]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/net/wireless/b43/main.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update my e-mail address
[mirror_ubuntu-bionic-kernel.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11 SDIO support
12 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
13
14 Some parts of the code in this file are derived from the ipw2200
15 driver Copyright(c) 2003 - 2004 Intel Corporation.
16
17 This program is free software; you can redistribute it and/or modify
18 it under the terms of the GNU General Public License as published by
19 the Free Software Foundation; either version 2 of the License, or
20 (at your option) any later version.
21
22 This program is distributed in the hope that it will be useful,
23 but WITHOUT ANY WARRANTY; without even the implied warranty of
24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 GNU General Public License for more details.
26
27 You should have received a copy of the GNU General Public License
28 along with this program; see the file COPYING. If not, write to
29 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
30 Boston, MA 02110-1301, USA.
31
32 */
33
34 #include <linux/delay.h>
35 #include <linux/init.h>
36 #include <linux/moduleparam.h>
37 #include <linux/if_arp.h>
38 #include <linux/etherdevice.h>
39 #include <linux/firmware.h>
40 #include <linux/wireless.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_LICENSE("GPL");
69
70 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82 "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = B43_PIO_DEFAULT;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 static const struct ssb_device_id b43_ssb_tbl[] = {
117 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
118 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
119 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
120 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
121 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
122 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
123 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
124 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
125 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
126 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
127 SSB_DEVTABLE_END
128 };
129
130 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
131
132 /* Channel and ratetables are shared for all devices.
133 * They can't be const, because ieee80211 puts some precalculated
134 * data in there. This data is the same for all devices, so we don't
135 * get concurrency issues */
136 #define RATETAB_ENT(_rateid, _flags) \
137 { \
138 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
139 .hw_value = (_rateid), \
140 .flags = (_flags), \
141 }
142
143 /*
144 * NOTE: When changing this, sync with xmit.c's
145 * b43_plcp_get_bitrate_idx_* functions!
146 */
147 static struct ieee80211_rate __b43_ratetable[] = {
148 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
149 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
150 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
151 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
152 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
153 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
154 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
155 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
156 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
157 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
158 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
159 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
160 };
161
162 #define b43_a_ratetable (__b43_ratetable + 4)
163 #define b43_a_ratetable_size 8
164 #define b43_b_ratetable (__b43_ratetable + 0)
165 #define b43_b_ratetable_size 4
166 #define b43_g_ratetable (__b43_ratetable + 0)
167 #define b43_g_ratetable_size 12
168
169 #define CHAN4G(_channel, _freq, _flags) { \
170 .band = IEEE80211_BAND_2GHZ, \
171 .center_freq = (_freq), \
172 .hw_value = (_channel), \
173 .flags = (_flags), \
174 .max_antenna_gain = 0, \
175 .max_power = 30, \
176 }
177 static struct ieee80211_channel b43_2ghz_chantable[] = {
178 CHAN4G(1, 2412, 0),
179 CHAN4G(2, 2417, 0),
180 CHAN4G(3, 2422, 0),
181 CHAN4G(4, 2427, 0),
182 CHAN4G(5, 2432, 0),
183 CHAN4G(6, 2437, 0),
184 CHAN4G(7, 2442, 0),
185 CHAN4G(8, 2447, 0),
186 CHAN4G(9, 2452, 0),
187 CHAN4G(10, 2457, 0),
188 CHAN4G(11, 2462, 0),
189 CHAN4G(12, 2467, 0),
190 CHAN4G(13, 2472, 0),
191 CHAN4G(14, 2484, 0),
192 };
193 #undef CHAN4G
194
195 #define CHAN5G(_channel, _flags) { \
196 .band = IEEE80211_BAND_5GHZ, \
197 .center_freq = 5000 + (5 * (_channel)), \
198 .hw_value = (_channel), \
199 .flags = (_flags), \
200 .max_antenna_gain = 0, \
201 .max_power = 30, \
202 }
203 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
204 CHAN5G(32, 0), CHAN5G(34, 0),
205 CHAN5G(36, 0), CHAN5G(38, 0),
206 CHAN5G(40, 0), CHAN5G(42, 0),
207 CHAN5G(44, 0), CHAN5G(46, 0),
208 CHAN5G(48, 0), CHAN5G(50, 0),
209 CHAN5G(52, 0), CHAN5G(54, 0),
210 CHAN5G(56, 0), CHAN5G(58, 0),
211 CHAN5G(60, 0), CHAN5G(62, 0),
212 CHAN5G(64, 0), CHAN5G(66, 0),
213 CHAN5G(68, 0), CHAN5G(70, 0),
214 CHAN5G(72, 0), CHAN5G(74, 0),
215 CHAN5G(76, 0), CHAN5G(78, 0),
216 CHAN5G(80, 0), CHAN5G(82, 0),
217 CHAN5G(84, 0), CHAN5G(86, 0),
218 CHAN5G(88, 0), CHAN5G(90, 0),
219 CHAN5G(92, 0), CHAN5G(94, 0),
220 CHAN5G(96, 0), CHAN5G(98, 0),
221 CHAN5G(100, 0), CHAN5G(102, 0),
222 CHAN5G(104, 0), CHAN5G(106, 0),
223 CHAN5G(108, 0), CHAN5G(110, 0),
224 CHAN5G(112, 0), CHAN5G(114, 0),
225 CHAN5G(116, 0), CHAN5G(118, 0),
226 CHAN5G(120, 0), CHAN5G(122, 0),
227 CHAN5G(124, 0), CHAN5G(126, 0),
228 CHAN5G(128, 0), CHAN5G(130, 0),
229 CHAN5G(132, 0), CHAN5G(134, 0),
230 CHAN5G(136, 0), CHAN5G(138, 0),
231 CHAN5G(140, 0), CHAN5G(142, 0),
232 CHAN5G(144, 0), CHAN5G(145, 0),
233 CHAN5G(146, 0), CHAN5G(147, 0),
234 CHAN5G(148, 0), CHAN5G(149, 0),
235 CHAN5G(150, 0), CHAN5G(151, 0),
236 CHAN5G(152, 0), CHAN5G(153, 0),
237 CHAN5G(154, 0), CHAN5G(155, 0),
238 CHAN5G(156, 0), CHAN5G(157, 0),
239 CHAN5G(158, 0), CHAN5G(159, 0),
240 CHAN5G(160, 0), CHAN5G(161, 0),
241 CHAN5G(162, 0), CHAN5G(163, 0),
242 CHAN5G(164, 0), CHAN5G(165, 0),
243 CHAN5G(166, 0), CHAN5G(168, 0),
244 CHAN5G(170, 0), CHAN5G(172, 0),
245 CHAN5G(174, 0), CHAN5G(176, 0),
246 CHAN5G(178, 0), CHAN5G(180, 0),
247 CHAN5G(182, 0), CHAN5G(184, 0),
248 CHAN5G(186, 0), CHAN5G(188, 0),
249 CHAN5G(190, 0), CHAN5G(192, 0),
250 CHAN5G(194, 0), CHAN5G(196, 0),
251 CHAN5G(198, 0), CHAN5G(200, 0),
252 CHAN5G(202, 0), CHAN5G(204, 0),
253 CHAN5G(206, 0), CHAN5G(208, 0),
254 CHAN5G(210, 0), CHAN5G(212, 0),
255 CHAN5G(214, 0), CHAN5G(216, 0),
256 CHAN5G(218, 0), CHAN5G(220, 0),
257 CHAN5G(222, 0), CHAN5G(224, 0),
258 CHAN5G(226, 0), CHAN5G(228, 0),
259 };
260
261 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
262 CHAN5G(34, 0), CHAN5G(36, 0),
263 CHAN5G(38, 0), CHAN5G(40, 0),
264 CHAN5G(42, 0), CHAN5G(44, 0),
265 CHAN5G(46, 0), CHAN5G(48, 0),
266 CHAN5G(52, 0), CHAN5G(56, 0),
267 CHAN5G(60, 0), CHAN5G(64, 0),
268 CHAN5G(100, 0), CHAN5G(104, 0),
269 CHAN5G(108, 0), CHAN5G(112, 0),
270 CHAN5G(116, 0), CHAN5G(120, 0),
271 CHAN5G(124, 0), CHAN5G(128, 0),
272 CHAN5G(132, 0), CHAN5G(136, 0),
273 CHAN5G(140, 0), CHAN5G(149, 0),
274 CHAN5G(153, 0), CHAN5G(157, 0),
275 CHAN5G(161, 0), CHAN5G(165, 0),
276 CHAN5G(184, 0), CHAN5G(188, 0),
277 CHAN5G(192, 0), CHAN5G(196, 0),
278 CHAN5G(200, 0), CHAN5G(204, 0),
279 CHAN5G(208, 0), CHAN5G(212, 0),
280 CHAN5G(216, 0),
281 };
282 #undef CHAN5G
283
284 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
285 .band = IEEE80211_BAND_5GHZ,
286 .channels = b43_5ghz_nphy_chantable,
287 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
288 .bitrates = b43_a_ratetable,
289 .n_bitrates = b43_a_ratetable_size,
290 };
291
292 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
293 .band = IEEE80211_BAND_5GHZ,
294 .channels = b43_5ghz_aphy_chantable,
295 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
296 .bitrates = b43_a_ratetable,
297 .n_bitrates = b43_a_ratetable_size,
298 };
299
300 static struct ieee80211_supported_band b43_band_2GHz = {
301 .band = IEEE80211_BAND_2GHZ,
302 .channels = b43_2ghz_chantable,
303 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
304 .bitrates = b43_g_ratetable,
305 .n_bitrates = b43_g_ratetable_size,
306 };
307
308 static void b43_wireless_core_exit(struct b43_wldev *dev);
309 static int b43_wireless_core_init(struct b43_wldev *dev);
310 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
311 static int b43_wireless_core_start(struct b43_wldev *dev);
312
313 static int b43_ratelimit(struct b43_wl *wl)
314 {
315 if (!wl || !wl->current_dev)
316 return 1;
317 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
318 return 1;
319 /* We are up and running.
320 * Ratelimit the messages to avoid DoS over the net. */
321 return net_ratelimit();
322 }
323
324 void b43info(struct b43_wl *wl, const char *fmt, ...)
325 {
326 struct va_format vaf;
327 va_list args;
328
329 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
330 return;
331 if (!b43_ratelimit(wl))
332 return;
333
334 va_start(args, fmt);
335
336 vaf.fmt = fmt;
337 vaf.va = &args;
338
339 printk(KERN_INFO "b43-%s: %pV",
340 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
341
342 va_end(args);
343 }
344
345 void b43err(struct b43_wl *wl, const char *fmt, ...)
346 {
347 struct va_format vaf;
348 va_list args;
349
350 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
351 return;
352 if (!b43_ratelimit(wl))
353 return;
354
355 va_start(args, fmt);
356
357 vaf.fmt = fmt;
358 vaf.va = &args;
359
360 printk(KERN_ERR "b43-%s ERROR: %pV",
361 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
362
363 va_end(args);
364 }
365
366 void b43warn(struct b43_wl *wl, const char *fmt, ...)
367 {
368 struct va_format vaf;
369 va_list args;
370
371 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
372 return;
373 if (!b43_ratelimit(wl))
374 return;
375
376 va_start(args, fmt);
377
378 vaf.fmt = fmt;
379 vaf.va = &args;
380
381 printk(KERN_WARNING "b43-%s warning: %pV",
382 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
383
384 va_end(args);
385 }
386
387 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
388 {
389 struct va_format vaf;
390 va_list args;
391
392 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
393 return;
394
395 va_start(args, fmt);
396
397 vaf.fmt = fmt;
398 vaf.va = &args;
399
400 printk(KERN_DEBUG "b43-%s debug: %pV",
401 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
402
403 va_end(args);
404 }
405
406 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
407 {
408 u32 macctl;
409
410 B43_WARN_ON(offset % 4 != 0);
411
412 macctl = b43_read32(dev, B43_MMIO_MACCTL);
413 if (macctl & B43_MACCTL_BE)
414 val = swab32(val);
415
416 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
417 mmiowb();
418 b43_write32(dev, B43_MMIO_RAM_DATA, val);
419 }
420
421 static inline void b43_shm_control_word(struct b43_wldev *dev,
422 u16 routing, u16 offset)
423 {
424 u32 control;
425
426 /* "offset" is the WORD offset. */
427 control = routing;
428 control <<= 16;
429 control |= offset;
430 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
431 }
432
433 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
434 {
435 u32 ret;
436
437 if (routing == B43_SHM_SHARED) {
438 B43_WARN_ON(offset & 0x0001);
439 if (offset & 0x0003) {
440 /* Unaligned access */
441 b43_shm_control_word(dev, routing, offset >> 2);
442 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
443 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
444 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
445
446 goto out;
447 }
448 offset >>= 2;
449 }
450 b43_shm_control_word(dev, routing, offset);
451 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
452 out:
453 return ret;
454 }
455
456 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
457 {
458 u16 ret;
459
460 if (routing == B43_SHM_SHARED) {
461 B43_WARN_ON(offset & 0x0001);
462 if (offset & 0x0003) {
463 /* Unaligned access */
464 b43_shm_control_word(dev, routing, offset >> 2);
465 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
466
467 goto out;
468 }
469 offset >>= 2;
470 }
471 b43_shm_control_word(dev, routing, offset);
472 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
473 out:
474 return ret;
475 }
476
477 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
478 {
479 if (routing == B43_SHM_SHARED) {
480 B43_WARN_ON(offset & 0x0001);
481 if (offset & 0x0003) {
482 /* Unaligned access */
483 b43_shm_control_word(dev, routing, offset >> 2);
484 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
485 value & 0xFFFF);
486 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
487 b43_write16(dev, B43_MMIO_SHM_DATA,
488 (value >> 16) & 0xFFFF);
489 return;
490 }
491 offset >>= 2;
492 }
493 b43_shm_control_word(dev, routing, offset);
494 b43_write32(dev, B43_MMIO_SHM_DATA, value);
495 }
496
497 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
498 {
499 if (routing == B43_SHM_SHARED) {
500 B43_WARN_ON(offset & 0x0001);
501 if (offset & 0x0003) {
502 /* Unaligned access */
503 b43_shm_control_word(dev, routing, offset >> 2);
504 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
505 return;
506 }
507 offset >>= 2;
508 }
509 b43_shm_control_word(dev, routing, offset);
510 b43_write16(dev, B43_MMIO_SHM_DATA, value);
511 }
512
513 /* Read HostFlags */
514 u64 b43_hf_read(struct b43_wldev *dev)
515 {
516 u64 ret;
517
518 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
519 ret <<= 16;
520 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
521 ret <<= 16;
522 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
523
524 return ret;
525 }
526
527 /* Write HostFlags */
528 void b43_hf_write(struct b43_wldev *dev, u64 value)
529 {
530 u16 lo, mi, hi;
531
532 lo = (value & 0x00000000FFFFULL);
533 mi = (value & 0x0000FFFF0000ULL) >> 16;
534 hi = (value & 0xFFFF00000000ULL) >> 32;
535 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
536 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
537 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
538 }
539
540 /* Read the firmware capabilities bitmask (Opensource firmware only) */
541 static u16 b43_fwcapa_read(struct b43_wldev *dev)
542 {
543 B43_WARN_ON(!dev->fw.opensource);
544 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
545 }
546
547 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
548 {
549 u32 low, high;
550
551 B43_WARN_ON(dev->sdev->id.revision < 3);
552
553 /* The hardware guarantees us an atomic read, if we
554 * read the low register first. */
555 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
556 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
557
558 *tsf = high;
559 *tsf <<= 32;
560 *tsf |= low;
561 }
562
563 static void b43_time_lock(struct b43_wldev *dev)
564 {
565 u32 macctl;
566
567 macctl = b43_read32(dev, B43_MMIO_MACCTL);
568 macctl |= B43_MACCTL_TBTTHOLD;
569 b43_write32(dev, B43_MMIO_MACCTL, macctl);
570 /* Commit the write */
571 b43_read32(dev, B43_MMIO_MACCTL);
572 }
573
574 static void b43_time_unlock(struct b43_wldev *dev)
575 {
576 u32 macctl;
577
578 macctl = b43_read32(dev, B43_MMIO_MACCTL);
579 macctl &= ~B43_MACCTL_TBTTHOLD;
580 b43_write32(dev, B43_MMIO_MACCTL, macctl);
581 /* Commit the write */
582 b43_read32(dev, B43_MMIO_MACCTL);
583 }
584
585 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
586 {
587 u32 low, high;
588
589 B43_WARN_ON(dev->sdev->id.revision < 3);
590
591 low = tsf;
592 high = (tsf >> 32);
593 /* The hardware guarantees us an atomic write, if we
594 * write the low register first. */
595 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
596 mmiowb();
597 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
598 mmiowb();
599 }
600
601 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
602 {
603 b43_time_lock(dev);
604 b43_tsf_write_locked(dev, tsf);
605 b43_time_unlock(dev);
606 }
607
608 static
609 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
610 {
611 static const u8 zero_addr[ETH_ALEN] = { 0 };
612 u16 data;
613
614 if (!mac)
615 mac = zero_addr;
616
617 offset |= 0x0020;
618 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
619
620 data = mac[0];
621 data |= mac[1] << 8;
622 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
623 data = mac[2];
624 data |= mac[3] << 8;
625 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
626 data = mac[4];
627 data |= mac[5] << 8;
628 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
629 }
630
631 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
632 {
633 const u8 *mac;
634 const u8 *bssid;
635 u8 mac_bssid[ETH_ALEN * 2];
636 int i;
637 u32 tmp;
638
639 bssid = dev->wl->bssid;
640 mac = dev->wl->mac_addr;
641
642 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
643
644 memcpy(mac_bssid, mac, ETH_ALEN);
645 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
646
647 /* Write our MAC address and BSSID to template ram */
648 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
649 tmp = (u32) (mac_bssid[i + 0]);
650 tmp |= (u32) (mac_bssid[i + 1]) << 8;
651 tmp |= (u32) (mac_bssid[i + 2]) << 16;
652 tmp |= (u32) (mac_bssid[i + 3]) << 24;
653 b43_ram_write(dev, 0x20 + i, tmp);
654 }
655 }
656
657 static void b43_upload_card_macaddress(struct b43_wldev *dev)
658 {
659 b43_write_mac_bssid_templates(dev);
660 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
661 }
662
663 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
664 {
665 /* slot_time is in usec. */
666 /* This test used to exit for all but a G PHY. */
667 if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
668 return;
669 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
670 /* Shared memory location 0x0010 is the slot time and should be
671 * set to slot_time; however, this register is initially 0 and changing
672 * the value adversely affects the transmit rate for BCM4311
673 * devices. Until this behavior is unterstood, delete this step
674 *
675 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
676 */
677 }
678
679 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
680 {
681 b43_set_slot_time(dev, 9);
682 }
683
684 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
685 {
686 b43_set_slot_time(dev, 20);
687 }
688
689 /* DummyTransmission function, as documented on
690 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
691 */
692 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
693 {
694 struct b43_phy *phy = &dev->phy;
695 unsigned int i, max_loop;
696 u16 value;
697 u32 buffer[5] = {
698 0x00000000,
699 0x00D40000,
700 0x00000000,
701 0x01000000,
702 0x00000000,
703 };
704
705 if (ofdm) {
706 max_loop = 0x1E;
707 buffer[0] = 0x000201CC;
708 } else {
709 max_loop = 0xFA;
710 buffer[0] = 0x000B846E;
711 }
712
713 for (i = 0; i < 5; i++)
714 b43_ram_write(dev, i * 4, buffer[i]);
715
716 b43_write16(dev, 0x0568, 0x0000);
717 if (dev->sdev->id.revision < 11)
718 b43_write16(dev, 0x07C0, 0x0000);
719 else
720 b43_write16(dev, 0x07C0, 0x0100);
721 value = (ofdm ? 0x41 : 0x40);
722 b43_write16(dev, 0x050C, value);
723 if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
724 b43_write16(dev, 0x0514, 0x1A02);
725 b43_write16(dev, 0x0508, 0x0000);
726 b43_write16(dev, 0x050A, 0x0000);
727 b43_write16(dev, 0x054C, 0x0000);
728 b43_write16(dev, 0x056A, 0x0014);
729 b43_write16(dev, 0x0568, 0x0826);
730 b43_write16(dev, 0x0500, 0x0000);
731 if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
732 //SPEC TODO
733 }
734
735 switch (phy->type) {
736 case B43_PHYTYPE_N:
737 b43_write16(dev, 0x0502, 0x00D0);
738 break;
739 case B43_PHYTYPE_LP:
740 b43_write16(dev, 0x0502, 0x0050);
741 break;
742 default:
743 b43_write16(dev, 0x0502, 0x0030);
744 }
745
746 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
747 b43_radio_write16(dev, 0x0051, 0x0017);
748 for (i = 0x00; i < max_loop; i++) {
749 value = b43_read16(dev, 0x050E);
750 if (value & 0x0080)
751 break;
752 udelay(10);
753 }
754 for (i = 0x00; i < 0x0A; i++) {
755 value = b43_read16(dev, 0x050E);
756 if (value & 0x0400)
757 break;
758 udelay(10);
759 }
760 for (i = 0x00; i < 0x19; i++) {
761 value = b43_read16(dev, 0x0690);
762 if (!(value & 0x0100))
763 break;
764 udelay(10);
765 }
766 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
767 b43_radio_write16(dev, 0x0051, 0x0037);
768 }
769
770 static void key_write(struct b43_wldev *dev,
771 u8 index, u8 algorithm, const u8 *key)
772 {
773 unsigned int i;
774 u32 offset;
775 u16 value;
776 u16 kidx;
777
778 /* Key index/algo block */
779 kidx = b43_kidx_to_fw(dev, index);
780 value = ((kidx << 4) | algorithm);
781 b43_shm_write16(dev, B43_SHM_SHARED,
782 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
783
784 /* Write the key to the Key Table Pointer offset */
785 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
786 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
787 value = key[i];
788 value |= (u16) (key[i + 1]) << 8;
789 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
790 }
791 }
792
793 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
794 {
795 u32 addrtmp[2] = { 0, 0, };
796 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
797
798 if (b43_new_kidx_api(dev))
799 pairwise_keys_start = B43_NR_GROUP_KEYS;
800
801 B43_WARN_ON(index < pairwise_keys_start);
802 /* We have four default TX keys and possibly four default RX keys.
