iwlwifi: sanity check before counting number of tfds can be free
[linux-2.6.git] / drivers / net / wireless / ath / ar9170 / main.c
1 /*
2  * Atheros AR9170 driver
3  *
4  * mac80211 interaction code
5  *
6  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright 2009, Christian Lamparter <chunkeey@web.de>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; see the file COPYING.  If not, see
21  * http://www.gnu.org/licenses/.
22  *
23  * This file incorporates work covered by the following copyright and
24  * permission notice:
25  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
26  *
27  *    Permission to use, copy, modify, and/or distribute this software for any
28  *    purpose with or without fee is hereby granted, provided that the above
29  *    copyright notice and this permission notice appear in all copies.
30  *
31  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
32  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
33  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
34  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
35  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
36  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
37  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
38  */
39
40 #include <linux/init.h>
41 #include <linux/module.h>
42 #include <linux/etherdevice.h>
43 #include <net/mac80211.h>
44 #include "ar9170.h"
45 #include "hw.h"
46 #include "cmd.h"
47
48 static int modparam_nohwcrypt;
49 module_param_named(nohwcrypt, modparam_nohwcrypt, bool, S_IRUGO);
50 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
51
52 static int modparam_ht;
53 module_param_named(ht, modparam_ht, bool, S_IRUGO);
54 MODULE_PARM_DESC(ht, "enable MPDU aggregation.");
55
56 #define RATE(_bitrate, _hw_rate, _txpidx, _flags) {     \
57         .bitrate        = (_bitrate),                   \
58         .flags          = (_flags),                     \
59         .hw_value       = (_hw_rate) | (_txpidx) << 4,  \
60 }
61
62 static struct ieee80211_rate __ar9170_ratetable[] = {
63         RATE(10, 0, 0, 0),
64         RATE(20, 1, 1, IEEE80211_RATE_SHORT_PREAMBLE),
65         RATE(55, 2, 2, IEEE80211_RATE_SHORT_PREAMBLE),
66         RATE(110, 3, 3, IEEE80211_RATE_SHORT_PREAMBLE),
67         RATE(60, 0xb, 0, 0),
68         RATE(90, 0xf, 0, 0),
69         RATE(120, 0xa, 0, 0),
70         RATE(180, 0xe, 0, 0),
71         RATE(240, 0x9, 0, 0),
72         RATE(360, 0xd, 1, 0),
73         RATE(480, 0x8, 2, 0),
74         RATE(540, 0xc, 3, 0),
75 };
76 #undef RATE
77
78 #define ar9170_g_ratetable      (__ar9170_ratetable + 0)
79 #define ar9170_g_ratetable_size 12
80 #define ar9170_a_ratetable      (__ar9170_ratetable + 4)
81 #define ar9170_a_ratetable_size 8
82
83 /*
84  * NB: The hw_value is used as an index into the ar9170_phy_freq_params
85  *     array in phy.c so that we don't have to do frequency lookups!
86  */
87 #define CHAN(_freq, _idx) {             \
88         .center_freq    = (_freq),      \
89         .hw_value       = (_idx),       \
90         .max_power      = 18, /* XXX */ \
91 }
92
93 static struct ieee80211_channel ar9170_2ghz_chantable[] = {
94         CHAN(2412,  0),
95         CHAN(2417,  1),
96         CHAN(2422,  2),
97         CHAN(2427,  3),
98         CHAN(2432,  4),
99         CHAN(2437,  5),
100         CHAN(2442,  6),
101         CHAN(2447,  7),
102         CHAN(2452,  8),
103         CHAN(2457,  9),
104         CHAN(2462, 10),
105         CHAN(2467, 11),
106         CHAN(2472, 12),
107         CHAN(2484, 13),
108 };
109
110 static struct ieee80211_channel ar9170_5ghz_chantable[] = {
111         CHAN(4920, 14),
112         CHAN(4940, 15),
113         CHAN(4960, 16),
114         CHAN(4980, 17),
115         CHAN(5040, 18),
116         CHAN(5060, 19),
117         CHAN(5080, 20),
118         CHAN(5180, 21),
119         CHAN(5200, 22),
120         CHAN(5220, 23),
121         CHAN(5240, 24),
122         CHAN(5260, 25),
123         CHAN(5280, 26),
124         CHAN(5300, 27),
125         CHAN(5320, 28),
126         CHAN(5500, 29),
127         CHAN(5520, 30),
128         CHAN(5540, 31),
129         CHAN(5560, 32),
130         CHAN(5580, 33),
131         CHAN(5600, 34),
132         CHAN(5620, 35),
133         CHAN(5640, 36),
134         CHAN(5660, 37),
135         CHAN(5680, 38),
136         CHAN(5700, 39),
137         CHAN(5745, 40),
138         CHAN(5765, 41),
139         CHAN(5785, 42),
140         CHAN(5805, 43),
141         CHAN(5825, 44),
142         CHAN(5170, 45),
143         CHAN(5190, 46),
144         CHAN(5210, 47),
145         CHAN(5230, 48),
146 };
147 #undef CHAN
148
149 #define AR9170_HT_CAP                                                   \
150 {                                                                       \
151         .ht_supported   = true,                                         \
152         .cap            = IEEE80211_HT_CAP_MAX_AMSDU |                  \
153                           IEEE80211_HT_CAP_SUP_WIDTH_20_40 |            \
154                           IEEE80211_HT_CAP_SGI_40 |                     \
155                           IEEE80211_HT_CAP_GRN_FLD |                    \
156                           IEEE80211_HT_CAP_DSSSCCK40 |                  \
157                           IEEE80211_HT_CAP_SM_PS,                       \
158         .ampdu_factor   = 3,                                            \
159         .ampdu_density  = 6,                                            \
160         .mcs            = {                                             \
161                 .rx_mask = { 0xff, 0xff, 0, 0, 0x1, 0, 0, 0, 0, 0, },   \
162                 .rx_highest = cpu_to_le16(300),                         \
163                 .tx_params = IEEE80211_HT_MCS_TX_DEFINED,               \
164         },                                                              \
165 }
166
167 static struct ieee80211_supported_band ar9170_band_2GHz = {
168         .channels       = ar9170_2ghz_chantable,
169         .n_channels     = ARRAY_SIZE(ar9170_2ghz_chantable),
170         .bitrates       = ar9170_g_ratetable,
171         .n_bitrates     = ar9170_g_ratetable_size,
