]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - drivers/net/wireless/b43/main.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
iwlwifi: Fix uCode error on association
[mirror_ubuntu-zesty-kernel.git] / drivers / net / wireless / b43 / main.c
CommitLineData
e4d6b795
MB		 1/*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
1f21ad2a 6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
e4d6b795
MB		 7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
13
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
18
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
23
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
28
29*/
30
31#include <linux/delay.h>
32#include <linux/init.h>
33#include <linux/moduleparam.h>
34#include <linux/if_arp.h>
35#include <linux/etherdevice.h>
36#include <linux/version.h>
37#include <linux/firmware.h>
38#include <linux/wireless.h>
39#include <linux/workqueue.h>
40#include <linux/skbuff.h>
41#include <linux/dma-mapping.h>
42#include <asm/unaligned.h>
43
44#include "b43.h"
45#include "main.h"
46#include "debugfs.h"
47#include "phy.h"
48#include "dma.h"
e4d6b795
MB		 49#include "sysfs.h"
50#include "xmit.h"
e4d6b795
MB		 51#include "lo.h"
52#include "pcmcia.h"
53
54MODULE_DESCRIPTION("Broadcom B43 wireless driver");
55MODULE_AUTHOR("Martin Langer");
56MODULE_AUTHOR("Stefano Brivio");
57MODULE_AUTHOR("Michael Buesch");
58MODULE_LICENSE("GPL");
59
e4d6b795
MB		 60
61static int modparam_bad_frames_preempt;
62module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
63MODULE_PARM_DESC(bad_frames_preempt,
64 "enable(1) / disable(0) Bad Frames Preemption");
65
e4d6b795
MB		 66static char modparam_fwpostfix[16];
67module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
68MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
69
e4d6b795
MB		 70static int modparam_hwpctl;
71module_param_named(hwpctl, modparam_hwpctl, int, 0444);
72MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
73
74static int modparam_nohwcrypt;
75module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
76MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
77
78static const struct ssb_device_id b43_ssb_tbl[] = {
79 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
80 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
81 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
82 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
83 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
d5c71e46 84 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
013978b6 85 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
e4d6b795
MB		 86 SSB_DEVTABLE_END
87};
88
89MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
90
91/* Channel and ratetables are shared for all devices.
92 * They can't be const, because ieee80211 puts some precalculated
93 * data in there. This data is the same for all devices, so we don't
94 * get concurrency issues */
95#define RATETAB_ENT(_rateid, _flags) \
96 { \
97 .rate = B43_RATE_TO_BASE100KBPS(_rateid), \
98 .val = (_rateid), \
99 .val2 = (_rateid), \
100 .flags = (_flags), \
101 }
102static struct ieee80211_rate __b43_ratetable[] = {
103 RATETAB_ENT(B43_CCK_RATE_1MB, IEEE80211_RATE_CCK),
104 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_CCK_2),
105 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_CCK_2),
106 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_CCK_2),
107 RATETAB_ENT(B43_OFDM_RATE_6MB, IEEE80211_RATE_OFDM),
108 RATETAB_ENT(B43_OFDM_RATE_9MB, IEEE80211_RATE_OFDM),
109 RATETAB_ENT(B43_OFDM_RATE_12MB, IEEE80211_RATE_OFDM),
110 RATETAB_ENT(B43_OFDM_RATE_18MB, IEEE80211_RATE_OFDM),
111 RATETAB_ENT(B43_OFDM_RATE_24MB, IEEE80211_RATE_OFDM),
112 RATETAB_ENT(B43_OFDM_RATE_36MB, IEEE80211_RATE_OFDM),
113 RATETAB_ENT(B43_OFDM_RATE_48MB, IEEE80211_RATE_OFDM),
114 RATETAB_ENT(B43_OFDM_RATE_54MB, IEEE80211_RATE_OFDM),
115};
116
117#define b43_a_ratetable (__b43_ratetable + 4)
118#define b43_a_ratetable_size 8
119#define b43_b_ratetable (__b43_ratetable + 0)
120#define b43_b_ratetable_size 4
121#define b43_g_ratetable (__b43_ratetable + 0)
122#define b43_g_ratetable_size 12
123
124#define CHANTAB_ENT(_chanid, _freq) \
125 { \
126 .chan = (_chanid), \
127 .freq = (_freq), \
128 .val = (_chanid), \
129 .flag = IEEE80211_CHAN_W_SCAN | \
130 IEEE80211_CHAN_W_ACTIVE_SCAN | \
131 IEEE80211_CHAN_W_IBSS, \
132 .power_level = 0xFF, \
133 .antenna_max = 0xFF, \
134 }
96c755a3 135static struct ieee80211_channel b43_2ghz_chantable[] = {
e4d6b795
MB		 136 CHANTAB_ENT(1, 2412),
137 CHANTAB_ENT(2, 2417),
138 CHANTAB_ENT(3, 2422),
139 CHANTAB_ENT(4, 2427),
140 CHANTAB_ENT(5, 2432),
141 CHANTAB_ENT(6, 2437),
142 CHANTAB_ENT(7, 2442),
143 CHANTAB_ENT(8, 2447),
144 CHANTAB_ENT(9, 2452),
145 CHANTAB_ENT(10, 2457),
146 CHANTAB_ENT(11, 2462),
147 CHANTAB_ENT(12, 2467),
148 CHANTAB_ENT(13, 2472),
149 CHANTAB_ENT(14, 2484),
150};
96c755a3 151#define b43_2ghz_chantable_size ARRAY_SIZE(b43_2ghz_chantable)
e4d6b795 152
96c755a3
MB		 153#if 0
154static struct ieee80211_channel b43_5ghz_chantable[] = {
e4d6b795
MB		 155 CHANTAB_ENT(36, 5180),
156 CHANTAB_ENT(40, 5200),
157 CHANTAB_ENT(44, 5220),
158 CHANTAB_ENT(48, 5240),
159 CHANTAB_ENT(52, 5260),
160 CHANTAB_ENT(56, 5280),
161 CHANTAB_ENT(60, 5300),
162 CHANTAB_ENT(64, 5320),
163 CHANTAB_ENT(149, 5745),
164 CHANTAB_ENT(153, 5765),
165 CHANTAB_ENT(157, 5785),
166 CHANTAB_ENT(161, 5805),
167 CHANTAB_ENT(165, 5825),
168};
96c755a3
MB		 169#define b43_5ghz_chantable_size ARRAY_SIZE(b43_5ghz_chantable)
170#endif
e4d6b795
MB		 171
172static void b43_wireless_core_exit(struct b43_wldev *dev);
173static int b43_wireless_core_init(struct b43_wldev *dev);
174static void b43_wireless_core_stop(struct b43_wldev *dev);
175static int b43_wireless_core_start(struct b43_wldev *dev);
176
177static int b43_ratelimit(struct b43_wl *wl)
178{
179 if (!wl || !wl->current_dev)
180 return 1;
181 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
182 return 1;
183 /* We are up and running.
184 * Ratelimit the messages to avoid DoS over the net. */
185 return net_ratelimit();
186}
187
188void b43info(struct b43_wl *wl, const char *fmt, ...)
189{
190 va_list args;
191
192 if (!b43_ratelimit(wl))
193 return;
194 va_start(args, fmt);
195 printk(KERN_INFO "b43-%s: ",
196 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
197 vprintk(fmt, args);
198 va_end(args);
199}
200
201void b43err(struct b43_wl *wl, const char *fmt, ...)
202{
203 va_list args;
204
205 if (!b43_ratelimit(wl))
206 return;
207 va_start(args, fmt);
208 printk(KERN_ERR "b43-%s ERROR: ",
209 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
210 vprintk(fmt, args);
211 va_end(args);
212}
213
214void b43warn(struct b43_wl *wl, const char *fmt, ...)
215{
216 va_list args;
217
218 if (!b43_ratelimit(wl))
219 return;
220 va_start(args, fmt);
221 printk(KERN_WARNING "b43-%s warning: ",
222 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
223 vprintk(fmt, args);
224 va_end(args);
225}
226
227#if B43_DEBUG
228void b43dbg(struct b43_wl *wl, const char *fmt, ...)
229{
230 va_list args;
231
232 va_start(args, fmt);
233 printk(KERN_DEBUG "b43-%s debug: ",
234 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
235 vprintk(fmt, args);
236 va_end(args);
237}
238#endif /* DEBUG */
239
240static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
241{
242 u32 macctl;
243
244 B43_WARN_ON(offset % 4 != 0);
245
246 macctl = b43_read32(dev, B43_MMIO_MACCTL);
247 if (macctl & B43_MACCTL_BE)
248 val = swab32(val);
249
250 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
251 mmiowb();
252 b43_write32(dev, B43_MMIO_RAM_DATA, val);
253}
254
280d0e16
MB		 255static inline void b43_shm_control_word(struct b43_wldev *dev,
256 u16 routing, u16 offset)
e4d6b795
MB		 257{
258 u32 control;
259
260 /* "offset" is the WORD offset. */
e4d6b795
MB		 261 control = routing;
262 control <<= 16;
263 control |= offset;
264 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
265}
266
267u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
268{
280d0e16
MB		 269 struct b43_wl *wl = dev->wl;
270 unsigned long flags;
e4d6b795
MB		 271 u32 ret;
272
280d0e16 273 spin_lock_irqsave(&wl->shm_lock, flags);
e4d6b795
MB		 274 if (routing == B43_SHM_SHARED) {
275 B43_WARN_ON(offset & 0x0001);
276 if (offset & 0x0003) {
277 /* Unaligned access */
278 b43_shm_control_word(dev, routing, offset >> 2);
279 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
280 ret <<= 16;
281 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
282 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
283
280d0e16 284 goto out;
e4d6b795
MB		 285 }
286 offset >>= 2;
287 }
288 b43_shm_control_word(dev, routing, offset);
289 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
280d0e16
MB		 290out:
291 spin_unlock_irqrestore(&wl->shm_lock, flags);
e4d6b795
MB		 292
293 return ret;
294}
295
296u16 b43_shm_read16(struct b43_wldev * dev, u16 routing, u16 offset)
297{
280d0e16
MB		 298 struct b43_wl *wl = dev->wl;
299 unsigned long flags;
e4d6b795
MB		 300 u16 ret;
301
280d0e16 302 spin_lock_irqsave(&wl->shm_lock, flags);
e4d6b795
MB		 303 if (routing == B43_SHM_SHARED) {
304 B43_WARN_ON(offset & 0x0001);
305 if (offset & 0x0003) {
306 /* Unaligned access */
307 b43_shm_control_word(dev, routing, offset >> 2);
308 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
309
280d0e16 310 goto out;
e4d6b795
MB		 311 }
312 offset >>= 2;
313 }
314 b43_shm_control_word(dev, routing, offset);
315 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
280d0e16
MB		 316out:
317 spin_unlock_irqrestore(&wl->shm_lock, flags);
e4d6b795
MB		 318
319 return ret;
320}
321
322void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
323{
280d0e16
MB		 324 struct b43_wl *wl = dev->wl;
325 unsigned long flags;
326
327 spin_lock_irqsave(&wl->shm_lock, flags);
e4d6b795
MB		 328 if (routing == B43_SHM_SHARED) {
329 B43_WARN_ON(offset & 0x0001);
330 if (offset & 0x0003) {
331 /* Unaligned access */
332 b43_shm_control_word(dev, routing, offset >> 2);
e4d6b795
MB		 333 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
334 (value >> 16) & 0xffff);
e4d6b795 335 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
e4d6b795 336 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
280d0e16 337 goto out;
e4d6b795
MB		 338 }
339 offset >>= 2;
340 }
341 b43_shm_control_word(dev, routing, offset);
e4d6b795 342 b43_write32(dev, B43_MMIO_SHM_DATA, value);
280d0e16
MB		 343out:
344 spin_unlock_irqrestore(&wl->shm_lock, flags);
e4d6b795
MB		 345}
346
347void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
348{
280d0e16
MB		 349 struct b43_wl *wl = dev->wl;
350 unsigned long flags;
351
352 spin_lock_irqsave(&wl->shm_lock, flags);
e4d6b795
MB		 353 if (routing == B43_SHM_SHARED) {
354 B43_WARN_ON(offset & 0x0001);
355 if (offset & 0x0003) {
356 /* Unaligned access */
357 b43_shm_control_word(dev, routing, offset >> 2);
e4d6b795 358 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
280d0e16 359 goto out;
e4d6b795
MB		 360 }
361 offset >>= 2;
362 }
363 b43_shm_control_word(dev, routing, offset);
e4d6b795 364 b43_write16(dev, B43_MMIO_SHM_DATA, value);
280d0e16
MB		 365out:
366 spin_unlock_irqrestore(&wl->shm_lock, flags);
e4d6b795
MB		 367}
368
369/* Read HostFlags */
370u32 b43_hf_read(struct b43_wldev * dev)
371{
372 u32 ret;
373
374 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
375 ret <<= 16;
376 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
377
378 return ret;
379}
380
381/* Write HostFlags */
382void b43_hf_write(struct b43_wldev *dev, u32 value)
383{
384 b43_shm_write16(dev, B43_SHM_SHARED,
385 B43_SHM_SH_HOSTFLO, (value & 0x0000FFFF));
386 b43_shm_write16(dev, B43_SHM_SHARED,
387 B43_SHM_SH_HOSTFHI, ((value & 0xFFFF0000) >> 16));
388}
389
390void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
391{
392 /* We need to be careful. As we read the TSF from multiple
393 * registers, we should take care of register overflows.
394 * In theory, the whole tsf read process should be atomic.
395 * We try to be atomic here, by restaring the read process,
396 * if any of the high registers changed (overflew).
397 */
398 if (dev->dev->id.revision >= 3) {
399 u32 low, high, high2;
400
401 do {
402 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
403 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
404 high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
405 } while (unlikely(high != high2));
406
407 *tsf = high;
408 *tsf <<= 32;
409 *tsf |= low;
410 } else {
411 u64 tmp;
412 u16 v0, v1, v2, v3;
413 u16 test1, test2, test3;
414
415 do {
416 v3 = b43_read16(dev, B43_MMIO_TSF_3);
417 v2 = b43_read16(dev, B43_MMIO_TSF_2);
418 v1 = b43_read16(dev, B43_MMIO_TSF_1);
419 v0 = b43_read16(dev, B43_MMIO_TSF_0);
420
421 test3 = b43_read16(dev, B43_MMIO_TSF_3);
422 test2 = b43_read16(dev, B43_MMIO_TSF_2);
423 test1 = b43_read16(dev, B43_MMIO_TSF_1);
424 } while (v3 != test3 || v2 != test2 || v1 != test1);
425
426 *tsf = v3;
427 *tsf <<= 48;
428 tmp = v2;
429 tmp <<= 32;
430 *tsf |= tmp;
431 tmp = v1;
432 tmp <<= 16;
433 *tsf |= tmp;
434 *tsf |= v0;
435 }
436}
437
438static void b43_time_lock(struct b43_wldev *dev)
439{
440 u32 macctl;
441
442 macctl = b43_read32(dev, B43_MMIO_MACCTL);
443 macctl |= B43_MACCTL_TBTTHOLD;
444 b43_write32(dev, B43_MMIO_MACCTL, macctl);
445 /* Commit the write */
446 b43_read32(dev, B43_MMIO_MACCTL);
447}
448
449static void b43_time_unlock(struct b43_wldev *dev)
450{
451 u32 macctl;
452
453 macctl = b43_read32(dev, B43_MMIO_MACCTL);
454 macctl &= ~B43_MACCTL_TBTTHOLD;
455 b43_write32(dev, B43_MMIO_MACCTL, macctl);
456 /* Commit the write */
457 b43_read32(dev, B43_MMIO_MACCTL);
458}
459
460static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
461{
462 /* Be careful with the in-progress timer.
463 * First zero out the low register, so we have a full
464 * register-overflow duration to complete the operation.
465 */
466 if (dev->dev->id.revision >= 3) {
467 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
468 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
469
470 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
471 mmiowb();
472 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
473 mmiowb();
474 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
475 } else {
476 u16 v0 = (tsf & 0x000000000000FFFFULL);
477 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
478 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
479 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
480
481 b43_write16(dev, B43_MMIO_TSF_0, 0);
482 mmiowb();
483 b43_write16(dev, B43_MMIO_TSF_3, v3);
484 mmiowb();
485 b43_write16(dev, B43_MMIO_TSF_2, v2);
486 mmiowb();
487 b43_write16(dev, B43_MMIO_TSF_1, v1);
488 mmiowb();
489 b43_write16(dev, B43_MMIO_TSF_0, v0);
490 }
491}
492
493void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
494{
495 b43_time_lock(dev);
496 b43_tsf_write_locked(dev, tsf);
497 b43_time_unlock(dev);
498}
499
500static
501void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
502{
503 static const u8 zero_addr[ETH_ALEN] = { 0 };
504 u16 data;
505
506 if (!mac)
507 mac = zero_addr;
508
509 offset |= 0x0020;
510 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
511
512 data = mac[0];
513 data |= mac[1] << 8;
514 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
515 data = mac[2];
516 data |= mac[3] << 8;
517 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
518 data = mac[4];
519 data |= mac[5] << 8;
520 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
521}
522
523static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
524{
525 const u8 *mac;
526 const u8 *bssid;
527 u8 mac_bssid[ETH_ALEN * 2];
528 int i;
529 u32 tmp;
530
531 bssid = dev->wl->bssid;
532 mac = dev->wl->mac_addr;
533
534 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
535
536 memcpy(mac_bssid, mac, ETH_ALEN);
537 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
538
539 /* Write our MAC address and BSSID to template ram */
540 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
541 tmp = (u32) (mac_bssid[i + 0]);
542 tmp |= (u32) (mac_bssid[i + 1]) << 8;
543 tmp |= (u32) (mac_bssid[i + 2]) << 16;
544 tmp |= (u32) (mac_bssid[i + 3]) << 24;
545 b43_ram_write(dev, 0x20 + i, tmp);
546 }
547}
548
4150c572 549static void b43_upload_card_macaddress(struct b43_wldev *dev)
e4d6b795 550{
e4d6b795 551 b43_write_mac_bssid_templates(dev);
4150c572 552 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
e4d6b795
MB		 553}
554
555static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
556{
557 /* slot_time is in usec. */
558 if (dev->phy.type != B43_PHYTYPE_G)
559 return;
560 b43_write16(dev, 0x684, 510 + slot_time);
561 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
562}
563
564static void b43_short_slot_timing_enable(struct b43_wldev *dev)
565{
566 b43_set_slot_time(dev, 9);
567 dev->short_slot = 1;
568}
569
570static void b43_short_slot_timing_disable(struct b43_wldev *dev)
571{
572 b43_set_slot_time(dev, 20);
573 dev->short_slot = 0;
574}
575
576/* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
577 * Returns the _previously_ enabled IRQ mask.
