projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'lsk/v3.10/topic/arm64-topology' into linux-linaro-lsk
[firefly-linux-kernel-4.4.55.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124         BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141         SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145
146 /* Channel and ratetables are shared for all devices.
147  * They can't be const, because ieee80211 puts some precalculated
148  * data in there. This data is the same for all devices, so we don't
149  * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151         {                                                               \
152                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
153                 .hw_value       = (_rateid),                            \
154                 .flags          = (_flags),                             \
155         }
156
157 /*
158  * NOTE: When changing this, sync with xmit.c's
159  *       b43_plcp_get_bitrate_idx_* functions!
160  */
161 static struct ieee80211_rate __b43_ratetable[] = {
162         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175
176 #define b43_a_ratetable         (__b43_ratetable + 4)
177 #define b43_a_ratetable_size    8
178 #define b43_b_ratetable         (__b43_ratetable + 0)
179 #define b43_b_ratetable_size    4
180 #define b43_g_ratetable         (__b43_ratetable + 0)
181 #define b43_g_ratetable_size    12
182
183 #define CHAN4G(_channel, _freq, _flags) {                       \
184         .band                   = IEEE80211_BAND_2GHZ,          \
185         .center_freq            = (_freq),                      \
186         .hw_value               = (_channel),                   \
187         .flags                  = (_flags),                     \
188         .max_antenna_gain       = 0,                            \
189         .max_power              = 30,                           \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192         CHAN4G(1, 2412, 0),
193         CHAN4G(2, 2417, 0),
194         CHAN4G(3, 2422, 0),
195         CHAN4G(4, 2427, 0),
196         CHAN4G(5, 2432, 0),
197         CHAN4G(6, 2437, 0),
198         CHAN4G(7, 2442, 0),
199         CHAN4G(8, 2447, 0),
200         CHAN4G(9, 2452, 0),
201         CHAN4G(10, 2457, 0),
202         CHAN4G(11, 2462, 0),
203         CHAN4G(12, 2467, 0),
204         CHAN4G(13, 2472, 0),
205         CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208
209 #define CHAN5G(_channel, _flags) {                              \
210         .band                   = IEEE80211_BAND_5GHZ,          \
211         .center_freq            = 5000 + (5 * (_channel)),      \
212         .hw_value               = (_channel),                   \
213         .flags                  = (_flags),                     \
214         .max_antenna_gain       = 0,                            \
215         .max_power              = 30,                           \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218         CHAN5G(32, 0),          CHAN5G(34, 0),
219         CHAN5G(36, 0),          CHAN5G(38, 0),
220         CHAN5G(40, 0),          CHAN5G(42, 0),
221         CHAN5G(44, 0),          CHAN5G(46, 0),
222         CHAN5G(48, 0),          CHAN5G(50, 0),
223         CHAN5G(52, 0),          CHAN5G(54, 0),
224         CHAN5G(56, 0),          CHAN5G(58, 0),
225         CHAN5G(60, 0),          CHAN5G(62, 0),
226         CHAN5G(64, 0),          CHAN5G(66, 0),
227         CHAN5G(68, 0),          CHAN5G(70, 0),
228         CHAN5G(72, 0),          CHAN5G(74, 0),
229         CHAN5G(76, 0),          CHAN5G(78, 0),
230         CHAN5G(80, 0),          CHAN5G(82, 0),
231         CHAN5G(84, 0),          CHAN5G(86, 0),
232         CHAN5G(88, 0),          CHAN5G(90, 0),
233         CHAN5G(92, 0),          CHAN5G(94, 0),
234         CHAN5G(96, 0),          CHAN5G(98, 0),
235         CHAN5G(100, 0),         CHAN5G(102, 0),
236         CHAN5G(104, 0),         CHAN5G(106, 0),
237         CHAN5G(108, 0),         CHAN5G(110, 0),
238         CHAN5G(112, 0),         CHAN5G(114, 0),
239         CHAN5G(116, 0),         CHAN5G(118, 0),
240         CHAN5G(120, 0),         CHAN5G(122, 0),
241         CHAN5G(124, 0),         CHAN5G(126, 0),
242         CHAN5G(128, 0),         CHAN5G(130, 0),
243         CHAN5G(132, 0),         CHAN5G(134, 0),
244         CHAN5G(136, 0),         CHAN5G(138, 0),
245         CHAN5G(140, 0),         CHAN5G(142, 0),
246         CHAN5G(144, 0),         CHAN5G(145, 0),
247         CHAN5G(146, 0),         CHAN5G(147, 0),
248         CHAN5G(148, 0),         CHAN5G(149, 0),
249         CHAN5G(150, 0),         CHAN5G(151, 0),
250         CHAN5G(152, 0),         CHAN5G(153, 0),
251         CHAN5G(154, 0),         CHAN5G(155, 0),
252         CHAN5G(156, 0),         CHAN5G(157, 0),
253         CHAN5G(158, 0),         CHAN5G(159, 0),
254         CHAN5G(160, 0),         CHAN5G(161, 0),
255         CHAN5G(162, 0),         CHAN5G(163, 0),
256         CHAN5G(164, 0),         CHAN5G(165, 0),
257         CHAN5G(166, 0),         CHAN5G(168, 0),
258         CHAN5G(170, 0),         CHAN5G(172, 0),
259         CHAN5G(174, 0),         CHAN5G(176, 0),
260         CHAN5G(178, 0),         CHAN5G(180, 0),
261         CHAN5G(182, 0),         CHAN5G(184, 0),
262         CHAN5G(186, 0),         CHAN5G(188, 0),
263         CHAN5G(190, 0),         CHAN5G(192, 0),
264         CHAN5G(194, 0),         CHAN5G(196, 0),
265         CHAN5G(198, 0),         CHAN5G(200, 0),
266         CHAN5G(202, 0),         CHAN5G(204, 0),
267         CHAN5G(206, 0),         CHAN5G(208, 0),
268         CHAN5G(210, 0),         CHAN5G(212, 0),
269         CHAN5G(214, 0),         CHAN5G(216, 0),
270         CHAN5G(218, 0),         CHAN5G(220, 0),
271         CHAN5G(222, 0),         CHAN5G(224, 0),
272         CHAN5G(226, 0),         CHAN5G(228, 0),
273 };
274
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276         CHAN5G(34, 0),          CHAN5G(36, 0),
277         CHAN5G(38, 0),          CHAN5G(40, 0),
278         CHAN5G(42, 0),          CHAN5G(44, 0),
279         CHAN5G(46, 0),          CHAN5G(48, 0),
280         CHAN5G(52, 0),          CHAN5G(56, 0),
281         CHAN5G(60, 0),          CHAN5G(64, 0),
282         CHAN5G(100, 0),         CHAN5G(104, 0),
283         CHAN5G(108, 0),         CHAN5G(112, 0),
284         CHAN5G(116, 0),         CHAN5G(120, 0),
285         CHAN5G(124, 0),         CHAN5G(128, 0),
286         CHAN5G(132, 0),         CHAN5G(136, 0),
287         CHAN5G(140, 0),         CHAN5G(149, 0),
288         CHAN5G(153, 0),         CHAN5G(157, 0),
289         CHAN5G(161, 0),         CHAN5G(165, 0),
290         CHAN5G(184, 0),         CHAN5G(188, 0),
291         CHAN5G(192, 0),         CHAN5G(196, 0),
292         CHAN5G(200, 0),         CHAN5G(204, 0),
293         CHAN5G(208, 0),         CHAN5G(212, 0),
294         CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299         .band           = IEEE80211_BAND_5GHZ,
300         .channels       = b43_5ghz_nphy_chantable,
301         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302         .bitrates       = b43_a_ratetable,
303         .n_bitrates     = b43_a_ratetable_size,
304 };
305
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307         .band           = IEEE80211_BAND_5GHZ,
308         .channels       = b43_5ghz_aphy_chantable,
309         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310         .bitrates       = b43_a_ratetable,
311         .n_bitrates     = b43_a_ratetable_size,
312 };
313
314 static struct ieee80211_supported_band b43_band_2GHz = {
315         .band           = IEEE80211_BAND_2GHZ,
316         .channels       = b43_2ghz_chantable,
317         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
318         .bitrates       = b43_g_ratetable,
319         .n_bitrates     = b43_g_ratetable_size,
320 };
321
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327                                     struct ieee80211_vif *vif,
328                                     struct ieee80211_bss_conf *conf,
329                                     u32 changed);
330
331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333         if (!wl || !wl->current_dev)
334                 return 1;
335         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336                 return 1;
337         /* We are up and running.
338          * Ratelimit the messages to avoid DoS over the net. */
339         return net_ratelimit();
340 }
341
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344         struct va_format vaf;
345         va_list args;
346
347         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348                 return;
349         if (!b43_ratelimit(wl))
350                 return;
351
352         va_start(args, fmt);
353
354         vaf.fmt = fmt;
355         vaf.va = &args;
356
357         printk(KERN_INFO "b43-%s: %pV",
358                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360         va_end(args);
361 }
362
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365         struct va_format vaf;
366         va_list args;
367
368         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369                 return;
370         if (!b43_ratelimit(wl))
371                 return;
372
373         va_start(args, fmt);
374
375         vaf.fmt = fmt;
376         vaf.va = &args;
377
378         printk(KERN_ERR "b43-%s ERROR: %pV",
379                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381         va_end(args);
382 }
383
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386         struct va_format vaf;
387         va_list args;
388
389         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390                 return;
391         if (!b43_ratelimit(wl))
392                 return;
393
394         va_start(args, fmt);
395
396         vaf.fmt = fmt;
397         vaf.va = &args;
398
399         printk(KERN_WARNING "b43-%s warning: %pV",
400                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402         va_end(args);
403 }
404
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407         struct va_format vaf;
408         va_list args;
409
410         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411                 return;
412
413         va_start(args, fmt);
414
415         vaf.fmt = fmt;
416         vaf.va = &args;
417
418         printk(KERN_DEBUG "b43-%s debug: %pV",
419                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421         va_end(args);
422 }
423
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426         u32 macctl;
427
428         B43_WARN_ON(offset % 4 != 0);
429
430         macctl = b43_read32(dev, B43_MMIO_MACCTL);
431         if (macctl & B43_MACCTL_BE)
432                 val = swab32(val);
433
434         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435         mmiowb();
436         b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440                                         u16 routing, u16 offset)
441 {
442         u32 control;
443
444         /* "offset" is the WORD offset. */
445         control = routing;
446         control <<= 16;
447         control |= offset;
448         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453         u32 ret;
454
455         if (routing == B43_SHM_SHARED) {
456                 B43_WARN_ON(offset & 0x0001);
457                 if (offset & 0x0003) {
458                         /* Unaligned access */
459                         b43_shm_control_word(dev, routing, offset >> 2);
460                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464                         goto out;
465                 }
466                 offset >>= 2;
467         }
468         b43_shm_control_word(dev, routing, offset);
469         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471         return ret;
472 }
473
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476         u16 ret;
477
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485                         goto out;
486                 }
487                 offset >>= 2;
488         }
489         b43_shm_control_word(dev, routing, offset);
490         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492         return ret;
493 }
494
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497         if (routing == B43_SHM_SHARED) {
498                 B43_WARN_ON(offset & 0x0001);
499                 if (offset & 0x0003) {
500                         /* Unaligned access */
501                         b43_shm_control_word(dev, routing, offset >> 2);
502                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503                                     value & 0xFFFF);
504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505                         b43_write16(dev, B43_MMIO_SHM_DATA,
506                                     (value >> 16) & 0xFFFF);
507                         return;
508                 }
509                 offset >>= 2;
510         }
511         b43_shm_control_word(dev, routing, offset);
512         b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517         if (routing == B43_SHM_SHARED) {
518                 B43_WARN_ON(offset & 0x0001);
519                 if (offset & 0x0003) {
520                         /* Unaligned access */
521                         b43_shm_control_word(dev, routing, offset >> 2);
522                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523                         return;
524                 }
525                 offset >>= 2;
526         }
527         b43_shm_control_word(dev, routing, offset);
528         b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534         u64 ret;
535
536         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537         ret <<= 16;
538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541
542         return ret;
543 }
544
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548         u16 lo, mi, hi;
549
550         lo = (value & 0x00000000FFFFULL);
551         mi = (value & 0x0000FFFF0000ULL) >> 16;
552         hi = (value & 0xFFFF00000000ULL) >> 32;
553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561         B43_WARN_ON(!dev->fw.opensource);
562         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567         u32 low, high;
568
569         B43_WARN_ON(dev->dev->core_rev < 3);
570
571         /* The hardware guarantees us an atomic read, if we
572          * read the low register first. */
573         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576         *tsf = high;
577         *tsf <<= 32;
578         *tsf |= low;
579 }
580
581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591         /* Commit the write */
592         b43_read32(dev, B43_MMIO_MACCTL);
593 }
594
595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597         u32 low, high;
598
599         B43_WARN_ON(dev->dev->core_rev < 3);
600
601         low = tsf;
602         high = (tsf >> 32);
603         /* The hardware guarantees us an atomic write, if we
604          * write the low register first. */
605         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606         mmiowb();
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608         mmiowb();
609 }
610
611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613         b43_time_lock(dev);
614         b43_tsf_write_locked(dev, tsf);
615         b43_time_unlock(dev);
616 }
617
618 static
619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621         static const u8 zero_addr[ETH_ALEN] = { 0 };
622         u16 data;
623
624         if (!mac)
625                 mac = zero_addr;
626
627         offset |= 0x0020;
628         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630         data = mac[0];
631         data |= mac[1] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[2];
634         data |= mac[3] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636         data = mac[4];
637         data |= mac[5] << 8;
638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640
641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643         const u8 *mac;
644         const u8 *bssid;
645         u8 mac_bssid[ETH_ALEN * 2];
646         int i;
647         u32 tmp;
648
649         bssid = dev->wl->bssid;
650         mac = dev->wl->mac_addr;
651
652         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654         memcpy(mac_bssid, mac, ETH_ALEN);
655         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657         /* Write our MAC address and BSSID to template ram */
658         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659                 tmp = (u32) (mac_bssid[i + 0]);
660                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663                 b43_ram_write(dev, 0x20 + i, tmp);
664         }
665 }
666
667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669         b43_write_mac_bssid_templates(dev);
670         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672
673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675         /* slot_time is in usec. */
676         /* This test used to exit for all but a G PHY. */
677         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678                 return;
679         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680         /* Shared memory location 0x0010 is the slot time and should be
681          * set to slot_time; however, this register is initially 0 and changing
682          * the value adversely affects the transmit rate for BCM4311
683          * devices. Until this behavior is unterstood, delete this step
684          *
685          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686          */
687 }
688
689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691         b43_set_slot_time(dev, 9);
692 }
693
694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696         b43_set_slot_time(dev, 20);
697 }
698
699 /* DummyTransmission function, as documented on
700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701  */
702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704         struct b43_phy *phy = &dev->phy;
705         unsigned int i, max_loop;
706         u16 value;
707         u32 buffer[5] = {
708                 0x00000000,
709                 0x00D40000,
710                 0x00000000,
711                 0x01000000,
712                 0x00000000,
713         };
714
715         if (ofdm) {
716                 max_loop = 0x1E;
717                 buffer[0] = 0x000201CC;
718         } else {
719                 max_loop = 0xFA;
720                 buffer[0] = 0x000B846E;
721         }
722
723         for (i = 0; i < 5; i++)
724                 b43_ram_write(dev, i * 4, buffer[i]);
725
726         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728         if (dev->dev->core_rev < 11)
729                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730         else
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733         value = (ofdm ? 0x41 : 0x40);
734         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736             phy->type == B43_PHYTYPE_LCN)
737                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747         if (!pa_on && phy->type == B43_PHYTYPE_N)
748                 ; /*b43_nphy_pa_override(dev, false) */
749
750         switch (phy->type) {
751         case B43_PHYTYPE_N:
752         case B43_PHYTYPE_LCN:
753                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754                 break;
755         case B43_PHYTYPE_LP:
756                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757                 break;
758         default:
759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760         }
761         b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764                 b43_radio_write16(dev, 0x0051, 0x0017);
765         for (i = 0x00; i < max_loop; i++) {
766                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767                 if (value & 0x0080)
768                         break;
769                 udelay(10);
770         }
771         for (i = 0x00; i < 0x0A; i++) {
772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773                 if (value & 0x0400)
774                         break;
775                 udelay(10);
776         }
777         for (i = 0x00; i < 0x19; i++) {
778                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779                 if (!(value & 0x0100))
780                         break;
781                 udelay(10);
782         }
783         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784                 b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786
787 static void key_write(struct b43_wldev *dev,
788                       u8 index, u8 algorithm, const u8 *key)
789 {
790         unsigned int i;
791         u32 offset;
792         u16 value;
793         u16 kidx;
794
795         /* Key index/algo block */
796         kidx = b43_kidx_to_fw(dev, index);
797         value = ((kidx << 4) | algorithm);
798         b43_shm_write16(dev, B43_SHM_SHARED,
799                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801         /* Write the key to the Key Table Pointer offset */
802         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804                 value = key[i];
805                 value |= (u16) (key[i + 1]) << 8;
806                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807         }
808 }
809
810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812         u32 addrtmp[2] = { 0, 0, };
813         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815         if (b43_new_kidx_api(dev))
816                 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818         B43_WARN_ON(index < pairwise_keys_start);
819         /* We have four default TX keys and possibly four default RX keys.
820          * Physical mac 0 is mapped to physical key 4 or 8, depending
821          * on the firmware version.
822          * So we must adjust the index here.
823          */
824         index -= pairwise_keys_start;
825         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827         if (addr) {
828                 addrtmp[0] = addr[0];
829                 addrtmp[0] |= ((u32) (addr[1]) << 8);
830                 addrtmp[0] |= ((u32) (addr[2]) << 16);
831                 addrtmp[0] |= ((u32) (addr[3]) << 24);
832                 addrtmp[1] = addr[4];
833                 addrtmp[1] |= ((u32) (addr[5]) << 8);
834         }
835
836         /* Receive match transmitter address (RCMTA) mechanism */
837         b43_shm_write32(dev, B43_SHM_RCMTA,
838                         (index * 2) + 0, addrtmp[0]);
839         b43_shm_write16(dev, B43_SHM_RCMTA,
840                         (index * 2) + 1, addrtmp[1]);
841 }
842
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844  * When a packet is received, the iv32 is checked.
845  * - if it doesn't the packet is returned without modification (and software
846  *   decryption can be done). That's what happen when iv16 wrap.
847  * - if it does, the rc4 key is computed, and decryption is tried.
848  *   Either it will success and B43_RX_MAC_DEC is returned,
849  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850  *   and the packet is not usable (it got modified by the ucode).
851  * So in order to never have B43_RX_MAC_DECERR, we should provide
852  * a iv32 and phase1key that match. Because we drop packets in case of
853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854  * packets will be lost without higher layer knowing (ie no resync possible
855  * until next wrap).
856  *
857  * NOTE : this should support 50 key like RCMTA because
858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859  */
860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861                 u16 *phase1key)
862 {
863         unsigned int i;
864         u32 offset;
865         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867         if (!modparam_hwtkip)
868                 return;
869
870         if (b43_new_kidx_api(dev))
871                 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873         B43_WARN_ON(index < pairwise_keys_start);
874         /* We have four default TX keys and possibly four default RX keys.
875          * Physical mac 0 is mapped to physical key 4 or 8, depending
876          * on the firmware version.
877          * So we must adjust the index here.
878          */
879         index -= pairwise_keys_start;
880         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882         if (b43_debug(dev, B43_DBG_KEYS)) {
883                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884                                 index, iv32);
885         }
886         /* Write the key to the  RX tkip shared mem */
887         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888         for (i = 0; i < 10; i += 2) {
889                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890                                 phase1key ? phase1key[i / 2] : 0);
891         }
892         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895
896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897                                    struct ieee80211_vif *vif,
898                                    struct ieee80211_key_conf *keyconf,
899                                    struct ieee80211_sta *sta,
900                                    u32 iv32, u16 *phase1key)
901 {
902         struct b43_wl *wl = hw_to_b43_wl(hw);
903         struct b43_wldev *dev;
904         int index = keyconf->hw_key_idx;
905
906         if (B43_WARN_ON(!modparam_hwtkip))
907                 return;
908
909         /* This is only called from the RX path through mac80211, where
910          * our mutex is already locked. */
911         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912         dev = wl->current_dev;
913         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917         rx_tkip_phase1_write(dev, index, iv32, phase1key);
918         /* only pairwise TKIP keys are supported right now */
919         if (WARN_ON(!sta))
920                 return;
921         keymac_write(dev, index, sta->addr);
922 }
923
924 static void do_key_write(struct b43_wldev *dev,
925                          u8 index, u8 algorithm,
926                          const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928         u8 buf[B43_SEC_KEYSIZE] = { 0, };
929         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931         if (b43_new_kidx_api(dev))
932                 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937         if (index >= pairwise_keys_start)
938                 keymac_write(dev, index, NULL); /* First zero out mac. */
939         if (algorithm == B43_SEC_ALGO_TKIP) {
940                 /*
941                  * We should provide an initial iv32, phase1key pair.