803 * Physical mac 0 is mapped to physical key 4 or 8, depending
804 * on the firmware version.
805 * So we must adjust the index here.
806 */
807 index -= pairwise_keys_start;
808 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
809
810 if (addr) {
811 addrtmp[0] = addr[0];
812 addrtmp[0] |= ((u32) (addr[1]) << 8);
813 addrtmp[0] |= ((u32) (addr[2]) << 16);
814 addrtmp[0] |= ((u32) (addr[3]) << 24);
815 addrtmp[1] = addr[4];
816 addrtmp[1] |= ((u32) (addr[5]) << 8);
817 }
818
819 /* Receive match transmitter address (RCMTA) mechanism */
820 b43_shm_write32(dev, B43_SHM_RCMTA,
821 (index * 2) + 0, addrtmp[0]);
822 b43_shm_write16(dev, B43_SHM_RCMTA,
823 (index * 2) + 1, addrtmp[1]);
824 }
825
826 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
827 * When a packet is received, the iv32 is checked.
828 * - if it doesn't the packet is returned without modification (and software
829 * decryption can be done). That's what happen when iv16 wrap.
830 * - if it does, the rc4 key is computed, and decryption is tried.
831 * Either it will success and B43_RX_MAC_DEC is returned,
832 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
833 * and the packet is not usable (it got modified by the ucode).
834 * So in order to never have B43_RX_MAC_DECERR, we should provide
835 * a iv32 and phase1key that match. Because we drop packets in case of
836 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
837 * packets will be lost without higher layer knowing (ie no resync possible
838 * until next wrap).
839 *
840 * NOTE : this should support 50 key like RCMTA because
841 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
842 */
843 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
844 u16 *phase1key)
845 {
846 unsigned int i;
847 u32 offset;
848 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
849
850 if (!modparam_hwtkip)
851 return;
852
853 if (b43_new_kidx_api(dev))
854 pairwise_keys_start = B43_NR_GROUP_KEYS;
855
856 B43_WARN_ON(index < pairwise_keys_start);
857 /* We have four default TX keys and possibly four default RX keys.
858 * Physical mac 0 is mapped to physical key 4 or 8, depending
859 * on the firmware version.
860 * So we must adjust the index here.
861 */
862 index -= pairwise_keys_start;
863 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
864
865 if (b43_debug(dev, B43_DBG_KEYS)) {
866 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
867 index, iv32);
868 }
869 /* Write the key to the RX tkip shared mem */
870 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
871 for (i = 0; i < 10; i += 2) {
872 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
873 phase1key ? phase1key[i / 2] : 0);
874 }
875 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
876 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
877 }
878
879 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
880 struct ieee80211_vif *vif,
881 struct ieee80211_key_conf *keyconf,
882 struct ieee80211_sta *sta,
883 u32 iv32, u16 *phase1key)
884 {
885 struct b43_wl *wl = hw_to_b43_wl(hw);
886 struct b43_wldev *dev;
887 int index = keyconf->hw_key_idx;
888
889 if (B43_WARN_ON(!modparam_hwtkip))
890 return;
891
892 /* This is only called from the RX path through mac80211, where
893 * our mutex is already locked. */
894 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
895 dev = wl->current_dev;
896 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
897
898 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
899
900 rx_tkip_phase1_write(dev, index, iv32, phase1key);
901 /* only pairwise TKIP keys are supported right now */
902 if (WARN_ON(!sta))
903 return;
904 keymac_write(dev, index, sta->addr);
905 }
906
907 static void do_key_write(struct b43_wldev *dev,
908 u8 index, u8 algorithm,
909 const u8 *key, size_t key_len, const u8 *mac_addr)
910 {
911 u8 buf[B43_SEC_KEYSIZE] = { 0, };
912 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
913
914 if (b43_new_kidx_api(dev))
915 pairwise_keys_start = B43_NR_GROUP_KEYS;
916
917 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
918 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
919
920 if (index >= pairwise_keys_start)
921 keymac_write(dev, index, NULL); /* First zero out mac. */
922 if (algorithm == B43_SEC_ALGO_TKIP) {
923 /*
924 * We should provide an initial iv32, phase1key pair.
925 * We could start with iv32=0 and compute the corresponding
926 * phase1key, but this means calling ieee80211_get_tkip_key
927 * with a fake skb (or export other tkip function).
928 * Because we are lazy we hope iv32 won't start with
929 * 0xffffffff and let's b43_op_update_tkip_key provide a
930 * correct pair.
931 */
932 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
933 } else if (index >= pairwise_keys_start) /* clear it */
934 rx_tkip_phase1_write(dev, index, 0, NULL);
935 if (key)
936 memcpy(buf, key, key_len);
937 key_write(dev, index, algorithm, buf);
938 if (index >= pairwise_keys_start)
939 keymac_write(dev, index, mac_addr);
940
941 dev->key[index].algorithm = algorithm;
942 }
943
944 static int b43_key_write(struct b43_wldev *dev,
945 int index, u8 algorithm,
946 const u8 *key, size_t key_len,
947 const u8 *mac_addr,
948 struct ieee80211_key_conf *keyconf)
949 {
950 int i;
951 int pairwise_keys_start;
952
953 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
954 * - Temporal Encryption Key (128 bits)
955 * - Temporal Authenticator Tx MIC Key (64 bits)
956 * - Temporal Authenticator Rx MIC Key (64 bits)
957 *
958 * Hardware only store TEK
959 */
960 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
961 key_len = 16;
962 if (key_len > B43_SEC_KEYSIZE)
963 return -EINVAL;
964 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
965 /* Check that we don't already have this key. */
966 B43_WARN_ON(dev->key[i].keyconf == keyconf);
967 }
968 if (index < 0) {
969 /* Pairwise key. Get an empty slot for the key. */
970 if (b43_new_kidx_api(dev))
971 pairwise_keys_start = B43_NR_GROUP_KEYS;
972 else
973 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
974 for (i = pairwise_keys_start;
975 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
976 i++) {
977 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
978 if (!dev->key[i].keyconf) {
979 /* found empty */
980 index = i;
981 break;
982 }
983 }
984 if (index < 0) {
985 b43warn(dev->wl, "Out of hardware key memory\n");
986 return -ENOSPC;
987 }
988 } else
989 B43_WARN_ON(index > 3);
990
991 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
992 if ((index <= 3) && !b43_new_kidx_api(dev)) {
993 /* Default RX key */
994 B43_WARN_ON(mac_addr);
995 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
996 }
997 keyconf->hw_key_idx = index;
998 dev->key[index].keyconf = keyconf;
999
1000 return 0;
1001 }
1002
1003 static int b43_key_clear(struct b43_wldev *dev, int index)
1004 {
1005 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1006 return -EINVAL;
1007 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1008 NULL, B43_SEC_KEYSIZE, NULL);
1009 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1011 NULL, B43_SEC_KEYSIZE, NULL);
1012 }
1013 dev->key[index].keyconf = NULL;
1014
1015 return 0;
1016 }
1017
1018 static void b43_clear_keys(struct b43_wldev *dev)
1019 {
1020 int i, count;
1021
1022 if (b43_new_kidx_api(dev))
1023 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1024 else
1025 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1026 for (i = 0; i < count; i++)
1027 b43_key_clear(dev, i);
1028 }
1029
1030 static void b43_dump_keymemory(struct b43_wldev *dev)
1031 {
1032 unsigned int i, index, count, offset, pairwise_keys_start;
1033 u8 mac[ETH_ALEN];
1034 u16 algo;
1035 u32 rcmta0;
1036 u16 rcmta1;
1037 u64 hf;
1038 struct b43_key *key;
1039
1040 if (!b43_debug(dev, B43_DBG_KEYS))
1041 return;
1042
1043 hf = b43_hf_read(dev);
1044 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1045 !!(hf & B43_HF_USEDEFKEYS));
1046 if (b43_new_kidx_api(dev)) {
1047 pairwise_keys_start = B43_NR_GROUP_KEYS;
1048 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1049 } else {
1050 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1051 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1052 }
1053 for (index = 0; index < count; index++) {
1054 key = &(dev->key[index]);
1055 printk(KERN_DEBUG "Key slot %02u: %s",
1056 index, (key->keyconf == NULL) ? " " : "*");
1057 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1058 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1059 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1060 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1061 }
1062
1063 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1064 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1065 printk(" Algo: %04X/%02X", algo, key->algorithm);
1066
1067 if (index >= pairwise_keys_start) {
1068 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1069 printk(" TKIP: ");
1070 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1071 for (i = 0; i < 14; i += 2) {
1072 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1073 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1074 }
1075 }
1076 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1077 ((index - pairwise_keys_start) * 2) + 0);
1078 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1079 ((index - pairwise_keys_start) * 2) + 1);
1080 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1081 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1082 printk(" MAC: %pM", mac);
1083 } else
1084 printk(" DEFAULT KEY");
1085 printk("\n");
1086 }
1087 }
1088
1089 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1090 {
1091 u32 macctl;
1092 u16 ucstat;
1093 bool hwps;
1094 bool awake;
1095 int i;
1096
1097 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1098 (ps_flags & B43_PS_DISABLED));
1099 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1100
1101 if (ps_flags & B43_PS_ENABLED) {
1102 hwps = 1;
1103 } else if (ps_flags & B43_PS_DISABLED) {
1104 hwps = 0;
1105 } else {
1106 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1107 // and thus is not an AP and we are associated, set bit 25
1108 }
1109 if (ps_flags & B43_PS_AWAKE) {
1110 awake = 1;
1111 } else if (ps_flags & B43_PS_ASLEEP) {
1112 awake = 0;
1113 } else {
1114 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1115 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1116 // successful, set bit26
1117 }
1118
1119 /* FIXME: For now we force awake-on and hwps-off */
1120 hwps = 0;
1121 awake = 1;
1122
1123 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1124 if (hwps)
1125 macctl |= B43_MACCTL_HWPS;
1126 else
1127 macctl &= ~B43_MACCTL_HWPS;
1128 if (awake)
1129 macctl |= B43_MACCTL_AWAKE;
1130 else
1131 macctl &= ~B43_MACCTL_AWAKE;
1132 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1133 /* Commit write */
1134 b43_read32(dev, B43_MMIO_MACCTL);
1135 if (awake && dev->sdev->id.revision >= 5) {
1136 /* Wait for the microcode to wake up. */
1137 for (i = 0; i < 100; i++) {
1138 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1139 B43_SHM_SH_UCODESTAT);
1140 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1141 break;
1142 udelay(10);
1143 }
1144 }
1145 }
1146
1147 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1148 {
1149 u32 tmslow;
1150
1151 flags |= B43_TMSLOW_PHYCLKEN;
1152 flags |= B43_TMSLOW_PHYRESET;
1153 if (dev->phy.type == B43_PHYTYPE_N)
1154 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1155 ssb_device_enable(dev->sdev, flags);
1156 msleep(2); /* Wait for the PLL to turn on. */
1157
1158 /* Now take the PHY out of Reset again */
1159 tmslow = ssb_read32(dev->sdev, SSB_TMSLOW);
1160 tmslow |= SSB_TMSLOW_FGC;
1161 tmslow &= ~B43_TMSLOW_PHYRESET;
1162 ssb_write32(dev->sdev, SSB_TMSLOW, tmslow);
1163 ssb_read32(dev->sdev, SSB_TMSLOW); /* flush */
1164 msleep(1);
1165 tmslow &= ~SSB_TMSLOW_FGC;
1166 ssb_write32(dev->sdev, SSB_TMSLOW, tmslow);
1167 ssb_read32(dev->sdev, SSB_TMSLOW); /* flush */
1168 msleep(1);
1169 }
1170
1171 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1172 {
1173 u32 macctl;
1174
1175 b43_ssb_wireless_core_reset(dev, flags);
1176
1177 /* Turn Analog ON, but only if we already know the PHY-type.
1178 * This protects against very early setup where we don't know the
1179 * PHY-type, yet. wireless_core_reset will be called once again later,
1180 * when we know the PHY-type. */
1181 if (dev->phy.ops)
1182 dev->phy.ops->switch_analog(dev, 1);
1183
1184 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1185 macctl &= ~B43_MACCTL_GMODE;
1186 if (flags & B43_TMSLOW_GMODE)
1187 macctl |= B43_MACCTL_GMODE;
1188 macctl |= B43_MACCTL_IHR_ENABLED;
1189 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1190 }
1191
1192 static void handle_irq_transmit_status(struct b43_wldev *dev)
1193 {
1194 u32 v0, v1;
1195 u16 tmp;
1196 struct b43_txstatus stat;
1197
1198 while (1) {
1199 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1200 if (!(v0 & 0x00000001))
1201 break;
1202 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1203
1204 stat.cookie = (v0 >> 16);
1205 stat.seq = (v1 & 0x0000FFFF);
1206 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1207 tmp = (v0 & 0x0000FFFF);
1208 stat.frame_count = ((tmp & 0xF000) >> 12);
1209 stat.rts_count = ((tmp & 0x0F00) >> 8);
1210 stat.supp_reason = ((tmp & 0x001C) >> 2);
1211 stat.pm_indicated = !!(tmp & 0x0080);
1212 stat.intermediate = !!(tmp & 0x0040);
1213 stat.for_ampdu = !!(tmp & 0x0020);
1214 stat.acked = !!(tmp & 0x0002);
1215
1216 b43_handle_txstatus(dev, &stat);
1217 }
1218 }
1219
1220 static void drain_txstatus_queue(struct b43_wldev *dev)
1221 {
1222 u32 dummy;
1223
1224 if (dev->sdev->id.revision < 5)
1225 return;
1226 /* Read all entries from the microcode TXstatus FIFO
1227 * and throw them away.
1228 */
1229 while (1) {
1230 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1231 if (!(dummy & 0x00000001))
1232 break;
1233 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1234 }
1235 }
1236
1237 static u32 b43_jssi_read(struct b43_wldev *dev)
1238 {
1239 u32 val = 0;
1240
1241 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1242 val <<= 16;
1243 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1244
1245 return val;
1246 }
1247
1248 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1249 {
1250 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1251 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1252 }
1253
1254 static void b43_generate_noise_sample(struct b43_wldev *dev)
1255 {
1256 b43_jssi_write(dev, 0x7F7F7F7F);
1257 b43_write32(dev, B43_MMIO_MACCMD,
1258 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1259 }
1260
1261 static void b43_calculate_link_quality(struct b43_wldev *dev)
1262 {
1263 /* Top half of Link Quality calculation. */
1264
1265 if (dev->phy.type != B43_PHYTYPE_G)
1266 return;
1267 if (dev->noisecalc.calculation_running)
1268 return;
1269 dev->noisecalc.calculation_running = 1;
1270 dev->noisecalc.nr_samples = 0;
1271
1272 b43_generate_noise_sample(dev);
1273 }
1274
1275 static void handle_irq_noise(struct b43_wldev *dev)
1276 {
1277 struct b43_phy_g *phy = dev->phy.g;
1278 u16 tmp;
1279 u8 noise[4];
1280 u8 i, j;
1281 s32 average;
1282
1283 /* Bottom half of Link Quality calculation. */
1284
1285 if (dev->phy.type != B43_PHYTYPE_G)
1286 return;
1287
1288 /* Possible race condition: It might be possible that the user
1289 * changed to a different channel in the meantime since we
1290 * started the calculation. We ignore that fact, since it's
1291 * not really that much of a problem. The background noise is
1292 * an estimation only anyway. Slightly wrong results will get damped
1293 * by the averaging of the 8 sample rounds. Additionally the
1294 * value is shortlived. So it will be replaced by the next noise
1295 * calculation round soon. */
1296
1297 B43_WARN_ON(!dev->noisecalc.calculation_running);
1298 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1299 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1300 noise[2] == 0x7F || noise[3] == 0x7F)
1301 goto generate_new;
1302
1303 /* Get the noise samples. */
1304 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1305 i = dev->noisecalc.nr_samples;
1306 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1307 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1308 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1309 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1310 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1311 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1312 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1313 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1314 dev->noisecalc.nr_samples++;
1315 if (dev->noisecalc.nr_samples == 8) {
1316 /* Calculate the Link Quality by the noise samples. */
1317 average = 0;
1318 for (i = 0; i < 8; i++) {
1319 for (j = 0; j < 4; j++)
1320 average += dev->noisecalc.samples[i][j];
1321 }
1322 average /= (8 * 4);
1323 average *= 125;
1324 average += 64;
1325 average /= 128;
1326 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1327 tmp = (tmp / 128) & 0x1F;
1328 if (tmp >= 8)
1329 average += 2;
1330 else
1331 average -= 25;
1332 if (tmp == 8)
1333 average -= 72;
1334 else
1335 average -= 48;
1336
1337 dev->stats.link_noise = average;
1338 dev->noisecalc.calculation_running = 0;
1339 return;
1340 }
1341 generate_new:
1342 b43_generate_noise_sample(dev);
1343 }
1344
1345 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1346 {
1347 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1348 ///TODO: PS TBTT
1349 } else {
1350 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1351 b43_power_saving_ctl_bits(dev, 0);
1352 }
1353 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1354 dev->dfq_valid = 1;
1355 }
1356
1357 static void handle_irq_atim_end(struct b43_wldev *dev)
1358 {
1359 if (dev->dfq_valid) {
1360 b43_write32(dev, B43_MMIO_MACCMD,
1361 b43_read32(dev, B43_MMIO_MACCMD)
1362 | B43_MACCMD_DFQ_VALID);
1363 dev->dfq_valid = 0;
1364 }
1365 }
1366
1367 static void handle_irq_pmq(struct b43_wldev *dev)
1368 {
1369 u32 tmp;
1370
1371 //TODO: AP mode.