578 */
579static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
580{
581 u32 old_mask;
582
583 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
584 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
585
586 return old_mask;
587}
588
589/* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
590 * Returns the _previously_ enabled IRQ mask.
591 */
592static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
593{
594 u32 old_mask;
595
596 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
597 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
598
599 return old_mask;
600}
601
602/* Synchronize IRQ top- and bottom-half.
603 * IRQs must be masked before calling this.
604 * This must not be called with the irq_lock held.
605 */
606static void b43_synchronize_irq(struct b43_wldev *dev)
607{
608 synchronize_irq(dev->dev->irq);
609 tasklet_kill(&dev->isr_tasklet);
610}
611
612/* DummyTransmission function, as documented on
613 * http://bcm-specs.sipsolutions.net/DummyTransmission
614 */
615void b43_dummy_transmission(struct b43_wldev *dev)
616{
617 struct b43_phy *phy = &dev->phy;
618 unsigned int i, max_loop;
619 u16 value;
620 u32 buffer[5] = {
621 0x00000000,
622 0x00D40000,
623 0x00000000,
624 0x01000000,
625 0x00000000,
626 };
627
628 switch (phy->type) {
629 case B43_PHYTYPE_A:
630 max_loop = 0x1E;
631 buffer[0] = 0x000201CC;
632 break;
633 case B43_PHYTYPE_B:
634 case B43_PHYTYPE_G:
635 max_loop = 0xFA;
636 buffer[0] = 0x000B846E;
637 break;
638 default:
639 B43_WARN_ON(1);
640 return;
641 }
642
643 for (i = 0; i < 5; i++)
644 b43_ram_write(dev, i * 4, buffer[i]);
645
646 /* Commit writes */
647 b43_read32(dev, B43_MMIO_MACCTL);
648
649 b43_write16(dev, 0x0568, 0x0000);
650 b43_write16(dev, 0x07C0, 0x0000);
651 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
652 b43_write16(dev, 0x050C, value);
653 b43_write16(dev, 0x0508, 0x0000);
654 b43_write16(dev, 0x050A, 0x0000);
655 b43_write16(dev, 0x054C, 0x0000);
656 b43_write16(dev, 0x056A, 0x0014);
657 b43_write16(dev, 0x0568, 0x0826);
658 b43_write16(dev, 0x0500, 0x0000);
659 b43_write16(dev, 0x0502, 0x0030);
660
661 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
662 b43_radio_write16(dev, 0x0051, 0x0017);
663 for (i = 0x00; i < max_loop; i++) {
664 value = b43_read16(dev, 0x050E);
665 if (value & 0x0080)
666 break;
667 udelay(10);
668 }
669 for (i = 0x00; i < 0x0A; i++) {
670 value = b43_read16(dev, 0x050E);
671 if (value & 0x0400)
672 break;
673 udelay(10);
674 }
675 for (i = 0x00; i < 0x0A; i++) {
676 value = b43_read16(dev, 0x0690);
677 if (!(value & 0x0100))
678 break;
679 udelay(10);
680 }
681 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
682 b43_radio_write16(dev, 0x0051, 0x0037);
683}
684
685static void key_write(struct b43_wldev *dev,
686 u8 index, u8 algorithm, const u8 * key)
687{
688 unsigned int i;
689 u32 offset;
690 u16 value;
691 u16 kidx;
692
693 /* Key index/algo block */
694 kidx = b43_kidx_to_fw(dev, index);
695 value = ((kidx << 4) | algorithm);
696 b43_shm_write16(dev, B43_SHM_SHARED,
697 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
698
699 /* Write the key to the Key Table Pointer offset */
700 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
701 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
702 value = key[i];
703 value |= (u16) (key[i + 1]) << 8;
704 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
705 }
706}
707
708static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
709{
710 u32 addrtmp[2] = { 0, 0, };
711 u8 per_sta_keys_start = 8;
712
713 if (b43_new_kidx_api(dev))
714 per_sta_keys_start = 4;
715
716 B43_WARN_ON(index < per_sta_keys_start);
717 /* We have two default TX keys and possibly two default RX keys.
718 * Physical mac 0 is mapped to physical key 4 or 8, depending
719 * on the firmware version.
720 * So we must adjust the index here.
721 */
722 index -= per_sta_keys_start;
723
724 if (addr) {
725 addrtmp[0] = addr[0];
726 addrtmp[0] |= ((u32) (addr[1]) << 8);
727 addrtmp[0] |= ((u32) (addr[2]) << 16);
728 addrtmp[0] |= ((u32) (addr[3]) << 24);
729 addrtmp[1] = addr[4];
730 addrtmp[1] |= ((u32) (addr[5]) << 8);
731 }
732
733 if (dev->dev->id.revision >= 5) {
734 /* Receive match transmitter address mechanism */
735 b43_shm_write32(dev, B43_SHM_RCMTA,
736 (index * 2) + 0, addrtmp[0]);
737 b43_shm_write16(dev, B43_SHM_RCMTA,
738 (index * 2) + 1, addrtmp[1]);
739 } else {
740 /* RXE (Receive Engine) and
741 * PSM (Programmable State Machine) mechanism
742 */
743 if (index < 8) {
744 /* TODO write to RCM 16, 19, 22 and 25 */
745 } else {
746 b43_shm_write32(dev, B43_SHM_SHARED,
747 B43_SHM_SH_PSM + (index * 6) + 0,
748 addrtmp[0]);
749 b43_shm_write16(dev, B43_SHM_SHARED,
750 B43_SHM_SH_PSM + (index * 6) + 4,
751 addrtmp[1]);
752 }
753 }
754}
755
756static void do_key_write(struct b43_wldev *dev,
757 u8 index, u8 algorithm,
758 const u8 * key, size_t key_len, const u8 * mac_addr)
759{
760 u8 buf[B43_SEC_KEYSIZE] = { 0, };
761 u8 per_sta_keys_start = 8;
762
763 if (b43_new_kidx_api(dev))
764 per_sta_keys_start = 4;
765
766 B43_WARN_ON(index >= dev->max_nr_keys);
767 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
768
769 if (index >= per_sta_keys_start)
770 keymac_write(dev, index, NULL); /* First zero out mac. */
771 if (key)
772 memcpy(buf, key, key_len);
773 key_write(dev, index, algorithm, buf);
774 if (index >= per_sta_keys_start)
775 keymac_write(dev, index, mac_addr);
776
777 dev->key[index].algorithm = algorithm;
778}
779
780static int b43_key_write(struct b43_wldev *dev,
781 int index, u8 algorithm,
782 const u8 * key, size_t key_len,
783 const u8 * mac_addr,
784 struct ieee80211_key_conf *keyconf)
785{
786 int i;
787 int sta_keys_start;
788
789 if (key_len > B43_SEC_KEYSIZE)
790 return -EINVAL;
791 for (i = 0; i < dev->max_nr_keys; i++) {
792 /* Check that we don't already have this key. */
793 B43_WARN_ON(dev->key[i].keyconf == keyconf);
794 }
795 if (index < 0) {
796 /* Either pairwise key or address is 00:00:00:00:00:00
797 * for transmit-only keys. Search the index. */
798 if (b43_new_kidx_api(dev))
799 sta_keys_start = 4;
800 else
801 sta_keys_start = 8;
802 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
803 if (!dev->key[i].keyconf) {
804 /* found empty */
805 index = i;
806 break;
807 }
808 }
809 if (index < 0) {
810 b43err(dev->wl, "Out of hardware key memory\n");
811 return -ENOSPC;
812 }
813 } else
814 B43_WARN_ON(index > 3);
815
816 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
817 if ((index <= 3) && !b43_new_kidx_api(dev)) {
818 /* Default RX key */
819 B43_WARN_ON(mac_addr);
820 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
821 }
822 keyconf->hw_key_idx = index;
823 dev->key[index].keyconf = keyconf;
824
825 return 0;
826}
827
828static int b43_key_clear(struct b43_wldev *dev, int index)
829{
830 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
831 return -EINVAL;
832 do_key_write(dev, index, B43_SEC_ALGO_NONE,
833 NULL, B43_SEC_KEYSIZE, NULL);
834 if ((index <= 3) && !b43_new_kidx_api(dev)) {
835 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
836 NULL, B43_SEC_KEYSIZE, NULL);
837 }
838 dev->key[index].keyconf = NULL;
839
840 return 0;
841}
842
843static void b43_clear_keys(struct b43_wldev *dev)
844{
845 int i;
846
847 for (i = 0; i < dev->max_nr_keys; i++)
848 b43_key_clear(dev, i);
849}
850
851void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
852{
853 u32 macctl;
854 u16 ucstat;
855 bool hwps;
856 bool awake;
857 int i;
858
859 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
860 (ps_flags & B43_PS_DISABLED));
861 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
862
863 if (ps_flags & B43_PS_ENABLED) {
864 hwps = 1;
865 } else if (ps_flags & B43_PS_DISABLED) {
866 hwps = 0;
867 } else {
868 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
869 // and thus is not an AP and we are associated, set bit 25
870 }
871 if (ps_flags & B43_PS_AWAKE) {
872 awake = 1;
873 } else if (ps_flags & B43_PS_ASLEEP) {
874 awake = 0;
875 } else {
876 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
877 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
878 // successful, set bit26
879 }
880
881/* FIXME: For now we force awake-on and hwps-off */
882 hwps = 0;
883 awake = 1;
884
885 macctl = b43_read32(dev, B43_MMIO_MACCTL);
886 if (hwps)
887 macctl |= B43_MACCTL_HWPS;
888 else
889 macctl &= ~B43_MACCTL_HWPS;
890 if (awake)
891 macctl |= B43_MACCTL_AWAKE;
892 else
893 macctl &= ~B43_MACCTL_AWAKE;
894 b43_write32(dev, B43_MMIO_MACCTL, macctl);
895 /* Commit write */
896 b43_read32(dev, B43_MMIO_MACCTL);
897 if (awake && dev->dev->id.revision >= 5) {
898 /* Wait for the microcode to wake up. */
899 for (i = 0; i < 100; i++) {
900 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
901 B43_SHM_SH_UCODESTAT);
902 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
903 break;
904 udelay(10);
905 }
906 }
907}
908
909/* Turn the Analog ON/OFF */
910static void b43_switch_analog(struct b43_wldev *dev, int on)
911{
912 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
913}
914
915void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
916{
917 u32 tmslow;
918 u32 macctl;
919
920 flags |= B43_TMSLOW_PHYCLKEN;
921 flags |= B43_TMSLOW_PHYRESET;
922 ssb_device_enable(dev->dev, flags);
923 msleep(2); /* Wait for the PLL to turn on. */
924
925 /* Now take the PHY out of Reset again */
926 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
927 tmslow |= SSB_TMSLOW_FGC;
928 tmslow &= ~B43_TMSLOW_PHYRESET;
929 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
930 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
931 msleep(1);
932 tmslow &= ~SSB_TMSLOW_FGC;
933 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
934 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
935 msleep(1);
936
937 /* Turn Analog ON */
938 b43_switch_analog(dev, 1);
939
940 macctl = b43_read32(dev, B43_MMIO_MACCTL);
941 macctl &= ~B43_MACCTL_GMODE;
942 if (flags & B43_TMSLOW_GMODE)
943 macctl |= B43_MACCTL_GMODE;
944 macctl |= B43_MACCTL_IHR_ENABLED;
945 b43_write32(dev, B43_MMIO_MACCTL, macctl);
946}
947
948static void handle_irq_transmit_status(struct b43_wldev *dev)
949{
950 u32 v0, v1;
951 u16 tmp;
952 struct b43_txstatus stat;
953
954 while (1) {
955 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
956 if (!(v0 & 0x00000001))
957 break;
958 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
959
960 stat.cookie = (v0 >> 16);
961 stat.seq = (v1 & 0x0000FFFF);
962 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
963 tmp = (v0 & 0x0000FFFF);
964 stat.frame_count = ((tmp & 0xF000) >> 12);
965 stat.rts_count = ((tmp & 0x0F00) >> 8);
966 stat.supp_reason = ((tmp & 0x001C) >> 2);
967 stat.pm_indicated = !!(tmp & 0x0080);
968 stat.intermediate = !!(tmp & 0x0040);
969 stat.for_ampdu = !!(tmp & 0x0020);
970 stat.acked = !!(tmp & 0x0002);
971
972 b43_handle_txstatus(dev, &stat);
973 }
974}
975
976static void drain_txstatus_queue(struct b43_wldev *dev)
977{
978 u32 dummy;
979
980 if (dev->dev->id.revision < 5)
981 return;
982 /* Read all entries from the microcode TXstatus FIFO
983 * and throw them away.
984 */
985 while (1) {
986 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
987 if (!(dummy & 0x00000001))
988 break;
989 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
990 }
991}
992
993static u32 b43_jssi_read(struct b43_wldev *dev)
994{
995 u32 val = 0;
996
997 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
998 val <<= 16;
999 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1000
1001 return val;
1002}
1003
1004static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1005{
1006 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1007 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1008}
1009
1010static void b43_generate_noise_sample(struct b43_wldev *dev)
1011{
1012 b43_jssi_write(dev, 0x7F7F7F7F);
aa6c7ae2
MB		 1013 b43_write32(dev, B43_MMIO_MACCMD,
1014 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
e4d6b795
MB		 1015 B43_WARN_ON(dev->noisecalc.channel_at_start != dev->phy.channel);
1016}
1017
1018static void b43_calculate_link_quality(struct b43_wldev *dev)
1019{
1020 /* Top half of Link Quality calculation. */
1021
1022 if (dev->noisecalc.calculation_running)
1023 return;
1024 dev->noisecalc.channel_at_start = dev->phy.channel;
1025 dev->noisecalc.calculation_running = 1;
1026 dev->noisecalc.nr_samples = 0;
1027
1028 b43_generate_noise_sample(dev);
1029}
1030
1031static void handle_irq_noise(struct b43_wldev *dev)
1032{
1033 struct b43_phy *phy = &dev->phy;
1034 u16 tmp;
1035 u8 noise[4];
1036 u8 i, j;
1037 s32 average;
1038
1039 /* Bottom half of Link Quality calculation. */
1040
1041 B43_WARN_ON(!dev->noisecalc.calculation_running);
1042 if (dev->noisecalc.channel_at_start != phy->channel)
1043 goto drop_calculation;
1a09404a 1044 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
e4d6b795
MB		 1045 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1046 noise[2] == 0x7F || noise[3] == 0x7F)
1047 goto generate_new;
1048
1049 /* Get the noise samples. */
1050 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1051 i = dev->noisecalc.nr_samples;
1052 noise[0] = limit_value(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1053 noise[1] = limit_value(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1054 noise[2] = limit_value(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1055 noise[3] = limit_value(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1056 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1057 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1058 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1059 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1060 dev->noisecalc.nr_samples++;
1061 if (dev->noisecalc.nr_samples == 8) {
1062 /* Calculate the Link Quality by the noise samples. */
1063 average = 0;
1064 for (i = 0; i < 8; i++) {
1065 for (j = 0; j < 4; j++)
1066 average += dev->noisecalc.samples[i][j];
1067 }
1068 average /= (8 * 4);
1069 average *= 125;
1070 average += 64;
1071 average /= 128;
1072 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1073 tmp = (tmp / 128) & 0x1F;
1074 if (tmp >= 8)
1075 average += 2;
1076 else
1077 average -= 25;
1078 if (tmp == 8)
1079 average -= 72;
1080 else
1081 average -= 48;
1082
1083 dev->stats.link_noise = average;
1084 drop_calculation:
1085 dev->noisecalc.calculation_running = 0;
1086 return;
1087 }
1088 generate_new:
1089 b43_generate_noise_sample(dev);
1090}
1091
1092static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1093{
1094 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1095 ///TODO: PS TBTT
1096 } else {
1097 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1098 b43_power_saving_ctl_bits(dev, 0);
1099 }
e4d6b795 1100 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
aa6c7ae2 1101 dev->dfq_valid = 1;
e4d6b795
MB		 1102}
1103
1104static void handle_irq_atim_end(struct b43_wldev *dev)
1105{
aa6c7ae2
MB		 1106 if (dev->dfq_valid) {
1107 b43_write32(dev, B43_MMIO_MACCMD,
1108 b43_read32(dev, B43_MMIO_MACCMD)
1109 | B43_MACCMD_DFQ_VALID);
1110 dev->dfq_valid = 0;
1111 }
e4d6b795
MB		 1112}
1113
1114static void handle_irq_pmq(struct b43_wldev *dev)
1115{
1116 u32 tmp;
1117
1118 //TODO: AP mode.
1119
1120 while (1) {
1121 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1122 if (!(tmp & 0x00000008))
1123 break;
1124 }
1125 /* 16bit write is odd, but correct. */
1126 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1127}
1128
1129static void b43_write_template_common(struct b43_wldev *dev,
1130 const u8 * data, u16 size,
1131 u16 ram_offset,
1132 u16 shm_size_offset, u8 rate)
1133{
1134 u32 i, tmp;
1135 struct b43_plcp_hdr4 plcp;
1136
1137 plcp.data = 0;
1138 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1139 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1140 ram_offset += sizeof(u32);
1141 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1142 * So leave the first two bytes of the next write blank.