942                  * We could start with iv32=0 and compute the corresponding
943                  * phase1key, but this means calling ieee80211_get_tkip_key
944                  * with a fake skb (or export other tkip function).
945                  * Because we are lazy we hope iv32 won't start with
946                  * 0xffffffff and let's b43_op_update_tkip_key provide a
947                  * correct pair.
948                  */
949                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950         } else if (index >= pairwise_keys_start) /* clear it */
951                 rx_tkip_phase1_write(dev, index, 0, NULL);
952         if (key)
953                 memcpy(buf, key, key_len);
954         key_write(dev, index, algorithm, buf);
955         if (index >= pairwise_keys_start)
956                 keymac_write(dev, index, mac_addr);
957
958         dev->key[index].algorithm = algorithm;
959 }
960
961 static int b43_key_write(struct b43_wldev *dev,
962                          int index, u8 algorithm,
963                          const u8 *key, size_t key_len,
964                          const u8 *mac_addr,
965                          struct ieee80211_key_conf *keyconf)
966 {
967         int i;
968         int pairwise_keys_start;
969
970         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971          *      - Temporal Encryption Key (128 bits)
972          *      - Temporal Authenticator Tx MIC Key (64 bits)
973          *      - Temporal Authenticator Rx MIC Key (64 bits)
974          *
975          *      Hardware only store TEK
976          */
977         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978                 key_len = 16;
979         if (key_len > B43_SEC_KEYSIZE)
980                 return -EINVAL;
981         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982                 /* Check that we don't already have this key. */
983                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984         }
985         if (index < 0) {
986                 /* Pairwise key. Get an empty slot for the key. */
987                 if (b43_new_kidx_api(dev))
988                         pairwise_keys_start = B43_NR_GROUP_KEYS;
989                 else
990                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991                 for (i = pairwise_keys_start;
992                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993                      i++) {
994                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995                         if (!dev->key[i].keyconf) {
996                                 /* found empty */
997                                 index = i;
998                                 break;
999                         }
1000                 }
1001                 if (index < 0) {
1002                         b43warn(dev->wl, "Out of hardware key memory\n");
1003                         return -ENOSPC;
1004                 }
1005         } else
1006                 B43_WARN_ON(index > 3);
1007
1008         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010                 /* Default RX key */
1011                 B43_WARN_ON(mac_addr);
1012                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013         }
1014         keyconf->hw_key_idx = index;
1015         dev->key[index].keyconf = keyconf;
1016
1017         return 0;
1018 }
1019
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023                 return -EINVAL;
1024         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025                      NULL, B43_SEC_KEYSIZE, NULL);
1026         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028                              NULL, B43_SEC_KEYSIZE, NULL);
1029         }
1030         dev->key[index].keyconf = NULL;
1031
1032         return 0;
1033 }
1034
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037         int i, count;
1038
1039         if (b43_new_kidx_api(dev))
1040                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041         else
1042                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043         for (i = 0; i < count; i++)
1044                 b43_key_clear(dev, i);
1045 }
1046
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049         unsigned int i, index, count, offset, pairwise_keys_start;
1050         u8 mac[ETH_ALEN];
1051         u16 algo;
1052         u32 rcmta0;
1053         u16 rcmta1;
1054         u64 hf;
1055         struct b43_key *key;
1056
1057         if (!b43_debug(dev, B43_DBG_KEYS))
1058                 return;
1059
1060         hf = b43_hf_read(dev);
1061         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1062                !!(hf & B43_HF_USEDEFKEYS));
1063         if (b43_new_kidx_api(dev)) {
1064                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066         } else {
1067                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069         }
1070         for (index = 0; index < count; index++) {
1071                 key = &(dev->key[index]);
1072                 printk(KERN_DEBUG "Key slot %02u: %s",
1073                        index, (key->keyconf == NULL) ? " " : "*");
1074                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078                 }
1079
1080                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1083
1084                 if (index >= pairwise_keys_start) {
1085                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086                                 printk("   TKIP: ");
1087                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088                                 for (i = 0; i < 14; i += 2) {
1089                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091                                 }
1092                         }
1093                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094                                                 ((index - pairwise_keys_start) * 2) + 0);
1095                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 1);
1097                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099                         printk("   MAC: %pM", mac);
1100                 } else
1101                         printk("   DEFAULT KEY");
1102                 printk("\n");
1103         }
1104 }
1105
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108         u32 macctl;
1109         u16 ucstat;
1110         bool hwps;
1111         bool awake;
1112         int i;
1113
1114         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115                     (ps_flags & B43_PS_DISABLED));
1116         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118         if (ps_flags & B43_PS_ENABLED) {
1119                 hwps = true;
1120         } else if (ps_flags & B43_PS_DISABLED) {
1121                 hwps = false;
1122         } else {
1123                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124                 //      and thus is not an AP and we are associated, set bit 25
1125         }
1126         if (ps_flags & B43_PS_AWAKE) {
1127                 awake = true;
1128         } else if (ps_flags & B43_PS_ASLEEP) {
1129                 awake = false;
1130         } else {
1131                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133                 //      successful, set bit26
1134         }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137         hwps = false;
1138         awake = true;
1139
1140         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141         if (hwps)
1142                 macctl |= B43_MACCTL_HWPS;
1143         else
1144                 macctl &= ~B43_MACCTL_HWPS;
1145         if (awake)
1146                 macctl |= B43_MACCTL_AWAKE;
1147         else
1148                 macctl &= ~B43_MACCTL_AWAKE;
1149         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150         /* Commit write */
1151         b43_read32(dev, B43_MMIO_MACCTL);
1152         if (awake && dev->dev->core_rev >= 5) {
1153                 /* Wait for the microcode to wake up. */
1154                 for (i = 0; i < 100; i++) {
1155                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156                                                 B43_SHM_SH_UCODESTAT);
1157                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158                                 break;
1159                         udelay(10);
1160                 }
1161         }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167         u32 flags;
1168
1169         /* Put PHY into reset */
1170         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171         flags |= B43_BCMA_IOCTL_PHY_RESET;
1172         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174         udelay(2);
1175
1176         /* Take PHY out of reset */
1177         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179         flags |= BCMA_IOCTL_FGC;
1180         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181         udelay(1);
1182
1183         /* Do not force clock anymore */
1184         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185         flags &= ~BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188 }
1189
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1193                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1194         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1195                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1196
1197         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1198         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1199         b43_bcma_phy_reset(dev);
1200         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1201 }
1202 #endif
1203
1204 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1205 {
1206         struct ssb_device *sdev = dev->dev->sdev;
1207         u32 tmslow;
1208         u32 flags = 0;
1209
1210         if (gmode)
1211                 flags |= B43_TMSLOW_GMODE;
1212         flags |= B43_TMSLOW_PHYCLKEN;
1213         flags |= B43_TMSLOW_PHYRESET;
1214         if (dev->phy.type == B43_PHYTYPE_N)
1215                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1216         b43_device_enable(dev, flags);
1217         msleep(2);              /* Wait for the PLL to turn on. */
1218
1219         /* Now take the PHY out of Reset again */
1220         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1221         tmslow |= SSB_TMSLOW_FGC;
1222         tmslow &= ~B43_TMSLOW_PHYRESET;
1223         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1224         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1225         msleep(1);
1226         tmslow &= ~SSB_TMSLOW_FGC;
1227         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1228         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1229         msleep(1);
1230 }
1231
1232 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1233 {
1234         u32 macctl;
1235
1236         switch (dev->dev->bus_type) {
1237 #ifdef CONFIG_B43_BCMA
1238         case B43_BUS_BCMA:
1239                 b43_bcma_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242 #ifdef CONFIG_B43_SSB
1243         case B43_BUS_SSB:
1244                 b43_ssb_wireless_core_reset(dev, gmode);
1245                 break;
1246 #endif
1247         }
1248
1249         /* Turn Analog ON, but only if we already know the PHY-type.
1250          * This protects against very early setup where we don't know the
1251          * PHY-type, yet. wireless_core_reset will be called once again later,
1252          * when we know the PHY-type. */
1253         if (dev->phy.ops)
1254                 dev->phy.ops->switch_analog(dev, 1);
1255
1256         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1257         macctl &= ~B43_MACCTL_GMODE;
1258         if (gmode)
1259                 macctl |= B43_MACCTL_GMODE;
1260         macctl |= B43_MACCTL_IHR_ENABLED;
1261         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1262 }
1263
1264 static void handle_irq_transmit_status(struct b43_wldev *dev)
1265 {
1266         u32 v0, v1;
1267         u16 tmp;
1268         struct b43_txstatus stat;
1269
1270         while (1) {
1271                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1272                 if (!(v0 & 0x00000001))
1273                         break;
1274                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1275
1276                 stat.cookie = (v0 >> 16);
1277                 stat.seq = (v1 & 0x0000FFFF);
1278                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1279                 tmp = (v0 & 0x0000FFFF);
1280                 stat.frame_count = ((tmp & 0xF000) >> 12);
1281                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1282                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1283                 stat.pm_indicated = !!(tmp & 0x0080);
1284                 stat.intermediate = !!(tmp & 0x0040);
1285                 stat.for_ampdu = !!(tmp & 0x0020);
1286                 stat.acked = !!(tmp & 0x0002);
1287
1288                 b43_handle_txstatus(dev, &stat);
1289         }
1290 }
1291
1292 static void drain_txstatus_queue(struct b43_wldev *dev)
1293 {
1294         u32 dummy;
1295
1296         if (dev->dev->core_rev < 5)
1297                 return;
1298         /* Read all entries from the microcode TXstatus FIFO
1299          * and throw them away.
1300          */
1301         while (1) {
1302                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1303                 if (!(dummy & 0x00000001))
1304                         break;
1305                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1306         }
1307 }
1308
1309 static u32 b43_jssi_read(struct b43_wldev *dev)
1310 {
1311         u32 val = 0;
1312
1313         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1314         val <<= 16;
1315         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1316
1317         return val;
1318 }
1319
1320 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1321 {
1322         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1323                         (jssi & 0x0000FFFF));
1324         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1325                         (jssi & 0xFFFF0000) >> 16);
1326 }
1327
1328 static void b43_generate_noise_sample(struct b43_wldev *dev)
1329 {
1330         b43_jssi_write(dev, 0x7F7F7F7F);
1331         b43_write32(dev, B43_MMIO_MACCMD,
1332                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1333 }
1334
1335 static void b43_calculate_link_quality(struct b43_wldev *dev)
1336 {
1337         /* Top half of Link Quality calculation. */
1338
1339         if (dev->phy.type != B43_PHYTYPE_G)
1340                 return;
1341         if (dev->noisecalc.calculation_running)
1342                 return;
1343         dev->noisecalc.calculation_running = true;
1344         dev->noisecalc.nr_samples = 0;
1345
1346         b43_generate_noise_sample(dev);
1347 }
1348
1349 static void handle_irq_noise(struct b43_wldev *dev)
1350 {
1351         struct b43_phy_g *phy = dev->phy.g;
1352         u16 tmp;
1353         u8 noise[4];
1354         u8 i, j;
1355         s32 average;
1356
1357         /* Bottom half of Link Quality calculation. */
1358
1359         if (dev->phy.type != B43_PHYTYPE_G)
1360                 return;
1361
1362         /* Possible race condition: It might be possible that the user
1363          * changed to a different channel in the meantime since we
1364          * started the calculation. We ignore that fact, since it's
1365          * not really that much of a problem. The background noise is
1366          * an estimation only anyway. Slightly wrong results will get damped
1367          * by the averaging of the 8 sample rounds. Additionally the
1368          * value is shortlived. So it will be replaced by the next noise
1369          * calculation round soon. */
1370
1371         B43_WARN_ON(!dev->noisecalc.calculation_running);
1372         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1373         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1374             noise[2] == 0x7F || noise[3] == 0x7F)
1375                 goto generate_new;
1376
1377         /* Get the noise samples. */
1378         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1379         i = dev->noisecalc.nr_samples;
1380         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1385         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1386         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1387         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1388         dev->noisecalc.nr_samples++;
1389         if (dev->noisecalc.nr_samples == 8) {
1390                 /* Calculate the Link Quality by the noise samples. */
1391                 average = 0;
1392                 for (i = 0; i < 8; i++) {
1393                         for (j = 0; j < 4; j++)
1394                                 average += dev->noisecalc.samples[i][j];
1395                 }
1396                 average /= (8 * 4);
1397                 average *= 125;
1398                 average += 64;
1399                 average /= 128;
1400                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1401                 tmp = (tmp / 128) & 0x1F;
1402                 if (tmp >= 8)
1403                         average += 2;
1404                 else
1405                         average -= 25;
1406                 if (tmp == 8)
1407                         average -= 72;
1408                 else
1409                         average -= 48;
1410
1411                 dev->stats.link_noise = average;
1412                 dev->noisecalc.calculation_running = false;
1413                 return;
1414         }
1415 generate_new:
1416         b43_generate_noise_sample(dev);
1417 }
1418
1419 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1420 {
1421         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1422                 ///TODO: PS TBTT
1423         } else {
1424                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1425                         b43_power_saving_ctl_bits(dev, 0);
1426         }
1427         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1428                 dev->dfq_valid = true;
1429 }
1430
1431 static void handle_irq_atim_end(struct b43_wldev *dev)
1432 {
1433         if (dev->dfq_valid) {
1434                 b43_write32(dev, B43_MMIO_MACCMD,
1435                             b43_read32(dev, B43_MMIO_MACCMD)
1436                             | B43_MACCMD_DFQ_VALID);
1437                 dev->dfq_valid = false;
1438         }
1439 }
1440
1441 static void handle_irq_pmq(struct b43_wldev *dev)
1442 {
1443         u32 tmp;
1444
1445         //TODO: AP mode.
1446
1447         while (1) {
1448                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1449                 if (!(tmp & 0x00000008))
1450                         break;
1451         }
1452         /* 16bit write is odd, but correct. */
1453         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1454 }
1455
1456 static void b43_write_template_common(struct b43_wldev *dev,
1457                                       const u8 *data, u16 size,
1458                                       u16 ram_offset,
1459                                       u16 shm_size_offset, u8 rate)
1460 {
1461         u32 i, tmp;
1462         struct b43_plcp_hdr4 plcp;
1463
1464         plcp.data = 0;
1465         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1466         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1467         ram_offset += sizeof(u32);
1468         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1469          * So leave the first two bytes of the next write blank.
1470          */
1471         tmp = (u32) (data[0]) << 16;
1472         tmp |= (u32) (data[1]) << 24;
1473         b43_ram_write(dev, ram_offset, tmp);
1474         ram_offset += sizeof(u32);
1475         for (i = 2; i < size; i += sizeof(u32)) {
1476                 tmp = (u32) (data[i + 0]);
1477                 if (i + 1 < size)
1478                         tmp |= (u32) (data[i + 1]) << 8;
1479                 if (i + 2 < size)
1480                         tmp |= (u32) (data[i + 2]) << 16;
1481                 if (i + 3 < size)
1482                         tmp |= (u32) (data[i + 3]) << 24;
1483                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1484         }
1485         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1486                         size + sizeof(struct b43_plcp_hdr6));
1487 }
1488
1489 /* Check if the use of the antenna that ieee80211 told us to
1490  * use is possible. This will fall back to DEFAULT.
1491  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1492 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1493                                   u8 antenna_nr)
1494 {
1495         u8 antenna_mask;
1496
1497         if (antenna_nr == 0) {
1498                 /* Zero means "use default antenna". That's always OK. */
1499                 return 0;
1500         }
1501
1502         /* Get the mask of available antennas. */
1503         if (dev->phy.gmode)
1504                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1505         else
1506                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1507
1508         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1509                 /* This antenna is not available. Fall back to default. */
1510                 return 0;
1511         }
1512
1513         return antenna_nr;
1514 }
1515
1516 /* Convert a b43 antenna number value to the PHY TX control value. */
1517 static u16 b43_antenna_to_phyctl(int antenna)
1518 {
1519         switch (antenna) {
1520         case B43_ANTENNA0:
1521                 return B43_TXH_PHY_ANT0;
1522         case B43_ANTENNA1:
1523                 return B43_TXH_PHY_ANT1;
1524         case B43_ANTENNA2:
1525                 return B43_TXH_PHY_ANT2;
1526         case B43_ANTENNA3:
1527                 return B43_TXH_PHY_ANT3;
1528         case B43_ANTENNA_AUTO0:
1529         case B43_ANTENNA_AUTO1:
1530                 return B43_TXH_PHY_ANT01AUTO;
1531         }
1532         B43_WARN_ON(1);
1533         return 0;
1534 }
1535
1536 static void b43_write_beacon_template(struct b43_wldev *dev,
1537                                       u16 ram_offset,
1538                                       u16 shm_size_offset)
1539 {
1540         unsigned int i, len, variable_len;
1541         const struct ieee80211_mgmt *bcn;
1542         const u8 *ie;
1543         bool tim_found = false;
1544         unsigned int rate;
1545         u16 ctl;
1546         int antenna;
1547         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1548
1549         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1550         len = min((size_t) dev->wl->current_beacon->len,
1551                   0x200 - sizeof(struct b43_plcp_hdr6));
1552         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1553
1554         b43_write_template_common(dev, (const u8 *)bcn,
1555                                   len, ram_offset, shm_size_offset, rate);
1556
1557         /* Write the PHY TX control parameters. */
1558         antenna = B43_ANTENNA_DEFAULT;
1559         antenna = b43_antenna_to_phyctl(antenna);
1560         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1561         /* We can't send beacons with short preamble. Would get PHY errors. */
1562         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1563         ctl &= ~B43_TXH_PHY_ANT;
1564         ctl &= ~B43_TXH_PHY_ENC;
1565         ctl |= antenna;
1566         if (b43_is_cck_rate(rate))
1567                 ctl |= B43_TXH_PHY_ENC_CCK;
1568         else
1569                 ctl |= B43_TXH_PHY_ENC_OFDM;
1570         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1571
1572         /* Find the position of the TIM and the DTIM_period value
1573          * and write them to SHM. */
1574         ie = bcn->u.beacon.variable;
1575         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1576         for (i = 0; i < variable_len - 2; ) {
1577                 uint8_t ie_id, ie_len;
1578
1579                 ie_id = ie[i];
1580                 ie_len = ie[i + 1];
1581                 if (ie_id == 5) {
1582                         u16 tim_position;
1583                         u16 dtim_period;
1584                         /* This is the TIM Information Element */
1585
1586                         /* Check whether the ie_len is in the beacon data range. */
1587                         if (variable_len < ie_len + 2 + i)
1588                                 break;
1589                         /* A valid TIM is at least 4 bytes long. */
1590                         if (ie_len < 4)
1591                                 break;
1592                         tim_found = true;
1593
1594                         tim_position = sizeof(struct b43_plcp_hdr6);
1595                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1596                         tim_position += i;
1597
1598                         dtim_period = ie[i + 3];
1599
1600                         b43_shm_write16(dev, B43_SHM_SHARED,
1601                                         B43_SHM_SH_TIMBPOS, tim_position);
1602                         b43_shm_write16(dev, B43_SHM_SHARED,
1603                                         B43_SHM_SH_DTIMPER, dtim_period);
1604                         break;
1605                 }
1606                 i += ie_len + 2;
1607         }
1608         if (!tim_found) {
1609                 /*
1610                  * If ucode wants to modify TIM do it behind the beacon, this
1611                  * will happen, for example, when doing mesh networking.
