
 252         CHAN5G(52, 0),          CHAN5G(54, 0),
 253         CHAN5G(56, 0),          CHAN5G(58, 0),
 254         CHAN5G(60, 0),          CHAN5G(62, 0),
 255         CHAN5G(64, 0),          CHAN5G(66, 0),
 256         CHAN5G(68, 0),          CHAN5G(70, 0),
 257         CHAN5G(72, 0),          CHAN5G(74, 0),
 258         CHAN5G(76, 0),          CHAN5G(78, 0),
 259         CHAN5G(80, 0),          CHAN5G(82, 0),
 260         CHAN5G(84, 0),          CHAN5G(86, 0),
 261         CHAN5G(88, 0),          CHAN5G(90, 0),
 262         CHAN5G(92, 0),          CHAN5G(94, 0),
 263         CHAN5G(96, 0),          CHAN5G(98, 0),
 264         CHAN5G(100, 0),         CHAN5G(102, 0),
 265         CHAN5G(104, 0),         CHAN5G(106, 0),
 266         CHAN5G(108, 0),         CHAN5G(110, 0),
 267         CHAN5G(112, 0),         CHAN5G(114, 0),
 268         CHAN5G(116, 0),         CHAN5G(118, 0),
 269         CHAN5G(120, 0),         CHAN5G(122, 0),
 270         CHAN5G(124, 0),         CHAN5G(126, 0),
 271         CHAN5G(128, 0),         CHAN5G(130, 0),
 272         CHAN5G(132, 0),         CHAN5G(134, 0),
 273         CHAN5G(136, 0),         CHAN5G(138, 0),
 274         CHAN5G(140, 0),         CHAN5G(142, 0),
 275         CHAN5G(144, 0),         CHAN5G(145, 0),
 276         CHAN5G(146, 0),         CHAN5G(147, 0),
 277         CHAN5G(148, 0),         CHAN5G(149, 0),
 278         CHAN5G(150, 0),         CHAN5G(151, 0),
 279         CHAN5G(152, 0),         CHAN5G(153, 0),
 280         CHAN5G(154, 0),         CHAN5G(155, 0),
 281         CHAN5G(156, 0),         CHAN5G(157, 0),
 282         CHAN5G(158, 0),         CHAN5G(159, 0),
 283         CHAN5G(160, 0),         CHAN5G(161, 0),
 284         CHAN5G(162, 0),         CHAN5G(163, 0),
 285         CHAN5G(164, 0),         CHAN5G(165, 0),
 286         CHAN5G(166, 0),         CHAN5G(168, 0),
 287         CHAN5G(170, 0),         CHAN5G(172, 0),
 288         CHAN5G(174, 0),         CHAN5G(176, 0),
 289         CHAN5G(178, 0),         CHAN5G(180, 0),
 290         CHAN5G(182, 0),
 291 };
 292
 293 static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
 294         CHAN5G(36, 0),          CHAN5G(40, 0),
 295         CHAN5G(44, 0),          CHAN5G(48, 0),
 296         CHAN5G(149, 0),         CHAN5G(153, 0),
 297         CHAN5G(157, 0),         CHAN5G(161, 0),
 298         CHAN5G(165, 0),
 299 };
 300
 301 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
 302         CHAN5G(34, 0),          CHAN5G(36, 0),
 303         CHAN5G(38, 0),          CHAN5G(40, 0),
 304         CHAN5G(42, 0),          CHAN5G(44, 0),
 305         CHAN5G(46, 0),          CHAN5G(48, 0),
 306         CHAN5G(52, 0),          CHAN5G(56, 0),
 307         CHAN5G(60, 0),          CHAN5G(64, 0),
 308         CHAN5G(100, 0),         CHAN5G(104, 0),
 309         CHAN5G(108, 0),         CHAN5G(112, 0),
 310         CHAN5G(116, 0),         CHAN5G(120, 0),
 311         CHAN5G(124, 0),         CHAN5G(128, 0),
 312         CHAN5G(132, 0),         CHAN5G(136, 0),
 313         CHAN5G(140, 0),         CHAN5G(149, 0),
 314         CHAN5G(153, 0),         CHAN5G(157, 0),
 315         CHAN5G(161, 0),         CHAN5G(165, 0),
 316         CHAN5G(184, 0),         CHAN5G(188, 0),
 317         CHAN5G(192, 0),         CHAN5G(196, 0),
 318         CHAN5G(200, 0),         CHAN5G(204, 0),
 319         CHAN5G(208, 0),         CHAN5G(212, 0),
 320         CHAN5G(216, 0),
 321 };
 322 #undef CHAN4G
 323 #undef CHAN5G
 324
 325 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
 326         .band           = IEEE80211_BAND_5GHZ,
 327         .channels       = b43_5ghz_nphy_chantable,
 328         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
 329         .bitrates       = b43_a_ratetable,
 330         .n_bitrates     = b43_a_ratetable_size,
 331 };
 332
 333 static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
 334         .band           = IEEE80211_BAND_5GHZ,
 335         .channels       = b43_5ghz_nphy_chantable_limited,
 336         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
 337         .bitrates       = b43_a_ratetable,
 338         .n_bitrates     = b43_a_ratetable_size,
 339 };
 340
 341 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
 342         .band           = IEEE80211_BAND_5GHZ,
 343         .channels       = b43_5ghz_aphy_chantable,
 344         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
 345         .bitrates       = b43_a_ratetable,
 346         .n_bitrates     = b43_a_ratetable_size,
 347 };
 348
 349 static struct ieee80211_supported_band b43_band_2GHz = {
 350         .band           = IEEE80211_BAND_2GHZ,
 351         .channels       = b43_2ghz_chantable,
 352         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
 353         .bitrates       = b43_g_ratetable,
 354         .n_bitrates     = b43_g_ratetable_size,
 355 };
 356
 357 static struct ieee80211_supported_band b43_band_2ghz_limited = {
 358         .band           = IEEE80211_BAND_2GHZ,
 359         .channels       = b43_2ghz_chantable,
 360         .n_channels     = b43_2ghz_chantable_limited_size,
 361         .bitrates       = b43_g_ratetable,
 362         .n_bitrates     = b43_g_ratetable_size,
 363 };
 364
 365 static void b43_wireless_core_exit(struct b43_wldev *dev);
 366 static int b43_wireless_core_init(struct b43_wldev *dev);
 367 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
 368 static int b43_wireless_core_start(struct b43_wldev *dev);
 369 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
 370                                     struct ieee80211_vif *vif,
 371                                     struct ieee80211_bss_conf *conf,
 372                                     u32 changed);
 373
 374 static int b43_ratelimit(struct b43_wl *wl)
 375 {
 376         if (!wl || !wl->current_dev)
 377                 return 1;
 378         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
 379                 return 1;
 380         /* We are up and running.
 381          * Ratelimit the messages to avoid DoS over the net. */
 382         return net_ratelimit();
 383 }
 384
 385 void b43info(struct b43_wl *wl, const char *fmt, ...)
 386 {
 387         struct va_format vaf;
 388         va_list args;
 389
 390         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
 391                 return;
 392         if (!b43_ratelimit(wl))
 393                 return;
 394
 395         va_start(args, fmt);
 396
 397         vaf.fmt = fmt;
 398         vaf.va = &args;
 399
 400         printk(KERN_INFO "b43-%s: %pV",
 401                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 402
 403         va_end(args);
 404 }
 405
 406 void b43err(struct b43_wl *wl, const char *fmt, ...)
 407 {
 408         struct va_format vaf;
 409         va_list args;
 410
 411         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
 412                 return;
 413         if (!b43_ratelimit(wl))
 414                 return;
 415
 416         va_start(args, fmt);
 417
 418         vaf.fmt = fmt;
 419         vaf.va = &args;
 420
 421         printk(KERN_ERR "b43-%s ERROR: %pV",
 422                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 423
 424         va_end(args);
 425 }
 426
 427 void b43warn(struct b43_wl *wl, const char *fmt, ...)
 428 {
 429         struct va_format vaf;
 430         va_list args;
 431
 432         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
 433                 return;
 434         if (!b43_ratelimit(wl))
 435                 return;
 436
 437         va_start(args, fmt);
 438
 439         vaf.fmt = fmt;
 440         vaf.va = &args;
 441
 442         printk(KERN_WARNING "b43-%s warning: %pV",
 443                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 444
 445         va_end(args);
 446 }
 447
 448 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
 449 {
 450         struct va_format vaf;
 451         va_list args;
 452
 453         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
 454                 return;
 455
 456         va_start(args, fmt);
 457
 458         vaf.fmt = fmt;
 459         vaf.va = &args;
 460
 461         printk(KERN_DEBUG "b43-%s debug: %pV",
 462                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 463
 464         va_end(args);
 465 }
 466
 467 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
 468 {
 469         u32 macctl;
 470
 471         B43_WARN_ON(offset % 4 != 0);
 472
 473         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 474         if (macctl & B43_MACCTL_BE)
 475                 val = swab32(val);
 476
 477         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
 478         mmiowb();
 479         b43_write32(dev, B43_MMIO_RAM_DATA, val);
 480 }
 481
 482 static inline void b43_shm_control_word(struct b43_wldev *dev,
 483                                         u16 routing, u16 offset)
 484 {
 485         u32 control;
 486
 487         /* "offset" is the WORD offset. */
 488         control = routing;
 489         control <<= 16;
 490         control |= offset;
 491         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
 492 }
 493
 494 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
 495 {
 496         u32 ret;
 497
 498         if (routing == B43_SHM_SHARED) {
 499                 B43_WARN_ON(offset & 0x0001);
 500                 if (offset & 0x0003) {
 501                         /* Unaligned access */
 502                         b43_shm_control_word(dev, routing, offset >> 2);
 503                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 505                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
 506
 507                         goto out;
 508                 }
 509                 offset >>= 2;
 510         }
 511         b43_shm_control_word(dev, routing, offset);
 512         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
 513 out:
 514         return ret;
 515 }
 516
 517 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
 518 {
 519         u16 ret;
 520
 521         if (routing == B43_SHM_SHARED) {
 522                 B43_WARN_ON(offset & 0x0001);
 523                 if (offset & 0x0003) {
 524                         /* Unaligned access */
 525                         b43_shm_control_word(dev, routing, offset >> 2);
 526                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 527
 528                         goto out;
 529                 }
 530                 offset >>= 2;
 531         }
 532         b43_shm_control_word(dev, routing, offset);
 533         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
 534 out:
 535         return ret;
 536 }
 537
 538 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
 539 {
 540         if (routing == B43_SHM_SHARED) {
 541                 B43_WARN_ON(offset & 0x0001);
 542                 if (offset & 0x0003) {
 543                         /* Unaligned access */
 544                         b43_shm_control_word(dev, routing, offset >> 2);
 545                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
 546                                     value & 0xFFFF);
 547                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 548                         b43_write16(dev, B43_MMIO_SHM_DATA,
 549                                     (value >> 16) & 0xFFFF);
 550                         return;
 551                 }
 552                 offset >>= 2;
 553         }
 554         b43_shm_control_word(dev, routing, offset);
 555         b43_write32(dev, B43_MMIO_SHM_DATA, value);
 556 }
 557
 558 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
 559 {
 560         if (routing == B43_SHM_SHARED) {
 561                 B43_WARN_ON(offset & 0x0001);
 562                 if (offset & 0x0003) {
 563                         /* Unaligned access */
 564                         b43_shm_control_word(dev, routing, offset >> 2);
 565                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
 566                         return;
 567                 }
 568                 offset >>= 2;
 569         }
 570         b43_shm_control_word(dev, routing, offset);
 571         b43_write16(dev, B43_MMIO_SHM_DATA, value);
 572 }
 573
 574 /* Read HostFlags */
 575 u64 b43_hf_read(struct b43_wldev *dev)
 576 {
 577         u64 ret;
 578
 579         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
 580         ret <<= 16;
 581         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
 582         ret <<= 16;
 583         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
 584
 585         return ret;
 586 }
 587
 588 /* Write HostFlags */
 589 void b43_hf_write(struct b43_wldev *dev, u64 value)
 590 {
 591         u16 lo, mi, hi;
 592
 593         lo = (value & 0x00000000FFFFULL);
 594         mi = (value & 0x0000FFFF0000ULL) >> 16;
 595         hi = (value & 0xFFFF00000000ULL) >> 32;
 596         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
 597         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
 598         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
 599 }
 600
 601 /* Read the firmware capabilities bitmask (Opensource firmware only) */
 602 static u16 b43_fwcapa_read(struct b43_wldev *dev)
 603 {
 604         B43_WARN_ON(!dev->fw.opensource);
 605         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
 606 }
 607
 608 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
 609 {
 610         u32 low, high;
 611
 612         B43_WARN_ON(dev->dev->core_rev < 3);
 613
 614         /* The hardware guarantees us an atomic read, if we
 615          * read the low register first. */
 616         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
 617         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
 618
 619         *tsf = high;
 620         *tsf <<= 32;
 621         *tsf |= low;
 622 }
 623
 624 static void b43_time_lock(struct b43_wldev *dev)
 625 {
 626         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
 627         /* Commit the write */
 628         b43_read32(dev, B43_MMIO_MACCTL);
 629 }
 630
 631 static void b43_time_unlock(struct b43_wldev *dev)
 632 {
 633         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
 634         /* Commit the write */
 635         b43_read32(dev, B43_MMIO_MACCTL);
 636 }
 637
 638 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
 639 {
 640         u32 low, high;
 641
 642         B43_WARN_ON(dev->dev->core_rev < 3);
 643
 644         low = tsf;
 645         high = (tsf >> 32);
 646         /* The hardware guarantees us an atomic write, if we
 647          * write the low register first. */
 648         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
 649         mmiowb();
 650         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
 651         mmiowb();
 652 }
 653
 654 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
 655 {
 656         b43_time_lock(dev);
 657         b43_tsf_write_locked(dev, tsf);
 658         b43_time_unlock(dev);
 659 }
 660
 661 static
 662 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
 663 {
 664         static const u8 zero_addr[ETH_ALEN] = { 0 };
 665         u16 data;
 666
 667         if (!mac)
 668                 mac = zero_addr;
 669
 670         offset |= 0x0020;
 671         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
 672
 673         data = mac[0];
 674         data |= mac[1] << 8;
 675         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 676         data = mac[2];
 677         data |= mac[3] << 8;
 678         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 679         data = mac[4];
 680         data |= mac[5] << 8;
 681         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 682 }
 683
 684 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
 685 {
 686         const u8 *mac;
 687         const u8 *bssid;
 688         u8 mac_bssid[ETH_ALEN * 2];
 689         int i;
 690         u32 tmp;
 691
 692         bssid = dev->wl->bssid;
 693         mac = dev->wl->mac_addr;
 694
 695         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
 696
 697         memcpy(mac_bssid, mac, ETH_ALEN);
 698         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
 699
 700         /* Write our MAC address and BSSID to template ram */
 701         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
 702                 tmp = (u32) (mac_bssid[i + 0]);
 703                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
 704                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
 705                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
 706                 b43_ram_write(dev, 0x20 + i, tmp);
 707         }
 708 }
 709
 710 static void b43_upload_card_macaddress(struct b43_wldev *dev)
 711 {
 712         b43_write_mac_bssid_templates(dev);
 713         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
 714 }
 715
 716 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
 717 {
 718         /* slot_time is in usec. */
 719         /* This test used to exit for all but a G PHY. */
 720         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
 721                 return;
 722         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
 723         /* Shared memory location 0x0010 is the slot time and should be
 724          * set to slot_time; however, this register is initially 0 and changing
 725          * the value adversely affects the transmit rate for BCM4311
 726          * devices. Until this behavior is unterstood, delete this step
 727          *
 728          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
 729          */
 730 }
 731
 732 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
 733 {
 734         b43_set_slot_time(dev, 9);
 735 }
 736
 737 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
 738 {
 739         b43_set_slot_time(dev, 20);
 740 }
 741
 742 /* DummyTransmission function, as documented on
 743  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
 744  */
 745 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
 746 {
 747         struct b43_phy *phy = &dev->phy;
 748         unsigned int i, max_loop;
 749         u16 value;
 750         u32 buffer[5] = {
 751                 0x00000000,
 752                 0x00D40000,
 753                 0x00000000,
 754                 0x01000000,
 755                 0x00000000,
 756         };
 757
 758         if (ofdm) {
 759                 max_loop = 0x1E;
 760                 buffer[0] = 0x000201CC;
 761         } else {
 762                 max_loop = 0xFA;
 763                 buffer[0] = 0x000B846E;
 764         }
 765
 766         for (i = 0; i < 5; i++)
 767                 b43_ram_write(dev, i * 4, buffer[i]);
 768
 769         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
 770
 771         if (dev->dev->core_rev < 11)
 772                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
 773         else
 774                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
 775
 776         value = (ofdm ? 0x41 : 0x40);
 777         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
 778         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
 779             phy->type == B43_PHYTYPE_LCN)
 780                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
 781
 782         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
 783         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
 784
 785         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
 786         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
 787         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
 788         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
 789
 790         if (!pa_on && phy->type == B43_PHYTYPE_N)
 791                 ; /*b43_nphy_pa_override(dev, false) */
 792
 793         switch (phy->type) {
 794         case B43_PHYTYPE_N:
 795         case B43_PHYTYPE_LCN:
 796                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
 797                 break;
 798         case B43_PHYTYPE_LP:
 799                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
 800                 break;
 801         default:
 802                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
 803         }
 804         b43_read16(dev, B43_MMIO_TXE0_AUX);
 805
 806         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 807                 b43_radio_write16(dev, 0x0051, 0x0017);
 808         for (i = 0x00; i < max_loop; i++) {
 809                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 810                 if (value & 0x0080)
 811                         break;
 812                 udelay(10);
 813         }
 814         for (i = 0x00; i < 0x0A; i++) {
 815                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 816                 if (value & 0x0400)
 817                         break;
 818                 udelay(10);
 819         }
 820         for (i = 0x00; i < 0x19; i++) {
 821                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
 822                 if (!(value & 0x0100))
 823                         break;
 824                 udelay(10);
 825         }
 826         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 827                 b43_radio_write16(dev, 0x0051, 0x0037);
 828 }
 829
 830 static void key_write(struct b43_wldev *dev,
 831                       u8 index, u8 algorithm, const u8 *key)
 832 {
 833         unsigned int i;
 834         u32 offset;
 835         u16 value;
 836         u16 kidx;
 837
 838         /* Key index/algo block */
 839         kidx = b43_kidx_to_fw(dev, index);
 840         value = ((kidx << 4) | algorithm);
 841         b43_shm_write16(dev, B43_SHM_SHARED,
 842                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
 843
 844         /* Write the key to the Key Table Pointer offset */
 845         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
 846         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
 847                 value = key[i];
 848                 value |= (u16) (key[i + 1]) << 8;
 849                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
 850         }
 851 }
 852
 853 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
 854 {
 855         u32 addrtmp[2] = { 0, 0, };
 856         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 857
 858         if (b43_new_kidx_api(dev))
 859                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 860
 861         B43_WARN_ON(index < pairwise_keys_start);
 862         /* We have four default TX keys and possibly four default RX keys.
 863          * Physical mac 0 is mapped to physical key 4 or 8, depending
 864          * on the firmware version.
 865          * So we must adjust the index here.
 866          */
 867         index -= pairwise_keys_start;
 868         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 869
 870         if (addr) {
 871                 addrtmp[0] = addr[0];
 872                 addrtmp[0] |= ((u32) (addr[1]) << 8);
 873                 addrtmp[0] |= ((u32) (addr[2]) << 16);
 874                 addrtmp[0] |= ((u32) (addr[3]) << 24);
 875                 addrtmp[1] = addr[4];
 876                 addrtmp[1] |= ((u32) (addr[5]) << 8);
 877         }
 878
 879         /* Receive match transmitter address (RCMTA) mechanism */
 880         b43_shm_write32(dev, B43_SHM_RCMTA,
 881                         (index * 2) + 0, addrtmp[0]);
 882         b43_shm_write16(dev, B43_SHM_RCMTA,
 883                         (index * 2) + 1, addrtmp[1]);
 884 }
 885
 886 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
 887  * When a packet is received, the iv32 is checked.
 888  * - if it doesn't the packet is returned without modification (and software
 889  *   decryption can be done). That's what happen when iv16 wrap.
 890  * - if it does, the rc4 key is computed, and decryption is tried.
 891  *   Either it will success and B43_RX_MAC_DEC is returned,
 892  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
 893  *   and the packet is not usable (it got modified by the ucode).
 894  * So in order to never have B43_RX_MAC_DECERR, we should provide
 895  * a iv32 and phase1key that match. Because we drop packets in case of
 896  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
 897  * packets will be lost without higher layer knowing (ie no resync possible
 898  * until next wrap).
 899  *
 900  * NOTE : this should support 50 key like RCMTA because
 901  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
 902  */
 903 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
 904                 u16 *phase1key)
 905 {
 906         unsigned int i;
 907         u32 offset;
 908         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 909
 910         if (!modparam_hwtkip)
 911                 return;
 912
 913         if (b43_new_kidx_api(dev))
 914                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 915
 916         B43_WARN_ON(index < pairwise_keys_start);
 917         /* We have four default TX keys and possibly four default RX keys.
 918          * Physical mac 0 is mapped to physical key 4 or 8, depending
 919          * on the firmware version.
 920          * So we must adjust the index here.
