]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/net/wireless/b43/main.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
[mirror_ubuntu-bionic-kernel.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11 SDIO support
12 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
13
14 Some parts of the code in this file are derived from the ipw2200
15 driver Copyright(c) 2003 - 2004 Intel Corporation.
16
17 This program is free software; you can redistribute it and/or modify
18 it under the terms of the GNU General Public License as published by
19 the Free Software Foundation; either version 2 of the License, or
20 (at your option) any later version.
21
22 This program is distributed in the hope that it will be useful,
23 but WITHOUT ANY WARRANTY; without even the implied warranty of
24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 GNU General Public License for more details.
26
27 You should have received a copy of the GNU General Public License
28 along with this program; see the file COPYING. If not, write to
29 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
30 Boston, MA 02110-1301, USA.
31
32 */
33
34 #include <linux/delay.h>
35 #include <linux/init.h>
36 #include <linux/moduleparam.h>
37 #include <linux/if_arp.h>
38 #include <linux/etherdevice.h>
39 #include <linux/firmware.h>
40 #include <linux/wireless.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <asm/unaligned.h>
46
47 #include "b43.h"
48 #include "main.h"
49 #include "debugfs.h"
50 #include "phy_common.h"
51 #include "phy_g.h"
52 #include "phy_n.h"
53 #include "dma.h"
54 #include "pio.h"
55 #include "sysfs.h"
56 #include "xmit.h"
57 #include "lo.h"
58 #include "pcmcia.h"
59 #include "sdio.h"
60 #include <linux/mmc/sdio_func.h>
61
62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63 MODULE_AUTHOR("Martin Langer");
64 MODULE_AUTHOR("Stefano Brivio");
65 MODULE_AUTHOR("Michael Buesch");
66 MODULE_AUTHOR("Gábor Stefanik");
67 MODULE_LICENSE("GPL");
68
69 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
70
71
72 static int modparam_bad_frames_preempt;
73 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
74 MODULE_PARM_DESC(bad_frames_preempt,
75 "enable(1) / disable(0) Bad Frames Preemption");
76
77 static char modparam_fwpostfix[16];
78 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
79 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
80
81 static int modparam_hwpctl;
82 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
83 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
84
85 static int modparam_nohwcrypt;
86 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
87 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
88
89 static int modparam_hwtkip;
90 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
91 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
92
93 static int modparam_qos = 1;
94 module_param_named(qos, modparam_qos, int, 0444);
95 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
96
97 static int modparam_btcoex = 1;
98 module_param_named(btcoex, modparam_btcoex, int, 0444);
99 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
100
101 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
102 module_param_named(verbose, b43_modparam_verbose, int, 0644);
103 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
104
105 static int modparam_pio;
106 module_param_named(pio, modparam_pio, int, 0444);
107 MODULE_PARM_DESC(pio, "enable(1) / disable(0) PIO mode");
108
109 static const struct ssb_device_id b43_ssb_tbl[] = {
110 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
111 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
112 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
113 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
114 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
115 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
116 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
117 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
118 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
119 SSB_DEVTABLE_END
120 };
121
122 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
123
124 /* Channel and ratetables are shared for all devices.
125 * They can't be const, because ieee80211 puts some precalculated
126 * data in there. This data is the same for all devices, so we don't
127 * get concurrency issues */
128 #define RATETAB_ENT(_rateid, _flags) \
129 { \
130 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
131 .hw_value = (_rateid), \
132 .flags = (_flags), \
133 }
134
135 /*
136 * NOTE: When changing this, sync with xmit.c's
137 * b43_plcp_get_bitrate_idx_* functions!
138 */
139 static struct ieee80211_rate __b43_ratetable[] = {
140 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
141 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
142 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
143 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
144 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
145 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
146 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
147 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
148 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
149 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
150 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
151 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
152 };
153
154 #define b43_a_ratetable (__b43_ratetable + 4)
155 #define b43_a_ratetable_size 8
156 #define b43_b_ratetable (__b43_ratetable + 0)
157 #define b43_b_ratetable_size 4
158 #define b43_g_ratetable (__b43_ratetable + 0)
159 #define b43_g_ratetable_size 12
160
161 #define CHAN4G(_channel, _freq, _flags) { \
162 .band = IEEE80211_BAND_2GHZ, \
163 .center_freq = (_freq), \
164 .hw_value = (_channel), \
165 .flags = (_flags), \
166 .max_antenna_gain = 0, \
167 .max_power = 30, \
168 }
169 static struct ieee80211_channel b43_2ghz_chantable[] = {
170 CHAN4G(1, 2412, 0),
171 CHAN4G(2, 2417, 0),
172 CHAN4G(3, 2422, 0),
173 CHAN4G(4, 2427, 0),
174 CHAN4G(5, 2432, 0),
175 CHAN4G(6, 2437, 0),
176 CHAN4G(7, 2442, 0),
177 CHAN4G(8, 2447, 0),
178 CHAN4G(9, 2452, 0),
179 CHAN4G(10, 2457, 0),
180 CHAN4G(11, 2462, 0),
181 CHAN4G(12, 2467, 0),
182 CHAN4G(13, 2472, 0),
183 CHAN4G(14, 2484, 0),
184 };
185 #undef CHAN4G
186
187 #define CHAN5G(_channel, _flags) { \
188 .band = IEEE80211_BAND_5GHZ, \
189 .center_freq = 5000 + (5 * (_channel)), \
190 .hw_value = (_channel), \
191 .flags = (_flags), \
192 .max_antenna_gain = 0, \
193 .max_power = 30, \
194 }
195 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
196 CHAN5G(32, 0), CHAN5G(34, 0),
197 CHAN5G(36, 0), CHAN5G(38, 0),
198 CHAN5G(40, 0), CHAN5G(42, 0),
199 CHAN5G(44, 0), CHAN5G(46, 0),
200 CHAN5G(48, 0), CHAN5G(50, 0),
201 CHAN5G(52, 0), CHAN5G(54, 0),
202 CHAN5G(56, 0), CHAN5G(58, 0),
203 CHAN5G(60, 0), CHAN5G(62, 0),
204 CHAN5G(64, 0), CHAN5G(66, 0),
205 CHAN5G(68, 0), CHAN5G(70, 0),
206 CHAN5G(72, 0), CHAN5G(74, 0),
207 CHAN5G(76, 0), CHAN5G(78, 0),
208 CHAN5G(80, 0), CHAN5G(82, 0),
209 CHAN5G(84, 0), CHAN5G(86, 0),
210 CHAN5G(88, 0), CHAN5G(90, 0),
211 CHAN5G(92, 0), CHAN5G(94, 0),
212 CHAN5G(96, 0), CHAN5G(98, 0),
213 CHAN5G(100, 0), CHAN5G(102, 0),
214 CHAN5G(104, 0), CHAN5G(106, 0),
215 CHAN5G(108, 0), CHAN5G(110, 0),
216 CHAN5G(112, 0), CHAN5G(114, 0),
217 CHAN5G(116, 0), CHAN5G(118, 0),
218 CHAN5G(120, 0), CHAN5G(122, 0),
219 CHAN5G(124, 0), CHAN5G(126, 0),
220 CHAN5G(128, 0), CHAN5G(130, 0),
221 CHAN5G(132, 0), CHAN5G(134, 0),
222 CHAN5G(136, 0), CHAN5G(138, 0),
223 CHAN5G(140, 0), CHAN5G(142, 0),
224 CHAN5G(144, 0), CHAN5G(145, 0),
225 CHAN5G(146, 0), CHAN5G(147, 0),
226 CHAN5G(148, 0), CHAN5G(149, 0),
227 CHAN5G(150, 0), CHAN5G(151, 0),
228 CHAN5G(152, 0), CHAN5G(153, 0),
229 CHAN5G(154, 0), CHAN5G(155, 0),
230 CHAN5G(156, 0), CHAN5G(157, 0),
231 CHAN5G(158, 0), CHAN5G(159, 0),
232 CHAN5G(160, 0), CHAN5G(161, 0),
233 CHAN5G(162, 0), CHAN5G(163, 0),
234 CHAN5G(164, 0), CHAN5G(165, 0),
235 CHAN5G(166, 0), CHAN5G(168, 0),
236 CHAN5G(170, 0), CHAN5G(172, 0),
237 CHAN5G(174, 0), CHAN5G(176, 0),
238 CHAN5G(178, 0), CHAN5G(180, 0),
239 CHAN5G(182, 0), CHAN5G(184, 0),
240 CHAN5G(186, 0), CHAN5G(188, 0),
241 CHAN5G(190, 0), CHAN5G(192, 0),
242 CHAN5G(194, 0), CHAN5G(196, 0),
243 CHAN5G(198, 0), CHAN5G(200, 0),
244 CHAN5G(202, 0), CHAN5G(204, 0),
245 CHAN5G(206, 0), CHAN5G(208, 0),
246 CHAN5G(210, 0), CHAN5G(212, 0),
247 CHAN5G(214, 0), CHAN5G(216, 0),
248 CHAN5G(218, 0), CHAN5G(220, 0),
249 CHAN5G(222, 0), CHAN5G(224, 0),
250 CHAN5G(226, 0), CHAN5G(228, 0),
251 };
252
253 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
254 CHAN5G(34, 0), CHAN5G(36, 0),
255 CHAN5G(38, 0), CHAN5G(40, 0),
256 CHAN5G(42, 0), CHAN5G(44, 0),
257 CHAN5G(46, 0), CHAN5G(48, 0),
258 CHAN5G(52, 0), CHAN5G(56, 0),
259 CHAN5G(60, 0), CHAN5G(64, 0),
260 CHAN5G(100, 0), CHAN5G(104, 0),
261 CHAN5G(108, 0), CHAN5G(112, 0),
262 CHAN5G(116, 0), CHAN5G(120, 0),
263 CHAN5G(124, 0), CHAN5G(128, 0),
264 CHAN5G(132, 0), CHAN5G(136, 0),
265 CHAN5G(140, 0), CHAN5G(149, 0),
266 CHAN5G(153, 0), CHAN5G(157, 0),
267 CHAN5G(161, 0), CHAN5G(165, 0),
268 CHAN5G(184, 0), CHAN5G(188, 0),
269 CHAN5G(192, 0), CHAN5G(196, 0),
270 CHAN5G(200, 0), CHAN5G(204, 0),
271 CHAN5G(208, 0), CHAN5G(212, 0),
272 CHAN5G(216, 0),
273 };
274 #undef CHAN5G
275
276 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
277 .band = IEEE80211_BAND_5GHZ,
278 .channels = b43_5ghz_nphy_chantable,
279 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
280 .bitrates = b43_a_ratetable,
281 .n_bitrates = b43_a_ratetable_size,
282 };
283
284 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
285 .band = IEEE80211_BAND_5GHZ,
286 .channels = b43_5ghz_aphy_chantable,
287 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
288 .bitrates = b43_a_ratetable,
289 .n_bitrates = b43_a_ratetable_size,
290 };
291
292 static struct ieee80211_supported_band b43_band_2GHz = {
293 .band = IEEE80211_BAND_2GHZ,
294 .channels = b43_2ghz_chantable,
295 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
296 .bitrates = b43_g_ratetable,
297 .n_bitrates = b43_g_ratetable_size,
298 };
299
300 static void b43_wireless_core_exit(struct b43_wldev *dev);
301 static int b43_wireless_core_init(struct b43_wldev *dev);
302 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
303 static int b43_wireless_core_start(struct b43_wldev *dev);
304
305 static int b43_ratelimit(struct b43_wl *wl)
306 {
307 if (!wl || !wl->current_dev)
308 return 1;
309 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
310 return 1;
311 /* We are up and running.
312 * Ratelimit the messages to avoid DoS over the net. */
313 return net_ratelimit();
314 }
315
316 void b43info(struct b43_wl *wl, const char *fmt, ...)
317 {
318 va_list args;
319
320 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
321 return;
322 if (!b43_ratelimit(wl))
323 return;
324 va_start(args, fmt);
325 printk(KERN_INFO "b43-%s: ",
326 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
327 vprintk(fmt, args);
328 va_end(args);
329 }
330
331 void b43err(struct b43_wl *wl, const char *fmt, ...)
332 {
333 va_list args;
334
335 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
336 return;
337 if (!b43_ratelimit(wl))
338 return;
339 va_start(args, fmt);
340 printk(KERN_ERR "b43-%s ERROR: ",
341 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
342 vprintk(fmt, args);
343 va_end(args);
344 }
345
346 void b43warn(struct b43_wl *wl, const char *fmt, ...)
347 {
348 va_list args;
349
350 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
351 return;
352 if (!b43_ratelimit(wl))
353 return;
354 va_start(args, fmt);
355 printk(KERN_WARNING "b43-%s warning: ",
356 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
357 vprintk(fmt, args);
358 va_end(args);
359 }
360
361 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
362 {
363 va_list args;
364
365 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
366 return;
367 va_start(args, fmt);
368 printk(KERN_DEBUG "b43-%s debug: ",
369 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
370 vprintk(fmt, args);
371 va_end(args);
372 }
373
374 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
375 {
376 u32 macctl;
377
378 B43_WARN_ON(offset % 4 != 0);
379
380 macctl = b43_read32(dev, B43_MMIO_MACCTL);
381 if (macctl & B43_MACCTL_BE)
382 val = swab32(val);
383
384 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
385 mmiowb();
386 b43_write32(dev, B43_MMIO_RAM_DATA, val);
387 }
388
389 static inline void b43_shm_control_word(struct b43_wldev *dev,
390 u16 routing, u16 offset)
391 {
392 u32 control;
393
394 /* "offset" is the WORD offset. */
395 control = routing;
396 control <<= 16;
397 control |= offset;
398 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
399 }
400
401 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
402 {
403 u32 ret;
404
405 if (routing == B43_SHM_SHARED) {
406 B43_WARN_ON(offset & 0x0001);
407 if (offset & 0x0003) {
408 /* Unaligned access */
409 b43_shm_control_word(dev, routing, offset >> 2);
410 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
411 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
412 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
413
414 goto out;
415 }
416 offset >>= 2;
417 }
418 b43_shm_control_word(dev, routing, offset);
419 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
420 out:
421 return ret;
422 }
423
424 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
425 {
426 u16 ret;
427
428 if (routing == B43_SHM_SHARED) {
429 B43_WARN_ON(offset & 0x0001);
430 if (offset & 0x0003) {
431 /* Unaligned access */
432 b43_shm_control_word(dev, routing, offset >> 2);
433 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
434
435 goto out;
436 }
437 offset >>= 2;
438 }
439 b43_shm_control_word(dev, routing, offset);
440 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
441 out:
442 return ret;
443 }
444
445 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
446 {
447 if (routing == B43_SHM_SHARED) {
448 B43_WARN_ON(offset & 0x0001);
449 if (offset & 0x0003) {
450 /* Unaligned access */
451 b43_shm_control_word(dev, routing, offset >> 2);
452 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
453 value & 0xFFFF);
454 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
455 b43_write16(dev, B43_MMIO_SHM_DATA,
456 (value >> 16) & 0xFFFF);
457 return;
458 }
459 offset >>= 2;
460 }
461 b43_shm_control_word(dev, routing, offset);
462 b43_write32(dev, B43_MMIO_SHM_DATA, value);
463 }
464
465 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
466 {
467 if (routing == B43_SHM_SHARED) {
468 B43_WARN_ON(offset & 0x0001);
469 if (offset & 0x0003) {
470 /* Unaligned access */
471 b43_shm_control_word(dev, routing, offset >> 2);
472 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
473 return;
474 }
475 offset >>= 2;
476 }
477 b43_shm_control_word(dev, routing, offset);
478 b43_write16(dev, B43_MMIO_SHM_DATA, value);
479 }
480
481 /* Read HostFlags */
482 u64 b43_hf_read(struct b43_wldev *dev)
483 {
484 u64 ret;
485
486 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
487 ret <<= 16;
488 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
489 ret <<= 16;
490 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
491
492 return ret;
493 }
494
495 /* Write HostFlags */
496 void b43_hf_write(struct b43_wldev *dev, u64 value)
497 {
498 u16 lo, mi, hi;
499
500 lo = (value & 0x00000000FFFFULL);
501 mi = (value & 0x0000FFFF0000ULL) >> 16;
502 hi = (value & 0xFFFF00000000ULL) >> 32;
503 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
504 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
505 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
506 }
507
508 /* Read the firmware capabilities bitmask (Opensource firmware only) */
509 static u16 b43_fwcapa_read(struct b43_wldev *dev)
510 {
511 B43_WARN_ON(!dev->fw.opensource);
512 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
513 }
514
515 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
516 {
517 u32 low, high;
518
519 B43_WARN_ON(dev->dev->id.revision < 3);
520
521 /* The hardware guarantees us an atomic read, if we
522 * read the low register first. */
523 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
524 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
525
526 *tsf = high;
527 *tsf <<= 32;
528 *tsf |= low;
529 }
530
531 static void b43_time_lock(struct b43_wldev *dev)
532 {
533 u32 macctl;
534
535 macctl = b43_read32(dev, B43_MMIO_MACCTL);
536 macctl |= B43_MACCTL_TBTTHOLD;
537 b43_write32(dev, B43_MMIO_MACCTL, macctl);
538 /* Commit the write */
539 b43_read32(dev, B43_MMIO_MACCTL);
540 }
541
542 static void b43_time_unlock(struct b43_wldev *dev)
543 {
544 u32 macctl;
545
546 macctl = b43_read32(dev, B43_MMIO_MACCTL);
547 macctl &= ~B43_MACCTL_TBTTHOLD;
548 b43_write32(dev, B43_MMIO_MACCTL, macctl);
549 /* Commit the write */
550 b43_read32(dev, B43_MMIO_MACCTL);
551 }
552
553 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
554 {
555 u32 low, high;
556
557 B43_WARN_ON(dev->dev->id.revision < 3);
558
559 low = tsf;
560 high = (tsf >> 32);
561 /* The hardware guarantees us an atomic write, if we
562 * write the low register first. */
563 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
564 mmiowb();
565 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
566 mmiowb();
567 }
568
569 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
570 {
571 b43_time_lock(dev);
572 b43_tsf_write_locked(dev, tsf);
573 b43_time_unlock(dev);
574 }
575
576 static
577 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
578 {
579 static const u8 zero_addr[ETH_ALEN] = { 0 };
580 u16 data;
581
582 if (!mac)
583 mac = zero_addr;
584
585 offset |= 0x0020;
586 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
587
588 data = mac[0];
589 data |= mac[1] << 8;
590 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
591 data = mac[2];
592 data |= mac[3] << 8;
593 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
594 data = mac[4];
595 data |= mac[5] << 8;
596 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
597 }
598
599 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
600 {
601 const u8 *mac;
602 const u8 *bssid;
603 u8 mac_bssid[ETH_ALEN * 2];
604 int i;
605 u32 tmp;
606
607 bssid = dev->wl->bssid;
608 mac = dev->wl->mac_addr;
609
610 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
611
612 memcpy(mac_bssid, mac, ETH_ALEN);
613 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
614
615 /* Write our MAC address and BSSID to template ram */
616 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
617 tmp = (u32) (mac_bssid[i + 0]);
618 tmp |= (u32) (mac_bssid[i + 1]) << 8;
619 tmp |= (u32) (mac_bssid[i + 2]) << 16;
620 tmp |= (u32) (mac_bssid[i + 3]) << 24;
621 b43_ram_write(dev, 0x20 + i, tmp);
622 }
623 }
624
625 static void b43_upload_card_macaddress(struct b43_wldev *dev)
626 {
627 b43_write_mac_bssid_templates(dev);
628 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
629 }
630
631 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
632 {
633 /* slot_time is in usec. */
634 if (dev->phy.type != B43_PHYTYPE_G)
635 return;
636 b43_write16(dev, 0x684, 510 + slot_time);
637 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
638 }
639
640 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
641 {
642 b43_set_slot_time(dev, 9);
643 }
644
645 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
646 {
647 b43_set_slot_time(dev, 20);
648 }
649
650 /* DummyTransmission function, as documented on
651 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
652 */
653 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
654 {
655 struct b43_phy *phy = &dev->phy;
656 unsigned int i, max_loop;
657 u16 value;
658 u32 buffer[5] = {
659 0x00000000,
660 0x00D40000,
661 0x00000000,
662 0x01000000,
663 0x00000000,
664 };
665
666 if (ofdm) {
667 max_loop = 0x1E;
668 buffer[0] = 0x000201CC;
669 } else {
670 max_loop = 0xFA;
671 buffer[0] = 0x000B846E;
672 }
673
674 for (i = 0; i < 5; i++)
675 b43_ram_write(dev, i * 4, buffer[i]);
676
677 b43_write16(dev, 0x0568, 0x0000);
678 if (dev->dev->id.revision < 11)
679 b43_write16(dev, 0x07C0, 0x0000);
680 else
681 b43_write16(dev, 0x07C0, 0x0100);
682 value = (ofdm ? 0x41 : 0x40);
683 b43_write16(dev, 0x050C, value);
684 if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
685 b43_write16(dev, 0x0514, 0x1A02);
686 b43_write16(dev, 0x0508, 0x0000);
687 b43_write16(dev, 0x050A, 0x0000);
688 b43_write16(dev, 0x054C, 0x0000);
689 b43_write16(dev, 0x056A, 0x0014);
690 b43_write16(dev, 0x0568, 0x0826);
691 b43_write16(dev, 0x0500, 0x0000);
692 if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
693 //SPEC TODO
694 }
695
696 switch (phy->type) {
697 case B43_PHYTYPE_N:
698 b43_write16(dev, 0x0502, 0x00D0);
699 break;
700 case B43_PHYTYPE_LP:
701 b43_write16(dev, 0x0502, 0x0050);
702 break;
703 default:
704 b43_write16(dev, 0x0502, 0x0030);
705 }
706
707 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
708 b43_radio_write16(dev, 0x0051, 0x0017);
709 for (i = 0x00; i < max_loop; i++) {
710 value = b43_read16(dev, 0x050E);
711 if (value & 0x0080)
712 break;
713 udelay(10);
714 }
715 for (i = 0x00; i < 0x0A; i++) {
716 value = b43_read16(dev, 0x050E);
717 if (value & 0x0400)
718 break;
719 udelay(10);
720 }
721 for (i = 0x00; i < 0x19; i++) {
722 value = b43_read16(dev, 0x0690);
723 if (!(value & 0x0100))
724 break;
725 udelay(10);
726 }
727 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
728 b43_radio_write16(dev, 0x0051, 0x0037);
729 }
730
731 static void key_write(struct b43_wldev *dev,
732 u8 index, u8 algorithm, const u8 *key)
733 {
734 unsigned int i;
735 u32 offset;
736 u16 value;
737 u16 kidx;
738
739 /* Key index/algo block */
740 kidx = b43_kidx_to_fw(dev, index);
741 value = ((kidx << 4) | algorithm);
742 b43_shm_write16(dev, B43_SHM_SHARED,
743 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
744
745 /* Write the key to the Key Table Pointer offset */
746 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
747 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
748 value = key[i];
749 value |= (u16) (key[i + 1]) << 8;
750 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
751 }
752 }
753
754 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
755 {
756 u32 addrtmp[2] = { 0, 0, };
757 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
758
759 if (b43_new_kidx_api(dev))
760 pairwise_keys_start = B43_NR_GROUP_KEYS;
761
762 B43_WARN_ON(index < pairwise_keys_start);
763 /* We have four default TX keys and possibly four default RX keys.