1372
1373 while (1) {
1374 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1375 if (!(tmp & 0x00000008))
1376 break;
1377 }
1378 /* 16bit write is odd, but correct. */
1379 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1380 }
1381
1382 static void b43_write_template_common(struct b43_wldev *dev,
1383 const u8 *data, u16 size,
1384 u16 ram_offset,
1385 u16 shm_size_offset, u8 rate)
1386 {
1387 u32 i, tmp;
1388 struct b43_plcp_hdr4 plcp;
1389
1390 plcp.data = 0;
1391 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1392 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1393 ram_offset += sizeof(u32);
1394 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1395 * So leave the first two bytes of the next write blank.
1396 */
1397 tmp = (u32) (data[0]) << 16;
1398 tmp |= (u32) (data[1]) << 24;
1399 b43_ram_write(dev, ram_offset, tmp);
1400 ram_offset += sizeof(u32);
1401 for (i = 2; i < size; i += sizeof(u32)) {
1402 tmp = (u32) (data[i + 0]);
1403 if (i + 1 < size)
1404 tmp |= (u32) (data[i + 1]) << 8;
1405 if (i + 2 < size)
1406 tmp |= (u32) (data[i + 2]) << 16;
1407 if (i + 3 < size)
1408 tmp |= (u32) (data[i + 3]) << 24;
1409 b43_ram_write(dev, ram_offset + i - 2, tmp);
1410 }
1411 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1412 size + sizeof(struct b43_plcp_hdr6));
1413 }
1414
1415 /* Check if the use of the antenna that ieee80211 told us to
1416 * use is possible. This will fall back to DEFAULT.
1417 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1418 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1419 u8 antenna_nr)
1420 {
1421 u8 antenna_mask;
1422
1423 if (antenna_nr == 0) {
1424 /* Zero means "use default antenna". That's always OK. */
1425 return 0;
1426 }
1427
1428 /* Get the mask of available antennas. */
1429 if (dev->phy.gmode)
1430 antenna_mask = dev->sdev->bus->sprom.ant_available_bg;
1431 else
1432 antenna_mask = dev->sdev->bus->sprom.ant_available_a;
1433
1434 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1435 /* This antenna is not available. Fall back to default. */
1436 return 0;
1437 }
1438
1439 return antenna_nr;
1440 }
1441
1442 /* Convert a b43 antenna number value to the PHY TX control value. */
1443 static u16 b43_antenna_to_phyctl(int antenna)
1444 {
1445 switch (antenna) {
1446 case B43_ANTENNA0:
1447 return B43_TXH_PHY_ANT0;
1448 case B43_ANTENNA1:
1449 return B43_TXH_PHY_ANT1;
1450 case B43_ANTENNA2:
1451 return B43_TXH_PHY_ANT2;
1452 case B43_ANTENNA3:
1453 return B43_TXH_PHY_ANT3;
1454 case B43_ANTENNA_AUTO0:
1455 case B43_ANTENNA_AUTO1:
1456 return B43_TXH_PHY_ANT01AUTO;
1457 }
1458 B43_WARN_ON(1);
1459 return 0;
1460 }
1461
1462 static void b43_write_beacon_template(struct b43_wldev *dev,
1463 u16 ram_offset,
1464 u16 shm_size_offset)
1465 {
1466 unsigned int i, len, variable_len;
1467 const struct ieee80211_mgmt *bcn;
1468 const u8 *ie;
1469 bool tim_found = 0;
1470 unsigned int rate;
1471 u16 ctl;
1472 int antenna;
1473 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1474
1475 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1476 len = min((size_t) dev->wl->current_beacon->len,
1477 0x200 - sizeof(struct b43_plcp_hdr6));
1478 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1479
1480 b43_write_template_common(dev, (const u8 *)bcn,
1481 len, ram_offset, shm_size_offset, rate);
1482
1483 /* Write the PHY TX control parameters. */
1484 antenna = B43_ANTENNA_DEFAULT;
1485 antenna = b43_antenna_to_phyctl(antenna);
1486 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1487 /* We can't send beacons with short preamble. Would get PHY errors. */
1488 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1489 ctl &= ~B43_TXH_PHY_ANT;
1490 ctl &= ~B43_TXH_PHY_ENC;
1491 ctl |= antenna;
1492 if (b43_is_cck_rate(rate))
1493 ctl |= B43_TXH_PHY_ENC_CCK;
1494 else
1495 ctl |= B43_TXH_PHY_ENC_OFDM;
1496 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1497
1498 /* Find the position of the TIM and the DTIM_period value
1499 * and write them to SHM. */
1500 ie = bcn->u.beacon.variable;
1501 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1502 for (i = 0; i < variable_len - 2; ) {
1503 uint8_t ie_id, ie_len;
1504
1505 ie_id = ie[i];
1506 ie_len = ie[i + 1];
1507 if (ie_id == 5) {
1508 u16 tim_position;
1509 u16 dtim_period;
1510 /* This is the TIM Information Element */
1511
1512 /* Check whether the ie_len is in the beacon data range. */
1513 if (variable_len < ie_len + 2 + i)
1514 break;
1515 /* A valid TIM is at least 4 bytes long. */
1516 if (ie_len < 4)
1517 break;
1518 tim_found = 1;
1519
1520 tim_position = sizeof(struct b43_plcp_hdr6);
1521 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1522 tim_position += i;
1523
1524 dtim_period = ie[i + 3];
1525
1526 b43_shm_write16(dev, B43_SHM_SHARED,
1527 B43_SHM_SH_TIMBPOS, tim_position);
1528 b43_shm_write16(dev, B43_SHM_SHARED,
1529 B43_SHM_SH_DTIMPER, dtim_period);
1530 break;
1531 }
1532 i += ie_len + 2;
1533 }
1534 if (!tim_found) {
1535 /*
1536 * If ucode wants to modify TIM do it behind the beacon, this
1537 * will happen, for example, when doing mesh networking.
1538 */
1539 b43_shm_write16(dev, B43_SHM_SHARED,
1540 B43_SHM_SH_TIMBPOS,
1541 len + sizeof(struct b43_plcp_hdr6));
1542 b43_shm_write16(dev, B43_SHM_SHARED,
1543 B43_SHM_SH_DTIMPER, 0);
1544 }
1545 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1546 }
1547
1548 static void b43_upload_beacon0(struct b43_wldev *dev)
1549 {
1550 struct b43_wl *wl = dev->wl;
1551
1552 if (wl->beacon0_uploaded)
1553 return;
1554 b43_write_beacon_template(dev, 0x68, 0x18);
1555 wl->beacon0_uploaded = 1;
1556 }
1557
1558 static void b43_upload_beacon1(struct b43_wldev *dev)
1559 {
1560 struct b43_wl *wl = dev->wl;
1561
1562 if (wl->beacon1_uploaded)
1563 return;
1564 b43_write_beacon_template(dev, 0x468, 0x1A);
1565 wl->beacon1_uploaded = 1;
1566 }
1567
1568 static void handle_irq_beacon(struct b43_wldev *dev)
1569 {
1570 struct b43_wl *wl = dev->wl;
1571 u32 cmd, beacon0_valid, beacon1_valid;
1572
1573 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1574 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1575 return;
1576
1577 /* This is the bottom half of the asynchronous beacon update. */
1578
1579 /* Ignore interrupt in the future. */
1580 dev->irq_mask &= ~B43_IRQ_BEACON;
1581
1582 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1583 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1584 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1585
1586 /* Schedule interrupt manually, if busy. */
1587 if (beacon0_valid && beacon1_valid) {
1588 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1589 dev->irq_mask |= B43_IRQ_BEACON;
1590 return;
1591 }
1592
1593 if (unlikely(wl->beacon_templates_virgin)) {
1594 /* We never uploaded a beacon before.
1595 * Upload both templates now, but only mark one valid. */
1596 wl->beacon_templates_virgin = 0;
1597 b43_upload_beacon0(dev);
1598 b43_upload_beacon1(dev);
1599 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1600 cmd |= B43_MACCMD_BEACON0_VALID;
1601 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1602 } else {
1603 if (!beacon0_valid) {
1604 b43_upload_beacon0(dev);
1605 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1606 cmd |= B43_MACCMD_BEACON0_VALID;
1607 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1608 } else if (!beacon1_valid) {
1609 b43_upload_beacon1(dev);
1610 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1611 cmd |= B43_MACCMD_BEACON1_VALID;
1612 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1613 }
1614 }
1615 }
1616
1617 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1618 {
1619 u32 old_irq_mask = dev->irq_mask;
1620
1621 /* update beacon right away or defer to irq */
1622 handle_irq_beacon(dev);
1623 if (old_irq_mask != dev->irq_mask) {
1624 /* The handler updated the IRQ mask. */
1625 B43_WARN_ON(!dev->irq_mask);
1626 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1627 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1628 } else {
1629 /* Device interrupts are currently disabled. That means
1630 * we just ran the hardirq handler and scheduled the
1631 * IRQ thread. The thread will write the IRQ mask when
1632 * it finished, so there's nothing to do here. Writing
1633 * the mask _here_ would incorrectly re-enable IRQs. */
1634 }
1635 }
1636 }
1637
1638 static void b43_beacon_update_trigger_work(struct work_struct *work)
1639 {
1640 struct b43_wl *wl = container_of(work, struct b43_wl,
1641 beacon_update_trigger);
1642 struct b43_wldev *dev;
1643
1644 mutex_lock(&wl->mutex);
1645 dev = wl->current_dev;
1646 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1647 if (dev->sdev->bus->bustype == SSB_BUSTYPE_SDIO) {
1648 /* wl->mutex is enough. */
1649 b43_do_beacon_update_trigger_work(dev);
1650 mmiowb();
1651 } else {
1652 spin_lock_irq(&wl->hardirq_lock);
1653 b43_do_beacon_update_trigger_work(dev);
1654 mmiowb();
1655 spin_unlock_irq(&wl->hardirq_lock);
1656 }
1657 }
1658 mutex_unlock(&wl->mutex);
1659 }
1660
1661 /* Asynchronously update the packet templates in template RAM.
1662 * Locking: Requires wl->mutex to be locked. */
1663 static void b43_update_templates(struct b43_wl *wl)
1664 {
1665 struct sk_buff *beacon;
1666
1667 /* This is the top half of the ansynchronous beacon update.
1668 * The bottom half is the beacon IRQ.
1669 * Beacon update must be asynchronous to avoid sending an
1670 * invalid beacon. This can happen for example, if the firmware
1671 * transmits a beacon while we are updating it. */
1672
1673 /* We could modify the existing beacon and set the aid bit in
1674 * the TIM field, but that would probably require resizing and
1675 * moving of data within the beacon template.
1676 * Simply request a new beacon and let mac80211 do the hard work. */
1677 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1678 if (unlikely(!beacon))
1679 return;
1680
1681 if (wl->current_beacon)
1682 dev_kfree_skb_any(wl->current_beacon);
1683 wl->current_beacon = beacon;
1684 wl->beacon0_uploaded = 0;
1685 wl->beacon1_uploaded = 0;
1686 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1687 }
1688
1689 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1690 {
1691 b43_time_lock(dev);
1692 if (dev->sdev->id.revision >= 3) {
1693 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1694 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1695 } else {
1696 b43_write16(dev, 0x606, (beacon_int >> 6));
1697 b43_write16(dev, 0x610, beacon_int);
1698 }
1699 b43_time_unlock(dev);
1700 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1701 }
1702
1703 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1704 {
1705 u16 reason;
1706
1707 /* Read the register that contains the reason code for the panic. */
1708 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1709 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1710
1711 switch (reason) {
1712 default:
1713 b43dbg(dev->wl, "The panic reason is unknown.\n");
1714 /* fallthrough */
1715 case B43_FWPANIC_DIE:
1716 /* Do not restart the controller or firmware.
1717 * The device is nonfunctional from now on.
1718 * Restarting would result in this panic to trigger again,
1719 * so we avoid that recursion. */
1720 break;
1721 case B43_FWPANIC_RESTART:
1722 b43_controller_restart(dev, "Microcode panic");
1723 break;
1724 }
1725 }
1726
1727 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1728 {
1729 unsigned int i, cnt;
1730 u16 reason, marker_id, marker_line;
1731 __le16 *buf;
1732
1733 /* The proprietary firmware doesn't have this IRQ. */
1734 if (!dev->fw.opensource)
1735 return;
1736
1737 /* Read the register that contains the reason code for this IRQ. */
1738 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1739
1740 switch (reason) {
1741 case B43_DEBUGIRQ_PANIC:
1742 b43_handle_firmware_panic(dev);
1743 break;
1744 case B43_DEBUGIRQ_DUMP_SHM:
1745 if (!B43_DEBUG)
1746 break; /* Only with driver debugging enabled. */
1747 buf = kmalloc(4096, GFP_ATOMIC);
1748 if (!buf) {
1749 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1750 goto out;
1751 }
1752 for (i = 0; i < 4096; i += 2) {
1753 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1754 buf[i / 2] = cpu_to_le16(tmp);
1755 }
1756 b43info(dev->wl, "Shared memory dump:\n");
1757 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1758 16, 2, buf, 4096, 1);
1759 kfree(buf);
1760 break;
1761 case B43_DEBUGIRQ_DUMP_REGS:
1762 if (!B43_DEBUG)
1763 break; /* Only with driver debugging enabled. */
1764 b43info(dev->wl, "Microcode register dump:\n");
1765 for (i = 0, cnt = 0; i < 64; i++) {
1766 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1767 if (cnt == 0)
1768 printk(KERN_INFO);
1769 printk("r%02u: 0x%04X ", i, tmp);
1770 cnt++;
1771 if (cnt == 6) {
1772 printk("\n");
1773 cnt = 0;
1774 }
1775 }
1776 printk("\n");
1777 break;
1778 case B43_DEBUGIRQ_MARKER:
1779 if (!B43_DEBUG)
1780 break; /* Only with driver debugging enabled. */
1781 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1782 B43_MARKER_ID_REG);
1783 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1784 B43_MARKER_LINE_REG);
1785 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1786 "at line number %u\n",
1787 marker_id, marker_line);
1788 break;
1789 default:
1790 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1791 reason);
1792 }
1793 out:
1794 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1795 b43_shm_write16(dev, B43_SHM_SCRATCH,
1796 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1797 }
1798
1799 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1800 {
1801 u32 reason;
1802 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1803 u32 merged_dma_reason = 0;
1804 int i;
1805
1806 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1807 return;
1808
1809 reason = dev->irq_reason;
1810 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1811 dma_reason[i] = dev->dma_reason[i];
1812 merged_dma_reason |= dma_reason[i];
1813 }
1814
1815 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1816 b43err(dev->wl, "MAC transmission error\n");
1817
1818 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1819 b43err(dev->wl, "PHY transmission error\n");
1820 rmb();
1821 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1822 atomic_set(&dev->phy.txerr_cnt,
1823 B43_PHY_TX_BADNESS_LIMIT);
1824 b43err(dev->wl, "Too many PHY TX errors, "
1825 "restarting the controller\n");
1826 b43_controller_restart(dev, "PHY TX errors");
1827 }
1828 }
1829
1830 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1831 B43_DMAIRQ_NONFATALMASK))) {
1832 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1833 b43err(dev->wl, "Fatal DMA error: "
1834 "0x%08X, 0x%08X, 0x%08X, "
1835 "0x%08X, 0x%08X, 0x%08X\n",
1836 dma_reason[0], dma_reason[1],
1837 dma_reason[2], dma_reason[3],
1838 dma_reason[4], dma_reason[5]);
1839 b43err(dev->wl, "This device does not support DMA "
1840 "on your system. It will now be switched to PIO.\n");
1841 /* Fall back to PIO transfers if we get fatal DMA errors! */
1842 dev->use_pio = 1;
1843 b43_controller_restart(dev, "DMA error");
1844 return;
1845 }
1846 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1847 b43err(dev->wl, "DMA error: "
1848 "0x%08X, 0x%08X, 0x%08X, "
1849 "0x%08X, 0x%08X, 0x%08X\n",
1850 dma_reason[0], dma_reason[1],
1851 dma_reason[2], dma_reason[3],
1852 dma_reason[4], dma_reason[5]);
1853 }
1854 }
1855
1856 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1857 handle_irq_ucode_debug(dev);
1858 if (reason & B43_IRQ_TBTT_INDI)
1859 handle_irq_tbtt_indication(dev);
1860 if (reason & B43_IRQ_ATIM_END)
1861 handle_irq_atim_end(dev);
1862 if (reason & B43_IRQ_BEACON)
1863 handle_irq_beacon(dev);
1864 if (reason & B43_IRQ_PMQ)
1865 handle_irq_pmq(dev);
1866 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1867 ;/* TODO */
1868 if (reason & B43_IRQ_NOISESAMPLE_OK)
1869 handle_irq_noise(dev);
1870
1871 /* Check the DMA reason registers for received data. */
1872 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1873 if (b43_using_pio_transfers(dev))
1874 b43_pio_rx(dev->pio.rx_queue);
1875 else
1876 b43_dma_rx(dev->dma.rx_ring);
1877 }
1878 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1879 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1880 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1881 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1882 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1883
1884 if (reason & B43_IRQ_TX_OK)
1885 handle_irq_transmit_status(dev);
1886
1887 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1888 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1889
1890 #if B43_DEBUG
1891 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1892 dev->irq_count++;
1893 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1894 if (reason & (1 << i))
1895 dev->irq_bit_count[i]++;
1896 }
1897 }
1898 #endif
1899 }
1900
1901 /* Interrupt thread handler. Handles device interrupts in thread context. */
1902 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1903 {
1904 struct b43_wldev *dev = dev_id;
1905
1906 mutex_lock(&dev->wl->mutex);
1907 b43_do_interrupt_thread(dev);
1908 mmiowb();
1909 mutex_unlock(&dev->wl->mutex);
1910
1911 return IRQ_HANDLED;
1912 }
1913
1914 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1915 {
1916 u32 reason;
1917
1918 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1919 * On SDIO, this runs under wl->mutex. */
1920
1921 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1922 if (reason == 0xffffffff) /* shared IRQ */
1923 return IRQ_NONE;
1924 reason &= dev->irq_mask;
1925 if (!reason)
1926 return IRQ_HANDLED;
1927
1928 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1929 & 0x0001DC00;
1930 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1931 & 0x0000DC00;
1932 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1933 & 0x0000DC00;
1934 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1935 & 0x0001DC00;
1936 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1937 & 0x0000DC00;
1938 /* Unused ring
1939 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1940 & 0x0000DC00;
1941 */
1942
1943 /* ACK the interrupt. */
1944 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1945 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1946 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1947 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1948 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1949 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1950 /* Unused ring
1951 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1952 */
1953
1954 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1955 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1956 /* Save the reason bitmasks for the IRQ thread handler. */
1957 dev->irq_reason = reason;
1958
1959 return IRQ_WAKE_THREAD;
1960 }
1961
1962 /* Interrupt handler top-half. This runs with interrupts disabled. */
1963 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1964 {
1965 struct b43_wldev *dev = dev_id;
1966 irqreturn_t ret;
1967
1968 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1969 return IRQ_NONE;
1970
1971 spin_lock(&dev->wl->hardirq_lock);
1972 ret = b43_do_interrupt(dev);
1973 mmiowb();
1974 spin_unlock(&dev->wl->hardirq_lock);
1975
1976 return ret;
1977 }
1978
1979 /* SDIO interrupt handler. This runs in process context. */
1980 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
1981 {
1982 struct b43_wl *wl = dev->wl;
1983 irqreturn_t ret;
1984
1985 mutex_lock(&wl->mutex);
1986
1987 ret = b43_do_interrupt(dev);
1988 if (ret == IRQ_WAKE_THREAD)
1989 b43_do_interrupt_thread(dev);
1990
1991 mutex_unlock(&wl->mutex);
1992 }
1993
1994 void b43_do_release_fw(struct b43_firmware_file *fw)
1995 {
1996 release_firmware(fw->data);
1997 fw->data = NULL;
1998 fw->filename = NULL;
1999 }
2000
2001 static void b43_release_firmware(struct b43_wldev *dev)
2002 {
2003 b43_do_release_fw(&dev->fw.ucode);
2004 b43_do_release_fw(&dev->fw.pcm);
2005 b43_do_release_fw(&dev->fw.initvals);
2006 b43_do_release_fw(&dev->fw.initvals_band);
2007 }
2008
2009 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2010 {
2011 const char text[] =
2012 "You must go to " \
2013 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2014 "and download the correct firmware for this driver version. " \
2015 "Please carefully read all instructions on this website.\n";
2016
2017 if (error)
2018 b43err(wl, text);
2019 else
2020 b43warn(wl, text);
2021 }
2022
2023 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2024 const char *name,
2025 struct b43_firmware_file *fw)
2026 {
2027 const struct firmware *blob;
2028 struct b43_fw_header *hdr;
2029 u32 size;
2030 int err;
2031
2032 if (!name) {
2033 /* Don't fetch anything. Free possibly cached firmware. */
2034 /* FIXME: We should probably keep it anyway, to save some headache
2035 * on suspend/resume with multiband devices. */
2036 b43_do_release_fw(fw);
2037 return 0;
2038 }
2039 if (fw->filename) {
2040 if ((fw->type == ctx->req_type) &&
2041 (strcmp(fw->filename, name) == 0))
2042 return 0; /* Already have this fw. */
2043 /* Free the cached firmware first. */
2044 /* FIXME: We should probably do this later after we successfully
2045 * got the new fw. This could reduce headache with multiband devices.