 921          */
 922         index -= pairwise_keys_start;
 923         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 924
 925         if (b43_debug(dev, B43_DBG_KEYS)) {
 926                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
 927                                 index, iv32);
 928         }
 929         /* Write the key to the  RX tkip shared mem */
 930         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
 931         for (i = 0; i < 10; i += 2) {
 932                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
 933                                 phase1key ? phase1key[i / 2] : 0);
 934         }
 935         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
 936         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
 937 }
 938
 939 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
 940                                    struct ieee80211_vif *vif,
 941                                    struct ieee80211_key_conf *keyconf,
 942                                    struct ieee80211_sta *sta,
 943                                    u32 iv32, u16 *phase1key)
 944 {
 945         struct b43_wl *wl = hw_to_b43_wl(hw);
 946         struct b43_wldev *dev;
 947         int index = keyconf->hw_key_idx;
 948
 949         if (B43_WARN_ON(!modparam_hwtkip))
 950                 return;
 951
 952         /* This is only called from the RX path through mac80211, where
 953          * our mutex is already locked. */
 954         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
 955         dev = wl->current_dev;
 956         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
 957
 958         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
 959
 960         rx_tkip_phase1_write(dev, index, iv32, phase1key);
 961         /* only pairwise TKIP keys are supported right now */
 962         if (WARN_ON(!sta))
 963                 return;
 964         keymac_write(dev, index, sta->addr);
 965 }
 966
 967 static void do_key_write(struct b43_wldev *dev,
 968                          u8 index, u8 algorithm,
 969                          const u8 *key, size_t key_len, const u8 *mac_addr)
 970 {
 971         u8 buf[B43_SEC_KEYSIZE] = { 0, };
 972         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 973
 974         if (b43_new_kidx_api(dev))
 975                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 976
 977         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
 978         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
 979
 980         if (index >= pairwise_keys_start)
 981                 keymac_write(dev, index, NULL); /* First zero out mac. */
 982         if (algorithm == B43_SEC_ALGO_TKIP) {
 983                 /*
 984                  * We should provide an initial iv32, phase1key pair.
 985                  * We could start with iv32=0 and compute the corresponding
 986                  * phase1key, but this means calling ieee80211_get_tkip_key
 987                  * with a fake skb (or export other tkip function).
 988                  * Because we are lazy we hope iv32 won't start with
 989                  * 0xffffffff and let's b43_op_update_tkip_key provide a
 990                  * correct pair.
 991                  */
 992                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
 993         } else if (index >= pairwise_keys_start) /* clear it */
 994                 rx_tkip_phase1_write(dev, index, 0, NULL);
 995         if (key)
 996                 memcpy(buf, key, key_len);
 997         key_write(dev, index, algorithm, buf);
 998         if (index >= pairwise_keys_start)
 999                 keymac_write(dev, index, mac_addr);
1000
1001         dev->key[index].algorithm = algorithm;
1002 }
1003
1004 static int b43_key_write(struct b43_wldev *dev,
1005                          int index, u8 algorithm,
1006                          const u8 *key, size_t key_len,
1007                          const u8 *mac_addr,
1008                          struct ieee80211_key_conf *keyconf)
1009 {
1010         int i;
1011         int pairwise_keys_start;
1012
1013         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1014          *      - Temporal Encryption Key (128 bits)
1015          *      - Temporal Authenticator Tx MIC Key (64 bits)
1016          *      - Temporal Authenticator Rx MIC Key (64 bits)
1017          *
1018          *      Hardware only store TEK
1019          */
1020         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1021                 key_len = 16;
1022         if (key_len > B43_SEC_KEYSIZE)
1023                 return -EINVAL;
1024         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1025                 /* Check that we don't already have this key. */
1026                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1027         }
1028         if (index < 0) {
1029                 /* Pairwise key. Get an empty slot for the key. */
1030                 if (b43_new_kidx_api(dev))
1031                         pairwise_keys_start = B43_NR_GROUP_KEYS;
1032                 else
1033                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1034                 for (i = pairwise_keys_start;
1035                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1036                      i++) {
1037                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1038                         if (!dev->key[i].keyconf) {
1039                                 /* found empty */
1040                                 index = i;
1041                                 break;
1042                         }
1043                 }
1044                 if (index < 0) {
1045                         b43warn(dev->wl, "Out of hardware key memory\n");
1046                         return -ENOSPC;
1047                 }
1048         } else
1049                 B43_WARN_ON(index > 3);
1050
1051         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1052         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1053                 /* Default RX key */
1054                 B43_WARN_ON(mac_addr);
1055                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1056         }
1057         keyconf->hw_key_idx = index;
1058         dev->key[index].keyconf = keyconf;
1059
1060         return 0;
1061 }
1062
1063 static int b43_key_clear(struct b43_wldev *dev, int index)
1064 {
1065         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1066                 return -EINVAL;
1067         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1068                      NULL, B43_SEC_KEYSIZE, NULL);
1069         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1070                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1071                              NULL, B43_SEC_KEYSIZE, NULL);
1072         }
1073         dev->key[index].keyconf = NULL;
1074
1075         return 0;
1076 }
1077
1078 static void b43_clear_keys(struct b43_wldev *dev)
1079 {
1080         int i, count;
1081
1082         if (b43_new_kidx_api(dev))
1083                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1084         else
1085                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1086         for (i = 0; i < count; i++)
1087                 b43_key_clear(dev, i);
1088 }
1089
1090 static void b43_dump_keymemory(struct b43_wldev *dev)
1091 {
1092         unsigned int i, index, count, offset, pairwise_keys_start;
1093         u8 mac[ETH_ALEN];
1094         u16 algo;
1095         u32 rcmta0;
1096         u16 rcmta1;
1097         u64 hf;
1098         struct b43_key *key;
1099
1100         if (!b43_debug(dev, B43_DBG_KEYS))
1101                 return;
1102
1103         hf = b43_hf_read(dev);
1104         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1105                !!(hf & B43_HF_USEDEFKEYS));
1106         if (b43_new_kidx_api(dev)) {
1107                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1108                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1109         } else {
1110                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1111                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1112         }
1113         for (index = 0; index < count; index++) {
1114                 key = &(dev->key[index]);
1115                 printk(KERN_DEBUG "Key slot %02u: %s",
1116                        index, (key->keyconf == NULL) ? " " : "*");
1117                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1118                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1119                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1120                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1121                 }
1122
1123                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1124                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1125                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1126
1127                 if (index >= pairwise_keys_start) {
1128                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1129                                 printk("   TKIP: ");
1130                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1131                                 for (i = 0; i < 14; i += 2) {
1132                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1133                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1134                                 }
1135                         }
1136                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1137                                                 ((index - pairwise_keys_start) * 2) + 0);
1138                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1139                                                 ((index - pairwise_keys_start) * 2) + 1);
1140                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1141                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1142                         printk("   MAC: %pM", mac);
1143                 } else
1144                         printk("   DEFAULT KEY");
1145                 printk("\n");
1146         }
1147 }
1148
1149 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1150 {
1151         u32 macctl;
1152         u16 ucstat;
1153         bool hwps;
1154         bool awake;
1155         int i;
1156
1157         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1158                     (ps_flags & B43_PS_DISABLED));
1159         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1160
1161         if (ps_flags & B43_PS_ENABLED) {
1162                 hwps = true;
1163         } else if (ps_flags & B43_PS_DISABLED) {
1164                 hwps = false;
1165         } else {
1166                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1167                 //      and thus is not an AP and we are associated, set bit 25
1168         }
1169         if (ps_flags & B43_PS_AWAKE) {
1170                 awake = true;
1171         } else if (ps_flags & B43_PS_ASLEEP) {
1172                 awake = false;
1173         } else {
1174                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1175                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1176                 //      successful, set bit26
1177         }
1178
1179 /* FIXME: For now we force awake-on and hwps-off */
1180         hwps = false;
1181         awake = true;
1182
1183         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1184         if (hwps)
1185                 macctl |= B43_MACCTL_HWPS;
1186         else
1187                 macctl &= ~B43_MACCTL_HWPS;
1188         if (awake)
1189                 macctl |= B43_MACCTL_AWAKE;
1190         else
1191                 macctl &= ~B43_MACCTL_AWAKE;
1192         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1193         /* Commit write */
1194         b43_read32(dev, B43_MMIO_MACCTL);
1195         if (awake && dev->dev->core_rev >= 5) {
1196                 /* Wait for the microcode to wake up. */
1197                 for (i = 0; i < 100; i++) {
1198                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1199                                                 B43_SHM_SH_UCODESTAT);
1200                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1201                                 break;
1202                         udelay(10);
1203                 }
1204         }
1205 }
1206
1207 /* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1208 void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1209 {
1210         struct bcma_drv_cc *bcma_cc __maybe_unused;
1211         struct ssb_chipcommon *ssb_cc __maybe_unused;
1212
1213         switch (dev->dev->bus_type) {
1214 #ifdef CONFIG_B43_BCMA
1215         case B43_BUS_BCMA:
1216                 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1217
1218                 bcma_cc_write32(bcma_cc, BCMA_CC_CHIPCTL_ADDR, 0);
1219                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1220                 bcma_cc_set32(bcma_cc, BCMA_CC_CHIPCTL_DATA, 0x4);
1221                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1222                 break;
1223 #endif
1224 #ifdef CONFIG_B43_SSB
1225         case B43_BUS_SSB:
1226                 ssb_cc = &dev->dev->sdev->bus->chipco;
1227
1228                 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1229                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1230                 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1231                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1232                 break;
1233 #endif
1234         }
1235 }
1236
1237 #ifdef CONFIG_B43_BCMA
1238 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1239 {
1240         u32 flags;
1241
1242         /* Put PHY into reset */
1243         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1244         flags |= B43_BCMA_IOCTL_PHY_RESET;
1245         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1246         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1247         udelay(2);
1248
1249         b43_phy_take_out_of_reset(dev);
1250 }
1251
1252 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1253 {
1254         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1255                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1256         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1257                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1258         u32 flags;
1259
1260         flags = B43_BCMA_IOCTL_PHY_CLKEN;
1261         if (gmode)
1262                 flags |= B43_BCMA_IOCTL_GMODE;
1263         b43_device_enable(dev, flags);
1264
1265         if (dev->phy.type == B43_PHYTYPE_AC) {
1266                 u16 tmp;
1267
1268                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269                 tmp &= ~B43_BCMA_IOCTL_DAC;
1270                 tmp |= 0x100;
1271                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1272
1273                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1274                 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1275                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1276
1277                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1278                 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1279                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1280         }
1281
1282         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1283         b43_bcma_phy_reset(dev);
1284         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1285 }
1286 #endif
1287
1288 #ifdef CONFIG_B43_SSB
1289 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1290 {
1291         u32 flags = 0;
1292
1293         if (gmode)
1294                 flags |= B43_TMSLOW_GMODE;
1295         flags |= B43_TMSLOW_PHYCLKEN;
1296         flags |= B43_TMSLOW_PHYRESET;
1297         if (dev->phy.type == B43_PHYTYPE_N)
1298                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1299         b43_device_enable(dev, flags);
1300         msleep(2);              /* Wait for the PLL to turn on. */
1301
1302         b43_phy_take_out_of_reset(dev);
1303 }
1304 #endif
1305
1306 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1307 {
1308         u32 macctl;
1309
1310         switch (dev->dev->bus_type) {
1311 #ifdef CONFIG_B43_BCMA
1312         case B43_BUS_BCMA:
1313                 b43_bcma_wireless_core_reset(dev, gmode);
1314                 break;
1315 #endif
1316 #ifdef CONFIG_B43_SSB
1317         case B43_BUS_SSB:
1318                 b43_ssb_wireless_core_reset(dev, gmode);
1319                 break;
1320 #endif
1321         }
1322
1323         /* Turn Analog ON, but only if we already know the PHY-type.
1324          * This protects against very early setup where we don't know the
1325          * PHY-type, yet. wireless_core_reset will be called once again later,
1326          * when we know the PHY-type. */
1327         if (dev->phy.ops)
1328                 dev->phy.ops->switch_analog(dev, 1);
1329
1330         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1331         macctl &= ~B43_MACCTL_GMODE;
1332         if (gmode)
1333                 macctl |= B43_MACCTL_GMODE;
1334         macctl |= B43_MACCTL_IHR_ENABLED;
1335         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1336 }
1337
1338 static void handle_irq_transmit_status(struct b43_wldev *dev)
1339 {
1340         u32 v0, v1;
1341         u16 tmp;
1342         struct b43_txstatus stat;
1343
1344         while (1) {
1345                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1346                 if (!(v0 & 0x00000001))
1347                         break;
1348                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1349
1350                 stat.cookie = (v0 >> 16);
1351                 stat.seq = (v1 & 0x0000FFFF);
1352                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1353                 tmp = (v0 & 0x0000FFFF);
1354                 stat.frame_count = ((tmp & 0xF000) >> 12);
1355                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1356                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1357                 stat.pm_indicated = !!(tmp & 0x0080);
1358                 stat.intermediate = !!(tmp & 0x0040);
1359                 stat.for_ampdu = !!(tmp & 0x0020);
1360                 stat.acked = !!(tmp & 0x0002);
1361
1362                 b43_handle_txstatus(dev, &stat);
1363         }
1364 }
1365
1366 static void drain_txstatus_queue(struct b43_wldev *dev)
1367 {
1368         u32 dummy;
1369
1370         if (dev->dev->core_rev < 5)
1371                 return;
1372         /* Read all entries from the microcode TXstatus FIFO
1373          * and throw them away.
1374          */
1375         while (1) {
1376                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1377                 if (!(dummy & 0x00000001))
1378                         break;
1379                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1380         }
1381 }
1382
1383 static u32 b43_jssi_read(struct b43_wldev *dev)
1384 {
1385         u32 val = 0;
1386
1387         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1388         val <<= 16;
1389         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1390
1391         return val;
1392 }
1393
1394 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1395 {
1396         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1397                         (jssi & 0x0000FFFF));
1398         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1399                         (jssi & 0xFFFF0000) >> 16);
1400 }
1401
1402 static void b43_generate_noise_sample(struct b43_wldev *dev)
1403 {
1404         b43_jssi_write(dev, 0x7F7F7F7F);
1405         b43_write32(dev, B43_MMIO_MACCMD,
1406                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1407 }
1408
1409 static void b43_calculate_link_quality(struct b43_wldev *dev)
1410 {
1411         /* Top half of Link Quality calculation. */
1412
1413         if (dev->phy.type != B43_PHYTYPE_G)
1414                 return;
1415         if (dev->noisecalc.calculation_running)
1416                 return;
1417         dev->noisecalc.calculation_running = true;
1418         dev->noisecalc.nr_samples = 0;
1419
1420         b43_generate_noise_sample(dev);
1421 }
1422
1423 static void handle_irq_noise(struct b43_wldev *dev)
1424 {
1425         struct b43_phy_g *phy = dev->phy.g;
1426         u16 tmp;
1427         u8 noise[4];
1428         u8 i, j;
1429         s32 average;
1430
1431         /* Bottom half of Link Quality calculation. */
1432
1433         if (dev->phy.type != B43_PHYTYPE_G)
1434                 return;
1435
1436         /* Possible race condition: It might be possible that the user
1437          * changed to a different channel in the meantime since we
1438          * started the calculation. We ignore that fact, since it's
1439          * not really that much of a problem. The background noise is
1440          * an estimation only anyway. Slightly wrong results will get damped
1441          * by the averaging of the 8 sample rounds. Additionally the
1442          * value is shortlived. So it will be replaced by the next noise
1443          * calculation round soon. */
1444
1445         B43_WARN_ON(!dev->noisecalc.calculation_running);
1446         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1447         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1448             noise[2] == 0x7F || noise[3] == 0x7F)
1449                 goto generate_new;
1450
1451         /* Get the noise samples. */
1452         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1453         i = dev->noisecalc.nr_samples;
1454         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1455         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1456         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1457         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1458         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1459         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1460         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1461         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1462         dev->noisecalc.nr_samples++;
1463         if (dev->noisecalc.nr_samples == 8) {
1464                 /* Calculate the Link Quality by the noise samples. */
1465                 average = 0;
1466                 for (i = 0; i < 8; i++) {
1467                         for (j = 0; j < 4; j++)
1468                                 average += dev->noisecalc.samples[i][j];
1469                 }
1470                 average /= (8 * 4);
1471                 average *= 125;
1472                 average += 64;
1473                 average /= 128;
1474                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1475                 tmp = (tmp / 128) & 0x1F;
1476                 if (tmp >= 8)
1477                         average += 2;
1478                 else
1479                         average -= 25;
1480                 if (tmp == 8)
1481                         average -= 72;
1482                 else
1483                         average -= 48;
1484
1485                 dev->stats.link_noise = average;
1486                 dev->noisecalc.calculation_running = false;
1487                 return;
1488         }
1489 generate_new:
1490         b43_generate_noise_sample(dev);
1491 }
1492
1493 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1494 {
1495         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1496                 ///TODO: PS TBTT
1497         } else {
1498                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1499                         b43_power_saving_ctl_bits(dev, 0);
1500         }
1501         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1502                 dev->dfq_valid = true;
1503 }
1504
1505 static void handle_irq_atim_end(struct b43_wldev *dev)
1506 {
1507         if (dev->dfq_valid) {
1508                 b43_write32(dev, B43_MMIO_MACCMD,
1509                             b43_read32(dev, B43_MMIO_MACCMD)
1510                             | B43_MACCMD_DFQ_VALID);
1511                 dev->dfq_valid = false;
1512         }
1513 }
1514
1515 static void handle_irq_pmq(struct b43_wldev *dev)
1516 {
1517         u32 tmp;
1518
1519         //TODO: AP mode.
1520
1521         while (1) {
1522                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1523                 if (!(tmp & 0x00000008))
1524                         break;
1525         }
1526         /* 16bit write is odd, but correct. */
1527         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1528 }
1529
1530 static void b43_write_template_common(struct b43_wldev *dev,
1531                                       const u8 *data, u16 size,
1532                                       u16 ram_offset,
1533                                       u16 shm_size_offset, u8 rate)
1534 {
1535         u32 i, tmp;
1536         struct b43_plcp_hdr4 plcp;
1537
1538         plcp.data = 0;
1539         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1540         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1541         ram_offset += sizeof(u32);
1542         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1543          * So leave the first two bytes of the next write blank.
1544          */
1545         tmp = (u32) (data[0]) << 16;
1546         tmp |= (u32) (data[1]) << 24;
1547         b43_ram_write(dev, ram_offset, tmp);
1548         ram_offset += sizeof(u32);
1549         for (i = 2; i < size; i += sizeof(u32)) {
1550                 tmp = (u32) (data[i + 0]);
1551                 if (i + 1 < size)
1552                         tmp |= (u32) (data[i + 1]) << 8;
1553                 if (i + 2 < size)
1554                         tmp |= (u32) (data[i + 2]) << 16;
1555                 if (i + 3 < size)
1556                         tmp |= (u32) (data[i + 3]) << 24;
1557                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1558         }
1559         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1560                         size + sizeof(struct b43_plcp_hdr6));
1561 }
1562
1563 /* Check if the use of the antenna that ieee80211 told us to
1564  * use is possible. This will fall back to DEFAULT.
1565  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1566 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1567                                   u8 antenna_nr)
1568 {
1569         u8 antenna_mask;
1570
1571         if (antenna_nr == 0) {
1572                 /* Zero means "use default antenna". That's always OK. */
1573                 return 0;
1574         }
1575
1576         /* Get the mask of available antennas. */
1577         if (dev->phy.gmode)
1578                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1579         else
1580                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1581
1582         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1583                 /* This antenna is not available. Fall back to default. */
1584                 return 0;
1585         }
1586
1587         return antenna_nr;
1588 }
1589
1590 /* Convert a b43 antenna number value to the PHY TX control value. */
1591 static u16 b43_antenna_to_phyctl(int antenna)
1592 {
1593         switch (antenna) {
1594         case B43_ANTENNA0:
1595                 return B43_TXH_PHY_ANT0;
1596         case B43_ANTENNA1:
1597                 return B43_TXH_PHY_ANT1;
1598         case B43_ANTENNA2:
1599                 return B43_TXH_PHY_ANT2;
1600         case B43_ANTENNA3:
1601                 return B43_TXH_PHY_ANT3;
1602         case B43_ANTENNA_AUTO0:
1603         case B43_ANTENNA_AUTO1:
1604                 return B43_TXH_PHY_ANT01AUTO;
1605         }
1606         B43_WARN_ON(1);
1607         return 0;
1608 }
1609
1610 static void b43_write_beacon_template(struct b43_wldev *dev,
1611                                       u16 ram_offset,
1612                                       u16 shm_size_offset)
1613 {
1614         unsigned int i, len, variable_len;
1615         const struct ieee80211_mgmt *bcn;
1616         const u8 *ie;
1617         bool tim_found = false;
1618         unsigned int rate;
1619         u16 ctl;
1620         int antenna;
1621         struct ieee80211_tx_info *info;
1622         unsigned long flags;
1623         struct sk_buff *beacon_skb;
1624
1625         spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1626         info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1627         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1628         /* Clone the beacon, so it cannot go away, while we write it to hw. */
1629         beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1630         spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1631
1632         if (!beacon_skb) {
1633                 b43dbg(dev->wl, "Could not upload beacon. "
1634                        "Failed to clone beacon skb.");
1635                 return;
1636         }
1637
1638         bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1639         len = min_t(size_t, beacon_skb->len,
1640                     0x200 - sizeof(struct b43_plcp_hdr6));
1641
1642         b43_write_template_common(dev, (const u8 *)bcn,
1643                                   len, ram_offset, shm_size_offset, rate);
1644
1645         /* Write the PHY TX control parameters. */
1646         antenna = B43_ANTENNA_DEFAULT;
1647         antenna = b43_antenna_to_phyctl(antenna);
1648         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1649         /* We can't send beacons with short preamble. Would get PHY errors. */
1650         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1651         ctl &= ~B43_TXH_PHY_ANT;
1652         ctl &= ~B43_TXH_PHY_ENC;
1653         ctl |= antenna;
1654         if (b43_is_cck_rate(rate))
1655                 ctl |= B43_TXH_PHY_ENC_CCK;
1656         else
1657                 ctl |= B43_TXH_PHY_ENC_OFDM;
1658         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1659
1660         /* Find the position of the TIM and the DTIM_period value
1661          * and write them to SHM. */
1662         ie = bcn->u.beacon.variable;
1663         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1664         for (i = 0; i < variable_len - 2; ) {
1665                 uint8_t ie_id, ie_len;
1666
1667                 ie_id = ie[i];
1668                 ie_len = ie[i + 1];
1669                 if (ie_id == 5) {
1670                         u16 tim_position;
1671                         u16 dtim_period;
1672                         /* This is the TIM Information Element */
1673
1674                         /* Check whether the ie_len is in the beacon data range. */
1675                         if (variable_len < ie_len + 2 + i)
1676                                 break;
1677                         /* A valid TIM is at least 4 bytes long. */
1678                         if (ie_len < 4)
1679                                 break;
1680                         tim_found = true;
1681
1682                         tim_position = sizeof(struct b43_plcp_hdr6);
1683                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1684                         tim_position += i;
1685
1686                         dtim_period = ie[i + 3];
1687
1688                         b43_shm_write16(dev, B43_SHM_SHARED,
1689                                         B43_SHM_SH_TIMBPOS, tim_position);
1690                         b43_shm_write16(dev, B43_SHM_SHARED,
1691                                         B43_SHM_SH_DTIMPER, dtim_period);
1692                         break;
1693                 }
1694                 i += ie_len + 2;
1695         }
1696         if (!tim_found) {
1697                 /*
1698                  * If ucode wants to modify TIM do it behind the beacon, this
1699                  * will happen, for example, when doing mesh networking.