1612                  */
1613                 b43_shm_write16(dev, B43_SHM_SHARED,
1614                                 B43_SHM_SH_TIMBPOS,
1615                                 len + sizeof(struct b43_plcp_hdr6));
1616                 b43_shm_write16(dev, B43_SHM_SHARED,
1617                                 B43_SHM_SH_DTIMPER, 0);
1618         }
1619         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1620 }
1621
1622 static void b43_upload_beacon0(struct b43_wldev *dev)
1623 {
1624         struct b43_wl *wl = dev->wl;
1625
1626         if (wl->beacon0_uploaded)
1627                 return;
1628         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1629         wl->beacon0_uploaded = true;
1630 }
1631
1632 static void b43_upload_beacon1(struct b43_wldev *dev)
1633 {
1634         struct b43_wl *wl = dev->wl;
1635
1636         if (wl->beacon1_uploaded)
1637                 return;
1638         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1639         wl->beacon1_uploaded = true;
1640 }
1641
1642 static void handle_irq_beacon(struct b43_wldev *dev)
1643 {
1644         struct b43_wl *wl = dev->wl;
1645         u32 cmd, beacon0_valid, beacon1_valid;
1646
1647         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1648             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1649             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1650                 return;
1651
1652         /* This is the bottom half of the asynchronous beacon update. */
1653
1654         /* Ignore interrupt in the future. */
1655         dev->irq_mask &= ~B43_IRQ_BEACON;
1656
1657         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1658         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1659         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1660
1661         /* Schedule interrupt manually, if busy. */
1662         if (beacon0_valid && beacon1_valid) {
1663                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1664                 dev->irq_mask |= B43_IRQ_BEACON;
1665                 return;
1666         }
1667
1668         if (unlikely(wl->beacon_templates_virgin)) {
1669                 /* We never uploaded a beacon before.
1670                  * Upload both templates now, but only mark one valid. */
1671                 wl->beacon_templates_virgin = false;
1672                 b43_upload_beacon0(dev);
1673                 b43_upload_beacon1(dev);
1674                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1675                 cmd |= B43_MACCMD_BEACON0_VALID;
1676                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1677         } else {
1678                 if (!beacon0_valid) {
1679                         b43_upload_beacon0(dev);
1680                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1681                         cmd |= B43_MACCMD_BEACON0_VALID;
1682                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1683                 } else if (!beacon1_valid) {
1684                         b43_upload_beacon1(dev);
1685                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1686                         cmd |= B43_MACCMD_BEACON1_VALID;
1687                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1688                 }
1689         }
1690 }
1691
1692 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1693 {
1694         u32 old_irq_mask = dev->irq_mask;
1695
1696         /* update beacon right away or defer to irq */
1697         handle_irq_beacon(dev);
1698         if (old_irq_mask != dev->irq_mask) {
1699                 /* The handler updated the IRQ mask. */
1700                 B43_WARN_ON(!dev->irq_mask);
1701                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1702                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1703                 } else {
1704                         /* Device interrupts are currently disabled. That means
1705                          * we just ran the hardirq handler and scheduled the
1706                          * IRQ thread. The thread will write the IRQ mask when
1707                          * it finished, so there's nothing to do here. Writing
1708                          * the mask _here_ would incorrectly re-enable IRQs. */
1709                 }
1710         }
1711 }
1712
1713 static void b43_beacon_update_trigger_work(struct work_struct *work)
1714 {
1715         struct b43_wl *wl = container_of(work, struct b43_wl,
1716                                          beacon_update_trigger);
1717         struct b43_wldev *dev;
1718
1719         mutex_lock(&wl->mutex);
1720         dev = wl->current_dev;
1721         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1722                 if (b43_bus_host_is_sdio(dev->dev)) {
1723                         /* wl->mutex is enough. */
1724                         b43_do_beacon_update_trigger_work(dev);
1725                         mmiowb();
1726                 } else {
1727                         spin_lock_irq(&wl->hardirq_lock);
1728                         b43_do_beacon_update_trigger_work(dev);
1729                         mmiowb();
1730                         spin_unlock_irq(&wl->hardirq_lock);
1731                 }
1732         }
1733         mutex_unlock(&wl->mutex);
1734 }
1735
1736 /* Asynchronously update the packet templates in template RAM.
1737  * Locking: Requires wl->mutex to be locked. */
1738 static void b43_update_templates(struct b43_wl *wl)
1739 {
1740         struct sk_buff *beacon;
1741
1742         /* This is the top half of the ansynchronous beacon update.
1743          * The bottom half is the beacon IRQ.
1744          * Beacon update must be asynchronous to avoid sending an
1745          * invalid beacon. This can happen for example, if the firmware
1746          * transmits a beacon while we are updating it. */
1747
1748         /* We could modify the existing beacon and set the aid bit in
1749          * the TIM field, but that would probably require resizing and
1750          * moving of data within the beacon template.
1751          * Simply request a new beacon and let mac80211 do the hard work. */
1752         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1753         if (unlikely(!beacon))
1754                 return;
1755
1756         if (wl->current_beacon)
1757                 dev_kfree_skb_any(wl->current_beacon);
1758         wl->current_beacon = beacon;
1759         wl->beacon0_uploaded = false;
1760         wl->beacon1_uploaded = false;
1761         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1762 }
1763
1764 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1765 {
1766         b43_time_lock(dev);
1767         if (dev->dev->core_rev >= 3) {
1768                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1769                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1770         } else {
1771                 b43_write16(dev, 0x606, (beacon_int >> 6));
1772                 b43_write16(dev, 0x610, beacon_int);
1773         }
1774         b43_time_unlock(dev);
1775         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1776 }
1777
1778 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1779 {
1780         u16 reason;
1781
1782         /* Read the register that contains the reason code for the panic. */
1783         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1784         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1785
1786         switch (reason) {
1787         default:
1788                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1789                 /* fallthrough */
1790         case B43_FWPANIC_DIE:
1791                 /* Do not restart the controller or firmware.
1792                  * The device is nonfunctional from now on.
1793                  * Restarting would result in this panic to trigger again,
1794                  * so we avoid that recursion. */
1795                 break;
1796         case B43_FWPANIC_RESTART:
1797                 b43_controller_restart(dev, "Microcode panic");
1798                 break;
1799         }
1800 }
1801
1802 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1803 {
1804         unsigned int i, cnt;
1805         u16 reason, marker_id, marker_line;
1806         __le16 *buf;
1807
1808         /* The proprietary firmware doesn't have this IRQ. */
1809         if (!dev->fw.opensource)
1810                 return;
1811
1812         /* Read the register that contains the reason code for this IRQ. */
1813         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1814
1815         switch (reason) {
1816         case B43_DEBUGIRQ_PANIC:
1817                 b43_handle_firmware_panic(dev);
1818                 break;
1819         case B43_DEBUGIRQ_DUMP_SHM:
1820                 if (!B43_DEBUG)
1821                         break; /* Only with driver debugging enabled. */
1822                 buf = kmalloc(4096, GFP_ATOMIC);
1823                 if (!buf) {
1824                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1825                         goto out;
1826                 }
1827                 for (i = 0; i < 4096; i += 2) {
1828                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1829                         buf[i / 2] = cpu_to_le16(tmp);
1830                 }
1831                 b43info(dev->wl, "Shared memory dump:\n");
1832                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1833                                16, 2, buf, 4096, 1);
1834                 kfree(buf);
1835                 break;
1836         case B43_DEBUGIRQ_DUMP_REGS:
1837                 if (!B43_DEBUG)
1838                         break; /* Only with driver debugging enabled. */
1839                 b43info(dev->wl, "Microcode register dump:\n");
1840                 for (i = 0, cnt = 0; i < 64; i++) {
1841                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1842                         if (cnt == 0)
1843                                 printk(KERN_INFO);
1844                         printk("r%02u: 0x%04X  ", i, tmp);
1845                         cnt++;
1846                         if (cnt == 6) {
1847                                 printk("\n");
1848                                 cnt = 0;
1849                         }
1850                 }
1851                 printk("\n");
1852                 break;
1853         case B43_DEBUGIRQ_MARKER:
1854                 if (!B43_DEBUG)
1855                         break; /* Only with driver debugging enabled. */
1856                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1857                                            B43_MARKER_ID_REG);
1858                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859                                              B43_MARKER_LINE_REG);
1860                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1861                         "at line number %u\n",
1862                         marker_id, marker_line);
1863                 break;
1864         default:
1865                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1866                        reason);
1867         }
1868 out:
1869         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1870         b43_shm_write16(dev, B43_SHM_SCRATCH,
1871                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1872 }
1873
1874 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1875 {
1876         u32 reason;
1877         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1878         u32 merged_dma_reason = 0;
1879         int i;
1880
1881         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1882                 return;
1883
1884         reason = dev->irq_reason;
1885         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1886                 dma_reason[i] = dev->dma_reason[i];
1887                 merged_dma_reason |= dma_reason[i];
1888         }
1889
1890         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1891                 b43err(dev->wl, "MAC transmission error\n");
1892
1893         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1894                 b43err(dev->wl, "PHY transmission error\n");
1895                 rmb();
1896                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1897                         atomic_set(&dev->phy.txerr_cnt,
1898                                    B43_PHY_TX_BADNESS_LIMIT);
1899                         b43err(dev->wl, "Too many PHY TX errors, "
1900                                         "restarting the controller\n");
1901                         b43_controller_restart(dev, "PHY TX errors");
1902                 }
1903         }
1904
1905         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1906                 b43err(dev->wl,
1907                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1908                         dma_reason[0], dma_reason[1],
1909                         dma_reason[2], dma_reason[3],
1910                         dma_reason[4], dma_reason[5]);
1911                 b43err(dev->wl, "This device does not support DMA "
1912                                "on your system. It will now be switched to PIO.\n");
1913                 /* Fall back to PIO transfers if we get fatal DMA errors! */
1914                 dev->use_pio = true;
1915                 b43_controller_restart(dev, "DMA error");
1916                 return;
1917         }
1918
1919         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1920                 handle_irq_ucode_debug(dev);
1921         if (reason & B43_IRQ_TBTT_INDI)
1922                 handle_irq_tbtt_indication(dev);
1923         if (reason & B43_IRQ_ATIM_END)
1924                 handle_irq_atim_end(dev);
1925         if (reason & B43_IRQ_BEACON)
1926                 handle_irq_beacon(dev);
1927         if (reason & B43_IRQ_PMQ)
1928                 handle_irq_pmq(dev);
1929         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1930                 ;/* TODO */
1931         if (reason & B43_IRQ_NOISESAMPLE_OK)
1932                 handle_irq_noise(dev);
1933
1934         /* Check the DMA reason registers for received data. */
1935         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1936                 if (B43_DEBUG)
1937                         b43warn(dev->wl, "RX descriptor underrun\n");
1938                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1939         }
1940         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941                 if (b43_using_pio_transfers(dev))
1942                         b43_pio_rx(dev->pio.rx_queue);
1943                 else
1944                         b43_dma_rx(dev->dma.rx_ring);
1945         }
1946         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952         if (reason & B43_IRQ_TX_OK)
1953                 handle_irq_transmit_status(dev);
1954
1955         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958 #if B43_DEBUG
1959         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960                 dev->irq_count++;
1961                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962                         if (reason & (1 << i))
1963                                 dev->irq_bit_count[i]++;
1964                 }
1965         }
1966 #endif
1967 }
1968
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972         struct b43_wldev *dev = dev_id;
1973
1974         mutex_lock(&dev->wl->mutex);
1975         b43_do_interrupt_thread(dev);
1976         mmiowb();
1977         mutex_unlock(&dev->wl->mutex);
1978
1979         return IRQ_HANDLED;
1980 }
1981
1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984         u32 reason;
1985
1986         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987          * On SDIO, this runs under wl->mutex. */
1988
1989         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990         if (reason == 0xffffffff)       /* shared IRQ */
1991                 return IRQ_NONE;
1992         reason &= dev->irq_mask;
1993         if (!reason)
1994                 return IRQ_NONE;
1995
1996         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997             & 0x0001FC00;
1998         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999             & 0x0000DC00;
2000         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003             & 0x0001DC00;
2004         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005             & 0x0000DC00;
2006 /* Unused ring
2007         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008             & 0x0000DC00;
2009 */
2010
2011         /* ACK the interrupt. */
2012         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021
2022         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024         /* Save the reason bitmasks for the IRQ thread handler. */
2025         dev->irq_reason = reason;
2026
2027         return IRQ_WAKE_THREAD;
2028 }
2029
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033         struct b43_wldev *dev = dev_id;
2034         irqreturn_t ret;
2035
2036         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037                 return IRQ_NONE;
2038
2039         spin_lock(&dev->wl->hardirq_lock);
2040         ret = b43_do_interrupt(dev);
2041         mmiowb();
2042         spin_unlock(&dev->wl->hardirq_lock);
2043
2044         return ret;
2045 }
2046
2047 /* SDIO interrupt handler. This runs in process context. */
2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050         struct b43_wl *wl = dev->wl;
2051         irqreturn_t ret;
2052
2053         mutex_lock(&wl->mutex);
2054
2055         ret = b43_do_interrupt(dev);
2056         if (ret == IRQ_WAKE_THREAD)
2057                 b43_do_interrupt_thread(dev);
2058
2059         mutex_unlock(&wl->mutex);
2060 }
2061
2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064         release_firmware(fw->data);
2065         fw->data = NULL;
2066         fw->filename = NULL;
2067 }
2068
2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071         complete(&dev->fw_load_complete);
2072         b43_do_release_fw(&dev->fw.ucode);
2073         b43_do_release_fw(&dev->fw.pcm);
2074         b43_do_release_fw(&dev->fw.initvals);
2075         b43_do_release_fw(&dev->fw.initvals_band);
2076 }
2077
2078 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2079 {
2080         const char text[] =
2081                 "You must go to " \
2082                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2083                 "and download the correct firmware for this driver version. " \
2084                 "Please carefully read all instructions on this website.\n";
2085
2086         if (error)
2087                 b43err(wl, text);
2088         else
2089                 b43warn(wl, text);
2090 }
2091
2092 static void b43_fw_cb(const struct firmware *firmware, void *context)
2093 {
2094         struct b43_request_fw_context *ctx = context;
2095
2096         ctx->blob = firmware;
2097         complete(&ctx->dev->fw_load_complete);
2098 }
2099
2100 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2101                       const char *name,
2102                       struct b43_firmware_file *fw, bool async)
2103 {
2104         struct b43_fw_header *hdr;
2105         u32 size;
2106         int err;
2107
2108         if (!name) {
2109                 /* Don't fetch anything. Free possibly cached firmware. */
2110                 /* FIXME: We should probably keep it anyway, to save some headache
2111                  * on suspend/resume with multiband devices. */
2112                 b43_do_release_fw(fw);
2113                 return 0;
2114         }
2115         if (fw->filename) {
2116                 if ((fw->type == ctx->req_type) &&
2117                     (strcmp(fw->filename, name) == 0))
2118                         return 0; /* Already have this fw. */
2119                 /* Free the cached firmware first. */
2120                 /* FIXME: We should probably do this later after we successfully
2121                  * got the new fw. This could reduce headache with multiband devices.