1143 */
1144 tmp = (u32) (data[0]) << 16;
1145 tmp |= (u32) (data[1]) << 24;
1146 b43_ram_write(dev, ram_offset, tmp);
1147 ram_offset += sizeof(u32);
1148 for (i = 2; i < size; i += sizeof(u32)) {
1149 tmp = (u32) (data[i + 0]);
1150 if (i + 1 < size)
1151 tmp |= (u32) (data[i + 1]) << 8;
1152 if (i + 2 < size)
1153 tmp |= (u32) (data[i + 2]) << 16;
1154 if (i + 3 < size)
1155 tmp |= (u32) (data[i + 3]) << 24;
1156 b43_ram_write(dev, ram_offset + i - 2, tmp);
1157 }
1158 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1159 size + sizeof(struct b43_plcp_hdr6));
1160}
1161
1162static void b43_write_beacon_template(struct b43_wldev *dev,
1163 u16 ram_offset,
1164 u16 shm_size_offset, u8 rate)
1165{
47f76ca3 1166 unsigned int i, len, variable_len;
e66fee6a
MB		 1167 const struct ieee80211_mgmt *bcn;
1168 const u8 *ie;
1169 bool tim_found = 0;
e4d6b795 1170
e66fee6a
MB		 1171 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1172 len = min((size_t) dev->wl->current_beacon->len,
e4d6b795 1173 0x200 - sizeof(struct b43_plcp_hdr6));
e66fee6a
MB		 1174
1175 b43_write_template_common(dev, (const u8 *)bcn,
e4d6b795 1176 len, ram_offset, shm_size_offset, rate);
e66fee6a
MB		 1177
1178 /* Find the position of the TIM and the DTIM_period value
1179 * and write them to SHM. */
1180 ie = bcn->u.beacon.variable;
47f76ca3
MB		 1181 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1182 for (i = 0; i < variable_len - 2; ) {
e66fee6a
MB		 1183 uint8_t ie_id, ie_len;
1184
1185 ie_id = ie[i];
1186 ie_len = ie[i + 1];
1187 if (ie_id == 5) {
1188 u16 tim_position;
1189 u16 dtim_period;
1190 /* This is the TIM Information Element */
1191
1192 /* Check whether the ie_len is in the beacon data range. */
47f76ca3 1193 if (variable_len < ie_len + 2 + i)
e66fee6a
MB		 1194 break;
1195 /* A valid TIM is at least 4 bytes long. */
1196 if (ie_len < 4)
1197 break;
1198 tim_found = 1;
1199
1200 tim_position = sizeof(struct b43_plcp_hdr6);
1201 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1202 tim_position += i;
1203
1204 dtim_period = ie[i + 3];
1205
1206 b43_shm_write16(dev, B43_SHM_SHARED,
1207 B43_SHM_SH_TIMBPOS, tim_position);
1208 b43_shm_write16(dev, B43_SHM_SHARED,
1209 B43_SHM_SH_DTIMPER, dtim_period);
1210 break;
1211 }
1212 i += ie_len + 2;
1213 }
1214 if (!tim_found) {
1215 b43warn(dev->wl, "Did not find a valid TIM IE in "
1216 "the beacon template packet. AP or IBSS operation "
1217 "may be broken.\n");
1218 }
e4d6b795
MB		 1219}
1220
1221static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1222 u16 shm_offset, u16 size, u8 rate)
1223{
1224 struct b43_plcp_hdr4 plcp;
1225 u32 tmp;
1226 __le16 dur;
1227
1228 plcp.data = 0;
1229 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1230 dur = ieee80211_generic_frame_duration(dev->wl->hw,
32bfd35d 1231 dev->wl->vif, size,
e4d6b795
MB		 1232 B43_RATE_TO_BASE100KBPS(rate));
1233 /* Write PLCP in two parts and timing for packet transfer */
1234 tmp = le32_to_cpu(plcp.data);
1235 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1236 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1237 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1238}
1239
1240/* Instead of using custom probe response template, this function
1241 * just patches custom beacon template by:
1242 * 1) Changing packet type
1243 * 2) Patching duration field
1244 * 3) Stripping TIM
1245 */
e66fee6a
MB		 1246static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1247 u16 *dest_size, u8 rate)
e4d6b795
MB		 1248{
1249 const u8 *src_data;
1250 u8 *dest_data;
1251 u16 src_size, elem_size, src_pos, dest_pos;
1252 __le16 dur;
1253 struct ieee80211_hdr *hdr;
e66fee6a
MB		 1254 size_t ie_start;
1255
1256 src_size = dev->wl->current_beacon->len;
1257 src_data = (const u8 *)dev->wl->current_beacon->data;
e4d6b795 1258
e66fee6a
MB		 1259 /* Get the start offset of the variable IEs in the packet. */
1260 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1261 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
e4d6b795 1262
e66fee6a 1263 if (B43_WARN_ON(src_size < ie_start))
e4d6b795 1264 return NULL;
e4d6b795
MB		 1265
1266 dest_data = kmalloc(src_size, GFP_ATOMIC);
1267 if (unlikely(!dest_data))
1268 return NULL;
1269
e66fee6a
MB		 1270 /* Copy the static data and all Information Elements, except the TIM. */
1271 memcpy(dest_data, src_data, ie_start);
1272 src_pos = ie_start;
1273 dest_pos = ie_start;
1274 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
e4d6b795 1275 elem_size = src_data[src_pos + 1] + 2;
e66fee6a
MB		 1276 if (src_data[src_pos] == 5) {
1277 /* This is the TIM. */
1278 continue;
e4d6b795 1279 }
e66fee6a
MB		 1280 memcpy(dest_data + dest_pos, src_data + src_pos,
1281 elem_size);
1282 dest_pos += elem_size;
e4d6b795
MB		 1283 }
1284 *dest_size = dest_pos;
1285 hdr = (struct ieee80211_hdr *)dest_data;
1286
1287 /* Set the frame control. */
1288 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1289 IEEE80211_STYPE_PROBE_RESP);
1290 dur = ieee80211_generic_frame_duration(dev->wl->hw,
32bfd35d 1291 dev->wl->vif, *dest_size,
e4d6b795
MB		 1292 B43_RATE_TO_BASE100KBPS(rate));
1293 hdr->duration_id = dur;
1294
1295 return dest_data;
1296}
1297
1298static void b43_write_probe_resp_template(struct b43_wldev *dev,
1299 u16 ram_offset,
1300 u16 shm_size_offset, u8 rate)
1301{
e66fee6a 1302 const u8 *probe_resp_data;
e4d6b795
MB		 1303 u16 size;
1304
e66fee6a 1305 size = dev->wl->current_beacon->len;
e4d6b795
MB		 1306 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1307 if (unlikely(!probe_resp_data))
1308 return;
1309
1310 /* Looks like PLCP headers plus packet timings are stored for
1311 * all possible basic rates
1312 */
1313 b43_write_probe_resp_plcp(dev, 0x31A, size, B43_CCK_RATE_1MB);
1314 b43_write_probe_resp_plcp(dev, 0x32C, size, B43_CCK_RATE_2MB);
1315 b43_write_probe_resp_plcp(dev, 0x33E, size, B43_CCK_RATE_5MB);
1316 b43_write_probe_resp_plcp(dev, 0x350, size, B43_CCK_RATE_11MB);
1317
1318 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1319 b43_write_template_common(dev, probe_resp_data,
1320 size, ram_offset, shm_size_offset, rate);
1321 kfree(probe_resp_data);
1322}
1323
d4df6f1a
MB		 1324/* Asynchronously update the packet templates in template RAM.
1325 * Locking: Requires wl->irq_lock to be locked. */
e66fee6a 1326static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon)
e4d6b795 1327{
e66fee6a
MB		 1328 /* This is the top half of the ansynchronous beacon update.
1329 * The bottom half is the beacon IRQ.
1330 * Beacon update must be asynchronous to avoid sending an
1331 * invalid beacon. This can happen for example, if the firmware
1332 * transmits a beacon while we are updating it. */
e4d6b795 1333
e66fee6a
MB		 1334 if (wl->current_beacon)
1335 dev_kfree_skb_any(wl->current_beacon);
1336 wl->current_beacon = beacon;
1337 wl->beacon0_uploaded = 0;
1338 wl->beacon1_uploaded = 0;
e4d6b795
MB		 1339}
1340
1341static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1342{
1343 u32 tmp;
1344 u16 i, len;
1345
1346 len = min((u16) ssid_len, (u16) 0x100);
1347 for (i = 0; i < len; i += sizeof(u32)) {
1348 tmp = (u32) (ssid[i + 0]);
1349 if (i + 1 < len)
1350 tmp |= (u32) (ssid[i + 1]) << 8;
1351 if (i + 2 < len)
1352 tmp |= (u32) (ssid[i + 2]) << 16;
1353 if (i + 3 < len)
1354 tmp |= (u32) (ssid[i + 3]) << 24;
1355 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1356 }
1357 b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1358}
1359
1360static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1361{
1362 b43_time_lock(dev);
1363 if (dev->dev->id.revision >= 3) {
1364 b43_write32(dev, 0x188, (beacon_int << 16));
1365 } else {
1366 b43_write16(dev, 0x606, (beacon_int >> 6));
1367 b43_write16(dev, 0x610, beacon_int);
1368 }
1369 b43_time_unlock(dev);
1370}
1371
1372static void handle_irq_beacon(struct b43_wldev *dev)
1373{
e66fee6a
MB		 1374 struct b43_wl *wl = dev->wl;
1375 u32 cmd;
e4d6b795 1376
e66fee6a 1377 if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
e4d6b795
MB		 1378 return;
1379
e66fee6a 1380 /* This is the bottom half of the asynchronous beacon update. */
e4d6b795 1381
e66fee6a
MB		 1382 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1383 if (!(cmd & B43_MACCMD_BEACON0_VALID)) {
1384 if (!wl->beacon0_uploaded) {
1385 b43_write_beacon_template(dev, 0x68, 0x18,
1386 B43_CCK_RATE_1MB);
1387 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1388 B43_CCK_RATE_11MB);
1389 wl->beacon0_uploaded = 1;
1390 }
1391 cmd |= B43_MACCMD_BEACON0_VALID;
e4d6b795 1392 }
e66fee6a
MB		 1393 if (!(cmd & B43_MACCMD_BEACON1_VALID)) {
1394 if (!wl->beacon1_uploaded) {
1395 b43_write_beacon_template(dev, 0x468, 0x1A,
1396 B43_CCK_RATE_1MB);
1397 wl->beacon1_uploaded = 1;
1398 }
1399 cmd |= B43_MACCMD_BEACON1_VALID;
e4d6b795 1400 }
e66fee6a 1401 b43_write32(dev, B43_MMIO_MACCMD, cmd);
e4d6b795
MB		 1402}
1403
1404static void handle_irq_ucode_debug(struct b43_wldev *dev)
1405{
1406 //TODO
1407}
1408
1409/* Interrupt handler bottom-half */
1410static void b43_interrupt_tasklet(struct b43_wldev *dev)
1411{
1412 u32 reason;
1413 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1414 u32 merged_dma_reason = 0;
21954c36 1415 int i;
e4d6b795
MB		 1416 unsigned long flags;
1417
1418 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1419
1420 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1421
1422 reason = dev->irq_reason;
1423 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1424 dma_reason[i] = dev->dma_reason[i];
1425 merged_dma_reason |= dma_reason[i];
1426 }
1427
1428 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1429 b43err(dev->wl, "MAC transmission error\n");
1430
00e0b8cb 1431 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
e4d6b795 1432 b43err(dev->wl, "PHY transmission error\n");
00e0b8cb
SB		 1433 rmb();
1434 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1435 atomic_set(&dev->phy.txerr_cnt,
1436 B43_PHY_TX_BADNESS_LIMIT);
1437 b43err(dev->wl, "Too many PHY TX errors, "
1438 "restarting the controller\n");
1439 b43_controller_restart(dev, "PHY TX errors");
1440 }
1441 }
e4d6b795
MB		 1442
1443 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1444 B43_DMAIRQ_NONFATALMASK))) {
1445 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1446 b43err(dev->wl, "Fatal DMA error: "
1447 "0x%08X, 0x%08X, 0x%08X, "
1448 "0x%08X, 0x%08X, 0x%08X\n",
1449 dma_reason[0], dma_reason[1],
1450 dma_reason[2], dma_reason[3],
1451 dma_reason[4], dma_reason[5]);
1452 b43_controller_restart(dev, "DMA error");
1453 mmiowb();
1454 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1455 return;
1456 }
1457 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1458 b43err(dev->wl, "DMA error: "
1459 "0x%08X, 0x%08X, 0x%08X, "
1460 "0x%08X, 0x%08X, 0x%08X\n",
1461 dma_reason[0], dma_reason[1],
1462 dma_reason[2], dma_reason[3],
1463 dma_reason[4], dma_reason[5]);
1464 }
1465 }
1466
1467 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1468 handle_irq_ucode_debug(dev);
1469 if (reason & B43_IRQ_TBTT_INDI)
1470 handle_irq_tbtt_indication(dev);
1471 if (reason & B43_IRQ_ATIM_END)
1472 handle_irq_atim_end(dev);
1473 if (reason & B43_IRQ_BEACON)
1474 handle_irq_beacon(dev);
1475 if (reason & B43_IRQ_PMQ)
1476 handle_irq_pmq(dev);
21954c36
MB		 1477 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1478 ;/* TODO */
1479 if (reason & B43_IRQ_NOISESAMPLE_OK)
e4d6b795
MB		 1480 handle_irq_noise(dev);
1481
1482 /* Check the DMA reason registers for received data. */
03b29773
MB		 1483 if (dma_reason[0] & B43_DMAIRQ_RX_DONE)
1484 b43_dma_rx(dev->dma.rx_ring0);
1485 if (dma_reason[3] & B43_DMAIRQ_RX_DONE)
1486 b43_dma_rx(dev->dma.rx_ring3);
e4d6b795
MB		 1487 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1488 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
e4d6b795
MB		 1489 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1490 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1491
21954c36 1492 if (reason & B43_IRQ_TX_OK)
e4d6b795 1493 handle_irq_transmit_status(dev);
e4d6b795 1494
e4d6b795
MB		 1495 b43_interrupt_enable(dev, dev->irq_savedstate);
1496 mmiowb();
1497 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1498}
1499
e4d6b795
MB		 1500static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1501{
e4d6b795
MB		 1502 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1503
1504 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1505 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1506 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1507 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1508 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1509 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1510}
1511
1512/* Interrupt handler top-half */
1513static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1514{
1515 irqreturn_t ret = IRQ_NONE;
1516 struct b43_wldev *dev = dev_id;
1517 u32 reason;
1518
1519 if (!dev)
1520 return IRQ_NONE;
1521
1522 spin_lock(&dev->wl->irq_lock);
1523
1524 if (b43_status(dev) < B43_STAT_STARTED)
1525 goto out;
1526 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1527 if (reason == 0xffffffff) /* shared IRQ */
1528 goto out;
1529 ret = IRQ_HANDLED;
1530 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1531 if (!reason)
1532 goto out;
1533
1534 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1535 & 0x0001DC00;
1536 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1537 & 0x0000DC00;
1538 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1539 & 0x0000DC00;
1540 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1541 & 0x0001DC00;
1542 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1543 & 0x0000DC00;
1544 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1545 & 0x0000DC00;
1546
1547 b43_interrupt_ack(dev, reason);
1548 /* disable all IRQs. They are enabled again in the bottom half. */
1549 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1550 /* save the reason code and call our bottom half. */
1551 dev->irq_reason = reason;
1552 tasklet_schedule(&dev->isr_tasklet);
1553 out:
1554 mmiowb();
1555 spin_unlock(&dev->wl->irq_lock);
1556
1557 return ret;
1558}
1559
61cb5dd6
MB		 1560static void do_release_fw(struct b43_firmware_file *fw)
1561{
1562 release_firmware(fw->data);
1563 fw->data = NULL;
1564 fw->filename = NULL;
1565}
1566
e4d6b795
MB		 1567static void b43_release_firmware(struct b43_wldev *dev)
1568{
61cb5dd6
MB		 1569 do_release_fw(&dev->fw.ucode);
1570 do_release_fw(&dev->fw.pcm);
1571 do_release_fw(&dev->fw.initvals);
1572 do_release_fw(&dev->fw.initvals_band);
e4d6b795
MB		 1573}
1574
eb189d8b 1575static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
e4d6b795 1576{
eb189d8b
MB		 1577 const char *text;
1578
1579 text = "You must go to "
354807e0 1580 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
eb189d8b
MB		 1581 "and download the latest firmware (version 4).\n";
1582 if (error)
1583 b43err(wl, text);
1584 else
1585 b43warn(wl, text);
e4d6b795
MB		 1586}
1587
1588static int do_request_fw(struct b43_wldev *dev,
1589 const char *name,
61cb5dd6 1590 struct b43_firmware_file *fw)
e4d6b795 1591{
1a09404a 1592 char path[sizeof(modparam_fwpostfix) + 32];
61cb5dd6 1593 const struct firmware *blob;
e4d6b795
MB		 1594 struct b43_fw_header *hdr;
1595 u32 size;
1596 int err;
1597
61cb5dd6
MB		 1598 if (!name) {
1599 /* Don't fetch anything. Free possibly cached firmware. */
1600 do_release_fw(fw);
e4d6b795 1601 return 0;
61cb5dd6
MB		 1602 }
1603 if (fw->filename) {
1604 if (strcmp(fw->filename, name) == 0)
1605 return 0; /* Already have this fw. */
1606 /* Free the cached firmware first. */
1607 do_release_fw(fw);
1608 }
e4d6b795
MB		 1609
1610 snprintf(path, ARRAY_SIZE(path),
1611 "b43%s/%s.fw",
1612 modparam_fwpostfix, name);
61cb5dd6 1613 err = request_firmware(&blob, path, dev->dev->dev);
e4d6b795
MB		 1614 if (err) {
1615 b43err(dev->wl, "Firmware file \"%s\" not found "
1616 "or load failed.\n", path);
1617 return err;
1618 }
61cb5dd6 1619 if (blob->size < sizeof(struct b43_fw_header))
e4d6b795 1620 goto err_format;
61cb5dd6 1621 hdr = (struct b43_fw_header *)(blob->data);
e4d6b795
MB		 1622 switch (hdr->type) {
1623 case B43_FW_TYPE_UCODE:
1624 case B43_FW_TYPE_PCM:
1625 size = be32_to_cpu(hdr->size);