1700                  */
1701                 b43_shm_write16(dev, B43_SHM_SHARED,
1702                                 B43_SHM_SH_TIMBPOS,
1703                                 len + sizeof(struct b43_plcp_hdr6));
1704                 b43_shm_write16(dev, B43_SHM_SHARED,
1705                                 B43_SHM_SH_DTIMPER, 0);
1706         }
1707         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1708
1709         dev_kfree_skb_any(beacon_skb);
1710 }
1711
1712 static void b43_upload_beacon0(struct b43_wldev *dev)
1713 {
1714         struct b43_wl *wl = dev->wl;
1715
1716         if (wl->beacon0_uploaded)
1717                 return;
1718         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1719         wl->beacon0_uploaded = true;
1720 }
1721
1722 static void b43_upload_beacon1(struct b43_wldev *dev)
1723 {
1724         struct b43_wl *wl = dev->wl;
1725
1726         if (wl->beacon1_uploaded)
1727                 return;
1728         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1729         wl->beacon1_uploaded = true;
1730 }
1731
1732 static void handle_irq_beacon(struct b43_wldev *dev)
1733 {
1734         struct b43_wl *wl = dev->wl;
1735         u32 cmd, beacon0_valid, beacon1_valid;
1736
1737         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1738             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1739             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1740                 return;
1741
1742         /* This is the bottom half of the asynchronous beacon update. */
1743
1744         /* Ignore interrupt in the future. */
1745         dev->irq_mask &= ~B43_IRQ_BEACON;
1746
1747         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1748         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1749         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1750
1751         /* Schedule interrupt manually, if busy. */
1752         if (beacon0_valid && beacon1_valid) {
1753                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1754                 dev->irq_mask |= B43_IRQ_BEACON;
1755                 return;
1756         }
1757
1758         if (unlikely(wl->beacon_templates_virgin)) {
1759                 /* We never uploaded a beacon before.
1760                  * Upload both templates now, but only mark one valid. */
1761                 wl->beacon_templates_virgin = false;
1762                 b43_upload_beacon0(dev);
1763                 b43_upload_beacon1(dev);
1764                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1765                 cmd |= B43_MACCMD_BEACON0_VALID;
1766                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1767         } else {
1768                 if (!beacon0_valid) {
1769                         b43_upload_beacon0(dev);
1770                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771                         cmd |= B43_MACCMD_BEACON0_VALID;
1772                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773                 } else if (!beacon1_valid) {
1774                         b43_upload_beacon1(dev);
1775                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1776                         cmd |= B43_MACCMD_BEACON1_VALID;
1777                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1778                 }
1779         }
1780 }
1781
1782 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1783 {
1784         u32 old_irq_mask = dev->irq_mask;
1785
1786         /* update beacon right away or defer to irq */
1787         handle_irq_beacon(dev);
1788         if (old_irq_mask != dev->irq_mask) {
1789                 /* The handler updated the IRQ mask. */
1790                 B43_WARN_ON(!dev->irq_mask);
1791                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1792                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1793                 } else {
1794                         /* Device interrupts are currently disabled. That means
1795                          * we just ran the hardirq handler and scheduled the
1796                          * IRQ thread. The thread will write the IRQ mask when
1797                          * it finished, so there's nothing to do here. Writing
1798                          * the mask _here_ would incorrectly re-enable IRQs. */
1799                 }
1800         }
1801 }
1802
1803 static void b43_beacon_update_trigger_work(struct work_struct *work)
1804 {
1805         struct b43_wl *wl = container_of(work, struct b43_wl,
1806                                          beacon_update_trigger);
1807         struct b43_wldev *dev;
1808
1809         mutex_lock(&wl->mutex);
1810         dev = wl->current_dev;
1811         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1812                 if (b43_bus_host_is_sdio(dev->dev)) {
1813                         /* wl->mutex is enough. */
1814                         b43_do_beacon_update_trigger_work(dev);
1815                         mmiowb();
1816                 } else {
1817                         spin_lock_irq(&wl->hardirq_lock);
1818                         b43_do_beacon_update_trigger_work(dev);
1819                         mmiowb();
1820                         spin_unlock_irq(&wl->hardirq_lock);
1821                 }
1822         }
1823         mutex_unlock(&wl->mutex);
1824 }
1825
1826 /* Asynchronously update the packet templates in template RAM. */
1827 static void b43_update_templates(struct b43_wl *wl)
1828 {
1829         struct sk_buff *beacon, *old_beacon;
1830         unsigned long flags;
1831
1832         /* This is the top half of the asynchronous beacon update.
1833          * The bottom half is the beacon IRQ.
1834          * Beacon update must be asynchronous to avoid sending an
1835          * invalid beacon. This can happen for example, if the firmware
1836          * transmits a beacon while we are updating it. */
1837
1838         /* We could modify the existing beacon and set the aid bit in
1839          * the TIM field, but that would probably require resizing and
1840          * moving of data within the beacon template.
1841          * Simply request a new beacon and let mac80211 do the hard work. */
1842         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1843         if (unlikely(!beacon))
1844                 return;
1845
1846         spin_lock_irqsave(&wl->beacon_lock, flags);
1847         old_beacon = wl->current_beacon;
1848         wl->current_beacon = beacon;
1849         wl->beacon0_uploaded = false;
1850         wl->beacon1_uploaded = false;
1851         spin_unlock_irqrestore(&wl->beacon_lock, flags);
1852
1853         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1854
1855         if (old_beacon)
1856                 dev_kfree_skb_any(old_beacon);
1857 }
1858
1859 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1860 {
1861         b43_time_lock(dev);
1862         if (dev->dev->core_rev >= 3) {
1863                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1864                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1865         } else {
1866                 b43_write16(dev, 0x606, (beacon_int >> 6));
1867                 b43_write16(dev, 0x610, beacon_int);
1868         }
1869         b43_time_unlock(dev);
1870         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1871 }
1872
1873 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1874 {
1875         u16 reason;
1876
1877         /* Read the register that contains the reason code for the panic. */
1878         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1879         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1880
1881         switch (reason) {
1882         default:
1883                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1884                 /* fallthrough */
1885         case B43_FWPANIC_DIE:
1886                 /* Do not restart the controller or firmware.
1887                  * The device is nonfunctional from now on.
1888                  * Restarting would result in this panic to trigger again,
1889                  * so we avoid that recursion. */
1890                 break;
1891         case B43_FWPANIC_RESTART:
1892                 b43_controller_restart(dev, "Microcode panic");
1893                 break;
1894         }
1895 }
1896
1897 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1898 {
1899         unsigned int i, cnt;
1900         u16 reason, marker_id, marker_line;
1901         __le16 *buf;
1902
1903         /* The proprietary firmware doesn't have this IRQ. */
1904         if (!dev->fw.opensource)
1905                 return;
1906
1907         /* Read the register that contains the reason code for this IRQ. */
1908         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1909
1910         switch (reason) {
1911         case B43_DEBUGIRQ_PANIC:
1912                 b43_handle_firmware_panic(dev);
1913                 break;
1914         case B43_DEBUGIRQ_DUMP_SHM:
1915                 if (!B43_DEBUG)
1916                         break; /* Only with driver debugging enabled. */
1917                 buf = kmalloc(4096, GFP_ATOMIC);
1918                 if (!buf) {
1919                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1920                         goto out;
1921                 }
1922                 for (i = 0; i < 4096; i += 2) {
1923                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1924                         buf[i / 2] = cpu_to_le16(tmp);
1925                 }
1926                 b43info(dev->wl, "Shared memory dump:\n");
1927                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1928                                16, 2, buf, 4096, 1);
1929                 kfree(buf);
1930                 break;
1931         case B43_DEBUGIRQ_DUMP_REGS:
1932                 if (!B43_DEBUG)
1933                         break; /* Only with driver debugging enabled. */
1934                 b43info(dev->wl, "Microcode register dump:\n");
1935                 for (i = 0, cnt = 0; i < 64; i++) {
1936                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1937                         if (cnt == 0)
1938                                 printk(KERN_INFO);
1939                         printk("r%02u: 0x%04X  ", i, tmp);
1940                         cnt++;
1941                         if (cnt == 6) {
1942                                 printk("\n");
1943                                 cnt = 0;
1944                         }
1945                 }
1946                 printk("\n");
1947                 break;
1948         case B43_DEBUGIRQ_MARKER:
1949                 if (!B43_DEBUG)
1950                         break; /* Only with driver debugging enabled. */
1951                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1952                                            B43_MARKER_ID_REG);
1953                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1954                                              B43_MARKER_LINE_REG);
1955                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1956                         "at line number %u\n",
1957                         marker_id, marker_line);
1958                 break;
1959         default:
1960                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1961                        reason);
1962         }
1963 out:
1964         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1965         b43_shm_write16(dev, B43_SHM_SCRATCH,
1966                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1967 }
1968
1969 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1970 {
1971         u32 reason;
1972         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1973         u32 merged_dma_reason = 0;
1974         int i;
1975
1976         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1977                 return;
1978
1979         reason = dev->irq_reason;
1980         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1981                 dma_reason[i] = dev->dma_reason[i];
1982                 merged_dma_reason |= dma_reason[i];
1983         }
1984
1985         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1986                 b43err(dev->wl, "MAC transmission error\n");
1987
1988         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1989                 b43err(dev->wl, "PHY transmission error\n");
1990                 rmb();
1991                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1992                         atomic_set(&dev->phy.txerr_cnt,
1993                                    B43_PHY_TX_BADNESS_LIMIT);
1994                         b43err(dev->wl, "Too many PHY TX errors, "
1995                                         "restarting the controller\n");
1996                         b43_controller_restart(dev, "PHY TX errors");
1997                 }
1998         }
1999
2000         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2001                 b43err(dev->wl,
2002                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2003                         dma_reason[0], dma_reason[1],
2004                         dma_reason[2], dma_reason[3],
2005                         dma_reason[4], dma_reason[5]);
2006                 b43err(dev->wl, "This device does not support DMA "
2007                                "on your system. It will now be switched to PIO.\n");
2008                 /* Fall back to PIO transfers if we get fatal DMA errors! */
2009                 dev->use_pio = true;
2010                 b43_controller_restart(dev, "DMA error");
2011                 return;
2012         }
2013
2014         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2015                 handle_irq_ucode_debug(dev);
2016         if (reason & B43_IRQ_TBTT_INDI)
2017                 handle_irq_tbtt_indication(dev);
2018         if (reason & B43_IRQ_ATIM_END)
2019                 handle_irq_atim_end(dev);
2020         if (reason & B43_IRQ_BEACON)
2021                 handle_irq_beacon(dev);
2022         if (reason & B43_IRQ_PMQ)
2023                 handle_irq_pmq(dev);
2024         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2025                 ;/* TODO */
2026         if (reason & B43_IRQ_NOISESAMPLE_OK)
2027                 handle_irq_noise(dev);
2028
2029         /* Check the DMA reason registers for received data. */
2030         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2031                 if (B43_DEBUG)
2032                         b43warn(dev->wl, "RX descriptor underrun\n");
2033                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2034         }
2035         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2036                 if (b43_using_pio_transfers(dev))
2037                         b43_pio_rx(dev->pio.rx_queue);
2038                 else
2039                         b43_dma_rx(dev->dma.rx_ring);
2040         }
2041         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2042         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2043         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2044         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2045         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2046
2047         if (reason & B43_IRQ_TX_OK)
2048                 handle_irq_transmit_status(dev);
2049
2050         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2051         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2052
2053 #if B43_DEBUG
2054         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2055                 dev->irq_count++;
2056                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2057                         if (reason & (1 << i))
2058                                 dev->irq_bit_count[i]++;
2059                 }
2060         }
2061 #endif
2062 }
2063
2064 /* Interrupt thread handler. Handles device interrupts in thread context. */
2065 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2066 {
2067         struct b43_wldev *dev = dev_id;
2068
2069         mutex_lock(&dev->wl->mutex);
2070         b43_do_interrupt_thread(dev);
2071         mmiowb();
2072         mutex_unlock(&dev->wl->mutex);
2073
2074         return IRQ_HANDLED;
2075 }
2076
2077 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2078 {
2079         u32 reason;
2080
2081         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2082          * On SDIO, this runs under wl->mutex. */
2083
2084         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2085         if (reason == 0xffffffff)       /* shared IRQ */
2086                 return IRQ_NONE;
2087         reason &= dev->irq_mask;
2088         if (!reason)
2089                 return IRQ_NONE;
2090
2091         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2092             & 0x0001FC00;
2093         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2094             & 0x0000DC00;
2095         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2096             & 0x0000DC00;
2097         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2098             & 0x0001DC00;
2099         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2100             & 0x0000DC00;
2101 /* Unused ring
2102         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2103             & 0x0000DC00;
2104 */
2105
2106         /* ACK the interrupt. */
2107         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2108         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2109         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2110         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2111         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2112         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2113 /* Unused ring
2114         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2115 */
2116
2117         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2118         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2119         /* Save the reason bitmasks for the IRQ thread handler. */
2120         dev->irq_reason = reason;
2121
2122         return IRQ_WAKE_THREAD;
2123 }
2124
2125 /* Interrupt handler top-half. This runs with interrupts disabled. */
2126 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2127 {
2128         struct b43_wldev *dev = dev_id;
2129         irqreturn_t ret;
2130
2131         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2132                 return IRQ_NONE;
2133
2134         spin_lock(&dev->wl->hardirq_lock);
2135         ret = b43_do_interrupt(dev);
2136         mmiowb();
2137         spin_unlock(&dev->wl->hardirq_lock);
2138
2139         return ret;
2140 }
2141
2142 /* SDIO interrupt handler. This runs in process context. */
2143 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2144 {
2145         struct b43_wl *wl = dev->wl;
2146         irqreturn_t ret;
2147
2148         mutex_lock(&wl->mutex);
2149
2150         ret = b43_do_interrupt(dev);
2151         if (ret == IRQ_WAKE_THREAD)
2152                 b43_do_interrupt_thread(dev);
2153
2154         mutex_unlock(&wl->mutex);
2155 }
2156
2157 void b43_do_release_fw(struct b43_firmware_file *fw)
2158 {
2159         release_firmware(fw->data);
2160         fw->data = NULL;
2161         fw->filename = NULL;
2162 }
2163
2164 static void b43_release_firmware(struct b43_wldev *dev)
2165 {
2166         complete(&dev->fw_load_complete);
2167         b43_do_release_fw(&dev->fw.ucode);
2168         b43_do_release_fw(&dev->fw.pcm);
2169         b43_do_release_fw(&dev->fw.initvals);
2170         b43_do_release_fw(&dev->fw.initvals_band);
2171 }
2172
2173 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2174 {
2175         const char text[] =
2176                 "You must go to " \
2177                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2178                 "and download the correct firmware for this driver version. " \
2179                 "Please carefully read all instructions on this website.\n";
2180
2181         if (error)
2182                 b43err(wl, text);
2183         else
2184                 b43warn(wl, text);
2185 }
2186
2187 static void b43_fw_cb(const struct firmware *firmware, void *context)
2188 {
2189         struct b43_request_fw_context *ctx = context;
2190
2191         ctx->blob = firmware;
2192         complete(&ctx->dev->fw_load_complete);
2193 }
2194
2195 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2196                       const char *name,
2197                       struct b43_firmware_file *fw, bool async)
2198 {
2199         struct b43_fw_header *hdr;
2200         u32 size;
2201         int err;
2202
2203         if (!name) {
2204                 /* Don't fetch anything. Free possibly cached firmware. */
2205                 /* FIXME: We should probably keep it anyway, to save some headache
2206                  * on suspend/resume with multiband devices. */
2207                 b43_do_release_fw(fw);
2208                 return 0;
2209         }
2210         if (fw->filename) {
2211                 if ((fw->type == ctx->req_type) &&
2212                     (strcmp(fw->filename, name) == 0))
2213                         return 0; /* Already have this fw. */
2214                 /* Free the cached firmware first. */
2215                 /* FIXME: We should probably do this later after we successfully
2216                  * got the new fw. This could reduce headache with multiband devices.