172         .ht_cap         = AR9170_HT_CAP,
173 };
174
175 static struct ieee80211_supported_band ar9170_band_5GHz = {
176         .channels       = ar9170_5ghz_chantable,
177         .n_channels     = ARRAY_SIZE(ar9170_5ghz_chantable),
178         .bitrates       = ar9170_a_ratetable,
179         .n_bitrates     = ar9170_a_ratetable_size,
180         .ht_cap         = AR9170_HT_CAP,
181 };
182
183 static void ar9170_tx(struct ar9170 *ar);
184 static bool ar9170_tx_ampdu(struct ar9170 *ar);
185
186 static inline u16 ar9170_get_seq_h(struct ieee80211_hdr *hdr)
187 {
188         return le16_to_cpu(hdr->seq_ctrl) >> 4;
189 }
190
191 static inline u16 ar9170_get_seq(struct sk_buff *skb)
192 {
193         struct ar9170_tx_control *txc = (void *) skb->data;
194         return ar9170_get_seq_h((void *) txc->frame_data);
195 }
196
197 static inline u16 ar9170_get_tid(struct sk_buff *skb)
198 {
199         struct ar9170_tx_control *txc = (void *) skb->data;
200         struct ieee80211_hdr *hdr = (void *) txc->frame_data;
201
202         return (ieee80211_get_qos_ctl(hdr))[0] & IEEE80211_QOS_CTL_TID_MASK;
203 }
204
205 #define GET_NEXT_SEQ(seq)       ((seq + 1) & 0x0fff)
206 #define GET_NEXT_SEQ_FROM_SKB(skb)      (GET_NEXT_SEQ(ar9170_get_seq(skb)))
207
208 #if (defined AR9170_QUEUE_DEBUG) || (defined AR9170_TXAGG_DEBUG)
209 static void ar9170_print_txheader(struct ar9170 *ar, struct sk_buff *skb)
210 {
211         struct ar9170_tx_control *txc = (void *) skb->data;
212         struct ieee80211_tx_info *txinfo = IEEE80211_SKB_CB(skb);
213         struct ar9170_tx_info *arinfo = (void *) txinfo->rate_driver_data;
214         struct ieee80211_hdr *hdr = (void *) txc->frame_data;
215
216         printk(KERN_DEBUG "%s: => FRAME [skb:%p, q:%d, DA:[%pM] flags:%x s:%d "
217                           "mac_ctrl:%04x, phy_ctrl:%08x, timeout:[%d ms]]\n",
218                wiphy_name(ar->hw->wiphy), skb, skb_get_queue_mapping(skb),
219                ieee80211_get_DA(hdr), arinfo->flags, ar9170_get_seq_h(hdr),
220                le16_to_cpu(txc->mac_control), le32_to_cpu(txc->phy_control),
221                jiffies_to_msecs(arinfo->timeout - jiffies));
222 }
223
224 static void __ar9170_dump_txqueue(struct ar9170 *ar,
225                                 struct sk_buff_head *queue)
226 {
227         struct sk_buff *skb;
228         int i = 0;
229
230         printk(KERN_DEBUG "---[ cut here ]---\n");
231         printk(KERN_DEBUG "%s: %d entries in queue.\n",
232                wiphy_name(ar->hw->wiphy), skb_queue_len(queue));
233
234         skb_queue_walk(queue, skb) {
235                 printk(KERN_DEBUG "index:%d => \n", i++);
236                 ar9170_print_txheader(ar, skb);
237         }
238         if (i != skb_queue_len(queue))
239                 printk(KERN_DEBUG "WARNING: queue frame counter "
240                        "mismatch %d != %d\n", skb_queue_len(queue), i);
241         printk(KERN_DEBUG "---[ end ]---\n");
242 }
243 #endif /* AR9170_QUEUE_DEBUG || AR9170_TXAGG_DEBUG */
244
245 #ifdef AR9170_QUEUE_DEBUG
246 static void ar9170_dump_txqueue(struct ar9170 *ar,
247                                 struct sk_buff_head *queue)
248 {
249         unsigned long flags;
250
251         spin_lock_irqsave(&queue->lock, flags);
252         __ar9170_dump_txqueue(ar, queue);
253         spin_unlock_irqrestore(&queue->lock, flags);
254 }
255 #endif /* AR9170_QUEUE_DEBUG */
256
257 #ifdef AR9170_QUEUE_STOP_DEBUG
258 static void __ar9170_dump_txstats(struct ar9170 *ar)
259 {
260         int i;
261
262         printk(KERN_DEBUG "%s: QoS queue stats\n",
263                wiphy_name(ar->hw->wiphy));
264
265         for (i = 0; i < __AR9170_NUM_TXQ; i++)
266                 printk(KERN_DEBUG "%s: queue:%d limit:%d len:%d waitack:%d "
267                        " stopped:%d\n", wiphy_name(ar->hw->wiphy), i,
268                        ar->tx_stats[i].limit, ar->tx_stats[i].len,
269                        skb_queue_len(&ar->tx_status[i]),
270                        ieee80211_queue_stopped(ar->hw, i));
271 }
272 #endif /* AR9170_QUEUE_STOP_DEBUG */
273
274 #ifdef AR9170_TXAGG_DEBUG
275 static void ar9170_dump_tx_status_ampdu(struct ar9170 *ar)
276 {
277         unsigned long flags;
278
279         spin_lock_irqsave(&ar->tx_status_ampdu.lock, flags);
280         printk(KERN_DEBUG "%s: A-MPDU tx_status queue => \n",
281                wiphy_name(ar->hw->wiphy));
282         __ar9170_dump_txqueue(ar, &ar->tx_status_ampdu);
283         spin_unlock_irqrestore(&ar->tx_status_ampdu.lock, flags);
284 }
285
286 #endif /* AR9170_TXAGG_DEBUG */
287
288 /* caller must guarantee exclusive access for _bin_ queue. */
289 static void ar9170_recycle_expired(struct ar9170 *ar,
290                                    struct sk_buff_head *queue,
291                                    struct sk_buff_head *bin)
292 {
293         struct sk_buff *skb, *old = NULL;
294         unsigned long flags;
295
296         spin_lock_irqsave(&queue->lock, flags);
297         while ((skb = skb_peek(queue))) {
298                 struct ieee80211_tx_info *txinfo;
299                 struct ar9170_tx_info *arinfo;
300
301                 txinfo = IEEE80211_SKB_CB(skb);
302                 arinfo = (void *) txinfo->rate_driver_data;
303
304                 if (time_is_before_jiffies(arinfo->timeout)) {
305 #ifdef AR9170_QUEUE_DEBUG
306                         printk(KERN_DEBUG "%s: [%ld > %ld] frame expired => "
307                                "recycle \n", wiphy_name(ar->hw->wiphy),
308                                jiffies, arinfo->timeout);
309                         ar9170_print_txheader(ar, skb);
310 #endif /* AR9170_QUEUE_DEBUG */
311                         __skb_unlink(skb, queue);
312                         __skb_queue_tail(bin, skb);
313                 } else {
314                         break;
315                 }
316
317                 if (unlikely(old == skb)) {
318                         /* bail out - queue is shot. */
319
320                         WARN_ON(1);
321                         break;
322                 }
323                 old = skb;
324         }