764 * Physical mac 0 is mapped to physical key 4 or 8, depending
765 * on the firmware version.
766 * So we must adjust the index here.
767 */
768 index -= pairwise_keys_start;
769 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
770
771 if (addr) {
772 addrtmp[0] = addr[0];
773 addrtmp[0] |= ((u32) (addr[1]) << 8);
774 addrtmp[0] |= ((u32) (addr[2]) << 16);
775 addrtmp[0] |= ((u32) (addr[3]) << 24);
776 addrtmp[1] = addr[4];
777 addrtmp[1] |= ((u32) (addr[5]) << 8);
778 }
779
780 /* Receive match transmitter address (RCMTA) mechanism */
781 b43_shm_write32(dev, B43_SHM_RCMTA,
782 (index * 2) + 0, addrtmp[0]);
783 b43_shm_write16(dev, B43_SHM_RCMTA,
784 (index * 2) + 1, addrtmp[1]);
785 }
786
787 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
788 * When a packet is received, the iv32 is checked.
789 * - if it doesn't the packet is returned without modification (and software
790 * decryption can be done). That's what happen when iv16 wrap.
791 * - if it does, the rc4 key is computed, and decryption is tried.
792 * Either it will success and B43_RX_MAC_DEC is returned,
793 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
794 * and the packet is not usable (it got modified by the ucode).
795 * So in order to never have B43_RX_MAC_DECERR, we should provide
796 * a iv32 and phase1key that match. Because we drop packets in case of
797 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
798 * packets will be lost without higher layer knowing (ie no resync possible
799 * until next wrap).
800 *
801 * NOTE : this should support 50 key like RCMTA because
802 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
803 */
804 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
805 u16 *phase1key)
806 {
807 unsigned int i;
808 u32 offset;
809 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
810
811 if (!modparam_hwtkip)
812 return;
813
814 if (b43_new_kidx_api(dev))
815 pairwise_keys_start = B43_NR_GROUP_KEYS;
816
817 B43_WARN_ON(index < pairwise_keys_start);
818 /* We have four default TX keys and possibly four default RX keys.
819 * Physical mac 0 is mapped to physical key 4 or 8, depending
820 * on the firmware version.
821 * So we must adjust the index here.
822 */
823 index -= pairwise_keys_start;
824 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
825
826 if (b43_debug(dev, B43_DBG_KEYS)) {
827 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
828 index, iv32);
829 }
830 /* Write the key to the RX tkip shared mem */
831 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
832 for (i = 0; i < 10; i += 2) {
833 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
834 phase1key ? phase1key[i / 2] : 0);
835 }
836 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
837 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
838 }
839
840 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
841 struct ieee80211_key_conf *keyconf, const u8 *addr,
842 u32 iv32, u16 *phase1key)
843 {
844 struct b43_wl *wl = hw_to_b43_wl(hw);
845 struct b43_wldev *dev;
846 int index = keyconf->hw_key_idx;
847
848 if (B43_WARN_ON(!modparam_hwtkip))
849 return;
850
851 mutex_lock(&wl->mutex);
852
853 dev = wl->current_dev;
854 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
855 goto out_unlock;
856
857 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
858
859 rx_tkip_phase1_write(dev, index, iv32, phase1key);
860 keymac_write(dev, index, addr);
861
862 out_unlock:
863 mutex_unlock(&wl->mutex);
864 }
865
866 static void do_key_write(struct b43_wldev *dev,
867 u8 index, u8 algorithm,
868 const u8 *key, size_t key_len, const u8 *mac_addr)
869 {
870 u8 buf[B43_SEC_KEYSIZE] = { 0, };
871 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
872
873 if (b43_new_kidx_api(dev))
874 pairwise_keys_start = B43_NR_GROUP_KEYS;
875
876 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
877 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
878
879 if (index >= pairwise_keys_start)
880 keymac_write(dev, index, NULL); /* First zero out mac. */
881 if (algorithm == B43_SEC_ALGO_TKIP) {
882 /*
883 * We should provide an initial iv32, phase1key pair.
884 * We could start with iv32=0 and compute the corresponding
885 * phase1key, but this means calling ieee80211_get_tkip_key
886 * with a fake skb (or export other tkip function).
887 * Because we are lazy we hope iv32 won't start with
888 * 0xffffffff and let's b43_op_update_tkip_key provide a
889 * correct pair.
890 */
891 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
892 } else if (index >= pairwise_keys_start) /* clear it */
893 rx_tkip_phase1_write(dev, index, 0, NULL);
894 if (key)
895 memcpy(buf, key, key_len);
896 key_write(dev, index, algorithm, buf);
897 if (index >= pairwise_keys_start)
898 keymac_write(dev, index, mac_addr);
899
900 dev->key[index].algorithm = algorithm;
901 }
902
903 static int b43_key_write(struct b43_wldev *dev,
904 int index, u8 algorithm,
905 const u8 *key, size_t key_len,
906 const u8 *mac_addr,
907 struct ieee80211_key_conf *keyconf)
908 {
909 int i;
910 int pairwise_keys_start;
911
912 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
913 * - Temporal Encryption Key (128 bits)
914 * - Temporal Authenticator Tx MIC Key (64 bits)
915 * - Temporal Authenticator Rx MIC Key (64 bits)
916 *
917 * Hardware only store TEK
918 */
919 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
920 key_len = 16;
921 if (key_len > B43_SEC_KEYSIZE)
922 return -EINVAL;
923 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
924 /* Check that we don't already have this key. */
925 B43_WARN_ON(dev->key[i].keyconf == keyconf);
926 }
927 if (index < 0) {
928 /* Pairwise key. Get an empty slot for the key. */
929 if (b43_new_kidx_api(dev))
930 pairwise_keys_start = B43_NR_GROUP_KEYS;
931 else
932 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
933 for (i = pairwise_keys_start;
934 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
935 i++) {
936 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
937 if (!dev->key[i].keyconf) {
938 /* found empty */
939 index = i;
940 break;
941 }
942 }
943 if (index < 0) {
944 b43warn(dev->wl, "Out of hardware key memory\n");
945 return -ENOSPC;
946 }
947 } else
948 B43_WARN_ON(index > 3);
949
950 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
951 if ((index <= 3) && !b43_new_kidx_api(dev)) {
952 /* Default RX key */
953 B43_WARN_ON(mac_addr);
954 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
955 }
956 keyconf->hw_key_idx = index;
957 dev->key[index].keyconf = keyconf;
958
959 return 0;
960 }
961
962 static int b43_key_clear(struct b43_wldev *dev, int index)
963 {
964 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
965 return -EINVAL;
966 do_key_write(dev, index, B43_SEC_ALGO_NONE,
967 NULL, B43_SEC_KEYSIZE, NULL);
968 if ((index <= 3) && !b43_new_kidx_api(dev)) {
969 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
970 NULL, B43_SEC_KEYSIZE, NULL);
971 }
972 dev->key[index].keyconf = NULL;
973
974 return 0;
975 }
976
977 static void b43_clear_keys(struct b43_wldev *dev)
978 {
979 int i, count;
980
981 if (b43_new_kidx_api(dev))
982 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
983 else
984 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
985 for (i = 0; i < count; i++)
986 b43_key_clear(dev, i);
987 }
988
989 static void b43_dump_keymemory(struct b43_wldev *dev)
990 {
991 unsigned int i, index, count, offset, pairwise_keys_start;
992 u8 mac[ETH_ALEN];
993 u16 algo;
994 u32 rcmta0;
995 u16 rcmta1;
996 u64 hf;
997 struct b43_key *key;
998
999 if (!b43_debug(dev, B43_DBG_KEYS))
1000 return;
1001
1002 hf = b43_hf_read(dev);
1003 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1004 !!(hf & B43_HF_USEDEFKEYS));
1005 if (b43_new_kidx_api(dev)) {
1006 pairwise_keys_start = B43_NR_GROUP_KEYS;
1007 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1008 } else {
1009 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1010 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1011 }
1012 for (index = 0; index < count; index++) {
1013 key = &(dev->key[index]);
1014 printk(KERN_DEBUG "Key slot %02u: %s",
1015 index, (key->keyconf == NULL) ? " " : "*");
1016 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1017 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1018 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1019 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1020 }
1021
1022 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1023 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1024 printk(" Algo: %04X/%02X", algo, key->algorithm);
1025
1026 if (index >= pairwise_keys_start) {
1027 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1028 printk(" TKIP: ");
1029 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1030 for (i = 0; i < 14; i += 2) {
1031 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1032 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1033 }
1034 }
1035 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1036 ((index - pairwise_keys_start) * 2) + 0);
1037 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1038 ((index - pairwise_keys_start) * 2) + 1);
1039 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1040 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1041 printk(" MAC: %pM", mac);
1042 } else
1043 printk(" DEFAULT KEY");
1044 printk("\n");
1045 }
1046 }
1047
1048 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1049 {
1050 u32 macctl;
1051 u16 ucstat;
1052 bool hwps;
1053 bool awake;
1054 int i;
1055
1056 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1057 (ps_flags & B43_PS_DISABLED));
1058 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1059
1060 if (ps_flags & B43_PS_ENABLED) {
1061 hwps = 1;
1062 } else if (ps_flags & B43_PS_DISABLED) {
1063 hwps = 0;
1064 } else {
1065 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1066 // and thus is not an AP and we are associated, set bit 25
1067 }
1068 if (ps_flags & B43_PS_AWAKE) {
1069 awake = 1;
1070 } else if (ps_flags & B43_PS_ASLEEP) {
1071 awake = 0;
1072 } else {
1073 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1074 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1075 // successful, set bit26
1076 }
1077
1078 /* FIXME: For now we force awake-on and hwps-off */
1079 hwps = 0;
1080 awake = 1;
1081
1082 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1083 if (hwps)
1084 macctl |= B43_MACCTL_HWPS;
1085 else
1086 macctl &= ~B43_MACCTL_HWPS;
1087 if (awake)
1088 macctl |= B43_MACCTL_AWAKE;
1089 else
1090 macctl &= ~B43_MACCTL_AWAKE;
1091 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1092 /* Commit write */
1093 b43_read32(dev, B43_MMIO_MACCTL);
1094 if (awake && dev->dev->id.revision >= 5) {
1095 /* Wait for the microcode to wake up. */
1096 for (i = 0; i < 100; i++) {
1097 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1098 B43_SHM_SH_UCODESTAT);
1099 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1100 break;
1101 udelay(10);
1102 }
1103 }
1104 }
1105
1106 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1107 {
1108 u32 tmslow;
1109 u32 macctl;
1110
1111 flags |= B43_TMSLOW_PHYCLKEN;
1112 flags |= B43_TMSLOW_PHYRESET;
1113 ssb_device_enable(dev->dev, flags);
1114 msleep(2); /* Wait for the PLL to turn on. */
1115
1116 /* Now take the PHY out of Reset again */
1117 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1118 tmslow |= SSB_TMSLOW_FGC;
1119 tmslow &= ~B43_TMSLOW_PHYRESET;
1120 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1121 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1122 msleep(1);
1123 tmslow &= ~SSB_TMSLOW_FGC;
1124 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1125 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1126 msleep(1);
1127
1128 /* Turn Analog ON, but only if we already know the PHY-type.
1129 * This protects against very early setup where we don't know the
1130 * PHY-type, yet. wireless_core_reset will be called once again later,
1131 * when we know the PHY-type. */
1132 if (dev->phy.ops)
1133 dev->phy.ops->switch_analog(dev, 1);
1134
1135 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1136 macctl &= ~B43_MACCTL_GMODE;
1137 if (flags & B43_TMSLOW_GMODE)
1138 macctl |= B43_MACCTL_GMODE;
1139 macctl |= B43_MACCTL_IHR_ENABLED;
1140 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1141 }
1142
1143 static void handle_irq_transmit_status(struct b43_wldev *dev)
1144 {
1145 u32 v0, v1;
1146 u16 tmp;
1147 struct b43_txstatus stat;
1148
1149 while (1) {
1150 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1151 if (!(v0 & 0x00000001))
1152 break;
1153 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1154
1155 stat.cookie = (v0 >> 16);
1156 stat.seq = (v1 & 0x0000FFFF);
1157 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1158 tmp = (v0 & 0x0000FFFF);
1159 stat.frame_count = ((tmp & 0xF000) >> 12);
1160 stat.rts_count = ((tmp & 0x0F00) >> 8);
1161 stat.supp_reason = ((tmp & 0x001C) >> 2);
1162 stat.pm_indicated = !!(tmp & 0x0080);
1163 stat.intermediate = !!(tmp & 0x0040);
1164 stat.for_ampdu = !!(tmp & 0x0020);
1165 stat.acked = !!(tmp & 0x0002);
1166
1167 b43_handle_txstatus(dev, &stat);
1168 }
1169 }
1170
1171 static void drain_txstatus_queue(struct b43_wldev *dev)
1172 {
1173 u32 dummy;
1174
1175 if (dev->dev->id.revision < 5)
1176 return;
1177 /* Read all entries from the microcode TXstatus FIFO
1178 * and throw them away.
1179 */
1180 while (1) {
1181 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1182 if (!(dummy & 0x00000001))
1183 break;
1184 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1185 }
1186 }
1187
1188 static u32 b43_jssi_read(struct b43_wldev *dev)
1189 {
1190 u32 val = 0;
1191
1192 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1193 val <<= 16;
1194 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1195
1196 return val;
1197 }
1198
1199 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1200 {
1201 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1202 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1203 }
1204
1205 static void b43_generate_noise_sample(struct b43_wldev *dev)
1206 {
1207 b43_jssi_write(dev, 0x7F7F7F7F);
1208 b43_write32(dev, B43_MMIO_MACCMD,
1209 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1210 }
1211
1212 static void b43_calculate_link_quality(struct b43_wldev *dev)
1213 {
1214 /* Top half of Link Quality calculation. */
1215
1216 if (dev->phy.type != B43_PHYTYPE_G)
1217 return;
1218 if (dev->noisecalc.calculation_running)
1219 return;
1220 dev->noisecalc.calculation_running = 1;
1221 dev->noisecalc.nr_samples = 0;
1222
1223 b43_generate_noise_sample(dev);
1224 }
1225
1226 static void handle_irq_noise(struct b43_wldev *dev)
1227 {
1228 struct b43_phy_g *phy = dev->phy.g;
1229 u16 tmp;
1230 u8 noise[4];
1231 u8 i, j;
1232 s32 average;
1233
1234 /* Bottom half of Link Quality calculation. */
1235
1236 if (dev->phy.type != B43_PHYTYPE_G)
1237 return;
1238
1239 /* Possible race condition: It might be possible that the user
1240 * changed to a different channel in the meantime since we
1241 * started the calculation. We ignore that fact, since it's
1242 * not really that much of a problem. The background noise is
1243 * an estimation only anyway. Slightly wrong results will get damped
1244 * by the averaging of the 8 sample rounds. Additionally the
1245 * value is shortlived. So it will be replaced by the next noise
1246 * calculation round soon. */
1247
1248 B43_WARN_ON(!dev->noisecalc.calculation_running);
1249 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1250 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1251 noise[2] == 0x7F || noise[3] == 0x7F)
1252 goto generate_new;
1253
1254 /* Get the noise samples. */
1255 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1256 i = dev->noisecalc.nr_samples;
1257 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1258 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1259 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1260 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1261 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1262 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1263 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1264 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1265 dev->noisecalc.nr_samples++;
1266 if (dev->noisecalc.nr_samples == 8) {
1267 /* Calculate the Link Quality by the noise samples. */
1268 average = 0;
1269 for (i = 0; i < 8; i++) {
1270 for (j = 0; j < 4; j++)
1271 average += dev->noisecalc.samples[i][j];
1272 }
1273 average /= (8 * 4);
1274 average *= 125;
1275 average += 64;
1276 average /= 128;
1277 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1278 tmp = (tmp / 128) & 0x1F;
1279 if (tmp >= 8)
1280 average += 2;
1281 else
1282 average -= 25;
1283 if (tmp == 8)
1284 average -= 72;
1285 else
1286 average -= 48;
1287
1288 dev->stats.link_noise = average;
1289 dev->noisecalc.calculation_running = 0;
1290 return;
1291 }
1292 generate_new:
1293 b43_generate_noise_sample(dev);
1294 }
1295
1296 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1297 {
1298 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1299 ///TODO: PS TBTT
1300 } else {
1301 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1302 b43_power_saving_ctl_bits(dev, 0);
1303 }
1304 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1305 dev->dfq_valid = 1;
1306 }
1307
1308 static void handle_irq_atim_end(struct b43_wldev *dev)
1309 {
1310 if (dev->dfq_valid) {
1311 b43_write32(dev, B43_MMIO_MACCMD,
1312 b43_read32(dev, B43_MMIO_MACCMD)
1313 | B43_MACCMD_DFQ_VALID);
1314 dev->dfq_valid = 0;
1315 }
1316 }
1317
1318 static void handle_irq_pmq(struct b43_wldev *dev)
1319 {
1320 u32 tmp;
1321
1322 //TODO: AP mode.