2217                  * We could also redesign this to cache the firmware for all possible
2218                  * bands all the time. */
2219                 b43_do_release_fw(fw);
2220         }
2221
2222         switch (ctx->req_type) {
2223         case B43_FWTYPE_PROPRIETARY:
2224                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2225                          "b43%s/%s.fw",
2226                          modparam_fwpostfix, name);
2227                 break;
2228         case B43_FWTYPE_OPENSOURCE:
2229                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2230                          "b43-open%s/%s.fw",
2231                          modparam_fwpostfix, name);
2232                 break;
2233         default:
2234                 B43_WARN_ON(1);
2235                 return -ENOSYS;
2236         }
2237         if (async) {
2238                 /* do this part asynchronously */
2239                 init_completion(&ctx->dev->fw_load_complete);
2240                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2241                                               ctx->dev->dev->dev, GFP_KERNEL,
2242                                               ctx, b43_fw_cb);
2243                 if (err < 0) {
2244                         pr_err("Unable to load firmware\n");
2245                         return err;
2246                 }
2247                 wait_for_completion(&ctx->dev->fw_load_complete);
2248                 if (ctx->blob)
2249                         goto fw_ready;
2250         /* On some ARM systems, the async request will fail, but the next sync
2251          * request works. For this reason, we fall through here
2252          */
2253         }
2254         err = request_firmware(&ctx->blob, ctx->fwname,
2255                                ctx->dev->dev->dev);
2256         if (err == -ENOENT) {
2257                 snprintf(ctx->errors[ctx->req_type],
2258                          sizeof(ctx->errors[ctx->req_type]),
2259                          "Firmware file \"%s\" not found\n",
2260                          ctx->fwname);
2261                 return err;
2262         } else if (err) {
2263                 snprintf(ctx->errors[ctx->req_type],
2264                          sizeof(ctx->errors[ctx->req_type]),
2265                          "Firmware file \"%s\" request failed (err=%d)\n",
2266                          ctx->fwname, err);
2267                 return err;
2268         }
2269 fw_ready:
2270         if (ctx->blob->size < sizeof(struct b43_fw_header))
2271                 goto err_format;
2272         hdr = (struct b43_fw_header *)(ctx->blob->data);
2273         switch (hdr->type) {
2274         case B43_FW_TYPE_UCODE:
2275         case B43_FW_TYPE_PCM:
2276                 size = be32_to_cpu(hdr->size);
2277                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2278                         goto err_format;
2279                 /* fallthrough */
2280         case B43_FW_TYPE_IV:
2281                 if (hdr->ver != 1)
2282                         goto err_format;
2283                 break;
2284         default:
2285                 goto err_format;
2286         }
2287
2288         fw->data = ctx->blob;
2289         fw->filename = name;
2290         fw->type = ctx->req_type;
2291
2292         return 0;
2293
2294 err_format:
2295         snprintf(ctx->errors[ctx->req_type],
2296                  sizeof(ctx->errors[ctx->req_type]),
2297                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2298         release_firmware(ctx->blob);
2299
2300         return -EPROTO;
2301 }
2302
2303 /* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2304 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2305 {
2306         struct b43_wldev *dev = ctx->dev;
2307         struct b43_firmware *fw = &ctx->dev->fw;
2308         struct b43_phy *phy = &dev->phy;
2309         const u8 rev = ctx->dev->dev->core_rev;
2310         const char *filename;
2311         int err;
2312
2313         /* Get microcode */
2314         filename = NULL;
2315         switch (rev) {
2316         case 42:
2317                 if (phy->type == B43_PHYTYPE_AC)
2318                         filename = "ucode42";
2319                 break;
2320         case 40:
2321                 if (phy->type == B43_PHYTYPE_AC)
2322                         filename = "ucode40";
2323                 break;
2324         case 33:
2325                 if (phy->type == B43_PHYTYPE_LCN40)
2326                         filename = "ucode33_lcn40";
2327                 break;
2328         case 30:
2329                 if (phy->type == B43_PHYTYPE_N)
2330                         filename = "ucode30_mimo";
2331                 break;
2332         case 29:
2333                 if (phy->type == B43_PHYTYPE_HT)
2334                         filename = "ucode29_mimo";
2335                 break;
2336         case 26:
2337                 if (phy->type == B43_PHYTYPE_HT)
2338                         filename = "ucode26_mimo";
2339                 break;
2340         case 28:
2341         case 25:
2342                 if (phy->type == B43_PHYTYPE_N)
2343                         filename = "ucode25_mimo";
2344                 else if (phy->type == B43_PHYTYPE_LCN)
2345                         filename = "ucode25_lcn";
2346                 break;
2347         case 24:
2348                 if (phy->type == B43_PHYTYPE_LCN)
2349                         filename = "ucode24_lcn";
2350                 break;
2351         case 23:
2352                 if (phy->type == B43_PHYTYPE_N)
2353                         filename = "ucode16_mimo";
2354                 break;
2355         case 16 ... 19:
2356                 if (phy->type == B43_PHYTYPE_N)
2357                         filename = "ucode16_mimo";
2358                 else if (phy->type == B43_PHYTYPE_LP)
2359                         filename = "ucode16_lp";
2360                 break;
2361         case 15:
2362                 filename = "ucode15";
2363                 break;
2364         case 14:
2365                 filename = "ucode14";
2366                 break;
2367         case 13:
2368                 filename = "ucode13";
2369                 break;
2370         case 11 ... 12:
2371                 filename = "ucode11";
2372                 break;
2373         case 5 ... 10:
2374                 filename = "ucode5";
2375                 break;
2376         }
2377         if (!filename)
2378                 goto err_no_ucode;
2379         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2380         if (err)
2381                 goto err_load;
2382
2383         /* Get PCM code */
2384         if ((rev >= 5) && (rev <= 10))
2385                 filename = "pcm5";
2386         else if (rev >= 11)
2387                 filename = NULL;
2388         else
2389                 goto err_no_pcm;
2390         fw->pcm_request_failed = false;
2391         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2392         if (err == -ENOENT) {
2393                 /* We did not find a PCM file? Not fatal, but
2394                  * core rev <= 10 must do without hwcrypto then. */
2395                 fw->pcm_request_failed = true;
2396         } else if (err)
2397                 goto err_load;
2398
2399         /* Get initvals */
2400         filename = NULL;
2401         switch (dev->phy.type) {
2402         case B43_PHYTYPE_G:
2403                 if (rev == 13)
2404                         filename = "b0g0initvals13";
2405                 else if (rev >= 5 && rev <= 10)
2406                         filename = "b0g0initvals5";
2407                 break;
2408         case B43_PHYTYPE_N:
2409                 if (rev == 30)
2410                         filename = "n16initvals30";
2411                 else if (rev == 28 || rev == 25)
2412                         filename = "n0initvals25";
2413                 else if (rev == 24)
2414                         filename = "n0initvals24";
2415                 else if (rev == 23)
2416                         filename = "n0initvals16"; /* What about n0initvals22? */
2417                 else if (rev >= 16 && rev <= 18)
2418                         filename = "n0initvals16";
2419                 else if (rev >= 11 && rev <= 12)
2420                         filename = "n0initvals11";
2421                 break;
2422         case B43_PHYTYPE_LP:
2423                 if (rev >= 16 && rev <= 18)
2424                         filename = "lp0initvals16";
2425                 else if (rev == 15)
2426                         filename = "lp0initvals15";
2427                 else if (rev == 14)
2428                         filename = "lp0initvals14";
2429                 else if (rev == 13)
2430                         filename = "lp0initvals13";
2431                 break;
2432         case B43_PHYTYPE_HT:
2433                 if (rev == 29)
2434                         filename = "ht0initvals29";
2435                 else if (rev == 26)
2436                         filename = "ht0initvals26";
2437                 break;
2438         case B43_PHYTYPE_LCN:
2439                 if (rev == 24)
2440                         filename = "lcn0initvals24";
2441                 break;
2442         case B43_PHYTYPE_LCN40:
2443                 if (rev == 33)
2444                         filename = "lcn400initvals33";
2445                 break;
2446         case B43_PHYTYPE_AC:
2447                 if (rev == 42)
2448                         filename = "ac1initvals42";
2449                 else if (rev == 40)
2450                         filename = "ac0initvals40";
2451                 break;
2452         }
2453         if (!filename)
2454                 goto err_no_initvals;
2455         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2456         if (err)
2457                 goto err_load;
2458
2459         /* Get bandswitch initvals */
2460         filename = NULL;
2461         switch (dev->phy.type) {
2462         case B43_PHYTYPE_G:
2463                 if (rev == 13)
2464                         filename = "b0g0bsinitvals13";
2465                 else if (rev >= 5 && rev <= 10)
2466                         filename = "b0g0bsinitvals5";
2467                 break;
2468         case B43_PHYTYPE_N:
2469                 if (rev == 30)
2470                         filename = "n16bsinitvals30";
2471                 else if (rev == 28 || rev == 25)
2472                         filename = "n0bsinitvals25";
2473                 else if (rev == 24)
2474                         filename = "n0bsinitvals24";
2475                 else if (rev == 23)
2476                         filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2477                 else if (rev >= 16 && rev <= 18)
2478                         filename = "n0bsinitvals16";
2479                 else if (rev >= 11 && rev <= 12)
2480                         filename = "n0bsinitvals11";
2481                 break;
2482         case B43_PHYTYPE_LP:
2483                 if (rev >= 16 && rev <= 18)
2484                         filename = "lp0bsinitvals16";
2485                 else if (rev == 15)
2486                         filename = "lp0bsinitvals15";
2487                 else if (rev == 14)
2488                         filename = "lp0bsinitvals14";
2489                 else if (rev == 13)
2490                         filename = "lp0bsinitvals13";
2491                 break;
2492         case B43_PHYTYPE_HT:
2493                 if (rev == 29)
2494                         filename = "ht0bsinitvals29";
2495                 else if (rev == 26)
2496                         filename = "ht0bsinitvals26";
2497                 break;
2498         case B43_PHYTYPE_LCN:
2499                 if (rev == 24)
2500                         filename = "lcn0bsinitvals24";
2501                 break;
2502         case B43_PHYTYPE_LCN40:
2503                 if (rev == 33)
2504                         filename = "lcn400bsinitvals33";
2505                 break;
2506         case B43_PHYTYPE_AC:
2507                 if (rev == 42)
2508                         filename = "ac1bsinitvals42";
2509                 else if (rev == 40)
2510                         filename = "ac0bsinitvals40";
2511                 break;
2512         }
2513         if (!filename)
2514                 goto err_no_initvals;
2515         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2516         if (err)
2517                 goto err_load;
2518
2519         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2520
2521         return 0;
2522
2523 err_no_ucode:
2524         err = ctx->fatal_failure = -EOPNOTSUPP;
2525         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2526                "is required for your device (wl-core rev %u)\n", rev);
2527         goto error;
2528
2529 err_no_pcm:
2530         err = ctx->fatal_failure = -EOPNOTSUPP;
2531         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2532                "is required for your device (wl-core rev %u)\n", rev);
2533         goto error;
2534
2535 err_no_initvals:
2536         err = ctx->fatal_failure = -EOPNOTSUPP;
2537         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2538                "is required for your device (wl-core rev %u)\n", rev);
2539         goto error;
2540
2541 err_load:
2542         /* We failed to load this firmware image. The error message
2543          * already is in ctx->errors. Return and let our caller decide
2544          * what to do. */
2545         goto error;
2546
2547 error:
2548         b43_release_firmware(dev);
2549         return err;
2550 }
2551
2552 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2553 static void b43_one_core_detach(struct b43_bus_dev *dev);
2554 static int b43_rng_init(struct b43_wl *wl);
2555
2556 static void b43_request_firmware(struct work_struct *work)
2557 {
2558         struct b43_wl *wl = container_of(work,
2559                             struct b43_wl, firmware_load);
2560         struct b43_wldev *dev = wl->current_dev;
2561         struct b43_request_fw_context *ctx;
2562         unsigned int i;
2563         int err;
2564         const char *errmsg;
2565
2566         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2567         if (!ctx)
2568                 return;
2569         ctx->dev = dev;
2570
2571         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2572         err = b43_try_request_fw(ctx);
2573         if (!err)
2574                 goto start_ieee80211; /* Successfully loaded it. */
2575         /* Was fw version known? */
2576         if (ctx->fatal_failure)
2577                 goto out;
2578
2579         /* proprietary fw not found, try open source */
2580         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2581         err = b43_try_request_fw(ctx);
2582         if (!err)
2583                 goto start_ieee80211; /* Successfully loaded it. */
2584         if(ctx->fatal_failure)
2585                 goto out;
2586
2587         /* Could not find a usable firmware. Print the errors. */
2588         for (i = 0; i < B43_NR_FWTYPES; i++) {
2589                 errmsg = ctx->errors[i];
2590                 if (strlen(errmsg))
2591                         b43err(dev->wl, "%s", errmsg);
2592         }
2593         b43_print_fw_helptext(dev->wl, 1);
2594         goto out;
2595
2596 start_ieee80211:
2597         wl->hw->queues = B43_QOS_QUEUE_NUM;
2598         if (!modparam_qos || dev->fw.opensource)
2599                 wl->hw->queues = 1;
2600
2601         err = ieee80211_register_hw(wl->hw);
2602         if (err)
2603                 goto err_one_core_detach;
2604         wl->hw_registred = true;
2605         b43_leds_register(wl->current_dev);
2606
2607         /* Register HW RNG driver */
2608         b43_rng_init(wl);
2609
2610         goto out;
2611
2612 err_one_core_detach:
2613         b43_one_core_detach(dev->dev);
2614
2615 out:
2616         kfree(ctx);
2617 }
2618
2619 static int b43_upload_microcode(struct b43_wldev *dev)
2620 {
2621         struct wiphy *wiphy = dev->wl->hw->wiphy;
2622         const size_t hdr_len = sizeof(struct b43_fw_header);
2623         const __be32 *data;
2624         unsigned int i, len;
2625         u16 fwrev, fwpatch, fwdate, fwtime;
2626         u32 tmp, macctl;
2627         int err = 0;
2628
2629         /* Jump the microcode PSM to offset 0 */
2630         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2631         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2632         macctl |= B43_MACCTL_PSM_JMP0;
2633         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2634         /* Zero out all microcode PSM registers and shared memory. */
2635         for (i = 0; i < 64; i++)
2636                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2637         for (i = 0; i < 4096; i += 2)
2638                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2639
2640         /* Upload Microcode. */
2641         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2642         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2643         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2644         for (i = 0; i < len; i++) {
2645                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2646                 udelay(10);
2647         }
2648
2649         if (dev->fw.pcm.data) {
2650                 /* Upload PCM data. */
2651                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2652                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2653                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2654                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2655                 /* No need for autoinc bit in SHM_HW */
2656                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2657                 for (i = 0; i < len; i++) {
2658                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2659                         udelay(10);
2660                 }
2661         }
2662
2663         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2664
2665         /* Start the microcode PSM */
2666         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2667                       B43_MACCTL_PSM_RUN);
2668
2669         /* Wait for the microcode to load and respond */
2670         i = 0;
2671         while (1) {
2672                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2673                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2674                         break;
2675                 i++;
2676                 if (i >= 20) {
2677                         b43err(dev->wl, "Microcode not responding\n");
2678                         b43_print_fw_helptext(dev->wl, 1);
2679                         err = -ENODEV;
2680                         goto error;
2681                 }
2682                 msleep(50);
2683         }
2684         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2685
2686         /* Get and check the revisions. */
2687         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2688         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2689         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2690         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2691
2692         if (fwrev <= 0x128) {
2693                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2694                        "binary drivers older than version 4.x is unsupported. "
2695                        "You must upgrade your firmware files.\n");
2696                 b43_print_fw_helptext(dev->wl, 1);
2697                 err = -EOPNOTSUPP;
2698                 goto error;
2699         }
2700         dev->fw.rev = fwrev;
2701         dev->fw.patch = fwpatch;
2702         if (dev->fw.rev >= 598)
2703                 dev->fw.hdr_format = B43_FW_HDR_598;
2704         else if (dev->fw.rev >= 410)
2705                 dev->fw.hdr_format = B43_FW_HDR_410;
2706         else
2707                 dev->fw.hdr_format = B43_FW_HDR_351;
2708         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2709
2710         dev->qos_enabled = dev->wl->hw->queues > 1;
2711         /* Default to firmware/hardware crypto acceleration. */
2712         dev->hwcrypto_enabled = true;
2713
2714         if (dev->fw.opensource) {
2715                 u16 fwcapa;
2716
2717                 /* Patchlevel info is encoded in the "time" field. */
2718                 dev->fw.patch = fwtime;
2719                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2720                         dev->fw.rev, dev->fw.patch);
2721
2722                 fwcapa = b43_fwcapa_read(dev);
2723                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2724                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2725                         /* Disable hardware crypto and fall back to software crypto. */
2726                         dev->hwcrypto_enabled = false;
2727                 }
2728                 /* adding QoS support should use an offline discovery mechanism */
2729                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2730         } else {
2731                 b43info(dev->wl, "Loading firmware version %u.%u "
2732                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2733                         fwrev, fwpatch,
2734                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2735                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2736                 if (dev->fw.pcm_request_failed) {
2737                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2738                                 "Hardware accelerated cryptography is disabled.\n");
2739                         b43_print_fw_helptext(dev->wl, 0);
2740                 }
2741         }
2742
2743         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2744                         dev->fw.rev, dev->fw.patch);
2745         wiphy->hw_version = dev->dev->core_id;
2746
2747         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2748                 /* We're over the deadline, but we keep support for old fw
2749                  * until it turns out to be in major conflict with something new. */
2750                 b43warn(dev->wl, "You are using an old firmware image. "
2751                         "Support for old firmware will be removed soon "
2752                         "(official deadline was July 2008).\n");
2753                 b43_print_fw_helptext(dev->wl, 0);
2754         }
2755
2756         return 0;
2757
2758 error:
2759         /* Stop the microcode PSM. */
2760         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2761                       B43_MACCTL_PSM_JMP0);
2762
2763         return err;
2764 }
2765
2766 static int b43_write_initvals(struct b43_wldev *dev,
2767                               const struct b43_iv *ivals,
2768                               size_t count,
2769                               size_t array_size)
2770 {
2771         const struct b43_iv *iv;
2772         u16 offset;
2773         size_t i;
2774         bool bit32;
2775
2776         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2777         iv = ivals;
2778         for (i = 0; i < count; i++) {
2779                 if (array_size < sizeof(iv->offset_size))
2780                         goto err_format;
2781                 array_size -= sizeof(iv->offset_size);
2782                 offset = be16_to_cpu(iv->offset_size);
2783                 bit32 = !!(offset & B43_IV_32BIT);
2784                 offset &= B43_IV_OFFSET_MASK;
2785                 if (offset >= 0x1000)
2786                         goto err_format;
2787                 if (bit32) {
2788                         u32 value;
2789
2790                         if (array_size < sizeof(iv->data.d32))
2791                                 goto err_format;
2792                         array_size -= sizeof(iv->data.d32);
2793
2794                         value = get_unaligned_be32(&iv->data.d32);
2795                         b43_write32(dev, offset, value);
2796
2797                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2798                                                         sizeof(__be16) +
2799                                                         sizeof(__be32));
2800                 } else {
2801                         u16 value;
2802
2803                         if (array_size < sizeof(iv->data.d16))
2804                                 goto err_format;
2805                         array_size -= sizeof(iv->data.d16);
2806
2807                         value = be16_to_cpu(iv->data.d16);
2808                         b43_write16(dev, offset, value);
2809
2810                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2811                                                         sizeof(__be16) +
2812                                                         sizeof(__be16));
2813                 }
2814         }
2815         if (array_size)
2816                 goto err_format;
2817
2818         return 0;
2819
2820 err_format:
2821         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2822         b43_print_fw_helptext(dev->wl, 1);
2823
2824         return -EPROTO;
2825 }
2826
2827 static int b43_upload_initvals(struct b43_wldev *dev)
2828 {
2829         const size_t hdr_len = sizeof(struct b43_fw_header);
2830         const struct b43_fw_header *hdr;
2831         struct b43_firmware *fw = &dev->fw;
2832         const struct b43_iv *ivals;
2833         size_t count;
2834
2835         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2836         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2837         count = be32_to_cpu(hdr->size);
2838         return b43_write_initvals(dev, ivals, count,
2839                                  fw->initvals.data->size - hdr_len);
2840 }
2841
2842 static int b43_upload_initvals_band(struct b43_wldev *dev)
2843 {
2844         const size_t hdr_len = sizeof(struct b43_fw_header);
2845         const struct b43_fw_header *hdr;
2846         struct b43_firmware *fw = &dev->fw;
2847         const struct b43_iv *ivals;
2848         size_t count;
2849
2850         if (!fw->initvals_band.data)
2851                 return 0;
2852
2853         hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2854         ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2855         count = be32_to_cpu(hdr->size);
2856         return b43_write_initvals(dev, ivals, count,
2857                                   fw->initvals_band.data->size - hdr_len);
2858 }
2859
2860 /* Initialize the GPIOs
2861  * http://bcm-specs.sipsolutions.net/GPIO
2862  */
2863
2864 #ifdef CONFIG_B43_SSB
2865 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2866 {
2867         struct ssb_bus *bus = dev->dev->sdev->bus;
2868
2869 #ifdef CONFIG_SSB_DRIVER_PCICORE
2870         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2871 #else
2872         return bus->chipco.dev;
2873 #endif
2874 }
2875 #endif
2876
2877 static int b43_gpio_init(struct b43_wldev *dev)
2878 {
2879 #ifdef CONFIG_B43_SSB
2880         struct ssb_device *gpiodev;
2881 #endif
2882         u32 mask, set;
2883
2884         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2885         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2886
2887         mask = 0x0000001F;
2888         set = 0x0000000F;
2889         if (dev->dev->chip_id == 0x4301) {
2890                 mask |= 0x0060;
2891                 set |= 0x0060;
2892         } else if (dev->dev->chip_id == 0x5354) {
2893                 /* Don't allow overtaking buttons GPIOs */
2894                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2895         }
2896
2897         if (0 /* FIXME: conditional unknown */ ) {
2898                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2899                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2900                             | 0x0100);
2901                 /* BT Coexistance Input */
2902                 mask |= 0x0080;
2903                 set |= 0x0080;
2904                 /* BT Coexistance Out */
2905                 mask |= 0x0100;
2906                 set |= 0x0100;
2907         }
2908         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2909                 /* PA is controlled by gpio 9, let ucode handle it */
2910                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2911                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2912                             | 0x0200);
2913                 mask |= 0x0200;
2914                 set |= 0x0200;
2915         }
2916
2917         switch (dev->dev->bus_type) {
2918 #ifdef CONFIG_B43_BCMA
2919         case B43_BUS_BCMA:
2920                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2921                 break;
2922 #endif
2923 #ifdef CONFIG_B43_SSB
2924         case B43_BUS_SSB:
2925                 gpiodev = b43_ssb_gpio_dev(dev);
2926                 if (gpiodev)
2927                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2928                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2929                                     & ~mask) | set);
2930                 break;
2931 #endif
2932         }
2933
2934         return 0;
2935 }
2936
2937 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2938 static void b43_gpio_cleanup(struct b43_wldev *dev)
2939 {
2940 #ifdef CONFIG_B43_SSB
2941         struct ssb_device *gpiodev;
2942 #endif
2943
2944         switch (dev->dev->bus_type) {
2945 #ifdef CONFIG_B43_BCMA
2946         case B43_BUS_BCMA:
2947                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2948                 break;
2949 #endif
2950 #ifdef CONFIG_B43_SSB
2951         case B43_BUS_SSB:
2952                 gpiodev = b43_ssb_gpio_dev(dev);
2953                 if (gpiodev)
2954                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2955                 break;
2956 #endif
2957         }
2958 }
2959
2960 /* http://bcm-specs.sipsolutions.net/EnableMac */
2961 void b43_mac_enable(struct b43_wldev *dev)
2962 {
2963         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2964                 u16 fwstate;
2965
2966                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2967                                          B43_SHM_SH_UCODESTAT);
2968                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2969                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2970                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2971                                "should be suspended, but current state is %u\n",
2972                                fwstate);
2973                 }
2974         }
2975
2976         dev->mac_suspended--;
2977         B43_WARN_ON(dev->mac_suspended < 0);
2978         if (dev->mac_suspended == 0) {
2979                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2980                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2981                             B43_IRQ_MAC_SUSPENDED);
2982                 /* Commit writes */
2983                 b43_read32(dev, B43_MMIO_MACCTL);
2984                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2985                 b43_power_saving_ctl_bits(dev, 0);
2986         }
2987 }
2988
2989 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2990 void b43_mac_suspend(struct b43_wldev *dev)
2991 {
2992         int i;
2993         u32 tmp;
2994
2995         might_sleep();
2996         B43_WARN_ON(dev->mac_suspended < 0);
2997
2998         if (dev->mac_suspended == 0) {
2999                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3000                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3001                 /* force pci to flush the write */
3002                 b43_read32(dev, B43_MMIO_MACCTL);
3003                 for (i = 35; i; i--) {
3004                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3005                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3006                                 goto out;
3007                         udelay(10);
3008                 }
3009                 /* Hm, it seems this will take some time. Use msleep(). */
3010                 for (i = 40; i; i--) {
3011                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3012                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3013                                 goto out;
3014                         msleep(1);
3015                 }
3016                 b43err(dev->wl, "MAC suspend failed\n");
3017         }
3018 out:
3019         dev->mac_suspended++;
3020 }
3021
3022 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3023 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3024 {
3025         u32 tmp;
3026
3027         switch (dev->dev->bus_type) {
3028 #ifdef CONFIG_B43_BCMA
3029         case B43_BUS_BCMA:
3030                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3031                 if (on)
3032                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3033                 else
3034                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3035                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3036                 break;
3037 #endif
3038 #ifdef CONFIG_B43_SSB
3039         case B43_BUS_SSB:
3040                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3041                 if (on)
3042                         tmp |= B43_TMSLOW_MACPHYCLKEN;
3043                 else
3044                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3045                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3046                 break;
3047 #endif
3048         }
3049 }
3050
3051 /* brcms_b_switch_macfreq */
3052 void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3053 {
3054         u16 chip_id = dev->dev->chip_id;
3055
3056         if (chip_id == BCMA_CHIP_ID_BCM4331) {
3057                 switch (spurmode) {
3058                 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3059                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3060                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3061                         break;
3062                 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3063                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3064                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3065                         break;
3066                 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3067                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3068                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3069                         break;
3070                 }
3071         } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3072             chip_id == BCMA_CHIP_ID_BCM43217 ||
3073             chip_id == BCMA_CHIP_ID_BCM43222 ||
3074             chip_id == BCMA_CHIP_ID_BCM43224 ||
3075             chip_id == BCMA_CHIP_ID_BCM43225 ||
3076             chip_id == BCMA_CHIP_ID_BCM43227 ||
3077             chip_id == BCMA_CHIP_ID_BCM43228) {
3078                 switch (spurmode) {
3079                 case 2: /* 126 Mhz */
3080                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3081                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3082                         break;
3083                 case 1: /* 123 Mhz */
3084                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3085                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3086                         break;
3087                 default: /* 120 Mhz */
3088                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3089                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3090                         break;
3091                 }
3092         } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3093                 switch (spurmode) {
3094                 case 1: /* 82 Mhz */
3095                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3096                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3097                         break;
3098                 default: /* 80 Mhz */
3099                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3100                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3101                         break;
3102                 }
3103         }
3104 }
3105
3106 static void b43_adjust_opmode(struct b43_wldev *dev)
3107 {
3108         struct b43_wl *wl = dev->wl;
3109         u32 ctl;
3110         u16 cfp_pretbtt;
3111
3112         ctl = b43_read32(dev, B43_MMIO_MACCTL);
3113         /* Reset status to STA infrastructure mode. */
3114         ctl &= ~B43_MACCTL_AP;
3115         ctl &= ~B43_MACCTL_KEEP_CTL;
3116         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3117         ctl &= ~B43_MACCTL_KEEP_BAD;
3118         ctl &= ~B43_MACCTL_PROMISC;
3119         ctl &= ~B43_MACCTL_BEACPROMISC;
3120         ctl |= B43_MACCTL_INFRA;
3121
3122         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3123             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3124                 ctl |= B43_MACCTL_AP;
3125         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3126                 ctl &= ~B43_MACCTL_INFRA;
3127
3128         if (wl->filter_flags & FIF_CONTROL)
3129                 ctl |= B43_MACCTL_KEEP_CTL;
3130         if (wl->filter_flags & FIF_FCSFAIL)
3131                 ctl |= B43_MACCTL_KEEP_BAD;
3132         if (wl->filter_flags & FIF_PLCPFAIL)
3133                 ctl |= B43_MACCTL_KEEP_BADPLCP;
3134         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3135                 ctl |= B43_MACCTL_BEACPROMISC;
3136
3137         /* Workaround: On old hardware the HW-MAC-address-filter
3138          * doesn't work properly, so always run promisc in filter
3139          * it in software. */
3140         if (dev->dev->core_rev <= 4)
3141                 ctl |= B43_MACCTL_PROMISC;
3142
3143         b43_write32(dev, B43_MMIO_MACCTL, ctl);
3144
3145         cfp_pretbtt = 2;
3146         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3147                 if (dev->dev->chip_id == 0x4306 &&
3148                     dev->dev->chip_rev == 3)
3149                         cfp_pretbtt = 100;
3150                 else
3151                         cfp_pretbtt = 50;
3152         }
3153         b43_write16(dev, 0x612, cfp_pretbtt);
3154
3155         /* FIXME: We don't currently implement the PMQ mechanism,
3156          *        so always disable it. If we want to implement PMQ,
3157          *        we need to enable it here (clear DISCPMQ) in AP mode.