61cb5dd6 1626 if (size != blob->size - sizeof(struct b43_fw_header))
e4d6b795
MB		 1627 goto err_format;
1628 /* fallthrough */
1629 case B43_FW_TYPE_IV:
1630 if (hdr->ver != 1)
1631 goto err_format;
1632 break;
1633 default:
1634 goto err_format;
1635 }
1636
61cb5dd6
MB		 1637 fw->data = blob;
1638 fw->filename = name;
1639
1640 return 0;
e4d6b795
MB		 1641
1642err_format:
1643 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
61cb5dd6
MB		 1644 release_firmware(blob);
1645
e4d6b795
MB		 1646 return -EPROTO;
1647}
1648
1649static int b43_request_firmware(struct b43_wldev *dev)
1650{
1651 struct b43_firmware *fw = &dev->fw;
1652 const u8 rev = dev->dev->id.revision;
1653 const char *filename;
1654 u32 tmshigh;
1655 int err;
1656
61cb5dd6 1657 /* Get microcode */
e4d6b795 1658 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
61cb5dd6
MB		 1659 if ((rev >= 5) && (rev <= 10))
1660 filename = "ucode5";
1661 else if ((rev >= 11) && (rev <= 12))
1662 filename = "ucode11";
1663 else if (rev >= 13)
1664 filename = "ucode13";
1665 else
1666 goto err_no_ucode;
1667 err = do_request_fw(dev, filename, &fw->ucode);
1668 if (err)
1669 goto err_load;
1670
1671 /* Get PCM code */
1672 if ((rev >= 5) && (rev <= 10))
1673 filename = "pcm5";
1674 else if (rev >= 11)
1675 filename = NULL;
1676 else
1677 goto err_no_pcm;
1678 err = do_request_fw(dev, filename, &fw->pcm);
1679 if (err)
1680 goto err_load;
1681
1682 /* Get initvals */
1683 switch (dev->phy.type) {
1684 case B43_PHYTYPE_A:
1685 if ((rev >= 5) && (rev <= 10)) {
1686 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1687 filename = "a0g1initvals5";
1688 else
1689 filename = "a0g0initvals5";
1690 } else
1691 goto err_no_initvals;
1692 break;
1693 case B43_PHYTYPE_G:
e4d6b795 1694 if ((rev >= 5) && (rev <= 10))
61cb5dd6 1695 filename = "b0g0initvals5";
e4d6b795 1696 else if (rev >= 13)
61cb5dd6 1697 filename = "lp0initvals13";
e4d6b795 1698 else
61cb5dd6
MB		 1699 goto err_no_initvals;
1700 break;
1701 case B43_PHYTYPE_N:
1702 if ((rev >= 11) && (rev <= 12))
1703 filename = "n0initvals11";
1704 else
1705 goto err_no_initvals;
1706 break;
1707 default:
1708 goto err_no_initvals;
e4d6b795 1709 }
61cb5dd6
MB		 1710 err = do_request_fw(dev, filename, &fw->initvals);
1711 if (err)
1712 goto err_load;
1713
1714 /* Get bandswitch initvals */
1715 switch (dev->phy.type) {
1716 case B43_PHYTYPE_A:
1717 if ((rev >= 5) && (rev <= 10)) {
1718 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1719 filename = "a0g1bsinitvals5";
1720 else
1721 filename = "a0g0bsinitvals5";
1722 } else if (rev >= 11)
1723 filename = NULL;
1724 else
1725 goto err_no_initvals;
1726 break;
1727 case B43_PHYTYPE_G:
e4d6b795 1728 if ((rev >= 5) && (rev <= 10))
61cb5dd6 1729 filename = "b0g0bsinitvals5";
e4d6b795
MB		 1730 else if (rev >= 11)
1731 filename = NULL;
1732 else
e4d6b795 1733 goto err_no_initvals;
61cb5dd6
MB		 1734 break;
1735 case B43_PHYTYPE_N:
1736 if ((rev >= 11) && (rev <= 12))
1737 filename = "n0bsinitvals11";
1738 else
e4d6b795 1739 goto err_no_initvals;
61cb5dd6
MB		 1740 break;
1741 default:
1742 goto err_no_initvals;
e4d6b795 1743 }
61cb5dd6
MB		 1744 err = do_request_fw(dev, filename, &fw->initvals_band);
1745 if (err)
1746 goto err_load;
e4d6b795
MB		 1747
1748 return 0;
1749
1750err_load:
eb189d8b 1751 b43_print_fw_helptext(dev->wl, 1);
e4d6b795
MB		 1752 goto error;
1753
1754err_no_ucode:
1755 err = -ENODEV;
1756 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
1757 goto error;
1758
1759err_no_pcm:
1760 err = -ENODEV;
1761 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
1762 goto error;
1763
1764err_no_initvals:
1765 err = -ENODEV;
1766 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
1767 "core rev %u\n", dev->phy.type, rev);
1768 goto error;
1769
1770error:
1771 b43_release_firmware(dev);
1772 return err;
1773}
1774
1775static int b43_upload_microcode(struct b43_wldev *dev)
1776{
1777 const size_t hdr_len = sizeof(struct b43_fw_header);
1778 const __be32 *data;
1779 unsigned int i, len;
1780 u16 fwrev, fwpatch, fwdate, fwtime;
1f7d87b0 1781 u32 tmp, macctl;
e4d6b795
MB		 1782 int err = 0;
1783
1f7d87b0
MB		 1784 /* Jump the microcode PSM to offset 0 */
1785 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1786 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
1787 macctl |= B43_MACCTL_PSM_JMP0;
1788 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1789 /* Zero out all microcode PSM registers and shared memory. */
1790 for (i = 0; i < 64; i++)
1791 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
1792 for (i = 0; i < 4096; i += 2)
1793 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
1794
e4d6b795 1795 /* Upload Microcode. */
61cb5dd6
MB		 1796 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
1797 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
e4d6b795
MB		 1798 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
1799 for (i = 0; i < len; i++) {
1800 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
1801 udelay(10);
1802 }
1803
61cb5dd6 1804 if (dev->fw.pcm.data) {
e4d6b795 1805 /* Upload PCM data. */
61cb5dd6
MB		 1806 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
1807 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
e4d6b795
MB		 1808 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
1809 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
1810 /* No need for autoinc bit in SHM_HW */
1811 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
1812 for (i = 0; i < len; i++) {
1813 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
1814 udelay(10);
1815 }
1816 }
1817
1818 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
1f7d87b0
MB		 1819
1820 /* Start the microcode PSM */
1821 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1822 macctl &= ~B43_MACCTL_PSM_JMP0;
1823 macctl |= B43_MACCTL_PSM_RUN;
1824 b43_write32(dev, B43_MMIO_MACCTL, macctl);
e4d6b795
MB		 1825
1826 /* Wait for the microcode to load and respond */
1827 i = 0;
1828 while (1) {
1829 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1830 if (tmp == B43_IRQ_MAC_SUSPENDED)
1831 break;
1832 i++;
1f7d87b0 1833 if (i >= 20) {
e4d6b795 1834 b43err(dev->wl, "Microcode not responding\n");
eb189d8b 1835 b43_print_fw_helptext(dev->wl, 1);
e4d6b795 1836 err = -ENODEV;
1f7d87b0
MB		 1837 goto error;
1838 }
1839 msleep_interruptible(50);
1840 if (signal_pending(current)) {
1841 err = -EINTR;
1842 goto error;
e4d6b795 1843 }
e4d6b795
MB		 1844 }
1845 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
1846
1847 /* Get and check the revisions. */
1848 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
1849 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
1850 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
1851 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
1852
1853 if (fwrev <= 0x128) {
1854 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
1855 "binary drivers older than version 4.x is unsupported. "
1856 "You must upgrade your firmware files.\n");
eb189d8b 1857 b43_print_fw_helptext(dev->wl, 1);
e4d6b795 1858 err = -EOPNOTSUPP;
1f7d87b0 1859 goto error;
e4d6b795
MB		 1860 }
1861 b43dbg(dev->wl, "Loading firmware version %u.%u "
1862 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
1863 fwrev, fwpatch,
1864 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
1865 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
1866
1867 dev->fw.rev = fwrev;
1868 dev->fw.patch = fwpatch;
1869
eb189d8b
MB		 1870 if (b43_is_old_txhdr_format(dev)) {
1871 b43warn(dev->wl, "You are using an old firmware image. "
1872 "Support for old firmware will be removed in July 2008.\n");
1873 b43_print_fw_helptext(dev->wl, 0);
1874 }
1875
1f7d87b0
MB		 1876 return 0;
1877
1878error:
1879 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1880 macctl &= ~B43_MACCTL_PSM_RUN;
1881 macctl |= B43_MACCTL_PSM_JMP0;
1882 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1883
e4d6b795
MB		 1884 return err;
1885}
1886
1887static int b43_write_initvals(struct b43_wldev *dev,
1888 const struct b43_iv *ivals,
1889 size_t count,
1890 size_t array_size)
1891{
1892 const struct b43_iv *iv;
1893 u16 offset;
1894 size_t i;
1895 bool bit32;
1896
1897 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
1898 iv = ivals;
1899 for (i = 0; i < count; i++) {
1900 if (array_size < sizeof(iv->offset_size))
1901 goto err_format;
1902 array_size -= sizeof(iv->offset_size);
1903 offset = be16_to_cpu(iv->offset_size);
1904 bit32 = !!(offset & B43_IV_32BIT);
1905 offset &= B43_IV_OFFSET_MASK;
1906 if (offset >= 0x1000)
1907 goto err_format;
1908 if (bit32) {
1909 u32 value;
1910
1911 if (array_size < sizeof(iv->data.d32))
1912 goto err_format;
1913 array_size -= sizeof(iv->data.d32);
1914
1915 value = be32_to_cpu(get_unaligned(&iv->data.d32));
1916 b43_write32(dev, offset, value);
1917
1918 iv = (const struct b43_iv *)((const uint8_t *)iv +
1919 sizeof(__be16) +
1920 sizeof(__be32));
1921 } else {
1922 u16 value;
1923
1924 if (array_size < sizeof(iv->data.d16))
1925 goto err_format;
1926 array_size -= sizeof(iv->data.d16);
1927
1928 value = be16_to_cpu(iv->data.d16);
1929 b43_write16(dev, offset, value);
1930
1931 iv = (const struct b43_iv *)((const uint8_t *)iv +
1932 sizeof(__be16) +
1933 sizeof(__be16));
1934 }
1935 }
1936 if (array_size)
1937 goto err_format;
1938
1939 return 0;
1940
1941err_format:
1942 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
eb189d8b 1943 b43_print_fw_helptext(dev->wl, 1);
e4d6b795
MB		 1944
1945 return -EPROTO;
1946}
1947
1948static int b43_upload_initvals(struct b43_wldev *dev)
1949{
1950 const size_t hdr_len = sizeof(struct b43_fw_header);
1951 const struct b43_fw_header *hdr;
1952 struct b43_firmware *fw = &dev->fw;
1953 const struct b43_iv *ivals;
1954 size_t count;
1955 int err;
1956
61cb5dd6
MB		 1957 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
1958 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
e4d6b795
MB		 1959 count = be32_to_cpu(hdr->size);
1960 err = b43_write_initvals(dev, ivals, count,
61cb5dd6 1961 fw->initvals.data->size - hdr_len);
e4d6b795
MB		 1962 if (err)
1963 goto out;
61cb5dd6
MB		 1964 if (fw->initvals_band.data) {
1965 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
1966 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
e4d6b795
MB		 1967 count = be32_to_cpu(hdr->size);
1968 err = b43_write_initvals(dev, ivals, count,
61cb5dd6 1969 fw->initvals_band.data->size - hdr_len);
e4d6b795
MB		 1970 if (err)
1971 goto out;
1972 }
1973out:
1974
1975 return err;
1976}
1977
1978/* Initialize the GPIOs
1979 * http://bcm-specs.sipsolutions.net/GPIO
1980 */
1981static int b43_gpio_init(struct b43_wldev *dev)
1982{
1983 struct ssb_bus *bus = dev->dev->bus;
1984 struct ssb_device *gpiodev, *pcidev = NULL;
1985 u32 mask, set;
1986
1987 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
1988 & ~B43_MACCTL_GPOUTSMSK);
1989
e4d6b795
MB		 1990 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
1991 | 0x000F);
1992
1993 mask = 0x0000001F;
1994 set = 0x0000000F;
1995 if (dev->dev->bus->chip_id == 0x4301) {
1996 mask |= 0x0060;
1997 set |= 0x0060;
1998 }
1999 if (0 /* FIXME: conditional unknown */ ) {
2000 b43_write16(dev, B43_MMIO_GPIO_MASK,
2001 b43_read16(dev, B43_MMIO_GPIO_MASK)
2002 | 0x0100);
2003 mask |= 0x0180;
2004 set |= 0x0180;
2005 }
95de2841 2006 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
e4d6b795
MB		 2007 b43_write16(dev, B43_MMIO_GPIO_MASK,
2008 b43_read16(dev, B43_MMIO_GPIO_MASK)
2009 | 0x0200);
2010 mask |= 0x0200;
2011 set |= 0x0200;
2012 }
2013 if (dev->dev->id.revision >= 2)
2014 mask |= 0x0010; /* FIXME: This is redundant. */
2015
2016#ifdef CONFIG_SSB_DRIVER_PCICORE
2017 pcidev = bus->pcicore.dev;
2018#endif
2019 gpiodev = bus->chipco.dev ? : pcidev;
2020 if (!gpiodev)
2021 return 0;
2022 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2023 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2024 & mask) | set);
2025
2026 return 0;
2027}
2028
2029/* Turn off all GPIO stuff. Call this on module unload, for example. */
2030static void b43_gpio_cleanup(struct b43_wldev *dev)
2031{
2032 struct ssb_bus *bus = dev->dev->bus;
2033 struct ssb_device *gpiodev, *pcidev = NULL;
2034
2035#ifdef CONFIG_SSB_DRIVER_PCICORE
2036 pcidev = bus->pcicore.dev;
2037#endif
2038 gpiodev = bus->chipco.dev ? : pcidev;
2039 if (!gpiodev)
2040 return;
2041 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2042}
2043
2044/* http://bcm-specs.sipsolutions.net/EnableMac */
2045void b43_mac_enable(struct b43_wldev *dev)
2046{
2047 dev->mac_suspended--;
2048 B43_WARN_ON(dev->mac_suspended < 0);
05b64b36 2049 B43_WARN_ON(irqs_disabled());
e4d6b795
MB		 2050 if (dev->mac_suspended == 0) {
2051 b43_write32(dev, B43_MMIO_MACCTL,
2052 b43_read32(dev, B43_MMIO_MACCTL)
2053 | B43_MACCTL_ENABLED);
2054 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2055 B43_IRQ_MAC_SUSPENDED);
2056 /* Commit writes */
2057 b43_read32(dev, B43_MMIO_MACCTL);
2058 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2059 b43_power_saving_ctl_bits(dev, 0);
05b64b36
MB		 2060
2061 /* Re-enable IRQs. */
2062 spin_lock_irq(&dev->wl->irq_lock);
2063 b43_interrupt_enable(dev, dev->irq_savedstate);
2064 spin_unlock_irq(&dev->wl->irq_lock);
e4d6b795
MB		 2065 }
2066}
2067
2068/* http://bcm-specs.sipsolutions.net/SuspendMAC */
2069void b43_mac_suspend(struct b43_wldev *dev)
2070{
2071 int i;
2072 u32 tmp;
2073
05b64b36
MB		 2074 might_sleep();
2075 B43_WARN_ON(irqs_disabled());
e4d6b795 2076 B43_WARN_ON(dev->mac_suspended < 0);
05b64b36 2077
e4d6b795 2078 if (dev->mac_suspended == 0) {
05b64b36
MB		 2079 /* Mask IRQs before suspending MAC. Otherwise
2080 * the MAC stays busy and won't suspend. */
2081 spin_lock_irq(&dev->wl->irq_lock);
2082 tmp = b43_interrupt_disable(dev, B43_IRQ_ALL);
2083 spin_unlock_irq(&dev->wl->irq_lock);
2084 b43_synchronize_irq(dev);
2085 dev->irq_savedstate = tmp;
2086
e4d6b795
MB		 2087 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2088 b43_write32(dev, B43_MMIO_MACCTL,
2089 b43_read32(dev, B43_MMIO_MACCTL)
2090 & ~B43_MACCTL_ENABLED);
2091 /* force pci to flush the write */
2092 b43_read32(dev, B43_MMIO_MACCTL);
05b64b36 2093 for (i = 40; i; i--) {
e4d6b795
MB		 2094 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2095 if (tmp & B43_IRQ_MAC_SUSPENDED)
2096 goto out;
05b64b36 2097 msleep(1);
e4d6b795
MB		 2098 }
2099 b43err(dev->wl, "MAC suspend failed\n");
2100 }
05b64b36 2101out:
e4d6b795
MB		 2102 dev->mac_suspended++;
2103}
2104
2105static void b43_adjust_opmode(struct b43_wldev *dev)
2106{
2107 struct b43_wl *wl = dev->wl;
2108 u32 ctl;
2109 u16 cfp_pretbtt;
2110
2111 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2112 /* Reset status to STA infrastructure mode. */
2113 ctl &= ~B43_MACCTL_AP;
2114 ctl &= ~B43_MACCTL_KEEP_CTL;
2115 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2116 ctl &= ~B43_MACCTL_KEEP_BAD;
2117 ctl &= ~B43_MACCTL_PROMISC;
4150c572 2118 ctl &= ~B43_MACCTL_BEACPROMISC;
e4d6b795
MB		 2119 ctl |= B43_MACCTL_INFRA;
2120
4150c572
JB		 2121 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
2122 ctl |= B43_MACCTL_AP;
2123 else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2124 ctl &= ~B43_MACCTL_INFRA;
2125
2126 if (wl->filter_flags & FIF_CONTROL)
e4d6b795 2127 ctl |= B43_MACCTL_KEEP_CTL;
4150c572
JB		 2128 if (wl->filter_flags & FIF_FCSFAIL)
2129 ctl |= B43_MACCTL_KEEP_BAD;
2130 if (wl->filter_flags & FIF_PLCPFAIL)
2131 ctl |= B43_MACCTL_KEEP_BADPLCP;
2132 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
e4d6b795 2133 ctl |= B43_MACCTL_PROMISC;
4150c572
JB		 2134 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2135 ctl |= B43_MACCTL_BEACPROMISC;
2136
e4d6b795
MB		 2137 /* Workaround: On old hardware the HW-MAC-address-filter
2138 * doesn't work properly, so always run promisc in filter
2139 * it in software. */
2140 if (dev->dev->id.revision <= 4)
2141 ctl |= B43_MACCTL_PROMISC;
2142
2143 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2144
2145 cfp_pretbtt = 2;
2146 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2147 if (dev->dev->bus->chip_id == 0x4306 &&
2148 dev->dev->bus->chip_rev == 3)
2149 cfp_pretbtt = 100;
2150 else
2151 cfp_pretbtt = 50;
2152 }
2153 b43_write16(dev, 0x612, cfp_pretbtt);
2154}
2155
2156static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2157{