1323
1324 while (1) {
1325 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1326 if (!(tmp & 0x00000008))
1327 break;
1328 }
1329 /* 16bit write is odd, but correct. */
1330 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1331 }
1332
1333 static void b43_write_template_common(struct b43_wldev *dev,
1334 const u8 *data, u16 size,
1335 u16 ram_offset,
1336 u16 shm_size_offset, u8 rate)
1337 {
1338 u32 i, tmp;
1339 struct b43_plcp_hdr4 plcp;
1340
1341 plcp.data = 0;
1342 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1343 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1344 ram_offset += sizeof(u32);
1345 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1346 * So leave the first two bytes of the next write blank.
1347 */
1348 tmp = (u32) (data[0]) << 16;
1349 tmp |= (u32) (data[1]) << 24;
1350 b43_ram_write(dev, ram_offset, tmp);
1351 ram_offset += sizeof(u32);
1352 for (i = 2; i < size; i += sizeof(u32)) {
1353 tmp = (u32) (data[i + 0]);
1354 if (i + 1 < size)
1355 tmp |= (u32) (data[i + 1]) << 8;
1356 if (i + 2 < size)
1357 tmp |= (u32) (data[i + 2]) << 16;
1358 if (i + 3 < size)
1359 tmp |= (u32) (data[i + 3]) << 24;
1360 b43_ram_write(dev, ram_offset + i - 2, tmp);
1361 }
1362 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1363 size + sizeof(struct b43_plcp_hdr6));
1364 }
1365
1366 /* Check if the use of the antenna that ieee80211 told us to
1367 * use is possible. This will fall back to DEFAULT.
1368 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1369 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1370 u8 antenna_nr)
1371 {
1372 u8 antenna_mask;
1373
1374 if (antenna_nr == 0) {
1375 /* Zero means "use default antenna". That's always OK. */
1376 return 0;
1377 }
1378
1379 /* Get the mask of available antennas. */
1380 if (dev->phy.gmode)
1381 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1382 else
1383 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1384
1385 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1386 /* This antenna is not available. Fall back to default. */
1387 return 0;
1388 }
1389
1390 return antenna_nr;
1391 }
1392
1393 /* Convert a b43 antenna number value to the PHY TX control value. */
1394 static u16 b43_antenna_to_phyctl(int antenna)
1395 {
1396 switch (antenna) {
1397 case B43_ANTENNA0:
1398 return B43_TXH_PHY_ANT0;
1399 case B43_ANTENNA1:
1400 return B43_TXH_PHY_ANT1;
1401 case B43_ANTENNA2:
1402 return B43_TXH_PHY_ANT2;
1403 case B43_ANTENNA3:
1404 return B43_TXH_PHY_ANT3;
1405 case B43_ANTENNA_AUTO0:
1406 case B43_ANTENNA_AUTO1:
1407 return B43_TXH_PHY_ANT01AUTO;
1408 }
1409 B43_WARN_ON(1);
1410 return 0;
1411 }
1412
1413 static void b43_write_beacon_template(struct b43_wldev *dev,
1414 u16 ram_offset,
1415 u16 shm_size_offset)
1416 {
1417 unsigned int i, len, variable_len;
1418 const struct ieee80211_mgmt *bcn;
1419 const u8 *ie;
1420 bool tim_found = 0;
1421 unsigned int rate;
1422 u16 ctl;
1423 int antenna;
1424 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1425
1426 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1427 len = min((size_t) dev->wl->current_beacon->len,
1428 0x200 - sizeof(struct b43_plcp_hdr6));
1429 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1430
1431 b43_write_template_common(dev, (const u8 *)bcn,
1432 len, ram_offset, shm_size_offset, rate);
1433
1434 /* Write the PHY TX control parameters. */
1435 antenna = B43_ANTENNA_DEFAULT;
1436 antenna = b43_antenna_to_phyctl(antenna);
1437 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1438 /* We can't send beacons with short preamble. Would get PHY errors. */
1439 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1440 ctl &= ~B43_TXH_PHY_ANT;
1441 ctl &= ~B43_TXH_PHY_ENC;
1442 ctl |= antenna;
1443 if (b43_is_cck_rate(rate))
1444 ctl |= B43_TXH_PHY_ENC_CCK;
1445 else
1446 ctl |= B43_TXH_PHY_ENC_OFDM;
1447 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1448
1449 /* Find the position of the TIM and the DTIM_period value
1450 * and write them to SHM. */
1451 ie = bcn->u.beacon.variable;
1452 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1453 for (i = 0; i < variable_len - 2; ) {
1454 uint8_t ie_id, ie_len;
1455
1456 ie_id = ie[i];
1457 ie_len = ie[i + 1];
1458 if (ie_id == 5) {
1459 u16 tim_position;
1460 u16 dtim_period;
1461 /* This is the TIM Information Element */
1462
1463 /* Check whether the ie_len is in the beacon data range. */
1464 if (variable_len < ie_len + 2 + i)
1465 break;
1466 /* A valid TIM is at least 4 bytes long. */
1467 if (ie_len < 4)
1468 break;
1469 tim_found = 1;
1470
1471 tim_position = sizeof(struct b43_plcp_hdr6);
1472 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1473 tim_position += i;
1474
1475 dtim_period = ie[i + 3];
1476
1477 b43_shm_write16(dev, B43_SHM_SHARED,
1478 B43_SHM_SH_TIMBPOS, tim_position);
1479 b43_shm_write16(dev, B43_SHM_SHARED,
1480 B43_SHM_SH_DTIMPER, dtim_period);
1481 break;
1482 }
1483 i += ie_len + 2;
1484 }
1485 if (!tim_found) {
1486 /*
1487 * If ucode wants to modify TIM do it behind the beacon, this
1488 * will happen, for example, when doing mesh networking.
1489 */
1490 b43_shm_write16(dev, B43_SHM_SHARED,
1491 B43_SHM_SH_TIMBPOS,
1492 len + sizeof(struct b43_plcp_hdr6));
1493 b43_shm_write16(dev, B43_SHM_SHARED,
1494 B43_SHM_SH_DTIMPER, 0);
1495 }
1496 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1497 }
1498
1499 static void b43_upload_beacon0(struct b43_wldev *dev)
1500 {
1501 struct b43_wl *wl = dev->wl;
1502
1503 if (wl->beacon0_uploaded)
1504 return;
1505 b43_write_beacon_template(dev, 0x68, 0x18);
1506 wl->beacon0_uploaded = 1;
1507 }
1508
1509 static void b43_upload_beacon1(struct b43_wldev *dev)
1510 {
1511 struct b43_wl *wl = dev->wl;
1512
1513 if (wl->beacon1_uploaded)
1514 return;
1515 b43_write_beacon_template(dev, 0x468, 0x1A);
1516 wl->beacon1_uploaded = 1;
1517 }
1518
1519 static void handle_irq_beacon(struct b43_wldev *dev)
1520 {
1521 struct b43_wl *wl = dev->wl;
1522 u32 cmd, beacon0_valid, beacon1_valid;
1523
1524 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1525 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1526 return;
1527
1528 /* This is the bottom half of the asynchronous beacon update. */
1529
1530 /* Ignore interrupt in the future. */
1531 dev->irq_mask &= ~B43_IRQ_BEACON;
1532
1533 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1534 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1535 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1536
1537 /* Schedule interrupt manually, if busy. */
1538 if (beacon0_valid && beacon1_valid) {
1539 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1540 dev->irq_mask |= B43_IRQ_BEACON;
1541 return;
1542 }
1543
1544 if (unlikely(wl->beacon_templates_virgin)) {
1545 /* We never uploaded a beacon before.
1546 * Upload both templates now, but only mark one valid. */
1547 wl->beacon_templates_virgin = 0;
1548 b43_upload_beacon0(dev);
1549 b43_upload_beacon1(dev);
1550 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1551 cmd |= B43_MACCMD_BEACON0_VALID;
1552 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1553 } else {
1554 if (!beacon0_valid) {
1555 b43_upload_beacon0(dev);
1556 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1557 cmd |= B43_MACCMD_BEACON0_VALID;
1558 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1559 } else if (!beacon1_valid) {
1560 b43_upload_beacon1(dev);
1561 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1562 cmd |= B43_MACCMD_BEACON1_VALID;
1563 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1564 }
1565 }
1566 }
1567
1568 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1569 {
1570 u32 old_irq_mask = dev->irq_mask;
1571
1572 /* update beacon right away or defer to irq */
1573 handle_irq_beacon(dev);
1574 if (old_irq_mask != dev->irq_mask) {
1575 /* The handler updated the IRQ mask. */
1576 B43_WARN_ON(!dev->irq_mask);
1577 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1578 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1579 } else {
1580 /* Device interrupts are currently disabled. That means
1581 * we just ran the hardirq handler and scheduled the
1582 * IRQ thread. The thread will write the IRQ mask when
1583 * it finished, so there's nothing to do here. Writing
1584 * the mask _here_ would incorrectly re-enable IRQs. */
1585 }
1586 }
1587 }
1588
1589 static void b43_beacon_update_trigger_work(struct work_struct *work)
1590 {
1591 struct b43_wl *wl = container_of(work, struct b43_wl,
1592 beacon_update_trigger);
1593 struct b43_wldev *dev;
1594
1595 mutex_lock(&wl->mutex);
1596 dev = wl->current_dev;
1597 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1598 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
1599 /* wl->mutex is enough. */
1600 b43_do_beacon_update_trigger_work(dev);
1601 mmiowb();
1602 } else {
1603 spin_lock_irq(&wl->hardirq_lock);
1604 b43_do_beacon_update_trigger_work(dev);
1605 mmiowb();
1606 spin_unlock_irq(&wl->hardirq_lock);
1607 }
1608 }
1609 mutex_unlock(&wl->mutex);
1610 }
1611
1612 /* Asynchronously update the packet templates in template RAM.
1613 * Locking: Requires wl->mutex to be locked. */
1614 static void b43_update_templates(struct b43_wl *wl)
1615 {
1616 struct sk_buff *beacon;
1617
1618 /* This is the top half of the ansynchronous beacon update.
1619 * The bottom half is the beacon IRQ.
1620 * Beacon update must be asynchronous to avoid sending an
1621 * invalid beacon. This can happen for example, if the firmware
1622 * transmits a beacon while we are updating it. */
1623
1624 /* We could modify the existing beacon and set the aid bit in
1625 * the TIM field, but that would probably require resizing and
1626 * moving of data within the beacon template.
1627 * Simply request a new beacon and let mac80211 do the hard work. */
1628 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1629 if (unlikely(!beacon))
1630 return;
1631
1632 if (wl->current_beacon)
1633 dev_kfree_skb_any(wl->current_beacon);
1634 wl->current_beacon = beacon;
1635 wl->beacon0_uploaded = 0;
1636 wl->beacon1_uploaded = 0;
1637 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1638 }
1639
1640 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1641 {
1642 b43_time_lock(dev);
1643 if (dev->dev->id.revision >= 3) {
1644 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1645 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1646 } else {
1647 b43_write16(dev, 0x606, (beacon_int >> 6));
1648 b43_write16(dev, 0x610, beacon_int);
1649 }
1650 b43_time_unlock(dev);
1651 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1652 }
1653
1654 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1655 {
1656 u16 reason;
1657
1658 /* Read the register that contains the reason code for the panic. */
1659 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1660 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1661
1662 switch (reason) {
1663 default:
1664 b43dbg(dev->wl, "The panic reason is unknown.\n");
1665 /* fallthrough */
1666 case B43_FWPANIC_DIE:
1667 /* Do not restart the controller or firmware.
1668 * The device is nonfunctional from now on.
1669 * Restarting would result in this panic to trigger again,
1670 * so we avoid that recursion. */
1671 break;
1672 case B43_FWPANIC_RESTART:
1673 b43_controller_restart(dev, "Microcode panic");
1674 break;
1675 }
1676 }
1677
1678 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1679 {
1680 unsigned int i, cnt;
1681 u16 reason, marker_id, marker_line;
1682 __le16 *buf;
1683
1684 /* The proprietary firmware doesn't have this IRQ. */
1685 if (!dev->fw.opensource)
1686 return;
1687
1688 /* Read the register that contains the reason code for this IRQ. */
1689 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1690
1691 switch (reason) {
1692 case B43_DEBUGIRQ_PANIC:
1693 b43_handle_firmware_panic(dev);
1694 break;
1695 case B43_DEBUGIRQ_DUMP_SHM:
1696 if (!B43_DEBUG)
1697 break; /* Only with driver debugging enabled. */
1698 buf = kmalloc(4096, GFP_ATOMIC);
1699 if (!buf) {
1700 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1701 goto out;
1702 }
1703 for (i = 0; i < 4096; i += 2) {
1704 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1705 buf[i / 2] = cpu_to_le16(tmp);
1706 }
1707 b43info(dev->wl, "Shared memory dump:\n");
1708 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1709 16, 2, buf, 4096, 1);
1710 kfree(buf);
1711 break;
1712 case B43_DEBUGIRQ_DUMP_REGS:
1713 if (!B43_DEBUG)
1714 break; /* Only with driver debugging enabled. */
1715 b43info(dev->wl, "Microcode register dump:\n");
1716 for (i = 0, cnt = 0; i < 64; i++) {
1717 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1718 if (cnt == 0)
1719 printk(KERN_INFO);
1720 printk("r%02u: 0x%04X ", i, tmp);
1721 cnt++;
1722 if (cnt == 6) {
1723 printk("\n");
1724 cnt = 0;
1725 }
1726 }
1727 printk("\n");
1728 break;
1729 case B43_DEBUGIRQ_MARKER:
1730 if (!B43_DEBUG)
1731 break; /* Only with driver debugging enabled. */
1732 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1733 B43_MARKER_ID_REG);
1734 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1735 B43_MARKER_LINE_REG);
1736 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1737 "at line number %u\n",
1738 marker_id, marker_line);
1739 break;
1740 default:
1741 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1742 reason);
1743 }
1744 out:
1745 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1746 b43_shm_write16(dev, B43_SHM_SCRATCH,
1747 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1748 }
1749
1750 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1751 {
1752 u32 reason;
1753 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1754 u32 merged_dma_reason = 0;
1755 int i;
1756
1757 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1758 return;
1759
1760 reason = dev->irq_reason;
1761 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1762 dma_reason[i] = dev->dma_reason[i];
1763 merged_dma_reason |= dma_reason[i];
1764 }
1765
1766 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1767 b43err(dev->wl, "MAC transmission error\n");
1768
1769 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1770 b43err(dev->wl, "PHY transmission error\n");
1771 rmb();
1772 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1773 atomic_set(&dev->phy.txerr_cnt,
1774 B43_PHY_TX_BADNESS_LIMIT);
1775 b43err(dev->wl, "Too many PHY TX errors, "
1776 "restarting the controller\n");
1777 b43_controller_restart(dev, "PHY TX errors");
1778 }
1779 }
1780
1781 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1782 B43_DMAIRQ_NONFATALMASK))) {
1783 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1784 b43err(dev->wl, "Fatal DMA error: "
1785 "0x%08X, 0x%08X, 0x%08X, "
1786 "0x%08X, 0x%08X, 0x%08X\n",
1787 dma_reason[0], dma_reason[1],
1788 dma_reason[2], dma_reason[3],
1789 dma_reason[4], dma_reason[5]);
1790 b43err(dev->wl, "This device does not support DMA "
1791 "on your system. Please use PIO instead.\n");
1792 b43err(dev->wl, "Unload the b43 module and reload "
1793 "with 'pio=1'\n");
1794 return;
1795 }
1796 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1797 b43err(dev->wl, "DMA error: "
1798 "0x%08X, 0x%08X, 0x%08X, "
1799 "0x%08X, 0x%08X, 0x%08X\n",
1800 dma_reason[0], dma_reason[1],
1801 dma_reason[2], dma_reason[3],
1802 dma_reason[4], dma_reason[5]);
1803 }
1804 }
1805
1806 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1807 handle_irq_ucode_debug(dev);
1808 if (reason & B43_IRQ_TBTT_INDI)
1809 handle_irq_tbtt_indication(dev);
1810 if (reason & B43_IRQ_ATIM_END)
1811 handle_irq_atim_end(dev);
1812 if (reason & B43_IRQ_BEACON)
1813 handle_irq_beacon(dev);
1814 if (reason & B43_IRQ_PMQ)
1815 handle_irq_pmq(dev);
1816 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1817 ;/* TODO */
1818 if (reason & B43_IRQ_NOISESAMPLE_OK)
1819 handle_irq_noise(dev);
1820
1821 /* Check the DMA reason registers for received data. */
1822 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1823 if (b43_using_pio_transfers(dev))
1824 b43_pio_rx(dev->pio.rx_queue);
1825 else
1826 b43_dma_rx(dev->dma.rx_ring);
1827 }
1828 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1829 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1830 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1831 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1832 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1833
1834 if (reason & B43_IRQ_TX_OK)
1835 handle_irq_transmit_status(dev);
1836
1837 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1838 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1839
1840 #if B43_DEBUG
1841 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1842 dev->irq_count++;
1843 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1844 if (reason & (1 << i))
1845 dev->irq_bit_count[i]++;
1846 }
1847 }
1848 #endif
1849 }
1850
1851 /* Interrupt thread handler. Handles device interrupts in thread context. */
1852 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1853 {
1854 struct b43_wldev *dev = dev_id;
1855
1856 mutex_lock(&dev->wl->mutex);
1857 b43_do_interrupt_thread(dev);
1858 mmiowb();
1859 mutex_unlock(&dev->wl->mutex);
1860
1861 return IRQ_HANDLED;
1862 }
1863
1864 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1865 {
1866 u32 reason;
1867
1868 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1869 * On SDIO, this runs under wl->mutex. */
1870
1871 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1872 if (reason == 0xffffffff) /* shared IRQ */
1873 return IRQ_NONE;
1874 reason &= dev->irq_mask;
1875 if (!reason)
1876 return IRQ_HANDLED;
1877
1878 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1879 & 0x0001DC00;
1880 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1881 & 0x0000DC00;
1882 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1883 & 0x0000DC00;
1884 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1885 & 0x0001DC00;
1886 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1887 & 0x0000DC00;
1888 /* Unused ring
1889 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1890 & 0x0000DC00;
1891 */
1892
1893 /* ACK the interrupt. */
1894 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1895 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1896 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1897 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1898 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1899 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1900 /* Unused ring
1901 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1902 */
1903
1904 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1905 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1906 /* Save the reason bitmasks for the IRQ thread handler. */
1907 dev->irq_reason = reason;
1908
1909 return IRQ_WAKE_THREAD;
1910 }
1911
1912 /* Interrupt handler top-half. This runs with interrupts disabled. */
1913 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1914 {
1915 struct b43_wldev *dev = dev_id;
1916 irqreturn_t ret;
1917
1918 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1919 return IRQ_NONE;
1920
1921 spin_lock(&dev->wl->hardirq_lock);
1922 ret = b43_do_interrupt(dev);
1923 mmiowb();
1924 spin_unlock(&dev->wl->hardirq_lock);
1925
1926 return ret;
1927 }
1928
1929 /* SDIO interrupt handler. This runs in process context. */
1930 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
1931 {
1932 struct b43_wl *wl = dev->wl;
1933 irqreturn_t ret;
1934
1935 mutex_lock(&wl->mutex);
1936
1937 ret = b43_do_interrupt(dev);
1938 if (ret == IRQ_WAKE_THREAD)
1939 b43_do_interrupt_thread(dev);
1940
1941 mutex_unlock(&wl->mutex);
1942 }
1943
1944 void b43_do_release_fw(struct b43_firmware_file *fw)
1945 {
1946 release_firmware(fw->data);
1947 fw->data = NULL;
1948 fw->filename = NULL;
1949 }
1950
1951 static void b43_release_firmware(struct b43_wldev *dev)
1952 {
1953 b43_do_release_fw(&dev->fw.ucode);
1954 b43_do_release_fw(&dev->fw.pcm);
1955 b43_do_release_fw(&dev->fw.initvals);
1956 b43_do_release_fw(&dev->fw.initvals_band);
1957 }
1958
1959 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1960 {
1961 const char text[] =
1962 "You must go to " \
1963 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1964 "and download the correct firmware for this driver version. " \
1965 "Please carefully read all instructions on this website.\n";
1966
1967 if (error)
1968 b43err(wl, text);
1969 else
1970 b43warn(wl, text);
1971 }
1972
1973 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1974 const char *name,
1975 struct b43_firmware_file *fw)
1976 {
1977 const struct firmware *blob;
1978 struct b43_fw_header *hdr;
1979 u32 size;
1980 int err;
1981
1982 if (!name) {
1983 /* Don't fetch anything. Free possibly cached firmware. */
1984 /* FIXME: We should probably keep it anyway, to save some headache
1985 * on suspend/resume with multiband devices. */
1986 b43_do_release_fw(fw);
1987 return 0;
1988 }
1989 if (fw->filename) {
1990 if ((fw->type == ctx->req_type) &&
1991 (strcmp(fw->filename, name) == 0))
1992 return 0; /* Already have this fw. */
1993 /* Free the cached firmware first. */
1994 /* FIXME: We should probably do this later after we successfully
1995 * got the new fw. This could reduce headache with multiband devices.