3158          */
3159         if (0  /* ctl & B43_MACCTL_AP */)
3160                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3161         else
3162                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3163 }
3164
3165 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3166 {
3167         u16 offset;
3168
3169         if (is_ofdm) {
3170                 offset = 0x480;
3171                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3172         } else {
3173                 offset = 0x4C0;
3174                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3175         }
3176         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3177                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
3178 }
3179
3180 static void b43_rate_memory_init(struct b43_wldev *dev)
3181 {
3182         switch (dev->phy.type) {
3183         case B43_PHYTYPE_A:
3184         case B43_PHYTYPE_G:
3185         case B43_PHYTYPE_N:
3186         case B43_PHYTYPE_LP:
3187         case B43_PHYTYPE_HT:
3188         case B43_PHYTYPE_LCN:
3189                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3190                 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3191                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3192                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3193                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3194                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3195                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3196                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3197                 if (dev->phy.type == B43_PHYTYPE_A)
3198                         break;
3199                 /* fallthrough */
3200         case B43_PHYTYPE_B:
3201                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3202                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3203                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3204                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3205                 break;
3206         default:
3207                 B43_WARN_ON(1);
3208         }
3209 }
3210
3211 /* Set the default values for the PHY TX Control Words. */
3212 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3213 {
3214         u16 ctl = 0;
3215
3216         ctl |= B43_TXH_PHY_ENC_CCK;
3217         ctl |= B43_TXH_PHY_ANT01AUTO;
3218         ctl |= B43_TXH_PHY_TXPWR;
3219
3220         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3221         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3222         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3223 }
3224
3225 /* Set the TX-Antenna for management frames sent by firmware. */
3226 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3227 {
3228         u16 ant;
3229         u16 tmp;
3230
3231         ant = b43_antenna_to_phyctl(antenna);
3232
3233         /* For ACK/CTS */
3234         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3235         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3236         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3237         /* For Probe Resposes */
3238         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3239         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3240         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3241 }
3242
3243 /* This is the opposite of b43_chip_init() */
3244 static void b43_chip_exit(struct b43_wldev *dev)
3245 {
3246         b43_phy_exit(dev);
3247         b43_gpio_cleanup(dev);
3248         /* firmware is released later */
3249 }
3250
3251 /* Initialize the chip
3252  * http://bcm-specs.sipsolutions.net/ChipInit
3253  */
3254 static int b43_chip_init(struct b43_wldev *dev)
3255 {
3256         struct b43_phy *phy = &dev->phy;
3257         int err;
3258         u32 macctl;
3259         u16 value16;
3260
3261         /* Initialize the MAC control */
3262         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3263         if (dev->phy.gmode)
3264                 macctl |= B43_MACCTL_GMODE;
3265         macctl |= B43_MACCTL_INFRA;
3266         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3267
3268         err = b43_upload_microcode(dev);
3269         if (err)
3270                 goto out;       /* firmware is released later */
3271
3272         err = b43_gpio_init(dev);
3273         if (err)
3274                 goto out;       /* firmware is released later */
3275
3276         err = b43_upload_initvals(dev);
3277         if (err)
3278                 goto err_gpio_clean;
3279
3280         err = b43_upload_initvals_band(dev);
3281         if (err)
3282                 goto err_gpio_clean;
3283
3284         /* Turn the Analog on and initialize the PHY. */
3285         phy->ops->switch_analog(dev, 1);
3286         err = b43_phy_init(dev);
3287         if (err)
3288                 goto err_gpio_clean;
3289
3290         /* Disable Interference Mitigation. */
3291         if (phy->ops->interf_mitigation)
3292                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3293
3294         /* Select the antennae */
3295         if (phy->ops->set_rx_antenna)
3296                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3297         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3298
3299         if (phy->type == B43_PHYTYPE_B) {
3300                 value16 = b43_read16(dev, 0x005E);
3301                 value16 |= 0x0004;
3302                 b43_write16(dev, 0x005E, value16);
3303         }
3304         b43_write32(dev, 0x0100, 0x01000000);
3305         if (dev->dev->core_rev < 5)
3306                 b43_write32(dev, 0x010C, 0x01000000);
3307
3308         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3309         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3310
3311         /* Probe Response Timeout value */
3312         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3313         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3314
3315         /* Initially set the wireless operation mode. */
3316         b43_adjust_opmode(dev);
3317
3318         if (dev->dev->core_rev < 3) {
3319                 b43_write16(dev, 0x060E, 0x0000);
3320                 b43_write16(dev, 0x0610, 0x8000);
3321                 b43_write16(dev, 0x0604, 0x0000);
3322                 b43_write16(dev, 0x0606, 0x0200);
3323         } else {
3324                 b43_write32(dev, 0x0188, 0x80000000);
3325                 b43_write32(dev, 0x018C, 0x02000000);
3326         }
3327         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3328         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3329         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3330         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3331         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3332         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3333         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3334
3335         b43_mac_phy_clock_set(dev, true);
3336
3337         switch (dev->dev->bus_type) {
3338 #ifdef CONFIG_B43_BCMA
3339         case B43_BUS_BCMA:
3340                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3341                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3342                 break;
3343 #endif
3344 #ifdef CONFIG_B43_SSB
3345         case B43_BUS_SSB:
3346                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3347                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3348                 break;
3349 #endif
3350         }
3351
3352         err = 0;
3353         b43dbg(dev->wl, "Chip initialized\n");
3354 out:
3355         return err;
3356
3357 err_gpio_clean:
3358         b43_gpio_cleanup(dev);
3359         return err;
3360 }
3361
3362 static void b43_periodic_every60sec(struct b43_wldev *dev)
3363 {
3364         const struct b43_phy_operations *ops = dev->phy.ops;
3365
3366         if (ops->pwork_60sec)
3367                 ops->pwork_60sec(dev);
3368
3369         /* Force check the TX power emission now. */
3370         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3371 }
3372
3373 static void b43_periodic_every30sec(struct b43_wldev *dev)
3374 {
3375         /* Update device statistics. */
3376         b43_calculate_link_quality(dev);
3377 }
3378
3379 static void b43_periodic_every15sec(struct b43_wldev *dev)
3380 {
3381         struct b43_phy *phy = &dev->phy;
3382         u16 wdr;
3383
3384         if (dev->fw.opensource) {
3385                 /* Check if the firmware is still alive.
3386                  * It will reset the watchdog counter to 0 in its idle loop. */
3387                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3388                 if (unlikely(wdr)) {
3389                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3390                         b43_controller_restart(dev, "Firmware watchdog");
3391                         return;
3392                 } else {
3393                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3394                                         B43_WATCHDOG_REG, 1);
3395                 }
3396         }
3397
3398         if (phy->ops->pwork_15sec)
3399                 phy->ops->pwork_15sec(dev);
3400
3401         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3402         wmb();
3403
3404 #if B43_DEBUG
3405         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3406                 unsigned int i;
3407
3408                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3409                        dev->irq_count / 15,
3410                        dev->tx_count / 15,
3411                        dev->rx_count / 15);
3412                 dev->irq_count = 0;
3413                 dev->tx_count = 0;
3414                 dev->rx_count = 0;
3415                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3416                         if (dev->irq_bit_count[i]) {
3417                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3418                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3419                                 dev->irq_bit_count[i] = 0;
3420                         }
3421                 }
3422         }
3423 #endif
3424 }
3425
3426 static void do_periodic_work(struct b43_wldev *dev)
3427 {
3428         unsigned int state;
3429
3430         state = dev->periodic_state;
3431         if (state % 4 == 0)
3432                 b43_periodic_every60sec(dev);
3433         if (state % 2 == 0)
3434                 b43_periodic_every30sec(dev);
3435         b43_periodic_every15sec(dev);
3436 }
3437
3438 /* Periodic work locking policy:
3439  *      The whole periodic work handler is protected by
3440  *      wl->mutex. If another lock is needed somewhere in the
3441  *      pwork callchain, it's acquired in-place, where it's needed.
3442  */
3443 static void b43_periodic_work_handler(struct work_struct *work)
3444 {
3445         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3446                                              periodic_work.work);
3447         struct b43_wl *wl = dev->wl;
3448         unsigned long delay;
3449
3450         mutex_lock(&wl->mutex);
3451
3452         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3453                 goto out;
3454         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3455                 goto out_requeue;
3456
3457         do_periodic_work(dev);
3458
3459         dev->periodic_state++;
3460 out_requeue:
3461         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3462                 delay = msecs_to_jiffies(50);
3463         else
3464                 delay = round_jiffies_relative(HZ * 15);
3465         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3466 out:
3467         mutex_unlock(&wl->mutex);
3468 }
3469
3470 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3471 {
3472         struct delayed_work *work = &dev->periodic_work;
3473
3474         dev->periodic_state = 0;
3475         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3476         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3477 }
3478
3479 /* Check if communication with the device works correctly. */
3480 static int b43_validate_chipaccess(struct b43_wldev *dev)
3481 {
3482         u32 v, backup0, backup4;
3483
3484         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3485         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3486
3487         /* Check for read/write and endianness problems. */
3488         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3489         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3490                 goto error;
3491         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3492         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3493                 goto error;
3494
3495         /* Check if unaligned 32bit SHM_SHARED access works properly.
3496          * However, don't bail out on failure, because it's noncritical. */
3497         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3498         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3499         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3500         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3501         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3502                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3503         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3504         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3505             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3506             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3507             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3508                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3509
3510         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3511         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3512
3513         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3514                 /* The 32bit register shadows the two 16bit registers
3515                  * with update sideeffects. Validate this. */
3516                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3517                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3518                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3519                         goto error;
3520                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3521                         goto error;
3522         }
3523         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3524
3525         v = b43_read32(dev, B43_MMIO_MACCTL);
3526         v |= B43_MACCTL_GMODE;
3527         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3528                 goto error;
3529
3530         return 0;
3531 error:
3532         b43err(dev->wl, "Failed to validate the chipaccess\n");
3533         return -ENODEV;
3534 }
3535
3536 static void b43_security_init(struct b43_wldev *dev)
3537 {
3538         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3539         /* KTP is a word address, but we address SHM bytewise.
3540          * So multiply by two.
3541          */
3542         dev->ktp *= 2;
3543         /* Number of RCMTA address slots */
3544         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3545         /* Clear the key memory. */
3546         b43_clear_keys(dev);
3547 }
3548
3549 #ifdef CONFIG_B43_HWRNG
3550 static int b43_rng_read(struct hwrng *rng, u32 *data)
3551 {
3552         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3553         struct b43_wldev *dev;
3554         int count = -ENODEV;
3555
3556         mutex_lock(&wl->mutex);
3557         dev = wl->current_dev;
3558         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3559                 *data = b43_read16(dev, B43_MMIO_RNG);
3560                 count = sizeof(u16);
3561         }
3562         mutex_unlock(&wl->mutex);
3563
3564         return count;
3565 }
3566 #endif /* CONFIG_B43_HWRNG */
3567
3568 static void b43_rng_exit(struct b43_wl *wl)
3569 {
3570 #ifdef CONFIG_B43_HWRNG
3571         if (wl->rng_initialized)
3572                 hwrng_unregister(&wl->rng);
3573 #endif /* CONFIG_B43_HWRNG */
3574 }
3575
3576 static int b43_rng_init(struct b43_wl *wl)
3577 {
3578         int err = 0;
3579
3580 #ifdef CONFIG_B43_HWRNG
3581         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3582                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3583         wl->rng.name = wl->rng_name;
3584         wl->rng.data_read = b43_rng_read;
3585         wl->rng.priv = (unsigned long)wl;
3586         wl->rng_initialized = true;
3587         err = hwrng_register(&wl->rng);
3588         if (err) {
3589                 wl->rng_initialized = false;
3590                 b43err(wl, "Failed to register the random "
3591                        "number generator (%d)\n", err);
3592         }
3593 #endif /* CONFIG_B43_HWRNG */
3594
3595         return err;
3596 }
3597
3598 static void b43_tx_work(struct work_struct *work)
3599 {
3600         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3601         struct b43_wldev *dev;
3602         struct sk_buff *skb;
3603         int queue_num;
3604         int err = 0;
3605
3606         mutex_lock(&wl->mutex);
3607         dev = wl->current_dev;
3608         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3609                 mutex_unlock(&wl->mutex);
3610                 return;
3611         }
3612
3613         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3614                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3615                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3616                         if (b43_using_pio_transfers(dev))
3617                                 err = b43_pio_tx(dev, skb);
3618                         else
3619                                 err = b43_dma_tx(dev, skb);
3620                         if (err == -ENOSPC) {
3621                                 wl->tx_queue_stopped[queue_num] = 1;
3622                                 ieee80211_stop_queue(wl->hw, queue_num);
3623                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3624                                 break;
3625                         }
3626                         if (unlikely(err))
3627                                 ieee80211_free_txskb(wl->hw, skb);
3628                         err = 0;
3629                 }
3630
3631                 if (!err)
3632                         wl->tx_queue_stopped[queue_num] = 0;
3633         }
3634
3635 #if B43_DEBUG
3636         dev->tx_count++;
3637 #endif
3638         mutex_unlock(&wl->mutex);
3639 }
3640
3641 static void b43_op_tx(struct ieee80211_hw *hw,
3642                       struct ieee80211_tx_control *control,
3643                       struct sk_buff *skb)
3644 {
3645         struct b43_wl *wl = hw_to_b43_wl(hw);
3646
3647         if (unlikely(skb->len < 2 + 2 + 6)) {
3648                 /* Too short, this can't be a valid frame. */
3649                 ieee80211_free_txskb(hw, skb);
3650                 return;
3651         }
3652         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3653
3654         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3655         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3656                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3657         } else {
3658                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3659         }
3660 }
3661
3662 static void b43_qos_params_upload(struct b43_wldev *dev,
3663                                   const struct ieee80211_tx_queue_params *p,
3664                                   u16 shm_offset)
3665 {
3666         u16 params[B43_NR_QOSPARAMS];
3667         int bslots, tmp;
3668         unsigned int i;
3669
3670         if (!dev->qos_enabled)
3671                 return;
3672
3673         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3674
3675         memset(&params, 0, sizeof(params));
3676
3677         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3678         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3679         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3680         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3681         params[B43_QOSPARAM_AIFS] = p->aifs;
3682         params[B43_QOSPARAM_BSLOTS] = bslots;
3683         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3684
3685         for (i = 0; i < ARRAY_SIZE(params); i++) {
3686                 if (i == B43_QOSPARAM_STATUS) {
3687                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3688                                              shm_offset + (i * 2));
3689                         /* Mark the parameters as updated. */
3690                         tmp |= 0x100;
3691                         b43_shm_write16(dev, B43_SHM_SHARED,
3692                                         shm_offset + (i * 2),
3693                                         tmp);
3694                 } else {
3695                         b43_shm_write16(dev, B43_SHM_SHARED,
3696                                         shm_offset + (i * 2),
3697                                         params[i]);
3698                 }
3699         }
3700 }
3701
3702 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3703 static const u16 b43_qos_shm_offsets[] = {
3704         /* [mac80211-queue-nr] = SHM_OFFSET, */
3705         [0] = B43_QOS_VOICE,
3706         [1] = B43_QOS_VIDEO,
3707         [2] = B43_QOS_BESTEFFORT,
3708         [3] = B43_QOS_BACKGROUND,
3709 };
3710
3711 /* Update all QOS parameters in hardware. */
3712 static void b43_qos_upload_all(struct b43_wldev *dev)
3713 {
3714         struct b43_wl *wl = dev->wl;
3715         struct b43_qos_params *params;
3716         unsigned int i;
3717
3718         if (!dev->qos_enabled)
3719                 return;
3720
3721         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3722                      ARRAY_SIZE(wl->qos_params));
3723
3724         b43_mac_suspend(dev);
3725         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3726                 params = &(wl->qos_params[i]);
3727                 b43_qos_params_upload(dev, &(params->p),
3728                                       b43_qos_shm_offsets[i]);
3729         }
3730         b43_mac_enable(dev);
3731 }
3732
3733 static void b43_qos_clear(struct b43_wl *wl)
3734 {
3735         struct b43_qos_params *params;
3736         unsigned int i;
3737
3738         /* Initialize QoS parameters to sane defaults. */
3739
3740         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3741                      ARRAY_SIZE(wl->qos_params));
3742
3743         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3744                 params = &(wl->qos_params[i]);
3745
3746                 switch (b43_qos_shm_offsets[i]) {
3747                 case B43_QOS_VOICE:
3748                         params->p.txop = 0;
3749                         params->p.aifs = 2;
3750                         params->p.cw_min = 0x0001;
3751                         params->p.cw_max = 0x0001;
3752                         break;
3753                 case B43_QOS_VIDEO:
3754                         params->p.txop = 0;
3755                         params->p.aifs = 2;
3756                         params->p.cw_min = 0x0001;
3757                         params->p.cw_max = 0x0001;
3758                         break;
3759                 case B43_QOS_BESTEFFORT:
3760                         params->p.txop = 0;
3761                         params->p.aifs = 3;
3762                         params->p.cw_min = 0x0001;
3763                         params->p.cw_max = 0x03FF;
3764                         break;
3765                 case B43_QOS_BACKGROUND:
3766                         params->p.txop = 0;
3767                         params->p.aifs = 7;
3768                         params->p.cw_min = 0x0001;
3769                         params->p.cw_max = 0x03FF;
3770                         break;
3771                 default:
3772                         B43_WARN_ON(1);
3773                 }
3774         }
3775 }
3776
3777 /* Initialize the core's QOS capabilities */
3778 static void b43_qos_init(struct b43_wldev *dev)
3779 {
3780         if (!dev->qos_enabled) {
3781                 /* Disable QOS support. */
3782                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3783                 b43_write16(dev, B43_MMIO_IFSCTL,
3784                             b43_read16(dev, B43_MMIO_IFSCTL)
3785                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3786                 b43dbg(dev->wl, "QoS disabled\n");
3787                 return;
3788         }
3789
3790         /* Upload the current QOS parameters. */
3791         b43_qos_upload_all(dev);
3792
3793         /* Enable QOS support. */
3794         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3795         b43_write16(dev, B43_MMIO_IFSCTL,
3796                     b43_read16(dev, B43_MMIO_IFSCTL)
3797                     | B43_MMIO_IFSCTL_USE_EDCF);
3798         b43dbg(dev->wl, "QoS enabled\n");
3799 }
3800
3801 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3802                           struct ieee80211_vif *vif, u16 _queue,
3803                           const struct ieee80211_tx_queue_params *params)
3804 {
3805         struct b43_wl *wl = hw_to_b43_wl(hw);
3806         struct b43_wldev *dev;
3807         unsigned int queue = (unsigned int)_queue;
3808         int err = -ENODEV;
3809
3810         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3811                 /* Queue not available or don't support setting
3812                  * params on this queue. Return success to not
3813                  * confuse mac80211. */
3814                 return 0;
3815         }
3816         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3817                      ARRAY_SIZE(wl->qos_params));
3818
3819         mutex_lock(&wl->mutex);
3820         dev = wl->current_dev;
3821         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3822                 goto out_unlock;
3823
3824         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3825         b43_mac_suspend(dev);
3826         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3827                               b43_qos_shm_offsets[queue]);
3828         b43_mac_enable(dev);
3829         err = 0;
3830
3831 out_unlock:
3832         mutex_unlock(&wl->mutex);
3833
3834         return err;
3835 }
3836
3837 static int b43_op_get_stats(struct ieee80211_hw *hw,
3838                             struct ieee80211_low_level_stats *stats)
3839 {
3840         struct b43_wl *wl = hw_to_b43_wl(hw);
3841
3842         mutex_lock(&wl->mutex);
3843         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3844         mutex_unlock(&wl->mutex);
3845
3846         return 0;
3847 }
3848
3849 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3850 {
3851         struct b43_wl *wl = hw_to_b43_wl(hw);
3852         struct b43_wldev *dev;
3853         u64 tsf;
3854
3855         mutex_lock(&wl->mutex);
3856         dev = wl->current_dev;
3857
3858         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3859                 b43_tsf_read(dev, &tsf);
3860         else
3861                 tsf = 0;
3862
3863         mutex_unlock(&wl->mutex);
3864
3865         return tsf;
3866 }
3867
3868 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3869                            struct ieee80211_vif *vif, u64 tsf)
3870 {
3871         struct b43_wl *wl = hw_to_b43_wl(hw);
3872         struct b43_wldev *dev;
3873
3874         mutex_lock(&wl->mutex);
3875         dev = wl->current_dev;
3876
3877         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3878                 b43_tsf_write(dev, tsf);
3879
3880         mutex_unlock(&wl->mutex);
3881 }
3882
3883 static const char *band_to_string(enum ieee80211_band band)
3884 {
3885         switch (band) {
3886         case IEEE80211_BAND_5GHZ:
3887                 return "5";
3888         case IEEE80211_BAND_2GHZ:
3889                 return "2.4";
3890         default:
3891                 break;
3892         }
3893         B43_WARN_ON(1);
3894         return "";
3895 }
3896
3897 /* Expects wl->mutex locked */
3898 static int b43_switch_band(struct b43_wldev *dev,
3899                            struct ieee80211_channel *chan)
3900 {
3901         struct b43_phy *phy = &dev->phy;
3902         bool gmode;
3903         u32 tmp;
3904
3905         switch (chan->band) {
3906         case IEEE80211_BAND_5GHZ:
3907                 gmode = false;
3908                 break;
3909         case IEEE80211_BAND_2GHZ:
3910                 gmode = true;
3911                 break;
3912         default:
3913                 B43_WARN_ON(1);
3914                 return -EINVAL;
3915         }
3916
3917         if (!((gmode && phy->supports_2ghz) ||
3918               (!gmode && phy->supports_5ghz))) {
3919                 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3920                        band_to_string(chan->band));
3921                 return -ENODEV;
3922         }
3923
3924         if (!!phy->gmode == !!gmode) {
3925                 /* This device is already running. */
3926                 return 0;
3927         }
3928
3929         b43dbg(dev->wl, "Switching to %s GHz band\n",
3930                band_to_string(chan->band));
3931
3932         /* Some new devices don't need disabling radio for band switching */
3933         if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3934                 b43_software_rfkill(dev, true);
3935
3936         phy->gmode = gmode;
3937         b43_phy_put_into_reset(dev);
3938         switch (dev->dev->bus_type) {
3939 #ifdef CONFIG_B43_BCMA
3940         case B43_BUS_BCMA:
3941                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3942                 if (gmode)
3943                         tmp |= B43_BCMA_IOCTL_GMODE;
3944                 else
3945                         tmp &= ~B43_BCMA_IOCTL_GMODE;
3946                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3947                 break;
3948 #endif
3949 #ifdef CONFIG_B43_SSB
3950         case B43_BUS_SSB:
3951                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3952                 if (gmode)
3953                         tmp |= B43_TMSLOW_GMODE;
3954                 else
3955                         tmp &= ~B43_TMSLOW_GMODE;
3956                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3957                 break;
3958 #endif
3959         }
3960         b43_phy_take_out_of_reset(dev);
3961
3962         b43_upload_initvals_band(dev);
3963
3964         b43_phy_init(dev);
3965
3966         return 0;
3967 }
3968
3969 static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3970 {
3971         interval = min_t(u16, interval, (u16)0xFF);
3972         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3973 }
3974
3975 /* Write the short and long frame retry limit values. */
3976 static void b43_set_retry_limits(struct b43_wldev *dev,
3977                                  unsigned int short_retry,
3978                                  unsigned int long_retry)
3979 {
3980         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3981          * the chip-internal counter. */
3982         short_retry = min(short_retry, (unsigned int)0xF);
3983         long_retry = min(long_retry, (unsigned int)0xF);
3984
3985         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3986                         short_retry);
3987         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3988                         long_retry);
3989 }
3990
3991 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3992 {
3993         struct b43_wl *wl = hw_to_b43_wl(hw);
3994         struct b43_wldev *dev = wl->current_dev;
3995         struct b43_phy *phy = &dev->phy;
3996         struct ieee80211_conf *conf = &hw->conf;
3997         int antenna;
3998         int err = 0;
3999
4000         mutex_lock(&wl->mutex);
4001         b43_mac_suspend(dev);
4002
4003         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4004                 b43_set_beacon_listen_interval(dev, conf->listen_interval);
4005
4006         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4007                 phy->chandef = &conf->chandef;
4008                 phy->channel = conf->chandef.chan->hw_value;
4009
4010                 /* Switch the band (if necessary). */
4011                 err = b43_switch_band(dev, conf->chandef.chan);
4012                 if (err)
4013                         goto out_mac_enable;
4014
4015                 /* Switch to the requested channel.