2046 * We could also redesign this to cache the firmware for all possible
2047 * bands all the time. */
2048 b43_do_release_fw(fw);
2049 }
2050
2051 switch (ctx->req_type) {
2052 case B43_FWTYPE_PROPRIETARY:
2053 snprintf(ctx->fwname, sizeof(ctx->fwname),
2054 "b43%s/%s.fw",
2055 modparam_fwpostfix, name);
2056 break;
2057 case B43_FWTYPE_OPENSOURCE:
2058 snprintf(ctx->fwname, sizeof(ctx->fwname),
2059 "b43-open%s/%s.fw",
2060 modparam_fwpostfix, name);
2061 break;
2062 default:
2063 B43_WARN_ON(1);
2064 return -ENOSYS;
2065 }
2066 err = request_firmware(&blob, ctx->fwname, ctx->dev->sdev->dev);
2067 if (err == -ENOENT) {
2068 snprintf(ctx->errors[ctx->req_type],
2069 sizeof(ctx->errors[ctx->req_type]),
2070 "Firmware file \"%s\" not found\n", ctx->fwname);
2071 return err;
2072 } else if (err) {
2073 snprintf(ctx->errors[ctx->req_type],
2074 sizeof(ctx->errors[ctx->req_type]),
2075 "Firmware file \"%s\" request failed (err=%d)\n",
2076 ctx->fwname, err);
2077 return err;
2078 }
2079 if (blob->size < sizeof(struct b43_fw_header))
2080 goto err_format;
2081 hdr = (struct b43_fw_header *)(blob->data);
2082 switch (hdr->type) {
2083 case B43_FW_TYPE_UCODE:
2084 case B43_FW_TYPE_PCM:
2085 size = be32_to_cpu(hdr->size);
2086 if (size != blob->size - sizeof(struct b43_fw_header))
2087 goto err_format;
2088 /* fallthrough */
2089 case B43_FW_TYPE_IV:
2090 if (hdr->ver != 1)
2091 goto err_format;
2092 break;
2093 default:
2094 goto err_format;
2095 }
2096
2097 fw->data = blob;
2098 fw->filename = name;
2099 fw->type = ctx->req_type;
2100
2101 return 0;
2102
2103 err_format:
2104 snprintf(ctx->errors[ctx->req_type],
2105 sizeof(ctx->errors[ctx->req_type]),
2106 "Firmware file \"%s\" format error.\n", ctx->fwname);
2107 release_firmware(blob);
2108
2109 return -EPROTO;
2110 }
2111
2112 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2113 {
2114 struct b43_wldev *dev = ctx->dev;
2115 struct b43_firmware *fw = &ctx->dev->fw;
2116 const u8 rev = ctx->dev->sdev->id.revision;
2117 const char *filename;
2118 u32 tmshigh;
2119 int err;
2120
2121 /* Get microcode */
2122 if ((rev >= 5) && (rev <= 10))
2123 filename = "ucode5";
2124 else if ((rev >= 11) && (rev <= 12))
2125 filename = "ucode11";
2126 else if (rev == 13)
2127 filename = "ucode13";
2128 else if (rev == 14)
2129 filename = "ucode14";
2130 else if (rev == 15)
2131 filename = "ucode15";
2132 else if ((rev >= 16) && (rev <= 20))
2133 filename = "ucode16_mimo";
2134 else
2135 goto err_no_ucode;
2136 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2137 if (err)
2138 goto err_load;
2139
2140 /* Get PCM code */
2141 if ((rev >= 5) && (rev <= 10))
2142 filename = "pcm5";
2143 else if (rev >= 11)
2144 filename = NULL;
2145 else
2146 goto err_no_pcm;
2147 fw->pcm_request_failed = 0;
2148 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2149 if (err == -ENOENT) {
2150 /* We did not find a PCM file? Not fatal, but
2151 * core rev <= 10 must do without hwcrypto then. */
2152 fw->pcm_request_failed = 1;
2153 } else if (err)
2154 goto err_load;
2155
2156 /* Get initvals */
2157 switch (dev->phy.type) {
2158 case B43_PHYTYPE_A:
2159 if ((rev >= 5) && (rev <= 10)) {
2160 tmshigh = ssb_read32(dev->sdev, SSB_TMSHIGH);
2161 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2162 filename = "a0g1initvals5";
2163 else
2164 filename = "a0g0initvals5";
2165 } else
2166 goto err_no_initvals;
2167 break;
2168 case B43_PHYTYPE_G:
2169 if ((rev >= 5) && (rev <= 10))
2170 filename = "b0g0initvals5";
2171 else if (rev >= 13)
2172 filename = "b0g0initvals13";
2173 else
2174 goto err_no_initvals;
2175 break;
2176 case B43_PHYTYPE_N:
2177 if (rev >= 16)
2178 filename = "n0initvals16";
2179 else if ((rev >= 11) && (rev <= 12))
2180 filename = "n0initvals11";
2181 else
2182 goto err_no_initvals;
2183 break;
2184 case B43_PHYTYPE_LP:
2185 if (rev == 13)
2186 filename = "lp0initvals13";
2187 else if (rev == 14)
2188 filename = "lp0initvals14";
2189 else if (rev >= 15)
2190 filename = "lp0initvals15";
2191 else
2192 goto err_no_initvals;
2193 break;
2194 default:
2195 goto err_no_initvals;
2196 }
2197 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2198 if (err)
2199 goto err_load;
2200
2201 /* Get bandswitch initvals */
2202 switch (dev->phy.type) {
2203 case B43_PHYTYPE_A:
2204 if ((rev >= 5) && (rev <= 10)) {
2205 tmshigh = ssb_read32(dev->sdev, SSB_TMSHIGH);
2206 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2207 filename = "a0g1bsinitvals5";
2208 else
2209 filename = "a0g0bsinitvals5";
2210 } else if (rev >= 11)
2211 filename = NULL;
2212 else
2213 goto err_no_initvals;
2214 break;
2215 case B43_PHYTYPE_G:
2216 if ((rev >= 5) && (rev <= 10))
2217 filename = "b0g0bsinitvals5";
2218 else if (rev >= 11)
2219 filename = NULL;
2220 else
2221 goto err_no_initvals;
2222 break;
2223 case B43_PHYTYPE_N:
2224 if (rev >= 16)
2225 filename = "n0bsinitvals16";
2226 else if ((rev >= 11) && (rev <= 12))
2227 filename = "n0bsinitvals11";
2228 else
2229 goto err_no_initvals;
2230 break;
2231 case B43_PHYTYPE_LP:
2232 if (rev == 13)
2233 filename = "lp0bsinitvals13";
2234 else if (rev == 14)
2235 filename = "lp0bsinitvals14";
2236 else if (rev >= 15)
2237 filename = "lp0bsinitvals15";
2238 else
2239 goto err_no_initvals;
2240 break;
2241 default:
2242 goto err_no_initvals;
2243 }
2244 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2245 if (err)
2246 goto err_load;
2247
2248 return 0;
2249
2250 err_no_ucode:
2251 err = ctx->fatal_failure = -EOPNOTSUPP;
2252 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2253 "is required for your device (wl-core rev %u)\n", rev);
2254 goto error;
2255
2256 err_no_pcm:
2257 err = ctx->fatal_failure = -EOPNOTSUPP;
2258 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2259 "is required for your device (wl-core rev %u)\n", rev);
2260 goto error;
2261
2262 err_no_initvals:
2263 err = ctx->fatal_failure = -EOPNOTSUPP;
2264 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2265 "is required for your device (wl-core rev %u)\n", rev);
2266 goto error;
2267
2268 err_load:
2269 /* We failed to load this firmware image. The error message
2270 * already is in ctx->errors. Return and let our caller decide
2271 * what to do. */
2272 goto error;
2273
2274 error:
2275 b43_release_firmware(dev);
2276 return err;
2277 }
2278
2279 static int b43_request_firmware(struct b43_wldev *dev)
2280 {
2281 struct b43_request_fw_context *ctx;
2282 unsigned int i;
2283 int err;
2284 const char *errmsg;
2285
2286 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2287 if (!ctx)
2288 return -ENOMEM;
2289 ctx->dev = dev;
2290
2291 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2292 err = b43_try_request_fw(ctx);
2293 if (!err)
2294 goto out; /* Successfully loaded it. */
2295 err = ctx->fatal_failure;
2296 if (err)
2297 goto out;
2298
2299 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2300 err = b43_try_request_fw(ctx);
2301 if (!err)
2302 goto out; /* Successfully loaded it. */
2303 err = ctx->fatal_failure;
2304 if (err)
2305 goto out;
2306
2307 /* Could not find a usable firmware. Print the errors. */
2308 for (i = 0; i < B43_NR_FWTYPES; i++) {
2309 errmsg = ctx->errors[i];
2310 if (strlen(errmsg))
2311 b43err(dev->wl, errmsg);
2312 }
2313 b43_print_fw_helptext(dev->wl, 1);
2314 err = -ENOENT;
2315
2316 out:
2317 kfree(ctx);
2318 return err;
2319 }
2320
2321 static int b43_upload_microcode(struct b43_wldev *dev)
2322 {
2323 struct wiphy *wiphy = dev->wl->hw->wiphy;
2324 const size_t hdr_len = sizeof(struct b43_fw_header);
2325 const __be32 *data;
2326 unsigned int i, len;
2327 u16 fwrev, fwpatch, fwdate, fwtime;
2328 u32 tmp, macctl;
2329 int err = 0;
2330
2331 /* Jump the microcode PSM to offset 0 */
2332 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2333 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2334 macctl |= B43_MACCTL_PSM_JMP0;
2335 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2336 /* Zero out all microcode PSM registers and shared memory. */
2337 for (i = 0; i < 64; i++)
2338 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2339 for (i = 0; i < 4096; i += 2)
2340 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2341
2342 /* Upload Microcode. */
2343 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2344 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2345 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2346 for (i = 0; i < len; i++) {
2347 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2348 udelay(10);
2349 }
2350
2351 if (dev->fw.pcm.data) {
2352 /* Upload PCM data. */
2353 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2354 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2355 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2356 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2357 /* No need for autoinc bit in SHM_HW */
2358 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2359 for (i = 0; i < len; i++) {
2360 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2361 udelay(10);
2362 }
2363 }
2364
2365 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2366
2367 /* Start the microcode PSM */
2368 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2369 macctl &= ~B43_MACCTL_PSM_JMP0;
2370 macctl |= B43_MACCTL_PSM_RUN;
2371 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2372
2373 /* Wait for the microcode to load and respond */
2374 i = 0;
2375 while (1) {
2376 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2377 if (tmp == B43_IRQ_MAC_SUSPENDED)
2378 break;
2379 i++;
2380 if (i >= 20) {
2381 b43err(dev->wl, "Microcode not responding\n");
2382 b43_print_fw_helptext(dev->wl, 1);
2383 err = -ENODEV;
2384 goto error;
2385 }
2386 msleep(50);
2387 }
2388 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2389
2390 /* Get and check the revisions. */
2391 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2392 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2393 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2394 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2395
2396 if (fwrev <= 0x128) {
2397 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2398 "binary drivers older than version 4.x is unsupported. "
2399 "You must upgrade your firmware files.\n");
2400 b43_print_fw_helptext(dev->wl, 1);
2401 err = -EOPNOTSUPP;
2402 goto error;
2403 }
2404 dev->fw.rev = fwrev;
2405 dev->fw.patch = fwpatch;
2406 dev->fw.opensource = (fwdate == 0xFFFF);
2407
2408 /* Default to use-all-queues. */
2409 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2410 dev->qos_enabled = !!modparam_qos;
2411 /* Default to firmware/hardware crypto acceleration. */
2412 dev->hwcrypto_enabled = 1;
2413
2414 if (dev->fw.opensource) {
2415 u16 fwcapa;
2416
2417 /* Patchlevel info is encoded in the "time" field. */
2418 dev->fw.patch = fwtime;
2419 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2420 dev->fw.rev, dev->fw.patch);
2421
2422 fwcapa = b43_fwcapa_read(dev);
2423 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2424 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2425 /* Disable hardware crypto and fall back to software crypto. */
2426 dev->hwcrypto_enabled = 0;
2427 }
2428 if (!(fwcapa & B43_FWCAPA_QOS)) {
2429 b43info(dev->wl, "QoS not supported by firmware\n");
2430 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2431 * ieee80211_unregister to make sure the networking core can
2432 * properly free possible resources. */
2433 dev->wl->hw->queues = 1;
2434 dev->qos_enabled = 0;
2435 }
2436 } else {
2437 b43info(dev->wl, "Loading firmware version %u.%u "
2438 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2439 fwrev, fwpatch,
2440 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2441 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2442 if (dev->fw.pcm_request_failed) {
2443 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2444 "Hardware accelerated cryptography is disabled.\n");
2445 b43_print_fw_helptext(dev->wl, 0);
2446 }
2447 }
2448
2449 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2450 dev->fw.rev, dev->fw.patch);
2451 wiphy->hw_version = dev->sdev->id.coreid;
2452
2453 if (b43_is_old_txhdr_format(dev)) {
2454 /* We're over the deadline, but we keep support for old fw
2455 * until it turns out to be in major conflict with something new. */
2456 b43warn(dev->wl, "You are using an old firmware image. "
2457 "Support for old firmware will be removed soon "
2458 "(official deadline was July 2008).\n");
2459 b43_print_fw_helptext(dev->wl, 0);
2460 }
2461
2462 return 0;
2463
2464 error:
2465 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2466 macctl &= ~B43_MACCTL_PSM_RUN;
2467 macctl |= B43_MACCTL_PSM_JMP0;
2468 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2469
2470 return err;
2471 }
2472
2473 static int b43_write_initvals(struct b43_wldev *dev,
2474 const struct b43_iv *ivals,
2475 size_t count,
2476 size_t array_size)
2477 {
2478 const struct b43_iv *iv;
2479 u16 offset;
2480 size_t i;
2481 bool bit32;
2482
2483 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2484 iv = ivals;
2485 for (i = 0; i < count; i++) {
2486 if (array_size < sizeof(iv->offset_size))
2487 goto err_format;
2488 array_size -= sizeof(iv->offset_size);
2489 offset = be16_to_cpu(iv->offset_size);
2490 bit32 = !!(offset & B43_IV_32BIT);
2491 offset &= B43_IV_OFFSET_MASK;
2492 if (offset >= 0x1000)
2493 goto err_format;
2494 if (bit32) {
2495 u32 value;
2496
2497 if (array_size < sizeof(iv->data.d32))
2498 goto err_format;
2499 array_size -= sizeof(iv->data.d32);
2500
2501 value = get_unaligned_be32(&iv->data.d32);
2502 b43_write32(dev, offset, value);
2503
2504 iv = (const struct b43_iv *)((const uint8_t *)iv +
2505 sizeof(__be16) +
2506 sizeof(__be32));
2507 } else {
2508 u16 value;
2509
2510 if (array_size < sizeof(iv->data.d16))
2511 goto err_format;
2512 array_size -= sizeof(iv->data.d16);
2513
2514 value = be16_to_cpu(iv->data.d16);
2515 b43_write16(dev, offset, value);
2516
2517 iv = (const struct b43_iv *)((const uint8_t *)iv +
2518 sizeof(__be16) +
2519 sizeof(__be16));
2520 }
2521 }
2522 if (array_size)
2523 goto err_format;
2524
2525 return 0;
2526
2527 err_format:
2528 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2529 b43_print_fw_helptext(dev->wl, 1);
2530
2531 return -EPROTO;
2532 }
2533
2534 static int b43_upload_initvals(struct b43_wldev *dev)
2535 {
2536 const size_t hdr_len = sizeof(struct b43_fw_header);
2537 const struct b43_fw_header *hdr;
2538 struct b43_firmware *fw = &dev->fw;
2539 const struct b43_iv *ivals;
2540 size_t count;
2541 int err;
2542
2543 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2544 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2545 count = be32_to_cpu(hdr->size);
2546 err = b43_write_initvals(dev, ivals, count,
2547 fw->initvals.data->size - hdr_len);
2548 if (err)
2549 goto out;
2550 if (fw->initvals_band.data) {
2551 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2552 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2553 count = be32_to_cpu(hdr->size);
2554 err = b43_write_initvals(dev, ivals, count,
2555 fw->initvals_band.data->size - hdr_len);
2556 if (err)
2557 goto out;
2558 }
2559 out:
2560
2561 return err;
2562 }
2563
2564 /* Initialize the GPIOs
2565 * http://bcm-specs.sipsolutions.net/GPIO
2566 */
2567 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2568 {
2569 struct ssb_bus *bus = dev->sdev->bus;
2570
2571 #ifdef CONFIG_SSB_DRIVER_PCICORE
2572 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2573 #else
2574 return bus->chipco.dev;
2575 #endif
2576 }
2577
2578 static int b43_gpio_init(struct b43_wldev *dev)
2579 {
2580 struct ssb_device *gpiodev;
2581 u32 mask, set;
2582
2583 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2584 & ~B43_MACCTL_GPOUTSMSK);
2585
2586 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2587 | 0x000F);
2588
2589 mask = 0x0000001F;
2590 set = 0x0000000F;
2591 if (dev->sdev->bus->chip_id == 0x4301) {
2592 mask |= 0x0060;
2593 set |= 0x0060;
2594 }
2595 if (0 /* FIXME: conditional unknown */ ) {
2596 b43_write16(dev, B43_MMIO_GPIO_MASK,
2597 b43_read16(dev, B43_MMIO_GPIO_MASK)
2598 | 0x0100);
2599 mask |= 0x0180;
2600 set |= 0x0180;
2601 }
2602 if (dev->sdev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2603 b43_write16(dev, B43_MMIO_GPIO_MASK,
2604 b43_read16(dev, B43_MMIO_GPIO_MASK)
2605 | 0x0200);
2606 mask |= 0x0200;
2607 set |= 0x0200;
2608 }
2609 if (dev->sdev->id.revision >= 2)
2610 mask |= 0x0010; /* FIXME: This is redundant. */
2611
2612 gpiodev = b43_ssb_gpio_dev(dev);
2613 if (gpiodev)
2614 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2615 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2616 & mask) | set);
2617
2618 return 0;
2619 }
2620
2621 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2622 static void b43_gpio_cleanup(struct b43_wldev *dev)
2623 {
2624 struct ssb_device *gpiodev;
2625
2626 gpiodev = b43_ssb_gpio_dev(dev);
2627 if (gpiodev)
2628 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2629 }
2630
2631 /* http://bcm-specs.sipsolutions.net/EnableMac */
2632 void b43_mac_enable(struct b43_wldev *dev)
2633 {
2634 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2635 u16 fwstate;
2636
2637 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2638 B43_SHM_SH_UCODESTAT);
2639 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2640 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2641 b43err(dev->wl, "b43_mac_enable(): The firmware "
2642 "should be suspended, but current state is %u\n",
2643 fwstate);
2644 }
2645 }
2646
2647 dev->mac_suspended--;
2648 B43_WARN_ON(dev->mac_suspended < 0);
2649 if (dev->mac_suspended == 0) {
2650 b43_write32(dev, B43_MMIO_MACCTL,
2651 b43_read32(dev, B43_MMIO_MACCTL)
2652 | B43_MACCTL_ENABLED);
2653 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2654 B43_IRQ_MAC_SUSPENDED);
2655 /* Commit writes */
2656 b43_read32(dev, B43_MMIO_MACCTL);
2657 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2658 b43_power_saving_ctl_bits(dev, 0);
2659 }
2660 }
2661
2662 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2663 void b43_mac_suspend(struct b43_wldev *dev)
2664 {
2665 int i;
2666 u32 tmp;
2667
2668 might_sleep();
2669 B43_WARN_ON(dev->mac_suspended < 0);
2670
2671 if (dev->mac_suspended == 0) {
2672 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2673 b43_write32(dev, B43_MMIO_MACCTL,
2674 b43_read32(dev, B43_MMIO_MACCTL)
2675 & ~B43_MACCTL_ENABLED);
2676 /* force pci to flush the write */
2677 b43_read32(dev, B43_MMIO_MACCTL);
2678 for (i = 35; i; i--) {
2679 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2680 if (tmp & B43_IRQ_MAC_SUSPENDED)
2681 goto out;
2682 udelay(10);
2683 }
2684 /* Hm, it seems this will take some time. Use msleep(). */
2685 for (i = 40; i; i--) {
2686 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2687 if (tmp & B43_IRQ_MAC_SUSPENDED)
2688 goto out;
2689 msleep(1);
2690 }
2691 b43err(dev->wl, "MAC suspend failed\n");
2692 }
2693 out:
2694 dev->mac_suspended++;
2695 }
2696
2697 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2698 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2699 {
2700 u32 tmslow = ssb_read32(dev->sdev, SSB_TMSLOW);
2701 if (on)
2702 tmslow |= B43_TMSLOW_MACPHYCLKEN;
2703 else
2704 tmslow &= ~B43_TMSLOW_MACPHYCLKEN;
2705 ssb_write32(dev->sdev, SSB_TMSLOW, tmslow);
2706 }
2707
2708 static void b43_adjust_opmode(struct b43_wldev *dev)
2709 {
2710 struct b43_wl *wl = dev->wl;
2711 u32 ctl;
2712 u16 cfp_pretbtt;
2713
2714 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2715 /* Reset status to STA infrastructure mode. */
2716 ctl &= ~B43_MACCTL_AP;
2717 ctl &= ~B43_MACCTL_KEEP_CTL;
2718 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2719 ctl &= ~B43_MACCTL_KEEP_BAD;
2720 ctl &= ~B43_MACCTL_PROMISC;
2721 ctl &= ~B43_MACCTL_BEACPROMISC;
2722 ctl |= B43_MACCTL_INFRA;
2723
2724 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2725 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2726 ctl |= B43_MACCTL_AP;
2727 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2728 ctl &= ~B43_MACCTL_INFRA;
2729
2730 if (wl->filter_flags & FIF_CONTROL)
2731 ctl |= B43_MACCTL_KEEP_CTL;
2732 if (wl->filter_flags & FIF_FCSFAIL)
2733 ctl |= B43_MACCTL_KEEP_BAD;
2734 if (wl->filter_flags & FIF_PLCPFAIL)
2735 ctl |= B43_MACCTL_KEEP_BADPLCP;
2736 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2737 ctl |= B43_MACCTL_PROMISC;
2738 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2739 ctl |= B43_MACCTL_BEACPROMISC;
2740
2741 /* Workaround: On old hardware the HW-MAC-address-filter
2742 * doesn't work properly, so always run promisc in filter
2743 * it in software. */
2744 if (dev->sdev->id.revision <= 4)
2745 ctl |= B43_MACCTL_PROMISC;
2746
2747 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2748
2749 cfp_pretbtt = 2;
2750 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2751 if (dev->sdev->bus->chip_id == 0x4306 &&
2752 dev->sdev->bus->chip_rev == 3)
2753 cfp_pretbtt = 100;
2754 else
2755 cfp_pretbtt = 50;
2756 }
2757 b43_write16(dev, 0x612, cfp_pretbtt);
2758
2759 /* FIXME: We don't currently implement the PMQ mechanism,
2760 * so always disable it. If we want to implement PMQ,
2761 * we need to enable it here (clear DISCPMQ) in AP mode.