1996 * We could also redesign this to cache the firmware for all possible
1997 * bands all the time. */
1998 b43_do_release_fw(fw);
1999 }
2000
2001 switch (ctx->req_type) {
2002 case B43_FWTYPE_PROPRIETARY:
2003 snprintf(ctx->fwname, sizeof(ctx->fwname),
2004 "b43%s/%s.fw",
2005 modparam_fwpostfix, name);
2006 break;
2007 case B43_FWTYPE_OPENSOURCE:
2008 snprintf(ctx->fwname, sizeof(ctx->fwname),
2009 "b43-open%s/%s.fw",
2010 modparam_fwpostfix, name);
2011 break;
2012 default:
2013 B43_WARN_ON(1);
2014 return -ENOSYS;
2015 }
2016 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2017 if (err == -ENOENT) {
2018 snprintf(ctx->errors[ctx->req_type],
2019 sizeof(ctx->errors[ctx->req_type]),
2020 "Firmware file \"%s\" not found\n", ctx->fwname);
2021 return err;
2022 } else if (err) {
2023 snprintf(ctx->errors[ctx->req_type],
2024 sizeof(ctx->errors[ctx->req_type]),
2025 "Firmware file \"%s\" request failed (err=%d)\n",
2026 ctx->fwname, err);
2027 return err;
2028 }
2029 if (blob->size < sizeof(struct b43_fw_header))
2030 goto err_format;
2031 hdr = (struct b43_fw_header *)(blob->data);
2032 switch (hdr->type) {
2033 case B43_FW_TYPE_UCODE:
2034 case B43_FW_TYPE_PCM:
2035 size = be32_to_cpu(hdr->size);
2036 if (size != blob->size - sizeof(struct b43_fw_header))
2037 goto err_format;
2038 /* fallthrough */
2039 case B43_FW_TYPE_IV:
2040 if (hdr->ver != 1)
2041 goto err_format;
2042 break;
2043 default:
2044 goto err_format;
2045 }
2046
2047 fw->data = blob;
2048 fw->filename = name;
2049 fw->type = ctx->req_type;
2050
2051 return 0;
2052
2053 err_format:
2054 snprintf(ctx->errors[ctx->req_type],
2055 sizeof(ctx->errors[ctx->req_type]),
2056 "Firmware file \"%s\" format error.\n", ctx->fwname);
2057 release_firmware(blob);
2058
2059 return -EPROTO;
2060 }
2061
2062 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2063 {
2064 struct b43_wldev *dev = ctx->dev;
2065 struct b43_firmware *fw = &ctx->dev->fw;
2066 const u8 rev = ctx->dev->dev->id.revision;
2067 const char *filename;
2068 u32 tmshigh;
2069 int err;
2070
2071 /* Get microcode */
2072 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2073 if ((rev >= 5) && (rev <= 10))
2074 filename = "ucode5";
2075 else if ((rev >= 11) && (rev <= 12))
2076 filename = "ucode11";
2077 else if (rev == 13)
2078 filename = "ucode13";
2079 else if (rev == 14)
2080 filename = "ucode14";
2081 else if (rev >= 15)
2082 filename = "ucode15";
2083 else
2084 goto err_no_ucode;
2085 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2086 if (err)
2087 goto err_load;
2088
2089 /* Get PCM code */
2090 if ((rev >= 5) && (rev <= 10))
2091 filename = "pcm5";
2092 else if (rev >= 11)
2093 filename = NULL;
2094 else
2095 goto err_no_pcm;
2096 fw->pcm_request_failed = 0;
2097 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2098 if (err == -ENOENT) {
2099 /* We did not find a PCM file? Not fatal, but
2100 * core rev <= 10 must do without hwcrypto then. */
2101 fw->pcm_request_failed = 1;
2102 } else if (err)
2103 goto err_load;
2104
2105 /* Get initvals */
2106 switch (dev->phy.type) {
2107 case B43_PHYTYPE_A:
2108 if ((rev >= 5) && (rev <= 10)) {
2109 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2110 filename = "a0g1initvals5";
2111 else
2112 filename = "a0g0initvals5";
2113 } else
2114 goto err_no_initvals;
2115 break;
2116 case B43_PHYTYPE_G:
2117 if ((rev >= 5) && (rev <= 10))
2118 filename = "b0g0initvals5";
2119 else if (rev >= 13)
2120 filename = "b0g0initvals13";
2121 else
2122 goto err_no_initvals;
2123 break;
2124 case B43_PHYTYPE_N:
2125 if ((rev >= 11) && (rev <= 12))
2126 filename = "n0initvals11";
2127 else
2128 goto err_no_initvals;
2129 break;
2130 case B43_PHYTYPE_LP:
2131 if (rev == 13)
2132 filename = "lp0initvals13";
2133 else if (rev == 14)
2134 filename = "lp0initvals14";
2135 else if (rev >= 15)
2136 filename = "lp0initvals15";
2137 else
2138 goto err_no_initvals;
2139 break;
2140 default:
2141 goto err_no_initvals;
2142 }
2143 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2144 if (err)
2145 goto err_load;
2146
2147 /* Get bandswitch initvals */
2148 switch (dev->phy.type) {
2149 case B43_PHYTYPE_A:
2150 if ((rev >= 5) && (rev <= 10)) {
2151 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2152 filename = "a0g1bsinitvals5";
2153 else
2154 filename = "a0g0bsinitvals5";
2155 } else if (rev >= 11)
2156 filename = NULL;
2157 else
2158 goto err_no_initvals;
2159 break;
2160 case B43_PHYTYPE_G:
2161 if ((rev >= 5) && (rev <= 10))
2162 filename = "b0g0bsinitvals5";
2163 else if (rev >= 11)
2164 filename = NULL;
2165 else
2166 goto err_no_initvals;
2167 break;
2168 case B43_PHYTYPE_N:
2169 if ((rev >= 11) && (rev <= 12))
2170 filename = "n0bsinitvals11";
2171 else
2172 goto err_no_initvals;
2173 break;
2174 case B43_PHYTYPE_LP:
2175 if (rev == 13)
2176 filename = "lp0bsinitvals13";
2177 else if (rev == 14)
2178 filename = "lp0bsinitvals14";
2179 else if (rev >= 15)
2180 filename = "lp0bsinitvals15";
2181 else
2182 goto err_no_initvals;
2183 break;
2184 default:
2185 goto err_no_initvals;
2186 }
2187 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2188 if (err)
2189 goto err_load;
2190
2191 return 0;
2192
2193 err_no_ucode:
2194 err = ctx->fatal_failure = -EOPNOTSUPP;
2195 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2196 "is required for your device (wl-core rev %u)\n", rev);
2197 goto error;
2198
2199 err_no_pcm:
2200 err = ctx->fatal_failure = -EOPNOTSUPP;
2201 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2202 "is required for your device (wl-core rev %u)\n", rev);
2203 goto error;
2204
2205 err_no_initvals:
2206 err = ctx->fatal_failure = -EOPNOTSUPP;
2207 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2208 "is required for your device (wl-core rev %u)\n", rev);
2209 goto error;
2210
2211 err_load:
2212 /* We failed to load this firmware image. The error message
2213 * already is in ctx->errors. Return and let our caller decide
2214 * what to do. */
2215 goto error;
2216
2217 error:
2218 b43_release_firmware(dev);
2219 return err;
2220 }
2221
2222 static int b43_request_firmware(struct b43_wldev *dev)
2223 {
2224 struct b43_request_fw_context *ctx;
2225 unsigned int i;
2226 int err;
2227 const char *errmsg;
2228
2229 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2230 if (!ctx)
2231 return -ENOMEM;
2232 ctx->dev = dev;
2233
2234 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2235 err = b43_try_request_fw(ctx);
2236 if (!err)
2237 goto out; /* Successfully loaded it. */
2238 err = ctx->fatal_failure;
2239 if (err)
2240 goto out;
2241
2242 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2243 err = b43_try_request_fw(ctx);
2244 if (!err)
2245 goto out; /* Successfully loaded it. */
2246 err = ctx->fatal_failure;
2247 if (err)
2248 goto out;
2249
2250 /* Could not find a usable firmware. Print the errors. */
2251 for (i = 0; i < B43_NR_FWTYPES; i++) {
2252 errmsg = ctx->errors[i];
2253 if (strlen(errmsg))
2254 b43err(dev->wl, errmsg);
2255 }
2256 b43_print_fw_helptext(dev->wl, 1);
2257 err = -ENOENT;
2258
2259 out:
2260 kfree(ctx);
2261 return err;
2262 }
2263
2264 static int b43_upload_microcode(struct b43_wldev *dev)
2265 {
2266 const size_t hdr_len = sizeof(struct b43_fw_header);
2267 const __be32 *data;
2268 unsigned int i, len;
2269 u16 fwrev, fwpatch, fwdate, fwtime;
2270 u32 tmp, macctl;
2271 int err = 0;
2272
2273 /* Jump the microcode PSM to offset 0 */
2274 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2275 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2276 macctl |= B43_MACCTL_PSM_JMP0;
2277 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2278 /* Zero out all microcode PSM registers and shared memory. */
2279 for (i = 0; i < 64; i++)
2280 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2281 for (i = 0; i < 4096; i += 2)
2282 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2283
2284 /* Upload Microcode. */
2285 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2286 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2287 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2288 for (i = 0; i < len; i++) {
2289 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2290 udelay(10);
2291 }
2292
2293 if (dev->fw.pcm.data) {
2294 /* Upload PCM data. */
2295 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2296 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2297 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2298 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2299 /* No need for autoinc bit in SHM_HW */
2300 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2301 for (i = 0; i < len; i++) {
2302 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2303 udelay(10);
2304 }
2305 }
2306
2307 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2308
2309 /* Start the microcode PSM */
2310 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2311 macctl &= ~B43_MACCTL_PSM_JMP0;
2312 macctl |= B43_MACCTL_PSM_RUN;
2313 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2314
2315 /* Wait for the microcode to load and respond */
2316 i = 0;
2317 while (1) {
2318 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2319 if (tmp == B43_IRQ_MAC_SUSPENDED)
2320 break;
2321 i++;
2322 if (i >= 20) {
2323 b43err(dev->wl, "Microcode not responding\n");
2324 b43_print_fw_helptext(dev->wl, 1);
2325 err = -ENODEV;
2326 goto error;
2327 }
2328 msleep(50);
2329 }
2330 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2331
2332 /* Get and check the revisions. */
2333 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2334 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2335 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2336 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2337
2338 if (fwrev <= 0x128) {
2339 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2340 "binary drivers older than version 4.x is unsupported. "
2341 "You must upgrade your firmware files.\n");
2342 b43_print_fw_helptext(dev->wl, 1);
2343 err = -EOPNOTSUPP;
2344 goto error;
2345 }
2346 dev->fw.rev = fwrev;
2347 dev->fw.patch = fwpatch;
2348 dev->fw.opensource = (fwdate == 0xFFFF);
2349
2350 /* Default to use-all-queues. */
2351 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2352 dev->qos_enabled = !!modparam_qos;
2353 /* Default to firmware/hardware crypto acceleration. */
2354 dev->hwcrypto_enabled = 1;
2355
2356 if (dev->fw.opensource) {
2357 u16 fwcapa;
2358
2359 /* Patchlevel info is encoded in the "time" field. */
2360 dev->fw.patch = fwtime;
2361 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2362 dev->fw.rev, dev->fw.patch);
2363
2364 fwcapa = b43_fwcapa_read(dev);
2365 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2366 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2367 /* Disable hardware crypto and fall back to software crypto. */
2368 dev->hwcrypto_enabled = 0;
2369 }
2370 if (!(fwcapa & B43_FWCAPA_QOS)) {
2371 b43info(dev->wl, "QoS not supported by firmware\n");
2372 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2373 * ieee80211_unregister to make sure the networking core can
2374 * properly free possible resources. */
2375 dev->wl->hw->queues = 1;
2376 dev->qos_enabled = 0;
2377 }
2378 } else {
2379 b43info(dev->wl, "Loading firmware version %u.%u "
2380 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2381 fwrev, fwpatch,
2382 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2383 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2384 if (dev->fw.pcm_request_failed) {
2385 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2386 "Hardware accelerated cryptography is disabled.\n");
2387 b43_print_fw_helptext(dev->wl, 0);
2388 }
2389 }
2390
2391 if (b43_is_old_txhdr_format(dev)) {
2392 /* We're over the deadline, but we keep support for old fw
2393 * until it turns out to be in major conflict with something new. */
2394 b43warn(dev->wl, "You are using an old firmware image. "
2395 "Support for old firmware will be removed soon "
2396 "(official deadline was July 2008).\n");
2397 b43_print_fw_helptext(dev->wl, 0);
2398 }
2399
2400 return 0;
2401
2402 error:
2403 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2404 macctl &= ~B43_MACCTL_PSM_RUN;
2405 macctl |= B43_MACCTL_PSM_JMP0;
2406 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2407
2408 return err;
2409 }
2410
2411 static int b43_write_initvals(struct b43_wldev *dev,
2412 const struct b43_iv *ivals,
2413 size_t count,
2414 size_t array_size)
2415 {
2416 const struct b43_iv *iv;
2417 u16 offset;
2418 size_t i;
2419 bool bit32;
2420
2421 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2422 iv = ivals;
2423 for (i = 0; i < count; i++) {
2424 if (array_size < sizeof(iv->offset_size))
2425 goto err_format;
2426 array_size -= sizeof(iv->offset_size);
2427 offset = be16_to_cpu(iv->offset_size);
2428 bit32 = !!(offset & B43_IV_32BIT);
2429 offset &= B43_IV_OFFSET_MASK;
2430 if (offset >= 0x1000)
2431 goto err_format;
2432 if (bit32) {
2433 u32 value;
2434
2435 if (array_size < sizeof(iv->data.d32))
2436 goto err_format;
2437 array_size -= sizeof(iv->data.d32);
2438
2439 value = get_unaligned_be32(&iv->data.d32);
2440 b43_write32(dev, offset, value);
2441
2442 iv = (const struct b43_iv *)((const uint8_t *)iv +
2443 sizeof(__be16) +
2444 sizeof(__be32));
2445 } else {
2446 u16 value;
2447
2448 if (array_size < sizeof(iv->data.d16))
2449 goto err_format;
2450 array_size -= sizeof(iv->data.d16);
2451
2452 value = be16_to_cpu(iv->data.d16);
2453 b43_write16(dev, offset, value);
2454
2455 iv = (const struct b43_iv *)((const uint8_t *)iv +
2456 sizeof(__be16) +
2457 sizeof(__be16));
2458 }
2459 }
2460 if (array_size)
2461 goto err_format;
2462
2463 return 0;
2464
2465 err_format:
2466 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2467 b43_print_fw_helptext(dev->wl, 1);
2468
2469 return -EPROTO;
2470 }
2471
2472 static int b43_upload_initvals(struct b43_wldev *dev)
2473 {
2474 const size_t hdr_len = sizeof(struct b43_fw_header);
2475 const struct b43_fw_header *hdr;
2476 struct b43_firmware *fw = &dev->fw;
2477 const struct b43_iv *ivals;
2478 size_t count;
2479 int err;
2480
2481 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2482 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2483 count = be32_to_cpu(hdr->size);
2484 err = b43_write_initvals(dev, ivals, count,
2485 fw->initvals.data->size - hdr_len);
2486 if (err)
2487 goto out;
2488 if (fw->initvals_band.data) {
2489 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2490 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2491 count = be32_to_cpu(hdr->size);
2492 err = b43_write_initvals(dev, ivals, count,
2493 fw->initvals_band.data->size - hdr_len);
2494 if (err)
2495 goto out;
2496 }
2497 out:
2498
2499 return err;
2500 }
2501
2502 /* Initialize the GPIOs
2503 * http://bcm-specs.sipsolutions.net/GPIO
2504 */
2505 static int b43_gpio_init(struct b43_wldev *dev)
2506 {
2507 struct ssb_bus *bus = dev->dev->bus;
2508 struct ssb_device *gpiodev, *pcidev = NULL;
2509 u32 mask, set;
2510
2511 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2512 & ~B43_MACCTL_GPOUTSMSK);
2513
2514 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2515 | 0x000F);
2516
2517 mask = 0x0000001F;
2518 set = 0x0000000F;
2519 if (dev->dev->bus->chip_id == 0x4301) {
2520 mask |= 0x0060;
2521 set |= 0x0060;
2522 }
2523 if (0 /* FIXME: conditional unknown */ ) {
2524 b43_write16(dev, B43_MMIO_GPIO_MASK,
2525 b43_read16(dev, B43_MMIO_GPIO_MASK)
2526 | 0x0100);
2527 mask |= 0x0180;
2528 set |= 0x0180;
2529 }
2530 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2531 b43_write16(dev, B43_MMIO_GPIO_MASK,
2532 b43_read16(dev, B43_MMIO_GPIO_MASK)
2533 | 0x0200);
2534 mask |= 0x0200;
2535 set |= 0x0200;
2536 }
2537 if (dev->dev->id.revision >= 2)
2538 mask |= 0x0010; /* FIXME: This is redundant. */
2539
2540 #ifdef CONFIG_SSB_DRIVER_PCICORE
2541 pcidev = bus->pcicore.dev;
2542 #endif
2543 gpiodev = bus->chipco.dev ? : pcidev;
2544 if (!gpiodev)
2545 return 0;
2546 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2547 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2548 & mask) | set);
2549
2550 return 0;
2551 }
2552
2553 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2554 static void b43_gpio_cleanup(struct b43_wldev *dev)
2555 {
2556 struct ssb_bus *bus = dev->dev->bus;
2557 struct ssb_device *gpiodev, *pcidev = NULL;
2558
2559 #ifdef CONFIG_SSB_DRIVER_PCICORE
2560 pcidev = bus->pcicore.dev;
2561 #endif
2562 gpiodev = bus->chipco.dev ? : pcidev;
2563 if (!gpiodev)
2564 return;
2565 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2566 }
2567
2568 /* http://bcm-specs.sipsolutions.net/EnableMac */
2569 void b43_mac_enable(struct b43_wldev *dev)
2570 {
2571 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2572 u16 fwstate;
2573
2574 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2575 B43_SHM_SH_UCODESTAT);
2576 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2577 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2578 b43err(dev->wl, "b43_mac_enable(): The firmware "
2579 "should be suspended, but current state is %u\n",
2580 fwstate);
2581 }
2582 }
2583
2584 dev->mac_suspended--;
2585 B43_WARN_ON(dev->mac_suspended < 0);
2586 if (dev->mac_suspended == 0) {
2587 b43_write32(dev, B43_MMIO_MACCTL,
2588 b43_read32(dev, B43_MMIO_MACCTL)
2589 | B43_MACCTL_ENABLED);
2590 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2591 B43_IRQ_MAC_SUSPENDED);
2592 /* Commit writes */
2593 b43_read32(dev, B43_MMIO_MACCTL);
2594 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2595 b43_power_saving_ctl_bits(dev, 0);
2596 }
2597 }
2598
2599 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2600 void b43_mac_suspend(struct b43_wldev *dev)
2601 {
2602 int i;
2603 u32 tmp;
2604
2605 might_sleep();
2606 B43_WARN_ON(dev->mac_suspended < 0);
2607
2608 if (dev->mac_suspended == 0) {
2609 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2610 b43_write32(dev, B43_MMIO_MACCTL,
2611 b43_read32(dev, B43_MMIO_MACCTL)
2612 & ~B43_MACCTL_ENABLED);
2613 /* force pci to flush the write */
2614 b43_read32(dev, B43_MMIO_MACCTL);
2615 for (i = 35; i; i--) {
2616 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2617 if (tmp & B43_IRQ_MAC_SUSPENDED)
2618 goto out;
2619 udelay(10);
2620 }
2621 /* Hm, it seems this will take some time. Use msleep(). */
2622 for (i = 40; i; i--) {
2623 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2624 if (tmp & B43_IRQ_MAC_SUSPENDED)
2625 goto out;
2626 msleep(1);
2627 }
2628 b43err(dev->wl, "MAC suspend failed\n");
2629 }
2630 out:
2631 dev->mac_suspended++;
2632 }
2633
2634 static void b43_adjust_opmode(struct b43_wldev *dev)
2635 {
2636 struct b43_wl *wl = dev->wl;
2637 u32 ctl;
2638 u16 cfp_pretbtt;
2639
2640 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2641 /* Reset status to STA infrastructure mode. */
2642 ctl &= ~B43_MACCTL_AP;
2643 ctl &= ~B43_MACCTL_KEEP_CTL;
2644 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2645 ctl &= ~B43_MACCTL_KEEP_BAD;
2646 ctl &= ~B43_MACCTL_PROMISC;
2647 ctl &= ~B43_MACCTL_BEACPROMISC;
2648 ctl |= B43_MACCTL_INFRA;
2649
2650 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2651 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2652 ctl |= B43_MACCTL_AP;
2653 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2654 ctl &= ~B43_MACCTL_INFRA;
2655
2656 if (wl->filter_flags & FIF_CONTROL)
2657 ctl |= B43_MACCTL_KEEP_CTL;
2658 if (wl->filter_flags & FIF_FCSFAIL)
2659 ctl |= B43_MACCTL_KEEP_BAD;
2660 if (wl->filter_flags & FIF_PLCPFAIL)
2661 ctl |= B43_MACCTL_KEEP_BADPLCP;
2662 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2663 ctl |= B43_MACCTL_PROMISC;
2664 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2665 ctl |= B43_MACCTL_BEACPROMISC;
2666
2667 /* Workaround: On old hardware the HW-MAC-address-filter
2668 * doesn't work properly, so always run promisc in filter
2669 * it in software. */
2670 if (dev->dev->id.revision <= 4)
2671 ctl |= B43_MACCTL_PROMISC;
2672
2673 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2674
2675 cfp_pretbtt = 2;
2676 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2677 if (dev->dev->bus->chip_id == 0x4306 &&
2678 dev->dev->bus->chip_rev == 3)
2679 cfp_pretbtt = 100;
2680 else
2681 cfp_pretbtt = 50;
2682 }
2683 b43_write16(dev, 0x612, cfp_pretbtt);
2684
2685 /* FIXME: We don't currently implement the PMQ mechanism,
2686 * so always disable it. If we want to implement PMQ,
2687 * we need to enable it here (clear DISCPMQ) in AP mode.