4016                  * The firmware takes care of races with the TX handler.
4017                  */
4018                 b43_switch_channel(dev, phy->channel);
4019         }
4020
4021         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4022                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4023                                           conf->long_frame_max_tx_count);
4024         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4025         if (!changed)
4026                 goto out_mac_enable;
4027
4028         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4029
4030         /* Adjust the desired TX power level. */
4031         if (conf->power_level != 0) {
4032                 if (conf->power_level != phy->desired_txpower) {
4033                         phy->desired_txpower = conf->power_level;
4034                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4035                                                    B43_TXPWR_IGNORE_TSSI);
4036                 }
4037         }
4038
4039         /* Antennas for RX and management frame TX. */
4040         antenna = B43_ANTENNA_DEFAULT;
4041         b43_mgmtframe_txantenna(dev, antenna);
4042         antenna = B43_ANTENNA_DEFAULT;
4043         if (phy->ops->set_rx_antenna)
4044                 phy->ops->set_rx_antenna(dev, antenna);
4045
4046         if (wl->radio_enabled != phy->radio_on) {
4047                 if (wl->radio_enabled) {
4048                         b43_software_rfkill(dev, false);
4049                         b43info(dev->wl, "Radio turned on by software\n");
4050                         if (!dev->radio_hw_enable) {
4051                                 b43info(dev->wl, "The hardware RF-kill button "
4052                                         "still turns the radio physically off. "
4053                                         "Press the button to turn it on.\n");
4054                         }
4055                 } else {
4056                         b43_software_rfkill(dev, true);
4057                         b43info(dev->wl, "Radio turned off by software\n");
4058                 }
4059         }
4060
4061 out_mac_enable:
4062         b43_mac_enable(dev);
4063         mutex_unlock(&wl->mutex);
4064
4065         return err;
4066 }
4067
4068 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4069 {
4070         struct ieee80211_supported_band *sband =
4071                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4072         struct ieee80211_rate *rate;
4073         int i;
4074         u16 basic, direct, offset, basic_offset, rateptr;
4075
4076         for (i = 0; i < sband->n_bitrates; i++) {
4077                 rate = &sband->bitrates[i];
4078
4079                 if (b43_is_cck_rate(rate->hw_value)) {
4080                         direct = B43_SHM_SH_CCKDIRECT;
4081                         basic = B43_SHM_SH_CCKBASIC;
4082                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4083                         offset &= 0xF;
4084                 } else {
4085                         direct = B43_SHM_SH_OFDMDIRECT;
4086                         basic = B43_SHM_SH_OFDMBASIC;
4087                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4088                         offset &= 0xF;
4089                 }
4090
4091                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4092
4093                 if (b43_is_cck_rate(rate->hw_value)) {
4094                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4095                         basic_offset &= 0xF;
4096                 } else {
4097                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4098                         basic_offset &= 0xF;
4099                 }
4100
4101                 /*
4102                  * Get the pointer that we need to point to
4103                  * from the direct map
4104                  */
4105                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4106                                          direct + 2 * basic_offset);
4107                 /* and write it to the basic map */
4108                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4109                                 rateptr);
4110         }
4111 }
4112
4113 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4114                                     struct ieee80211_vif *vif,
4115                                     struct ieee80211_bss_conf *conf,
4116                                     u32 changed)
4117 {
4118         struct b43_wl *wl = hw_to_b43_wl(hw);
4119         struct b43_wldev *dev;
4120
4121         mutex_lock(&wl->mutex);
4122
4123         dev = wl->current_dev;
4124         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4125                 goto out_unlock_mutex;
4126
4127         B43_WARN_ON(wl->vif != vif);
4128
4129         if (changed & BSS_CHANGED_BSSID) {
4130                 if (conf->bssid)
4131                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4132                 else
4133                         eth_zero_addr(wl->bssid);
4134         }
4135
4136         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4137                 if (changed & BSS_CHANGED_BEACON &&
4138                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4139                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4140                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4141                         b43_update_templates(wl);
4142
4143                 if (changed & BSS_CHANGED_BSSID)
4144                         b43_write_mac_bssid_templates(dev);
4145         }
4146
4147         b43_mac_suspend(dev);
4148
4149         /* Update templates for AP/mesh mode. */
4150         if (changed & BSS_CHANGED_BEACON_INT &&
4151             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4152              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4153              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4154             conf->beacon_int)
4155                 b43_set_beacon_int(dev, conf->beacon_int);
4156
4157         if (changed & BSS_CHANGED_BASIC_RATES)
4158                 b43_update_basic_rates(dev, conf->basic_rates);
4159
4160         if (changed & BSS_CHANGED_ERP_SLOT) {
4161                 if (conf->use_short_slot)
4162                         b43_short_slot_timing_enable(dev);
4163                 else
4164                         b43_short_slot_timing_disable(dev);
4165         }
4166
4167         b43_mac_enable(dev);
4168 out_unlock_mutex:
4169         mutex_unlock(&wl->mutex);
4170 }
4171
4172 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4173                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4174                           struct ieee80211_key_conf *key)
4175 {
4176         struct b43_wl *wl = hw_to_b43_wl(hw);
4177         struct b43_wldev *dev;
4178         u8 algorithm;
4179         u8 index;
4180         int err;
4181         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4182
4183         if (modparam_nohwcrypt)
4184                 return -ENOSPC; /* User disabled HW-crypto */
4185
4186         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4187              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4188             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4189              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4190             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4191                 /*
4192                  * For now, disable hw crypto for the RSN IBSS group keys. This
4193                  * could be optimized in the future, but until that gets
4194                  * implemented, use of software crypto for group addressed
4195                  * frames is a acceptable to allow RSN IBSS to be used.
4196                  */
4197                 return -EOPNOTSUPP;
4198         }
4199
4200         mutex_lock(&wl->mutex);
4201
4202         dev = wl->current_dev;
4203         err = -ENODEV;
4204         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4205                 goto out_unlock;
4206
4207         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4208                 /* We don't have firmware for the crypto engine.
4209                  * Must use software-crypto. */
4210                 err = -EOPNOTSUPP;
4211                 goto out_unlock;
4212         }
4213
4214         err = -EINVAL;
4215         switch (key->cipher) {
4216         case WLAN_CIPHER_SUITE_WEP40:
4217                 algorithm = B43_SEC_ALGO_WEP40;
4218                 break;
4219         case WLAN_CIPHER_SUITE_WEP104:
4220                 algorithm = B43_SEC_ALGO_WEP104;
4221                 break;
4222         case WLAN_CIPHER_SUITE_TKIP:
4223                 algorithm = B43_SEC_ALGO_TKIP;
4224                 break;
4225         case WLAN_CIPHER_SUITE_CCMP:
4226                 algorithm = B43_SEC_ALGO_AES;
4227                 break;
4228         default:
4229                 B43_WARN_ON(1);
4230                 goto out_unlock;
4231         }
4232         index = (u8) (key->keyidx);
4233         if (index > 3)
4234                 goto out_unlock;
4235
4236         switch (cmd) {
4237         case SET_KEY:
4238                 if (algorithm == B43_SEC_ALGO_TKIP &&
4239                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4240                     !modparam_hwtkip)) {
4241                         /* We support only pairwise key */
4242                         err = -EOPNOTSUPP;
4243                         goto out_unlock;
4244                 }
4245
4246                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4247                         if (WARN_ON(!sta)) {
4248                                 err = -EOPNOTSUPP;
4249                                 goto out_unlock;
4250                         }
4251                         /* Pairwise key with an assigned MAC address. */
4252                         err = b43_key_write(dev, -1, algorithm,
4253                                             key->key, key->keylen,
4254                                             sta->addr, key);
4255                 } else {
4256                         /* Group key */
4257                         err = b43_key_write(dev, index, algorithm,
4258                                             key->key, key->keylen, NULL, key);
4259                 }
4260                 if (err)
4261                         goto out_unlock;
4262
4263                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4264                     algorithm == B43_SEC_ALGO_WEP104) {
4265                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4266                 } else {
4267                         b43_hf_write(dev,
4268                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4269                 }
4270                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4271                 if (algorithm == B43_SEC_ALGO_TKIP)
4272                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4273                 break;
4274         case DISABLE_KEY: {
4275                 err = b43_key_clear(dev, key->hw_key_idx);
4276                 if (err)
4277                         goto out_unlock;
4278                 break;
4279         }
4280         default:
4281                 B43_WARN_ON(1);
4282         }
4283
4284 out_unlock:
4285         if (!err) {
4286                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4287                        "mac: %pM\n",
4288                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4289                        sta ? sta->addr : bcast_addr);
4290                 b43_dump_keymemory(dev);
4291         }
4292         mutex_unlock(&wl->mutex);
4293
4294         return err;
4295 }
4296
4297 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4298                                     unsigned int changed, unsigned int *fflags,
4299                                     u64 multicast)
4300 {
4301         struct b43_wl *wl = hw_to_b43_wl(hw);
4302         struct b43_wldev *dev;
4303
4304         mutex_lock(&wl->mutex);
4305         dev = wl->current_dev;
4306         if (!dev) {
4307                 *fflags = 0;
4308                 goto out_unlock;
4309         }
4310
4311         *fflags &= FIF_ALLMULTI |
4312                   FIF_FCSFAIL |
4313                   FIF_PLCPFAIL |
4314                   FIF_CONTROL |
4315                   FIF_OTHER_BSS |
4316                   FIF_BCN_PRBRESP_PROMISC;
4317
4318         changed &= FIF_ALLMULTI |
4319                    FIF_FCSFAIL |
4320                    FIF_PLCPFAIL |
4321                    FIF_CONTROL |
4322                    FIF_OTHER_BSS |
4323                    FIF_BCN_PRBRESP_PROMISC;
4324
4325         wl->filter_flags = *fflags;
4326
4327         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4328                 b43_adjust_opmode(dev);
4329
4330 out_unlock:
4331         mutex_unlock(&wl->mutex);
4332 }
4333
4334 /* Locking: wl->mutex
4335  * Returns the current dev. This might be different from the passed in dev,
4336  * because the core might be gone away while we unlocked the mutex. */
4337 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4338 {
4339         struct b43_wl *wl;
4340         struct b43_wldev *orig_dev;
4341         u32 mask;
4342         int queue_num;
4343
4344         if (!dev)
4345                 return NULL;
4346         wl = dev->wl;
4347 redo:
4348         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4349                 return dev;
4350
4351         /* Cancel work. Unlock to avoid deadlocks. */
4352         mutex_unlock(&wl->mutex);
4353         cancel_delayed_work_sync(&dev->periodic_work);
4354         cancel_work_sync(&wl->tx_work);
4355         b43_leds_stop(dev);
4356         mutex_lock(&wl->mutex);
4357         dev = wl->current_dev;
4358         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4359                 /* Whoops, aliens ate up the device while we were unlocked. */
4360                 return dev;
4361         }
4362
4363         /* Disable interrupts on the device. */
4364         b43_set_status(dev, B43_STAT_INITIALIZED);
4365         if (b43_bus_host_is_sdio(dev->dev)) {
4366                 /* wl->mutex is locked. That is enough. */
4367                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4368                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4369         } else {
4370                 spin_lock_irq(&wl->hardirq_lock);
4371                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4372                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4373                 spin_unlock_irq(&wl->hardirq_lock);
4374         }
4375         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4376         orig_dev = dev;
4377         mutex_unlock(&wl->mutex);
4378         if (b43_bus_host_is_sdio(dev->dev)) {
4379                 b43_sdio_free_irq(dev);
4380         } else {
4381                 synchronize_irq(dev->dev->irq);
4382                 free_irq(dev->dev->irq, dev);
4383         }
4384         mutex_lock(&wl->mutex);
4385         dev = wl->current_dev;
4386         if (!dev)
4387                 return dev;
4388         if (dev != orig_dev) {
4389                 if (b43_status(dev) >= B43_STAT_STARTED)
4390                         goto redo;
4391                 return dev;
4392         }
4393         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4394         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4395
4396         /* Drain all TX queues. */
4397         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4398                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4399                         struct sk_buff *skb;
4400
4401                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4402                         ieee80211_free_txskb(wl->hw, skb);
4403                 }
4404         }
4405
4406         b43_mac_suspend(dev);
4407         b43_leds_exit(dev);
4408         b43dbg(wl, "Wireless interface stopped\n");
4409
4410         return dev;
4411 }
4412
4413 /* Locking: wl->mutex */
4414 static int b43_wireless_core_start(struct b43_wldev *dev)
4415 {
4416         int err;
4417
4418         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4419
4420         drain_txstatus_queue(dev);
4421         if (b43_bus_host_is_sdio(dev->dev)) {
4422                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4423                 if (err) {
4424                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4425                         goto out;
4426                 }
4427         } else {
4428                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4429                                            b43_interrupt_thread_handler,
4430                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4431                 if (err) {
4432                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4433                                dev->dev->irq);
4434                         goto out;
4435                 }
4436         }
4437
4438         /* We are ready to run. */
4439         ieee80211_wake_queues(dev->wl->hw);
4440         b43_set_status(dev, B43_STAT_STARTED);
4441
4442         /* Start data flow (TX/RX). */
4443         b43_mac_enable(dev);
4444         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4445
4446         /* Start maintenance work */
4447         b43_periodic_tasks_setup(dev);
4448
4449         b43_leds_init(dev);
4450
4451         b43dbg(dev->wl, "Wireless interface started\n");
4452 out:
4453         return err;
4454 }
4455
4456 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4457 {
4458         switch (phy_type) {
4459         case B43_PHYTYPE_A:
4460                 return "A";
4461         case B43_PHYTYPE_B:
4462                 return "B";
4463         case B43_PHYTYPE_G:
4464                 return "G";
4465         case B43_PHYTYPE_N:
4466                 return "N";
4467         case B43_PHYTYPE_LP:
4468                 return "LP";
4469         case B43_PHYTYPE_SSLPN:
4470                 return "SSLPN";
4471         case B43_PHYTYPE_HT:
4472                 return "HT";
4473         case B43_PHYTYPE_LCN:
4474                 return "LCN";
4475         case B43_PHYTYPE_LCNXN:
4476                 return "LCNXN";
4477         case B43_PHYTYPE_LCN40:
4478                 return "LCN40";
4479         case B43_PHYTYPE_AC:
4480                 return "AC";
4481         }
4482         return "UNKNOWN";
4483 }
4484
4485 /* Get PHY and RADIO versioning numbers */
4486 static int b43_phy_versioning(struct b43_wldev *dev)
4487 {
4488         struct b43_phy *phy = &dev->phy;
4489         const u8 core_rev = dev->dev->core_rev;
4490         u32 tmp;
4491         u8 analog_type;
4492         u8 phy_type;
4493         u8 phy_rev;
4494         u16 radio_manuf;
4495         u16 radio_id;
4496         u16 radio_rev;
4497         u8 radio_ver;
4498         int unsupported = 0;
4499
4500         /* Get PHY versioning */
4501         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4502         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4503         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4504         phy_rev = (tmp & B43_PHYVER_VERSION);
4505
4506         /* LCNXN is continuation of N which run out of revisions */
4507         if (phy_type == B43_PHYTYPE_LCNXN) {
4508                 phy_type = B43_PHYTYPE_N;
4509                 phy_rev += 16;
4510         }
4511
4512         switch (phy_type) {
4513 #ifdef CONFIG_B43_PHY_G
4514         case B43_PHYTYPE_G:
4515                 if (phy_rev > 9)
4516                         unsupported = 1;
4517                 break;
4518 #endif
4519 #ifdef CONFIG_B43_PHY_N
4520         case B43_PHYTYPE_N:
4521                 if (phy_rev >= 19)
4522                         unsupported = 1;
4523                 break;
4524 #endif
4525 #ifdef CONFIG_B43_PHY_LP
4526         case B43_PHYTYPE_LP:
4527                 if (phy_rev > 2)
4528                         unsupported = 1;
4529                 break;
4530 #endif
4531 #ifdef CONFIG_B43_PHY_HT
4532         case B43_PHYTYPE_HT:
4533                 if (phy_rev > 1)
4534                         unsupported = 1;
4535                 break;
4536 #endif
4537 #ifdef CONFIG_B43_PHY_LCN
4538         case B43_PHYTYPE_LCN:
4539                 if (phy_rev > 1)
4540                         unsupported = 1;
4541                 break;
4542 #endif
4543 #ifdef CONFIG_B43_PHY_AC
4544         case B43_PHYTYPE_AC:
4545                 if (phy_rev > 1)
4546                         unsupported = 1;
4547                 break;
4548 #endif
4549         default:
4550                 unsupported = 1;
4551         }
4552         if (unsupported) {
4553                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4554                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4555                        phy_rev);
4556                 return -EOPNOTSUPP;
4557         }
4558         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4559                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4560
4561         /* Get RADIO versioning */
4562         if (core_rev == 40 || core_rev == 42) {
4563                 radio_manuf = 0x17F;
4564
4565                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4566                 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4567
4568                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4569                 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4570
4571                 radio_ver = 0; /* Is there version somewhere? */
4572         } else if (core_rev >= 24) {
4573                 u16 radio24[3];
4574
4575                 for (tmp = 0; tmp < 3; tmp++) {
4576                         b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4577                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4578                 }
4579
4580                 radio_manuf = 0x17F;
4581                 radio_id = (radio24[2] << 8) | radio24[1];
4582                 radio_rev = (radio24[0] & 0xF);
4583                 radio_ver = (radio24[0] & 0xF0) >> 4;
4584         } else {
4585                 if (dev->dev->chip_id == 0x4317) {
4586                         if (dev->dev->chip_rev == 0)
4587                                 tmp = 0x3205017F;
4588                         else if (dev->dev->chip_rev == 1)
4589                                 tmp = 0x4205017F;
4590                         else
4591                                 tmp = 0x5205017F;
4592                 } else {
4593                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4594                                      B43_RADIOCTL_ID);
4595                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4596                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4597                                      B43_RADIOCTL_ID);
4598                         tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4599                 }
4600                 radio_manuf = (tmp & 0x00000FFF);