2122                  * We could also redesign this to cache the firmware for all possible
2123                  * bands all the time. */
2124                 b43_do_release_fw(fw);
2125         }
2126
2127         switch (ctx->req_type) {
2128         case B43_FWTYPE_PROPRIETARY:
2129                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2130                          "b43%s/%s.fw",
2131                          modparam_fwpostfix, name);
2132                 break;
2133         case B43_FWTYPE_OPENSOURCE:
2134                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2135                          "b43-open%s/%s.fw",
2136                          modparam_fwpostfix, name);
2137                 break;
2138         default:
2139                 B43_WARN_ON(1);
2140                 return -ENOSYS;
2141         }
2142         if (async) {
2143                 /* do this part asynchronously */
2144                 init_completion(&ctx->dev->fw_load_complete);
2145                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2146                                               ctx->dev->dev->dev, GFP_KERNEL,
2147                                               ctx, b43_fw_cb);
2148                 if (err < 0) {
2149                         pr_err("Unable to load firmware\n");
2150                         return err;
2151                 }
2152                 wait_for_completion(&ctx->dev->fw_load_complete);
2153                 if (ctx->blob)
2154                         goto fw_ready;
2155         /* On some ARM systems, the async request will fail, but the next sync
2156          * request works. For this reason, we fall through here
2157          */
2158         }
2159         err = request_firmware(&ctx->blob, ctx->fwname,
2160                                ctx->dev->dev->dev);
2161         if (err == -ENOENT) {
2162                 snprintf(ctx->errors[ctx->req_type],
2163                          sizeof(ctx->errors[ctx->req_type]),
2164                          "Firmware file \"%s\" not found\n",
2165                          ctx->fwname);
2166                 return err;
2167         } else if (err) {
2168                 snprintf(ctx->errors[ctx->req_type],
2169                          sizeof(ctx->errors[ctx->req_type]),
2170                          "Firmware file \"%s\" request failed (err=%d)\n",
2171                          ctx->fwname, err);
2172                 return err;
2173         }
2174 fw_ready:
2175         if (ctx->blob->size < sizeof(struct b43_fw_header))
2176                 goto err_format;
2177         hdr = (struct b43_fw_header *)(ctx->blob->data);
2178         switch (hdr->type) {
2179         case B43_FW_TYPE_UCODE:
2180         case B43_FW_TYPE_PCM:
2181                 size = be32_to_cpu(hdr->size);
2182                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2183                         goto err_format;
2184                 /* fallthrough */
2185         case B43_FW_TYPE_IV:
2186                 if (hdr->ver != 1)
2187                         goto err_format;
2188                 break;
2189         default:
2190                 goto err_format;
2191         }
2192
2193         fw->data = ctx->blob;
2194         fw->filename = name;
2195         fw->type = ctx->req_type;
2196
2197         return 0;
2198
2199 err_format:
2200         snprintf(ctx->errors[ctx->req_type],
2201                  sizeof(ctx->errors[ctx->req_type]),
2202                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2203         release_firmware(ctx->blob);
2204
2205         return -EPROTO;
2206 }
2207
2208 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2209 {
2210         struct b43_wldev *dev = ctx->dev;
2211         struct b43_firmware *fw = &ctx->dev->fw;
2212         const u8 rev = ctx->dev->dev->core_rev;
2213         const char *filename;
2214         u32 tmshigh;
2215         int err;
2216
2217         /* Files for HT and LCN were found by trying one by one */
2218
2219         /* Get microcode */
2220         if ((rev >= 5) && (rev <= 10)) {
2221                 filename = "ucode5";
2222         } else if ((rev >= 11) && (rev <= 12)) {
2223                 filename = "ucode11";
2224         } else if (rev == 13) {
2225                 filename = "ucode13";
2226         } else if (rev == 14) {
2227                 filename = "ucode14";
2228         } else if (rev == 15) {
2229                 filename = "ucode15";
2230         } else {
2231                 switch (dev->phy.type) {
2232                 case B43_PHYTYPE_N:
2233                         if (rev >= 16)
2234                                 filename = "ucode16_mimo";
2235                         else
2236                                 goto err_no_ucode;
2237                         break;
2238                 case B43_PHYTYPE_HT:
2239                         if (rev == 29)
2240                                 filename = "ucode29_mimo";
2241                         else
2242                                 goto err_no_ucode;
2243                         break;
2244                 case B43_PHYTYPE_LCN:
2245                         if (rev == 24)
2246                                 filename = "ucode24_mimo";
2247                         else
2248                                 goto err_no_ucode;
2249                         break;
2250                 default:
2251                         goto err_no_ucode;
2252                 }
2253         }
2254         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2255         if (err)
2256                 goto err_load;
2257
2258         /* Get PCM code */
2259         if ((rev >= 5) && (rev <= 10))
2260                 filename = "pcm5";
2261         else if (rev >= 11)
2262                 filename = NULL;
2263         else
2264                 goto err_no_pcm;
2265         fw->pcm_request_failed = false;
2266         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2267         if (err == -ENOENT) {
2268                 /* We did not find a PCM file? Not fatal, but
2269                  * core rev <= 10 must do without hwcrypto then. */
2270                 fw->pcm_request_failed = true;
2271         } else if (err)
2272                 goto err_load;
2273
2274         /* Get initvals */
2275         switch (dev->phy.type) {
2276         case B43_PHYTYPE_A:
2277                 if ((rev >= 5) && (rev <= 10)) {
2278                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2279                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2280                                 filename = "a0g1initvals5";
2281                         else
2282                                 filename = "a0g0initvals5";
2283                 } else
2284                         goto err_no_initvals;
2285                 break;
2286         case B43_PHYTYPE_G:
2287                 if ((rev >= 5) && (rev <= 10))
2288                         filename = "b0g0initvals5";
2289                 else if (rev >= 13)
2290                         filename = "b0g0initvals13";
2291                 else
2292                         goto err_no_initvals;
2293                 break;
2294         case B43_PHYTYPE_N:
2295                 if (rev >= 16)
2296                         filename = "n0initvals16";
2297                 else if ((rev >= 11) && (rev <= 12))
2298                         filename = "n0initvals11";
2299                 else
2300                         goto err_no_initvals;
2301                 break;
2302         case B43_PHYTYPE_LP:
2303                 if (rev == 13)
2304                         filename = "lp0initvals13";
2305                 else if (rev == 14)
2306                         filename = "lp0initvals14";
2307                 else if (rev >= 15)
2308                         filename = "lp0initvals15";
2309                 else
2310                         goto err_no_initvals;
2311                 break;
2312         case B43_PHYTYPE_HT:
2313                 if (rev == 29)
2314                         filename = "ht0initvals29";
2315                 else
2316                         goto err_no_initvals;
2317                 break;
2318         case B43_PHYTYPE_LCN:
2319                 if (rev == 24)
2320                         filename = "lcn0initvals24";
2321                 else
2322                         goto err_no_initvals;
2323                 break;
2324         default:
2325                 goto err_no_initvals;
2326         }
2327         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2328         if (err)
2329                 goto err_load;
2330
2331         /* Get bandswitch initvals */
2332         switch (dev->phy.type) {
2333         case B43_PHYTYPE_A:
2334                 if ((rev >= 5) && (rev <= 10)) {
2335                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2336                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2337                                 filename = "a0g1bsinitvals5";
2338                         else
2339                                 filename = "a0g0bsinitvals5";
2340                 } else if (rev >= 11)
2341                         filename = NULL;
2342                 else
2343                         goto err_no_initvals;
2344                 break;
2345         case B43_PHYTYPE_G:
2346                 if ((rev >= 5) && (rev <= 10))
2347                         filename = "b0g0bsinitvals5";
2348                 else if (rev >= 11)
2349                         filename = NULL;
2350                 else
2351                         goto err_no_initvals;
2352                 break;
2353         case B43_PHYTYPE_N:
2354                 if (rev >= 16)
2355                         filename = "n0bsinitvals16";
2356                 else if ((rev >= 11) && (rev <= 12))
2357                         filename = "n0bsinitvals11";
2358                 else
2359                         goto err_no_initvals;
2360                 break;
2361         case B43_PHYTYPE_LP:
2362                 if (rev == 13)
2363                         filename = "lp0bsinitvals13";
2364                 else if (rev == 14)
2365                         filename = "lp0bsinitvals14";
2366                 else if (rev >= 15)
2367                         filename = "lp0bsinitvals15";
2368                 else
2369                         goto err_no_initvals;
2370                 break;
2371         case B43_PHYTYPE_HT:
2372                 if (rev == 29)
2373                         filename = "ht0bsinitvals29";
2374                 else
2375                         goto err_no_initvals;
2376                 break;
2377         case B43_PHYTYPE_LCN:
2378                 if (rev == 24)
2379                         filename = "lcn0bsinitvals24";
2380                 else
2381                         goto err_no_initvals;
2382                 break;
2383         default:
2384                 goto err_no_initvals;
2385         }
2386         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2387         if (err)
2388                 goto err_load;
2389
2390         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2391
2392         return 0;
2393
2394 err_no_ucode:
2395         err = ctx->fatal_failure = -EOPNOTSUPP;
2396         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2397                "is required for your device (wl-core rev %u)\n", rev);
2398         goto error;
2399
2400 err_no_pcm:
2401         err = ctx->fatal_failure = -EOPNOTSUPP;
2402         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2403                "is required for your device (wl-core rev %u)\n", rev);
2404         goto error;
2405
2406 err_no_initvals:
2407         err = ctx->fatal_failure = -EOPNOTSUPP;
2408         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2409                "is required for your device (wl-core rev %u)\n", rev);
2410         goto error;
2411
2412 err_load:
2413         /* We failed to load this firmware image. The error message
2414          * already is in ctx->errors. Return and let our caller decide
2415          * what to do. */
2416         goto error;
2417
2418 error:
2419         b43_release_firmware(dev);
2420         return err;
2421 }
2422
2423 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2424 static void b43_one_core_detach(struct b43_bus_dev *dev);
2425 static int b43_rng_init(struct b43_wl *wl);
2426
2427 static void b43_request_firmware(struct work_struct *work)
2428 {
2429         struct b43_wl *wl = container_of(work,
2430                             struct b43_wl, firmware_load);
2431         struct b43_wldev *dev = wl->current_dev;
2432         struct b43_request_fw_context *ctx;
2433         unsigned int i;
2434         int err;
2435         const char *errmsg;
2436
2437         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2438         if (!ctx)
2439                 return;
2440         ctx->dev = dev;
2441
2442         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2443         err = b43_try_request_fw(ctx);
2444         if (!err)
2445                 goto start_ieee80211; /* Successfully loaded it. */
2446         /* Was fw version known? */
2447         if (ctx->fatal_failure)
2448                 goto out;
2449
2450         /* proprietary fw not found, try open source */
2451         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2452         err = b43_try_request_fw(ctx);
2453         if (!err)
2454                 goto start_ieee80211; /* Successfully loaded it. */
2455         if(ctx->fatal_failure)
2456                 goto out;
2457
2458         /* Could not find a usable firmware. Print the errors. */
2459         for (i = 0; i < B43_NR_FWTYPES; i++) {
2460                 errmsg = ctx->errors[i];
2461                 if (strlen(errmsg))
2462                         b43err(dev->wl, "%s", errmsg);
2463         }
2464         b43_print_fw_helptext(dev->wl, 1);
2465         goto out;
2466
2467 start_ieee80211:
2468         wl->hw->queues = B43_QOS_QUEUE_NUM;
2469         if (!modparam_qos || dev->fw.opensource)
2470                 wl->hw->queues = 1;
2471
2472         err = ieee80211_register_hw(wl->hw);
2473         if (err)
2474                 goto err_one_core_detach;
2475         wl->hw_registred = true;
2476         b43_leds_register(wl->current_dev);
2477
2478         /* Register HW RNG driver */
2479         b43_rng_init(wl);
2480
2481         goto out;
2482
2483 err_one_core_detach:
2484         b43_one_core_detach(dev->dev);
2485
2486 out:
2487         kfree(ctx);
2488 }
2489
2490 static int b43_upload_microcode(struct b43_wldev *dev)
2491 {
2492         struct wiphy *wiphy = dev->wl->hw->wiphy;
2493         const size_t hdr_len = sizeof(struct b43_fw_header);
2494         const __be32 *data;
2495         unsigned int i, len;
2496         u16 fwrev, fwpatch, fwdate, fwtime;
2497         u32 tmp, macctl;
2498         int err = 0;
2499
2500         /* Jump the microcode PSM to offset 0 */
2501         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2502         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2503         macctl |= B43_MACCTL_PSM_JMP0;
2504         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2505         /* Zero out all microcode PSM registers and shared memory. */
2506         for (i = 0; i < 64; i++)
2507                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2508         for (i = 0; i < 4096; i += 2)
2509                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2510
2511         /* Upload Microcode. */
2512         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2513         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2514         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2515         for (i = 0; i < len; i++) {
2516                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2517                 udelay(10);
2518         }
2519
2520         if (dev->fw.pcm.data) {
2521                 /* Upload PCM data. */
2522                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2523                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2524                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2525                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2526                 /* No need for autoinc bit in SHM_HW */
2527                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2528                 for (i = 0; i < len; i++) {
2529                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2530                         udelay(10);
2531                 }
2532         }
2533
2534         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2535
2536         /* Start the microcode PSM */
2537         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2538                       B43_MACCTL_PSM_RUN);
2539
2540         /* Wait for the microcode to load and respond */
2541         i = 0;
2542         while (1) {
2543                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2544                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2545                         break;
2546                 i++;
2547                 if (i >= 20) {
2548                         b43err(dev->wl, "Microcode not responding\n");
2549                         b43_print_fw_helptext(dev->wl, 1);
2550                         err = -ENODEV;
2551                         goto error;
2552                 }
2553                 msleep(50);
2554         }
2555         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2556
2557         /* Get and check the revisions. */
2558         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2559         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2560         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2561         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2562
2563         if (fwrev <= 0x128) {
2564                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2565                        "binary drivers older than version 4.x is unsupported. "
2566                        "You must upgrade your firmware files.\n");
2567                 b43_print_fw_helptext(dev->wl, 1);
2568                 err = -EOPNOTSUPP;
2569                 goto error;
2570         }
2571         dev->fw.rev = fwrev;
2572         dev->fw.patch = fwpatch;
2573         if (dev->fw.rev >= 598)
2574                 dev->fw.hdr_format = B43_FW_HDR_598;
2575         else if (dev->fw.rev >= 410)
2576                 dev->fw.hdr_format = B43_FW_HDR_410;
2577         else
2578                 dev->fw.hdr_format = B43_FW_HDR_351;
2579         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2580
2581         dev->qos_enabled = dev->wl->hw->queues > 1;
2582         /* Default to firmware/hardware crypto acceleration. */
2583         dev->hwcrypto_enabled = true;
2584
2585         if (dev->fw.opensource) {
2586                 u16 fwcapa;
2587
2588                 /* Patchlevel info is encoded in the "time" field. */
2589                 dev->fw.patch = fwtime;
2590                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2591                         dev->fw.rev, dev->fw.patch);
2592
2593                 fwcapa = b43_fwcapa_read(dev);
2594                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2595                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2596                         /* Disable hardware crypto and fall back to software crypto. */
2597                         dev->hwcrypto_enabled = false;
2598                 }
2599                 /* adding QoS support should use an offline discovery mechanism */
2600                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2601         } else {
2602                 b43info(dev->wl, "Loading firmware version %u.%u "
2603                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2604                         fwrev, fwpatch,
2605                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2606                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2607                 if (dev->fw.pcm_request_failed) {
2608                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2609                                 "Hardware accelerated cryptography is disabled.\n");
2610                         b43_print_fw_helptext(dev->wl, 0);
2611                 }
2612         }
2613
2614         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2615                         dev->fw.rev, dev->fw.patch);
2616         wiphy->hw_version = dev->dev->core_id;
2617
2618         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2619                 /* We're over the deadline, but we keep support for old fw
2620                  * until it turns out to be in major conflict with something new. */
2621                 b43warn(dev->wl, "You are using an old firmware image. "
2622                         "Support for old firmware will be removed soon "
2623                         "(official deadline was July 2008).\n");
2624                 b43_print_fw_helptext(dev->wl, 0);
2625         }
2626
2627         return 0;
2628
2629 error:
2630         /* Stop the microcode PSM. */
2631         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2632                       B43_MACCTL_PSM_JMP0);
2633
2634         return err;
2635 }
2636
2637 static int b43_write_initvals(struct b43_wldev *dev,
2638                               const struct b43_iv *ivals,
2639                               size_t count,
2640                               size_t array_size)
2641 {
2642         const struct b43_iv *iv;
2643         u16 offset;
2644         size_t i;
2645         bool bit32;
2646
2647         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2648         iv = ivals;
2649         for (i = 0; i < count; i++) {
2650                 if (array_size < sizeof(iv->offset_size))
2651                         goto err_format;
2652                 array_size -= sizeof(iv->offset_size);
2653                 offset = be16_to_cpu(iv->offset_size);
2654                 bit32 = !!(offset & B43_IV_32BIT);
2655                 offset &= B43_IV_OFFSET_MASK;
2656                 if (offset >= 0x1000)
2657                         goto err_format;
2658                 if (bit32) {
2659                         u32 value;
2660
2661                         if (array_size < sizeof(iv->data.d32))
2662                                 goto err_format;
2663                         array_size -= sizeof(iv->data.d32);
2664
2665                         value = get_unaligned_be32(&iv->data.d32);
2666                         b43_write32(dev, offset, value);
2667
2668                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2669                                                         sizeof(__be16) +
2670                                                         sizeof(__be32));
2671                 } else {
2672                         u16 value;
2673
2674                         if (array_size < sizeof(iv->data.d16))
2675                                 goto err_format;
2676                         array_size -= sizeof(iv->data.d16);
2677
2678                         value = be16_to_cpu(iv->data.d16);
2679                         b43_write16(dev, offset, value);
2680
2681                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2682                                                         sizeof(__be16) +
2683                                                         sizeof(__be16));
2684                 }
2685         }
2686         if (array_size)
2687                 goto err_format;
2688
2689         return 0;
2690
2691 err_format:
2692         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2693         b43_print_fw_helptext(dev->wl, 1);
2694
2695         return -EPROTO;
2696 }
2697
2698 static int b43_upload_initvals(struct b43_wldev *dev)
2699 {
2700         const size_t hdr_len = sizeof(struct b43_fw_header);
2701         const struct b43_fw_header *hdr;
2702         struct b43_firmware *fw = &dev->fw;
2703         const struct b43_iv *ivals;
2704         size_t count;
2705         int err;
2706
2707         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2708         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2709         count = be32_to_cpu(hdr->size);
2710         err = b43_write_initvals(dev, ivals, count,
2711                                  fw->initvals.data->size - hdr_len);
2712         if (err)
2713                 goto out;
2714         if (fw->initvals_band.data) {
2715                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2716                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2717                 count = be32_to_cpu(hdr->size);
2718                 err = b43_write_initvals(dev, ivals, count,
2719                                          fw->initvals_band.data->size - hdr_len);
2720                 if (err)
2721                         goto out;
2722         }
2723 out:
2724
2725         return err;
2726 }
2727
2728 /* Initialize the GPIOs
2729  * http://bcm-specs.sipsolutions.net/GPIO
2730  */
2731 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2732 {
2733         struct ssb_bus *bus = dev->dev->sdev->bus;
2734
2735 #ifdef CONFIG_SSB_DRIVER_PCICORE
2736         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2737 #else
2738         return bus->chipco.dev;
2739 #endif
2740 }
2741
2742 static int b43_gpio_init(struct b43_wldev *dev)
2743 {
2744         struct ssb_device *gpiodev;
2745         u32 mask, set;
2746
2747         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2748         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2749
2750         mask = 0x0000001F;
2751         set = 0x0000000F;
2752         if (dev->dev->chip_id == 0x4301) {
2753                 mask |= 0x0060;
2754                 set |= 0x0060;
2755         } else if (dev->dev->chip_id == 0x5354) {
2756                 /* Don't allow overtaking buttons GPIOs */
2757                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2758         }
2759
2760         if (0 /* FIXME: conditional unknown */ ) {
2761                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2762                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2763                             | 0x0100);
2764                 /* BT Coexistance Input */
2765                 mask |= 0x0080;
2766                 set |= 0x0080;
2767                 /* BT Coexistance Out */
2768                 mask |= 0x0100;
2769                 set |= 0x0100;
2770         }
2771         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2772                 /* PA is controlled by gpio 9, let ucode handle it */
2773                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2774                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2775                             | 0x0200);
2776                 mask |= 0x0200;
2777                 set |= 0x0200;
2778         }
2779
2780         switch (dev->dev->bus_type) {
2781 #ifdef CONFIG_B43_BCMA
2782         case B43_BUS_BCMA:
2783                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2784                 break;
2785 #endif
2786 #ifdef CONFIG_B43_SSB
2787         case B43_BUS_SSB:
2788                 gpiodev = b43_ssb_gpio_dev(dev);
2789                 if (gpiodev)
2790                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2791                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2792                                     & ~mask) | set);
2793                 break;
2794 #endif
2795         }
2796
2797         return 0;
2798 }
2799
2800 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2801 static void b43_gpio_cleanup(struct b43_wldev *dev)
2802 {
2803         struct ssb_device *gpiodev;
2804
2805         switch (dev->dev->bus_type) {
2806 #ifdef CONFIG_B43_BCMA
2807         case B43_BUS_BCMA:
2808                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2809                 break;
2810 #endif
2811 #ifdef CONFIG_B43_SSB
2812         case B43_BUS_SSB:
2813                 gpiodev = b43_ssb_gpio_dev(dev);
2814                 if (gpiodev)
2815                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2816                 break;
2817 #endif
2818         }
2819 }
2820
2821 /* http://bcm-specs.sipsolutions.net/EnableMac */
2822 void b43_mac_enable(struct b43_wldev *dev)
2823 {
2824         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2825                 u16 fwstate;
2826
2827                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2828                                          B43_SHM_SH_UCODESTAT);
2829                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2830                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2831                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2832                                "should be suspended, but current state is %u\n",
2833                                fwstate);
2834                 }
2835         }
2836
2837         dev->mac_suspended--;
2838         B43_WARN_ON(dev->mac_suspended < 0);
2839         if (dev->mac_suspended == 0) {
2840                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2841                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2842                             B43_IRQ_MAC_SUSPENDED);
2843                 /* Commit writes */
2844                 b43_read32(dev, B43_MMIO_MACCTL);
2845                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2846                 b43_power_saving_ctl_bits(dev, 0);
2847         }
2848 }
2849
2850 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2851 void b43_mac_suspend(struct b43_wldev *dev)
2852 {
2853         int i;
2854         u32 tmp;
2855
2856         might_sleep();
2857         B43_WARN_ON(dev->mac_suspended < 0);
2858
2859         if (dev->mac_suspended == 0) {
2860                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2861                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2862                 /* force pci to flush the write */
2863                 b43_read32(dev, B43_MMIO_MACCTL);
2864                 for (i = 35; i; i--) {
2865                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2866                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2867                                 goto out;
2868                         udelay(10);
2869                 }
2870                 /* Hm, it seems this will take some time. Use msleep(). */
2871                 for (i = 40; i; i--) {
2872                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2873                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2874                                 goto out;
2875                         msleep(1);
2876                 }
2877                 b43err(dev->wl, "MAC suspend failed\n");
2878         }
2879 out:
2880         dev->mac_suspended++;
2881 }
2882
2883 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2884 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2885 {
2886         u32 tmp;
2887
2888         switch (dev->dev->bus_type) {
2889 #ifdef CONFIG_B43_BCMA
2890         case B43_BUS_BCMA:
2891                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2892                 if (on)
2893                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2894                 else
2895                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2896                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2897                 break;
2898 #endif
2899 #ifdef CONFIG_B43_SSB
2900         case B43_BUS_SSB:
2901                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2902                 if (on)
2903                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2904                 else
2905                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2906                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2907                 break;
2908 #endif
2909         }
2910 }
2911
2912 static void b43_adjust_opmode(struct b43_wldev *dev)
2913 {
2914         struct b43_wl *wl = dev->wl;
2915         u32 ctl;
2916         u16 cfp_pretbtt;
2917
2918         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2919         /* Reset status to STA infrastructure mode. */
2920         ctl &= ~B43_MACCTL_AP;
2921         ctl &= ~B43_MACCTL_KEEP_CTL;
2922         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2923         ctl &= ~B43_MACCTL_KEEP_BAD;
2924         ctl &= ~B43_MACCTL_PROMISC;
2925         ctl &= ~B43_MACCTL_BEACPROMISC;
2926         ctl |= B43_MACCTL_INFRA;
2927
2928         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2929             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2930                 ctl |= B43_MACCTL_AP;
2931         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2932                 ctl &= ~B43_MACCTL_INFRA;
2933
2934         if (wl->filter_flags & FIF_CONTROL)
2935                 ctl |= B43_MACCTL_KEEP_CTL;
2936         if (wl->filter_flags & FIF_FCSFAIL)
2937                 ctl |= B43_MACCTL_KEEP_BAD;
2938         if (wl->filter_flags & FIF_PLCPFAIL)
2939                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2940         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2941                 ctl |= B43_MACCTL_PROMISC;
2942         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2943                 ctl |= B43_MACCTL_BEACPROMISC;
2944
2945         /* Workaround: On old hardware the HW-MAC-address-filter
2946          * doesn't work properly, so always run promisc in filter
2947          * it in software. */
2948         if (dev->dev->core_rev <= 4)
2949                 ctl |= B43_MACCTL_PROMISC;
2950
2951         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2952
2953         cfp_pretbtt = 2;
2954         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2955                 if (dev->dev->chip_id == 0x4306 &&
2956                     dev->dev->chip_rev == 3)
2957                         cfp_pretbtt = 100;
2958                 else
2959                         cfp_pretbtt = 50;
2960         }
2961         b43_write16(dev, 0x612, cfp_pretbtt);
2962
2963         /* FIXME: We don't currently implement the PMQ mechanism,
2964          *        so always disable it. If we want to implement PMQ,
2965          *        we need to enable it here (clear DISCPMQ) in AP mode.