2688 */
2689 if (0 /* ctl & B43_MACCTL_AP */) {
2690 b43_write32(dev, B43_MMIO_MACCTL,
2691 b43_read32(dev, B43_MMIO_MACCTL)
2692 & ~B43_MACCTL_DISCPMQ);
2693 } else {
2694 b43_write32(dev, B43_MMIO_MACCTL,
2695 b43_read32(dev, B43_MMIO_MACCTL)
2696 | B43_MACCTL_DISCPMQ);
2697 }
2698 }
2699
2700 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2701 {
2702 u16 offset;
2703
2704 if (is_ofdm) {
2705 offset = 0x480;
2706 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2707 } else {
2708 offset = 0x4C0;
2709 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2710 }
2711 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2712 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2713 }
2714
2715 static void b43_rate_memory_init(struct b43_wldev *dev)
2716 {
2717 switch (dev->phy.type) {
2718 case B43_PHYTYPE_A:
2719 case B43_PHYTYPE_G:
2720 case B43_PHYTYPE_N:
2721 case B43_PHYTYPE_LP:
2722 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2723 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2724 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2725 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2726 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2727 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2728 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2729 if (dev->phy.type == B43_PHYTYPE_A)
2730 break;
2731 /* fallthrough */
2732 case B43_PHYTYPE_B:
2733 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2734 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2735 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2736 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2737 break;
2738 default:
2739 B43_WARN_ON(1);
2740 }
2741 }
2742
2743 /* Set the default values for the PHY TX Control Words. */
2744 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2745 {
2746 u16 ctl = 0;
2747
2748 ctl |= B43_TXH_PHY_ENC_CCK;
2749 ctl |= B43_TXH_PHY_ANT01AUTO;
2750 ctl |= B43_TXH_PHY_TXPWR;
2751
2752 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2753 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2754 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2755 }
2756
2757 /* Set the TX-Antenna for management frames sent by firmware. */
2758 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2759 {
2760 u16 ant;
2761 u16 tmp;
2762
2763 ant = b43_antenna_to_phyctl(antenna);
2764
2765 /* For ACK/CTS */
2766 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2767 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2768 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2769 /* For Probe Resposes */
2770 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2771 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2772 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2773 }
2774
2775 /* This is the opposite of b43_chip_init() */
2776 static void b43_chip_exit(struct b43_wldev *dev)
2777 {
2778 b43_phy_exit(dev);
2779 b43_gpio_cleanup(dev);
2780 /* firmware is released later */
2781 }
2782
2783 /* Initialize the chip
2784 * http://bcm-specs.sipsolutions.net/ChipInit
2785 */
2786 static int b43_chip_init(struct b43_wldev *dev)
2787 {
2788 struct b43_phy *phy = &dev->phy;
2789 int err;
2790 u32 value32, macctl;
2791 u16 value16;
2792
2793 /* Initialize the MAC control */
2794 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2795 if (dev->phy.gmode)
2796 macctl |= B43_MACCTL_GMODE;
2797 macctl |= B43_MACCTL_INFRA;
2798 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2799
2800 err = b43_request_firmware(dev);
2801 if (err)
2802 goto out;
2803 err = b43_upload_microcode(dev);
2804 if (err)
2805 goto out; /* firmware is released later */
2806
2807 err = b43_gpio_init(dev);
2808 if (err)
2809 goto out; /* firmware is released later */
2810
2811 err = b43_upload_initvals(dev);
2812 if (err)
2813 goto err_gpio_clean;
2814
2815 /* Turn the Analog on and initialize the PHY. */
2816 phy->ops->switch_analog(dev, 1);
2817 err = b43_phy_init(dev);
2818 if (err)
2819 goto err_gpio_clean;
2820
2821 /* Disable Interference Mitigation. */
2822 if (phy->ops->interf_mitigation)
2823 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2824
2825 /* Select the antennae */
2826 if (phy->ops->set_rx_antenna)
2827 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2828 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2829
2830 if (phy->type == B43_PHYTYPE_B) {
2831 value16 = b43_read16(dev, 0x005E);
2832 value16 |= 0x0004;
2833 b43_write16(dev, 0x005E, value16);
2834 }
2835 b43_write32(dev, 0x0100, 0x01000000);
2836 if (dev->dev->id.revision < 5)
2837 b43_write32(dev, 0x010C, 0x01000000);
2838
2839 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2840 & ~B43_MACCTL_INFRA);
2841 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2842 | B43_MACCTL_INFRA);
2843
2844 /* Probe Response Timeout value */
2845 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2846 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2847
2848 /* Initially set the wireless operation mode. */
2849 b43_adjust_opmode(dev);
2850
2851 if (dev->dev->id.revision < 3) {
2852 b43_write16(dev, 0x060E, 0x0000);
2853 b43_write16(dev, 0x0610, 0x8000);
2854 b43_write16(dev, 0x0604, 0x0000);
2855 b43_write16(dev, 0x0606, 0x0200);
2856 } else {
2857 b43_write32(dev, 0x0188, 0x80000000);
2858 b43_write32(dev, 0x018C, 0x02000000);
2859 }
2860 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2861 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2862 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2863 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2864 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2865 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2866 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2867
2868 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2869 value32 |= 0x00100000;
2870 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2871
2872 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2873 dev->dev->bus->chipco.fast_pwrup_delay);
2874
2875 err = 0;
2876 b43dbg(dev->wl, "Chip initialized\n");
2877 out:
2878 return err;
2879
2880 err_gpio_clean:
2881 b43_gpio_cleanup(dev);
2882 return err;
2883 }
2884
2885 static void b43_periodic_every60sec(struct b43_wldev *dev)
2886 {
2887 const struct b43_phy_operations *ops = dev->phy.ops;
2888
2889 if (ops->pwork_60sec)
2890 ops->pwork_60sec(dev);
2891
2892 /* Force check the TX power emission now. */
2893 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2894 }
2895
2896 static void b43_periodic_every30sec(struct b43_wldev *dev)
2897 {
2898 /* Update device statistics. */
2899 b43_calculate_link_quality(dev);
2900 }
2901
2902 static void b43_periodic_every15sec(struct b43_wldev *dev)
2903 {
2904 struct b43_phy *phy = &dev->phy;
2905 u16 wdr;
2906
2907 if (dev->fw.opensource) {
2908 /* Check if the firmware is still alive.
2909 * It will reset the watchdog counter to 0 in its idle loop. */
2910 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2911 if (unlikely(wdr)) {
2912 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2913 b43_controller_restart(dev, "Firmware watchdog");
2914 return;
2915 } else {
2916 b43_shm_write16(dev, B43_SHM_SCRATCH,
2917 B43_WATCHDOG_REG, 1);
2918 }
2919 }
2920
2921 if (phy->ops->pwork_15sec)
2922 phy->ops->pwork_15sec(dev);
2923
2924 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2925 wmb();
2926
2927 #if B43_DEBUG
2928 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2929 unsigned int i;
2930
2931 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
2932 dev->irq_count / 15,
2933 dev->tx_count / 15,
2934 dev->rx_count / 15);
2935 dev->irq_count = 0;
2936 dev->tx_count = 0;
2937 dev->rx_count = 0;
2938 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2939 if (dev->irq_bit_count[i]) {
2940 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
2941 dev->irq_bit_count[i] / 15, i, (1 << i));
2942 dev->irq_bit_count[i] = 0;
2943 }
2944 }
2945 }
2946 #endif
2947 }
2948
2949 static void do_periodic_work(struct b43_wldev *dev)
2950 {
2951 unsigned int state;
2952
2953 state = dev->periodic_state;
2954 if (state % 4 == 0)
2955 b43_periodic_every60sec(dev);
2956 if (state % 2 == 0)
2957 b43_periodic_every30sec(dev);
2958 b43_periodic_every15sec(dev);
2959 }
2960
2961 /* Periodic work locking policy:
2962 * The whole periodic work handler is protected by
2963 * wl->mutex. If another lock is needed somewhere in the
2964 * pwork callchain, it's aquired in-place, where it's needed.
2965 */
2966 static void b43_periodic_work_handler(struct work_struct *work)
2967 {
2968 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2969 periodic_work.work);
2970 struct b43_wl *wl = dev->wl;
2971 unsigned long delay;
2972
2973 mutex_lock(&wl->mutex);
2974
2975 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2976 goto out;
2977 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2978 goto out_requeue;
2979
2980 do_periodic_work(dev);
2981
2982 dev->periodic_state++;
2983 out_requeue:
2984 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2985 delay = msecs_to_jiffies(50);
2986 else
2987 delay = round_jiffies_relative(HZ * 15);
2988 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2989 out:
2990 mutex_unlock(&wl->mutex);
2991 }
2992
2993 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2994 {
2995 struct delayed_work *work = &dev->periodic_work;
2996
2997 dev->periodic_state = 0;
2998 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2999 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3000 }
3001
3002 /* Check if communication with the device works correctly. */
3003 static int b43_validate_chipaccess(struct b43_wldev *dev)
3004 {
3005 u32 v, backup0, backup4;
3006
3007 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3008 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3009
3010 /* Check for read/write and endianness problems. */
3011 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3012 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3013 goto error;
3014 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3015 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3016 goto error;
3017
3018 /* Check if unaligned 32bit SHM_SHARED access works properly.
3019 * However, don't bail out on failure, because it's noncritical. */
3020 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3021 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3022 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3023 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3024 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3025 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3026 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3027 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3028 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3029 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3030 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3031 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3032
3033 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3034 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3035
3036 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
3037 /* The 32bit register shadows the two 16bit registers
3038 * with update sideeffects. Validate this. */
3039 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3040 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3041 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3042 goto error;
3043 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3044 goto error;
3045 }
3046 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3047
3048 v = b43_read32(dev, B43_MMIO_MACCTL);
3049 v |= B43_MACCTL_GMODE;
3050 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3051 goto error;
3052
3053 return 0;
3054 error:
3055 b43err(dev->wl, "Failed to validate the chipaccess\n");
3056 return -ENODEV;
3057 }
3058
3059 static void b43_security_init(struct b43_wldev *dev)
3060 {
3061 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3062 /* KTP is a word address, but we address SHM bytewise.
3063 * So multiply by two.