4601                 radio_id = (tmp & 0x0FFFF000) >> 12;
4602                 radio_rev = (tmp & 0xF0000000) >> 28;
4603                 radio_ver = 0; /* Probably not available on old hw */
4604         }
4605
4606         if (radio_manuf != 0x17F /* Broadcom */)
4607                 unsupported = 1;
4608         switch (phy_type) {
4609         case B43_PHYTYPE_A:
4610                 if (radio_id != 0x2060)
4611                         unsupported = 1;
4612                 if (radio_rev != 1)
4613                         unsupported = 1;
4614                 if (radio_manuf != 0x17F)
4615                         unsupported = 1;
4616                 break;
4617         case B43_PHYTYPE_B:
4618                 if ((radio_id & 0xFFF0) != 0x2050)
4619                         unsupported = 1;
4620                 break;
4621         case B43_PHYTYPE_G:
4622                 if (radio_id != 0x2050)
4623                         unsupported = 1;
4624                 break;
4625         case B43_PHYTYPE_N:
4626                 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4627                     radio_id != 0x2057)
4628                         unsupported = 1;
4629                 if (radio_id == 0x2057 &&
4630                     !(radio_rev == 9 || radio_rev == 14))
4631                         unsupported = 1;
4632                 break;
4633         case B43_PHYTYPE_LP:
4634                 if (radio_id != 0x2062 && radio_id != 0x2063)
4635                         unsupported = 1;
4636                 break;
4637         case B43_PHYTYPE_HT:
4638                 if (radio_id != 0x2059)
4639                         unsupported = 1;
4640                 break;
4641         case B43_PHYTYPE_LCN:
4642                 if (radio_id != 0x2064)
4643                         unsupported = 1;
4644                 break;
4645         case B43_PHYTYPE_AC:
4646                 if (radio_id != 0x2069)
4647                         unsupported = 1;
4648                 break;
4649         default:
4650                 B43_WARN_ON(1);
4651         }
4652         if (unsupported) {
4653                 b43err(dev->wl,
4654                        "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4655                        radio_manuf, radio_id, radio_rev, radio_ver);
4656                 return -EOPNOTSUPP;
4657         }
4658         b43info(dev->wl,
4659                 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4660                 radio_manuf, radio_id, radio_rev, radio_ver);
4661
4662         /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4663         phy->radio_manuf = radio_manuf;
4664         phy->radio_ver = radio_id;
4665         phy->radio_rev = radio_rev;
4666
4667         phy->analog = analog_type;
4668         phy->type = phy_type;
4669         phy->rev = phy_rev;
4670
4671         return 0;
4672 }
4673
4674 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4675                                       struct b43_phy *phy)
4676 {
4677         phy->hardware_power_control = !!modparam_hwpctl;
4678         phy->next_txpwr_check_time = jiffies;
4679         /* PHY TX errors counter. */
4680         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4681
4682 #if B43_DEBUG
4683         phy->phy_locked = false;
4684         phy->radio_locked = false;
4685 #endif
4686 }
4687
4688 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4689 {
4690         dev->dfq_valid = false;
4691
4692         /* Assume the radio is enabled. If it's not enabled, the state will
4693          * immediately get fixed on the first periodic work run. */
4694         dev->radio_hw_enable = true;
4695
4696         /* Stats */
4697         memset(&dev->stats, 0, sizeof(dev->stats));
4698
4699         setup_struct_phy_for_init(dev, &dev->phy);
4700
4701         /* IRQ related flags */
4702         dev->irq_reason = 0;
4703         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4704         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4705         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4706                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4707
4708         dev->mac_suspended = 1;
4709
4710         /* Noise calculation context */
4711         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4712 }
4713
4714 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4715 {
4716         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4717         u64 hf;
4718
4719         if (!modparam_btcoex)
4720                 return;
4721         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4722                 return;
4723         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4724                 return;
4725
4726         hf = b43_hf_read(dev);
4727         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4728                 hf |= B43_HF_BTCOEXALT;
4729         else
4730                 hf |= B43_HF_BTCOEX;
4731         b43_hf_write(dev, hf);
4732 }
4733
4734 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4735 {
4736         if (!modparam_btcoex)
4737                 return;
4738         //TODO
4739 }
4740
4741 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4742 {
4743         struct ssb_bus *bus;
4744         u32 tmp;
4745
4746 #ifdef CONFIG_B43_SSB
4747         if (dev->dev->bus_type != B43_BUS_SSB)
4748                 return;
4749 #else
4750         return;
4751 #endif
4752
4753         bus = dev->dev->sdev->bus;
4754
4755         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4756             (bus->chip_id == 0x4312)) {
4757                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4758                 tmp &= ~SSB_IMCFGLO_REQTO;
4759                 tmp &= ~SSB_IMCFGLO_SERTO;
4760                 tmp |= 0x3;
4761                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4762                 ssb_commit_settings(bus);
4763         }
4764 }
4765
4766 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4767 {
4768         u16 pu_delay;
4769
4770         /* The time value is in microseconds. */
4771         if (dev->phy.type == B43_PHYTYPE_A)
4772                 pu_delay = 3700;
4773         else
4774                 pu_delay = 1050;
4775         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4776                 pu_delay = 500;
4777         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4778                 pu_delay = max(pu_delay, (u16)2400);
4779
4780         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4781 }
4782
4783 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4784 static void b43_set_pretbtt(struct b43_wldev *dev)
4785 {
4786         u16 pretbtt;
4787
4788         /* The time value is in microseconds. */
4789         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4790                 pretbtt = 2;
4791         } else {
4792                 if (dev->phy.type == B43_PHYTYPE_A)
4793                         pretbtt = 120;
4794                 else
4795                         pretbtt = 250;
4796         }
4797         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4798         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4799 }
4800
4801 /* Shutdown a wireless core */
4802 /* Locking: wl->mutex */
4803 static void b43_wireless_core_exit(struct b43_wldev *dev)
4804 {
4805         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4806         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4807                 return;
4808
4809         b43_set_status(dev, B43_STAT_UNINIT);
4810
4811         /* Stop the microcode PSM. */
4812         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4813                       B43_MACCTL_PSM_JMP0);
4814
4815         switch (dev->dev->bus_type) {
4816 #ifdef CONFIG_B43_BCMA
4817         case B43_BUS_BCMA:
4818                 bcma_host_pci_down(dev->dev->bdev->bus);
4819                 break;
4820 #endif
4821 #ifdef CONFIG_B43_SSB
4822         case B43_BUS_SSB:
4823                 /* TODO */
4824                 break;
4825 #endif
4826         }
4827
4828         b43_dma_free(dev);
4829         b43_pio_free(dev);
4830         b43_chip_exit(dev);
4831         dev->phy.ops->switch_analog(dev, 0);
4832         if (dev->wl->current_beacon) {
4833                 dev_kfree_skb_any(dev->wl->current_beacon);
4834                 dev->wl->current_beacon = NULL;
4835         }
4836
4837         b43_device_disable(dev, 0);
4838         b43_bus_may_powerdown(dev);
4839 }
4840
4841 /* Initialize a wireless core */
4842 static int b43_wireless_core_init(struct b43_wldev *dev)
4843 {
4844         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4845         struct b43_phy *phy = &dev->phy;
4846         int err;
4847         u64 hf;
4848
4849         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4850
4851         err = b43_bus_powerup(dev, 0);
4852         if (err)
4853                 goto out;
4854         if (!b43_device_is_enabled(dev))
4855                 b43_wireless_core_reset(dev, phy->gmode);
4856
4857         /* Reset all data structures. */
4858         setup_struct_wldev_for_init(dev);
4859         phy->ops->prepare_structs(dev);
4860
4861         /* Enable IRQ routing to this device. */
4862         switch (dev->dev->bus_type) {
4863 #ifdef CONFIG_B43_BCMA
4864         case B43_BUS_BCMA:
4865                 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4866                                       dev->dev->bdev, true);
4867                 bcma_host_pci_up(dev->dev->bdev->bus);
4868                 break;
4869 #endif
4870 #ifdef CONFIG_B43_SSB
4871         case B43_BUS_SSB:
4872                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4873                                                dev->dev->sdev);
4874                 break;
4875 #endif
4876         }
4877
4878         b43_imcfglo_timeouts_workaround(dev);
4879         b43_bluetooth_coext_disable(dev);
4880         if (phy->ops->prepare_hardware) {
4881                 err = phy->ops->prepare_hardware(dev);
4882                 if (err)
4883                         goto err_busdown;
4884         }
4885         err = b43_chip_init(dev);
4886         if (err)
4887                 goto err_busdown;
4888         b43_shm_write16(dev, B43_SHM_SHARED,
4889                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4890         hf = b43_hf_read(dev);
4891         if (phy->type == B43_PHYTYPE_G) {
4892                 hf |= B43_HF_SYMW;
4893                 if (phy->rev == 1)
4894                         hf |= B43_HF_GDCW;
4895                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4896                         hf |= B43_HF_OFDMPABOOST;
4897         }
4898         if (phy->radio_ver == 0x2050) {
4899                 if (phy->radio_rev == 6)
4900                         hf |= B43_HF_4318TSSI;
4901                 if (phy->radio_rev < 6)
4902                         hf |= B43_HF_VCORECALC;
4903         }
4904         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4905                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4906 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4907         if (dev->dev->bus_type == B43_BUS_SSB &&
4908             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4909             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4910                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4911 #endif
4912         hf &= ~B43_HF_SKCFPUP;
4913         b43_hf_write(dev, hf);
4914
4915         /* tell the ucode MAC capabilities */
4916         if (dev->dev->core_rev >= 13) {
4917                 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4918
4919                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4920                                 mac_hw_cap & 0xffff);
4921                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4922                                 (mac_hw_cap >> 16) & 0xffff);
4923         }
4924
4925         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4926                              B43_DEFAULT_LONG_RETRY_LIMIT);
4927         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4928         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4929
4930         /* Disable sending probe responses from firmware.
4931          * Setting the MaxTime to one usec will always trigger
4932          * a timeout, so we never send any probe resp.
4933          * A timeout of zero is infinite. */
4934         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4935
4936         b43_rate_memory_init(dev);
4937         b43_set_phytxctl_defaults(dev);
4938
4939         /* Minimum Contention Window */
4940         if (phy->type == B43_PHYTYPE_B)
4941                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4942         else
4943                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4944         /* Maximum Contention Window */
4945         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4946
4947         /* write phytype and phyvers */
4948         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4949         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4950
4951         if (b43_bus_host_is_pcmcia(dev->dev) ||
4952             b43_bus_host_is_sdio(dev->dev)) {
4953                 dev->__using_pio_transfers = true;
4954                 err = b43_pio_init(dev);
4955         } else if (dev->use_pio) {
4956                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4957                         "This should not be needed and will result in lower "
4958                         "performance.\n");
4959                 dev->__using_pio_transfers = true;
4960                 err = b43_pio_init(dev);
4961         } else {
4962                 dev->__using_pio_transfers = false;
4963                 err = b43_dma_init(dev);
4964         }
4965         if (err)
4966                 goto err_chip_exit;
4967         b43_qos_init(dev);
4968         b43_set_synth_pu_delay(dev, 1);
4969         b43_bluetooth_coext_enable(dev);
4970
4971         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4972         b43_upload_card_macaddress(dev);
4973         b43_security_init(dev);
4974
4975         ieee80211_wake_queues(dev->wl->hw);
4976
4977         b43_set_status(dev, B43_STAT_INITIALIZED);
4978
4979 out:
4980         return err;
4981
4982 err_chip_exit:
4983         b43_chip_exit(dev);
4984 err_busdown:
4985         b43_bus_may_powerdown(dev);
4986         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4987         return err;
4988 }
4989
4990 static int b43_op_add_interface(struct ieee80211_hw *hw,
4991                                 struct ieee80211_vif *vif)
4992 {
4993         struct b43_wl *wl = hw_to_b43_wl(hw);
4994         struct b43_wldev *dev;
4995         int err = -EOPNOTSUPP;
4996
4997         /* TODO: allow WDS/AP devices to coexist */
4998
4999         if (vif->type != NL80211_IFTYPE_AP &&
5000             vif->type != NL80211_IFTYPE_MESH_POINT &&
5001             vif->type != NL80211_IFTYPE_STATION &&
5002             vif->type != NL80211_IFTYPE_WDS &&
5003             vif->type != NL80211_IFTYPE_ADHOC)
5004                 return -EOPNOTSUPP;
5005
5006         mutex_lock(&wl->mutex);
5007         if (wl->operating)
5008                 goto out_mutex_unlock;
5009
5010         b43dbg(wl, "Adding Interface type %d\n", vif->type);
5011
5012         dev = wl->current_dev;
5013         wl->operating = true;
5014         wl->vif = vif;
5015         wl->if_type = vif->type;
5016         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5017
5018         b43_adjust_opmode(dev);
5019         b43_set_pretbtt(dev);
5020         b43_set_synth_pu_delay(dev, 0);
5021         b43_upload_card_macaddress(dev);
5022
5023         err = 0;
5024  out_mutex_unlock:
5025         mutex_unlock(&wl->mutex);
5026
5027         if (err == 0)
5028                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5029
5030         return err;
5031 }
5032
5033 static void b43_op_remove_interface(struct ieee80211_hw *hw,
5034                                     struct ieee80211_vif *vif)
5035 {
5036         struct b43_wl *wl = hw_to_b43_wl(hw);
5037         struct b43_wldev *dev = wl->current_dev;
5038
5039         b43dbg(wl, "Removing Interface type %d\n", vif->type);
5040
5041         mutex_lock(&wl->mutex);
5042
5043         B43_WARN_ON(!wl->operating);
5044         B43_WARN_ON(wl->vif != vif);
5045         wl->vif = NULL;
5046
5047         wl->operating = false;
5048
5049         b43_adjust_opmode(dev);
5050         eth_zero_addr(wl->mac_addr);
5051         b43_upload_card_macaddress(dev);
5052
5053         mutex_unlock(&wl->mutex);
5054 }
5055
5056 static int b43_op_start(struct ieee80211_hw *hw)
5057 {
5058         struct b43_wl *wl = hw_to_b43_wl(hw);
5059         struct b43_wldev *dev = wl->current_dev;
5060         int did_init = 0;
5061         int err = 0;
5062
5063         /* Kill all old instance specific information to make sure
5064          * the card won't use it in the short timeframe between start
5065          * and mac80211 reconfiguring it. */
5066         eth_zero_addr(wl->bssid);
5067         eth_zero_addr(wl->mac_addr);
5068         wl->filter_flags = 0;
5069         wl->radiotap_enabled = false;
5070         b43_qos_clear(wl);
5071         wl->beacon0_uploaded = false;
5072         wl->beacon1_uploaded = false;
5073         wl->beacon_templates_virgin = true;
5074         wl->radio_enabled = true;
5075
5076         mutex_lock(&wl->mutex);
5077
5078         if (b43_status(dev) < B43_STAT_INITIALIZED) {
5079                 err = b43_wireless_core_init(dev);
5080                 if (err)
5081                         goto out_mutex_unlock;
5082                 did_init = 1;
5083         }
5084
5085         if (b43_status(dev) < B43_STAT_STARTED) {
5086                 err = b43_wireless_core_start(dev);
5087                 if (err) {
5088                         if (did_init)
5089                                 b43_wireless_core_exit(dev);
5090                         goto out_mutex_unlock;
5091                 }
5092         }
5093
5094         /* XXX: only do if device doesn't support rfkill irq */
5095         wiphy_rfkill_start_polling(hw->wiphy);
5096
5097  out_mutex_unlock:
5098         mutex_unlock(&wl->mutex);
5099
5100         /*
5101          * Configuration may have been overwritten during initialization.
5102          * Reload the configuration, but only if initialization was
5103          * successful. Reloading the configuration after a failed init
5104          * may hang the system.
5105          */
5106         if (!err)
5107                 b43_op_config(hw, ~0);
5108
5109         return err;
5110 }
5111
5112 static void b43_op_stop(struct ieee80211_hw *hw)
5113 {
5114         struct b43_wl *wl = hw_to_b43_wl(hw);
5115         struct b43_wldev *dev = wl->current_dev;
5116
5117         cancel_work_sync(&(wl->beacon_update_trigger));
5118
5119         if (!dev)
5120                 goto out;
5121
5122         mutex_lock(&wl->mutex);
5123         if (b43_status(dev) >= B43_STAT_STARTED) {
5124                 dev = b43_wireless_core_stop(dev);
5125                 if (!dev)
5126                         goto out_unlock;
5127         }
5128         b43_wireless_core_exit(dev);
5129         wl->radio_enabled = false;
5130
5131 out_unlock:
5132         mutex_unlock(&wl->mutex);
5133 out:
5134         cancel_work_sync(&(wl->txpower_adjust_work));
5135 }
5136
5137 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5138                                  struct ieee80211_sta *sta, bool set)
5139 {
5140         struct b43_wl *wl = hw_to_b43_wl(hw);
5141
5142         b43_update_templates(wl);
5143
5144         return 0;
5145 }
5146
5147 static void b43_op_sta_notify(struct ieee80211_hw *hw,
5148                               struct ieee80211_vif *vif,
5149                               enum sta_notify_cmd notify_cmd,
5150                               struct ieee80211_sta *sta)
5151 {
5152         struct b43_wl *wl = hw_to_b43_wl(hw);
5153
5154         B43_WARN_ON(!vif || wl->vif != vif);
5155 }
5156
5157 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5158                                           struct ieee80211_vif *vif,
5159                                           const u8 *mac_addr)
5160 {
5161         struct b43_wl *wl = hw_to_b43_wl(hw);
5162         struct b43_wldev *dev;
5163
5164         mutex_lock(&wl->mutex);
5165         dev = wl->current_dev;
5166         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5167                 /* Disable CFP update during scan on other channels. */
5168                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5169         }
5170         mutex_unlock(&wl->mutex);
5171 }
5172
5173 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5174                                              struct ieee80211_vif *vif)
5175 {
5176         struct b43_wl *wl = hw_to_b43_wl(hw);
5177         struct b43_wldev *dev;
5178
5179         mutex_lock(&wl->mutex);
5180         dev = wl->current_dev;
5181         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5182                 /* Re-enable CFP update. */
5183                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5184         }
5185         mutex_unlock(&wl->mutex);
5186 }
5187
5188 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5189                              struct survey_info *survey)
5190 {
5191         struct b43_wl *wl = hw_to_b43_wl(hw);
5192         struct b43_wldev *dev = wl->current_dev;
5193         struct ieee80211_conf *conf = &hw->conf;
5194
5195         if (idx != 0)
5196                 return -ENOENT;
5197
5198         survey->channel = conf->chandef.chan;
5199         survey->filled = SURVEY_INFO_NOISE_DBM;
5200         survey->noise = dev->stats.link_noise;
5201
5202         return 0;
5203 }
5204
5205 static const struct ieee80211_ops b43_hw_ops = {
5206         .tx                     = b43_op_tx,
5207         .conf_tx                = b43_op_conf_tx,
5208         .add_interface          = b43_op_add_interface,
5209         .remove_interface       = b43_op_remove_interface,
5210         .config                 = b43_op_config,
5211         .bss_info_changed       = b43_op_bss_info_changed,
5212         .configure_filter       = b43_op_configure_filter,
5213         .set_key                = b43_op_set_key,
5214         .update_tkip_key        = b43_op_update_tkip_key,
5215         .get_stats              = b43_op_get_stats,
5216         .get_tsf                = b43_op_get_tsf,
5217         .set_tsf                = b43_op_set_tsf,
5218         .start                  = b43_op_start,
5219         .stop                   = b43_op_stop,
5220         .set_tim                = b43_op_beacon_set_tim,
5221         .sta_notify             = b43_op_sta_notify,
5222         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5223         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5224         .get_survey             = b43_op_get_survey,
5225         .rfkill_poll            = b43_rfkill_poll,
5226 };
5227
5228 /* Hard-reset the chip. Do not call this directly.