2966          */
2967         if (0  /* ctl & B43_MACCTL_AP */)
2968                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2969         else
2970                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2971 }
2972
2973 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2974 {
2975         u16 offset;
2976
2977         if (is_ofdm) {
2978                 offset = 0x480;
2979                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2980         } else {
2981                 offset = 0x4C0;
2982                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2983         }
2984         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2985                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2986 }
2987
2988 static void b43_rate_memory_init(struct b43_wldev *dev)
2989 {
2990         switch (dev->phy.type) {
2991         case B43_PHYTYPE_A:
2992         case B43_PHYTYPE_G:
2993         case B43_PHYTYPE_N:
2994         case B43_PHYTYPE_LP:
2995         case B43_PHYTYPE_HT:
2996         case B43_PHYTYPE_LCN:
2997                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2998                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2999                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3001                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3002                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3003                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3004                 if (dev->phy.type == B43_PHYTYPE_A)
3005                         break;
3006                 /* fallthrough */
3007         case B43_PHYTYPE_B:
3008                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3009                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3010                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3011                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3012                 break;
3013         default:
3014                 B43_WARN_ON(1);
3015         }
3016 }
3017
3018 /* Set the default values for the PHY TX Control Words. */
3019 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3020 {
3021         u16 ctl = 0;
3022
3023         ctl |= B43_TXH_PHY_ENC_CCK;
3024         ctl |= B43_TXH_PHY_ANT01AUTO;
3025         ctl |= B43_TXH_PHY_TXPWR;
3026
3027         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3028         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3029         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3030 }
3031
3032 /* Set the TX-Antenna for management frames sent by firmware. */
3033 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3034 {
3035         u16 ant;
3036         u16 tmp;
3037
3038         ant = b43_antenna_to_phyctl(antenna);
3039
3040         /* For ACK/CTS */
3041         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3042         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3043         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3044         /* For Probe Resposes */
3045         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3046         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3047         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3048 }
3049
3050 /* This is the opposite of b43_chip_init() */
3051 static void b43_chip_exit(struct b43_wldev *dev)
3052 {
3053         b43_phy_exit(dev);
3054         b43_gpio_cleanup(dev);
3055         /* firmware is released later */
3056 }
3057
3058 /* Initialize the chip
3059  * http://bcm-specs.sipsolutions.net/ChipInit
3060  */
3061 static int b43_chip_init(struct b43_wldev *dev)
3062 {
3063         struct b43_phy *phy = &dev->phy;
3064         int err;
3065         u32 macctl;
3066         u16 value16;
3067
3068         /* Initialize the MAC control */
3069         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3070         if (dev->phy.gmode)
3071                 macctl |= B43_MACCTL_GMODE;
3072         macctl |= B43_MACCTL_INFRA;
3073         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3074
3075         err = b43_upload_microcode(dev);
3076         if (err)
3077                 goto out;       /* firmware is released later */
3078
3079         err = b43_gpio_init(dev);
3080         if (err)
3081                 goto out;       /* firmware is released later */
3082
3083         err = b43_upload_initvals(dev);
3084         if (err)
3085                 goto err_gpio_clean;
3086
3087         /* Turn the Analog on and initialize the PHY. */
3088         phy->ops->switch_analog(dev, 1);
3089         err = b43_phy_init(dev);
3090         if (err)
3091                 goto err_gpio_clean;
3092
3093         /* Disable Interference Mitigation. */
3094         if (phy->ops->interf_mitigation)
3095                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3096
3097         /* Select the antennae */
3098         if (phy->ops->set_rx_antenna)
3099                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3100         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3101
3102         if (phy->type == B43_PHYTYPE_B) {
3103                 value16 = b43_read16(dev, 0x005E);
3104                 value16 |= 0x0004;
3105                 b43_write16(dev, 0x005E, value16);
3106         }
3107         b43_write32(dev, 0x0100, 0x01000000);
3108         if (dev->dev->core_rev < 5)
3109                 b43_write32(dev, 0x010C, 0x01000000);
3110
3111         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3112         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3113
3114         /* Probe Response Timeout value */
3115         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3116         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3117
3118         /* Initially set the wireless operation mode. */
3119         b43_adjust_opmode(dev);
3120
3121         if (dev->dev->core_rev < 3) {
3122                 b43_write16(dev, 0x060E, 0x0000);
3123                 b43_write16(dev, 0x0610, 0x8000);
3124                 b43_write16(dev, 0x0604, 0x0000);
3125                 b43_write16(dev, 0x0606, 0x0200);
3126         } else {
3127                 b43_write32(dev, 0x0188, 0x80000000);
3128                 b43_write32(dev, 0x018C, 0x02000000);
3129         }
3130         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3131         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3132         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3133         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3134         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3135         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3136         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3137
3138         b43_mac_phy_clock_set(dev, true);
3139
3140         switch (dev->dev->bus_type) {
3141 #ifdef CONFIG_B43_BCMA
3142         case B43_BUS_BCMA:
3143                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3144                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3145                 break;
3146 #endif
3147 #ifdef CONFIG_B43_SSB
3148         case B43_BUS_SSB:
3149                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3150                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3151                 break;
3152 #endif
3153         }
3154
3155         err = 0;
3156         b43dbg(dev->wl, "Chip initialized\n");
3157 out:
3158         return err;
3159
3160 err_gpio_clean:
3161         b43_gpio_cleanup(dev);
3162         return err;
3163 }
3164
3165 static void b43_periodic_every60sec(struct b43_wldev *dev)
3166 {
3167         const struct b43_phy_operations *ops = dev->phy.ops;
3168
3169         if (ops->pwork_60sec)
3170                 ops->pwork_60sec(dev);
3171
3172         /* Force check the TX power emission now. */
3173         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3174 }
3175
3176 static void b43_periodic_every30sec(struct b43_wldev *dev)
3177 {
3178         /* Update device statistics. */
3179         b43_calculate_link_quality(dev);
3180 }
3181
3182 static void b43_periodic_every15sec(struct b43_wldev *dev)
3183 {
3184         struct b43_phy *phy = &dev->phy;
3185         u16 wdr;
3186
3187         if (dev->fw.opensource) {
3188                 /* Check if the firmware is still alive.
3189                  * It will reset the watchdog counter to 0 in its idle loop. */
3190                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3191                 if (unlikely(wdr)) {
3192                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3193                         b43_controller_restart(dev, "Firmware watchdog");
3194                         return;
3195                 } else {
3196                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3197                                         B43_WATCHDOG_REG, 1);
3198                 }
3199         }
3200
3201         if (phy->ops->pwork_15sec)
3202                 phy->ops->pwork_15sec(dev);
3203
3204         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3205         wmb();
3206
3207 #if B43_DEBUG
3208         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3209                 unsigned int i;
3210
3211                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3212                        dev->irq_count / 15,
3213                        dev->tx_count / 15,
3214                        dev->rx_count / 15);
3215                 dev->irq_count = 0;
3216                 dev->tx_count = 0;
3217                 dev->rx_count = 0;
3218                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3219                         if (dev->irq_bit_count[i]) {
3220                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3221                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3222                                 dev->irq_bit_count[i] = 0;
3223                         }
3224                 }
3225         }
3226 #endif
3227 }
3228
3229 static void do_periodic_work(struct b43_wldev *dev)
3230 {
3231         unsigned int state;
3232
3233         state = dev->periodic_state;
3234         if (state % 4 == 0)
3235                 b43_periodic_every60sec(dev);
3236         if (state % 2 == 0)
3237                 b43_periodic_every30sec(dev);
3238         b43_periodic_every15sec(dev);
3239 }
3240
3241 /* Periodic work locking policy:
3242  *      The whole periodic work handler is protected by
3243  *      wl->mutex. If another lock is needed somewhere in the
3244  *      pwork callchain, it's acquired in-place, where it's needed.
3245  */
3246 static void b43_periodic_work_handler(struct work_struct *work)
3247 {
3248         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3249                                              periodic_work.work);
3250         struct b43_wl *wl = dev->wl;
3251         unsigned long delay;
3252
3253         mutex_lock(&wl->mutex);
3254
3255         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3256                 goto out;
3257         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3258                 goto out_requeue;
3259
3260         do_periodic_work(dev);
3261
3262         dev->periodic_state++;
3263 out_requeue:
3264         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3265                 delay = msecs_to_jiffies(50);
3266         else
3267                 delay = round_jiffies_relative(HZ * 15);
3268         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3269 out:
3270         mutex_unlock(&wl->mutex);
3271 }
3272
3273 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3274 {
3275         struct delayed_work *work = &dev->periodic_work;
3276
3277         dev->periodic_state = 0;
3278         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3279         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3280 }
3281
3282 /* Check if communication with the device works correctly. */
3283 static int b43_validate_chipaccess(struct b43_wldev *dev)
3284 {
3285         u32 v, backup0, backup4;
3286
3287         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3288         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3289
3290         /* Check for read/write and endianness problems. */
3291         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3292         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3293                 goto error;
3294         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3295         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3296                 goto error;
3297
3298         /* Check if unaligned 32bit SHM_SHARED access works properly.
3299          * However, don't bail out on failure, because it's noncritical. */
3300         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3301         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3302         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3303         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3304         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3305                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3306         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3307         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3308             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3309             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3310             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3311                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3312
3313         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3314         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3315
3316         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3317                 /* The 32bit register shadows the two 16bit registers
3318                  * with update sideeffects. Validate this. */
3319                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3320                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3321                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3322                         goto error;
3323                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3324                         goto error;
3325         }
3326         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3327
3328         v = b43_read32(dev, B43_MMIO_MACCTL);
3329         v |= B43_MACCTL_GMODE;
3330         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3331                 goto error;
3332
3333         return 0;
3334 error:
3335         b43err(dev->wl, "Failed to validate the chipaccess\n");
3336         return -ENODEV;
3337 }
3338
3339 static void b43_security_init(struct b43_wldev *dev)
3340 {
3341         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3342         /* KTP is a word address, but we address SHM bytewise.
3343          * So multiply by two.
3344          */
3345         dev->ktp *= 2;
3346         /* Number of RCMTA address slots */
3347         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3348         /* Clear the key memory. */
3349         b43_clear_keys(dev);
3350 }
3351
3352 #ifdef CONFIG_B43_HWRNG
3353 static int b43_rng_read(struct hwrng *rng, u32 *data)
3354 {
3355         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3356         struct b43_wldev *dev;
3357         int count = -ENODEV;
3358
3359         mutex_lock(&wl->mutex);
3360         dev = wl->current_dev;
3361         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3362                 *data = b43_read16(dev, B43_MMIO_RNG);
3363                 count = sizeof(u16);
3364         }
3365         mutex_unlock(&wl->mutex);
3366
3367         return count;
3368 }
3369 #endif /* CONFIG_B43_HWRNG */
3370
3371 static void b43_rng_exit(struct b43_wl *wl)
3372 {
3373 #ifdef CONFIG_B43_HWRNG
3374         if (wl->rng_initialized)
3375                 hwrng_unregister(&wl->rng);
3376 #endif /* CONFIG_B43_HWRNG */
3377 }
3378
3379 static int b43_rng_init(struct b43_wl *wl)
3380 {
3381         int err = 0;
3382
3383 #ifdef CONFIG_B43_HWRNG
3384         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3385                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3386         wl->rng.name = wl->rng_name;
3387         wl->rng.data_read = b43_rng_read;
3388         wl->rng.priv = (unsigned long)wl;
3389         wl->rng_initialized = true;
3390         err = hwrng_register(&wl->rng);
3391         if (err) {
3392                 wl->rng_initialized = false;
3393                 b43err(wl, "Failed to register the random "
3394                        "number generator (%d)\n", err);
3395         }
3396 #endif /* CONFIG_B43_HWRNG */
3397
3398         return err;
3399 }
3400
3401 static void b43_tx_work(struct work_struct *work)
3402 {
3403         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3404         struct b43_wldev *dev;
3405         struct sk_buff *skb;
3406         int queue_num;
3407         int err = 0;
3408
3409         mutex_lock(&wl->mutex);
3410         dev = wl->current_dev;
3411         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3412                 mutex_unlock(&wl->mutex);
3413                 return;
3414         }
3415
3416         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3417                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3418                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3419                         if (b43_using_pio_transfers(dev))
3420                                 err = b43_pio_tx(dev, skb);
3421                         else
3422                                 err = b43_dma_tx(dev, skb);
3423                         if (err == -ENOSPC) {
3424                                 wl->tx_queue_stopped[queue_num] = 1;
3425                                 ieee80211_stop_queue(wl->hw, queue_num);
3426                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3427                                 break;
3428                         }
3429                         if (unlikely(err))
3430                                 ieee80211_free_txskb(wl->hw, skb);
3431                         err = 0;
3432                 }
3433
3434                 if (!err)
3435                         wl->tx_queue_stopped[queue_num] = 0;
3436         }
3437
3438 #if B43_DEBUG
3439         dev->tx_count++;
3440 #endif
3441         mutex_unlock(&wl->mutex);
3442 }
3443
3444 static void b43_op_tx(struct ieee80211_hw *hw,
3445                       struct ieee80211_tx_control *control,
3446                       struct sk_buff *skb)
3447 {
3448         struct b43_wl *wl = hw_to_b43_wl(hw);
3449
3450         if (unlikely(skb->len < 2 + 2 + 6)) {
3451                 /* Too short, this can't be a valid frame. */
3452                 ieee80211_free_txskb(hw, skb);
3453                 return;
3454         }
3455         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3456
3457         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3458         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3459                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3460         } else {
3461                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3462         }
3463 }
3464
3465 static void b43_qos_params_upload(struct b43_wldev *dev,
3466                                   const struct ieee80211_tx_queue_params *p,
3467                                   u16 shm_offset)
3468 {
3469         u16 params[B43_NR_QOSPARAMS];
3470         int bslots, tmp;
3471         unsigned int i;
3472
3473         if (!dev->qos_enabled)
3474                 return;
3475
3476         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3477
3478         memset(&params, 0, sizeof(params));
3479
3480         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3481         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3482         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3483         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3484         params[B43_QOSPARAM_AIFS] = p->aifs;
3485         params[B43_QOSPARAM_BSLOTS] = bslots;
3486         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3487
3488         for (i = 0; i < ARRAY_SIZE(params); i++) {
3489                 if (i == B43_QOSPARAM_STATUS) {
3490                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3491                                              shm_offset + (i * 2));
3492                         /* Mark the parameters as updated. */
3493                         tmp |= 0x100;
3494                         b43_shm_write16(dev, B43_SHM_SHARED,
3495                                         shm_offset + (i * 2),
3496                                         tmp);
3497                 } else {
3498                         b43_shm_write16(dev, B43_SHM_SHARED,
3499                                         shm_offset + (i * 2),
3500                                         params[i]);
3501                 }
3502         }
3503 }
3504
3505 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3506 static const u16 b43_qos_shm_offsets[] = {
3507         /* [mac80211-queue-nr] = SHM_OFFSET, */
3508         [0] = B43_QOS_VOICE,
3509         [1] = B43_QOS_VIDEO,
3510         [2] = B43_QOS_BESTEFFORT,
3511         [3] = B43_QOS_BACKGROUND,
3512 };
3513
3514 /* Update all QOS parameters in hardware. */
3515 static void b43_qos_upload_all(struct b43_wldev *dev)
3516 {
3517         struct b43_wl *wl = dev->wl;
3518         struct b43_qos_params *params;
3519         unsigned int i;
3520
3521         if (!dev->qos_enabled)
3522                 return;
3523
3524         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3525                      ARRAY_SIZE(wl->qos_params));
3526
3527         b43_mac_suspend(dev);
3528         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3529                 params = &(wl->qos_params[i]);
3530                 b43_qos_params_upload(dev, &(params->p),
3531                                       b43_qos_shm_offsets[i]);
3532         }
3533         b43_mac_enable(dev);
3534 }
3535
3536 static void b43_qos_clear(struct b43_wl *wl)
3537 {
3538         struct b43_qos_params *params;
3539         unsigned int i;
3540
3541         /* Initialize QoS parameters to sane defaults. */
3542
3543         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3544                      ARRAY_SIZE(wl->qos_params));
3545
3546         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3547                 params = &(wl->qos_params[i]);
3548
3549                 switch (b43_qos_shm_offsets[i]) {
3550                 case B43_QOS_VOICE:
3551                         params->p.txop = 0;
3552                         params->p.aifs = 2;
3553                         params->p.cw_min = 0x0001;
3554                         params->p.cw_max = 0x0001;
3555                         break;
3556                 case B43_QOS_VIDEO:
3557                         params->p.txop = 0;
3558                         params->p.aifs = 2;
3559                         params->p.cw_min = 0x0001;
3560                         params->p.cw_max = 0x0001;
3561                         break;
3562                 case B43_QOS_BESTEFFORT:
3563                         params->p.txop = 0;
3564                         params->p.aifs = 3;
3565                         params->p.cw_min = 0x0001;
3566                         params->p.cw_max = 0x03FF;
3567                         break;
3568                 case B43_QOS_BACKGROUND:
3569                         params->p.txop = 0;
3570                         params->p.aifs = 7;
3571                         params->p.cw_min = 0x0001;
3572                         params->p.cw_max = 0x03FF;
3573                         break;
3574                 default:
3575                         B43_WARN_ON(1);
3576                 }
3577         }
3578 }
3579
3580 /* Initialize the core's QOS capabilities */
3581 static void b43_qos_init(struct b43_wldev *dev)
3582 {
3583         if (!dev->qos_enabled) {
3584                 /* Disable QOS support. */
3585                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3586                 b43_write16(dev, B43_MMIO_IFSCTL,
3587                             b43_read16(dev, B43_MMIO_IFSCTL)
3588                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3589                 b43dbg(dev->wl, "QoS disabled\n");
3590                 return;
3591         }
3592
3593         /* Upload the current QOS parameters. */
3594         b43_qos_upload_all(dev);
3595
3596         /* Enable QOS support. */
3597         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3598         b43_write16(dev, B43_MMIO_IFSCTL,
3599                     b43_read16(dev, B43_MMIO_IFSCTL)
3600                     | B43_MMIO_IFSCTL_USE_EDCF);
3601         b43dbg(dev->wl, "QoS enabled\n");
3602 }
3603
3604 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3605                           struct ieee80211_vif *vif, u16 _queue,
3606                           const struct ieee80211_tx_queue_params *params)
3607 {
3608         struct b43_wl *wl = hw_to_b43_wl(hw);
3609         struct b43_wldev *dev;
3610         unsigned int queue = (unsigned int)_queue;
3611         int err = -ENODEV;
3612
3613         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3614                 /* Queue not available or don't support setting
3615                  * params on this queue. Return success to not
3616                  * confuse mac80211. */
3617                 return 0;
3618         }
3619         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3620                      ARRAY_SIZE(wl->qos_params));
3621
3622         mutex_lock(&wl->mutex);
3623         dev = wl->current_dev;
3624         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3625                 goto out_unlock;
3626
3627         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3628         b43_mac_suspend(dev);
3629         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3630                               b43_qos_shm_offsets[queue]);
3631         b43_mac_enable(dev);
3632         err = 0;
3633
3634 out_unlock:
3635         mutex_unlock(&wl->mutex);
3636
3637         return err;
3638 }
3639