3064 */
3065 dev->ktp *= 2;
3066 /* Number of RCMTA address slots */
3067 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3068 /* Clear the key memory. */
3069 b43_clear_keys(dev);
3070 }
3071
3072 #ifdef CONFIG_B43_HWRNG
3073 static int b43_rng_read(struct hwrng *rng, u32 *data)
3074 {
3075 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3076 struct b43_wldev *dev;
3077 int count = -ENODEV;
3078
3079 mutex_lock(&wl->mutex);
3080 dev = wl->current_dev;
3081 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3082 *data = b43_read16(dev, B43_MMIO_RNG);
3083 count = sizeof(u16);
3084 }
3085 mutex_unlock(&wl->mutex);
3086
3087 return count;
3088 }
3089 #endif /* CONFIG_B43_HWRNG */
3090
3091 static void b43_rng_exit(struct b43_wl *wl)
3092 {
3093 #ifdef CONFIG_B43_HWRNG
3094 if (wl->rng_initialized)
3095 hwrng_unregister(&wl->rng);
3096 #endif /* CONFIG_B43_HWRNG */
3097 }
3098
3099 static int b43_rng_init(struct b43_wl *wl)
3100 {
3101 int err = 0;
3102
3103 #ifdef CONFIG_B43_HWRNG
3104 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3105 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3106 wl->rng.name = wl->rng_name;
3107 wl->rng.data_read = b43_rng_read;
3108 wl->rng.priv = (unsigned long)wl;
3109 wl->rng_initialized = 1;
3110 err = hwrng_register(&wl->rng);
3111 if (err) {
3112 wl->rng_initialized = 0;
3113 b43err(wl, "Failed to register the random "
3114 "number generator (%d)\n", err);
3115 }
3116 #endif /* CONFIG_B43_HWRNG */
3117
3118 return err;
3119 }
3120
3121 static void b43_tx_work(struct work_struct *work)
3122 {
3123 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3124 struct b43_wldev *dev;
3125 struct sk_buff *skb;
3126 int err = 0;
3127
3128 mutex_lock(&wl->mutex);
3129 dev = wl->current_dev;
3130 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3131 mutex_unlock(&wl->mutex);
3132 return;
3133 }
3134
3135 while (skb_queue_len(&wl->tx_queue)) {
3136 skb = skb_dequeue(&wl->tx_queue);
3137
3138 if (b43_using_pio_transfers(dev))
3139 err = b43_pio_tx(dev, skb);
3140 else
3141 err = b43_dma_tx(dev, skb);
3142 if (unlikely(err))
3143 dev_kfree_skb(skb); /* Drop it */
3144 }
3145
3146 #if B43_DEBUG
3147 dev->tx_count++;
3148 #endif
3149 mutex_unlock(&wl->mutex);
3150 }
3151
3152 static int b43_op_tx(struct ieee80211_hw *hw,
3153 struct sk_buff *skb)
3154 {
3155 struct b43_wl *wl = hw_to_b43_wl(hw);
3156
3157 if (unlikely(skb->len < 2 + 2 + 6)) {
3158 /* Too short, this can't be a valid frame. */
3159 dev_kfree_skb_any(skb);
3160 return NETDEV_TX_OK;
3161 }
3162 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3163
3164 skb_queue_tail(&wl->tx_queue, skb);
3165 ieee80211_queue_work(wl->hw, &wl->tx_work);
3166
3167 return NETDEV_TX_OK;
3168 }
3169
3170 static void b43_qos_params_upload(struct b43_wldev *dev,
3171 const struct ieee80211_tx_queue_params *p,
3172 u16 shm_offset)
3173 {
3174 u16 params[B43_NR_QOSPARAMS];
3175 int bslots, tmp;
3176 unsigned int i;
3177
3178 if (!dev->qos_enabled)
3179 return;
3180
3181 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3182
3183 memset(&params, 0, sizeof(params));
3184
3185 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3186 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3187 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3188 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3189 params[B43_QOSPARAM_AIFS] = p->aifs;
3190 params[B43_QOSPARAM_BSLOTS] = bslots;
3191 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3192
3193 for (i = 0; i < ARRAY_SIZE(params); i++) {
3194 if (i == B43_QOSPARAM_STATUS) {
3195 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3196 shm_offset + (i * 2));
3197 /* Mark the parameters as updated. */
3198 tmp |= 0x100;
3199 b43_shm_write16(dev, B43_SHM_SHARED,
3200 shm_offset + (i * 2),
3201 tmp);
3202 } else {
3203 b43_shm_write16(dev, B43_SHM_SHARED,
3204 shm_offset + (i * 2),
3205 params[i]);
3206 }
3207 }
3208 }
3209
3210 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3211 static const u16 b43_qos_shm_offsets[] = {
3212 /* [mac80211-queue-nr] = SHM_OFFSET, */
3213 [0] = B43_QOS_VOICE,
3214 [1] = B43_QOS_VIDEO,
3215 [2] = B43_QOS_BESTEFFORT,
3216 [3] = B43_QOS_BACKGROUND,
3217 };
3218
3219 /* Update all QOS parameters in hardware. */
3220 static void b43_qos_upload_all(struct b43_wldev *dev)
3221 {
3222 struct b43_wl *wl = dev->wl;
3223 struct b43_qos_params *params;
3224 unsigned int i;
3225
3226 if (!dev->qos_enabled)
3227 return;
3228
3229 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3230 ARRAY_SIZE(wl->qos_params));
3231
3232 b43_mac_suspend(dev);
3233 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3234 params = &(wl->qos_params[i]);
3235 b43_qos_params_upload(dev, &(params->p),
3236 b43_qos_shm_offsets[i]);
3237 }
3238 b43_mac_enable(dev);
3239 }
3240
3241 static void b43_qos_clear(struct b43_wl *wl)
3242 {
3243 struct b43_qos_params *params;
3244 unsigned int i;
3245
3246 /* Initialize QoS parameters to sane defaults. */
3247
3248 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3249 ARRAY_SIZE(wl->qos_params));
3250
3251 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3252 params = &(wl->qos_params[i]);
3253
3254 switch (b43_qos_shm_offsets[i]) {
3255 case B43_QOS_VOICE:
3256 params->p.txop = 0;
3257 params->p.aifs = 2;
3258 params->p.cw_min = 0x0001;
3259 params->p.cw_max = 0x0001;
3260 break;
3261 case B43_QOS_VIDEO:
3262 params->p.txop = 0;
3263 params->p.aifs = 2;
3264 params->p.cw_min = 0x0001;
3265 params->p.cw_max = 0x0001;
3266 break;
3267 case B43_QOS_BESTEFFORT:
3268 params->p.txop = 0;
3269 params->p.aifs = 3;
3270 params->p.cw_min = 0x0001;
3271 params->p.cw_max = 0x03FF;
3272 break;
3273 case B43_QOS_BACKGROUND:
3274 params->p.txop = 0;
3275 params->p.aifs = 7;
3276 params->p.cw_min = 0x0001;
3277 params->p.cw_max = 0x03FF;
3278 break;
3279 default:
3280 B43_WARN_ON(1);
3281 }
3282 }
3283 }
3284
3285 /* Initialize the core's QOS capabilities */
3286 static void b43_qos_init(struct b43_wldev *dev)
3287 {
3288 if (!dev->qos_enabled) {
3289 /* Disable QOS support. */
3290 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3291 b43_write16(dev, B43_MMIO_IFSCTL,
3292 b43_read16(dev, B43_MMIO_IFSCTL)
3293 & ~B43_MMIO_IFSCTL_USE_EDCF);
3294 b43dbg(dev->wl, "QoS disabled\n");
3295 return;
3296 }
3297
3298 /* Upload the current QOS parameters. */
3299 b43_qos_upload_all(dev);
3300
3301 /* Enable QOS support. */
3302 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3303 b43_write16(dev, B43_MMIO_IFSCTL,
3304 b43_read16(dev, B43_MMIO_IFSCTL)
3305 | B43_MMIO_IFSCTL_USE_EDCF);
3306 b43dbg(dev->wl, "QoS enabled\n");
3307 }
3308
3309 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3310 const struct ieee80211_tx_queue_params *params)
3311 {
3312 struct b43_wl *wl = hw_to_b43_wl(hw);
3313 struct b43_wldev *dev;
3314 unsigned int queue = (unsigned int)_queue;
3315 int err = -ENODEV;
3316
3317 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3318 /* Queue not available or don't support setting
3319 * params on this queue. Return success to not
3320 * confuse mac80211. */
3321 return 0;
3322 }
3323 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3324 ARRAY_SIZE(wl->qos_params));
3325
3326 mutex_lock(&wl->mutex);
3327 dev = wl->current_dev;
3328 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3329 goto out_unlock;
3330
3331 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3332 b43_mac_suspend(dev);
3333 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3334 b43_qos_shm_offsets[queue]);
3335 b43_mac_enable(dev);
3336 err = 0;
3337
3338 out_unlock:
3339 mutex_unlock(&wl->mutex);
3340
3341 return err;
3342 }
3343
3344 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3345 struct ieee80211_tx_queue_stats *stats)
3346 {
3347 struct b43_wl *wl = hw_to_b43_wl(hw);
3348 struct b43_wldev *dev;
3349 int err = -ENODEV;
3350
3351 mutex_lock(&wl->mutex);
3352 dev = wl->current_dev;
3353 if (dev && b43_status(dev) >= B43_STAT_STARTED) {
3354 if (b43_using_pio_transfers(dev))
3355 b43_pio_get_tx_stats(dev, stats);
3356 else
3357 b43_dma_get_tx_stats(dev, stats);
3358 err = 0;
3359 }
3360 mutex_unlock(&wl->mutex);
3361
3362 return err;
3363 }
3364
3365 static int b43_op_get_stats(struct ieee80211_hw *hw,
3366 struct ieee80211_low_level_stats *stats)
3367 {
3368 struct b43_wl *wl = hw_to_b43_wl(hw);
3369
3370 mutex_lock(&wl->mutex);
3371 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3372 mutex_unlock(&wl->mutex);
3373
3374 return 0;
3375 }
3376
3377 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3378 {
3379 struct b43_wl *wl = hw_to_b43_wl(hw);
3380 struct b43_wldev *dev;
3381 u64 tsf;
3382
3383 mutex_lock(&wl->mutex);
3384 dev = wl->current_dev;
3385
3386 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3387 b43_tsf_read(dev, &tsf);
3388 else
3389 tsf = 0;
3390
3391 mutex_unlock(&wl->mutex);
3392
3393 return tsf;
3394 }
3395
3396 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3397 {
3398 struct b43_wl *wl = hw_to_b43_wl(hw);
3399 struct b43_wldev *dev;
3400
3401 mutex_lock(&wl->mutex);
3402 dev = wl->current_dev;
3403
3404 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3405 b43_tsf_write(dev, tsf);
3406
3407 mutex_unlock(&wl->mutex);
3408 }
3409
3410 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3411 {
3412 struct ssb_device *sdev = dev->dev;
3413 u32 tmslow;
3414
3415 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3416 tmslow &= ~B43_TMSLOW_GMODE;
3417 tmslow |= B43_TMSLOW_PHYRESET;
3418 tmslow |= SSB_TMSLOW_FGC;
3419 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3420 msleep(1);
3421
3422 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3423 tmslow &= ~SSB_TMSLOW_FGC;
3424 tmslow |= B43_TMSLOW_PHYRESET;
3425 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3426 msleep(1);
3427 }
3428
3429 static const char *band_to_string(enum ieee80211_band band)
3430 {
3431 switch (band) {
3432 case IEEE80211_BAND_5GHZ:
3433 return "5";
3434 case IEEE80211_BAND_2GHZ:
3435 return "2.4";
3436 default:
3437 break;
3438 }
3439 B43_WARN_ON(1);
3440 return "";
3441 }
3442
3443 /* Expects wl->mutex locked */
3444 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3445 {
3446 struct b43_wldev *up_dev = NULL;
3447 struct b43_wldev *down_dev;
3448 struct b43_wldev *d;
3449 int err;
3450 bool uninitialized_var(gmode);
3451 int prev_status;
3452
3453 /* Find a device and PHY which supports the band. */
3454 list_for_each_entry(d, &wl->devlist, list) {
3455 switch (chan->band) {
3456 case IEEE80211_BAND_5GHZ:
3457 if (d->phy.supports_5ghz) {
3458 up_dev = d;
3459 gmode = 0;
3460 }
3461 break;
3462 case IEEE80211_BAND_2GHZ:
3463 if (d->phy.supports_2ghz) {
3464 up_dev = d;
3465 gmode = 1;
3466 }
3467 break;
3468 default:
3469 B43_WARN_ON(1);
3470 return -EINVAL;
3471 }
3472 if (up_dev)
3473 break;
3474 }
3475 if (!up_dev) {
3476 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3477 band_to_string(chan->band));
3478 return -ENODEV;
3479 }
3480 if ((up_dev == wl->current_dev) &&
3481 (!!wl->current_dev->phy.gmode == !!gmode)) {
3482 /* This device is already running. */
3483 return 0;
3484 }
3485 b43dbg(wl, "Switching to %s-GHz band\n",
3486 band_to_string(chan->band));
3487 down_dev = wl->current_dev;
3488
3489 prev_status = b43_status(down_dev);
3490 /* Shutdown the currently running core. */
3491 if (prev_status >= B43_STAT_STARTED)
3492 down_dev = b43_wireless_core_stop(down_dev);
3493 if (prev_status >= B43_STAT_INITIALIZED)
3494 b43_wireless_core_exit(down_dev);
3495
3496 if (down_dev != up_dev) {
3497 /* We switch to a different core, so we put PHY into
3498 * RESET on the old core. */
3499 b43_put_phy_into_reset(down_dev);
3500 }
3501
3502 /* Now start the new core. */
3503 up_dev->phy.gmode = gmode;
3504 if (prev_status >= B43_STAT_INITIALIZED) {
3505 err = b43_wireless_core_init(up_dev);
3506 if (err) {
3507 b43err(wl, "Fatal: Could not initialize device for "
3508 "selected %s-GHz band\n",
3509 band_to_string(chan->band));
3510 goto init_failure;
3511 }
3512 }
3513 if (prev_status >= B43_STAT_STARTED) {
3514 err = b43_wireless_core_start(up_dev);
3515 if (err) {
3516 b43err(wl, "Fatal: Coult not start device for "
3517 "selected %s-GHz band\n",
3518 band_to_string(chan->band));
3519 b43_wireless_core_exit(up_dev);
3520 goto init_failure;
3521 }
3522 }
3523 B43_WARN_ON(b43_status(up_dev) != prev_status);
3524
3525 wl->current_dev = up_dev;
3526
3527 return 0;
3528 init_failure:
3529 /* Whoops, failed to init the new core. No core is operating now. */
3530 wl->current_dev = NULL;
3531 return err;
3532 }
3533
3534 /* Write the short and long frame retry limit values. */
3535 static void b43_set_retry_limits(struct b43_wldev *dev,
3536 unsigned int short_retry,
3537 unsigned int long_retry)
3538 {
3539 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3540 * the chip-internal counter. */
3541 short_retry = min(short_retry, (unsigned int)0xF);
3542 long_retry = min(long_retry, (unsigned int)0xF);
3543
3544 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3545 short_retry);
3546 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3547 long_retry);
3548 }
3549
3550 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3551 {
3552 struct b43_wl *wl = hw_to_b43_wl(hw);
3553 struct b43_wldev *dev;
3554 struct b43_phy *phy;
3555 struct ieee80211_conf *conf = &hw->conf;
3556 int antenna;
3557 int err = 0;
3558
3559 mutex_lock(&wl->mutex);
3560
3561 /* Switch the band (if necessary). This might change the active core. */
3562 err = b43_switch_band(wl, conf->channel);
3563 if (err)
3564 goto out_unlock_mutex;
3565 dev = wl->current_dev;
3566 phy = &dev->phy;
3567
3568 b43_mac_suspend(dev);
3569
3570 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3571 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3572 conf->long_frame_max_tx_count);
3573 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3574 if (!changed)
3575 goto out_mac_enable;
3576
3577 /* Switch to the requested channel.
3578 * The firmware takes care of races with the TX handler. */
3579 if (conf->channel->hw_value != phy->channel)
3580 b43_switch_channel(dev, conf->channel->hw_value);
3581
3582 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3583
3584 /* Adjust the desired TX power level. */
3585 if (conf->power_level != 0) {
3586 if (conf->power_level != phy->desired_txpower) {
3587 phy->desired_txpower = conf->power_level;
3588 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3589 B43_TXPWR_IGNORE_TSSI);
3590 }
3591 }
3592
3593 /* Antennas for RX and management frame TX. */
3594 antenna = B43_ANTENNA_DEFAULT;
3595 b43_mgmtframe_txantenna(dev, antenna);
3596 antenna = B43_ANTENNA_DEFAULT;
3597 if (phy->ops->set_rx_antenna)
3598 phy->ops->set_rx_antenna(dev, antenna);
3599
3600 if (wl->radio_enabled != phy->radio_on) {
3601 if (wl->radio_enabled) {
3602 b43_software_rfkill(dev, false);
3603 b43info(dev->wl, "Radio turned on by software\n");
3604 if (!dev->radio_hw_enable) {
3605 b43info(dev->wl, "The hardware RF-kill button "
3606 "still turns the radio physically off. "
3607 "Press the button to turn it on.\n");
3608 }
3609 } else {
3610 b43_software_rfkill(dev, true);
3611 b43info(dev->wl, "Radio turned off by software\n");
3612 }
3613 }
3614
3615 out_mac_enable:
3616 b43_mac_enable(dev);
3617 out_unlock_mutex:
3618 mutex_unlock(&wl->mutex);
3619
3620 return err;
3621 }
3622
3623 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3624 {
3625 struct ieee80211_supported_band *sband =
3626 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3627 struct ieee80211_rate *rate;
3628 int i;
3629 u16 basic, direct, offset, basic_offset, rateptr;
3630
3631 for (i = 0; i < sband->n_bitrates; i++) {
3632 rate = &sband->bitrates[i];
3633
3634 if (b43_is_cck_rate(rate->hw_value)) {
3635 direct = B43_SHM_SH_CCKDIRECT;
3636 basic = B43_SHM_SH_CCKBASIC;
3637 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3638 offset &= 0xF;
3639 } else {
3640 direct = B43_SHM_SH_OFDMDIRECT;
3641 basic = B43_SHM_SH_OFDMBASIC;
3642 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3643 offset &= 0xF;
3644 }
3645
3646 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3647
3648 if (b43_is_cck_rate(rate->hw_value)) {
3649 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3650 basic_offset &= 0xF;
3651 } else {
3652 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3653 basic_offset &= 0xF;
3654 }
3655
3656 /*
3657 * Get the pointer that we need to point to
3658 * from the direct map
3659 */
3660 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3661 direct + 2 * basic_offset);
3662 /* and write it to the basic map */
3663 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3664 rateptr);
3665 }
3666 }
3667
3668 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3669 struct ieee80211_vif *vif,
3670 struct ieee80211_bss_conf *conf,
3671 u32 changed)
3672 {
3673 struct b43_wl *wl = hw_to_b43_wl(hw);
3674 struct b43_wldev *dev;
3675
3676 mutex_lock(&wl->mutex);
3677
3678 dev = wl->current_dev;
3679 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3680 goto out_unlock_mutex;
3681
3682 B43_WARN_ON(wl->vif != vif);
3683
3684 if (changed & BSS_CHANGED_BSSID) {
3685 if (conf->bssid)
3686 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3687 else
3688 memset(wl->bssid, 0, ETH_ALEN);
3689 }
3690
3691 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3692 if (changed & BSS_CHANGED_BEACON &&
3693 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3694 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3695 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3696 b43_update_templates(wl);
3697
3698 if (changed & BSS_CHANGED_BSSID)
3699 b43_write_mac_bssid_templates(dev);
3700 }
3701
3702 b43_mac_suspend(dev);
3703
3704 /* Update templates for AP/mesh mode. */
3705 if (changed & BSS_CHANGED_BEACON_INT &&
3706 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3707 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3708 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3709 b43_set_beacon_int(dev, conf->beacon_int);
3710
3711 if (changed & BSS_CHANGED_BASIC_RATES)
3712 b43_update_basic_rates(dev, conf->basic_rates);
3713
3714 if (changed & BSS_CHANGED_ERP_SLOT) {
3715 if (conf->use_short_slot)
3716 b43_short_slot_timing_enable(dev);
3717 else
3718 b43_short_slot_timing_disable(dev);
3719 }
3720
3721 b43_mac_enable(dev);
3722 out_unlock_mutex:
3723 mutex_unlock(&wl->mutex);
3724 }
3725
3726 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3727 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3728 struct ieee80211_key_conf *key)
3729 {
3730 struct b43_wl *wl = hw_to_b43_wl(hw);
3731 struct b43_wldev *dev;
3732 u8 algorithm;
3733 u8 index;
3734 int err;
3735 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3736
3737 if (modparam_nohwcrypt)
3738 return -ENOSPC; /* User disabled HW-crypto */
3739
3740 mutex_lock(&wl->mutex);
3741
3742 dev = wl->current_dev;
3743 err = -ENODEV;
3744 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3745 goto out_unlock;
3746
3747 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3748 /* We don't have firmware for the crypto engine.