2158 u16 offset;
2159
2160 if (is_ofdm) {
2161 offset = 0x480;
2162 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2163 } else {
2164 offset = 0x4C0;
2165 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2166 }
2167 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2168 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2169}
2170
2171static void b43_rate_memory_init(struct b43_wldev *dev)
2172{
2173 switch (dev->phy.type) {
2174 case B43_PHYTYPE_A:
2175 case B43_PHYTYPE_G:
53a6e234 2176 case B43_PHYTYPE_N:
e4d6b795
MB		 2177 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2178 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2179 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2180 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2181 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2182 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2183 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2184 if (dev->phy.type == B43_PHYTYPE_A)
2185 break;
2186 /* fallthrough */
2187 case B43_PHYTYPE_B:
2188 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2189 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2190 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2191 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2192 break;
2193 default:
2194 B43_WARN_ON(1);
2195 }
2196}
2197
2198/* Set the TX-Antenna for management frames sent by firmware. */
2199static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2200{
2201 u16 ant = 0;
2202 u16 tmp;
2203
2204 switch (antenna) {
2205 case B43_ANTENNA0:
eb189d8b 2206 ant |= B43_TXH_PHY_ANT0;
e4d6b795
MB		 2207 break;
2208 case B43_ANTENNA1:
eb189d8b
MB		 2209 ant |= B43_TXH_PHY_ANT1;
2210 break;
2211 case B43_ANTENNA2:
2212 ant |= B43_TXH_PHY_ANT2;
2213 break;
2214 case B43_ANTENNA3:
2215 ant |= B43_TXH_PHY_ANT3;
e4d6b795
MB		 2216 break;
2217 case B43_ANTENNA_AUTO:
eb189d8b 2218 ant |= B43_TXH_PHY_ANT01AUTO;
e4d6b795
MB		 2219 break;
2220 default:
2221 B43_WARN_ON(1);
2222 }
2223
2224 /* FIXME We also need to set the other flags of the PHY control field somewhere. */
2225
2226 /* For Beacons */
2227 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
eb189d8b 2228 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
e4d6b795
MB		 2229 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, tmp);
2230 /* For ACK/CTS */
2231 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
eb189d8b 2232 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
e4d6b795
MB		 2233 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2234 /* For Probe Resposes */
2235 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
eb189d8b 2236 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
e4d6b795
MB		 2237 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2238}
2239
2240/* This is the opposite of b43_chip_init() */
2241static void b43_chip_exit(struct b43_wldev *dev)
2242{
8e9f7529 2243 b43_radio_turn_off(dev, 1);
e4d6b795
MB		 2244 b43_gpio_cleanup(dev);
2245 /* firmware is released later */
2246}
2247
2248/* Initialize the chip
2249 * http://bcm-specs.sipsolutions.net/ChipInit
2250 */
2251static int b43_chip_init(struct b43_wldev *dev)
2252{
2253 struct b43_phy *phy = &dev->phy;
2254 int err, tmp;
1f7d87b0 2255 u32 value32, macctl;
e4d6b795
MB		 2256 u16 value16;
2257
1f7d87b0
MB		 2258 /* Initialize the MAC control */
2259 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2260 if (dev->phy.gmode)
2261 macctl |= B43_MACCTL_GMODE;
2262 macctl |= B43_MACCTL_INFRA;
2263 b43_write32(dev, B43_MMIO_MACCTL, macctl);
e4d6b795
MB		 2264
2265 err = b43_request_firmware(dev);
2266 if (err)
2267 goto out;
2268 err = b43_upload_microcode(dev);
2269 if (err)
2270 goto out; /* firmware is released later */
2271
2272 err = b43_gpio_init(dev);
2273 if (err)
2274 goto out; /* firmware is released later */
21954c36 2275
e4d6b795
MB		 2276 err = b43_upload_initvals(dev);
2277 if (err)
1a8d1227 2278 goto err_gpio_clean;
e4d6b795 2279 b43_radio_turn_on(dev);
e4d6b795
MB		 2280
2281 b43_write16(dev, 0x03E6, 0x0000);
2282 err = b43_phy_init(dev);
2283 if (err)
2284 goto err_radio_off;
2285
2286 /* Select initial Interference Mitigation. */
2287 tmp = phy->interfmode;
2288 phy->interfmode = B43_INTERFMODE_NONE;
2289 b43_radio_set_interference_mitigation(dev, tmp);
2290
2291 b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2292 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2293
2294 if (phy->type == B43_PHYTYPE_B) {
2295 value16 = b43_read16(dev, 0x005E);
2296 value16 |= 0x0004;
2297 b43_write16(dev, 0x005E, value16);
2298 }
2299 b43_write32(dev, 0x0100, 0x01000000);
2300 if (dev->dev->id.revision < 5)
2301 b43_write32(dev, 0x010C, 0x01000000);
2302
2303 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2304 & ~B43_MACCTL_INFRA);
2305 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2306 | B43_MACCTL_INFRA);
e4d6b795 2307
e4d6b795
MB		 2308 /* Probe Response Timeout value */
2309 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2310 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2311
2312 /* Initially set the wireless operation mode. */
2313 b43_adjust_opmode(dev);
2314
2315 if (dev->dev->id.revision < 3) {
2316 b43_write16(dev, 0x060E, 0x0000);
2317 b43_write16(dev, 0x0610, 0x8000);
2318 b43_write16(dev, 0x0604, 0x0000);
2319 b43_write16(dev, 0x0606, 0x0200);
2320 } else {
2321 b43_write32(dev, 0x0188, 0x80000000);
2322 b43_write32(dev, 0x018C, 0x02000000);
2323 }
2324 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2325 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2326 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2327 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2328 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2329 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2330 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2331
2332 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2333 value32 |= 0x00100000;
2334 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2335
2336 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2337 dev->dev->bus->chipco.fast_pwrup_delay);
2338
2339 err = 0;
2340 b43dbg(dev->wl, "Chip initialized\n");
21954c36 2341out:
e4d6b795
MB		 2342 return err;
2343
21954c36 2344err_radio_off:
8e9f7529 2345 b43_radio_turn_off(dev, 1);
1a8d1227 2346err_gpio_clean:
e4d6b795 2347 b43_gpio_cleanup(dev);
21954c36 2348 return err;
e4d6b795
MB		 2349}
2350
2351static void b43_periodic_every120sec(struct b43_wldev *dev)
2352{
2353 struct b43_phy *phy = &dev->phy;
2354
2355 if (phy->type != B43_PHYTYPE_G || phy->rev < 2)
2356 return;
2357
2358 b43_mac_suspend(dev);
2359 b43_lo_g_measure(dev);
2360 b43_mac_enable(dev);
2361 if (b43_has_hardware_pctl(phy))
2362 b43_lo_g_ctl_mark_all_unused(dev);
2363}
2364
2365static void b43_periodic_every60sec(struct b43_wldev *dev)
2366{
2367 struct b43_phy *phy = &dev->phy;
2368
53a6e234
MB		 2369 if (phy->type != B43_PHYTYPE_G)
2370 return;
e4d6b795
MB		 2371 if (!b43_has_hardware_pctl(phy))
2372 b43_lo_g_ctl_mark_all_unused(dev);
95de2841 2373 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
e4d6b795
MB		 2374 b43_mac_suspend(dev);
2375 b43_calc_nrssi_slope(dev);
2376 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2377 u8 old_chan = phy->channel;
2378
2379 /* VCO Calibration */
2380 if (old_chan >= 8)
2381 b43_radio_selectchannel(dev, 1, 0);
2382 else
2383 b43_radio_selectchannel(dev, 13, 0);
2384 b43_radio_selectchannel(dev, old_chan, 0);
2385 }
2386 b43_mac_enable(dev);
2387 }
2388}
2389
2390static void b43_periodic_every30sec(struct b43_wldev *dev)
2391{
2392 /* Update device statistics. */
2393 b43_calculate_link_quality(dev);
2394}
2395
2396static void b43_periodic_every15sec(struct b43_wldev *dev)
2397{
2398 struct b43_phy *phy = &dev->phy;
2399
2400 if (phy->type == B43_PHYTYPE_G) {
2401 //TODO: update_aci_moving_average
2402 if (phy->aci_enable && phy->aci_wlan_automatic) {
2403 b43_mac_suspend(dev);
2404 if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2405 if (0 /*TODO: bunch of conditions */ ) {
2406 b43_radio_set_interference_mitigation
2407 (dev, B43_INTERFMODE_MANUALWLAN);
2408 }
2409 } else if (1 /*TODO*/) {
2410 /*
2411 if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2412 b43_radio_set_interference_mitigation(dev,
2413 B43_INTERFMODE_NONE);
2414 }
2415 */
2416 }
2417 b43_mac_enable(dev);
2418 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2419 phy->rev == 1) {
2420 //TODO: implement rev1 workaround
2421 }
2422 }
2423 b43_phy_xmitpower(dev); //FIXME: unless scanning?
2424 //TODO for APHY (temperature?)
00e0b8cb
SB		 2425
2426 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2427 wmb();
e4d6b795
MB		 2428}
2429
e4d6b795
MB		 2430static void do_periodic_work(struct b43_wldev *dev)
2431{
2432 unsigned int state;
2433
2434 state = dev->periodic_state;
42bb4cd5 2435 if (state % 8 == 0)
e4d6b795 2436 b43_periodic_every120sec(dev);
42bb4cd5 2437 if (state % 4 == 0)
e4d6b795 2438 b43_periodic_every60sec(dev);
42bb4cd5 2439 if (state % 2 == 0)
e4d6b795 2440 b43_periodic_every30sec(dev);
42bb4cd5 2441 b43_periodic_every15sec(dev);
e4d6b795
MB		 2442}
2443
05b64b36
MB		 2444/* Periodic work locking policy:
2445 * The whole periodic work handler is protected by
2446 * wl->mutex. If another lock is needed somewhere in the
2447 * pwork callchain, it's aquired in-place, where it's needed.
e4d6b795 2448 */
e4d6b795
MB		 2449static void b43_periodic_work_handler(struct work_struct *work)
2450{
05b64b36
MB		 2451 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2452 periodic_work.work);
2453 struct b43_wl *wl = dev->wl;
2454 unsigned long delay;
e4d6b795 2455
05b64b36 2456 mutex_lock(&wl->mutex);
e4d6b795
MB		 2457
2458 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2459 goto out;
2460 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2461 goto out_requeue;
2462
05b64b36 2463 do_periodic_work(dev);
e4d6b795 2464
e4d6b795 2465 dev->periodic_state++;
42bb4cd5 2466out_requeue:
e4d6b795
MB		 2467 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2468 delay = msecs_to_jiffies(50);
2469 else
82cd682d 2470 delay = round_jiffies_relative(HZ * 15);
05b64b36 2471 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
42bb4cd5 2472out:
05b64b36 2473 mutex_unlock(&wl->mutex);
e4d6b795
MB		 2474}
2475
2476static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2477{
2478 struct delayed_work *work = &dev->periodic_work;
2479
2480 dev->periodic_state = 0;
2481 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2482 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2483}
2484
f3dd3fcc 2485/* Check if communication with the device works correctly. */
e4d6b795
MB		 2486static int b43_validate_chipaccess(struct b43_wldev *dev)
2487{
f3dd3fcc 2488 u32 v, backup;
e4d6b795 2489
f3dd3fcc
MB		 2490 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2491
2492 /* Check for read/write and endianness problems. */
e4d6b795
MB		 2493 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2494 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2495 goto error;
f3dd3fcc
MB		 2496 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2497 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
e4d6b795
MB		 2498 goto error;
2499
f3dd3fcc
MB		 2500 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2501
2502 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2503 /* The 32bit register shadows the two 16bit registers
2504 * with update sideeffects. Validate this. */
2505 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2506 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2507 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2508 goto error;
2509 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2510 goto error;
2511 }
2512 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2513
2514 v = b43_read32(dev, B43_MMIO_MACCTL);
2515 v |= B43_MACCTL_GMODE;
2516 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
e4d6b795
MB		 2517 goto error;
2518
2519 return 0;
f3dd3fcc 2520error:
e4d6b795
MB		 2521 b43err(dev->wl, "Failed to validate the chipaccess\n");
2522 return -ENODEV;
2523}
2524
2525static void b43_security_init(struct b43_wldev *dev)
2526{
2527 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2528 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2529 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2530 /* KTP is a word address, but we address SHM bytewise.
2531 * So multiply by two.
2532 */
2533 dev->ktp *= 2;
2534 if (dev->dev->id.revision >= 5) {
2535 /* Number of RCMTA address slots */
2536 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2537 }
2538 b43_clear_keys(dev);
2539}
2540
2541static int b43_rng_read(struct hwrng *rng, u32 * data)
2542{
2543 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2544 unsigned long flags;
2545
2546 /* Don't take wl->mutex here, as it could deadlock with
2547 * hwrng internal locking. It's not needed to take
2548 * wl->mutex here, anyway. */
2549
2550 spin_lock_irqsave(&wl->irq_lock, flags);
2551 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2552 spin_unlock_irqrestore(&wl->irq_lock, flags);
2553
2554 return (sizeof(u16));
2555}
2556
2557static void b43_rng_exit(struct b43_wl *wl)
2558{
2559 if (wl->rng_initialized)
2560 hwrng_unregister(&wl->rng);
2561}
2562
2563static int b43_rng_init(struct b43_wl *wl)
2564{
2565 int err;
2566
2567 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2568 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2569 wl->rng.name = wl->rng_name;
2570 wl->rng.data_read = b43_rng_read;
2571 wl->rng.priv = (unsigned long)wl;
2572 wl->rng_initialized = 1;
2573 err = hwrng_register(&wl->rng);
2574 if (err) {
2575 wl->rng_initialized = 0;
2576 b43err(wl, "Failed to register the random "
2577 "number generator (%d)\n", err);
2578 }
2579
2580 return err;
2581}
2582
40faacc4
MB		 2583static int b43_op_tx(struct ieee80211_hw *hw,
2584 struct sk_buff *skb,
2585 struct ieee80211_tx_control *ctl)
e4d6b795
MB		 2586{
2587 struct b43_wl *wl = hw_to_b43_wl(hw);
2588 struct b43_wldev *dev = wl->current_dev;
2589 int err = -ENODEV;
e4d6b795
MB		 2590
2591 if (unlikely(!dev))
2592 goto out;
2593 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2594 goto out;
2595 /* DMA-TX is done without a global lock. */
03b29773 2596 err = b43_dma_tx(dev, skb, ctl);
40faacc4 2597out:
e4d6b795
MB		 2598 if (unlikely(err))
2599 return NETDEV_TX_BUSY;
2600 return NETDEV_TX_OK;
2601}
2602
40faacc4
MB		 2603static int b43_op_conf_tx(struct ieee80211_hw *hw,
2604 int queue,
2605 const struct ieee80211_tx_queue_params *params)
e4d6b795
MB		 2606{
2607 return 0;
2608}
2609
40faacc4
MB		 2610static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
2611 struct ieee80211_tx_queue_stats *stats)
e4d6b795
MB		 2612{
2613 struct b43_wl *wl = hw_to_b43_wl(hw);
2614 struct b43_wldev *dev = wl->current_dev;
2615 unsigned long flags;
2616 int err = -ENODEV;
2617
2618 if (!dev)
2619 goto out;
2620 spin_lock_irqsave(&wl->irq_lock, flags);
2621 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
03b29773 2622 b43_dma_get_tx_stats(dev, stats);
e4d6b795
MB		 2623 err = 0;
2624 }
2625 spin_unlock_irqrestore(&wl->irq_lock, flags);
40faacc4 2626out:
e4d6b795
MB		 2627 return err;
2628}
2629
40faacc4
MB		 2630static int b43_op_get_stats(struct ieee80211_hw *hw,
2631 struct ieee80211_low_level_stats *stats)
e4d6b795
MB		 2632{
2633 struct b43_wl *wl = hw_to_b43_wl(hw);
2634 unsigned long flags;
2635
2636 spin_lock_irqsave(&wl->irq_lock, flags);
2637 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
2638 spin_unlock_irqrestore(&wl->irq_lock, flags);
2639
2640 return 0;
2641}
2642
2643static const char *phymode_to_string(unsigned int phymode)
2644{
2645 switch (phymode) {
2646 case B43_PHYMODE_A:
2647 return "A";
2648 case B43_PHYMODE_B:
2649 return "B";
2650 case B43_PHYMODE_G:
2651 return "G";
2652 default:
2653 B43_WARN_ON(1);
2654 }
2655 return "";
2656}
2657
2658static int find_wldev_for_phymode(struct b43_wl *wl,
2659 unsigned int phymode,
2660 struct b43_wldev **dev, bool * gmode)
2661{
2662 struct b43_wldev *d;
2663
2664 list_for_each_entry(d, &wl->devlist, list) {
2665 if (d->phy.possible_phymodes & phymode) {
2666 /* Ok, this device supports the PHY-mode.