2762 */
2763 if (0 /* ctl & B43_MACCTL_AP */) {
2764 b43_write32(dev, B43_MMIO_MACCTL,
2765 b43_read32(dev, B43_MMIO_MACCTL)
2766 & ~B43_MACCTL_DISCPMQ);
2767 } else {
2768 b43_write32(dev, B43_MMIO_MACCTL,
2769 b43_read32(dev, B43_MMIO_MACCTL)
2770 | B43_MACCTL_DISCPMQ);
2771 }
2772 }
2773
2774 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2775 {
2776 u16 offset;
2777
2778 if (is_ofdm) {
2779 offset = 0x480;
2780 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2781 } else {
2782 offset = 0x4C0;
2783 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2784 }
2785 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2786 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2787 }
2788
2789 static void b43_rate_memory_init(struct b43_wldev *dev)
2790 {
2791 switch (dev->phy.type) {
2792 case B43_PHYTYPE_A:
2793 case B43_PHYTYPE_G:
2794 case B43_PHYTYPE_N:
2795 case B43_PHYTYPE_LP:
2796 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2797 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2798 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2799 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2800 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2801 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2802 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2803 if (dev->phy.type == B43_PHYTYPE_A)
2804 break;
2805 /* fallthrough */
2806 case B43_PHYTYPE_B:
2807 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2808 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2809 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2810 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2811 break;
2812 default:
2813 B43_WARN_ON(1);
2814 }
2815 }
2816
2817 /* Set the default values for the PHY TX Control Words. */
2818 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2819 {
2820 u16 ctl = 0;
2821
2822 ctl |= B43_TXH_PHY_ENC_CCK;
2823 ctl |= B43_TXH_PHY_ANT01AUTO;
2824 ctl |= B43_TXH_PHY_TXPWR;
2825
2826 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2827 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2828 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2829 }
2830
2831 /* Set the TX-Antenna for management frames sent by firmware. */
2832 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2833 {
2834 u16 ant;
2835 u16 tmp;
2836
2837 ant = b43_antenna_to_phyctl(antenna);
2838
2839 /* For ACK/CTS */
2840 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2841 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2842 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2843 /* For Probe Resposes */
2844 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2845 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2846 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2847 }
2848
2849 /* This is the opposite of b43_chip_init() */
2850 static void b43_chip_exit(struct b43_wldev *dev)
2851 {
2852 b43_phy_exit(dev);
2853 b43_gpio_cleanup(dev);
2854 /* firmware is released later */
2855 }
2856
2857 /* Initialize the chip
2858 * http://bcm-specs.sipsolutions.net/ChipInit
2859 */
2860 static int b43_chip_init(struct b43_wldev *dev)
2861 {
2862 struct b43_phy *phy = &dev->phy;
2863 int err;
2864 u32 macctl;
2865 u16 value16;
2866
2867 /* Initialize the MAC control */
2868 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2869 if (dev->phy.gmode)
2870 macctl |= B43_MACCTL_GMODE;
2871 macctl |= B43_MACCTL_INFRA;
2872 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2873
2874 err = b43_request_firmware(dev);
2875 if (err)
2876 goto out;
2877 err = b43_upload_microcode(dev);
2878 if (err)
2879 goto out; /* firmware is released later */
2880
2881 err = b43_gpio_init(dev);
2882 if (err)
2883 goto out; /* firmware is released later */
2884
2885 err = b43_upload_initvals(dev);
2886 if (err)
2887 goto err_gpio_clean;
2888
2889 /* Turn the Analog on and initialize the PHY. */
2890 phy->ops->switch_analog(dev, 1);
2891 err = b43_phy_init(dev);
2892 if (err)
2893 goto err_gpio_clean;
2894
2895 /* Disable Interference Mitigation. */
2896 if (phy->ops->interf_mitigation)
2897 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2898
2899 /* Select the antennae */
2900 if (phy->ops->set_rx_antenna)
2901 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2902 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2903
2904 if (phy->type == B43_PHYTYPE_B) {
2905 value16 = b43_read16(dev, 0x005E);
2906 value16 |= 0x0004;
2907 b43_write16(dev, 0x005E, value16);
2908 }
2909 b43_write32(dev, 0x0100, 0x01000000);
2910 if (dev->sdev->id.revision < 5)
2911 b43_write32(dev, 0x010C, 0x01000000);
2912
2913 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2914 & ~B43_MACCTL_INFRA);
2915 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2916 | B43_MACCTL_INFRA);
2917
2918 /* Probe Response Timeout value */
2919 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2920 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2921
2922 /* Initially set the wireless operation mode. */
2923 b43_adjust_opmode(dev);
2924
2925 if (dev->sdev->id.revision < 3) {
2926 b43_write16(dev, 0x060E, 0x0000);
2927 b43_write16(dev, 0x0610, 0x8000);
2928 b43_write16(dev, 0x0604, 0x0000);
2929 b43_write16(dev, 0x0606, 0x0200);
2930 } else {
2931 b43_write32(dev, 0x0188, 0x80000000);
2932 b43_write32(dev, 0x018C, 0x02000000);
2933 }
2934 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2935 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2936 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2937 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2938 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2939 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2940 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2941
2942 b43_mac_phy_clock_set(dev, true);
2943
2944 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2945 dev->sdev->bus->chipco.fast_pwrup_delay);
2946
2947 err = 0;
2948 b43dbg(dev->wl, "Chip initialized\n");
2949 out:
2950 return err;
2951
2952 err_gpio_clean:
2953 b43_gpio_cleanup(dev);
2954 return err;
2955 }
2956
2957 static void b43_periodic_every60sec(struct b43_wldev *dev)
2958 {
2959 const struct b43_phy_operations *ops = dev->phy.ops;
2960
2961 if (ops->pwork_60sec)
2962 ops->pwork_60sec(dev);
2963
2964 /* Force check the TX power emission now. */
2965 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2966 }
2967
2968 static void b43_periodic_every30sec(struct b43_wldev *dev)
2969 {
2970 /* Update device statistics. */
2971 b43_calculate_link_quality(dev);
2972 }
2973
2974 static void b43_periodic_every15sec(struct b43_wldev *dev)
2975 {
2976 struct b43_phy *phy = &dev->phy;
2977 u16 wdr;
2978
2979 if (dev->fw.opensource) {
2980 /* Check if the firmware is still alive.
2981 * It will reset the watchdog counter to 0 in its idle loop. */
2982 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2983 if (unlikely(wdr)) {
2984 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2985 b43_controller_restart(dev, "Firmware watchdog");
2986 return;
2987 } else {
2988 b43_shm_write16(dev, B43_SHM_SCRATCH,
2989 B43_WATCHDOG_REG, 1);
2990 }
2991 }
2992
2993 if (phy->ops->pwork_15sec)
2994 phy->ops->pwork_15sec(dev);
2995
2996 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2997 wmb();
2998
2999 #if B43_DEBUG
3000 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3001 unsigned int i;
3002
3003 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3004 dev->irq_count / 15,
3005 dev->tx_count / 15,
3006 dev->rx_count / 15);
3007 dev->irq_count = 0;
3008 dev->tx_count = 0;
3009 dev->rx_count = 0;
3010 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3011 if (dev->irq_bit_count[i]) {
3012 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3013 dev->irq_bit_count[i] / 15, i, (1 << i));
3014 dev->irq_bit_count[i] = 0;
3015 }
3016 }
3017 }
3018 #endif
3019 }
3020
3021 static void do_periodic_work(struct b43_wldev *dev)
3022 {
3023 unsigned int state;
3024
3025 state = dev->periodic_state;
3026 if (state % 4 == 0)
3027 b43_periodic_every60sec(dev);
3028 if (state % 2 == 0)
3029 b43_periodic_every30sec(dev);
3030 b43_periodic_every15sec(dev);
3031 }
3032
3033 /* Periodic work locking policy:
3034 * The whole periodic work handler is protected by
3035 * wl->mutex. If another lock is needed somewhere in the
3036 * pwork callchain, it's acquired in-place, where it's needed.
3037 */
3038 static void b43_periodic_work_handler(struct work_struct *work)
3039 {
3040 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3041 periodic_work.work);
3042 struct b43_wl *wl = dev->wl;
3043 unsigned long delay;
3044
3045 mutex_lock(&wl->mutex);
3046
3047 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3048 goto out;
3049 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3050 goto out_requeue;
3051
3052 do_periodic_work(dev);
3053
3054 dev->periodic_state++;
3055 out_requeue:
3056 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3057 delay = msecs_to_jiffies(50);
3058 else
3059 delay = round_jiffies_relative(HZ * 15);
3060 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3061 out:
3062 mutex_unlock(&wl->mutex);
3063 }
3064
3065 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3066 {
3067 struct delayed_work *work = &dev->periodic_work;
3068
3069 dev->periodic_state = 0;
3070 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3071 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3072 }
3073
3074 /* Check if communication with the device works correctly. */
3075 static int b43_validate_chipaccess(struct b43_wldev *dev)
3076 {
3077 u32 v, backup0, backup4;
3078
3079 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3080 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3081
3082 /* Check for read/write and endianness problems. */
3083 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3084 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3085 goto error;
3086 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3087 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3088 goto error;
3089
3090 /* Check if unaligned 32bit SHM_SHARED access works properly.
3091 * However, don't bail out on failure, because it's noncritical. */
3092 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3093 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3094 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3095 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3096 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3097 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3098 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3099 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3100 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3101 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3102 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3103 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3104
3105 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3106 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3107
3108 if ((dev->sdev->id.revision >= 3) && (dev->sdev->id.revision <= 10)) {
3109 /* The 32bit register shadows the two 16bit registers
3110 * with update sideeffects. Validate this. */
3111 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3112 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3113 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3114 goto error;
3115 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3116 goto error;
3117 }
3118 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3119
3120 v = b43_read32(dev, B43_MMIO_MACCTL);
3121 v |= B43_MACCTL_GMODE;
3122 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3123 goto error;
3124
3125 return 0;
3126 error:
3127 b43err(dev->wl, "Failed to validate the chipaccess\n");
3128 return -ENODEV;
3129 }
3130
3131 static void b43_security_init(struct b43_wldev *dev)
3132 {
3133 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3134 /* KTP is a word address, but we address SHM bytewise.
3135 * So multiply by two.