325         spin_unlock_irqrestore(&queue->lock, flags);
326 }
327
328 static void ar9170_tx_status(struct ar9170 *ar, struct sk_buff *skb,
329                                     u16 tx_status)
330 {
331         struct ieee80211_tx_info *txinfo;
332         unsigned int retries = 0;
333
334         txinfo = IEEE80211_SKB_CB(skb);
335         ieee80211_tx_info_clear_status(txinfo);
336
337         switch (tx_status) {
338         case AR9170_TX_STATUS_RETRY:
339                 retries = 2;
340         case AR9170_TX_STATUS_COMPLETE:
341                 txinfo->flags |= IEEE80211_TX_STAT_ACK;
342                 break;
343
344         case AR9170_TX_STATUS_FAILED:
345                 retries = ar->hw->conf.long_frame_max_tx_count;
346                 break;
347
348         default:
349                 printk(KERN_ERR "%s: invalid tx_status response (%x).\n",
350                        wiphy_name(ar->hw->wiphy), tx_status);
351                 break;
352         }
353
354         txinfo->status.rates[0].count = retries + 1;
355         skb_pull(skb, sizeof(struct ar9170_tx_control));
356         ieee80211_tx_status_irqsafe(ar->hw, skb);
357 }
358
359 static void ar9170_tx_fake_ampdu_status(struct ar9170 *ar)
360 {
361         struct sk_buff_head success;
362         struct sk_buff *skb;
363         unsigned int i;
364         unsigned long queue_bitmap = 0;
365
366         skb_queue_head_init(&success);
367
368         while (skb_queue_len(&ar->tx_status_ampdu) > AR9170_NUM_TX_STATUS)
369                 __skb_queue_tail(&success, skb_dequeue(&ar->tx_status_ampdu));
370
371         ar9170_recycle_expired(ar, &ar->tx_status_ampdu, &success);
372
373 #ifdef AR9170_TXAGG_DEBUG
374         printk(KERN_DEBUG "%s: collected %d A-MPDU frames.\n",
375                wiphy_name(ar->hw->wiphy), skb_queue_len(&success));
376         __ar9170_dump_txqueue(ar, &success);
377 #endif /* AR9170_TXAGG_DEBUG */
378
379         while ((skb = __skb_dequeue(&success))) {
380                 struct ieee80211_tx_info *txinfo;
381
382                 queue_bitmap |= BIT(skb_get_queue_mapping(skb));
383
384                 txinfo = IEEE80211_SKB_CB(skb);
385                 ieee80211_tx_info_clear_status(txinfo);
386
387                 txinfo->flags |= IEEE80211_TX_STAT_ACK;
388                 txinfo->status.rates[0].count = 1;
389
390                 skb_pull(skb, sizeof(struct ar9170_tx_control));
391                 ieee80211_tx_status_irqsafe(ar->hw, skb);
392         }
393
394         for_each_bit(i, &queue_bitmap, BITS_PER_BYTE) {
395 #ifdef AR9170_QUEUE_STOP_DEBUG
396                 printk(KERN_DEBUG "%s: wake queue %d\n",
397                        wiphy_name(ar->hw->wiphy), i);
398                 __ar9170_dump_txstats(ar);
399 #endif /* AR9170_QUEUE_STOP_DEBUG */
400                 ieee80211_wake_queue(ar->hw, i);
401         }
402
403         if (queue_bitmap)
404                 ar9170_tx(ar);
405 }
406
407 static void ar9170_tx_ampdu_callback(struct ar9170 *ar, struct sk_buff *skb)
408 {
409         struct ieee80211_tx_info *txinfo = IEEE80211_SKB_CB(skb);
410         struct ar9170_tx_info *arinfo = (void *) txinfo->rate_driver_data;
411
412         arinfo->timeout = jiffies +
413                           msecs_to_jiffies(AR9170_BA_TIMEOUT);
414
415         skb_queue_tail(&ar->tx_status_ampdu, skb);
416         ar9170_tx_fake_ampdu_status(ar);
417
418         if (atomic_dec_and_test(&ar->tx_ampdu_pending) &&
419             !list_empty(&ar->tx_ampdu_list))
420                 ar9170_tx_ampdu(ar);
421 }
422
423 void ar9170_tx_callback(struct ar9170 *ar, struct sk_buff *skb)
424 {
425         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
426         struct ar9170_tx_info *arinfo = (void *) info->rate_driver_data;
427         unsigned int queue = skb_get_queue_mapping(skb);
428         unsigned long flags;
429
430         spin_lock_irqsave(&ar->tx_stats_lock, flags);
431         ar->tx_stats[queue].len--;
432
433         if (skb_queue_empty(&ar->tx_pending[queue])) {
434 #ifdef AR9170_QUEUE_STOP_DEBUG
435                 printk(KERN_DEBUG "%s: wake queue %d\n",
436                        wiphy_name(ar->hw->wiphy), queue);
437                 __ar9170_dump_txstats(ar);
438 #endif /* AR9170_QUEUE_STOP_DEBUG */
439                 ieee80211_wake_queue(ar->hw, queue);
440         }
441         spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
442
443         if (arinfo->flags & AR9170_TX_FLAG_BLOCK_ACK) {
444                 ar9170_tx_ampdu_callback(ar, skb);
445         } else if (arinfo->flags & AR9170_TX_FLAG_WAIT_FOR_ACK) {
446                 arinfo->timeout = jiffies +
447                                   msecs_to_jiffies(AR9170_TX_TIMEOUT);
448
449                 skb_queue_tail(&ar->tx_status[queue], skb);
450         } else if (arinfo->flags & AR9170_TX_FLAG_NO_ACK) {
451                 ar9170_tx_status(ar, skb, AR9170_TX_STATUS_FAILED);
452         } else {
453 #ifdef AR9170_QUEUE_DEBUG
454                 printk(KERN_DEBUG "%s: unsupported frame flags!\n",
455                        wiphy_name(ar->hw->wiphy));
456                 ar9170_print_txheader(ar, skb);
457 #endif /* AR9170_QUEUE_DEBUG */
458                 dev_kfree_skb_any(skb);
459         }
460
461         if (!ar->tx_stats[queue].len &&
462             !skb_queue_empty(&ar->tx_pending[queue])) {
463                 ar9170_tx(ar);
464         }
465 }
466
467 static struct sk_buff *ar9170_get_queued_skb(struct ar9170 *ar,
468                                              const u8 *mac,
469                                              struct sk_buff_head *queue,
470                                              const u32 rate)
471 {
472         unsigned long flags;
473         struct sk_buff *skb;
474
475         /*
476          * Unfortunately, the firmware does not tell to which (queued) frame
477          * this transmission status report belongs to.
478          *
479          * So we have to make risky guesses - with the scarce information
480          * the firmware provided (-> destination MAC, and phy_control) -
481          * and hope that we picked the right one...