3640 static int b43_op_get_stats(struct ieee80211_hw *hw,
3641                             struct ieee80211_low_level_stats *stats)
3642 {
3643         struct b43_wl *wl = hw_to_b43_wl(hw);
3644
3645         mutex_lock(&wl->mutex);
3646         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3647         mutex_unlock(&wl->mutex);
3648
3649         return 0;
3650 }
3651
3652 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3653 {
3654         struct b43_wl *wl = hw_to_b43_wl(hw);
3655         struct b43_wldev *dev;
3656         u64 tsf;
3657
3658         mutex_lock(&wl->mutex);
3659         dev = wl->current_dev;
3660
3661         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3662                 b43_tsf_read(dev, &tsf);
3663         else
3664                 tsf = 0;
3665
3666         mutex_unlock(&wl->mutex);
3667
3668         return tsf;
3669 }
3670
3671 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3672                            struct ieee80211_vif *vif, u64 tsf)
3673 {
3674         struct b43_wl *wl = hw_to_b43_wl(hw);
3675         struct b43_wldev *dev;
3676
3677         mutex_lock(&wl->mutex);
3678         dev = wl->current_dev;
3679
3680         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3681                 b43_tsf_write(dev, tsf);
3682
3683         mutex_unlock(&wl->mutex);
3684 }
3685
3686 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3687 {
3688         u32 tmp;
3689
3690         switch (dev->dev->bus_type) {
3691 #ifdef CONFIG_B43_BCMA
3692         case B43_BUS_BCMA:
3693                 b43err(dev->wl,
3694                        "Putting PHY into reset not supported on BCMA\n");
3695                 break;
3696 #endif
3697 #ifdef CONFIG_B43_SSB
3698         case B43_BUS_SSB:
3699                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3700                 tmp &= ~B43_TMSLOW_GMODE;
3701                 tmp |= B43_TMSLOW_PHYRESET;
3702                 tmp |= SSB_TMSLOW_FGC;
3703                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3704                 msleep(1);
3705
3706                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3707                 tmp &= ~SSB_TMSLOW_FGC;
3708                 tmp |= B43_TMSLOW_PHYRESET;
3709                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3710                 msleep(1);
3711
3712                 break;
3713 #endif
3714         }
3715 }
3716
3717 static const char *band_to_string(enum ieee80211_band band)
3718 {
3719         switch (band) {
3720         case IEEE80211_BAND_5GHZ:
3721                 return "5";
3722         case IEEE80211_BAND_2GHZ:
3723                 return "2.4";
3724         default:
3725                 break;
3726         }
3727         B43_WARN_ON(1);
3728         return "";
3729 }
3730
3731 /* Expects wl->mutex locked */
3732 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3733 {
3734         struct b43_wldev *up_dev = NULL;
3735         struct b43_wldev *down_dev;
3736         struct b43_wldev *d;
3737         int err;
3738         bool uninitialized_var(gmode);
3739         int prev_status;
3740
3741         /* Find a device and PHY which supports the band. */
3742         list_for_each_entry(d, &wl->devlist, list) {
3743                 switch (chan->band) {
3744                 case IEEE80211_BAND_5GHZ:
3745                         if (d->phy.supports_5ghz) {
3746                                 up_dev = d;
3747                                 gmode = false;
3748                         }
3749                         break;
3750                 case IEEE80211_BAND_2GHZ:
3751                         if (d->phy.supports_2ghz) {
3752                                 up_dev = d;
3753                                 gmode = true;
3754                         }
3755                         break;
3756                 default:
3757                         B43_WARN_ON(1);
3758                         return -EINVAL;
3759                 }
3760                 if (up_dev)
3761                         break;
3762         }
3763         if (!up_dev) {
3764                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3765                        band_to_string(chan->band));
3766                 return -ENODEV;
3767         }
3768         if ((up_dev == wl->current_dev) &&
3769             (!!wl->current_dev->phy.gmode == !!gmode)) {
3770                 /* This device is already running. */
3771                 return 0;
3772         }
3773         b43dbg(wl, "Switching to %s-GHz band\n",
3774                band_to_string(chan->band));
3775         down_dev = wl->current_dev;
3776
3777         prev_status = b43_status(down_dev);
3778         /* Shutdown the currently running core. */
3779         if (prev_status >= B43_STAT_STARTED)
3780                 down_dev = b43_wireless_core_stop(down_dev);
3781         if (prev_status >= B43_STAT_INITIALIZED)
3782                 b43_wireless_core_exit(down_dev);
3783
3784         if (down_dev != up_dev) {
3785                 /* We switch to a different core, so we put PHY into
3786                  * RESET on the old core. */
3787                 b43_put_phy_into_reset(down_dev);
3788         }
3789
3790         /* Now start the new core. */
3791         up_dev->phy.gmode = gmode;
3792         if (prev_status >= B43_STAT_INITIALIZED) {
3793                 err = b43_wireless_core_init(up_dev);
3794                 if (err) {
3795                         b43err(wl, "Fatal: Could not initialize device for "
3796                                "selected %s-GHz band\n",
3797                                band_to_string(chan->band));
3798                         goto init_failure;
3799                 }
3800         }
3801         if (prev_status >= B43_STAT_STARTED) {
3802                 err = b43_wireless_core_start(up_dev);
3803                 if (err) {
3804                         b43err(wl, "Fatal: Could not start device for "
3805                                "selected %s-GHz band\n",
3806                                band_to_string(chan->band));
3807                         b43_wireless_core_exit(up_dev);
3808                         goto init_failure;
3809                 }
3810         }
3811         B43_WARN_ON(b43_status(up_dev) != prev_status);
3812
3813         wl->current_dev = up_dev;
3814
3815         return 0;
3816 init_failure:
3817         /* Whoops, failed to init the new core. No core is operating now. */
3818         wl->current_dev = NULL;
3819         return err;
3820 }
3821
3822 /* Write the short and long frame retry limit values. */
3823 static void b43_set_retry_limits(struct b43_wldev *dev,
3824                                  unsigned int short_retry,
3825                                  unsigned int long_retry)
3826 {
3827         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3828          * the chip-internal counter. */
3829         short_retry = min(short_retry, (unsigned int)0xF);
3830         long_retry = min(long_retry, (unsigned int)0xF);
3831
3832         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3833                         short_retry);
3834         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3835                         long_retry);
3836 }
3837
3838 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3839 {
3840         struct b43_wl *wl = hw_to_b43_wl(hw);
3841         struct b43_wldev *dev;
3842         struct b43_phy *phy;
3843         struct ieee80211_conf *conf = &hw->conf;
3844         int antenna;
3845         int err = 0;
3846         bool reload_bss = false;
3847
3848         mutex_lock(&wl->mutex);
3849
3850         dev = wl->current_dev;
3851
3852         /* Switch the band (if necessary). This might change the active core. */
3853         err = b43_switch_band(wl, conf->chandef.chan);
3854         if (err)
3855                 goto out_unlock_mutex;
3856
3857         /* Need to reload all settings if the core changed */
3858         if (dev != wl->current_dev) {
3859                 dev = wl->current_dev;
3860                 changed = ~0;
3861                 reload_bss = true;
3862         }
3863
3864         phy = &dev->phy;
3865
3866         if (conf_is_ht(conf))
3867                 phy->is_40mhz =
3868                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3869         else
3870                 phy->is_40mhz = false;
3871
3872         b43_mac_suspend(dev);
3873
3874         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3875                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3876                                           conf->long_frame_max_tx_count);
3877         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3878         if (!changed)
3879                 goto out_mac_enable;
3880
3881         /* Switch to the requested channel.
3882          * The firmware takes care of races with the TX handler. */
3883         if (conf->chandef.chan->hw_value != phy->channel)
3884                 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3885
3886         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3887
3888         /* Adjust the desired TX power level. */
3889         if (conf->power_level != 0) {
3890                 if (conf->power_level != phy->desired_txpower) {
3891                         phy->desired_txpower = conf->power_level;
3892                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3893                                                    B43_TXPWR_IGNORE_TSSI);
3894                 }
3895         }
3896
3897         /* Antennas for RX and management frame TX. */
3898         antenna = B43_ANTENNA_DEFAULT;
3899         b43_mgmtframe_txantenna(dev, antenna);
3900         antenna = B43_ANTENNA_DEFAULT;
3901         if (phy->ops->set_rx_antenna)
3902                 phy->ops->set_rx_antenna(dev, antenna);
3903
3904         if (wl->radio_enabled != phy->radio_on) {
3905                 if (wl->radio_enabled) {
3906                         b43_software_rfkill(dev, false);
3907                         b43info(dev->wl, "Radio turned on by software\n");
3908                         if (!dev->radio_hw_enable) {
3909                                 b43info(dev->wl, "The hardware RF-kill button "
3910                                         "still turns the radio physically off. "
3911                                         "Press the button to turn it on.\n");
3912                         }
3913                 } else {
3914                         b43_software_rfkill(dev, true);
3915                         b43info(dev->wl, "Radio turned off by software\n");
3916                 }
3917         }
3918
3919 out_mac_enable:
3920         b43_mac_enable(dev);
3921 out_unlock_mutex:
3922         mutex_unlock(&wl->mutex);
3923
3924         if (wl->vif && reload_bss)
3925                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3926
3927         return err;
3928 }
3929
3930 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3931 {
3932         struct ieee80211_supported_band *sband =
3933                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3934         struct ieee80211_rate *rate;
3935         int i;
3936         u16 basic, direct, offset, basic_offset, rateptr;
3937
3938         for (i = 0; i < sband->n_bitrates; i++) {
3939                 rate = &sband->bitrates[i];
3940
3941                 if (b43_is_cck_rate(rate->hw_value)) {
3942                         direct = B43_SHM_SH_CCKDIRECT;
3943                         basic = B43_SHM_SH_CCKBASIC;
3944                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3945                         offset &= 0xF;
3946                 } else {
3947                         direct = B43_SHM_SH_OFDMDIRECT;
3948                         basic = B43_SHM_SH_OFDMBASIC;
3949                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3950                         offset &= 0xF;
3951                 }
3952
3953                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3954
3955                 if (b43_is_cck_rate(rate->hw_value)) {
3956                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3957                         basic_offset &= 0xF;
3958                 } else {
3959                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3960                         basic_offset &= 0xF;
3961                 }
3962
3963                 /*
3964                  * Get the pointer that we need to point to
3965                  * from the direct map
3966                  */
3967                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3968                                          direct + 2 * basic_offset);
3969                 /* and write it to the basic map */
3970                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3971                                 rateptr);
3972         }
3973 }
3974
3975 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3976                                     struct ieee80211_vif *vif,
3977                                     struct ieee80211_bss_conf *conf,
3978                                     u32 changed)
3979 {
3980         struct b43_wl *wl = hw_to_b43_wl(hw);
3981         struct b43_wldev *dev;
3982
3983         mutex_lock(&wl->mutex);
3984
3985         dev = wl->current_dev;
3986         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3987                 goto out_unlock_mutex;
3988
3989         B43_WARN_ON(wl->vif != vif);
3990
3991         if (changed & BSS_CHANGED_BSSID) {
3992                 if (conf->bssid)
3993                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3994                 else
3995                         memset(wl->bssid, 0, ETH_ALEN);
3996         }
3997
3998         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3999                 if (changed & BSS_CHANGED_BEACON &&
4000                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4001                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4002                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4003                         b43_update_templates(wl);
4004
4005                 if (changed & BSS_CHANGED_BSSID)
4006                         b43_write_mac_bssid_templates(dev);
4007         }
4008
4009         b43_mac_suspend(dev);
4010
4011         /* Update templates for AP/mesh mode. */
4012         if (changed & BSS_CHANGED_BEACON_INT &&
4013             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4014              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4015              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4016             conf->beacon_int)
4017                 b43_set_beacon_int(dev, conf->beacon_int);
4018
4019         if (changed & BSS_CHANGED_BASIC_RATES)
4020                 b43_update_basic_rates(dev, conf->basic_rates);
4021
4022         if (changed & BSS_CHANGED_ERP_SLOT) {
4023                 if (conf->use_short_slot)
4024                         b43_short_slot_timing_enable(dev);
4025                 else
4026                         b43_short_slot_timing_disable(dev);
4027         }
4028
4029         b43_mac_enable(dev);
4030 out_unlock_mutex:
4031         mutex_unlock(&wl->mutex);
4032 }
4033
4034 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4035                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4036                           struct ieee80211_key_conf *key)
4037 {
4038         struct b43_wl *wl = hw_to_b43_wl(hw);
4039         struct b43_wldev *dev;
4040         u8 algorithm;
4041         u8 index;
4042         int err;
4043         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4044
4045         if (modparam_nohwcrypt)
4046                 return -ENOSPC; /* User disabled HW-crypto */
4047
4048         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4049              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4050             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4051              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4052             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4053                 /*
4054                  * For now, disable hw crypto for the RSN IBSS group keys. This
4055                  * could be optimized in the future, but until that gets
4056                  * implemented, use of software crypto for group addressed
4057                  * frames is a acceptable to allow RSN IBSS to be used.
4058                  */
4059                 return -EOPNOTSUPP;
4060         }
4061
4062         mutex_lock(&wl->mutex);
4063
4064         dev = wl->current_dev;
4065         err = -ENODEV;
4066         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4067                 goto out_unlock;
4068
4069         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4070                 /* We don't have firmware for the crypto engine.
4071                  * Must use software-crypto. */
4072                 err = -EOPNOTSUPP;
4073                 goto out_unlock;
4074         }
4075
4076         err = -EINVAL;
4077         switch (key->cipher) {
4078         case WLAN_CIPHER_SUITE_WEP40:
4079                 algorithm = B43_SEC_ALGO_WEP40;
4080                 break;
4081         case WLAN_CIPHER_SUITE_WEP104:
4082                 algorithm = B43_SEC_ALGO_WEP104;
4083                 break;
4084         case WLAN_CIPHER_SUITE_TKIP:
4085                 algorithm = B43_SEC_ALGO_TKIP;
4086                 break;
4087         case WLAN_CIPHER_SUITE_CCMP:
4088                 algorithm = B43_SEC_ALGO_AES;
4089                 break;
4090         default:
4091                 B43_WARN_ON(1);
4092                 goto out_unlock;
4093         }
4094         index = (u8) (key->keyidx);
4095         if (index > 3)
4096                 goto out_unlock;
4097
4098         switch (cmd) {
4099         case SET_KEY:
4100                 if (algorithm == B43_SEC_ALGO_TKIP &&
4101                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4102                     !modparam_hwtkip)) {
4103                         /* We support only pairwise key */
4104                         err = -EOPNOTSUPP;
4105                         goto out_unlock;
4106                 }
4107
4108                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4109                         if (WARN_ON(!sta)) {
4110                                 err = -EOPNOTSUPP;
4111                                 goto out_unlock;
4112                         }
4113                         /* Pairwise key with an assigned MAC address. */
4114                         err = b43_key_write(dev, -1, algorithm,
4115                                             key->key, key->keylen,
4116                                             sta->addr, key);
4117                 } else {
4118                         /* Group key */
4119                         err = b43_key_write(dev, index, algorithm,
4120                                             key->key, key->keylen, NULL, key);
4121                 }
4122                 if (err)
4123                         goto out_unlock;
4124
4125                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4126                     algorithm == B43_SEC_ALGO_WEP104) {
4127                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4128                 } else {
4129                         b43_hf_write(dev,
4130                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4131                 }
4132                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4133                 if (algorithm == B43_SEC_ALGO_TKIP)
4134                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4135                 break;
4136         case DISABLE_KEY: {
4137                 err = b43_key_clear(dev, key->hw_key_idx);
4138                 if (err)
4139                         goto out_unlock;
4140                 break;
4141         }
4142         default:
4143                 B43_WARN_ON(1);
4144         }
4145
4146 out_unlock:
4147         if (!err) {
4148                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4149                        "mac: %pM\n",
4150                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4151                        sta ? sta->addr : bcast_addr);
4152                 b43_dump_keymemory(dev);
4153         }
4154         mutex_unlock(&wl->mutex);
4155
4156         return err;
4157 }
4158
4159 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4160                                     unsigned int changed, unsigned int *fflags,
4161                                     u64 multicast)
4162 {
4163         struct b43_wl *wl = hw_to_b43_wl(hw);
4164         struct b43_wldev *dev;
4165
4166         mutex_lock(&wl->mutex);
4167         dev = wl->current_dev;
4168         if (!dev) {
4169                 *fflags = 0;
4170                 goto out_unlock;
4171         }
4172
4173         *fflags &= FIF_PROMISC_IN_BSS |
4174                   FIF_ALLMULTI |
4175                   FIF_FCSFAIL |
4176                   FIF_PLCPFAIL |
4177                   FIF_CONTROL |
4178                   FIF_OTHER_BSS |
4179                   FIF_BCN_PRBRESP_PROMISC;
4180
4181         changed &= FIF_PROMISC_IN_BSS |
4182                    FIF_ALLMULTI |
4183                    FIF_FCSFAIL |
4184                    FIF_PLCPFAIL |
4185                    FIF_CONTROL |
4186                    FIF_OTHER_BSS |
4187                    FIF_BCN_PRBRESP_PROMISC;
4188
4189         wl->filter_flags = *fflags;
4190
4191         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4192                 b43_adjust_opmode(dev);
4193
4194 out_unlock:
4195         mutex_unlock(&wl->mutex);
4196 }
4197
4198 /* Locking: wl->mutex
4199  * Returns the current dev. This might be different from the passed in dev,
4200  * because the core might be gone away while we unlocked the mutex. */
4201 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4202 {
4203         struct b43_wl *wl;
4204         struct b43_wldev *orig_dev;
4205         u32 mask;
4206         int queue_num;
4207
4208         if (!dev)
4209                 return NULL;
4210         wl = dev->wl;
4211 redo:
4212         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4213                 return dev;
4214
4215         /* Cancel work. Unlock to avoid deadlocks. */
4216         mutex_unlock(&wl->mutex);
4217         cancel_delayed_work_sync(&dev->periodic_work);
4218         cancel_work_sync(&wl->tx_work);
4219         mutex_lock(&wl->mutex);
4220         dev = wl->current_dev;
4221         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4222                 /* Whoops, aliens ate up the device while we were unlocked. */
4223                 return dev;
4224         }
4225
4226         /* Disable interrupts on the device. */
4227         b43_set_status(dev, B43_STAT_INITIALIZED);
4228         if (b43_bus_host_is_sdio(dev->dev)) {
4229                 /* wl->mutex is locked. That is enough. */
4230                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4231                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4232         } else {
4233                 spin_lock_irq(&wl->hardirq_lock);
4234                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4235                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4236                 spin_unlock_irq(&wl->hardirq_lock);
4237         }
4238         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4239         orig_dev = dev;
4240         mutex_unlock(&wl->mutex);
4241         if (b43_bus_host_is_sdio(dev->dev)) {
4242                 b43_sdio_free_irq(dev);
4243         } else {
4244                 synchronize_irq(dev->dev->irq);
4245                 free_irq(dev->dev->irq, dev);
4246         }
4247         mutex_lock(&wl->mutex);
4248         dev = wl->current_dev;
4249         if (!dev)
4250                 return dev;
4251         if (dev != orig_dev) {
4252                 if (b43_status(dev) >= B43_STAT_STARTED)
4253                         goto redo;
4254                 return dev;
4255         }
4256         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4257         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4258
4259         /* Drain all TX queues. */
4260         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4261                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4262                         struct sk_buff *skb;
4263
4264                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4265                         ieee80211_free_txskb(wl->hw, skb);
4266                 }
4267         }
4268
4269         b43_mac_suspend(dev);
4270         b43_leds_exit(dev);
4271         b43dbg(wl, "Wireless interface stopped\n");
4272
4273         return dev;
4274 }
4275
4276 /* Locking: wl->mutex */
4277 static int b43_wireless_core_start(struct b43_wldev *dev)
4278 {
4279         int err;
4280
4281         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4282
4283         drain_txstatus_queue(dev);
4284         if (b43_bus_host_is_sdio(dev->dev)) {
4285                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4286                 if (err) {
4287                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4288                         goto out;
4289                 }
4290         } else {
4291                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4292                                            b43_interrupt_thread_handler,
4293                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4294                 if (err) {
4295                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4296                                dev->dev->irq);
4297                         goto out;
4298                 }
4299         }
4300
4301         /* We are ready to run. */
4302         ieee80211_wake_queues(dev->wl->hw);
4303         b43_set_status(dev, B43_STAT_STARTED);
4304
4305         /* Start data flow (TX/RX). */
4306         b43_mac_enable(dev);
4307         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4308
4309         /* Start maintenance work */
4310         b43_periodic_tasks_setup(dev);
4311
4312         b43_leds_init(dev);
4313
4314         b43dbg(dev->wl, "Wireless interface started\n");
4315 out:
4316         return err;