3136 */
3137 dev->ktp *= 2;
3138 /* Number of RCMTA address slots */
3139 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3140 /* Clear the key memory. */
3141 b43_clear_keys(dev);
3142 }
3143
3144 #ifdef CONFIG_B43_HWRNG
3145 static int b43_rng_read(struct hwrng *rng, u32 *data)
3146 {
3147 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3148 struct b43_wldev *dev;
3149 int count = -ENODEV;
3150
3151 mutex_lock(&wl->mutex);
3152 dev = wl->current_dev;
3153 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3154 *data = b43_read16(dev, B43_MMIO_RNG);
3155 count = sizeof(u16);
3156 }
3157 mutex_unlock(&wl->mutex);
3158
3159 return count;
3160 }
3161 #endif /* CONFIG_B43_HWRNG */
3162
3163 static void b43_rng_exit(struct b43_wl *wl)
3164 {
3165 #ifdef CONFIG_B43_HWRNG
3166 if (wl->rng_initialized)
3167 hwrng_unregister(&wl->rng);
3168 #endif /* CONFIG_B43_HWRNG */
3169 }
3170
3171 static int b43_rng_init(struct b43_wl *wl)
3172 {
3173 int err = 0;
3174
3175 #ifdef CONFIG_B43_HWRNG
3176 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3177 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3178 wl->rng.name = wl->rng_name;
3179 wl->rng.data_read = b43_rng_read;
3180 wl->rng.priv = (unsigned long)wl;
3181 wl->rng_initialized = 1;
3182 err = hwrng_register(&wl->rng);
3183 if (err) {
3184 wl->rng_initialized = 0;
3185 b43err(wl, "Failed to register the random "
3186 "number generator (%d)\n", err);
3187 }
3188 #endif /* CONFIG_B43_HWRNG */
3189
3190 return err;
3191 }
3192
3193 static void b43_tx_work(struct work_struct *work)
3194 {
3195 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3196 struct b43_wldev *dev;
3197 struct sk_buff *skb;
3198 int err = 0;
3199
3200 mutex_lock(&wl->mutex);
3201 dev = wl->current_dev;
3202 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3203 mutex_unlock(&wl->mutex);
3204 return;
3205 }
3206
3207 while (skb_queue_len(&wl->tx_queue)) {
3208 skb = skb_dequeue(&wl->tx_queue);
3209
3210 if (b43_using_pio_transfers(dev))
3211 err = b43_pio_tx(dev, skb);
3212 else
3213 err = b43_dma_tx(dev, skb);
3214 if (unlikely(err))
3215 dev_kfree_skb(skb); /* Drop it */
3216 }
3217
3218 #if B43_DEBUG
3219 dev->tx_count++;
3220 #endif
3221 mutex_unlock(&wl->mutex);
3222 }
3223
3224 static void b43_op_tx(struct ieee80211_hw *hw,
3225 struct sk_buff *skb)
3226 {
3227 struct b43_wl *wl = hw_to_b43_wl(hw);
3228
3229 if (unlikely(skb->len < 2 + 2 + 6)) {
3230 /* Too short, this can't be a valid frame. */
3231 dev_kfree_skb_any(skb);
3232 return;
3233 }
3234 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3235
3236 skb_queue_tail(&wl->tx_queue, skb);
3237 ieee80211_queue_work(wl->hw, &wl->tx_work);
3238 }
3239
3240 static void b43_qos_params_upload(struct b43_wldev *dev,
3241 const struct ieee80211_tx_queue_params *p,
3242 u16 shm_offset)
3243 {
3244 u16 params[B43_NR_QOSPARAMS];
3245 int bslots, tmp;
3246 unsigned int i;
3247
3248 if (!dev->qos_enabled)
3249 return;
3250
3251 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3252
3253 memset(&params, 0, sizeof(params));
3254
3255 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3256 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3257 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3258 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3259 params[B43_QOSPARAM_AIFS] = p->aifs;
3260 params[B43_QOSPARAM_BSLOTS] = bslots;
3261 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3262
3263 for (i = 0; i < ARRAY_SIZE(params); i++) {
3264 if (i == B43_QOSPARAM_STATUS) {
3265 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3266 shm_offset + (i * 2));
3267 /* Mark the parameters as updated. */
3268 tmp |= 0x100;
3269 b43_shm_write16(dev, B43_SHM_SHARED,
3270 shm_offset + (i * 2),
3271 tmp);
3272 } else {
3273 b43_shm_write16(dev, B43_SHM_SHARED,
3274 shm_offset + (i * 2),
3275 params[i]);
3276 }
3277 }
3278 }
3279
3280 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3281 static const u16 b43_qos_shm_offsets[] = {
3282 /* [mac80211-queue-nr] = SHM_OFFSET, */
3283 [0] = B43_QOS_VOICE,
3284 [1] = B43_QOS_VIDEO,
3285 [2] = B43_QOS_BESTEFFORT,
3286 [3] = B43_QOS_BACKGROUND,
3287 };
3288
3289 /* Update all QOS parameters in hardware. */
3290 static void b43_qos_upload_all(struct b43_wldev *dev)
3291 {
3292 struct b43_wl *wl = dev->wl;
3293 struct b43_qos_params *params;
3294 unsigned int i;
3295
3296 if (!dev->qos_enabled)
3297 return;
3298
3299 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3300 ARRAY_SIZE(wl->qos_params));
3301
3302 b43_mac_suspend(dev);
3303 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3304 params = &(wl->qos_params[i]);
3305 b43_qos_params_upload(dev, &(params->p),
3306 b43_qos_shm_offsets[i]);
3307 }
3308 b43_mac_enable(dev);
3309 }
3310
3311 static void b43_qos_clear(struct b43_wl *wl)
3312 {
3313 struct b43_qos_params *params;
3314 unsigned int i;
3315
3316 /* Initialize QoS parameters to sane defaults. */
3317
3318 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3319 ARRAY_SIZE(wl->qos_params));
3320
3321 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3322 params = &(wl->qos_params[i]);
3323
3324 switch (b43_qos_shm_offsets[i]) {
3325 case B43_QOS_VOICE:
3326 params->p.txop = 0;
3327 params->p.aifs = 2;
3328 params->p.cw_min = 0x0001;
3329 params->p.cw_max = 0x0001;
3330 break;
3331 case B43_QOS_VIDEO:
3332 params->p.txop = 0;
3333 params->p.aifs = 2;
3334 params->p.cw_min = 0x0001;
3335 params->p.cw_max = 0x0001;
3336 break;
3337 case B43_QOS_BESTEFFORT:
3338 params->p.txop = 0;
3339 params->p.aifs = 3;
3340 params->p.cw_min = 0x0001;
3341 params->p.cw_max = 0x03FF;
3342 break;
3343 case B43_QOS_BACKGROUND:
3344 params->p.txop = 0;
3345 params->p.aifs = 7;
3346 params->p.cw_min = 0x0001;
3347 params->p.cw_max = 0x03FF;
3348 break;
3349 default:
3350 B43_WARN_ON(1);
3351 }
3352 }
3353 }
3354
3355 /* Initialize the core's QOS capabilities */
3356 static void b43_qos_init(struct b43_wldev *dev)
3357 {
3358 if (!dev->qos_enabled) {
3359 /* Disable QOS support. */
3360 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3361 b43_write16(dev, B43_MMIO_IFSCTL,
3362 b43_read16(dev, B43_MMIO_IFSCTL)
3363 & ~B43_MMIO_IFSCTL_USE_EDCF);
3364 b43dbg(dev->wl, "QoS disabled\n");
3365 return;
3366 }
3367
3368 /* Upload the current QOS parameters. */
3369 b43_qos_upload_all(dev);
3370
3371 /* Enable QOS support. */
3372 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3373 b43_write16(dev, B43_MMIO_IFSCTL,
3374 b43_read16(dev, B43_MMIO_IFSCTL)
3375 | B43_MMIO_IFSCTL_USE_EDCF);
3376 b43dbg(dev->wl, "QoS enabled\n");
3377 }
3378
3379 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3380 const struct ieee80211_tx_queue_params *params)
3381 {
3382 struct b43_wl *wl = hw_to_b43_wl(hw);
3383 struct b43_wldev *dev;
3384 unsigned int queue = (unsigned int)_queue;
3385 int err = -ENODEV;
3386
3387 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3388 /* Queue not available or don't support setting
3389 * params on this queue. Return success to not
3390 * confuse mac80211. */
3391 return 0;
3392 }
3393 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3394 ARRAY_SIZE(wl->qos_params));
3395
3396 mutex_lock(&wl->mutex);
3397 dev = wl->current_dev;
3398 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3399 goto out_unlock;
3400
3401 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3402 b43_mac_suspend(dev);
3403 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3404 b43_qos_shm_offsets[queue]);
3405 b43_mac_enable(dev);
3406 err = 0;
3407
3408 out_unlock:
3409 mutex_unlock(&wl->mutex);
3410
3411 return err;
3412 }
3413
3414 static int b43_op_get_stats(struct ieee80211_hw *hw,
3415 struct ieee80211_low_level_stats *stats)
3416 {
3417 struct b43_wl *wl = hw_to_b43_wl(hw);
3418
3419 mutex_lock(&wl->mutex);
3420 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3421 mutex_unlock(&wl->mutex);
3422
3423 return 0;
3424 }
3425
3426 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3427 {
3428 struct b43_wl *wl = hw_to_b43_wl(hw);
3429 struct b43_wldev *dev;
3430 u64 tsf;
3431
3432 mutex_lock(&wl->mutex);
3433 dev = wl->current_dev;
3434
3435 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3436 b43_tsf_read(dev, &tsf);
3437 else
3438 tsf = 0;
3439
3440 mutex_unlock(&wl->mutex);
3441
3442 return tsf;
3443 }
3444
3445 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3446 {
3447 struct b43_wl *wl = hw_to_b43_wl(hw);
3448 struct b43_wldev *dev;
3449
3450 mutex_lock(&wl->mutex);
3451 dev = wl->current_dev;
3452
3453 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3454 b43_tsf_write(dev, tsf);
3455
3456 mutex_unlock(&wl->mutex);
3457 }
3458
3459 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3460 {
3461 struct ssb_device *sdev = dev->sdev;
3462 u32 tmslow;
3463
3464 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3465 tmslow &= ~B43_TMSLOW_GMODE;
3466 tmslow |= B43_TMSLOW_PHYRESET;
3467 tmslow |= SSB_TMSLOW_FGC;
3468 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3469 msleep(1);
3470
3471 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3472 tmslow &= ~SSB_TMSLOW_FGC;
3473 tmslow |= B43_TMSLOW_PHYRESET;
3474 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3475 msleep(1);
3476 }
3477
3478 static const char *band_to_string(enum ieee80211_band band)
3479 {
3480 switch (band) {
3481 case IEEE80211_BAND_5GHZ:
3482 return "5";
3483 case IEEE80211_BAND_2GHZ:
3484 return "2.4";
3485 default:
3486 break;
3487 }
3488 B43_WARN_ON(1);
3489 return "";
3490 }
3491
3492 /* Expects wl->mutex locked */
3493 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3494 {
3495 struct b43_wldev *up_dev = NULL;
3496 struct b43_wldev *down_dev;
3497 struct b43_wldev *d;
3498 int err;
3499 bool uninitialized_var(gmode);
3500 int prev_status;
3501
3502 /* Find a device and PHY which supports the band. */
3503 list_for_each_entry(d, &wl->devlist, list) {
3504 switch (chan->band) {
3505 case IEEE80211_BAND_5GHZ:
3506 if (d->phy.supports_5ghz) {
3507 up_dev = d;
3508 gmode = 0;
3509 }
3510 break;
3511 case IEEE80211_BAND_2GHZ:
3512 if (d->phy.supports_2ghz) {
3513 up_dev = d;
3514 gmode = 1;
3515 }
3516 break;
3517 default:
3518 B43_WARN_ON(1);
3519 return -EINVAL;
3520 }
3521 if (up_dev)
3522 break;
3523 }
3524 if (!up_dev) {
3525 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3526 band_to_string(chan->band));
3527 return -ENODEV;
3528 }
3529 if ((up_dev == wl->current_dev) &&
3530 (!!wl->current_dev->phy.gmode == !!gmode)) {
3531 /* This device is already running. */
3532 return 0;
3533 }
3534 b43dbg(wl, "Switching to %s-GHz band\n",
3535 band_to_string(chan->band));
3536 down_dev = wl->current_dev;
3537
3538 prev_status = b43_status(down_dev);
3539 /* Shutdown the currently running core. */
3540 if (prev_status >= B43_STAT_STARTED)
3541 down_dev = b43_wireless_core_stop(down_dev);
3542 if (prev_status >= B43_STAT_INITIALIZED)
3543 b43_wireless_core_exit(down_dev);
3544
3545 if (down_dev != up_dev) {
3546 /* We switch to a different core, so we put PHY into
3547 * RESET on the old core. */
3548 b43_put_phy_into_reset(down_dev);
3549 }
3550
3551 /* Now start the new core. */
3552 up_dev->phy.gmode = gmode;
3553 if (prev_status >= B43_STAT_INITIALIZED) {
3554 err = b43_wireless_core_init(up_dev);
3555 if (err) {
3556 b43err(wl, "Fatal: Could not initialize device for "
3557 "selected %s-GHz band\n",
3558 band_to_string(chan->band));
3559 goto init_failure;
3560 }
3561 }
3562 if (prev_status >= B43_STAT_STARTED) {
3563 err = b43_wireless_core_start(up_dev);
3564 if (err) {
3565 b43err(wl, "Fatal: Coult not start device for "
3566 "selected %s-GHz band\n",
3567 band_to_string(chan->band));
3568 b43_wireless_core_exit(up_dev);
3569 goto init_failure;
3570 }
3571 }
3572 B43_WARN_ON(b43_status(up_dev) != prev_status);
3573
3574 wl->current_dev = up_dev;
3575
3576 return 0;
3577 init_failure:
3578 /* Whoops, failed to init the new core. No core is operating now. */
3579 wl->current_dev = NULL;
3580 return err;
3581 }
3582
3583 /* Write the short and long frame retry limit values. */
3584 static void b43_set_retry_limits(struct b43_wldev *dev,
3585 unsigned int short_retry,
3586 unsigned int long_retry)
3587 {
3588 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3589 * the chip-internal counter. */
3590 short_retry = min(short_retry, (unsigned int)0xF);
3591 long_retry = min(long_retry, (unsigned int)0xF);
3592
3593 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3594 short_retry);
3595 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3596 long_retry);
3597 }
3598
3599 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3600 {
3601 struct b43_wl *wl = hw_to_b43_wl(hw);
3602 struct b43_wldev *dev;
3603 struct b43_phy *phy;
3604 struct ieee80211_conf *conf = &hw->conf;
3605 int antenna;
3606 int err = 0;
3607
3608 mutex_lock(&wl->mutex);
3609
3610 /* Switch the band (if necessary). This might change the active core. */
3611 err = b43_switch_band(wl, conf->channel);
3612 if (err)
3613 goto out_unlock_mutex;
3614 dev = wl->current_dev;
3615 phy = &dev->phy;
3616
3617 if (conf_is_ht(conf))
3618 phy->is_40mhz =
3619 (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3620 else
3621 phy->is_40mhz = false;
3622
3623 b43_mac_suspend(dev);
3624
3625 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3626 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3627 conf->long_frame_max_tx_count);
3628 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3629 if (!changed)
3630 goto out_mac_enable;
3631
3632 /* Switch to the requested channel.
3633 * The firmware takes care of races with the TX handler. */
3634 if (conf->channel->hw_value != phy->channel)
3635 b43_switch_channel(dev, conf->channel->hw_value);
3636
3637 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3638
3639 /* Adjust the desired TX power level. */
3640 if (conf->power_level != 0) {
3641 if (conf->power_level != phy->desired_txpower) {
3642 phy->desired_txpower = conf->power_level;
3643 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3644 B43_TXPWR_IGNORE_TSSI);
3645 }
3646 }
3647
3648 /* Antennas for RX and management frame TX. */
3649 antenna = B43_ANTENNA_DEFAULT;
3650 b43_mgmtframe_txantenna(dev, antenna);
3651 antenna = B43_ANTENNA_DEFAULT;
3652 if (phy->ops->set_rx_antenna)
3653 phy->ops->set_rx_antenna(dev, antenna);
3654
3655 if (wl->radio_enabled != phy->radio_on) {
3656 if (wl->radio_enabled) {
3657 b43_software_rfkill(dev, false);
3658 b43info(dev->wl, "Radio turned on by software\n");
3659 if (!dev->radio_hw_enable) {
3660 b43info(dev->wl, "The hardware RF-kill button "
3661 "still turns the radio physically off. "
3662 "Press the button to turn it on.\n");
3663 }
3664 } else {
3665 b43_software_rfkill(dev, true);
3666 b43info(dev->wl, "Radio turned off by software\n");
3667 }
3668 }
3669
3670 out_mac_enable:
3671 b43_mac_enable(dev);
3672 out_unlock_mutex:
3673 mutex_unlock(&wl->mutex);
3674
3675 return err;
3676 }
3677
3678 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3679 {
3680 struct ieee80211_supported_band *sband =
3681 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3682 struct ieee80211_rate *rate;
3683 int i;
3684 u16 basic, direct, offset, basic_offset, rateptr;
3685
3686 for (i = 0; i < sband->n_bitrates; i++) {
3687 rate = &sband->bitrates[i];
3688
3689 if (b43_is_cck_rate(rate->hw_value)) {
3690 direct = B43_SHM_SH_CCKDIRECT;
3691 basic = B43_SHM_SH_CCKBASIC;
3692 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3693 offset &= 0xF;
3694 } else {
3695 direct = B43_SHM_SH_OFDMDIRECT;
3696 basic = B43_SHM_SH_OFDMBASIC;
3697 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3698 offset &= 0xF;
3699 }
3700
3701 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3702
3703 if (b43_is_cck_rate(rate->hw_value)) {
3704 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3705 basic_offset &= 0xF;
3706 } else {
3707 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3708 basic_offset &= 0xF;
3709 }
3710
3711 /*
3712 * Get the pointer that we need to point to
3713 * from the direct map
3714 */
3715 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3716 direct + 2 * basic_offset);
3717 /* and write it to the basic map */
3718 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3719 rateptr);
3720 }
3721 }
3722
3723 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3724 struct ieee80211_vif *vif,
3725 struct ieee80211_bss_conf *conf,
3726 u32 changed)
3727 {
3728 struct b43_wl *wl = hw_to_b43_wl(hw);
3729 struct b43_wldev *dev;
3730
3731 mutex_lock(&wl->mutex);
3732
3733 dev = wl->current_dev;
3734 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3735 goto out_unlock_mutex;
3736
3737 B43_WARN_ON(wl->vif != vif);
3738
3739 if (changed & BSS_CHANGED_BSSID) {
3740 if (conf->bssid)
3741 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3742 else
3743 memset(wl->bssid, 0, ETH_ALEN);
3744 }
3745
3746 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3747 if (changed & BSS_CHANGED_BEACON &&
3748 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3749 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3750 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3751 b43_update_templates(wl);
3752
3753 if (changed & BSS_CHANGED_BSSID)
3754 b43_write_mac_bssid_templates(dev);
3755 }
3756
3757 b43_mac_suspend(dev);
3758
3759 /* Update templates for AP/mesh mode. */
3760 if (changed & BSS_CHANGED_BEACON_INT &&
3761 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3762 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3763 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3764 b43_set_beacon_int(dev, conf->beacon_int);
3765
3766 if (changed & BSS_CHANGED_BASIC_RATES)
3767 b43_update_basic_rates(dev, conf->basic_rates);
3768
3769 if (changed & BSS_CHANGED_ERP_SLOT) {
3770 if (conf->use_short_slot)
3771 b43_short_slot_timing_enable(dev);
3772 else
3773 b43_short_slot_timing_disable(dev);
3774 }
3775
3776 b43_mac_enable(dev);
3777 out_unlock_mutex:
3778 mutex_unlock(&wl->mutex);
3779 }
3780
3781 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3782 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3783 struct ieee80211_key_conf *key)
3784 {
3785 struct b43_wl *wl = hw_to_b43_wl(hw);
3786 struct b43_wldev *dev;
3787 u8 algorithm;
3788 u8 index;
3789 int err;
3790 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3791
3792 if (modparam_nohwcrypt)
3793 return -ENOSPC; /* User disabled HW-crypto */
3794
3795 mutex_lock(&wl->mutex);
3796
3797 dev = wl->current_dev;
3798 err = -ENODEV;
3799 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3800 goto out_unlock;
3801
3802 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3803 /* We don't have firmware for the crypto engine.