2667 * Now figure out how the gmode bit has to be
2668 * set to support it. */
2669 if (phymode == B43_PHYMODE_A)
2670 *gmode = 0;
2671 else
2672 *gmode = 1;
2673 *dev = d;
2674
2675 return 0;
2676 }
2677 }
2678
2679 return -ESRCH;
2680}
2681
2682static void b43_put_phy_into_reset(struct b43_wldev *dev)
2683{
2684 struct ssb_device *sdev = dev->dev;
2685 u32 tmslow;
2686
2687 tmslow = ssb_read32(sdev, SSB_TMSLOW);
2688 tmslow &= ~B43_TMSLOW_GMODE;
2689 tmslow |= B43_TMSLOW_PHYRESET;
2690 tmslow |= SSB_TMSLOW_FGC;
2691 ssb_write32(sdev, SSB_TMSLOW, tmslow);
2692 msleep(1);
2693
2694 tmslow = ssb_read32(sdev, SSB_TMSLOW);
2695 tmslow &= ~SSB_TMSLOW_FGC;
2696 tmslow |= B43_TMSLOW_PHYRESET;
2697 ssb_write32(sdev, SSB_TMSLOW, tmslow);
2698 msleep(1);
2699}
2700
2701/* Expects wl->mutex locked */
2702static int b43_switch_phymode(struct b43_wl *wl, unsigned int new_mode)
2703{
2704 struct b43_wldev *up_dev;
2705 struct b43_wldev *down_dev;
2706 int err;
2707 bool gmode = 0;
2708 int prev_status;
2709
2710 err = find_wldev_for_phymode(wl, new_mode, &up_dev, &gmode);
2711 if (err) {
2712 b43err(wl, "Could not find a device for %s-PHY mode\n",
2713 phymode_to_string(new_mode));
2714 return err;
2715 }
2716 if ((up_dev == wl->current_dev) &&
2717 (!!wl->current_dev->phy.gmode == !!gmode)) {
2718 /* This device is already running. */
2719 return 0;
2720 }
2721 b43dbg(wl, "Reconfiguring PHYmode to %s-PHY\n",
2722 phymode_to_string(new_mode));
2723 down_dev = wl->current_dev;
2724
2725 prev_status = b43_status(down_dev);
2726 /* Shutdown the currently running core. */
2727 if (prev_status >= B43_STAT_STARTED)
2728 b43_wireless_core_stop(down_dev);
2729 if (prev_status >= B43_STAT_INITIALIZED)
2730 b43_wireless_core_exit(down_dev);
2731
2732 if (down_dev != up_dev) {
2733 /* We switch to a different core, so we put PHY into
2734 * RESET on the old core. */
2735 b43_put_phy_into_reset(down_dev);
2736 }
2737
2738 /* Now start the new core. */
2739 up_dev->phy.gmode = gmode;
2740 if (prev_status >= B43_STAT_INITIALIZED) {
2741 err = b43_wireless_core_init(up_dev);
2742 if (err) {
2743 b43err(wl, "Fatal: Could not initialize device for "
2744 "newly selected %s-PHY mode\n",
2745 phymode_to_string(new_mode));
2746 goto init_failure;
2747 }
2748 }
2749 if (prev_status >= B43_STAT_STARTED) {
2750 err = b43_wireless_core_start(up_dev);
2751 if (err) {
2752 b43err(wl, "Fatal: Coult not start device for "
2753 "newly selected %s-PHY mode\n",
2754 phymode_to_string(new_mode));
2755 b43_wireless_core_exit(up_dev);
2756 goto init_failure;
2757 }
2758 }
2759 B43_WARN_ON(b43_status(up_dev) != prev_status);
2760
2761 wl->current_dev = up_dev;
2762
2763 return 0;
2764 init_failure:
2765 /* Whoops, failed to init the new core. No core is operating now. */
2766 wl->current_dev = NULL;
2767 return err;
2768}
2769
9db1f6d7
MB		 2770/* Check if the use of the antenna that ieee80211 told us to
2771 * use is possible. This will fall back to DEFAULT.
2772 * "antenna_nr" is the antenna identifier we got from ieee80211. */
2773u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
2774 u8 antenna_nr)
e4d6b795 2775{
9db1f6d7
MB		 2776 u8 antenna_mask;
2777
2778 if (antenna_nr == 0) {
2779 /* Zero means "use default antenna". That's always OK. */
2780 return 0;
2781 }
2782
2783 /* Get the mask of available antennas. */
2784 if (dev->phy.gmode)
2785 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
2786 else
2787 antenna_mask = dev->dev->bus->sprom.ant_available_a;
2788
2789 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
2790 /* This antenna is not available. Fall back to default. */
2791 return 0;
2792 }
2793
2794 return antenna_nr;
2795}
2796
2797static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
2798{
2799 antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
e4d6b795
MB		 2800 switch (antenna) {
2801 case 0: /* default/diversity */
2802 return B43_ANTENNA_DEFAULT;
2803 case 1: /* Antenna 0 */
2804 return B43_ANTENNA0;
2805 case 2: /* Antenna 1 */
2806 return B43_ANTENNA1;
eb189d8b
MB		 2807 case 3: /* Antenna 2 */
2808 return B43_ANTENNA2;
2809 case 4: /* Antenna 3 */
2810 return B43_ANTENNA3;
e4d6b795
MB		 2811 default:
2812 return B43_ANTENNA_DEFAULT;
2813 }
2814}
2815
40faacc4 2816static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
e4d6b795
MB		 2817{
2818 struct b43_wl *wl = hw_to_b43_wl(hw);
2819 struct b43_wldev *dev;
2820 struct b43_phy *phy;
2821 unsigned long flags;
2822 unsigned int new_phymode = 0xFFFF;
9db1f6d7 2823 int antenna;
e4d6b795
MB		 2824 int err = 0;
2825 u32 savedirqs;
2826
e4d6b795
MB		 2827 mutex_lock(&wl->mutex);
2828
2829 /* Switch the PHY mode (if necessary). */
2830 switch (conf->phymode) {
2831 case MODE_IEEE80211A:
2832 new_phymode = B43_PHYMODE_A;
2833 break;
2834 case MODE_IEEE80211B:
2835 new_phymode = B43_PHYMODE_B;
2836 break;
2837 case MODE_IEEE80211G:
2838 new_phymode = B43_PHYMODE_G;
2839 break;
2840 default:
2841 B43_WARN_ON(1);
2842 }
2843 err = b43_switch_phymode(wl, new_phymode);
2844 if (err)
2845 goto out_unlock_mutex;
2846 dev = wl->current_dev;
2847 phy = &dev->phy;
2848
2849 /* Disable IRQs while reconfiguring the device.
2850 * This makes it possible to drop the spinlock throughout
2851 * the reconfiguration process. */
2852 spin_lock_irqsave(&wl->irq_lock, flags);
2853 if (b43_status(dev) < B43_STAT_STARTED) {
2854 spin_unlock_irqrestore(&wl->irq_lock, flags);
2855 goto out_unlock_mutex;
2856 }
2857 savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
2858 spin_unlock_irqrestore(&wl->irq_lock, flags);
2859 b43_synchronize_irq(dev);
2860
2861 /* Switch to the requested channel.
2862 * The firmware takes care of races with the TX handler. */
2863 if (conf->channel_val != phy->channel)
2864 b43_radio_selectchannel(dev, conf->channel_val, 0);
2865
2866 /* Enable/Disable ShortSlot timing. */
2867 if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
2868 dev->short_slot) {
2869 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
2870 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
2871 b43_short_slot_timing_enable(dev);
2872 else
2873 b43_short_slot_timing_disable(dev);
2874 }
2875
d42ce84a
JB		 2876 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
2877
e4d6b795
MB		 2878 /* Adjust the desired TX power level. */
2879 if (conf->power_level != 0) {
2880 if (conf->power_level != phy->power_level) {
2881 phy->power_level = conf->power_level;
2882 b43_phy_xmitpower(dev);
2883 }
2884 }
2885
2886 /* Antennas for RX and management frame TX. */
9db1f6d7
MB		 2887 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
2888 b43_mgmtframe_txantenna(dev, antenna);
2889 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
2890 b43_set_rx_antenna(dev, antenna);
e4d6b795
MB		 2891
2892 /* Update templates for AP mode. */
2893 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
2894 b43_set_beacon_int(dev, conf->beacon_int);
2895
fda9abcf
MB		 2896 if (!!conf->radio_enabled != phy->radio_on) {
2897 if (conf->radio_enabled) {
2898 b43_radio_turn_on(dev);
2899 b43info(dev->wl, "Radio turned on by software\n");
2900 if (!dev->radio_hw_enable) {
2901 b43info(dev->wl, "The hardware RF-kill button "
2902 "still turns the radio physically off. "
2903 "Press the button to turn it on.\n");
2904 }
2905 } else {
8e9f7529 2906 b43_radio_turn_off(dev, 0);
fda9abcf
MB		 2907 b43info(dev->wl, "Radio turned off by software\n");
2908 }
2909 }
2910
e4d6b795
MB		 2911 spin_lock_irqsave(&wl->irq_lock, flags);
2912 b43_interrupt_enable(dev, savedirqs);
2913 mmiowb();
2914 spin_unlock_irqrestore(&wl->irq_lock, flags);
2915 out_unlock_mutex:
2916 mutex_unlock(&wl->mutex);
2917
2918 return err;
2919}
2920
40faacc4 2921static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4150c572
JB		 2922 const u8 *local_addr, const u8 *addr,
2923 struct ieee80211_key_conf *key)
e4d6b795
MB		 2924{
2925 struct b43_wl *wl = hw_to_b43_wl(hw);
c6dfc9a8 2926 struct b43_wldev *dev;
e4d6b795
MB		 2927 unsigned long flags;
2928 u8 algorithm;
2929 u8 index;
c6dfc9a8 2930 int err;
0795af57 2931 DECLARE_MAC_BUF(mac);
e4d6b795
MB		 2932
2933 if (modparam_nohwcrypt)
2934 return -ENOSPC; /* User disabled HW-crypto */
2935
c6dfc9a8
MB		 2936 mutex_lock(&wl->mutex);
2937 spin_lock_irqsave(&wl->irq_lock, flags);
2938
2939 dev = wl->current_dev;
2940 err = -ENODEV;
2941 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
2942 goto out_unlock;
2943
2944 err = -EINVAL;
e4d6b795 2945 switch (key->alg) {
e4d6b795
MB		 2946 case ALG_WEP:
2947 if (key->keylen == 5)
2948 algorithm = B43_SEC_ALGO_WEP40;
2949 else
2950 algorithm = B43_SEC_ALGO_WEP104;
2951 break;
2952 case ALG_TKIP:
2953 algorithm = B43_SEC_ALGO_TKIP;
2954 break;
2955 case ALG_CCMP:
2956 algorithm = B43_SEC_ALGO_AES;
2957 break;
2958 default:
2959 B43_WARN_ON(1);
c6dfc9a8 2960 goto out_unlock;
e4d6b795 2961 }
e4d6b795
MB		 2962 index = (u8) (key->keyidx);
2963 if (index > 3)
e4d6b795 2964 goto out_unlock;
e4d6b795
MB		 2965
2966 switch (cmd) {
2967 case SET_KEY:
2968 if (algorithm == B43_SEC_ALGO_TKIP) {
2969 /* FIXME: No TKIP hardware encryption for now. */
2970 err = -EOPNOTSUPP;
2971 goto out_unlock;
2972 }
2973
2974 if (is_broadcast_ether_addr(addr)) {
2975 /* addr is FF:FF:FF:FF:FF:FF for default keys */
2976 err = b43_key_write(dev, index, algorithm,
2977 key->key, key->keylen, NULL, key);
2978 } else {
2979 /*
2980 * either pairwise key or address is 00:00:00:00:00:00
2981 * for transmit-only keys
2982 */
2983 err = b43_key_write(dev, -1, algorithm,
2984 key->key, key->keylen, addr, key);
2985 }
2986 if (err)
2987 goto out_unlock;
2988
2989 if (algorithm == B43_SEC_ALGO_WEP40 ||
2990 algorithm == B43_SEC_ALGO_WEP104) {
2991 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
2992 } else {
2993 b43_hf_write(dev,
2994 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
2995 }
2996 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
2997 break;
2998 case DISABLE_KEY: {
2999 err = b43_key_clear(dev, key->hw_key_idx);
3000 if (err)
3001 goto out_unlock;
3002 break;
3003 }
3004 default:
3005 B43_WARN_ON(1);
3006 }
3007out_unlock:
3008 spin_unlock_irqrestore(&wl->irq_lock, flags);
3009 mutex_unlock(&wl->mutex);
e4d6b795
MB		 3010 if (!err) {
3011 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
0795af57 3012 "mac: %s\n",
e4d6b795 3013 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
0795af57 3014 print_mac(mac, addr));
e4d6b795
MB		 3015 }
3016 return err;
3017}
3018
40faacc4
MB		 3019static void b43_op_configure_filter(struct ieee80211_hw *hw,
3020 unsigned int changed, unsigned int *fflags,
3021 int mc_count, struct dev_addr_list *mc_list)
e4d6b795
MB		 3022{
3023 struct b43_wl *wl = hw_to_b43_wl(hw);
3024 struct b43_wldev *dev = wl->current_dev;
3025 unsigned long flags;
3026
4150c572
JB		 3027 if (!dev) {
3028 *fflags = 0;
e4d6b795 3029 return;
e4d6b795 3030 }
4150c572
JB		 3031
3032 spin_lock_irqsave(&wl->irq_lock, flags);
3033 *fflags &= FIF_PROMISC_IN_BSS |
3034 FIF_ALLMULTI |
3035 FIF_FCSFAIL |
3036 FIF_PLCPFAIL |
3037 FIF_CONTROL |
3038 FIF_OTHER_BSS |
3039 FIF_BCN_PRBRESP_PROMISC;
3040
3041 changed &= FIF_PROMISC_IN_BSS |
3042 FIF_ALLMULTI |
3043 FIF_FCSFAIL |
3044 FIF_PLCPFAIL |
3045 FIF_CONTROL |
3046 FIF_OTHER_BSS |
3047 FIF_BCN_PRBRESP_PROMISC;
3048
3049 wl->filter_flags = *fflags;
3050
3051 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3052 b43_adjust_opmode(dev);
e4d6b795
MB		 3053 spin_unlock_irqrestore(&wl->irq_lock, flags);
3054}
3055
40faacc4 3056static int b43_op_config_interface(struct ieee80211_hw *hw,
32bfd35d 3057 struct ieee80211_vif *vif,
40faacc4 3058 struct ieee80211_if_conf *conf)
e4d6b795
MB		 3059{
3060 struct b43_wl *wl = hw_to_b43_wl(hw);
3061 struct b43_wldev *dev = wl->current_dev;
3062 unsigned long flags;
3063
3064 if (!dev)
3065 return -ENODEV;
3066 mutex_lock(&wl->mutex);
3067 spin_lock_irqsave(&wl->irq_lock, flags);
32bfd35d 3068 B43_WARN_ON(wl->vif != vif);
4150c572
JB		 3069 if (conf->bssid)
3070 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3071 else
3072 memset(wl->bssid, 0, ETH_ALEN);
3073 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3074 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP)) {
3075 B43_WARN_ON(conf->type != IEEE80211_IF_TYPE_AP);
3076 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3077 if (conf->beacon)
e66fee6a 3078 b43_update_templates(wl, conf->beacon);
e4d6b795 3079 }
4150c572 3080 b43_write_mac_bssid_templates(dev);
e4d6b795
MB		 3081 }
3082 spin_unlock_irqrestore(&wl->irq_lock, flags);
3083 mutex_unlock(&wl->mutex);
3084
3085 return 0;
3086}
3087
3088/* Locking: wl->mutex */
3089static void b43_wireless_core_stop(struct b43_wldev *dev)
3090{
3091 struct b43_wl *wl = dev->wl;
3092 unsigned long flags;
3093
3094 if (b43_status(dev) < B43_STAT_STARTED)
3095 return;
a19d12d7
SB		 3096
3097 /* Disable and sync interrupts. We must do this before than
3098 * setting the status to INITIALIZED, as the interrupt handler
3099 * won't care about IRQs then. */
3100 spin_lock_irqsave(&wl->irq_lock, flags);
3101 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3102 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3103 spin_unlock_irqrestore(&wl->irq_lock, flags);
3104 b43_synchronize_irq(dev);
3105
e4d6b795
MB		 3106 b43_set_status(dev, B43_STAT_INITIALIZED);
3107
3108 mutex_unlock(&wl->mutex);
3109 /* Must unlock as it would otherwise deadlock. No races here.
3110 * Cancel the possibly running self-rearming periodic work. */
3111 cancel_delayed_work_sync(&dev->periodic_work);
3112 mutex_lock(&wl->mutex);
3113
3114 ieee80211_stop_queues(wl->hw); //FIXME this could cause a deadlock, as mac80211 seems buggy.