5229  * Use b43_controller_restart()
5230  */
5231 static void b43_chip_reset(struct work_struct *work)
5232 {
5233         struct b43_wldev *dev =
5234             container_of(work, struct b43_wldev, restart_work);
5235         struct b43_wl *wl = dev->wl;
5236         int err = 0;
5237         int prev_status;
5238
5239         mutex_lock(&wl->mutex);
5240
5241         prev_status = b43_status(dev);
5242         /* Bring the device down... */
5243         if (prev_status >= B43_STAT_STARTED) {
5244                 dev = b43_wireless_core_stop(dev);
5245                 if (!dev) {
5246                         err = -ENODEV;
5247                         goto out;
5248                 }
5249         }
5250         if (prev_status >= B43_STAT_INITIALIZED)
5251                 b43_wireless_core_exit(dev);
5252
5253         /* ...and up again. */
5254         if (prev_status >= B43_STAT_INITIALIZED) {
5255                 err = b43_wireless_core_init(dev);
5256                 if (err)
5257                         goto out;
5258         }
5259         if (prev_status >= B43_STAT_STARTED) {
5260                 err = b43_wireless_core_start(dev);
5261                 if (err) {
5262                         b43_wireless_core_exit(dev);
5263                         goto out;
5264                 }
5265         }
5266 out:
5267         if (err)
5268                 wl->current_dev = NULL; /* Failed to init the dev. */
5269         mutex_unlock(&wl->mutex);
5270
5271         if (err) {
5272                 b43err(wl, "Controller restart FAILED\n");
5273                 return;
5274         }
5275
5276         /* reload configuration */
5277         b43_op_config(wl->hw, ~0);
5278         if (wl->vif)
5279                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5280
5281         b43info(wl, "Controller restarted\n");
5282 }
5283
5284 static int b43_setup_bands(struct b43_wldev *dev,
5285                            bool have_2ghz_phy, bool have_5ghz_phy)
5286 {
5287         struct ieee80211_hw *hw = dev->wl->hw;
5288         struct b43_phy *phy = &dev->phy;
5289         bool limited_2g;
5290         bool limited_5g;
5291
5292         /* We don't support all 2 GHz channels on some devices */
5293         limited_2g = phy->radio_ver == 0x2057 &&
5294                      (phy->radio_rev == 9 || phy->radio_rev == 14);
5295         limited_5g = phy->radio_ver == 0x2057 &&
5296                      phy->radio_rev == 9;
5297
5298         if (have_2ghz_phy)
5299                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = limited_2g ?
5300                         &b43_band_2ghz_limited : &b43_band_2GHz;
5301         if (dev->phy.type == B43_PHYTYPE_N) {
5302                 if (have_5ghz_phy)
5303                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = limited_5g ?
5304                                 &b43_band_5GHz_nphy_limited :
5305                                 &b43_band_5GHz_nphy;
5306         } else {
5307                 if (have_5ghz_phy)
5308                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5309         }
5310
5311         dev->phy.supports_2ghz = have_2ghz_phy;
5312         dev->phy.supports_5ghz = have_5ghz_phy;
5313
5314         return 0;
5315 }
5316
5317 static void b43_wireless_core_detach(struct b43_wldev *dev)
5318 {
5319         /* We release firmware that late to not be required to re-request
5320          * is all the time when we reinit the core. */
5321         b43_release_firmware(dev);
5322         b43_phy_free(dev);
5323 }
5324
5325 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5326                                 bool *have_5ghz_phy)
5327 {
5328         u16 dev_id = 0;
5329
5330 #ifdef CONFIG_B43_BCMA
5331         if (dev->dev->bus_type == B43_BUS_BCMA &&
5332             dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5333                 dev_id = dev->dev->bdev->bus->host_pci->device;
5334 #endif
5335 #ifdef CONFIG_B43_SSB
5336         if (dev->dev->bus_type == B43_BUS_SSB &&
5337             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5338                 dev_id = dev->dev->sdev->bus->host_pci->device;
5339 #endif
5340         /* Override with SPROM value if available */
5341         if (dev->dev->bus_sprom->dev_id)
5342                 dev_id = dev->dev->bus_sprom->dev_id;
5343
5344         /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5345         switch (dev_id) {
5346         case 0x4324: /* BCM4306 */
5347         case 0x4312: /* BCM4311 */
5348         case 0x4319: /* BCM4318 */
5349         case 0x4328: /* BCM4321 */
5350         case 0x432b: /* BCM4322 */
5351         case 0x4350: /* BCM43222 */
5352         case 0x4353: /* BCM43224 */
5353         case 0x0576: /* BCM43224 */
5354         case 0x435f: /* BCM6362 */
5355         case 0x4331: /* BCM4331 */
5356         case 0x4359: /* BCM43228 */
5357         case 0x43a0: /* BCM4360 */
5358         case 0x43b1: /* BCM4352 */
5359                 /* Dual band devices */
5360                 *have_2ghz_phy = true;
5361                 *have_5ghz_phy = true;
5362                 return;
5363         case 0x4321: /* BCM4306 */
5364                 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5365                 if (dev->phy.type != B43_PHYTYPE_G)
5366                         break;
5367                 /* fall through */
5368         case 0x4313: /* BCM4311 */
5369         case 0x431a: /* BCM4318 */
5370         case 0x432a: /* BCM4321 */
5371         case 0x432d: /* BCM4322 */
5372         case 0x4352: /* BCM43222 */
5373         case 0x435a: /* BCM43228 */
5374         case 0x4333: /* BCM4331 */
5375         case 0x43a2: /* BCM4360 */
5376         case 0x43b3: /* BCM4352 */
5377                 /* 5 GHz only devices */
5378                 *have_2ghz_phy = false;
5379                 *have_5ghz_phy = true;
5380                 return;
5381         }
5382
5383         /* As a fallback, try to guess using PHY type */
5384         switch (dev->phy.type) {
5385         case B43_PHYTYPE_A:
5386                 *have_2ghz_phy = false;
5387                 *have_5ghz_phy = true;
5388                 return;
5389         case B43_PHYTYPE_G:
5390         case B43_PHYTYPE_N:
5391         case B43_PHYTYPE_LP:
5392         case B43_PHYTYPE_HT:
5393         case B43_PHYTYPE_LCN:
5394                 *have_2ghz_phy = true;
5395                 *have_5ghz_phy = false;
5396                 return;
5397         }
5398
5399         B43_WARN_ON(1);
5400 }
5401
5402 static int b43_wireless_core_attach(struct b43_wldev *dev)
5403 {
5404         struct b43_wl *wl = dev->wl;
5405         struct b43_phy *phy = &dev->phy;
5406         int err;
5407         u32 tmp;
5408         bool have_2ghz_phy = false, have_5ghz_phy = false;
5409
5410         /* Do NOT do any device initialization here.
5411          * Do it in wireless_core_init() instead.
5412          * This function is for gathering basic information about the HW, only.
5413          * Also some structs may be set up here. But most likely you want to have
5414          * that in core_init(), too.
5415          */
5416
5417         err = b43_bus_powerup(dev, 0);
5418         if (err) {
5419                 b43err(wl, "Bus powerup failed\n");
5420                 goto out;
5421         }
5422
5423         phy->do_full_init = true;
5424
5425         /* Try to guess supported bands for the first init needs */
5426         switch (dev->dev->bus_type) {
5427 #ifdef CONFIG_B43_BCMA
5428         case B43_BUS_BCMA:
5429                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5430                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5431                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5432                 break;
5433 #endif
5434 #ifdef CONFIG_B43_SSB
5435         case B43_BUS_SSB:
5436                 if (dev->dev->core_rev >= 5) {
5437                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5438                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5439                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5440                 } else
5441                         B43_WARN_ON(1);
5442                 break;
5443 #endif
5444         }
5445
5446         dev->phy.gmode = have_2ghz_phy;
5447         b43_wireless_core_reset(dev, dev->phy.gmode);
5448
5449         /* Get the PHY type. */
5450         err = b43_phy_versioning(dev);
5451         if (err)
5452                 goto err_powerdown;
5453
5454         /* Get real info about supported bands */
5455         b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5456
5457         /* We don't support 5 GHz on some PHYs yet */
5458         if (have_5ghz_phy) {
5459                 switch (dev->phy.type) {
5460                 case B43_PHYTYPE_A:
5461                 case B43_PHYTYPE_G:
5462                 case B43_PHYTYPE_LP:
5463                 case B43_PHYTYPE_HT:
5464                         b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5465                         have_5ghz_phy = false;
5466                 }
5467         }
5468
5469         if (!have_2ghz_phy && !have_5ghz_phy) {
5470                 b43err(wl, "b43 can't support any band on this device\n");
5471                 err = -EOPNOTSUPP;
5472                 goto err_powerdown;
5473         }
5474
5475         err = b43_phy_allocate(dev);
5476         if (err)
5477                 goto err_powerdown;
5478
5479         dev->phy.gmode = have_2ghz_phy;
5480         b43_wireless_core_reset(dev, dev->phy.gmode);
5481
5482         err = b43_validate_chipaccess(dev);
5483         if (err)
5484                 goto err_phy_free;
5485         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5486         if (err)
5487                 goto err_phy_free;
5488
5489         /* Now set some default "current_dev" */
5490         if (!wl->current_dev)
5491                 wl->current_dev = dev;
5492         INIT_WORK(&dev->restart_work, b43_chip_reset);
5493
5494         dev->phy.ops->switch_analog(dev, 0);
5495         b43_device_disable(dev, 0);
5496         b43_bus_may_powerdown(dev);
5497
5498 out:
5499         return err;
5500
5501 err_phy_free:
5502         b43_phy_free(dev);
5503 err_powerdown:
5504         b43_bus_may_powerdown(dev);
5505         return err;
5506 }
5507
5508 static void b43_one_core_detach(struct b43_bus_dev *dev)
5509 {
5510         struct b43_wldev *wldev;
5511         struct b43_wl *wl;
5512
5513         /* Do not cancel ieee80211-workqueue based work here.
5514          * See comment in b43_remove(). */
5515
5516         wldev = b43_bus_get_wldev(dev);
5517         wl = wldev->wl;
5518         b43_debugfs_remove_device(wldev);
5519         b43_wireless_core_detach(wldev);
5520         list_del(&wldev->list);
5521         b43_bus_set_wldev(dev, NULL);
5522         kfree(wldev);
5523 }
5524
5525 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5526 {
5527         struct b43_wldev *wldev;
5528         int err = -ENOMEM;
5529
5530         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5531         if (!wldev)
5532                 goto out;
5533
5534         wldev->use_pio = b43_modparam_pio;
5535         wldev->dev = dev;
5536         wldev->wl = wl;
5537         b43_set_status(wldev, B43_STAT_UNINIT);
5538         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5539         INIT_LIST_HEAD(&wldev->list);
5540
5541         err = b43_wireless_core_attach(wldev);
5542         if (err)
5543                 goto err_kfree_wldev;
5544
5545         b43_bus_set_wldev(dev, wldev);
5546         b43_debugfs_add_device(wldev);
5547
5548       out:
5549         return err;
5550
5551       err_kfree_wldev:
5552         kfree(wldev);
5553         return err;
5554 }
5555
5556 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5557         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5558         (pdev->device == _device) &&                                    \
5559         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5560         (pdev->subsystem_device == _subdevice)                          )
5561
5562 #ifdef CONFIG_B43_SSB
5563 static void b43_sprom_fixup(struct ssb_bus *bus)
5564 {
5565         struct pci_dev *pdev;
5566
5567         /* boardflags workarounds */
5568         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5569             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5570                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5571         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5572             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5573                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5574         if (bus->bustype == SSB_BUSTYPE_PCI) {
5575                 pdev = bus->host_pci;
5576                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5577                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5578                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5579                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5580                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5581                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5582                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5583                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5584         }
5585 }
5586
5587 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5588 {
5589         struct ieee80211_hw *hw = wl->hw;
5590
5591         ssb_set_devtypedata(dev->sdev, NULL);
5592         ieee80211_free_hw(hw);
5593 }
5594 #endif
5595
5596 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5597 {
5598         struct ssb_sprom *sprom = dev->bus_sprom;
5599         struct ieee80211_hw *hw;
5600         struct b43_wl *wl;
5601         char chip_name[6];
5602         int queue_num;
5603
5604         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5605         if (!hw) {
5606                 b43err(NULL, "Could not allocate ieee80211 device\n");
5607                 return ERR_PTR(-ENOMEM);
5608         }
5609         wl = hw_to_b43_wl(hw);
5610
5611         /* fill hw info */
5612         ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5613         ieee80211_hw_set(hw, SIGNAL_DBM);
5614
5615         hw->wiphy->interface_modes =
5616                 BIT(NL80211_IFTYPE_AP) |
5617                 BIT(NL80211_IFTYPE_MESH_POINT) |
5618                 BIT(NL80211_IFTYPE_STATION) |
5619                 BIT(NL80211_IFTYPE_WDS) |
5620                 BIT(NL80211_IFTYPE_ADHOC);
5621
5622         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5623
5624         wl->hw_registred = false;
5625         hw->max_rates = 2;
5626         SET_IEEE80211_DEV(hw, dev->dev);
5627         if (is_valid_ether_addr(sprom->et1mac))
5628                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5629         else
5630                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5631
5632         /* Initialize struct b43_wl */
5633         wl->hw = hw;
5634         mutex_init(&wl->mutex);
5635         spin_lock_init(&wl->hardirq_lock);
5636         spin_lock_init(&wl->beacon_lock);
5637         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5638         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5639         INIT_WORK(&wl->tx_work, b43_tx_work);
5640
5641         /* Initialize queues and flags. */
5642         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5643                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5644                 wl->tx_queue_stopped[queue_num] = 0;
5645         }
5646
5647         snprintf(chip_name, ARRAY_SIZE(chip_name),
5648                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5649         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5650                 dev->core_rev);
5651         return wl;
5652 }
5653
5654 #ifdef CONFIG_B43_BCMA
5655 static int b43_bcma_probe(struct bcma_device *core)
5656 {
5657         struct b43_bus_dev *dev;
5658         struct b43_wl *wl;
5659         int err;
5660
5661         if (!modparam_allhwsupport &&
5662             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5663                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5664                 return -ENOTSUPP;
5665         }
5666
5667         dev = b43_bus_dev_bcma_init(core);
5668         if (!dev)
5669                 return -ENODEV;
5670
5671         wl = b43_wireless_init(dev);
5672         if (IS_ERR(wl)) {
5673                 err = PTR_ERR(wl);
5674                 goto bcma_out;
5675         }
5676
5677         err = b43_one_core_attach(dev, wl);
5678         if (err)
5679                 goto bcma_err_wireless_exit;
5680
5681         /* setup and start work to load firmware */
5682         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5683         schedule_work(&wl->firmware_load);
5684
5685 bcma_out:
5686         return err;
5687
5688 bcma_err_wireless_exit:
5689         ieee80211_free_hw(wl->hw);
5690         return err;
5691 }
5692
5693 static void b43_bcma_remove(struct bcma_device *core)
5694 {
5695         struct b43_wldev *wldev = bcma_get_drvdata(core);
5696         struct b43_wl *wl = wldev->wl;
5697
5698         /* We must cancel any work here before unregistering from ieee80211,
5699          * as the ieee80211 unreg will destroy the workqueue. */
5700         cancel_work_sync(&wldev->restart_work);
5701         cancel_work_sync(&wl->firmware_load);
5702
5703         B43_WARN_ON(!wl);
5704         if (!wldev->fw.ucode.data)
5705                 return;                 /* NULL if firmware never loaded */
5706         if (wl->current_dev == wldev && wl->hw_registred) {
5707                 b43_leds_stop(wldev);
5708                 ieee80211_unregister_hw(wl->hw);
5709         }
5710
5711         b43_one_core_detach(wldev->dev);
5712
5713         /* Unregister HW RNG driver */
5714         b43_rng_exit(wl);
5715
5716         b43_leds_unregister(wl);
5717
5718         ieee80211_free_hw(wl->hw);
5719 }
5720
5721 static struct bcma_driver b43_bcma_driver = {
5722         .name           = KBUILD_MODNAME,
5723         .id_table       = b43_bcma_tbl,
5724         .probe          = b43_bcma_probe,
5725         .remove         = b43_bcma_remove,
5726 };
5727 #endif
5728
5729 #ifdef CONFIG_B43_SSB
5730 static
5731 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5732 {
5733         struct b43_bus_dev *dev;
5734         struct b43_wl *wl;
5735         int err;
5736
5737         dev = b43_bus_dev_ssb_init(sdev);
5738         if (!dev)
5739                 return -ENOMEM;
5740
5741         wl = ssb_get_devtypedata(sdev);
5742         if (wl) {
5743                 b43err(NULL, "Dual-core devices are not supported\n");
5744                 err = -ENOTSUPP;
5745                 goto err_ssb_kfree_dev;
5746         }
5747
5748         b43_sprom_fixup(sdev->bus);
5749
5750         wl = b43_wireless_init(dev);
5751         if (IS_ERR(wl)) {
5752                 err = PTR_ERR(wl);
5753                 goto err_ssb_kfree_dev;
5754         }
5755         ssb_set_devtypedata(sdev, wl);
5756         B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5757
5758         err = b43_one_core_attach(dev, wl);
5759         if (err)
5760                 goto err_ssb_wireless_exit;
5761
5762         /* setup and start work to load firmware */
5763         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5764         schedule_work(&wl->firmware_load);
5765
5766         return err;
5767
5768 err_ssb_wireless_exit:
5769         b43_wireless_exit(dev, wl);
5770 err_ssb_kfree_dev:
5771         kfree(dev);
5772         return err;
5773 }
5774
5775 static void b43_ssb_remove(struct ssb_device *sdev)
5776 {
5777         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5778         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5779         struct b43_bus_dev *dev = wldev->dev;
5780
5781         /* We must cancel any work here before unregistering from ieee80211,
5782          * as the ieee80211 unreg will destroy the workqueue. */
5783         cancel_work_sync(&wldev->restart_work);
5784         cancel_work_sync(&wl->firmware_load);
5785
5786         B43_WARN_ON(!wl);
5787         if (!wldev->fw.ucode.data)
5788                 return;                 /* NULL if firmware never loaded */
5789         if (wl->current_dev == wldev && wl->hw_registred) {
5790                 b43_leds_stop(wldev);
5791                 ieee80211_unregister_hw(wl->hw);
5792         }
5793
5794         b43_one_core_detach(dev);
5795
5796         /* Unregister HW RNG driver */
5797         b43_rng_exit(wl);
5798
5799         b43_leds_unregister(wl);
5800         b43_wireless_exit(dev, wl);
5801 }
5802
5803 static struct ssb_driver b43_ssb_driver = {
5804         .name           = KBUILD_MODNAME,
5805         .id_table       = b43_ssb_tbl,
5806         .probe          = b43_ssb_probe,
5807         .remove         = b43_ssb_remove,
5808 };
5809 #endif /* CONFIG_B43_SSB */
5810
5811 /* Perform a hardware reset. This can be called from any context. */
5812 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5813 {
5814         /* Must avoid requeueing, if we are in shutdown. */
5815         if (b43_status(dev) < B43_STAT_INITIALIZED)
5816                 return;
5817         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5818         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5819 }
5820
5821 static void b43_print_driverinfo(void)
5822 {
5823         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5824                    *feat_leds = "", *feat_sdio = "";
5825
5826 #ifdef CONFIG_B43_PCI_AUTOSELECT
5827         feat_pci = "P";
5828 #endif
5829 #ifdef CONFIG_B43_PCMCIA
5830         feat_pcmcia = "M";
5831 #endif
5832 #ifdef CONFIG_B43_PHY_N
5833         feat_nphy = "N";
5834 #endif
5835 #ifdef CONFIG_B43_LEDS
5836         feat_leds = "L";
5837 #endif
5838 #ifdef CONFIG_B43_SDIO
5839         feat_sdio = "S";
5840 #endif
5841         printk(KERN_INFO "Broadcom 43xx driver loaded "
5842                "[ Features: %s%s%s%s%s ]\n",
5843                feat_pci, feat_pcmcia, feat_nphy,
5844                feat_leds, feat_sdio);
5845 }
5846
5847 static int __init b43_init(void)
5848 {
5849         int err;
5850
5851         b43_debugfs_init();
5852         err = b43_sdio_init();
5853         if (err)
5854                 goto err_dfs_exit;
5855 #ifdef CONFIG_B43_BCMA
5856         err = bcma_driver_register(&b43_bcma_driver);
5857         if (err)
5858                 goto err_sdio_exit;
5859 #endif
5860 #ifdef CONFIG_B43_SSB
5861         err = ssb_driver_register(&b43_ssb_driver);
5862         if (err)
5863                 goto err_bcma_driver_exit;
5864 #endif
5865         b43_print_driverinfo();
5866
5867         return err;
5868
5869 #ifdef CONFIG_B43_SSB
5870 err_bcma_driver_exit:
5871 #endif
5872 #ifdef CONFIG_B43_BCMA
5873         bcma_driver_unregister(&b43_bcma_driver);
5874 err_sdio_exit:
5875 #endif
5876         b43_sdio_exit();
5877 err_dfs_exit:
5878         b43_debugfs_exit();
5879         return err;
5880 }
5881
5882 static void __exit b43_exit(void)
5883 {
5884 #ifdef CONFIG_B43_SSB
5885         ssb_driver_unregister(&b43_ssb_driver);
5886 #endif
5887 #ifdef CONFIG_B43_BCMA
5888         bcma_driver_unregister(&b43_bcma_driver);
5889 #endif
5890         b43_sdio_exit();
5891         b43_debugfs_exit();
5892 }
5893
5894 module_init(b43_init)
5895 module_exit(b43_exit)