4317 }
4318
4319 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4320 {
4321         switch (phy_type) {
4322         case B43_PHYTYPE_A:
4323                 return "A";
4324         case B43_PHYTYPE_B:
4325                 return "B";
4326         case B43_PHYTYPE_G:
4327                 return "G";
4328         case B43_PHYTYPE_N:
4329                 return "N";
4330         case B43_PHYTYPE_LP:
4331                 return "LP";
4332         case B43_PHYTYPE_SSLPN:
4333                 return "SSLPN";
4334         case B43_PHYTYPE_HT:
4335                 return "HT";
4336         case B43_PHYTYPE_LCN:
4337                 return "LCN";
4338         case B43_PHYTYPE_LCNXN:
4339                 return "LCNXN";
4340         case B43_PHYTYPE_LCN40:
4341                 return "LCN40";
4342         case B43_PHYTYPE_AC:
4343                 return "AC";
4344         }
4345         return "UNKNOWN";
4346 }
4347
4348 /* Get PHY and RADIO versioning numbers */
4349 static int b43_phy_versioning(struct b43_wldev *dev)
4350 {
4351         struct b43_phy *phy = &dev->phy;
4352         u32 tmp;
4353         u8 analog_type;
4354         u8 phy_type;
4355         u8 phy_rev;
4356         u16 radio_manuf;
4357         u16 radio_ver;
4358         u16 radio_rev;
4359         int unsupported = 0;
4360
4361         /* Get PHY versioning */
4362         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4363         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4364         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4365         phy_rev = (tmp & B43_PHYVER_VERSION);
4366         switch (phy_type) {
4367         case B43_PHYTYPE_A:
4368                 if (phy_rev >= 4)
4369                         unsupported = 1;
4370                 break;
4371         case B43_PHYTYPE_B:
4372                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4373                     && phy_rev != 7)
4374                         unsupported = 1;
4375                 break;
4376         case B43_PHYTYPE_G:
4377                 if (phy_rev > 9)
4378                         unsupported = 1;
4379                 break;
4380 #ifdef CONFIG_B43_PHY_N
4381         case B43_PHYTYPE_N:
4382                 if (phy_rev > 9)
4383                         unsupported = 1;
4384                 break;
4385 #endif
4386 #ifdef CONFIG_B43_PHY_LP
4387         case B43_PHYTYPE_LP:
4388                 if (phy_rev > 2)
4389                         unsupported = 1;
4390                 break;
4391 #endif
4392 #ifdef CONFIG_B43_PHY_HT
4393         case B43_PHYTYPE_HT:
4394                 if (phy_rev > 1)
4395                         unsupported = 1;
4396                 break;
4397 #endif
4398 #ifdef CONFIG_B43_PHY_LCN
4399         case B43_PHYTYPE_LCN:
4400                 if (phy_rev > 1)
4401                         unsupported = 1;
4402                 break;
4403 #endif
4404         default:
4405                 unsupported = 1;
4406         }
4407         if (unsupported) {
4408                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4409                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4410                        phy_rev);
4411                 return -EOPNOTSUPP;
4412         }
4413         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4414                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4415
4416         /* Get RADIO versioning */
4417         if (dev->dev->core_rev >= 24) {
4418                 u16 radio24[3];
4419
4420                 for (tmp = 0; tmp < 3; tmp++) {
4421                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4422                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4423                 }
4424
4425                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4426                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4427
4428                 radio_manuf = 0x17F;
4429                 radio_ver = (radio24[2] << 8) | radio24[1];
4430                 radio_rev = (radio24[0] & 0xF);
4431         } else {
4432                 if (dev->dev->chip_id == 0x4317) {
4433                         if (dev->dev->chip_rev == 0)
4434                                 tmp = 0x3205017F;
4435                         else if (dev->dev->chip_rev == 1)
4436                                 tmp = 0x4205017F;
4437                         else
4438                                 tmp = 0x5205017F;
4439                 } else {
4440                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4441                                     B43_RADIOCTL_ID);
4442                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4443                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4444                                     B43_RADIOCTL_ID);
4445                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4446                                 << 16;
4447                 }
4448                 radio_manuf = (tmp & 0x00000FFF);
4449                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4450                 radio_rev = (tmp & 0xF0000000) >> 28;
4451         }
4452
4453         if (radio_manuf != 0x17F /* Broadcom */)
4454                 unsupported = 1;
4455         switch (phy_type) {
4456         case B43_PHYTYPE_A:
4457                 if (radio_ver != 0x2060)
4458                         unsupported = 1;
4459                 if (radio_rev != 1)
4460                         unsupported = 1;
4461                 if (radio_manuf != 0x17F)
4462                         unsupported = 1;
4463                 break;
4464         case B43_PHYTYPE_B:
4465                 if ((radio_ver & 0xFFF0) != 0x2050)
4466                         unsupported = 1;
4467                 break;
4468         case B43_PHYTYPE_G:
4469                 if (radio_ver != 0x2050)
4470                         unsupported = 1;
4471                 break;
4472         case B43_PHYTYPE_N:
4473                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4474                         unsupported = 1;
4475                 break;
4476         case B43_PHYTYPE_LP:
4477                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4478                         unsupported = 1;
4479                 break;
4480         case B43_PHYTYPE_HT:
4481                 if (radio_ver != 0x2059)
4482                         unsupported = 1;
4483                 break;
4484         case B43_PHYTYPE_LCN:
4485                 if (radio_ver != 0x2064)
4486                         unsupported = 1;
4487                 break;
4488         default:
4489                 B43_WARN_ON(1);
4490         }
4491         if (unsupported) {
4492                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4493                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4494                        radio_manuf, radio_ver, radio_rev);
4495                 return -EOPNOTSUPP;
4496         }
4497         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4498                radio_manuf, radio_ver, radio_rev);
4499
4500         phy->radio_manuf = radio_manuf;
4501         phy->radio_ver = radio_ver;
4502         phy->radio_rev = radio_rev;
4503
4504         phy->analog = analog_type;
4505         phy->type = phy_type;
4506         phy->rev = phy_rev;
4507
4508         return 0;
4509 }
4510
4511 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4512                                       struct b43_phy *phy)
4513 {
4514         phy->hardware_power_control = !!modparam_hwpctl;
4515         phy->next_txpwr_check_time = jiffies;
4516         /* PHY TX errors counter. */
4517         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4518
4519 #if B43_DEBUG
4520         phy->phy_locked = false;
4521         phy->radio_locked = false;
4522 #endif
4523 }
4524
4525 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4526 {
4527         dev->dfq_valid = false;
4528
4529         /* Assume the radio is enabled. If it's not enabled, the state will
4530          * immediately get fixed on the first periodic work run. */
4531         dev->radio_hw_enable = true;
4532
4533         /* Stats */
4534         memset(&dev->stats, 0, sizeof(dev->stats));
4535
4536         setup_struct_phy_for_init(dev, &dev->phy);
4537
4538         /* IRQ related flags */
4539         dev->irq_reason = 0;
4540         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4541         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4542         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4543                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4544
4545         dev->mac_suspended = 1;
4546
4547         /* Noise calculation context */
4548         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4549 }
4550
4551 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4552 {
4553         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4554         u64 hf;
4555
4556         if (!modparam_btcoex)
4557                 return;
4558         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4559                 return;
4560         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4561                 return;
4562
4563         hf = b43_hf_read(dev);
4564         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4565                 hf |= B43_HF_BTCOEXALT;
4566         else
4567                 hf |= B43_HF_BTCOEX;
4568         b43_hf_write(dev, hf);
4569 }
4570
4571 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4572 {
4573         if (!modparam_btcoex)
4574                 return;
4575         //TODO
4576 }
4577
4578 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4579 {
4580         struct ssb_bus *bus;
4581         u32 tmp;
4582
4583         if (dev->dev->bus_type != B43_BUS_SSB)
4584                 return;
4585
4586         bus = dev->dev->sdev->bus;
4587
4588         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4589             (bus->chip_id == 0x4312)) {
4590                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4591                 tmp &= ~SSB_IMCFGLO_REQTO;
4592                 tmp &= ~SSB_IMCFGLO_SERTO;
4593                 tmp |= 0x3;
4594                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4595                 ssb_commit_settings(bus);
4596         }
4597 }
4598
4599 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4600 {
4601         u16 pu_delay;
4602
4603         /* The time value is in microseconds. */
4604         if (dev->phy.type == B43_PHYTYPE_A)
4605                 pu_delay = 3700;
4606         else
4607                 pu_delay = 1050;
4608         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4609                 pu_delay = 500;
4610         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4611                 pu_delay = max(pu_delay, (u16)2400);
4612
4613         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4614 }
4615
4616 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4617 static void b43_set_pretbtt(struct b43_wldev *dev)
4618 {
4619         u16 pretbtt;
4620
4621         /* The time value is in microseconds. */
4622         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4623                 pretbtt = 2;
4624         } else {
4625                 if (dev->phy.type == B43_PHYTYPE_A)
4626                         pretbtt = 120;
4627                 else
4628                         pretbtt = 250;
4629         }
4630         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4631         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4632 }
4633
4634 /* Shutdown a wireless core */
4635 /* Locking: wl->mutex */
4636 static void b43_wireless_core_exit(struct b43_wldev *dev)
4637 {
4638         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4639         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4640                 return;
4641
4642         b43_set_status(dev, B43_STAT_UNINIT);
4643
4644         /* Stop the microcode PSM. */
4645         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4646                       B43_MACCTL_PSM_JMP0);
4647
4648         b43_dma_free(dev);
4649         b43_pio_free(dev);
4650         b43_chip_exit(dev);
4651         dev->phy.ops->switch_analog(dev, 0);
4652         if (dev->wl->current_beacon) {
4653                 dev_kfree_skb_any(dev->wl->current_beacon);
4654                 dev->wl->current_beacon = NULL;
4655         }
4656
4657         b43_device_disable(dev, 0);
4658         b43_bus_may_powerdown(dev);
4659 }
4660
4661 /* Initialize a wireless core */
4662 static int b43_wireless_core_init(struct b43_wldev *dev)
4663 {
4664         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4665         struct b43_phy *phy = &dev->phy;
4666         int err;
4667         u64 hf;
4668
4669         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4670
4671         err = b43_bus_powerup(dev, 0);
4672         if (err)
4673                 goto out;
4674         if (!b43_device_is_enabled(dev))
4675                 b43_wireless_core_reset(dev, phy->gmode);
4676
4677         /* Reset all data structures. */
4678         setup_struct_wldev_for_init(dev);
4679         phy->ops->prepare_structs(dev);
4680
4681         /* Enable IRQ routing to this device. */
4682         switch (dev->dev->bus_type) {
4683 #ifdef CONFIG_B43_BCMA
4684         case B43_BUS_BCMA:
4685                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4686                                       dev->dev->bdev, true);
4687                 break;
4688 #endif
4689 #ifdef CONFIG_B43_SSB
4690         case B43_BUS_SSB:
4691                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4692                                                dev->dev->sdev);
4693                 break;
4694 #endif
4695         }
4696
4697         b43_imcfglo_timeouts_workaround(dev);
4698         b43_bluetooth_coext_disable(dev);
4699         if (phy->ops->prepare_hardware) {
4700                 err = phy->ops->prepare_hardware(dev);
4701                 if (err)
4702                         goto err_busdown;
4703         }
4704         err = b43_chip_init(dev);
4705         if (err)
4706                 goto err_busdown;
4707         b43_shm_write16(dev, B43_SHM_SHARED,
4708                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4709         hf = b43_hf_read(dev);
4710         if (phy->type == B43_PHYTYPE_G) {
4711                 hf |= B43_HF_SYMW;
4712                 if (phy->rev == 1)
4713                         hf |= B43_HF_GDCW;
4714                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4715                         hf |= B43_HF_OFDMPABOOST;
4716         }
4717         if (phy->radio_ver == 0x2050) {
4718                 if (phy->radio_rev == 6)
4719                         hf |= B43_HF_4318TSSI;
4720                 if (phy->radio_rev < 6)
4721                         hf |= B43_HF_VCORECALC;
4722         }
4723         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4724                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4725 #ifdef CONFIG_SSB_DRIVER_PCICORE
4726         if (dev->dev->bus_type == B43_BUS_SSB &&
4727             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4728             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4729                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4730 #endif
4731         hf &= ~B43_HF_SKCFPUP;
4732         b43_hf_write(dev, hf);
4733
4734         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4735                              B43_DEFAULT_LONG_RETRY_LIMIT);
4736         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4737         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4738
4739         /* Disable sending probe responses from firmware.
4740          * Setting the MaxTime to one usec will always trigger
4741          * a timeout, so we never send any probe resp.
4742          * A timeout of zero is infinite. */
4743         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4744
4745         b43_rate_memory_init(dev);
4746         b43_set_phytxctl_defaults(dev);
4747
4748         /* Minimum Contention Window */
4749         if (phy->type == B43_PHYTYPE_B)
4750                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4751         else
4752                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4753         /* Maximum Contention Window */
4754         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4755
4756         if (b43_bus_host_is_pcmcia(dev->dev) ||
4757             b43_bus_host_is_sdio(dev->dev)) {
4758                 dev->__using_pio_transfers = true;
4759                 err = b43_pio_init(dev);
4760         } else if (dev->use_pio) {
4761                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4762                         "This should not be needed and will result in lower "
4763                         "performance.\n");
4764                 dev->__using_pio_transfers = true;
4765                 err = b43_pio_init(dev);
4766         } else {
4767                 dev->__using_pio_transfers = false;
4768                 err = b43_dma_init(dev);
4769         }
4770         if (err)
4771                 goto err_chip_exit;
4772         b43_qos_init(dev);
4773         b43_set_synth_pu_delay(dev, 1);
4774         b43_bluetooth_coext_enable(dev);
4775
4776         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4777         b43_upload_card_macaddress(dev);
4778         b43_security_init(dev);
4779
4780         ieee80211_wake_queues(dev->wl->hw);
4781
4782         b43_set_status(dev, B43_STAT_INITIALIZED);
4783
4784 out:
4785         return err;
4786
4787 err_chip_exit:
4788         b43_chip_exit(dev);
4789 err_busdown:
4790         b43_bus_may_powerdown(dev);
4791         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4792         return err;
4793 }
4794
4795 static int b43_op_add_interface(struct ieee80211_hw *hw,
4796                                 struct ieee80211_vif *vif)
4797 {
4798         struct b43_wl *wl = hw_to_b43_wl(hw);
4799         struct b43_wldev *dev;
4800         int err = -EOPNOTSUPP;
4801
4802         /* TODO: allow WDS/AP devices to coexist */
4803
4804         if (vif->type != NL80211_IFTYPE_AP &&
4805             vif->type != NL80211_IFTYPE_MESH_POINT &&
4806             vif->type != NL80211_IFTYPE_STATION &&
4807             vif->type != NL80211_IFTYPE_WDS &&
4808             vif->type != NL80211_IFTYPE_ADHOC)
4809                 return -EOPNOTSUPP;
4810
4811         mutex_lock(&wl->mutex);
4812         if (wl->operating)
4813                 goto out_mutex_unlock;
4814
4815         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4816
4817         dev = wl->current_dev;
4818         wl->operating = true;
4819         wl->vif = vif;
4820         wl->if_type = vif->type;
4821         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4822
4823         b43_adjust_opmode(dev);
4824         b43_set_pretbtt(dev);
4825         b43_set_synth_pu_delay(dev, 0);
4826         b43_upload_card_macaddress(dev);
4827
4828         err = 0;
4829  out_mutex_unlock:
4830         mutex_unlock(&wl->mutex);
4831
4832         if (err == 0)
4833                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4834
4835         return err;
4836 }
4837
4838 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4839                                     struct ieee80211_vif *vif)
4840 {
4841         struct b43_wl *wl = hw_to_b43_wl(hw);
4842         struct b43_wldev *dev = wl->current_dev;
4843
4844         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4845
4846         mutex_lock(&wl->mutex);
4847
4848         B43_WARN_ON(!wl->operating);
4849         B43_WARN_ON(wl->vif != vif);
4850         wl->vif = NULL;
4851
4852         wl->operating = false;
4853
4854         b43_adjust_opmode(dev);
4855         memset(wl->mac_addr, 0, ETH_ALEN);
4856         b43_upload_card_macaddress(dev);
4857
4858         mutex_unlock(&wl->mutex);
4859 }
4860
4861 static int b43_op_start(struct ieee80211_hw *hw)
4862 {
4863         struct b43_wl *wl = hw_to_b43_wl(hw);
4864         struct b43_wldev *dev = wl->current_dev;
4865         int did_init = 0;
4866         int err = 0;
4867
4868         /* Kill all old instance specific information to make sure
4869          * the card won't use it in the short timeframe between start
4870          * and mac80211 reconfiguring it. */
4871         memset(wl->bssid, 0, ETH_ALEN);
4872         memset(wl->mac_addr, 0, ETH_ALEN);
4873         wl->filter_flags = 0;
4874         wl->radiotap_enabled = false;
4875         b43_qos_clear(wl);
4876         wl->beacon0_uploaded = false;
4877         wl->beacon1_uploaded = false;
4878         wl->beacon_templates_virgin = true;
4879         wl->radio_enabled = true;
4880
4881         mutex_lock(&wl->mutex);
4882
4883         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4884                 err = b43_wireless_core_init(dev);
4885                 if (err)
4886                         goto out_mutex_unlock;
4887                 did_init = 1;
4888         }
4889
4890         if (b43_status(dev) < B43_STAT_STARTED) {
4891                 err = b43_wireless_core_start(dev);
4892                 if (err) {
4893                         if (did_init)
4894                                 b43_wireless_core_exit(dev);
4895                         goto out_mutex_unlock;
4896                 }
4897         }
4898
4899         /* XXX: only do if device doesn't support rfkill irq */
4900         wiphy_rfkill_start_polling(hw->wiphy);
4901
4902  out_mutex_unlock:
4903         mutex_unlock(&wl->mutex);
4904
4905         /*
4906          * Configuration may have been overwritten during initialization.
4907          * Reload the configuration, but only if initialization was
4908          * successful. Reloading the configuration after a failed init
4909          * may hang the system.
4910          */
4911         if (!err)
4912                 b43_op_config(hw, ~0);
4913
4914         return err;
4915 }
4916
4917 static void b43_op_stop(struct ieee80211_hw *hw)
4918 {
4919         struct b43_wl *wl = hw_to_b43_wl(hw);
4920         struct b43_wldev *dev = wl->current_dev;
4921
4922         cancel_work_sync(&(wl->beacon_update_trigger));
4923
4924         if (!dev)
4925                 goto out;
4926
4927         mutex_lock(&wl->mutex);
4928         if (b43_status(dev) >= B43_STAT_STARTED) {
4929                 dev = b43_wireless_core_stop(dev);
4930                 if (!dev)
4931                         goto out_unlock;
4932         }
4933         b43_wireless_core_exit(dev);
4934         wl->radio_enabled = false;
4935
4936 out_unlock:
4937         mutex_unlock(&wl->mutex);
4938 out:
4939         cancel_work_sync(&(wl->txpower_adjust_work));
4940 }
4941
4942 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4943                                  struct ieee80211_sta *sta, bool set)
4944 {
4945         struct b43_wl *wl = hw_to_b43_wl(hw);
4946
4947         /* FIXME: add locking */
4948         b43_update_templates(wl);
4949
4950         return 0;
4951 }
4952
4953 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4954                               struct ieee80211_vif *vif,
4955                               enum sta_notify_cmd notify_cmd,
4956                               struct ieee80211_sta *sta)
4957 {
4958         struct b43_wl *wl = hw_to_b43_wl(hw);
4959
4960         B43_WARN_ON(!vif || wl->vif != vif);
4961 }
4962
4963 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4964 {
4965         struct b43_wl *wl = hw_to_b43_wl(hw);
4966         struct b43_wldev *dev;
4967
4968         mutex_lock(&wl->mutex);
4969         dev = wl->current_dev;
4970         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4971                 /* Disable CFP update during scan on other channels. */
4972                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4973         }
4974         mutex_unlock(&wl->mutex);
4975 }
4976
4977 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4978 {
4979         struct b43_wl *wl = hw_to_b43_wl(hw);
4980         struct b43_wldev *dev;
4981
4982         mutex_lock(&wl->mutex);
4983         dev = wl->current_dev;
4984         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4985                 /* Re-enable CFP update. */
4986                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4987         }
4988         mutex_unlock(&wl->mutex);
4989 }
4990
4991 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4992                              struct survey_info *survey)
4993 {
4994         struct b43_wl *wl = hw_to_b43_wl(hw);
4995         struct b43_wldev *dev = wl->current_dev;
4996         struct ieee80211_conf *conf = &hw->conf;
4997
4998         if (idx != 0)
4999                 return -ENOENT;
5000
5001         survey->channel = conf->chandef.chan;
5002         survey->filled = SURVEY_INFO_NOISE_DBM;
5003         survey->noise = dev->stats.link_noise;
5004
5005         return 0;
5006 }
5007
5008 static const struct ieee80211_ops b43_hw_ops = {
5009         .tx                     = b43_op_tx,
5010         .conf_tx                = b43_op_conf_tx,
5011         .add_interface          = b43_op_add_interface,
5012         .remove_interface       = b43_op_remove_interface,
5013         .config                 = b43_op_config,
5014         .bss_info_changed       = b43_op_bss_info_changed,
5015         .configure_filter       = b43_op_configure_filter,
5016         .set_key                = b43_op_set_key,
5017         .update_tkip_key        = b43_op_update_tkip_key,
5018         .get_stats              = b43_op_get_stats,
5019         .get_tsf                = b43_op_get_tsf,
5020         .set_tsf                = b43_op_set_tsf,
5021         .start                  = b43_op_start,
5022         .stop                   = b43_op_stop,
5023         .set_tim                = b43_op_beacon_set_tim,
5024         .sta_notify             = b43_op_sta_notify,
5025         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5026         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5027         .get_survey             = b43_op_get_survey,
5028         .rfkill_poll            = b43_rfkill_poll,
5029 };
5030
5031 /* Hard-reset the chip. Do not call this directly.