482          */
483
484         spin_lock_irqsave(&queue->lock, flags);
485         skb_queue_walk(queue, skb) {
486                 struct ar9170_tx_control *txc = (void *) skb->data;
487                 struct ieee80211_hdr *hdr = (void *) txc->frame_data;
488                 u32 r;
489
490                 if (mac && compare_ether_addr(ieee80211_get_DA(hdr), mac)) {
491 #ifdef AR9170_QUEUE_DEBUG
492                         printk(KERN_DEBUG "%s: skip frame => DA %pM != %pM\n",
493                                wiphy_name(ar->hw->wiphy), mac,
494                                ieee80211_get_DA(hdr));
495                         ar9170_print_txheader(ar, skb);
496 #endif /* AR9170_QUEUE_DEBUG */
497                         continue;
498                 }
499
500                 r = (le32_to_cpu(txc->phy_control) & AR9170_TX_PHY_MCS_MASK) >>
501                     AR9170_TX_PHY_MCS_SHIFT;
502
503                 if ((rate != AR9170_TX_INVALID_RATE) && (r != rate)) {
504 #ifdef AR9170_QUEUE_DEBUG
505                         printk(KERN_DEBUG "%s: skip frame => rate %d != %d\n",
506                                wiphy_name(ar->hw->wiphy), rate, r);
507                         ar9170_print_txheader(ar, skb);
508 #endif /* AR9170_QUEUE_DEBUG */
509                         continue;
510                 }
511
512                 __skb_unlink(skb, queue);
513                 spin_unlock_irqrestore(&queue->lock, flags);
514                 return skb;
515         }
516
517 #ifdef AR9170_QUEUE_DEBUG
518         printk(KERN_ERR "%s: ESS:[%pM] does not have any "
519                         "outstanding frames in queue.\n",
520                         wiphy_name(ar->hw->wiphy), mac);
521         __ar9170_dump_txqueue(ar, queue);
522 #endif /* AR9170_QUEUE_DEBUG */
523         spin_unlock_irqrestore(&queue->lock, flags);
524
525         return NULL;
526 }
527
528 static void ar9170_handle_block_ack(struct ar9170 *ar, u16 count, u16 r)
529 {
530         struct sk_buff *skb;
531         struct ieee80211_tx_info *txinfo;
532
533         while (count) {
534                 skb = ar9170_get_queued_skb(ar, NULL, &ar->tx_status_ampdu, r);
535                 if (!skb)
536                         break;
537
538                 txinfo = IEEE80211_SKB_CB(skb);
539                 ieee80211_tx_info_clear_status(txinfo);
540
541                 /* FIXME: maybe more ? */
542                 txinfo->status.rates[0].count = 1;
543
544                 skb_pull(skb, sizeof(struct ar9170_tx_control));
545                 ieee80211_tx_status_irqsafe(ar->hw, skb);
546                 count--;
547         }
548
549 #ifdef AR9170_TXAGG_DEBUG
550         if (count) {
551                 printk(KERN_DEBUG "%s: got %d more failed mpdus, but no more "
552                        "suitable frames left in tx_status queue.\n",
553                        wiphy_name(ar->hw->wiphy), count);
554
555                 ar9170_dump_tx_status_ampdu(ar);
556         }
557 #endif /* AR9170_TXAGG_DEBUG */
558 }
559
560 /*
561  * This worker tries to keeps an maintain tx_status queues.
562  * So we can guarantee that incoming tx_status reports are
563  * actually for a pending frame.
564  */
565
566 static void ar9170_tx_janitor(struct work_struct *work)
567 {
568         struct ar9170 *ar = container_of(work, struct ar9170,
569                                          tx_janitor.work);
570         struct sk_buff_head waste;
571         unsigned int i;
572         bool resched = false;
573
574         if (unlikely(!IS_STARTED(ar)))
575                 return ;
576
577         skb_queue_head_init(&waste);
578
579         for (i = 0; i < __AR9170_NUM_TXQ; i++) {
580 #ifdef AR9170_QUEUE_DEBUG
581                 printk(KERN_DEBUG "%s: garbage collector scans queue:%d\n",
582                        wiphy_name(ar->hw->wiphy), i);
583                 ar9170_dump_txqueue(ar, &ar->tx_pending[i]);
584                 ar9170_dump_txqueue(ar, &ar->tx_status[i]);
585 #endif /* AR9170_QUEUE_DEBUG */
586
587                 ar9170_recycle_expired(ar, &ar->tx_status[i], &waste);
588                 ar9170_recycle_expired(ar, &ar->tx_pending[i], &waste);
589                 skb_queue_purge(&waste);
590
591                 if (!skb_queue_empty(&ar->tx_status[i]) ||
592                     !skb_queue_empty(&ar->tx_pending[i]))
593                         resched = true;
594         }
595
596         ar9170_tx_fake_ampdu_status(ar);
597
598         if (!resched)
599                 return;
600
601         ieee80211_queue_delayed_work(ar->hw,
602                                      &ar->tx_janitor,
603                                      msecs_to_jiffies(AR9170_JANITOR_DELAY));
604 }
605
606 void ar9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len)
607 {
608         struct ar9170_cmd_response *cmd = (void *) buf;
609
610         if ((cmd->type & 0xc0) != 0xc0) {
611                 ar->callback_cmd(ar, len, buf);
612                 return;
613         }
614
615         /* hardware event handlers */
616         switch (cmd->type) {
617         case 0xc1: {
618                 /*
619                  * TX status notification:
620                  * bytes: 0c c1 XX YY M1 M2 M3 M4 M5 M6 R4 R3 R2 R1 S2 S1
621                  *
622                  * XX always 81
623                  * YY always 00
624                  * M1-M6 is the MAC address
625                  * R1-R4 is the transmit rate
626                  * S1-S2 is the transmit status
627                  */
628
629                 struct sk_buff *skb;
630                 u32 phy = le32_to_cpu(cmd->tx_status.rate);
631                 u32 q = (phy & AR9170_TX_PHY_QOS_MASK) >>
632                         AR9170_TX_PHY_QOS_SHIFT;
633 #ifdef AR9170_QUEUE_DEBUG
634                 printk(KERN_DEBUG "%s: recv tx_status for %pM, p:%08x, q:%d\n",
635                        wiphy_name(ar->hw->wiphy), cmd->tx_status.dst, phy, q);
636 #endif /* AR9170_QUEUE_DEBUG */
637
638                 skb = ar9170_get_queued_skb(ar, cmd->tx_status.dst,
639                                             &ar->tx_status[q],
640                                             AR9170_TX_INVALID_RATE);
641                 if (unlikely(!skb))
642                         return ;
643
644                 ar9170_tx_status(ar, skb, le16_to_cpu(cmd->tx_status.status));
645                 break;
646                 }
647
648         case 0xc0:
649                 /*
650                  * pre-TBTT event
651                  */
652                 if (ar->vif && ar->vif->type == NL80211_IFTYPE_AP)
653                         ieee80211_queue_work(ar->hw, &ar->beacon_work);
654                 break;
655
656         case 0xc2:
657                 /*
658                  * (IBSS) beacon send notification
659                  * bytes: 04 c2 XX YY B4 B3 B2 B1
660                  *
661                  * XX always 80
662                  * YY always 00
663                  * B1-B4 "should" be the number of send out beacons.