3749 * Must use software-crypto. */
3750 err = -EOPNOTSUPP;
3751 goto out_unlock;
3752 }
3753
3754 err = -EINVAL;
3755 switch (key->alg) {
3756 case ALG_WEP:
3757 if (key->keylen == WLAN_KEY_LEN_WEP40)
3758 algorithm = B43_SEC_ALGO_WEP40;
3759 else
3760 algorithm = B43_SEC_ALGO_WEP104;
3761 break;
3762 case ALG_TKIP:
3763 algorithm = B43_SEC_ALGO_TKIP;
3764 break;
3765 case ALG_CCMP:
3766 algorithm = B43_SEC_ALGO_AES;
3767 break;
3768 default:
3769 B43_WARN_ON(1);
3770 goto out_unlock;
3771 }
3772 index = (u8) (key->keyidx);
3773 if (index > 3)
3774 goto out_unlock;
3775
3776 switch (cmd) {
3777 case SET_KEY:
3778 if (algorithm == B43_SEC_ALGO_TKIP &&
3779 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
3780 !modparam_hwtkip)) {
3781 /* We support only pairwise key */
3782 err = -EOPNOTSUPP;
3783 goto out_unlock;
3784 }
3785
3786 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3787 if (WARN_ON(!sta)) {
3788 err = -EOPNOTSUPP;
3789 goto out_unlock;
3790 }
3791 /* Pairwise key with an assigned MAC address. */
3792 err = b43_key_write(dev, -1, algorithm,
3793 key->key, key->keylen,
3794 sta->addr, key);
3795 } else {
3796 /* Group key */
3797 err = b43_key_write(dev, index, algorithm,
3798 key->key, key->keylen, NULL, key);
3799 }
3800 if (err)
3801 goto out_unlock;
3802
3803 if (algorithm == B43_SEC_ALGO_WEP40 ||
3804 algorithm == B43_SEC_ALGO_WEP104) {
3805 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3806 } else {
3807 b43_hf_write(dev,
3808 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3809 }
3810 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3811 if (algorithm == B43_SEC_ALGO_TKIP)
3812 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3813 break;
3814 case DISABLE_KEY: {
3815 err = b43_key_clear(dev, key->hw_key_idx);
3816 if (err)
3817 goto out_unlock;
3818 break;
3819 }
3820 default:
3821 B43_WARN_ON(1);
3822 }
3823
3824 out_unlock:
3825 if (!err) {
3826 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3827 "mac: %pM\n",
3828 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3829 sta ? sta->addr : bcast_addr);
3830 b43_dump_keymemory(dev);
3831 }
3832 mutex_unlock(&wl->mutex);
3833
3834 return err;
3835 }
3836
3837 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3838 unsigned int changed, unsigned int *fflags,
3839 u64 multicast)
3840 {
3841 struct b43_wl *wl = hw_to_b43_wl(hw);
3842 struct b43_wldev *dev;
3843
3844 mutex_lock(&wl->mutex);
3845 dev = wl->current_dev;
3846 if (!dev) {
3847 *fflags = 0;
3848 goto out_unlock;
3849 }
3850
3851 *fflags &= FIF_PROMISC_IN_BSS |
3852 FIF_ALLMULTI |
3853 FIF_FCSFAIL |
3854 FIF_PLCPFAIL |
3855 FIF_CONTROL |
3856 FIF_OTHER_BSS |
3857 FIF_BCN_PRBRESP_PROMISC;
3858
3859 changed &= FIF_PROMISC_IN_BSS |
3860 FIF_ALLMULTI |
3861 FIF_FCSFAIL |
3862 FIF_PLCPFAIL |
3863 FIF_CONTROL |
3864 FIF_OTHER_BSS |
3865 FIF_BCN_PRBRESP_PROMISC;
3866
3867 wl->filter_flags = *fflags;
3868
3869 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3870 b43_adjust_opmode(dev);
3871
3872 out_unlock:
3873 mutex_unlock(&wl->mutex);
3874 }
3875
3876 /* Locking: wl->mutex
3877 * Returns the current dev. This might be different from the passed in dev,
3878 * because the core might be gone away while we unlocked the mutex. */
3879 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
3880 {
3881 struct b43_wl *wl = dev->wl;
3882 struct b43_wldev *orig_dev;
3883 u32 mask;
3884
3885 redo:
3886 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3887 return dev;
3888
3889 /* Cancel work. Unlock to avoid deadlocks. */
3890 mutex_unlock(&wl->mutex);
3891 cancel_delayed_work_sync(&dev->periodic_work);
3892 cancel_work_sync(&wl->tx_work);
3893 mutex_lock(&wl->mutex);
3894 dev = wl->current_dev;
3895 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
3896 /* Whoops, aliens ate up the device while we were unlocked. */
3897 return dev;
3898 }
3899
3900 /* Disable interrupts on the device. */
3901 b43_set_status(dev, B43_STAT_INITIALIZED);
3902 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3903 /* wl->mutex is locked. That is enough. */
3904 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3905 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3906 } else {
3907 spin_lock_irq(&wl->hardirq_lock);
3908 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3909 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3910 spin_unlock_irq(&wl->hardirq_lock);
3911 }
3912 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
3913 orig_dev = dev;
3914 mutex_unlock(&wl->mutex);
3915 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3916 b43_sdio_free_irq(dev);
3917 } else {
3918 synchronize_irq(dev->dev->irq);
3919 free_irq(dev->dev->irq, dev);
3920 }
3921 mutex_lock(&wl->mutex);
3922 dev = wl->current_dev;
3923 if (!dev)
3924 return dev;
3925 if (dev != orig_dev) {
3926 if (b43_status(dev) >= B43_STAT_STARTED)
3927 goto redo;
3928 return dev;
3929 }
3930 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
3931 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
3932
3933 /* Drain the TX queue */
3934 while (skb_queue_len(&wl->tx_queue))
3935 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
3936
3937 b43_mac_suspend(dev);
3938 b43_leds_exit(dev);
3939 b43dbg(wl, "Wireless interface stopped\n");
3940
3941 return dev;
3942 }
3943
3944 /* Locking: wl->mutex */
3945 static int b43_wireless_core_start(struct b43_wldev *dev)
3946 {
3947 int err;
3948
3949 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3950
3951 drain_txstatus_queue(dev);
3952 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3953 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
3954 if (err) {
3955 b43err(dev->wl, "Cannot request SDIO IRQ\n");
3956 goto out;
3957 }
3958 } else {
3959 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
3960 b43_interrupt_thread_handler,
3961 IRQF_SHARED, KBUILD_MODNAME, dev);
3962 if (err) {
3963 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3964 goto out;
3965 }
3966 }
3967
3968 /* We are ready to run. */
3969 b43_set_status(dev, B43_STAT_STARTED);
3970
3971 /* Start data flow (TX/RX). */
3972 b43_mac_enable(dev);
3973 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3974
3975 /* Start maintainance work */
3976 b43_periodic_tasks_setup(dev);
3977
3978 b43_leds_init(dev);
3979
3980 b43dbg(dev->wl, "Wireless interface started\n");
3981 out:
3982 return err;
3983 }
3984
3985 /* Get PHY and RADIO versioning numbers */
3986 static int b43_phy_versioning(struct b43_wldev *dev)
3987 {
3988 struct b43_phy *phy = &dev->phy;
3989 u32 tmp;
3990 u8 analog_type;
3991 u8 phy_type;
3992 u8 phy_rev;
3993 u16 radio_manuf;
3994 u16 radio_ver;
3995 u16 radio_rev;
3996 int unsupported = 0;
3997
3998 /* Get PHY versioning */
3999 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4000 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4001 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4002 phy_rev = (tmp & B43_PHYVER_VERSION);
4003 switch (phy_type) {
4004 case B43_PHYTYPE_A:
4005 if (phy_rev >= 4)
4006 unsupported = 1;
4007 break;
4008 case B43_PHYTYPE_B:
4009 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4010 && phy_rev != 7)
4011 unsupported = 1;
4012 break;
4013 case B43_PHYTYPE_G:
4014 if (phy_rev > 9)
4015 unsupported = 1;
4016 break;
4017 #ifdef CONFIG_B43_NPHY
4018 case B43_PHYTYPE_N:
4019 if (phy_rev > 4)
4020 unsupported = 1;
4021 break;
4022 #endif
4023 #ifdef CONFIG_B43_PHY_LP
4024 case B43_PHYTYPE_LP:
4025 if (phy_rev > 2)
4026 unsupported = 1;
4027 break;
4028 #endif
4029 default:
4030 unsupported = 1;
4031 };
4032 if (unsupported) {
4033 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4034 "(Analog %u, Type %u, Revision %u)\n",
4035 analog_type, phy_type, phy_rev);
4036 return -EOPNOTSUPP;
4037 }
4038 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4039 analog_type, phy_type, phy_rev);
4040
4041 /* Get RADIO versioning */
4042 if (dev->dev->bus->chip_id == 0x4317) {
4043 if (dev->dev->bus->chip_rev == 0)
4044 tmp = 0x3205017F;
4045 else if (dev->dev->bus->chip_rev == 1)
4046 tmp = 0x4205017F;
4047 else
4048 tmp = 0x5205017F;
4049 } else {
4050 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4051 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4052 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4053 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4054 }
4055 radio_manuf = (tmp & 0x00000FFF);
4056 radio_ver = (tmp & 0x0FFFF000) >> 12;
4057 radio_rev = (tmp & 0xF0000000) >> 28;
4058 if (radio_manuf != 0x17F /* Broadcom */)
4059 unsupported = 1;
4060 switch (phy_type) {
4061 case B43_PHYTYPE_A:
4062 if (radio_ver != 0x2060)
4063 unsupported = 1;
4064 if (radio_rev != 1)
4065 unsupported = 1;
4066 if (radio_manuf != 0x17F)
4067 unsupported = 1;
4068 break;
4069 case B43_PHYTYPE_B:
4070 if ((radio_ver & 0xFFF0) != 0x2050)
4071 unsupported = 1;
4072 break;
4073 case B43_PHYTYPE_G:
4074 if (radio_ver != 0x2050)
4075 unsupported = 1;
4076 break;
4077 case B43_PHYTYPE_N:
4078 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4079 unsupported = 1;
4080 break;
4081 case B43_PHYTYPE_LP:
4082 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4083 unsupported = 1;
4084 break;
4085 default:
4086 B43_WARN_ON(1);
4087 }
4088 if (unsupported) {
4089 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4090 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4091 radio_manuf, radio_ver, radio_rev);
4092 return -EOPNOTSUPP;
4093 }
4094 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4095 radio_manuf, radio_ver, radio_rev);
4096
4097 phy->radio_manuf = radio_manuf;
4098 phy->radio_ver = radio_ver;
4099 phy->radio_rev = radio_rev;
4100
4101 phy->analog = analog_type;
4102 phy->type = phy_type;
4103 phy->rev = phy_rev;
4104
4105 return 0;
4106 }
4107
4108 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4109 struct b43_phy *phy)
4110 {
4111 phy->hardware_power_control = !!modparam_hwpctl;
4112 phy->next_txpwr_check_time = jiffies;
4113 /* PHY TX errors counter. */
4114 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4115
4116 #if B43_DEBUG
4117 phy->phy_locked = 0;
4118 phy->radio_locked = 0;
4119 #endif
4120 }
4121
4122 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4123 {
4124 dev->dfq_valid = 0;
4125
4126 /* Assume the radio is enabled. If it's not enabled, the state will
4127 * immediately get fixed on the first periodic work run. */
4128 dev->radio_hw_enable = 1;
4129
4130 /* Stats */
4131 memset(&dev->stats, 0, sizeof(dev->stats));
4132
4133 setup_struct_phy_for_init(dev, &dev->phy);
4134
4135 /* IRQ related flags */
4136 dev->irq_reason = 0;
4137 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4138 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4139 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4140 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4141
4142 dev->mac_suspended = 1;
4143
4144 /* Noise calculation context */
4145 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4146 }
4147
4148 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4149 {
4150 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
4151 u64 hf;
4152
4153 if (!modparam_btcoex)
4154 return;
4155 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4156 return;
4157 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4158 return;
4159
4160 hf = b43_hf_read(dev);
4161 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4162 hf |= B43_HF_BTCOEXALT;
4163 else
4164 hf |= B43_HF_BTCOEX;
4165 b43_hf_write(dev, hf);
4166 }
4167
4168 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4169 {
4170 if (!modparam_btcoex)
4171 return;
4172 //TODO
4173 }
4174
4175 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4176 {
4177 #ifdef CONFIG_SSB_DRIVER_PCICORE
4178 struct ssb_bus *bus = dev->dev->bus;
4179 u32 tmp;
4180
4181 if (bus->pcicore.dev &&
4182 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
4183 bus->pcicore.dev->id.revision <= 5) {
4184 /* IMCFGLO timeouts workaround. */
4185 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
4186 switch (bus->bustype) {
4187 case SSB_BUSTYPE_PCI:
4188 case SSB_BUSTYPE_PCMCIA:
4189 tmp &= ~SSB_IMCFGLO_REQTO;
4190 tmp &= ~SSB_IMCFGLO_SERTO;
4191 tmp |= 0x32;
4192 break;
4193 case SSB_BUSTYPE_SSB:
4194 tmp &= ~SSB_IMCFGLO_REQTO;
4195 tmp &= ~SSB_IMCFGLO_SERTO;
4196 tmp |= 0x53;
4197 break;
4198 default:
4199 break;
4200 }
4201 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
4202 }
4203 #endif /* CONFIG_SSB_DRIVER_PCICORE */
4204 }
4205
4206 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4207 {
4208 u16 pu_delay;
4209
4210 /* The time value is in microseconds. */
4211 if (dev->phy.type == B43_PHYTYPE_A)
4212 pu_delay = 3700;
4213 else
4214 pu_delay = 1050;
4215 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4216 pu_delay = 500;
4217 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4218 pu_delay = max(pu_delay, (u16)2400);
4219
4220 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4221 }
4222
4223 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4224 static void b43_set_pretbtt(struct b43_wldev *dev)
4225 {
4226 u16 pretbtt;
4227
4228 /* The time value is in microseconds. */
4229 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4230 pretbtt = 2;
4231 } else {
4232 if (dev->phy.type == B43_PHYTYPE_A)
4233 pretbtt = 120;
4234 else
4235 pretbtt = 250;
4236 }
4237 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4238 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4239 }
4240
4241 /* Shutdown a wireless core */
4242 /* Locking: wl->mutex */
4243 static void b43_wireless_core_exit(struct b43_wldev *dev)
4244 {
4245 u32 macctl;
4246
4247 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4248 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4249 return;
4250 b43_set_status(dev, B43_STAT_UNINIT);
4251
4252 /* Stop the microcode PSM. */
4253 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4254 macctl &= ~B43_MACCTL_PSM_RUN;
4255 macctl |= B43_MACCTL_PSM_JMP0;
4256 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4257
4258 b43_dma_free(dev);
4259 b43_pio_free(dev);
4260 b43_chip_exit(dev);
4261 dev->phy.ops->switch_analog(dev, 0);
4262 if (dev->wl->current_beacon) {
4263 dev_kfree_skb_any(dev->wl->current_beacon);
4264 dev->wl->current_beacon = NULL;
4265 }
4266
4267 ssb_device_disable(dev->dev, 0);
4268 ssb_bus_may_powerdown(dev->dev->bus);
4269 }
4270
4271 /* Initialize a wireless core */
4272 static int b43_wireless_core_init(struct b43_wldev *dev)
4273 {
4274 struct ssb_bus *bus = dev->dev->bus;
4275 struct ssb_sprom *sprom = &bus->sprom;
4276 struct b43_phy *phy = &dev->phy;
4277 int err;
4278 u64 hf;
4279 u32 tmp;
4280
4281 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4282
4283 err = ssb_bus_powerup(bus, 0);
4284 if (err)
4285 goto out;
4286 if (!ssb_device_is_enabled(dev->dev)) {
4287 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4288 b43_wireless_core_reset(dev, tmp);
4289 }
4290
4291 /* Reset all data structures. */
4292 setup_struct_wldev_for_init(dev);
4293 phy->ops->prepare_structs(dev);
4294
4295 /* Enable IRQ routing to this device. */
4296 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4297
4298 b43_imcfglo_timeouts_workaround(dev);
4299 b43_bluetooth_coext_disable(dev);
4300 if (phy->ops->prepare_hardware) {
4301 err = phy->ops->prepare_hardware(dev);
4302 if (err)
4303 goto err_busdown;
4304 }
4305 err = b43_chip_init(dev);
4306 if (err)
4307 goto err_busdown;
4308 b43_shm_write16(dev, B43_SHM_SHARED,
4309 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4310 hf = b43_hf_read(dev);
4311 if (phy->type == B43_PHYTYPE_G) {
4312 hf |= B43_HF_SYMW;
4313 if (phy->rev == 1)
4314 hf |= B43_HF_GDCW;
4315 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4316 hf |= B43_HF_OFDMPABOOST;
4317 }
4318 if (phy->radio_ver == 0x2050) {
4319 if (phy->radio_rev == 6)
4320 hf |= B43_HF_4318TSSI;
4321 if (phy->radio_rev < 6)
4322 hf |= B43_HF_VCORECALC;
4323 }
4324 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4325 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4326 #ifdef CONFIG_SSB_DRIVER_PCICORE
4327 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4328 (bus->pcicore.dev->id.revision <= 10))
4329 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4330 #endif
4331 hf &= ~B43_HF_SKCFPUP;
4332 b43_hf_write(dev, hf);
4333
4334 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4335 B43_DEFAULT_LONG_RETRY_LIMIT);
4336 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4337 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4338
4339 /* Disable sending probe responses from firmware.
4340 * Setting the MaxTime to one usec will always trigger
4341 * a timeout, so we never send any probe resp.
4342 * A timeout of zero is infinite. */
4343 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4344
4345 b43_rate_memory_init(dev);
4346 b43_set_phytxctl_defaults(dev);
4347
4348 /* Minimum Contention Window */
4349 if (phy->type == B43_PHYTYPE_B) {
4350 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4351 } else {
4352 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4353 }
4354 /* Maximum Contention Window */
4355 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4356
4357 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) ||
4358 (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) ||
4359 modparam_pio) {
4360 dev->__using_pio_transfers = 1;
4361 err = b43_pio_init(dev);
4362 } else {
4363 dev->__using_pio_transfers = 0;
4364 err = b43_dma_init(dev);
4365 }
4366 if (err)
4367 goto err_chip_exit;
4368 b43_qos_init(dev);
4369 b43_set_synth_pu_delay(dev, 1);
4370 b43_bluetooth_coext_enable(dev);
4371
4372 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4373 b43_upload_card_macaddress(dev);
4374 b43_security_init(dev);
4375
4376 ieee80211_wake_queues(dev->wl->hw);
4377
4378 ieee80211_wake_queues(dev->wl->hw);
4379
4380 b43_set_status(dev, B43_STAT_INITIALIZED);
4381
4382 out:
4383 return err;
4384
4385 err_chip_exit:
4386 b43_chip_exit(dev);
4387 err_busdown:
4388 ssb_bus_may_powerdown(bus);
4389 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4390 return err;
4391 }
4392
4393 static int b43_op_add_interface(struct ieee80211_hw *hw,
4394 struct ieee80211_vif *vif)
4395 {
4396 struct b43_wl *wl = hw_to_b43_wl(hw);
4397 struct b43_wldev *dev;
4398 int err = -EOPNOTSUPP;
4399
4400 /* TODO: allow WDS/AP devices to coexist */
4401
4402 if (vif->type != NL80211_IFTYPE_AP &&
4403 vif->type != NL80211_IFTYPE_MESH_POINT &&
4404 vif->type != NL80211_IFTYPE_STATION &&
4405 vif->type != NL80211_IFTYPE_WDS &&
4406 vif->type != NL80211_IFTYPE_ADHOC)
4407 return -EOPNOTSUPP;
4408
4409 mutex_lock(&wl->mutex);
4410 if (wl->operating)
4411 goto out_mutex_unlock;
4412
4413 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4414
4415 dev = wl->current_dev;
4416 wl->operating = 1;
4417 wl->vif = vif;
4418 wl->if_type = vif->type;
4419 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4420
4421 b43_adjust_opmode(dev);
4422 b43_set_pretbtt(dev);
4423 b43_set_synth_pu_delay(dev, 0);
4424 b43_upload_card_macaddress(dev);
4425
4426 err = 0;
4427 out_mutex_unlock:
4428 mutex_unlock(&wl->mutex);
4429
4430 return err;
4431 }
4432
4433 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4434 struct ieee80211_vif *vif)
4435 {
4436 struct b43_wl *wl = hw_to_b43_wl(hw);
4437 struct b43_wldev *dev = wl->current_dev;
4438
4439 b43dbg(wl, "Removing Interface type %d\n", vif->type);
4440
4441 mutex_lock(&wl->mutex);
4442
4443 B43_WARN_ON(!wl->operating);
4444 B43_WARN_ON(wl->vif != vif);
4445 wl->vif = NULL;
4446
4447 wl->operating = 0;
4448
4449 b43_adjust_opmode(dev);
4450 memset(wl->mac_addr, 0, ETH_ALEN);
4451 b43_upload_card_macaddress(dev);
4452
4453 mutex_unlock(&wl->mutex);
4454 }
4455
4456 static int b43_op_start(struct ieee80211_hw *hw)
4457 {
4458 struct b43_wl *wl = hw_to_b43_wl(hw);
4459 struct b43_wldev *dev = wl->current_dev;
4460 int did_init = 0;
4461 int err = 0;
4462
4463 /* Kill all old instance specific information to make sure
4464 * the card won't use it in the short timeframe between start
4465 * and mac80211 reconfiguring it. */
4466 memset(wl->bssid, 0, ETH_ALEN);
4467 memset(wl->mac_addr, 0, ETH_ALEN);
4468 wl->filter_flags = 0;
4469 wl->radiotap_enabled = 0;
4470 b43_qos_clear(wl);
4471 wl->beacon0_uploaded = 0;
4472 wl->beacon1_uploaded = 0;
4473 wl->beacon_templates_virgin = 1;
4474 wl->radio_enabled = 1;
4475
4476 mutex_lock(&wl->mutex);
4477
4478 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4479 err = b43_wireless_core_init(dev);
4480 if (err)
4481 goto out_mutex_unlock;
4482 did_init = 1;
4483 }
4484
4485 if (b43_status(dev) < B43_STAT_STARTED) {
4486 err = b43_wireless_core_start(dev);
4487 if (err) {
4488 if (did_init)
4489 b43_wireless_core_exit(dev);
4490 goto out_mutex_unlock;
4491 }
4492 }
4493
4494 /* XXX: only do if device doesn't support rfkill irq */
4495 wiphy_rfkill_start_polling(hw->wiphy);
4496
4497 out_mutex_unlock:
4498 mutex_unlock(&wl->mutex);
4499
4500 return err;
4501 }
4502
4503 static void b43_op_stop(struct ieee80211_hw *hw)
4504 {
4505 struct b43_wl *wl = hw_to_b43_wl(hw);
4506 struct b43_wldev *dev = wl->current_dev;
4507
4508 cancel_work_sync(&(wl->beacon_update_trigger));
4509
4510 mutex_lock(&wl->mutex);
4511 if (b43_status(dev) >= B43_STAT_STARTED) {
4512 dev = b43_wireless_core_stop(dev);
4513 if (!dev)
4514 goto out_unlock;
4515 }
4516 b43_wireless_core_exit(dev);
4517 wl->radio_enabled = 0;
4518
4519 out_unlock:
4520 mutex_unlock(&wl->mutex);
4521
4522 cancel_work_sync(&(wl->txpower_adjust_work));
4523 }
4524
4525 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4526 struct ieee80211_sta *sta, bool set)
4527 {
4528 struct b43_wl *wl = hw_to_b43_wl(hw);
4529
4530 /* FIXME: add locking */
4531 b43_update_templates(wl);
4532
4533 return 0;
4534 }
4535
4536 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4537 struct ieee80211_vif *vif,
4538 enum sta_notify_cmd notify_cmd,
4539 struct ieee80211_sta *sta)
4540 {
4541 struct b43_wl *wl = hw_to_b43_wl(hw);
4542
4543 B43_WARN_ON(!vif || wl->vif != vif);
4544 }
4545
4546 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4547 {
4548 struct b43_wl *wl = hw_to_b43_wl(hw);
4549 struct b43_wldev *dev;
4550
4551 mutex_lock(&wl->mutex);
4552 dev = wl->current_dev;
4553 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4554 /* Disable CFP update during scan on other channels. */
4555 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4556 }
4557 mutex_unlock(&wl->mutex);
4558 }
4559
4560 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4561 {
4562 struct b43_wl *wl = hw_to_b43_wl(hw);
4563 struct b43_wldev *dev;
4564
4565 mutex_lock(&wl->mutex);
4566 dev = wl->current_dev;
4567 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4568 /* Re-enable CFP update. */
4569 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4570 }
4571 mutex_unlock(&wl->mutex);
4572 }
4573
4574 static const struct ieee80211_ops b43_hw_ops = {
4575 .tx = b43_op_tx,
4576 .conf_tx = b43_op_conf_tx,
4577 .add_interface = b43_op_add_interface,
4578 .remove_interface = b43_op_remove_interface,
4579 .config = b43_op_config,
4580 .bss_info_changed = b43_op_bss_info_changed,
4581 .configure_filter = b43_op_configure_filter,
4582 .set_key = b43_op_set_key,
4583 .update_tkip_key = b43_op_update_tkip_key,
4584 .get_stats = b43_op_get_stats,
4585 .get_tx_stats = b43_op_get_tx_stats,
4586 .get_tsf = b43_op_get_tsf,
4587 .set_tsf = b43_op_set_tsf,
4588 .start = b43_op_start,
4589 .stop = b43_op_stop,
4590 .set_tim = b43_op_beacon_set_tim,
4591 .sta_notify = b43_op_sta_notify,
4592 .sw_scan_start = b43_op_sw_scan_start_notifier,
4593 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4594 .rfkill_poll = b43_rfkill_poll,
4595 };
4596
4597 /* Hard-reset the chip. Do not call this directly.