5032  * Use b43_controller_restart()
5033  */
5034 static void b43_chip_reset(struct work_struct *work)
5035 {
5036         struct b43_wldev *dev =
5037             container_of(work, struct b43_wldev, restart_work);
5038         struct b43_wl *wl = dev->wl;
5039         int err = 0;
5040         int prev_status;
5041
5042         mutex_lock(&wl->mutex);
5043
5044         prev_status = b43_status(dev);
5045         /* Bring the device down... */
5046         if (prev_status >= B43_STAT_STARTED) {
5047                 dev = b43_wireless_core_stop(dev);
5048                 if (!dev) {
5049                         err = -ENODEV;
5050                         goto out;
5051                 }
5052         }
5053         if (prev_status >= B43_STAT_INITIALIZED)
5054                 b43_wireless_core_exit(dev);
5055
5056         /* ...and up again. */
5057         if (prev_status >= B43_STAT_INITIALIZED) {
5058                 err = b43_wireless_core_init(dev);
5059                 if (err)
5060                         goto out;
5061         }
5062         if (prev_status >= B43_STAT_STARTED) {
5063                 err = b43_wireless_core_start(dev);
5064                 if (err) {
5065                         b43_wireless_core_exit(dev);
5066                         goto out;
5067                 }
5068         }
5069 out:
5070         if (err)
5071                 wl->current_dev = NULL; /* Failed to init the dev. */
5072         mutex_unlock(&wl->mutex);
5073
5074         if (err) {
5075                 b43err(wl, "Controller restart FAILED\n");
5076                 return;
5077         }
5078
5079         /* reload configuration */
5080         b43_op_config(wl->hw, ~0);
5081         if (wl->vif)
5082                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5083
5084         b43info(wl, "Controller restarted\n");
5085 }
5086
5087 static int b43_setup_bands(struct b43_wldev *dev,
5088                            bool have_2ghz_phy, bool have_5ghz_phy)
5089 {
5090         struct ieee80211_hw *hw = dev->wl->hw;
5091
5092         if (have_2ghz_phy)
5093                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5094         if (dev->phy.type == B43_PHYTYPE_N) {
5095                 if (have_5ghz_phy)
5096                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5097         } else {
5098                 if (have_5ghz_phy)
5099                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5100         }
5101
5102         dev->phy.supports_2ghz = have_2ghz_phy;
5103         dev->phy.supports_5ghz = have_5ghz_phy;
5104
5105         return 0;
5106 }
5107
5108 static void b43_wireless_core_detach(struct b43_wldev *dev)
5109 {
5110         /* We release firmware that late to not be required to re-request
5111          * is all the time when we reinit the core. */
5112         b43_release_firmware(dev);
5113         b43_phy_free(dev);
5114 }
5115
5116 static int b43_wireless_core_attach(struct b43_wldev *dev)
5117 {
5118         struct b43_wl *wl = dev->wl;
5119         struct pci_dev *pdev = NULL;
5120         int err;
5121         u32 tmp;
5122         bool have_2ghz_phy = false, have_5ghz_phy = false;
5123
5124         /* Do NOT do any device initialization here.
5125          * Do it in wireless_core_init() instead.
5126          * This function is for gathering basic information about the HW, only.
5127          * Also some structs may be set up here. But most likely you want to have
5128          * that in core_init(), too.
5129          */
5130
5131 #ifdef CONFIG_B43_SSB
5132         if (dev->dev->bus_type == B43_BUS_SSB &&
5133             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5134                 pdev = dev->dev->sdev->bus->host_pci;
5135 #endif
5136
5137         err = b43_bus_powerup(dev, 0);
5138         if (err) {
5139                 b43err(wl, "Bus powerup failed\n");
5140                 goto out;
5141         }
5142
5143         /* Get the PHY type. */
5144         switch (dev->dev->bus_type) {
5145 #ifdef CONFIG_B43_BCMA
5146         case B43_BUS_BCMA:
5147                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5148                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5149                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5150                 break;
5151 #endif
5152 #ifdef CONFIG_B43_SSB
5153         case B43_BUS_SSB:
5154                 if (dev->dev->core_rev >= 5) {
5155                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5156                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5157                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5158                 } else
5159                         B43_WARN_ON(1);
5160                 break;
5161 #endif
5162         }
5163
5164         dev->phy.gmode = have_2ghz_phy;
5165         dev->phy.radio_on = true;
5166         b43_wireless_core_reset(dev, dev->phy.gmode);
5167
5168         err = b43_phy_versioning(dev);
5169         if (err)
5170                 goto err_powerdown;
5171         /* Check if this device supports multiband. */
5172         if (!pdev ||
5173             (pdev->device != 0x4312 &&
5174              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5175                 /* No multiband support. */
5176                 have_2ghz_phy = false;
5177                 have_5ghz_phy = false;
5178                 switch (dev->phy.type) {
5179                 case B43_PHYTYPE_A:
5180                         have_5ghz_phy = true;
5181                         break;
5182                 case B43_PHYTYPE_LP: //FIXME not always!
5183 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5184                         have_5ghz_phy = 1;
5185 #endif
5186                 case B43_PHYTYPE_G:
5187                 case B43_PHYTYPE_N:
5188                 case B43_PHYTYPE_HT:
5189                 case B43_PHYTYPE_LCN:
5190                         have_2ghz_phy = true;
5191                         break;
5192                 default:
5193                         B43_WARN_ON(1);
5194                 }
5195         }
5196         if (dev->phy.type == B43_PHYTYPE_A) {
5197                 /* FIXME */
5198                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5199                 err = -EOPNOTSUPP;
5200                 goto err_powerdown;
5201         }
5202         if (1 /* disable A-PHY */) {
5203                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5204                 if (dev->phy.type != B43_PHYTYPE_N &&
5205                     dev->phy.type != B43_PHYTYPE_LP) {
5206                         have_2ghz_phy = true;
5207                         have_5ghz_phy = false;
5208                 }
5209         }
5210
5211         err = b43_phy_allocate(dev);
5212         if (err)
5213                 goto err_powerdown;
5214
5215         dev->phy.gmode = have_2ghz_phy;
5216         b43_wireless_core_reset(dev, dev->phy.gmode);
5217
5218         err = b43_validate_chipaccess(dev);
5219         if (err)
5220                 goto err_phy_free;
5221         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5222         if (err)
5223                 goto err_phy_free;
5224
5225         /* Now set some default "current_dev" */
5226         if (!wl->current_dev)
5227                 wl->current_dev = dev;
5228         INIT_WORK(&dev->restart_work, b43_chip_reset);
5229
5230         dev->phy.ops->switch_analog(dev, 0);
5231         b43_device_disable(dev, 0);
5232         b43_bus_may_powerdown(dev);
5233
5234 out:
5235         return err;
5236
5237 err_phy_free:
5238         b43_phy_free(dev);
5239 err_powerdown:
5240         b43_bus_may_powerdown(dev);
5241         return err;
5242 }
5243
5244 static void b43_one_core_detach(struct b43_bus_dev *dev)
5245 {
5246         struct b43_wldev *wldev;
5247         struct b43_wl *wl;
5248
5249         /* Do not cancel ieee80211-workqueue based work here.
5250          * See comment in b43_remove(). */
5251
5252         wldev = b43_bus_get_wldev(dev);
5253         wl = wldev->wl;
5254         b43_debugfs_remove_device(wldev);
5255         b43_wireless_core_detach(wldev);
5256         list_del(&wldev->list);
5257         wl->nr_devs--;
5258         b43_bus_set_wldev(dev, NULL);
5259         kfree(wldev);
5260 }
5261
5262 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5263 {
5264         struct b43_wldev *wldev;
5265         int err = -ENOMEM;
5266
5267         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5268         if (!wldev)
5269                 goto out;
5270
5271         wldev->use_pio = b43_modparam_pio;
5272         wldev->dev = dev;
5273         wldev->wl = wl;
5274         b43_set_status(wldev, B43_STAT_UNINIT);
5275         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5276         INIT_LIST_HEAD(&wldev->list);
5277
5278         err = b43_wireless_core_attach(wldev);
5279         if (err)
5280                 goto err_kfree_wldev;
5281
5282         list_add(&wldev->list, &wl->devlist);
5283         wl->nr_devs++;
5284         b43_bus_set_wldev(dev, wldev);
5285         b43_debugfs_add_device(wldev);
5286
5287       out:
5288         return err;
5289
5290       err_kfree_wldev:
5291         kfree(wldev);
5292         return err;
5293 }
5294
5295 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5296         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5297         (pdev->device == _device) &&                                    \
5298         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5299         (pdev->subsystem_device == _subdevice)                          )
5300
5301 static void b43_sprom_fixup(struct ssb_bus *bus)
5302 {
5303         struct pci_dev *pdev;
5304
5305         /* boardflags workarounds */
5306         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5307             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5308                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5309         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5310             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5311                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5312         if (bus->bustype == SSB_BUSTYPE_PCI) {
5313                 pdev = bus->host_pci;
5314                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5315                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5316                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5317                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5318                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5319                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5320                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5321                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5322         }
5323 }
5324
5325 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5326 {
5327         struct ieee80211_hw *hw = wl->hw;
5328
5329         ssb_set_devtypedata(dev->sdev, NULL);
5330         ieee80211_free_hw(hw);
5331 }
5332
5333 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5334 {
5335         struct ssb_sprom *sprom = dev->bus_sprom;
5336         struct ieee80211_hw *hw;
5337         struct b43_wl *wl;
5338         char chip_name[6];
5339         int queue_num;
5340
5341         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5342         if (!hw) {
5343                 b43err(NULL, "Could not allocate ieee80211 device\n");
5344                 return ERR_PTR(-ENOMEM);
5345         }
5346         wl = hw_to_b43_wl(hw);
5347
5348         /* fill hw info */
5349         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5350                     IEEE80211_HW_SIGNAL_DBM;
5351
5352         hw->wiphy->interface_modes =
5353                 BIT(NL80211_IFTYPE_AP) |
5354                 BIT(NL80211_IFTYPE_MESH_POINT) |
5355                 BIT(NL80211_IFTYPE_STATION) |
5356                 BIT(NL80211_IFTYPE_WDS) |
5357                 BIT(NL80211_IFTYPE_ADHOC);
5358
5359         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5360
5361         wl->hw_registred = false;
5362         hw->max_rates = 2;
5363         SET_IEEE80211_DEV(hw, dev->dev);
5364         if (is_valid_ether_addr(sprom->et1mac))
5365                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5366         else
5367                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5368
5369         /* Initialize struct b43_wl */
5370         wl->hw = hw;
5371         mutex_init(&wl->mutex);
5372         spin_lock_init(&wl->hardirq_lock);
5373         INIT_LIST_HEAD(&wl->devlist);
5374         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5375         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5376         INIT_WORK(&wl->tx_work, b43_tx_work);
5377
5378         /* Initialize queues and flags. */
5379         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5380                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5381                 wl->tx_queue_stopped[queue_num] = 0;
5382         }
5383
5384         snprintf(chip_name, ARRAY_SIZE(chip_name),
5385                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5386         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5387                 dev->core_rev);
5388         return wl;
5389 }
5390
5391 #ifdef CONFIG_B43_BCMA
5392 static int b43_bcma_probe(struct bcma_device *core)
5393 {
5394         struct b43_bus_dev *dev;
5395         struct b43_wl *wl;
5396         int err;
5397
5398         dev = b43_bus_dev_bcma_init(core);
5399         if (!dev)
5400                 return -ENODEV;
5401
5402         wl = b43_wireless_init(dev);
5403         if (IS_ERR(wl)) {
5404                 err = PTR_ERR(wl);
5405                 goto bcma_out;
5406         }
5407
5408         err = b43_one_core_attach(dev, wl);
5409         if (err)
5410                 goto bcma_err_wireless_exit;
5411
5412         /* setup and start work to load firmware */
5413         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5414         schedule_work(&wl->firmware_load);
5415
5416 bcma_out:
5417         return err;
5418
5419 bcma_err_wireless_exit:
5420         ieee80211_free_hw(wl->hw);
5421         return err;
5422 }
5423
5424 static void b43_bcma_remove(struct bcma_device *core)
5425 {
5426         struct b43_wldev *wldev = bcma_get_drvdata(core);
5427         struct b43_wl *wl = wldev->wl;
5428
5429         /* We must cancel any work here before unregistering from ieee80211,
5430          * as the ieee80211 unreg will destroy the workqueue. */
5431         cancel_work_sync(&wldev->restart_work);
5432         cancel_work_sync(&wl->firmware_load);
5433
5434         B43_WARN_ON(!wl);
5435         if (!wldev->fw.ucode.data)
5436                 return;                 /* NULL if firmware never loaded */
5437         if (wl->current_dev == wldev && wl->hw_registred) {
5438                 b43_leds_stop(wldev);
5439                 ieee80211_unregister_hw(wl->hw);
5440         }
5441
5442         b43_one_core_detach(wldev->dev);
5443
5444         /* Unregister HW RNG driver */
5445         b43_rng_exit(wl);
5446
5447         b43_leds_unregister(wl);
5448
5449         ieee80211_free_hw(wl->hw);
5450 }
5451
5452 static struct bcma_driver b43_bcma_driver = {
5453         .name           = KBUILD_MODNAME,
5454         .id_table       = b43_bcma_tbl,
5455         .probe          = b43_bcma_probe,
5456         .remove         = b43_bcma_remove,
5457 };
5458 #endif
5459
5460 #ifdef CONFIG_B43_SSB
5461 static
5462 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5463 {
5464         struct b43_bus_dev *dev;
5465         struct b43_wl *wl;
5466         int err;
5467         int first = 0;
5468
5469         dev = b43_bus_dev_ssb_init(sdev);
5470         if (!dev)
5471                 return -ENOMEM;
5472
5473         wl = ssb_get_devtypedata(sdev);
5474         if (!wl) {
5475                 /* Probing the first core. Must setup common struct b43_wl */
5476                 first = 1;
5477                 b43_sprom_fixup(sdev->bus);
5478                 wl = b43_wireless_init(dev);
5479                 if (IS_ERR(wl)) {
5480                         err = PTR_ERR(wl);
5481                         goto out;
5482                 }
5483                 ssb_set_devtypedata(sdev, wl);
5484                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5485         }
5486         err = b43_one_core_attach(dev, wl);
5487         if (err)
5488                 goto err_wireless_exit;
5489
5490         /* setup and start work to load firmware */
5491         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5492         schedule_work(&wl->firmware_load);
5493
5494       out:
5495         return err;
5496
5497       err_wireless_exit:
5498         if (first)
5499                 b43_wireless_exit(dev, wl);
5500         return err;
5501 }
5502
5503 static void b43_ssb_remove(struct ssb_device *sdev)
5504 {
5505         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5506         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5507         struct b43_bus_dev *dev = wldev->dev;
5508
5509         /* We must cancel any work here before unregistering from ieee80211,
5510          * as the ieee80211 unreg will destroy the workqueue. */
5511         cancel_work_sync(&wldev->restart_work);
5512         cancel_work_sync(&wl->firmware_load);
5513
5514         B43_WARN_ON(!wl);
5515         if (!wldev->fw.ucode.data)
5516                 return;                 /* NULL if firmware never loaded */
5517         if (wl->current_dev == wldev && wl->hw_registred) {
5518                 b43_leds_stop(wldev);
5519                 ieee80211_unregister_hw(wl->hw);
5520         }
5521
5522         b43_one_core_detach(dev);
5523
5524         /* Unregister HW RNG driver */
5525         b43_rng_exit(wl);
5526
5527         if (list_empty(&wl->devlist)) {
5528                 b43_leds_unregister(wl);
5529                 /* Last core on the chip unregistered.
5530                  * We can destroy common struct b43_wl.
5531                  */
5532                 b43_wireless_exit(dev, wl);
5533         }
5534 }
5535
5536 static struct ssb_driver b43_ssb_driver = {
5537         .name           = KBUILD_MODNAME,
5538         .id_table       = b43_ssb_tbl,
5539         .probe          = b43_ssb_probe,
5540         .remove         = b43_ssb_remove,
5541 };
5542 #endif /* CONFIG_B43_SSB */
5543
5544 /* Perform a hardware reset. This can be called from any context. */
5545 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5546 {
5547         /* Must avoid requeueing, if we are in shutdown. */
5548         if (b43_status(dev) < B43_STAT_INITIALIZED)
5549                 return;
5550         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5551         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5552 }
5553
5554 static void b43_print_driverinfo(void)
5555 {
5556         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5557                    *feat_leds = "", *feat_sdio = "";
5558
5559 #ifdef CONFIG_B43_PCI_AUTOSELECT
5560         feat_pci = "P";
5561 #endif
5562 #ifdef CONFIG_B43_PCMCIA
5563         feat_pcmcia = "M";
5564 #endif
5565 #ifdef CONFIG_B43_PHY_N
5566         feat_nphy = "N";
5567 #endif
5568 #ifdef CONFIG_B43_LEDS
5569         feat_leds = "L";
5570 #endif
5571 #ifdef CONFIG_B43_SDIO
5572         feat_sdio = "S";
5573 #endif
5574         printk(KERN_INFO "Broadcom 43xx driver loaded "
5575                "[ Features: %s%s%s%s%s ]\n",
5576                feat_pci, feat_pcmcia, feat_nphy,
5577                feat_leds, feat_sdio);
5578 }
5579
5580 static int __init b43_init(void)
5581 {
5582         int err;
5583
5584         b43_debugfs_init();
5585         err = b43_pcmcia_init();
5586         if (err)
5587                 goto err_dfs_exit;
5588         err = b43_sdio_init();
5589         if (err)
5590                 goto err_pcmcia_exit;
5591 #ifdef CONFIG_B43_BCMA
5592         err = bcma_driver_register(&b43_bcma_driver);
5593         if (err)
5594                 goto err_sdio_exit;
5595 #endif
5596 #ifdef CONFIG_B43_SSB
5597         err = ssb_driver_register(&b43_ssb_driver);
5598         if (err)
5599                 goto err_bcma_driver_exit;
5600 #endif
5601         b43_print_driverinfo();
5602
5603         return err;
5604
5605 #ifdef CONFIG_B43_SSB
5606 err_bcma_driver_exit:
5607 #endif
5608 #ifdef CONFIG_B43_BCMA
5609         bcma_driver_unregister(&b43_bcma_driver);
5610 err_sdio_exit:
5611 #endif
5612         b43_sdio_exit();
5613 err_pcmcia_exit:
5614         b43_pcmcia_exit();
5615 err_dfs_exit:
5616         b43_debugfs_exit();
5617         return err;
5618 }
5619
5620 static void __exit b43_exit(void)
5621 {
5622 #ifdef CONFIG_B43_SSB
5623         ssb_driver_unregister(&b43_ssb_driver);
5624 #endif
5625 #ifdef CONFIG_B43_BCMA
5626         bcma_driver_unregister(&b43_bcma_driver);
5627 #endif
5628         b43_sdio_exit();
5629         b43_pcmcia_exit();
5630         b43_debugfs_exit();
5631 }
5632
5633 module_init(b43_init)
5634 module_exit(b43_exit)
Unnamed repository; edit this file 'description' to name the repository.