3115
e4d6b795
MB		 3116 b43_mac_suspend(dev);
3117 free_irq(dev->dev->irq, dev);
3118 b43dbg(wl, "Wireless interface stopped\n");
3119}
3120
3121/* Locking: wl->mutex */
3122static int b43_wireless_core_start(struct b43_wldev *dev)
3123{
3124 int err;
3125
3126 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3127
3128 drain_txstatus_queue(dev);
3129 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3130 IRQF_SHARED, KBUILD_MODNAME, dev);
3131 if (err) {
3132 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3133 goto out;
3134 }
3135
3136 /* We are ready to run. */
3137 b43_set_status(dev, B43_STAT_STARTED);
3138
3139 /* Start data flow (TX/RX). */
3140 b43_mac_enable(dev);
3141 b43_interrupt_enable(dev, dev->irq_savedstate);
3142 ieee80211_start_queues(dev->wl->hw);
3143
3144 /* Start maintainance work */
3145 b43_periodic_tasks_setup(dev);
3146
3147 b43dbg(dev->wl, "Wireless interface started\n");
3148 out:
3149 return err;
3150}
3151
3152/* Get PHY and RADIO versioning numbers */
3153static int b43_phy_versioning(struct b43_wldev *dev)
3154{
3155 struct b43_phy *phy = &dev->phy;
3156 u32 tmp;
3157 u8 analog_type;
3158 u8 phy_type;
3159 u8 phy_rev;
3160 u16 radio_manuf;
3161 u16 radio_ver;
3162 u16 radio_rev;
3163 int unsupported = 0;
3164
3165 /* Get PHY versioning */
3166 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3167 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3168 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3169 phy_rev = (tmp & B43_PHYVER_VERSION);
3170 switch (phy_type) {
3171 case B43_PHYTYPE_A:
3172 if (phy_rev >= 4)
3173 unsupported = 1;
3174 break;
3175 case B43_PHYTYPE_B:
3176 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3177 && phy_rev != 7)
3178 unsupported = 1;
3179 break;
3180 case B43_PHYTYPE_G:
013978b6 3181 if (phy_rev > 9)
e4d6b795
MB		 3182 unsupported = 1;
3183 break;
d5c71e46
MB		 3184#ifdef CONFIG_B43_NPHY
3185 case B43_PHYTYPE_N:
3186 if (phy_rev > 1)
3187 unsupported = 1;
3188 break;
3189#endif
e4d6b795
MB		 3190 default:
3191 unsupported = 1;
3192 };
3193 if (unsupported) {
3194 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3195 "(Analog %u, Type %u, Revision %u)\n",
3196 analog_type, phy_type, phy_rev);
3197 return -EOPNOTSUPP;
3198 }
3199 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3200 analog_type, phy_type, phy_rev);
3201
3202 /* Get RADIO versioning */
3203 if (dev->dev->bus->chip_id == 0x4317) {
3204 if (dev->dev->bus->chip_rev == 0)
3205 tmp = 0x3205017F;
3206 else if (dev->dev->bus->chip_rev == 1)
3207 tmp = 0x4205017F;
3208 else
3209 tmp = 0x5205017F;
3210 } else {
3211 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
243dcfcc 3212 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
e4d6b795 3213 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
243dcfcc 3214 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
e4d6b795
MB		 3215 }
3216 radio_manuf = (tmp & 0x00000FFF);
3217 radio_ver = (tmp & 0x0FFFF000) >> 12;
3218 radio_rev = (tmp & 0xF0000000) >> 28;
96c755a3
MB		 3219 if (radio_manuf != 0x17F /* Broadcom */)
3220 unsupported = 1;
e4d6b795
MB		 3221 switch (phy_type) {
3222 case B43_PHYTYPE_A:
3223 if (radio_ver != 0x2060)
3224 unsupported = 1;
3225 if (radio_rev != 1)
3226 unsupported = 1;
3227 if (radio_manuf != 0x17F)
3228 unsupported = 1;
3229 break;
3230 case B43_PHYTYPE_B:
3231 if ((radio_ver & 0xFFF0) != 0x2050)
3232 unsupported = 1;
3233 break;
3234 case B43_PHYTYPE_G:
3235 if (radio_ver != 0x2050)
3236 unsupported = 1;
3237 break;
96c755a3 3238 case B43_PHYTYPE_N:
243dcfcc 3239 if (radio_ver != 0x2055)
96c755a3
MB		 3240 unsupported = 1;
3241 break;
e4d6b795
MB		 3242 default:
3243 B43_WARN_ON(1);
3244 }
3245 if (unsupported) {
3246 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3247 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3248 radio_manuf, radio_ver, radio_rev);
3249 return -EOPNOTSUPP;
3250 }
3251 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3252 radio_manuf, radio_ver, radio_rev);
3253
3254 phy->radio_manuf = radio_manuf;
3255 phy->radio_ver = radio_ver;
3256 phy->radio_rev = radio_rev;
3257
3258 phy->analog = analog_type;
3259 phy->type = phy_type;
3260 phy->rev = phy_rev;
3261
3262 return 0;
3263}
3264
3265static void setup_struct_phy_for_init(struct b43_wldev *dev,
3266 struct b43_phy *phy)
3267{
3268 struct b43_txpower_lo_control *lo;
3269 int i;
3270
3271 memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3272 memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3273
e4d6b795
MB		 3274 phy->aci_enable = 0;
3275 phy->aci_wlan_automatic = 0;
3276 phy->aci_hw_rssi = 0;
3277
fda9abcf
MB		 3278 phy->radio_off_context.valid = 0;
3279
e4d6b795
MB		 3280 lo = phy->lo_control;
3281 if (lo) {
3282 memset(lo, 0, sizeof(*(phy->lo_control)));
3283 lo->rebuild = 1;
3284 lo->tx_bias = 0xFF;
3285 }
3286 phy->max_lb_gain = 0;
3287 phy->trsw_rx_gain = 0;
3288 phy->txpwr_offset = 0;
3289
3290 /* NRSSI */
3291 phy->nrssislope = 0;
3292 for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3293 phy->nrssi[i] = -1000;
3294 for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3295 phy->nrssi_lt[i] = i;
3296
3297 phy->lofcal = 0xFFFF;
3298 phy->initval = 0xFFFF;
3299
e4d6b795
MB		 3300 phy->interfmode = B43_INTERFMODE_NONE;
3301 phy->channel = 0xFF;
3302
3303 phy->hardware_power_control = !!modparam_hwpctl;
8ed7fc48
MB		 3304
3305 /* PHY TX errors counter. */
3306 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3307
3308 /* OFDM-table address caching. */
3309 phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
e4d6b795
MB		 3310}
3311
3312static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3313{
aa6c7ae2
MB		 3314 dev->dfq_valid = 0;
3315
6a724d68
MB		 3316 /* Assume the radio is enabled. If it's not enabled, the state will
3317 * immediately get fixed on the first periodic work run. */
3318 dev->radio_hw_enable = 1;
e4d6b795
MB		 3319
3320 /* Stats */
3321 memset(&dev->stats, 0, sizeof(dev->stats));
3322
3323 setup_struct_phy_for_init(dev, &dev->phy);
3324
3325 /* IRQ related flags */
3326 dev->irq_reason = 0;
3327 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3328 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3329
3330 dev->mac_suspended = 1;
3331
3332 /* Noise calculation context */
3333 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3334}
3335
3336static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3337{
3338 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3339 u32 hf;
3340
95de2841 3341 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
e4d6b795
MB		 3342 return;
3343 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3344 return;
3345
3346 hf = b43_hf_read(dev);
95de2841 3347 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
e4d6b795
MB		 3348 hf |= B43_HF_BTCOEXALT;
3349 else
3350 hf |= B43_HF_BTCOEX;
3351 b43_hf_write(dev, hf);
3352 //TODO
3353}
3354
3355static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3356{ //TODO
3357}
3358
3359static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3360{
3361#ifdef CONFIG_SSB_DRIVER_PCICORE
3362 struct ssb_bus *bus = dev->dev->bus;
3363 u32 tmp;
3364
3365 if (bus->pcicore.dev &&
3366 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3367 bus->pcicore.dev->id.revision <= 5) {
3368 /* IMCFGLO timeouts workaround. */
3369 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3370 tmp &= ~SSB_IMCFGLO_REQTO;
3371 tmp &= ~SSB_IMCFGLO_SERTO;
3372 switch (bus->bustype) {
3373 case SSB_BUSTYPE_PCI:
3374 case SSB_BUSTYPE_PCMCIA:
3375 tmp |= 0x32;
3376 break;
3377 case SSB_BUSTYPE_SSB:
3378 tmp |= 0x53;
3379 break;
3380 }
3381 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3382 }
3383#endif /* CONFIG_SSB_DRIVER_PCICORE */
3384}
3385
74cfdba7
MB		 3386/* Write the short and long frame retry limit values. */
3387static void b43_set_retry_limits(struct b43_wldev *dev,
3388 unsigned int short_retry,
3389 unsigned int long_retry)
3390{
3391 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3392 * the chip-internal counter. */
3393 short_retry = min(short_retry, (unsigned int)0xF);
3394 long_retry = min(long_retry, (unsigned int)0xF);
3395
3396 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3397 short_retry);
3398 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3399 long_retry);
3400}
3401
e4d6b795
MB		 3402/* Shutdown a wireless core */
3403/* Locking: wl->mutex */
3404static void b43_wireless_core_exit(struct b43_wldev *dev)
3405{
3406 struct b43_phy *phy = &dev->phy;
1f7d87b0 3407 u32 macctl;
e4d6b795
MB		 3408
3409 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3410 if (b43_status(dev) != B43_STAT_INITIALIZED)
3411 return;
3412 b43_set_status(dev, B43_STAT_UNINIT);
3413
1f7d87b0
MB		 3414 /* Stop the microcode PSM. */
3415 macctl = b43_read32(dev, B43_MMIO_MACCTL);
3416 macctl &= ~B43_MACCTL_PSM_RUN;
3417 macctl |= B43_MACCTL_PSM_JMP0;
3418 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3419
1a8d1227 3420 b43_leds_exit(dev);
e4d6b795 3421 b43_rng_exit(dev->wl);
e4d6b795
MB		 3422 b43_dma_free(dev);
3423 b43_chip_exit(dev);
8e9f7529 3424 b43_radio_turn_off(dev, 1);
e4d6b795
MB		 3425 b43_switch_analog(dev, 0);
3426 if (phy->dyn_tssi_tbl)
3427 kfree(phy->tssi2dbm);
3428 kfree(phy->lo_control);
3429 phy->lo_control = NULL;
e66fee6a
MB		 3430 if (dev->wl->current_beacon) {
3431 dev_kfree_skb_any(dev->wl->current_beacon);
3432 dev->wl->current_beacon = NULL;
3433 }
3434
e4d6b795
MB		 3435 ssb_device_disable(dev->dev, 0);
3436 ssb_bus_may_powerdown(dev->dev->bus);
3437}
3438
3439/* Initialize a wireless core */
3440static int b43_wireless_core_init(struct b43_wldev *dev)
3441{
3442 struct b43_wl *wl = dev->wl;
3443 struct ssb_bus *bus = dev->dev->bus;
3444 struct ssb_sprom *sprom = &bus->sprom;
3445 struct b43_phy *phy = &dev->phy;
3446 int err;
3447 u32 hf, tmp;
3448
3449 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3450
3451 err = ssb_bus_powerup(bus, 0);
3452 if (err)
3453 goto out;
3454 if (!ssb_device_is_enabled(dev->dev)) {
3455 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3456 b43_wireless_core_reset(dev, tmp);
3457 }
3458
3459 if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
3460 phy->lo_control =
3461 kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
3462 if (!phy->lo_control) {
3463 err = -ENOMEM;
3464 goto err_busdown;
3465 }
3466 }
3467 setup_struct_wldev_for_init(dev);
3468
3469 err = b43_phy_init_tssi2dbm_table(dev);
3470 if (err)
3471 goto err_kfree_lo_control;
3472
3473 /* Enable IRQ routing to this device. */
3474 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3475
3476 b43_imcfglo_timeouts_workaround(dev);
3477 b43_bluetooth_coext_disable(dev);
3478 b43_phy_early_init(dev);
3479 err = b43_chip_init(dev);
3480 if (err)
3481 goto err_kfree_tssitbl;
3482 b43_shm_write16(dev, B43_SHM_SHARED,
3483 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
3484 hf = b43_hf_read(dev);
3485 if (phy->type == B43_PHYTYPE_G) {
3486 hf |= B43_HF_SYMW;
3487 if (phy->rev == 1)
3488 hf |= B43_HF_GDCW;
95de2841 3489 if (sprom->boardflags_lo & B43_BFL_PACTRL)
e4d6b795
MB		 3490 hf |= B43_HF_OFDMPABOOST;
3491 } else if (phy->type == B43_PHYTYPE_B) {
3492 hf |= B43_HF_SYMW;
3493 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
3494 hf &= ~B43_HF_GDCW;
3495 }
3496 b43_hf_write(dev, hf);
3497
74cfdba7
MB		 3498 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
3499 B43_DEFAULT_LONG_RETRY_LIMIT);
e4d6b795
MB		 3500 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
3501 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
3502
3503 /* Disable sending probe responses from firmware.
3504 * Setting the MaxTime to one usec will always trigger
3505 * a timeout, so we never send any probe resp.
3506 * A timeout of zero is infinite. */
3507 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
3508
3509 b43_rate_memory_init(dev);
3510
3511 /* Minimum Contention Window */
3512 if (phy->type == B43_PHYTYPE_B) {
3513 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
3514 } else {
3515 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
3516 }
3517 /* Maximum Contention Window */
3518 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
3519
03b29773 3520 err = b43_dma_init(dev);
e4d6b795
MB		 3521 if (err)
3522 goto err_chip_exit;
03b29773 3523 b43_qos_init(dev);
e4d6b795
MB		 3524
3525//FIXME
3526#if 1
3527 b43_write16(dev, 0x0612, 0x0050);
3528 b43_shm_write16(dev, B43_SHM_SHARED, 0x0416, 0x0050);
3529 b43_shm_write16(dev, B43_SHM_SHARED, 0x0414, 0x01F4);
3530#endif
3531
3532 b43_bluetooth_coext_enable(dev);
3533
3534 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
3535 memset(wl->bssid, 0, ETH_ALEN);
4150c572
JB		 3536 memset(wl->mac_addr, 0, ETH_ALEN);
3537 b43_upload_card_macaddress(dev);
e4d6b795
MB		 3538 b43_security_init(dev);
3539 b43_rng_init(wl);
3540
3541 b43_set_status(dev, B43_STAT_INITIALIZED);
3542
1a8d1227
LF		 3543 b43_leds_init(dev);
3544out:
e4d6b795
MB		 3545 return err;
3546
3547 err_chip_exit:
3548 b43_chip_exit(dev);
3549 err_kfree_tssitbl:
3550 if (phy->dyn_tssi_tbl)
3551 kfree(phy->tssi2dbm);
3552 err_kfree_lo_control:
3553 kfree(phy->lo_control);
3554 phy->lo_control = NULL;
3555 err_busdown:
3556 ssb_bus_may_powerdown(bus);
3557 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3558 return err;
3559}
3560
40faacc4
MB		 3561static int b43_op_add_interface(struct ieee80211_hw *hw,
3562 struct ieee80211_if_init_conf *conf)
e4d6b795
MB		 3563{
3564 struct b43_wl *wl = hw_to_b43_wl(hw);
3565 struct b43_wldev *dev;
3566 unsigned long flags;
3567 int err = -EOPNOTSUPP;
4150c572
JB		 3568
3569 /* TODO: allow WDS/AP devices to coexist */
3570
3571 if (conf->type != IEEE80211_IF_TYPE_AP &&
3572 conf->type != IEEE80211_IF_TYPE_STA &&
3573 conf->type != IEEE80211_IF_TYPE_WDS &&
3574 conf->type != IEEE80211_IF_TYPE_IBSS)
3575 return -EOPNOTSUPP;
e4d6b795
MB		 3576
3577 mutex_lock(&wl->mutex);
4150c572 3578 if (wl->operating)
e4d6b795
MB		 3579 goto out_mutex_unlock;
3580
3581 b43dbg(wl, "Adding Interface type %d\n", conf->type);
3582
3583 dev = wl->current_dev;
4150c572 3584 wl->operating = 1;
32bfd35d 3585 wl->vif = conf->vif;
4150c572
JB		 3586 wl->if_type = conf->type;
3587 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
3588
3589 spin_lock_irqsave(&wl->irq_lock, flags);
3590 b43_adjust_opmode(dev);
3591 b43_upload_card_macaddress(dev);
3592 spin_unlock_irqrestore(&wl->irq_lock, flags);
3593
3594 err = 0;
3595 out_mutex_unlock:
3596 mutex_unlock(&wl->mutex);
3597
3598 return err;
3599}
3600
40faacc4
MB		 3601static void b43_op_remove_interface(struct ieee80211_hw *hw,
3602 struct ieee80211_if_init_conf *conf)
4150c572
JB		 3603{
3604 struct b43_wl *wl = hw_to_b43_wl(hw);
3605 struct b43_wldev *dev = wl->current_dev;
3606 unsigned long flags;
3607
3608 b43dbg(wl, "Removing Interface type %d\n", conf->type);
3609
3610 mutex_lock(&wl->mutex);
3611
3612 B43_WARN_ON(!wl->operating);
32bfd35d
JB		 3613 B43_WARN_ON(wl->vif != conf->vif);
3614 wl->vif = NULL;
4150c572
JB		 3615
3616 wl->operating = 0;
3617
3618 spin_lock_irqsave(&wl->irq_lock, flags);
3619 b43_adjust_opmode(dev);
3620 memset(wl->mac_addr, 0, ETH_ALEN);
3621 b43_upload_card_macaddress(dev);
3622 spin_unlock_irqrestore(&wl->irq_lock, flags);
3623
3624 mutex_unlock(&wl->mutex);
3625}
3626
40faacc4 3627static int b43_op_start(struct ieee80211_hw *hw)
4150c572
JB		 3628{
3629 struct b43_wl *wl = hw_to_b43_wl(hw);
3630 struct b43_wldev *dev = wl->current_dev;
3631 int did_init = 0;
923403b8 3632 int err = 0;
1946a2c3 3633 bool do_rfkill_exit = 0;
4150c572 3634
1a8d1227
LF		 3635 /* First register RFkill.
3636 * LEDs that are registered later depend on it. */
3637 b43_rfkill_init(dev);
3638
4150c572
JB		 3639 mutex_lock(&wl->mutex);
3640
e4d6b795
MB		 3641 if (b43_status(dev) < B43_STAT_INITIALIZED) {
3642 err = b43_wireless_core_init(dev);
1946a2c3
MB		 3643 if (err) {
3644 do_rfkill_exit = 1;
e4d6b795 3645 goto out_mutex_unlock;
1946a2c3 3646 }
e4d6b795
MB		 3647 did_init = 1;
3648 }
4150c572 3649
e4d6b795
MB		 3650 if (b43_status(dev) < B43_STAT_STARTED) {
3651 err = b43_wireless_core_start(dev);
3652 if (err) {
3653 if (did_init)
3654 b43_wireless_core_exit(dev);
1946a2c3 3655 do_rfkill_exit = 1;
e4d6b795
MB		 3656 goto out_mutex_unlock;
3657 }
3658 }
3659
4150c572 3660 out_mutex_unlock:
e4d6b795
MB		 3661 mutex_unlock(&wl->mutex);
3662
1946a2c3
MB		 3663 if (do_rfkill_exit)
3664 b43_rfkill_exit(dev);
3665
e4d6b795
MB		 3666 return err;
3667}
3668
40faacc4 3669static void b43_op_stop(struct ieee80211_hw *hw)
e4d6b795
MB		 3670{
3671 struct b43_wl *wl = hw_to_b43_wl(hw);
4150c572 3672 struct b43_wldev *dev = wl->current_dev;
e4d6b795 3673
1a8d1227
LF		 3674 b43_rfkill_exit(dev);
3675
e4d6b795 3676 mutex_lock(&wl->mutex);
4150c572
JB		 3677 if (b43_status(dev) >= B43_STAT_STARTED)
3678 b43_wireless_core_stop(dev);
3679 b43_wireless_core_exit(dev);
e4d6b795
MB		 3680 mutex_unlock(&wl->mutex);
3681}
3682
74cfdba7
MB		 3683static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
3684 u32 short_retry_limit, u32 long_retry_limit)
3685{
3686 struct b43_wl *wl = hw_to_b43_wl(hw);
3687 struct b43_wldev *dev;
3688 int err = 0;
3689
3690 mutex_lock(&wl->mutex);
3691 dev = wl->current_dev;
3692 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
3693 err = -ENODEV;
3694 goto out_unlock;
3695 }
3696 b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
3697out_unlock:
3698 mutex_unlock(&wl->mutex);
3699
3700 return err;
3701}
3702
e66fee6a
MB		 3703static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
3704{
3705 struct b43_wl *wl = hw_to_b43_wl(hw);
3706 struct sk_buff *beacon;
d4df6f1a 3707 unsigned long flags;
e66fee6a
MB		 3708
3709 /* We could modify the existing beacon and set the aid bit in
3710 * the TIM field, but that would probably require resizing and
3711 * moving of data within the beacon template.