664                  */
665                 break;
666
667         case 0xc3:
668                 /* End of Atim Window */
669                 break;
670
671         case 0xc4:
672                 /* BlockACK bitmap */
673                 break;
674
675         case 0xc5:
676                 /* BlockACK events */
677                 ar9170_handle_block_ack(ar,
678                                         le16_to_cpu(cmd->ba_fail_cnt.failed),
679                                         le16_to_cpu(cmd->ba_fail_cnt.rate));
680                 ar9170_tx_fake_ampdu_status(ar);
681                 break;
682
683         case 0xc6:
684                 /* Watchdog Interrupt */
685                 break;
686
687         case 0xc9:
688                 /* retransmission issue / SIFS/EIFS collision ?! */
689                 break;
690
691         /* firmware debug */
692         case 0xca:
693                 printk(KERN_DEBUG "ar9170 FW: %.*s\n", len - 4, (char *)buf + 4);
694                 break;
695         case 0xcb:
696                 len -= 4;
697
698                 switch (len) {
699                 case 1:
700                         printk(KERN_DEBUG "ar9170 FW: u8: %#.2x\n",
701                                 *((char *)buf + 4));
702                         break;
703                 case 2:
704                         printk(KERN_DEBUG "ar9170 FW: u8: %#.4x\n",
705                                 le16_to_cpup((__le16 *)((char *)buf + 4)));
706                         break;
707                 case 4:
708                         printk(KERN_DEBUG "ar9170 FW: u8: %#.8x\n",
709                                 le32_to_cpup((__le32 *)((char *)buf + 4)));
710                         break;
711                 case 8:
712                         printk(KERN_DEBUG "ar9170 FW: u8: %#.16lx\n",
713                                 (unsigned long)le64_to_cpup(
714                                                 (__le64 *)((char *)buf + 4)));
715                         break;
716                 }
717                 break;
718         case 0xcc:
719                 print_hex_dump_bytes("ar9170 FW:", DUMP_PREFIX_NONE,
720                                      (char *)buf + 4, len - 4);
721                 break;
722
723         default:
724                 printk(KERN_INFO "received unhandled event %x\n", cmd->type);
725                 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len);
726                 break;
727         }
728 }
729
730 static void ar9170_rx_reset_rx_mpdu(struct ar9170 *ar)
731 {
732         memset(&ar->rx_mpdu.plcp, 0, sizeof(struct ar9170_rx_head));
733         ar->rx_mpdu.has_plcp = false;
734 }
735
736 int ar9170_nag_limiter(struct ar9170 *ar)
737 {
738         bool print_message;
739
740         /*
741          * we expect all sorts of errors in promiscuous mode.
742          * don't bother with it, it's OK!
743          */
744         if (ar->sniffer_enabled)
745                 return false;
746
747         /*
748          * only go for frequent errors! The hardware tends to
749          * do some stupid thing once in a while under load, in
750          * noisy environments or just for fun!
751          */
752         if (time_before(jiffies, ar->bad_hw_nagger) && net_ratelimit())
753                 print_message = true;
754         else
755                 print_message = false;
756
757         /* reset threshold for "once in a while" */
758         ar->bad_hw_nagger = jiffies + HZ / 4;
759         return print_message;
760 }
761
762 static int ar9170_rx_mac_status(struct ar9170 *ar,
763                                 struct ar9170_rx_head *head,
764                                 struct ar9170_rx_macstatus *mac,
765                                 struct ieee80211_rx_status *status)
766 {
767         u8 error, decrypt;
768
769         BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12);
770         BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4);
771
772         error = mac->error;
773         if (error & AR9170_RX_ERROR_MMIC) {
774                 status->flag |= RX_FLAG_MMIC_ERROR;
775                 error &= ~AR9170_RX_ERROR_MMIC;
776         }
777
778         if (error & AR9170_RX_ERROR_PLCP) {
779                 status->flag |= RX_FLAG_FAILED_PLCP_CRC;
780                 error &= ~AR9170_RX_ERROR_PLCP;
781
782                 if (!(ar->filter_state & FIF_PLCPFAIL))
783                         return -EINVAL;
784         }
785
786         if (error & AR9170_RX_ERROR_FCS) {
787                 status->flag |= RX_FLAG_FAILED_FCS_CRC;
788                 error &= ~AR9170_RX_ERROR_FCS;
789
790                 if (!(ar->filter_state & FIF_FCSFAIL))
791                         return -EINVAL;
792         }
793
794         decrypt = ar9170_get_decrypt_type(mac);
795         if (!(decrypt & AR9170_RX_ENC_SOFTWARE) &&
796             decrypt != AR9170_ENC_ALG_NONE)
797                 status->flag |= RX_FLAG_DECRYPTED;
798
799         /* ignore wrong RA errors */
800         error &= ~AR9170_RX_ERROR_WRONG_RA;
801
802         if (error & AR9170_RX_ERROR_DECRYPT) {
803                 error &= ~AR9170_RX_ERROR_DECRYPT;
804                 /*
805                  * Rx decryption is done in place,
806                  * the original data is lost anyway.