4598 * Use b43_controller_restart()
4599 */
4600 static void b43_chip_reset(struct work_struct *work)
4601 {
4602 struct b43_wldev *dev =
4603 container_of(work, struct b43_wldev, restart_work);
4604 struct b43_wl *wl = dev->wl;
4605 int err = 0;
4606 int prev_status;
4607
4608 mutex_lock(&wl->mutex);
4609
4610 prev_status = b43_status(dev);
4611 /* Bring the device down... */
4612 if (prev_status >= B43_STAT_STARTED) {
4613 dev = b43_wireless_core_stop(dev);
4614 if (!dev) {
4615 err = -ENODEV;
4616 goto out;
4617 }
4618 }
4619 if (prev_status >= B43_STAT_INITIALIZED)
4620 b43_wireless_core_exit(dev);
4621
4622 /* ...and up again. */
4623 if (prev_status >= B43_STAT_INITIALIZED) {
4624 err = b43_wireless_core_init(dev);
4625 if (err)
4626 goto out;
4627 }
4628 if (prev_status >= B43_STAT_STARTED) {
4629 err = b43_wireless_core_start(dev);
4630 if (err) {
4631 b43_wireless_core_exit(dev);
4632 goto out;
4633 }
4634 }
4635 out:
4636 if (err)
4637 wl->current_dev = NULL; /* Failed to init the dev. */
4638 mutex_unlock(&wl->mutex);
4639 if (err)
4640 b43err(wl, "Controller restart FAILED\n");
4641 else
4642 b43info(wl, "Controller restarted\n");
4643 }
4644
4645 static int b43_setup_bands(struct b43_wldev *dev,
4646 bool have_2ghz_phy, bool have_5ghz_phy)
4647 {
4648 struct ieee80211_hw *hw = dev->wl->hw;
4649
4650 if (have_2ghz_phy)
4651 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4652 if (dev->phy.type == B43_PHYTYPE_N) {
4653 if (have_5ghz_phy)
4654 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4655 } else {
4656 if (have_5ghz_phy)
4657 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4658 }
4659
4660 dev->phy.supports_2ghz = have_2ghz_phy;
4661 dev->phy.supports_5ghz = have_5ghz_phy;
4662
4663 return 0;
4664 }
4665
4666 static void b43_wireless_core_detach(struct b43_wldev *dev)
4667 {
4668 /* We release firmware that late to not be required to re-request
4669 * is all the time when we reinit the core. */
4670 b43_release_firmware(dev);
4671 b43_phy_free(dev);
4672 }
4673
4674 static int b43_wireless_core_attach(struct b43_wldev *dev)
4675 {
4676 struct b43_wl *wl = dev->wl;
4677 struct ssb_bus *bus = dev->dev->bus;
4678 struct pci_dev *pdev = (bus->bustype == SSB_BUSTYPE_PCI) ? bus->host_pci : NULL;
4679 int err;
4680 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4681 u32 tmp;
4682
4683 /* Do NOT do any device initialization here.
4684 * Do it in wireless_core_init() instead.
4685 * This function is for gathering basic information about the HW, only.
4686 * Also some structs may be set up here. But most likely you want to have
4687 * that in core_init(), too.
4688 */
4689
4690 err = ssb_bus_powerup(bus, 0);
4691 if (err) {
4692 b43err(wl, "Bus powerup failed\n");
4693 goto out;
4694 }
4695 /* Get the PHY type. */
4696 if (dev->dev->id.revision >= 5) {
4697 u32 tmshigh;
4698
4699 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4700 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4701 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4702 } else
4703 B43_WARN_ON(1);
4704
4705 dev->phy.gmode = have_2ghz_phy;
4706 dev->phy.radio_on = 1;
4707 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4708 b43_wireless_core_reset(dev, tmp);
4709
4710 err = b43_phy_versioning(dev);
4711 if (err)
4712 goto err_powerdown;
4713 /* Check if this device supports multiband. */
4714 if (!pdev ||
4715 (pdev->device != 0x4312 &&
4716 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4717 /* No multiband support. */
4718 have_2ghz_phy = 0;
4719 have_5ghz_phy = 0;
4720 switch (dev->phy.type) {
4721 case B43_PHYTYPE_A:
4722 have_5ghz_phy = 1;
4723 break;
4724 case B43_PHYTYPE_LP: //FIXME not always!
4725 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
4726 have_5ghz_phy = 1;
4727 #endif
4728 case B43_PHYTYPE_G:
4729 case B43_PHYTYPE_N:
4730 have_2ghz_phy = 1;
4731 break;
4732 default:
4733 B43_WARN_ON(1);
4734 }
4735 }
4736 if (dev->phy.type == B43_PHYTYPE_A) {
4737 /* FIXME */
4738 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4739 err = -EOPNOTSUPP;
4740 goto err_powerdown;
4741 }
4742 if (1 /* disable A-PHY */) {
4743 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4744 if (dev->phy.type != B43_PHYTYPE_N &&
4745 dev->phy.type != B43_PHYTYPE_LP) {
4746 have_2ghz_phy = 1;
4747 have_5ghz_phy = 0;
4748 }
4749 }
4750
4751 err = b43_phy_allocate(dev);
4752 if (err)
4753 goto err_powerdown;
4754
4755 dev->phy.gmode = have_2ghz_phy;
4756 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4757 b43_wireless_core_reset(dev, tmp);
4758
4759 err = b43_validate_chipaccess(dev);
4760 if (err)
4761 goto err_phy_free;
4762 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4763 if (err)
4764 goto err_phy_free;
4765
4766 /* Now set some default "current_dev" */
4767 if (!wl->current_dev)
4768 wl->current_dev = dev;
4769 INIT_WORK(&dev->restart_work, b43_chip_reset);
4770
4771 dev->phy.ops->switch_analog(dev, 0);
4772 ssb_device_disable(dev->dev, 0);
4773 ssb_bus_may_powerdown(bus);
4774
4775 out:
4776 return err;
4777
4778 err_phy_free:
4779 b43_phy_free(dev);
4780 err_powerdown:
4781 ssb_bus_may_powerdown(bus);
4782 return err;
4783 }
4784
4785 static void b43_one_core_detach(struct ssb_device *dev)
4786 {
4787 struct b43_wldev *wldev;
4788 struct b43_wl *wl;
4789
4790 /* Do not cancel ieee80211-workqueue based work here.
4791 * See comment in b43_remove(). */
4792
4793 wldev = ssb_get_drvdata(dev);
4794 wl = wldev->wl;
4795 b43_debugfs_remove_device(wldev);
4796 b43_wireless_core_detach(wldev);
4797 list_del(&wldev->list);
4798 wl->nr_devs--;
4799 ssb_set_drvdata(dev, NULL);
4800 kfree(wldev);
4801 }
4802
4803 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4804 {
4805 struct b43_wldev *wldev;
4806 struct pci_dev *pdev;
4807 int err = -ENOMEM;
4808
4809 if (!list_empty(&wl->devlist)) {
4810 /* We are not the first core on this chip. */
4811 pdev = (dev->bus->bustype == SSB_BUSTYPE_PCI) ? dev->bus->host_pci : NULL;
4812 /* Only special chips support more than one wireless
4813 * core, although some of the other chips have more than
4814 * one wireless core as well. Check for this and
4815 * bail out early.
4816 */
4817 if (!pdev ||
4818 ((pdev->device != 0x4321) &&
4819 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4820 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4821 return -ENODEV;
4822 }
4823 }
4824
4825 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4826 if (!wldev)
4827 goto out;
4828
4829 wldev->dev = dev;
4830 wldev->wl = wl;
4831 b43_set_status(wldev, B43_STAT_UNINIT);
4832 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4833 INIT_LIST_HEAD(&wldev->list);
4834
4835 err = b43_wireless_core_attach(wldev);
4836 if (err)
4837 goto err_kfree_wldev;
4838
4839 list_add(&wldev->list, &wl->devlist);
4840 wl->nr_devs++;
4841 ssb_set_drvdata(dev, wldev);
4842 b43_debugfs_add_device(wldev);
4843
4844 out:
4845 return err;
4846
4847 err_kfree_wldev:
4848 kfree(wldev);
4849 return err;
4850 }
4851
4852 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4853 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4854 (pdev->device == _device) && \
4855 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4856 (pdev->subsystem_device == _subdevice) )
4857
4858 static void b43_sprom_fixup(struct ssb_bus *bus)
4859 {
4860 struct pci_dev *pdev;
4861
4862 /* boardflags workarounds */
4863 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4864 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4865 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4866 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4867 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4868 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4869 if (bus->bustype == SSB_BUSTYPE_PCI) {
4870 pdev = bus->host_pci;
4871 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4872 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4873 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4874 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4875 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4876 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4877 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4878 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4879 }
4880 }
4881
4882 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4883 {
4884 struct ieee80211_hw *hw = wl->hw;
4885
4886 ssb_set_devtypedata(dev, NULL);
4887 ieee80211_free_hw(hw);
4888 }
4889
4890 static int b43_wireless_init(struct ssb_device *dev)
4891 {
4892 struct ssb_sprom *sprom = &dev->bus->sprom;
4893 struct ieee80211_hw *hw;
4894 struct b43_wl *wl;
4895 int err = -ENOMEM;
4896
4897 b43_sprom_fixup(dev->bus);
4898
4899 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4900 if (!hw) {
4901 b43err(NULL, "Could not allocate ieee80211 device\n");
4902 goto out;
4903 }
4904 wl = hw_to_b43_wl(hw);
4905
4906 /* fill hw info */
4907 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4908 IEEE80211_HW_SIGNAL_DBM |
4909 IEEE80211_HW_NOISE_DBM;
4910
4911 hw->wiphy->interface_modes =
4912 BIT(NL80211_IFTYPE_AP) |
4913 BIT(NL80211_IFTYPE_MESH_POINT) |
4914 BIT(NL80211_IFTYPE_STATION) |
4915 BIT(NL80211_IFTYPE_WDS) |
4916 BIT(NL80211_IFTYPE_ADHOC);
4917
4918 hw->queues = modparam_qos ? 4 : 1;
4919 wl->mac80211_initially_registered_queues = hw->queues;
4920 hw->max_rates = 2;
4921 SET_IEEE80211_DEV(hw, dev->dev);
4922 if (is_valid_ether_addr(sprom->et1mac))
4923 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4924 else
4925 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4926
4927 /* Initialize struct b43_wl */
4928 wl->hw = hw;
4929 mutex_init(&wl->mutex);
4930 spin_lock_init(&wl->hardirq_lock);
4931 INIT_LIST_HEAD(&wl->devlist);
4932 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4933 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4934 INIT_WORK(&wl->tx_work, b43_tx_work);
4935 skb_queue_head_init(&wl->tx_queue);
4936
4937 ssb_set_devtypedata(dev, wl);
4938 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4939 dev->bus->chip_id, dev->id.revision);
4940 err = 0;
4941 out:
4942 return err;
4943 }
4944
4945 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4946 {
4947 struct b43_wl *wl;
4948 int err;
4949 int first = 0;
4950
4951 wl = ssb_get_devtypedata(dev);
4952 if (!wl) {
4953 /* Probing the first core. Must setup common struct b43_wl */
4954 first = 1;
4955 err = b43_wireless_init(dev);
4956 if (err)
4957 goto out;
4958 wl = ssb_get_devtypedata(dev);
4959 B43_WARN_ON(!wl);
4960 }
4961 err = b43_one_core_attach(dev, wl);
4962 if (err)
4963 goto err_wireless_exit;
4964
4965 if (first) {
4966 err = ieee80211_register_hw(wl->hw);
4967 if (err)
4968 goto err_one_core_detach;
4969 b43_leds_register(wl->current_dev);
4970 b43_rng_init(wl);
4971 }
4972
4973 out:
4974 return err;
4975
4976 err_one_core_detach:
4977 b43_one_core_detach(dev);
4978 err_wireless_exit:
4979 if (first)
4980 b43_wireless_exit(dev, wl);
4981 return err;
4982 }
4983
4984 static void b43_remove(struct ssb_device *dev)
4985 {
4986 struct b43_wl *wl = ssb_get_devtypedata(dev);
4987 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4988
4989 /* We must cancel any work here before unregistering from ieee80211,
4990 * as the ieee80211 unreg will destroy the workqueue. */
4991 cancel_work_sync(&wldev->restart_work);
4992
4993 B43_WARN_ON(!wl);
4994 if (wl->current_dev == wldev) {
4995 /* Restore the queues count before unregistering, because firmware detect
4996 * might have modified it. Restoring is important, so the networking
4997 * stack can properly free resources. */
4998 wl->hw->queues = wl->mac80211_initially_registered_queues;
4999 b43_leds_stop(wldev);
5000 ieee80211_unregister_hw(wl->hw);
5001 }
5002
5003 b43_one_core_detach(dev);
5004
5005 if (list_empty(&wl->devlist)) {
5006 b43_rng_exit(wl);
5007 b43_leds_unregister(wl);
5008 /* Last core on the chip unregistered.
5009 * We can destroy common struct b43_wl.
5010 */
5011 b43_wireless_exit(dev, wl);
5012 }
5013 }
5014
5015 /* Perform a hardware reset. This can be called from any context. */
5016 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5017 {
5018 /* Must avoid requeueing, if we are in shutdown. */
5019 if (b43_status(dev) < B43_STAT_INITIALIZED)
5020 return;
5021 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5022 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5023 }
5024
5025 static struct ssb_driver b43_ssb_driver = {
5026 .name = KBUILD_MODNAME,
5027 .id_table = b43_ssb_tbl,
5028 .probe = b43_probe,
5029 .remove = b43_remove,
5030 };
5031
5032 static void b43_print_driverinfo(void)
5033 {
5034 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5035 *feat_leds = "", *feat_sdio = "";
5036
5037 #ifdef CONFIG_B43_PCI_AUTOSELECT
5038 feat_pci = "P";
5039 #endif
5040 #ifdef CONFIG_B43_PCMCIA
5041 feat_pcmcia = "M";
5042 #endif
5043 #ifdef CONFIG_B43_NPHY
5044 feat_nphy = "N";
5045 #endif
5046 #ifdef CONFIG_B43_LEDS
5047 feat_leds = "L";
5048 #endif
5049 #ifdef CONFIG_B43_SDIO
5050 feat_sdio = "S";
5051 #endif
5052 printk(KERN_INFO "Broadcom 43xx driver loaded "
5053 "[ Features: %s%s%s%s%s, Firmware-ID: "
5054 B43_SUPPORTED_FIRMWARE_ID " ]\n",
5055 feat_pci, feat_pcmcia, feat_nphy,
5056 feat_leds, feat_sdio);
5057 }
5058
5059 static int __init b43_init(void)
5060 {
5061 int err;
5062
5063 b43_debugfs_init();
5064 err = b43_pcmcia_init();
5065 if (err)
5066 goto err_dfs_exit;
5067 err = b43_sdio_init();
5068 if (err)
5069 goto err_pcmcia_exit;
5070 err = ssb_driver_register(&b43_ssb_driver);
5071 if (err)
5072 goto err_sdio_exit;
5073 b43_print_driverinfo();
5074
5075 return err;
5076
5077 err_sdio_exit:
5078 b43_sdio_exit();
5079 err_pcmcia_exit:
5080 b43_pcmcia_exit();
5081 err_dfs_exit:
5082 b43_debugfs_exit();
5083 return err;
5084 }
5085
5086 static void __exit b43_exit(void)
5087 {
5088 ssb_driver_unregister(&b43_ssb_driver);
5089 b43_sdio_exit();
5090 b43_pcmcia_exit();
5091 b43_debugfs_exit();
5092 }
5093
5094 module_init(b43_init)
5095 module_exit(b43_exit)
ubuntu-bionic-kernel mirror