3712 * Simply request a new beacon and let mac80211 do the hard work. */
3713 beacon = ieee80211_beacon_get(hw, wl->vif, NULL);
3714 if (unlikely(!beacon))
3715 return -ENOMEM;
d4df6f1a 3716 spin_lock_irqsave(&wl->irq_lock, flags);
e66fee6a 3717 b43_update_templates(wl, beacon);
d4df6f1a 3718 spin_unlock_irqrestore(&wl->irq_lock, flags);
e66fee6a
MB		 3719
3720 return 0;
3721}
3722
3723static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
3724 struct sk_buff *beacon,
3725 struct ieee80211_tx_control *ctl)
3726{
3727 struct b43_wl *wl = hw_to_b43_wl(hw);
d4df6f1a 3728 unsigned long flags;
e66fee6a 3729
d4df6f1a 3730 spin_lock_irqsave(&wl->irq_lock, flags);
e66fee6a 3731 b43_update_templates(wl, beacon);
d4df6f1a 3732 spin_unlock_irqrestore(&wl->irq_lock, flags);
e66fee6a
MB		 3733
3734 return 0;
3735}
3736
e4d6b795 3737static const struct ieee80211_ops b43_hw_ops = {
40faacc4
MB		 3738 .tx = b43_op_tx,
3739 .conf_tx = b43_op_conf_tx,
3740 .add_interface = b43_op_add_interface,
3741 .remove_interface = b43_op_remove_interface,
3742 .config = b43_op_config,
3743 .config_interface = b43_op_config_interface,
3744 .configure_filter = b43_op_configure_filter,
3745 .set_key = b43_op_set_key,
3746 .get_stats = b43_op_get_stats,
3747 .get_tx_stats = b43_op_get_tx_stats,
3748 .start = b43_op_start,
3749 .stop = b43_op_stop,
74cfdba7 3750 .set_retry_limit = b43_op_set_retry_limit,
e66fee6a
MB		 3751 .set_tim = b43_op_beacon_set_tim,
3752 .beacon_update = b43_op_ibss_beacon_update,
e4d6b795
MB		 3753};
3754
3755/* Hard-reset the chip. Do not call this directly.
3756 * Use b43_controller_restart()
3757 */
3758static void b43_chip_reset(struct work_struct *work)
3759{
3760 struct b43_wldev *dev =
3761 container_of(work, struct b43_wldev, restart_work);
3762 struct b43_wl *wl = dev->wl;
3763 int err = 0;
3764 int prev_status;
3765
3766 mutex_lock(&wl->mutex);
3767
3768 prev_status = b43_status(dev);
3769 /* Bring the device down... */
3770 if (prev_status >= B43_STAT_STARTED)
3771 b43_wireless_core_stop(dev);
3772 if (prev_status >= B43_STAT_INITIALIZED)
3773 b43_wireless_core_exit(dev);
3774
3775 /* ...and up again. */
3776 if (prev_status >= B43_STAT_INITIALIZED) {
3777 err = b43_wireless_core_init(dev);
3778 if (err)
3779 goto out;
3780 }
3781 if (prev_status >= B43_STAT_STARTED) {
3782 err = b43_wireless_core_start(dev);
3783 if (err) {
3784 b43_wireless_core_exit(dev);
3785 goto out;
3786 }
3787 }
3788 out:
3789 mutex_unlock(&wl->mutex);
3790 if (err)
3791 b43err(wl, "Controller restart FAILED\n");
3792 else
3793 b43info(wl, "Controller restarted\n");
3794}
3795
3796static int b43_setup_modes(struct b43_wldev *dev,
96c755a3 3797 bool have_2ghz_phy, bool have_5ghz_phy)
e4d6b795
MB		 3798{
3799 struct ieee80211_hw *hw = dev->wl->hw;
3800 struct ieee80211_hw_mode *mode;
3801 struct b43_phy *phy = &dev->phy;
e4d6b795
MB		 3802 int err;
3803
96c755a3
MB		 3804 /* XXX: This function will go away soon, when mac80211
3805 * band stuff is rewritten. So this is just a hack.
3806 * For now we always claim GPHY mode, as there is no
3807 * support for NPHY and APHY in the device, yet.
3808 * This assumption is OK, as any B, N or A PHY will already
3809 * have died a horrible sanity check death earlier. */
3810
3811 mode = &phy->hwmodes[0];
3812 mode->mode = MODE_IEEE80211G;
3813 mode->num_channels = b43_2ghz_chantable_size;
3814 mode->channels = b43_2ghz_chantable;
3815 mode->num_rates = b43_g_ratetable_size;
3816 mode->rates = b43_g_ratetable;
3817 err = ieee80211_register_hwmode(hw, mode);
3818 if (err)
3819 return err;
3820 phy->possible_phymodes |= B43_PHYMODE_G;
e4d6b795
MB		 3821
3822 return 0;
3823}
3824
3825static void b43_wireless_core_detach(struct b43_wldev *dev)
3826{
3827 /* We release firmware that late to not be required to re-request
3828 * is all the time when we reinit the core. */
3829 b43_release_firmware(dev);
3830}
3831
3832static int b43_wireless_core_attach(struct b43_wldev *dev)
3833{
3834 struct b43_wl *wl = dev->wl;
3835 struct ssb_bus *bus = dev->dev->bus;
3836 struct pci_dev *pdev = bus->host_pci;
3837 int err;
96c755a3 3838 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
e4d6b795
MB		 3839 u32 tmp;
3840
3841 /* Do NOT do any device initialization here.
3842 * Do it in wireless_core_init() instead.
3843 * This function is for gathering basic information about the HW, only.
3844 * Also some structs may be set up here. But most likely you want to have
3845 * that in core_init(), too.
3846 */
3847
3848 err = ssb_bus_powerup(bus, 0);
3849 if (err) {
3850 b43err(wl, "Bus powerup failed\n");
3851 goto out;
3852 }
3853 /* Get the PHY type. */
3854 if (dev->dev->id.revision >= 5) {
3855 u32 tmshigh;
3856
3857 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
96c755a3
MB		 3858 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
3859 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
e4d6b795 3860 } else
96c755a3 3861 B43_WARN_ON(1);
e4d6b795 3862
96c755a3 3863 dev->phy.gmode = have_2ghz_phy;
e4d6b795
MB		 3864 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
3865 b43_wireless_core_reset(dev, tmp);
3866
3867 err = b43_phy_versioning(dev);
3868 if (err)
21954c36 3869 goto err_powerdown;
e4d6b795
MB		 3870 /* Check if this device supports multiband. */
3871 if (!pdev ||
3872 (pdev->device != 0x4312 &&
3873 pdev->device != 0x4319 && pdev->device != 0x4324)) {
3874 /* No multiband support. */
96c755a3
MB		 3875 have_2ghz_phy = 0;
3876 have_5ghz_phy = 0;
e4d6b795
MB		 3877 switch (dev->phy.type) {
3878 case B43_PHYTYPE_A:
96c755a3 3879 have_5ghz_phy = 1;
e4d6b795
MB		 3880 break;
3881 case B43_PHYTYPE_G:
96c755a3
MB		 3882 case B43_PHYTYPE_N:
3883 have_2ghz_phy = 1;
e4d6b795
MB		 3884 break;
3885 default:
3886 B43_WARN_ON(1);
3887 }
3888 }
96c755a3
MB		 3889 if (dev->phy.type == B43_PHYTYPE_A) {
3890 /* FIXME */
3891 b43err(wl, "IEEE 802.11a devices are unsupported\n");
3892 err = -EOPNOTSUPP;
3893 goto err_powerdown;
3894 }
3895 dev->phy.gmode = have_2ghz_phy;
e4d6b795
MB		 3896 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
3897 b43_wireless_core_reset(dev, tmp);
3898
3899 err = b43_validate_chipaccess(dev);
3900 if (err)
21954c36 3901 goto err_powerdown;
96c755a3 3902 err = b43_setup_modes(dev, have_2ghz_phy, have_5ghz_phy);
e4d6b795 3903 if (err)
21954c36 3904 goto err_powerdown;
e4d6b795
MB		 3905
3906 /* Now set some default "current_dev" */
3907 if (!wl->current_dev)
3908 wl->current_dev = dev;
3909 INIT_WORK(&dev->restart_work, b43_chip_reset);
3910
8e9f7529 3911 b43_radio_turn_off(dev, 1);
e4d6b795
MB		 3912 b43_switch_analog(dev, 0);
3913 ssb_device_disable(dev->dev, 0);
3914 ssb_bus_may_powerdown(bus);
3915
3916out:
3917 return err;
3918
e4d6b795
MB		 3919err_powerdown:
3920 ssb_bus_may_powerdown(bus);
3921 return err;
3922}
3923
3924static void b43_one_core_detach(struct ssb_device *dev)
3925{
3926 struct b43_wldev *wldev;
3927 struct b43_wl *wl;
3928
3929 wldev = ssb_get_drvdata(dev);
3930 wl = wldev->wl;
3931 cancel_work_sync(&wldev->restart_work);
3932 b43_debugfs_remove_device(wldev);
3933 b43_wireless_core_detach(wldev);
3934 list_del(&wldev->list);
3935 wl->nr_devs--;
3936 ssb_set_drvdata(dev, NULL);
3937 kfree(wldev);
3938}
3939
3940static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
3941{
3942 struct b43_wldev *wldev;
3943 struct pci_dev *pdev;
3944 int err = -ENOMEM;
3945
3946 if (!list_empty(&wl->devlist)) {
3947 /* We are not the first core on this chip. */
3948 pdev = dev->bus->host_pci;
3949 /* Only special chips support more than one wireless
3950 * core, although some of the other chips have more than
3951 * one wireless core as well. Check for this and
3952 * bail out early.
3953 */
3954 if (!pdev ||
3955 ((pdev->device != 0x4321) &&
3956 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
3957 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
3958 return -ENODEV;
3959 }
3960 }
3961
3962 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
3963 if (!wldev)
3964 goto out;
3965
3966 wldev->dev = dev;
3967 wldev->wl = wl;
3968 b43_set_status(wldev, B43_STAT_UNINIT);
3969 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
3970 tasklet_init(&wldev->isr_tasklet,
3971 (void (*)(unsigned long))b43_interrupt_tasklet,
3972 (unsigned long)wldev);
e4d6b795
MB		 3973 INIT_LIST_HEAD(&wldev->list);
3974
3975 err = b43_wireless_core_attach(wldev);
3976 if (err)
3977 goto err_kfree_wldev;
3978
3979 list_add(&wldev->list, &wl->devlist);
3980 wl->nr_devs++;
3981 ssb_set_drvdata(dev, wldev);
3982 b43_debugfs_add_device(wldev);
3983
3984 out:
3985 return err;
3986
3987 err_kfree_wldev:
3988 kfree(wldev);
3989 return err;
3990}
3991
3992static void b43_sprom_fixup(struct ssb_bus *bus)
3993{
3994 /* boardflags workarounds */
3995 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
3996 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
95de2841 3997 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
e4d6b795
MB		 3998 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
3999 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
95de2841 4000 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
e4d6b795
MB		 4001}
4002
4003static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4004{
4005 struct ieee80211_hw *hw = wl->hw;
4006
4007 ssb_set_devtypedata(dev, NULL);
4008 ieee80211_free_hw(hw);
4009}
4010
4011static int b43_wireless_init(struct ssb_device *dev)
4012{
4013 struct ssb_sprom *sprom = &dev->bus->sprom;
4014 struct ieee80211_hw *hw;
4015 struct b43_wl *wl;
4016 int err = -ENOMEM;
4017
4018 b43_sprom_fixup(dev->bus);
4019
4020 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4021 if (!hw) {
4022 b43err(NULL, "Could not allocate ieee80211 device\n");
4023 goto out;
4024 }
4025
4026 /* fill hw info */
d8be11ee
JB		 4027 hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4028 IEEE80211_HW_RX_INCLUDES_FCS;
e4d6b795
MB		 4029 hw->max_signal = 100;
4030 hw->max_rssi = -110;
4031 hw->max_noise = -110;
4032 hw->queues = 1; /* FIXME: hardware has more queues */
4033 SET_IEEE80211_DEV(hw, dev->dev);
95de2841
LF		 4034 if (is_valid_ether_addr(sprom->et1mac))
4035 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
e4d6b795 4036 else
95de2841 4037 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
e4d6b795
MB		 4038
4039 /* Get and initialize struct b43_wl */
4040 wl = hw_to_b43_wl(hw);
4041 memset(wl, 0, sizeof(*wl));
4042 wl->hw = hw;
4043 spin_lock_init(&wl->irq_lock);
4044 spin_lock_init(&wl->leds_lock);
280d0e16 4045 spin_lock_init(&wl->shm_lock);
e4d6b795
MB		 4046 mutex_init(&wl->mutex);
4047 INIT_LIST_HEAD(&wl->devlist);
4048
4049 ssb_set_devtypedata(dev, wl);
4050 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4051 err = 0;
4052 out:
4053 return err;
4054}
4055
4056static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4057{
4058 struct b43_wl *wl;
4059 int err;
4060 int first = 0;
4061
4062 wl = ssb_get_devtypedata(dev);
4063 if (!wl) {
4064 /* Probing the first core. Must setup common struct b43_wl */
4065 first = 1;
4066 err = b43_wireless_init(dev);
4067 if (err)
4068 goto out;
4069 wl = ssb_get_devtypedata(dev);
4070 B43_WARN_ON(!wl);
4071 }
4072 err = b43_one_core_attach(dev, wl);
4073 if (err)
4074 goto err_wireless_exit;
4075
4076 if (first) {
4077 err = ieee80211_register_hw(wl->hw);
4078 if (err)
4079 goto err_one_core_detach;
4080 }
4081
4082 out:
4083 return err;
4084
4085 err_one_core_detach:
4086 b43_one_core_detach(dev);
4087 err_wireless_exit:
4088 if (first)
4089 b43_wireless_exit(dev, wl);
4090 return err;
4091}
4092
4093static void b43_remove(struct ssb_device *dev)
4094{
4095 struct b43_wl *wl = ssb_get_devtypedata(dev);
4096 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4097
4098 B43_WARN_ON(!wl);
4099 if (wl->current_dev == wldev)
4100 ieee80211_unregister_hw(wl->hw);
4101
4102 b43_one_core_detach(dev);
4103
4104 if (list_empty(&wl->devlist)) {
4105 /* Last core on the chip unregistered.
4106 * We can destroy common struct b43_wl.
4107 */
4108 b43_wireless_exit(dev, wl);
4109 }
4110}
4111
4112/* Perform a hardware reset. This can be called from any context. */
4113void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4114{
4115 /* Must avoid requeueing, if we are in shutdown. */
4116 if (b43_status(dev) < B43_STAT_INITIALIZED)
4117 return;
4118 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4119 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4120}
4121
4122#ifdef CONFIG_PM
4123
4124static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4125{
4126 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4127 struct b43_wl *wl = wldev->wl;
4128
4129 b43dbg(wl, "Suspending...\n");
4130
4131 mutex_lock(&wl->mutex);
4132 wldev->suspend_init_status = b43_status(wldev);
4133 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4134 b43_wireless_core_stop(wldev);
4135 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4136 b43_wireless_core_exit(wldev);
4137 mutex_unlock(&wl->mutex);
4138
4139 b43dbg(wl, "Device suspended.\n");
4140
4141 return 0;
4142}
4143
4144static int b43_resume(struct ssb_device *dev)
4145{
4146 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4147 struct b43_wl *wl = wldev->wl;
4148 int err = 0;
4149
4150 b43dbg(wl, "Resuming...\n");
4151
4152 mutex_lock(&wl->mutex);
4153 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4154 err = b43_wireless_core_init(wldev);
4155 if (err) {
4156 b43err(wl, "Resume failed at core init\n");
4157 goto out;
4158 }
4159 }
4160 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4161 err = b43_wireless_core_start(wldev);
4162 if (err) {
4163 b43_wireless_core_exit(wldev);
4164 b43err(wl, "Resume failed at core start\n");
4165 goto out;
4166 }
4167 }
4168 mutex_unlock(&wl->mutex);
4169
4170 b43dbg(wl, "Device resumed.\n");
4171 out:
4172 return err;
4173}
4174
4175#else /* CONFIG_PM */
4176# define b43_suspend NULL
4177# define b43_resume NULL
4178#endif /* CONFIG_PM */
4179
4180static struct ssb_driver b43_ssb_driver = {
4181 .name = KBUILD_MODNAME,
4182 .id_table = b43_ssb_tbl,
4183 .probe = b43_probe,
4184 .remove = b43_remove,
4185 .suspend = b43_suspend,
4186 .resume = b43_resume,
4187};
4188
4189static int __init b43_init(void)
4190{
4191 int err;
4192
4193 b43_debugfs_init();
4194 err = b43_pcmcia_init();
4195 if (err)
4196 goto err_dfs_exit;
4197 err = ssb_driver_register(&b43_ssb_driver);
4198 if (err)
4199 goto err_pcmcia_exit;
4200
4201 return err;
4202
4203err_pcmcia_exit:
4204 b43_pcmcia_exit();
4205err_dfs_exit:
4206 b43_debugfs_exit();
4207 return err;
4208}
4209
4210static void __exit b43_exit(void)
4211{
4212 ssb_driver_unregister(&b43_ssb_driver);
4213 b43_pcmcia_exit();
4214 b43_debugfs_exit();
4215}
4216
4217module_init(b43_init)
4218module_exit(b43_exit)
ubuntu-zesty-kernel mirror