807                  */
808
809                 return -EINVAL;
810         }
811
812         /* drop any other error frames */
813         if (unlikely(error)) {
814                 /* TODO: update netdevice's RX dropped/errors statistics */
815
816                 if (ar9170_nag_limiter(ar))
817                         printk(KERN_DEBUG "%s: received frame with "
818                                "suspicious error code (%#x).\n",
819                                wiphy_name(ar->hw->wiphy), error);
820
821                 return -EINVAL;
822         }
823
824         status->band = ar->channel->band;
825         status->freq = ar->channel->center_freq;
826
827         switch (mac->status & AR9170_RX_STATUS_MODULATION_MASK) {
828         case AR9170_RX_STATUS_MODULATION_CCK:
829                 if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE)
830                         status->flag |= RX_FLAG_SHORTPRE;
831                 switch (head->plcp[0]) {
832                 case 0x0a:
833                         status->rate_idx = 0;
834                         break;
835                 case 0x14:
836                         status->rate_idx = 1;
837                         break;
838                 case 0x37:
839                         status->rate_idx = 2;
840                         break;
841                 case 0x6e:
842                         status->rate_idx = 3;
843                         break;
844                 default:
845                         if (ar9170_nag_limiter(ar))
846                                 printk(KERN_ERR "%s: invalid plcp cck rate "
847                                        "(%x).\n", wiphy_name(ar->hw->wiphy),
848                                        head->plcp[0]);
849                         return -EINVAL;
850                 }
851                 break;
852
853         case AR9170_RX_STATUS_MODULATION_DUPOFDM:
854         case AR9170_RX_STATUS_MODULATION_OFDM:
855                 switch (head->plcp[0] & 0xf) {
856                 case 0xb:
857                         status->rate_idx = 0;
858                         break;
859                 case 0xf:
860                         status->rate_idx = 1;
861                         break;
862                 case 0xa:
863                         status->rate_idx = 2;
864                         break;
865                 case 0xe:
866                         status->rate_idx = 3;
867                         break;
868                 case 0x9:
869                         status->rate_idx = 4;
870                         break;
871                 case 0xd:
872                         status->rate_idx = 5;
873                         break;
874                 case 0x8:
875                         status->rate_idx = 6;
876                         break;
877                 case 0xc:
878                         status->rate_idx = 7;
879                         break;
880                 default:
881                         if (ar9170_nag_limiter(ar))
882                                 printk(KERN_ERR "%s: invalid plcp ofdm rate "
883                                        "(%x).\n", wiphy_name(ar->hw->wiphy),
884                                        head->plcp[0]);
885                         return -EINVAL;
886                 }
887                 if (status->band == IEEE80211_BAND_2GHZ)
888                         status->rate_idx += 4;
889                 break;
890
891         case AR9170_RX_STATUS_MODULATION_HT:
892                 if (head->plcp[3] & 0x80)
893                         status->flag |= RX_FLAG_40MHZ;
894                 if (head->plcp[6] & 0x80)
895                         status->flag |= RX_FLAG_SHORT_GI;
896
897                 status->rate_idx = clamp(0, 75, head->plcp[6] & 0x7f);
898                 status->flag |= RX_FLAG_HT;
899                 break;
900
901         default:
902                 if (ar9170_nag_limiter(ar))
903                         printk(KERN_ERR "%s: invalid modulation\n",
904                                wiphy_name(ar->hw->wiphy));
905                 return -EINVAL;
906         }
907
908         return 0;
909 }
910
911 static void ar9170_rx_phy_status(struct ar9170 *ar,
912                                  struct ar9170_rx_phystatus *phy,
913                                  struct ieee80211_rx_status *status)
914 {
915         int i;
916
917         BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20);
918
919         for (i = 0; i < 3; i++)
920                 if (phy->rssi[i] != 0x80)
921                         status->antenna |= BIT(i);
922
923         /* post-process RSSI */
924         for (i = 0; i < 7; i++)
925                 if (phy->rssi[i] & 0x80)
926                         phy->rssi[i] = ((phy->rssi[i] & 0x7f) + 1) & 0x7f;
927
928         /* TODO: we could do something with phy_errors */
929         status->signal = ar->noise[0] + phy->rssi_combined;
930         status->noise = ar->noise[0];
931 }
932
933 static struct sk_buff *ar9170_rx_copy_data(u8 *buf, int len)
934 {
935         struct sk_buff *skb;
936         int reserved = 0;
937         struct ieee80211_hdr *hdr = (void *) buf;
938
939         if (ieee80211_is_data_qos(hdr->frame_control)) {
940                 u8 *qc = ieee80211_get_qos_ctl(hdr);
941                 reserved += NET_IP_ALIGN;
942
943                 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
944                         reserved += NET_IP_ALIGN;
945         }
946
947         if (ieee80211_has_a4(hdr->frame_control))
948                 reserved += NET_IP_ALIGN;
949
950         reserved = 32 + (reserved & NET_IP_ALIGN);
951
952         skb = dev_alloc_skb(len + reserved);
953         if (likely(skb)) {
954                 skb_reserve(skb, reserved);
955                 memcpy(skb_put(skb, len), buf, len);
956         }
957
958         return skb;
959 }
960
961 /*
962  * If the frame alignment is right (or the kernel has
963  * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there
964  * is only a single MPDU in the USB frame, then we could
965  * submit to mac80211 the SKB directly. However, since
966  * there may be multiple packets in one SKB in stream
967  * mode, and we need to observe the proper ordering,
968  * this is non-trivial.
969  */
970
971 static void ar9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len)
972 {
973         struct ar9170_rx_head *head;
974         struct ar9170_rx_macstatus *mac;
975         struct ar9170_rx_phystatus *phy = NULL;
976         struct ieee80211_rx_status status;
977         struct sk_buff *skb;
978         int mpdu_len;
979
980         if (unlikely(!IS_STARTED(ar) || len < (sizeof(*mac))))
981                 return ;
982
983         /* Received MPDU */
984         mpdu_len = len - sizeof(*mac);
985
986         mac = (void *)(buf + mpdu_len);
987         if (unlikely(mac->error & AR9170_RX_ERROR_FATAL)) {
988                 /* this frame is too damaged and can't be used - drop it */
989
990                 return ;
991         }
992
993         switch (mac->status & AR9170_RX_STATUS_MPDU_MASK) {
994         case AR9170_RX_STATUS_MPDU_FIRST:
995                 /* first mpdu packet has the plcp header */
996                 if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) {
997                         head = (void *) buf;
998                         memcpy(&ar->rx_mpdu.plcp, (void *) buf,
999                                sizeof(struct ar9170_rx_head));
1000
1001                         mpdu_len -= sizeof(struct ar9170_rx_head);
1002                         buf += sizeof(struct ar9170_rx_head);
1003                         ar->rx_mpdu.has_plcp = true;
1004                 } else {
1005                         if (ar9170_nag_limiter(ar))
1006                                 printk(KERN_ERR "%s: plcp info is clipped.\n",
1007                                        wiphy_name(ar->hw->wiphy));
1008                         return ;
1009                 }
1010                 break;
1011
1012         case AR9170_RX_STATUS_MPDU_LAST:
1013                 /* last mpdu has a extra tail with phy status information */
1014
1015                 if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) {
1016                         mpdu_len -= sizeof(struct ar9170_rx_phystatus);
1017                         phy = (void *)(buf + mpdu_len);
1018                 } else {
1019                         if (ar9170_nag_limiter(ar))
1020                                 printk(KERN_ERR "%s: frame tail is clipped.\n",
1021                                        wiphy_name(ar->hw->wiphy));
1022                         return ;
1023                 }
1024
1025         case AR9170_RX_STATUS_MPDU_MIDDLE:
1026                 /* middle mpdus are just data */
1027                 if (unlikely(!ar->rx_mpdu.has_plcp)) {
1028                         if (!ar9170_nag_limiter(ar))
1029                                 return ;
1030
1031                         printk(KERN_ERR "%s: rx stream did not start "
1032                                         "with a first_mpdu frame tag.\n",
1033                                wiphy_name(ar->hw->wiphy));
1034
1035                         return ;
1036                 }
1037
1038                 head = &ar->rx_mpdu.plcp;
1039                 break;
1040
1041         case AR9170_RX_STATUS_MPDU_SINGLE:
1042                 /* single mpdu - has plcp (head) and phy status (tail) */
1043                 head = (void *) buf;
1044
1045                 mpdu_len -= sizeof(struct ar9170_rx_head);
1046                 mpdu_len -= sizeof(struct ar9170_rx_phystatus);
1047
1048                 buf += sizeof(struct ar9170_rx_head);
1049                 phy = (void *)(buf + mpdu_len);
1050                 break;
1051
1052         default:
1053                 BUG_ON(1);
1054                 break;
1055         }
1056
1057         if (unlikely(mpdu_len < FCS_LEN))
1058                 return ;
1059
1060         memset(&status, 0, sizeof(status));
1061         if (unlikely(ar9170_rx_mac_status(ar, head, mac, &status)))
1062                 return ;
1063
1064         if (phy)
1065                 ar9170_rx_phy_status(ar, phy, &status);
1066
1067         skb = ar9170_rx_copy_data(buf, mpdu_len);
1068         if (likely(skb)) {
1069                 memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
1070                 ieee80211_rx_irqsafe(ar->hw, skb);
1071         }
1072 }
1073
1074 void ar9170_rx(struct ar9170 *ar, struct sk_buff *skb)
1075 {
1076         unsigned int i, tlen, resplen, wlen = 0, clen = 0;
1077         u8 *tbuf, *respbuf;
1078
1079         tbuf = skb->data;
1080         tlen = skb->len;
1081
1082         while (tlen >= 4) {
1083                 clen = tbuf[1] << 8 | tbuf[0];
1084                 wlen = ALIGN(clen, 4);
1085
1086                 /* check if this is stream has a valid tag.*/
1087                 if (tbuf[2] != 0 || tbuf[3] != 0x4e) {
1088                         /*
1089                          * TODO: handle the highly unlikely event that the
1090                          * corrupted stream has the TAG at the right position.