3804 * Must use software-crypto. */
3805 err = -EOPNOTSUPP;
3806 goto out_unlock;
3807 }
3808
3809 err = -EINVAL;
3810 switch (key->cipher) {
3811 case WLAN_CIPHER_SUITE_WEP40:
3812 algorithm = B43_SEC_ALGO_WEP40;
3813 break;
3814 case WLAN_CIPHER_SUITE_WEP104:
3815 algorithm = B43_SEC_ALGO_WEP104;
3816 break;
3817 case WLAN_CIPHER_SUITE_TKIP:
3818 algorithm = B43_SEC_ALGO_TKIP;
3819 break;
3820 case WLAN_CIPHER_SUITE_CCMP:
3821 algorithm = B43_SEC_ALGO_AES;
3822 break;
3823 default:
3824 B43_WARN_ON(1);
3825 goto out_unlock;
3826 }
3827 index = (u8) (key->keyidx);
3828 if (index > 3)
3829 goto out_unlock;
3830
3831 switch (cmd) {
3832 case SET_KEY:
3833 if (algorithm == B43_SEC_ALGO_TKIP &&
3834 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
3835 !modparam_hwtkip)) {
3836 /* We support only pairwise key */
3837 err = -EOPNOTSUPP;
3838 goto out_unlock;
3839 }
3840
3841 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3842 if (WARN_ON(!sta)) {
3843 err = -EOPNOTSUPP;
3844 goto out_unlock;
3845 }
3846 /* Pairwise key with an assigned MAC address. */
3847 err = b43_key_write(dev, -1, algorithm,
3848 key->key, key->keylen,
3849 sta->addr, key);
3850 } else {
3851 /* Group key */
3852 err = b43_key_write(dev, index, algorithm,
3853 key->key, key->keylen, NULL, key);
3854 }
3855 if (err)
3856 goto out_unlock;
3857
3858 if (algorithm == B43_SEC_ALGO_WEP40 ||
3859 algorithm == B43_SEC_ALGO_WEP104) {
3860 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3861 } else {
3862 b43_hf_write(dev,
3863 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3864 }
3865 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3866 if (algorithm == B43_SEC_ALGO_TKIP)
3867 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3868 break;
3869 case DISABLE_KEY: {
3870 err = b43_key_clear(dev, key->hw_key_idx);
3871 if (err)
3872 goto out_unlock;
3873 break;
3874 }
3875 default:
3876 B43_WARN_ON(1);
3877 }
3878
3879 out_unlock:
3880 if (!err) {
3881 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3882 "mac: %pM\n",
3883 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3884 sta ? sta->addr : bcast_addr);
3885 b43_dump_keymemory(dev);
3886 }
3887 mutex_unlock(&wl->mutex);
3888
3889 return err;
3890 }
3891
3892 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3893 unsigned int changed, unsigned int *fflags,
3894 u64 multicast)
3895 {
3896 struct b43_wl *wl = hw_to_b43_wl(hw);
3897 struct b43_wldev *dev;
3898
3899 mutex_lock(&wl->mutex);
3900 dev = wl->current_dev;
3901 if (!dev) {
3902 *fflags = 0;
3903 goto out_unlock;
3904 }
3905
3906 *fflags &= FIF_PROMISC_IN_BSS |
3907 FIF_ALLMULTI |
3908 FIF_FCSFAIL |
3909 FIF_PLCPFAIL |
3910 FIF_CONTROL |
3911 FIF_OTHER_BSS |
3912 FIF_BCN_PRBRESP_PROMISC;
3913
3914 changed &= FIF_PROMISC_IN_BSS |
3915 FIF_ALLMULTI |
3916 FIF_FCSFAIL |
3917 FIF_PLCPFAIL |
3918 FIF_CONTROL |
3919 FIF_OTHER_BSS |
3920 FIF_BCN_PRBRESP_PROMISC;
3921
3922 wl->filter_flags = *fflags;
3923
3924 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3925 b43_adjust_opmode(dev);
3926
3927 out_unlock:
3928 mutex_unlock(&wl->mutex);
3929 }
3930
3931 /* Locking: wl->mutex
3932 * Returns the current dev. This might be different from the passed in dev,
3933 * because the core might be gone away while we unlocked the mutex. */
3934 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
3935 {
3936 struct b43_wl *wl = dev->wl;
3937 struct b43_wldev *orig_dev;
3938 u32 mask;
3939
3940 redo:
3941 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3942 return dev;
3943
3944 /* Cancel work. Unlock to avoid deadlocks. */
3945 mutex_unlock(&wl->mutex);
3946 cancel_delayed_work_sync(&dev->periodic_work);
3947 cancel_work_sync(&wl->tx_work);
3948 mutex_lock(&wl->mutex);
3949 dev = wl->current_dev;
3950 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
3951 /* Whoops, aliens ate up the device while we were unlocked. */
3952 return dev;
3953 }
3954
3955 /* Disable interrupts on the device. */
3956 b43_set_status(dev, B43_STAT_INITIALIZED);
3957 if (dev->sdev->bus->bustype == SSB_BUSTYPE_SDIO) {
3958 /* wl->mutex is locked. That is enough. */
3959 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3960 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3961 } else {
3962 spin_lock_irq(&wl->hardirq_lock);
3963 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3964 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3965 spin_unlock_irq(&wl->hardirq_lock);
3966 }
3967 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
3968 orig_dev = dev;
3969 mutex_unlock(&wl->mutex);
3970 if (dev->sdev->bus->bustype == SSB_BUSTYPE_SDIO) {
3971 b43_sdio_free_irq(dev);
3972 } else {
3973 synchronize_irq(dev->sdev->irq);
3974 free_irq(dev->sdev->irq, dev);
3975 }
3976 mutex_lock(&wl->mutex);
3977 dev = wl->current_dev;
3978 if (!dev)
3979 return dev;
3980 if (dev != orig_dev) {
3981 if (b43_status(dev) >= B43_STAT_STARTED)
3982 goto redo;
3983 return dev;
3984 }
3985 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
3986 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
3987
3988 /* Drain the TX queue */
3989 while (skb_queue_len(&wl->tx_queue))
3990 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
3991
3992 b43_mac_suspend(dev);
3993 b43_leds_exit(dev);
3994 b43dbg(wl, "Wireless interface stopped\n");
3995
3996 return dev;
3997 }
3998
3999 /* Locking: wl->mutex */
4000 static int b43_wireless_core_start(struct b43_wldev *dev)
4001 {
4002 int err;
4003
4004 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4005
4006 drain_txstatus_queue(dev);
4007 if (dev->sdev->bus->bustype == SSB_BUSTYPE_SDIO) {
4008 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4009 if (err) {
4010 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4011 goto out;
4012 }
4013 } else {
4014 err = request_threaded_irq(dev->sdev->irq, b43_interrupt_handler,
4015 b43_interrupt_thread_handler,
4016 IRQF_SHARED, KBUILD_MODNAME, dev);
4017 if (err) {
4018 b43err(dev->wl, "Cannot request IRQ-%d\n",
4019 dev->sdev->irq);
4020 goto out;
4021 }
4022 }
4023
4024 /* We are ready to run. */
4025 ieee80211_wake_queues(dev->wl->hw);
4026 b43_set_status(dev, B43_STAT_STARTED);
4027
4028 /* Start data flow (TX/RX). */
4029 b43_mac_enable(dev);
4030 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4031
4032 /* Start maintenance work */
4033 b43_periodic_tasks_setup(dev);
4034
4035 b43_leds_init(dev);
4036
4037 b43dbg(dev->wl, "Wireless interface started\n");
4038 out:
4039 return err;
4040 }
4041
4042 /* Get PHY and RADIO versioning numbers */
4043 static int b43_phy_versioning(struct b43_wldev *dev)
4044 {
4045 struct b43_phy *phy = &dev->phy;
4046 u32 tmp;
4047 u8 analog_type;
4048 u8 phy_type;
4049 u8 phy_rev;
4050 u16 radio_manuf;
4051 u16 radio_ver;
4052 u16 radio_rev;
4053 int unsupported = 0;
4054
4055 /* Get PHY versioning */
4056 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4057 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4058 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4059 phy_rev = (tmp & B43_PHYVER_VERSION);
4060 switch (phy_type) {
4061 case B43_PHYTYPE_A:
4062 if (phy_rev >= 4)
4063 unsupported = 1;
4064 break;
4065 case B43_PHYTYPE_B:
4066 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4067 && phy_rev != 7)
4068 unsupported = 1;
4069 break;
4070 case B43_PHYTYPE_G:
4071 if (phy_rev > 9)
4072 unsupported = 1;
4073 break;
4074 #ifdef CONFIG_B43_PHY_N
4075 case B43_PHYTYPE_N:
4076 if (phy_rev > 9)
4077 unsupported = 1;
4078 break;
4079 #endif
4080 #ifdef CONFIG_B43_PHY_LP
4081 case B43_PHYTYPE_LP:
4082 if (phy_rev > 2)
4083 unsupported = 1;
4084 break;
4085 #endif
4086 default:
4087 unsupported = 1;
4088 };
4089 if (unsupported) {
4090 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4091 "(Analog %u, Type %u, Revision %u)\n",
4092 analog_type, phy_type, phy_rev);
4093 return -EOPNOTSUPP;
4094 }
4095 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4096 analog_type, phy_type, phy_rev);
4097
4098 /* Get RADIO versioning */
4099 if (dev->sdev->bus->chip_id == 0x4317) {
4100 if (dev->sdev->bus->chip_rev == 0)
4101 tmp = 0x3205017F;
4102 else if (dev->sdev->bus->chip_rev == 1)
4103 tmp = 0x4205017F;
4104 else
4105 tmp = 0x5205017F;
4106 } else {
4107 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4108 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4109 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4110 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4111 }
4112 radio_manuf = (tmp & 0x00000FFF);
4113 radio_ver = (tmp & 0x0FFFF000) >> 12;
4114 radio_rev = (tmp & 0xF0000000) >> 28;
4115 if (radio_manuf != 0x17F /* Broadcom */)
4116 unsupported = 1;
4117 switch (phy_type) {
4118 case B43_PHYTYPE_A:
4119 if (radio_ver != 0x2060)
4120 unsupported = 1;
4121 if (radio_rev != 1)
4122 unsupported = 1;
4123 if (radio_manuf != 0x17F)
4124 unsupported = 1;
4125 break;
4126 case B43_PHYTYPE_B:
4127 if ((radio_ver & 0xFFF0) != 0x2050)
4128 unsupported = 1;
4129 break;
4130 case B43_PHYTYPE_G:
4131 if (radio_ver != 0x2050)
4132 unsupported = 1;
4133 break;
4134 case B43_PHYTYPE_N:
4135 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4136 unsupported = 1;
4137 break;
4138 case B43_PHYTYPE_LP:
4139 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4140 unsupported = 1;
4141 break;
4142 default:
4143 B43_WARN_ON(1);
4144 }
4145 if (unsupported) {
4146 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4147 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4148 radio_manuf, radio_ver, radio_rev);
4149 return -EOPNOTSUPP;
4150 }
4151 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4152 radio_manuf, radio_ver, radio_rev);
4153
4154 phy->radio_manuf = radio_manuf;
4155 phy->radio_ver = radio_ver;
4156 phy->radio_rev = radio_rev;
4157
4158 phy->analog = analog_type;
4159 phy->type = phy_type;
4160 phy->rev = phy_rev;
4161
4162 return 0;
4163 }
4164
4165 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4166 struct b43_phy *phy)
4167 {
4168 phy->hardware_power_control = !!modparam_hwpctl;
4169 phy->next_txpwr_check_time = jiffies;
4170 /* PHY TX errors counter. */
4171 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4172
4173 #if B43_DEBUG
4174 phy->phy_locked = 0;
4175 phy->radio_locked = 0;
4176 #endif
4177 }
4178
4179 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4180 {
4181 dev->dfq_valid = 0;
4182
4183 /* Assume the radio is enabled. If it's not enabled, the state will
4184 * immediately get fixed on the first periodic work run. */
4185 dev->radio_hw_enable = 1;
4186
4187 /* Stats */
4188 memset(&dev->stats, 0, sizeof(dev->stats));
4189
4190 setup_struct_phy_for_init(dev, &dev->phy);
4191
4192 /* IRQ related flags */
4193 dev->irq_reason = 0;
4194 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4195 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4196 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4197 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4198
4199 dev->mac_suspended = 1;
4200
4201 /* Noise calculation context */
4202 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4203 }
4204
4205 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4206 {
4207 struct ssb_sprom *sprom = &dev->sdev->bus->sprom;
4208 u64 hf;
4209
4210 if (!modparam_btcoex)
4211 return;
4212 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4213 return;
4214 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4215 return;
4216
4217 hf = b43_hf_read(dev);
4218 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4219 hf |= B43_HF_BTCOEXALT;
4220 else
4221 hf |= B43_HF_BTCOEX;
4222 b43_hf_write(dev, hf);
4223 }
4224
4225 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4226 {
4227 if (!modparam_btcoex)
4228 return;
4229 //TODO
4230 }
4231
4232 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4233 {
4234 struct ssb_bus *bus = dev->sdev->bus;
4235 u32 tmp;
4236
4237 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4238 (bus->chip_id == 0x4312)) {
4239 tmp = ssb_read32(dev->sdev, SSB_IMCFGLO);
4240 tmp &= ~SSB_IMCFGLO_REQTO;
4241 tmp &= ~SSB_IMCFGLO_SERTO;
4242 tmp |= 0x3;
4243 ssb_write32(dev->sdev, SSB_IMCFGLO, tmp);
4244 ssb_commit_settings(bus);
4245 }
4246 }
4247
4248 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4249 {
4250 u16 pu_delay;
4251
4252 /* The time value is in microseconds. */
4253 if (dev->phy.type == B43_PHYTYPE_A)
4254 pu_delay = 3700;
4255 else
4256 pu_delay = 1050;
4257 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4258 pu_delay = 500;
4259 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4260 pu_delay = max(pu_delay, (u16)2400);
4261
4262 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4263 }
4264
4265 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4266 static void b43_set_pretbtt(struct b43_wldev *dev)
4267 {
4268 u16 pretbtt;
4269
4270 /* The time value is in microseconds. */
4271 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4272 pretbtt = 2;
4273 } else {
4274 if (dev->phy.type == B43_PHYTYPE_A)
4275 pretbtt = 120;
4276 else
4277 pretbtt = 250;
4278 }
4279 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4280 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4281 }
4282
4283 /* Shutdown a wireless core */
4284 /* Locking: wl->mutex */
4285 static void b43_wireless_core_exit(struct b43_wldev *dev)
4286 {
4287 u32 macctl;
4288
4289 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4290 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4291 return;
4292
4293 /* Unregister HW RNG driver */
4294 b43_rng_exit(dev->wl);
4295
4296 b43_set_status(dev, B43_STAT_UNINIT);
4297
4298 /* Stop the microcode PSM. */
4299 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4300 macctl &= ~B43_MACCTL_PSM_RUN;
4301 macctl |= B43_MACCTL_PSM_JMP0;
4302 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4303
4304 b43_dma_free(dev);
4305 b43_pio_free(dev);
4306 b43_chip_exit(dev);
4307 dev->phy.ops->switch_analog(dev, 0);
4308 if (dev->wl->current_beacon) {
4309 dev_kfree_skb_any(dev->wl->current_beacon);
4310 dev->wl->current_beacon = NULL;
4311 }
4312
4313 ssb_device_disable(dev->sdev, 0);
4314 ssb_bus_may_powerdown(dev->sdev->bus);
4315 }
4316
4317 /* Initialize a wireless core */
4318 static int b43_wireless_core_init(struct b43_wldev *dev)
4319 {
4320 struct ssb_bus *bus = dev->sdev->bus;
4321 struct ssb_sprom *sprom = &bus->sprom;
4322 struct b43_phy *phy = &dev->phy;
4323 int err;
4324 u64 hf;
4325 u32 tmp;
4326
4327 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4328
4329 err = ssb_bus_powerup(bus, 0);
4330 if (err)
4331 goto out;
4332 if (!ssb_device_is_enabled(dev->sdev)) {
4333 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4334 b43_wireless_core_reset(dev, tmp);
4335 }
4336
4337 /* Reset all data structures. */
4338 setup_struct_wldev_for_init(dev);
4339 phy->ops->prepare_structs(dev);
4340
4341 /* Enable IRQ routing to this device. */
4342 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->sdev);
4343
4344 b43_imcfglo_timeouts_workaround(dev);
4345 b43_bluetooth_coext_disable(dev);
4346 if (phy->ops->prepare_hardware) {
4347 err = phy->ops->prepare_hardware(dev);
4348 if (err)
4349 goto err_busdown;
4350 }
4351 err = b43_chip_init(dev);
4352 if (err)
4353 goto err_busdown;
4354 b43_shm_write16(dev, B43_SHM_SHARED,
4355 B43_SHM_SH_WLCOREREV, dev->sdev->id.revision);
4356 hf = b43_hf_read(dev);
4357 if (phy->type == B43_PHYTYPE_G) {
4358 hf |= B43_HF_SYMW;
4359 if (phy->rev == 1)
4360 hf |= B43_HF_GDCW;
4361 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4362 hf |= B43_HF_OFDMPABOOST;
4363 }
4364 if (phy->radio_ver == 0x2050) {
4365 if (phy->radio_rev == 6)
4366 hf |= B43_HF_4318TSSI;
4367 if (phy->radio_rev < 6)
4368 hf |= B43_HF_VCORECALC;
4369 }
4370 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4371 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4372 #ifdef CONFIG_SSB_DRIVER_PCICORE
4373 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4374 (bus->pcicore.dev->id.revision <= 10))
4375 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4376 #endif
4377 hf &= ~B43_HF_SKCFPUP;
4378 b43_hf_write(dev, hf);
4379
4380 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4381 B43_DEFAULT_LONG_RETRY_LIMIT);
4382 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4383 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4384
4385 /* Disable sending probe responses from firmware.
4386 * Setting the MaxTime to one usec will always trigger
4387 * a timeout, so we never send any probe resp.
4388 * A timeout of zero is infinite. */
4389 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4390
4391 b43_rate_memory_init(dev);
4392 b43_set_phytxctl_defaults(dev);
4393
4394 /* Minimum Contention Window */
4395 if (phy->type == B43_PHYTYPE_B)
4396 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4397 else
4398 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4399 /* Maximum Contention Window */
4400 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4401
4402 if ((dev->sdev->bus->bustype == SSB_BUSTYPE_PCMCIA) ||
4403 (dev->sdev->bus->bustype == SSB_BUSTYPE_SDIO) ||
4404 dev->use_pio) {
4405 dev->__using_pio_transfers = 1;
4406 err = b43_pio_init(dev);
4407 } else {
4408 dev->__using_pio_transfers = 0;
4409 err = b43_dma_init(dev);
4410 }
4411 if (err)
4412 goto err_chip_exit;
4413 b43_qos_init(dev);
4414 b43_set_synth_pu_delay(dev, 1);
4415 b43_bluetooth_coext_enable(dev);
4416
4417 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4418 b43_upload_card_macaddress(dev);
4419 b43_security_init(dev);
4420
4421 ieee80211_wake_queues(dev->wl->hw);
4422
4423 b43_set_status(dev, B43_STAT_INITIALIZED);
4424
4425 /* Register HW RNG driver */
4426 b43_rng_init(dev->wl);
4427
4428 out:
4429 return err;
4430
4431 err_chip_exit:
4432 b43_chip_exit(dev);
4433 err_busdown:
4434 ssb_bus_may_powerdown(bus);
4435 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4436 return err;
4437 }
4438
4439 static int b43_op_add_interface(struct ieee80211_hw *hw,
4440 struct ieee80211_vif *vif)
4441 {
4442 struct b43_wl *wl = hw_to_b43_wl(hw);
4443 struct b43_wldev *dev;
4444 int err = -EOPNOTSUPP;
4445
4446 /* TODO: allow WDS/AP devices to coexist */
4447
4448 if (vif->type != NL80211_IFTYPE_AP &&
4449 vif->type != NL80211_IFTYPE_MESH_POINT &&
4450 vif->type != NL80211_IFTYPE_STATION &&
4451 vif->type != NL80211_IFTYPE_WDS &&
4452 vif->type != NL80211_IFTYPE_ADHOC)
4453 return -EOPNOTSUPP;
4454
4455 mutex_lock(&wl->mutex);
4456 if (wl->operating)
4457 goto out_mutex_unlock;
4458
4459 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4460
4461 dev = wl->current_dev;
4462 wl->operating = 1;
4463 wl->vif = vif;
4464 wl->if_type = vif->type;
4465 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4466
4467 b43_adjust_opmode(dev);
4468 b43_set_pretbtt(dev);
4469 b43_set_synth_pu_delay(dev, 0);
4470 b43_upload_card_macaddress(dev);
4471
4472 err = 0;
4473 out_mutex_unlock:
4474 mutex_unlock(&wl->mutex);
4475
4476 return err;
4477 }
4478
4479 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4480 struct ieee80211_vif *vif)
4481 {
4482 struct b43_wl *wl = hw_to_b43_wl(hw);
4483 struct b43_wldev *dev = wl->current_dev;
4484
4485 b43dbg(wl, "Removing Interface type %d\n", vif->type);
4486
4487 mutex_lock(&wl->mutex);
4488
4489 B43_WARN_ON(!wl->operating);
4490 B43_WARN_ON(wl->vif != vif);
4491 wl->vif = NULL;
4492
4493 wl->operating = 0;
4494
4495 b43_adjust_opmode(dev);
4496 memset(wl->mac_addr, 0, ETH_ALEN);
4497 b43_upload_card_macaddress(dev);
4498
4499 mutex_unlock(&wl->mutex);
4500 }
4501
4502 static int b43_op_start(struct ieee80211_hw *hw)
4503 {
4504 struct b43_wl *wl = hw_to_b43_wl(hw);
4505 struct b43_wldev *dev = wl->current_dev;
4506 int did_init = 0;
4507 int err = 0;
4508
4509 /* Kill all old instance specific information to make sure
4510 * the card won't use it in the short timeframe between start
4511 * and mac80211 reconfiguring it. */
4512 memset(wl->bssid, 0, ETH_ALEN);
4513 memset(wl->mac_addr, 0, ETH_ALEN);
4514 wl->filter_flags = 0;
4515 wl->radiotap_enabled = 0;
4516 b43_qos_clear(wl);
4517 wl->beacon0_uploaded = 0;
4518 wl->beacon1_uploaded = 0;
4519 wl->beacon_templates_virgin = 1;
4520 wl->radio_enabled = 1;
4521
4522 mutex_lock(&wl->mutex);
4523
4524 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4525 err = b43_wireless_core_init(dev);
4526 if (err)
4527 goto out_mutex_unlock;
4528 did_init = 1;
4529 }
4530
4531 if (b43_status(dev) < B43_STAT_STARTED) {
4532 err = b43_wireless_core_start(dev);
4533 if (err) {
4534 if (did_init)
4535 b43_wireless_core_exit(dev);
4536 goto out_mutex_unlock;
4537 }
4538 }
4539
4540 /* XXX: only do if device doesn't support rfkill irq */
4541 wiphy_rfkill_start_polling(hw->wiphy);
4542
4543 out_mutex_unlock:
4544 mutex_unlock(&wl->mutex);
4545
4546 return err;
4547 }
4548
4549 static void b43_op_stop(struct ieee80211_hw *hw)
4550 {
4551 struct b43_wl *wl = hw_to_b43_wl(hw);
4552 struct b43_wldev *dev = wl->current_dev;
4553
4554 cancel_work_sync(&(wl->beacon_update_trigger));
4555
4556 mutex_lock(&wl->mutex);
4557 if (b43_status(dev) >= B43_STAT_STARTED) {
4558 dev = b43_wireless_core_stop(dev);
4559 if (!dev)
4560 goto out_unlock;
4561 }
4562 b43_wireless_core_exit(dev);
4563 wl->radio_enabled = 0;
4564
4565 out_unlock:
4566 mutex_unlock(&wl->mutex);
4567
4568 cancel_work_sync(&(wl->txpower_adjust_work));
4569 }
4570
4571 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4572 struct ieee80211_sta *sta, bool set)
4573 {
4574 struct b43_wl *wl = hw_to_b43_wl(hw);
4575
4576 /* FIXME: add locking */
4577 b43_update_templates(wl);
4578
4579 return 0;
4580 }
4581
4582 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4583 struct ieee80211_vif *vif,
4584 enum sta_notify_cmd notify_cmd,
4585 struct ieee80211_sta *sta)
4586 {
4587 struct b43_wl *wl = hw_to_b43_wl(hw);
4588
4589 B43_WARN_ON(!vif || wl->vif != vif);
4590 }
4591
4592 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4593 {
4594 struct b43_wl *wl = hw_to_b43_wl(hw);
4595 struct b43_wldev *dev;
4596
4597 mutex_lock(&wl->mutex);
4598 dev = wl->current_dev;
4599 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4600 /* Disable CFP update during scan on other channels. */
4601 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4602 }
4603 mutex_unlock(&wl->mutex);
4604 }
4605
4606 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4607 {
4608 struct b43_wl *wl = hw_to_b43_wl(hw);
4609 struct b43_wldev *dev;
4610
4611 mutex_lock(&wl->mutex);
4612 dev = wl->current_dev;
4613 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4614 /* Re-enable CFP update. */
4615 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4616 }
4617 mutex_unlock(&wl->mutex);
4618 }
4619
4620 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4621 struct survey_info *survey)
4622 {
4623 struct b43_wl *wl = hw_to_b43_wl(hw);
4624 struct b43_wldev *dev = wl->current_dev;
4625 struct ieee80211_conf *conf = &hw->conf;
4626
4627 if (idx != 0)
4628 return -ENOENT;
4629
4630 survey->channel = conf->channel;
4631 survey->filled = SURVEY_INFO_NOISE_DBM;
4632 survey->noise = dev->stats.link_noise;
4633
4634 return 0;
4635 }
4636
4637 static const struct ieee80211_ops b43_hw_ops = {
4638 .tx = b43_op_tx,
4639 .conf_tx = b43_op_conf_tx,
4640 .add_interface = b43_op_add_interface,
4641 .remove_interface = b43_op_remove_interface,
4642 .config = b43_op_config,
4643 .bss_info_changed = b43_op_bss_info_changed,
4644 .configure_filter = b43_op_configure_filter,
4645 .set_key = b43_op_set_key,
4646 .update_tkip_key = b43_op_update_tkip_key,
4647 .get_stats = b43_op_get_stats,
4648 .get_tsf = b43_op_get_tsf,
4649 .set_tsf = b43_op_set_tsf,
4650 .start = b43_op_start,
4651 .stop = b43_op_stop,
4652 .set_tim = b43_op_beacon_set_tim,
4653 .sta_notify = b43_op_sta_notify,
4654 .sw_scan_start = b43_op_sw_scan_start_notifier,
4655 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4656 .get_survey = b43_op_get_survey,
4657 .rfkill_poll = b43_rfkill_poll,
4658 };
4659
4660 /* Hard-reset the chip. Do not call this directly.