1091                          */
1092
1093                         /* check if the frame can be repaired. */
1094                         if (!ar->rx_failover_missing) {
1095                                 /* this is no "short read". */
1096                                 if (ar9170_nag_limiter(ar)) {
1097                                         printk(KERN_ERR "%s: missing tag!\n",
1098                                                wiphy_name(ar->hw->wiphy));
1099                                         goto err_telluser;
1100                                 } else
1101                                         goto err_silent;
1102                         }
1103
1104                         if (ar->rx_failover_missing > tlen) {
1105                                 if (ar9170_nag_limiter(ar)) {
1106                                         printk(KERN_ERR "%s: possible multi "
1107                                                "stream corruption!\n",
1108                                                wiphy_name(ar->hw->wiphy));
1109                                         goto err_telluser;
1110                                 } else
1111                                         goto err_silent;
1112                         }
1113
1114                         memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen);
1115                         ar->rx_failover_missing -= tlen;
1116
1117                         if (ar->rx_failover_missing <= 0) {
1118                                 /*
1119                                  * nested ar9170_rx call!
1120                                  * termination is guranteed, even when the
1121                                  * combined frame also have a element with
1122                                  * a bad tag.
1123                                  */
1124
1125                                 ar->rx_failover_missing = 0;
1126                                 ar9170_rx(ar, ar->rx_failover);
1127
1128                                 skb_reset_tail_pointer(ar->rx_failover);
1129                                 skb_trim(ar->rx_failover, 0);
1130                         }
1131
1132                         return ;
1133                 }
1134
1135                 /* check if stream is clipped */
1136                 if (wlen > tlen - 4) {
1137                         if (ar->rx_failover_missing) {
1138                                 /* TODO: handle double stream corruption. */
1139                                 if (ar9170_nag_limiter(ar)) {
1140                                         printk(KERN_ERR "%s: double rx stream "
1141                                                "corruption!\n",
1142                                                 wiphy_name(ar->hw->wiphy));
1143                                         goto err_telluser;
1144                                 } else
1145                                         goto err_silent;
1146                         }
1147
1148                         /*
1149                          * save incomplete data set.
1150                          * the firmware will resend the missing bits when
1151                          * the rx - descriptor comes round again.
1152                          */
1153
1154                         memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen);
1155                         ar->rx_failover_missing = clen - tlen;
1156                         return ;
1157                 }
1158                 resplen = clen;
1159                 respbuf = tbuf + 4;
1160                 tbuf += wlen + 4;
1161                 tlen -= wlen + 4;
1162
1163                 i = 0;
1164
1165                 /* weird thing, but this is the same in the original driver */
1166                 while (resplen > 2 && i < 12 &&
1167                        respbuf[0] == 0xff && respbuf[1] == 0xff) {
1168                         i += 2;
1169                         resplen -= 2;
1170                         respbuf += 2;
1171                 }
1172
1173                 if (resplen < 4)
1174                         continue;
1175
1176                 /* found the 6 * 0xffff marker? */
1177                 if (i == 12)
1178                         ar9170_handle_command_response(ar, respbuf, resplen);
1179                 else
1180                         ar9170_handle_mpdu(ar, respbuf, clen);
1181         }
1182
1183         if (tlen) {
1184                 if (net_ratelimit())
1185                         printk(KERN_ERR "%s: %d bytes of unprocessed "
1186                                         "data left in rx stream!\n",
1187                                wiphy_name(ar->hw->wiphy), tlen);
1188
1189                 goto err_telluser;
1190         }
1191
1192         return ;
1193
1194 err_telluser:
1195         printk(KERN_ERR "%s: damaged RX stream data [want:%d, "
1196                         "data:%d, rx:%d, pending:%d ]\n",
1197                wiphy_name(ar->hw->wiphy), clen, wlen, tlen,
1198                ar->rx_failover_missing);
1199
1200         if (ar->rx_failover_missing)
1201                 print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET,
1202                                      ar->rx_failover->data,
1203                                      ar->rx_failover->len);
1204
1205         print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET,
1206                              skb->data, skb->len);
1207
1208         printk(KERN_ERR "%s: please check your hardware and cables, if "
1209                         "you see this message frequently.\n",
1210                wiphy_name(ar->hw->wiphy));
1211
1212 err_silent:
1213         if (ar->rx_failover_missing) {
1214                 skb_reset_tail_pointer(ar->rx_failover);
1215                 skb_trim(ar->rx_failover, 0);
1216                 ar->rx_failover_missing = 0;
1217         }
1218 }
1219
1220 #define AR9170_FILL_QUEUE(queue, ai_fs, cwmin, cwmax, _txop)            \
1221 do {                                                                    \
1222         queue.aifs = ai_fs;                                             \
1223         queue.cw_min = cwmin;                                           \
1224         queue.cw_max = cwmax;                                           \
1225         queue.txop = _txop;                                             \
1226 } while (0)
1227
1228 static int ar9170_op_start(struct ieee80211_hw *hw)
1229 {
1230         struct ar9170 *ar = hw->priv;
1231         int err, i;
1232
1233         mutex_lock(&ar->mutex);
1234
1235         /* reinitialize queues statistics */
1236         memset(&ar->tx_stats, 0, sizeof(ar->tx_stats));
1237         for (i = 0; i < __AR9170_NUM_TXQ; i++)
1238                 ar->tx_stats[i].limit = AR9170_TXQ_DEPTH;
1239