4661 * Use b43_controller_restart()
4662 */
4663 static void b43_chip_reset(struct work_struct *work)
4664 {
4665 struct b43_wldev *dev =
4666 container_of(work, struct b43_wldev, restart_work);
4667 struct b43_wl *wl = dev->wl;
4668 int err = 0;
4669 int prev_status;
4670
4671 mutex_lock(&wl->mutex);
4672
4673 prev_status = b43_status(dev);
4674 /* Bring the device down... */
4675 if (prev_status >= B43_STAT_STARTED) {
4676 dev = b43_wireless_core_stop(dev);
4677 if (!dev) {
4678 err = -ENODEV;
4679 goto out;
4680 }
4681 }
4682 if (prev_status >= B43_STAT_INITIALIZED)
4683 b43_wireless_core_exit(dev);
4684
4685 /* ...and up again. */
4686 if (prev_status >= B43_STAT_INITIALIZED) {
4687 err = b43_wireless_core_init(dev);
4688 if (err)
4689 goto out;
4690 }
4691 if (prev_status >= B43_STAT_STARTED) {
4692 err = b43_wireless_core_start(dev);
4693 if (err) {
4694 b43_wireless_core_exit(dev);
4695 goto out;
4696 }
4697 }
4698 out:
4699 if (err)
4700 wl->current_dev = NULL; /* Failed to init the dev. */
4701 mutex_unlock(&wl->mutex);
4702 if (err)
4703 b43err(wl, "Controller restart FAILED\n");
4704 else
4705 b43info(wl, "Controller restarted\n");
4706 }
4707
4708 static int b43_setup_bands(struct b43_wldev *dev,
4709 bool have_2ghz_phy, bool have_5ghz_phy)
4710 {
4711 struct ieee80211_hw *hw = dev->wl->hw;
4712
4713 if (have_2ghz_phy)
4714 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4715 if (dev->phy.type == B43_PHYTYPE_N) {
4716 if (have_5ghz_phy)
4717 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4718 } else {
4719 if (have_5ghz_phy)
4720 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4721 }
4722
4723 dev->phy.supports_2ghz = have_2ghz_phy;
4724 dev->phy.supports_5ghz = have_5ghz_phy;
4725
4726 return 0;
4727 }
4728
4729 static void b43_wireless_core_detach(struct b43_wldev *dev)
4730 {
4731 /* We release firmware that late to not be required to re-request
4732 * is all the time when we reinit the core. */
4733 b43_release_firmware(dev);
4734 b43_phy_free(dev);
4735 }
4736
4737 static int b43_wireless_core_attach(struct b43_wldev *dev)
4738 {
4739 struct b43_wl *wl = dev->wl;
4740 struct ssb_bus *bus = dev->sdev->bus;
4741 struct pci_dev *pdev = (bus->bustype == SSB_BUSTYPE_PCI) ? bus->host_pci : NULL;
4742 int err;
4743 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4744 u32 tmp;
4745
4746 /* Do NOT do any device initialization here.
4747 * Do it in wireless_core_init() instead.
4748 * This function is for gathering basic information about the HW, only.
4749 * Also some structs may be set up here. But most likely you want to have
4750 * that in core_init(), too.
4751 */
4752
4753 err = ssb_bus_powerup(bus, 0);
4754 if (err) {
4755 b43err(wl, "Bus powerup failed\n");
4756 goto out;
4757 }
4758 /* Get the PHY type. */
4759 if (dev->sdev->id.revision >= 5) {
4760 u32 tmshigh;
4761
4762 tmshigh = ssb_read32(dev->sdev, SSB_TMSHIGH);
4763 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4764 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4765 } else
4766 B43_WARN_ON(1);
4767
4768 dev->phy.gmode = have_2ghz_phy;
4769 dev->phy.radio_on = 1;
4770 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4771 b43_wireless_core_reset(dev, tmp);
4772
4773 err = b43_phy_versioning(dev);
4774 if (err)
4775 goto err_powerdown;
4776 /* Check if this device supports multiband. */
4777 if (!pdev ||
4778 (pdev->device != 0x4312 &&
4779 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4780 /* No multiband support. */
4781 have_2ghz_phy = 0;
4782 have_5ghz_phy = 0;
4783 switch (dev->phy.type) {
4784 case B43_PHYTYPE_A:
4785 have_5ghz_phy = 1;
4786 break;
4787 case B43_PHYTYPE_LP: //FIXME not always!
4788 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
4789 have_5ghz_phy = 1;
4790 #endif
4791 case B43_PHYTYPE_G:
4792 case B43_PHYTYPE_N:
4793 have_2ghz_phy = 1;
4794 break;
4795 default:
4796 B43_WARN_ON(1);
4797 }
4798 }
4799 if (dev->phy.type == B43_PHYTYPE_A) {
4800 /* FIXME */
4801 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4802 err = -EOPNOTSUPP;
4803 goto err_powerdown;
4804 }
4805 if (1 /* disable A-PHY */) {
4806 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4807 if (dev->phy.type != B43_PHYTYPE_N &&
4808 dev->phy.type != B43_PHYTYPE_LP) {
4809 have_2ghz_phy = 1;
4810 have_5ghz_phy = 0;
4811 }
4812 }
4813
4814 err = b43_phy_allocate(dev);
4815 if (err)
4816 goto err_powerdown;
4817
4818 dev->phy.gmode = have_2ghz_phy;
4819 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4820 b43_wireless_core_reset(dev, tmp);
4821
4822 err = b43_validate_chipaccess(dev);
4823 if (err)
4824 goto err_phy_free;
4825 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4826 if (err)
4827 goto err_phy_free;
4828
4829 /* Now set some default "current_dev" */
4830 if (!wl->current_dev)
4831 wl->current_dev = dev;
4832 INIT_WORK(&dev->restart_work, b43_chip_reset);
4833
4834 dev->phy.ops->switch_analog(dev, 0);
4835 ssb_device_disable(dev->sdev, 0);
4836 ssb_bus_may_powerdown(bus);
4837
4838 out:
4839 return err;
4840
4841 err_phy_free:
4842 b43_phy_free(dev);
4843 err_powerdown:
4844 ssb_bus_may_powerdown(bus);
4845 return err;
4846 }
4847
4848 static void b43_one_core_detach(struct ssb_device *dev)
4849 {
4850 struct b43_wldev *wldev;
4851 struct b43_wl *wl;
4852
4853 /* Do not cancel ieee80211-workqueue based work here.
4854 * See comment in b43_remove(). */
4855
4856 wldev = ssb_get_drvdata(dev);
4857 wl = wldev->wl;
4858 b43_debugfs_remove_device(wldev);
4859 b43_wireless_core_detach(wldev);
4860 list_del(&wldev->list);
4861 wl->nr_devs--;
4862 ssb_set_drvdata(dev, NULL);
4863 kfree(wldev);
4864 }
4865
4866 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4867 {
4868 struct b43_wldev *wldev;
4869 int err = -ENOMEM;
4870
4871 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4872 if (!wldev)
4873 goto out;
4874
4875 wldev->use_pio = b43_modparam_pio;
4876 wldev->sdev = dev;
4877 wldev->wl = wl;
4878 b43_set_status(wldev, B43_STAT_UNINIT);
4879 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4880 INIT_LIST_HEAD(&wldev->list);
4881
4882 err = b43_wireless_core_attach(wldev);
4883 if (err)
4884 goto err_kfree_wldev;
4885
4886 list_add(&wldev->list, &wl->devlist);
4887 wl->nr_devs++;
4888 ssb_set_drvdata(dev, wldev);
4889 b43_debugfs_add_device(wldev);
4890
4891 out:
4892 return err;
4893
4894 err_kfree_wldev:
4895 kfree(wldev);
4896 return err;
4897 }
4898
4899 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4900 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4901 (pdev->device == _device) && \
4902 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4903 (pdev->subsystem_device == _subdevice) )
4904
4905 static void b43_sprom_fixup(struct ssb_bus *bus)
4906 {
4907 struct pci_dev *pdev;
4908
4909 /* boardflags workarounds */
4910 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4911 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4912 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4913 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4914 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4915 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4916 if (bus->bustype == SSB_BUSTYPE_PCI) {
4917 pdev = bus->host_pci;
4918 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4919 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4920 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4921 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4922 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4923 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4924 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4925 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4926 }
4927 }
4928
4929 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4930 {
4931 struct ieee80211_hw *hw = wl->hw;
4932
4933 ssb_set_devtypedata(dev, NULL);
4934 ieee80211_free_hw(hw);
4935 }
4936
4937 static struct b43_wl *b43_wireless_init(struct ssb_device *dev)
4938 {
4939 struct ssb_sprom *sprom = &dev->bus->sprom;
4940 struct ieee80211_hw *hw;
4941 struct b43_wl *wl;
4942
4943 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4944 if (!hw) {
4945 b43err(NULL, "Could not allocate ieee80211 device\n");
4946 return ERR_PTR(-ENOMEM);
4947 }
4948 wl = hw_to_b43_wl(hw);
4949
4950 /* fill hw info */
4951 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4952 IEEE80211_HW_SIGNAL_DBM;
4953
4954 hw->wiphy->interface_modes =
4955 BIT(NL80211_IFTYPE_AP) |
4956 BIT(NL80211_IFTYPE_MESH_POINT) |
4957 BIT(NL80211_IFTYPE_STATION) |
4958 BIT(NL80211_IFTYPE_WDS) |
4959 BIT(NL80211_IFTYPE_ADHOC);
4960
4961 hw->queues = modparam_qos ? 4 : 1;
4962 wl->mac80211_initially_registered_queues = hw->queues;
4963 hw->max_rates = 2;
4964 SET_IEEE80211_DEV(hw, dev->dev);
4965 if (is_valid_ether_addr(sprom->et1mac))
4966 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4967 else
4968 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4969
4970 /* Initialize struct b43_wl */
4971 wl->hw = hw;
4972 mutex_init(&wl->mutex);
4973 spin_lock_init(&wl->hardirq_lock);
4974 INIT_LIST_HEAD(&wl->devlist);
4975 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4976 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4977 INIT_WORK(&wl->tx_work, b43_tx_work);
4978 skb_queue_head_init(&wl->tx_queue);
4979
4980 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4981 dev->bus->chip_id, dev->id.revision);
4982 return wl;
4983 }
4984
4985 static int b43_ssb_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4986 {
4987 struct b43_wl *wl;
4988 int err;
4989 int first = 0;
4990
4991 wl = ssb_get_devtypedata(dev);
4992 if (!wl) {
4993 /* Probing the first core. Must setup common struct b43_wl */
4994 first = 1;
4995 b43_sprom_fixup(dev->bus);
4996 wl = b43_wireless_init(dev);
4997 if (IS_ERR(wl)) {
4998 err = PTR_ERR(wl);
4999 goto out;
5000 }
5001 ssb_set_devtypedata(dev, wl);
5002 B43_WARN_ON(ssb_get_devtypedata(dev) != wl);
5003 }
5004 err = b43_one_core_attach(dev, wl);
5005 if (err)
5006 goto err_wireless_exit;
5007
5008 if (first) {
5009 err = ieee80211_register_hw(wl->hw);
5010 if (err)
5011 goto err_one_core_detach;
5012 b43_leds_register(wl->current_dev);
5013 }
5014
5015 out:
5016 return err;
5017
5018 err_one_core_detach:
5019 b43_one_core_detach(dev);
5020 err_wireless_exit:
5021 if (first)
5022 b43_wireless_exit(dev, wl);
5023 return err;
5024 }
5025
5026 static void b43_ssb_remove(struct ssb_device *dev)
5027 {
5028 struct b43_wl *wl = ssb_get_devtypedata(dev);
5029 struct b43_wldev *wldev = ssb_get_drvdata(dev);
5030
5031 /* We must cancel any work here before unregistering from ieee80211,
5032 * as the ieee80211 unreg will destroy the workqueue. */
5033 cancel_work_sync(&wldev->restart_work);
5034
5035 B43_WARN_ON(!wl);
5036 if (wl->current_dev == wldev) {
5037 /* Restore the queues count before unregistering, because firmware detect
5038 * might have modified it. Restoring is important, so the networking
5039 * stack can properly free resources. */
5040 wl->hw->queues = wl->mac80211_initially_registered_queues;
5041 b43_leds_stop(wldev);
5042 ieee80211_unregister_hw(wl->hw);
5043 }
5044
5045 b43_one_core_detach(dev);
5046
5047 if (list_empty(&wl->devlist)) {
5048 b43_leds_unregister(wl);
5049 /* Last core on the chip unregistered.
5050 * We can destroy common struct b43_wl.
5051 */
5052 b43_wireless_exit(dev, wl);
5053 }
5054 }
5055
5056 /* Perform a hardware reset. This can be called from any context. */
5057 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5058 {
5059 /* Must avoid requeueing, if we are in shutdown. */
5060 if (b43_status(dev) < B43_STAT_INITIALIZED)
5061 return;
5062 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5063 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5064 }
5065
5066 static struct ssb_driver b43_ssb_driver = {
5067 .name = KBUILD_MODNAME,
5068 .id_table = b43_ssb_tbl,
5069 .probe = b43_ssb_probe,
5070 .remove = b43_ssb_remove,
5071 };
5072
5073 static void b43_print_driverinfo(void)
5074 {
5075 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5076 *feat_leds = "", *feat_sdio = "";
5077
5078 #ifdef CONFIG_B43_PCI_AUTOSELECT
5079 feat_pci = "P";
5080 #endif
5081 #ifdef CONFIG_B43_PCMCIA
5082 feat_pcmcia = "M";
5083 #endif
5084 #ifdef CONFIG_B43_PHY_N
5085 feat_nphy = "N";
5086 #endif
5087 #ifdef CONFIG_B43_LEDS
5088 feat_leds = "L";
5089 #endif
5090 #ifdef CONFIG_B43_SDIO
5091 feat_sdio = "S";
5092 #endif
5093 printk(KERN_INFO "Broadcom 43xx driver loaded "
5094 "[ Features: %s%s%s%s%s, Firmware-ID: "
5095 B43_SUPPORTED_FIRMWARE_ID " ]\n",
5096 feat_pci, feat_pcmcia, feat_nphy,
5097 feat_leds, feat_sdio);
5098 }
5099
5100 static int __init b43_init(void)
5101 {
5102 int err;
5103
5104 b43_debugfs_init();
5105 err = b43_pcmcia_init();
5106 if (err)
5107 goto err_dfs_exit;
5108 err = b43_sdio_init();
5109 if (err)
5110 goto err_pcmcia_exit;
5111 err = ssb_driver_register(&b43_ssb_driver);
5112 if (err)
5113 goto err_sdio_exit;
5114 b43_print_driverinfo();
5115
5116 return err;
5117
5118 err_sdio_exit:
5119 b43_sdio_exit();
5120 err_pcmcia_exit:
5121 b43_pcmcia_exit();
5122 err_dfs_exit:
5123 b43_debugfs_exit();
5124 return err;
5125 }
5126
5127 static void __exit b43_exit(void)
5128 {
5129 ssb_driver_unregister(&b43_ssb_driver);
5130 b43_sdio_exit();
5131 b43_pcmcia_exit();
5132 b43_debugfs_exit();
5133 }
5134
5135 module_init(b43_init)
5136 module_exit(b43_exit)
ubuntu-bionic-kernel mirror