1240         /* reset QoS defaults */
1241         AR9170_FILL_QUEUE(ar->edcf[0], 3, 15, 1023,  0); /* BEST EFFORT*/
1242         AR9170_FILL_QUEUE(ar->edcf[1], 7, 15, 1023,  0); /* BACKGROUND */
1243         AR9170_FILL_QUEUE(ar->edcf[2], 2, 7,    15, 94); /* VIDEO */
1244         AR9170_FILL_QUEUE(ar->edcf[3], 2, 3,     7, 47); /* VOICE */
1245         AR9170_FILL_QUEUE(ar->edcf[4], 2, 3,     7,  0); /* SPECIAL */
1246
1247         /* set sane AMPDU defaults */
1248         ar->global_ampdu_density = 6;
1249         ar->global_ampdu_factor = 3;
1250
1251         atomic_set(&ar->tx_ampdu_pending, 0);
1252         ar->bad_hw_nagger = jiffies;
1253
1254         err = ar->open(ar);
1255         if (err)
1256                 goto out;
1257
1258         err = ar9170_init_mac(ar);
1259         if (err)
1260                 goto out;
1261
1262         err = ar9170_set_qos(ar);
1263         if (err)
1264                 goto out;
1265
1266         err = ar9170_init_phy(ar, IEEE80211_BAND_2GHZ);
1267         if (err)
1268                 goto out;
1269
1270         err = ar9170_init_rf(ar);
1271         if (err)
1272                 goto out;
1273
1274         /* start DMA */
1275         err = ar9170_write_reg(ar, 0x1c3d30, 0x100);
1276         if (err)
1277                 goto out;
1278
1279         ar->state = AR9170_STARTED;
1280
1281 out:
1282         mutex_unlock(&ar->mutex);
1283         return err;
1284 }
1285
1286 static void ar9170_op_stop(struct ieee80211_hw *hw)
1287 {
1288         struct ar9170 *ar = hw->priv;
1289         unsigned int i;
1290
1291         if (IS_STARTED(ar))
1292                 ar->state = AR9170_IDLE;
1293
1294         cancel_delayed_work_sync(&ar->tx_janitor);
1295 #ifdef CONFIG_AR9170_LEDS
1296         cancel_delayed_work_sync(&ar->led_work);
1297 #endif
1298         cancel_work_sync(&ar->beacon_work);
1299
1300         mutex_lock(&ar->mutex);
1301
1302         if (IS_ACCEPTING_CMD(ar)) {
1303                 ar9170_set_leds_state(ar, 0);
1304
1305                 /* stop DMA */
1306                 ar9170_write_reg(ar, 0x1c3d30, 0);
1307                 ar->stop(ar);
1308         }
1309
1310         for (i = 0; i < __AR9170_NUM_TXQ; i++) {
1311                 skb_queue_purge(&ar->tx_pending[i]);
1312                 skb_queue_purge(&ar->tx_status[i]);
1313         }
1314         skb_queue_purge(&ar->tx_status_ampdu);
1315
1316         mutex_unlock(&ar->mutex);
1317 }
1318
1319 static void ar9170_tx_indicate_immba(struct ar9170 *ar, struct sk_buff *skb)
1320 {
1321         struct ar9170_tx_control *txc = (void *) skb->data;
1322
1323         txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_IMM_AMPDU);
1324 }
1325
1326 static void ar9170_tx_copy_phy(struct ar9170 *ar, struct sk_buff *dst,
1327                                struct sk_buff *src)
1328 {
1329         struct ar9170_tx_control *dst_txc, *src_txc;
1330         struct ieee80211_tx_info *dst_info, *src_info;
1331         struct ar9170_tx_info *dst_arinfo, *src_arinfo;
1332
1333         src_txc = (void *) src->data;
1334         src_info = IEEE80211_SKB_CB(src);
1335         src_arinfo = (void *) src_info->rate_driver_data;
1336
1337         dst_txc = (void *) dst->data;
1338         dst_info = IEEE80211_SKB_CB(dst);
1339         dst_arinfo = (void *) dst_info->rate_driver_data;
1340
1341         dst_txc->phy_control = src_txc->phy_control;
1342
1343         /* same MCS for the whole aggregate */
1344         memcpy(dst_info->driver_rates, src_info->driver_rates,
1345                sizeof(dst_info->driver_rates));
1346 }
1347
1348 static int ar9170_tx_prepare(struct ar9170 *ar, struct sk_buff *skb)
1349 {
1350         struct ieee80211_hdr *hdr;
1351         struct ar9170_tx_control *txc;
1352         struct ieee80211_tx_info *info;
1353         struct ieee80211_tx_rate *txrate;
1354         struct ar9170_tx_info *arinfo;
1355         unsigned int queue = skb_get_queue_mapping(skb);
1356         u16 keytype = 0;
1357         u16 len, icv = 0;
1358
1359         BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
1360
1361         hdr = (void *)skb->data;
1362         info = IEEE80211_SKB_CB(skb);
1363         len = skb->len;
1364
1365         txc = (void *)skb_push(skb, sizeof(*txc));
1366
1367         if (info->control.hw_key) {
1368                 icv = info->control.hw_key->icv_len;
1369
1370                 switch (info->control.hw_key->alg) {
1371                 case ALG_WEP:
1372                         keytype = AR9170_TX_MAC_ENCR_RC4;
1373                         break;
1374                 case ALG_TKIP:
1375                         keytype = AR9170_TX_MAC_ENCR_RC4;
1376                         break;
1377                 case ALG_CCMP:
1378                         keytype = AR9170_TX_MAC_ENCR_AES;
1379                         break;
1380                 default:
1381                         WARN_ON(1);
1382                         goto err_out;
1383                 }
1384         }
1385
1386         /* Length */
1387         txc->length = cpu_to_le16(len + icv + 4);
1388
1389         txc->mac_control = cpu_to_le16(AR9170_TX_MAC_HW_DURATION |
1390                                        AR9170_TX_MAC_BACKOFF);
1391         txc->mac_control |= cpu_to_le16(ar9170_qos_hwmap[queue] <<
1392                                         AR9170_TX_MAC_QOS_SHIFT);
1393         txc->mac_control |= cpu_to_le16(keytype);
1394         txc->phy_control = cpu_to_le32(0);
1395
1396         if (info->flags & IEEE80211_TX_CTL_NO_ACK)
1397                 txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_NO_ACK);
1398
1399         txrate = &info->control.rates[0];
1400         if (txrate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT)
1401                 txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS);
1402         else if (txrate->flags & IEEE80211_TX_RC_USE_RTS_CTS)
1403                 txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS);
1404
1405         arinfo = (void *)info->rate_driver_data;
1406         arinfo->timeout = jiffies + msecs_to_jiffies(AR9170_QUEUE_TIMEOUT);
1407
1408         if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) &&
1409              (is_valid_ether_addr(ieee80211_get_DA(hdr)))) {
1410                 if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1411                         if (unlikely(!info->control.sta))
1412                                 goto err_out;
1413
1414                         txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_AGGR);
1415                         arinfo->flags = AR9170_TX_FLAG_BLOCK_ACK;
1416
1417                         goto out;
1418                 }
1419
1420                 txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_RATE_PROBE);
1421                 /*
1422                  * WARNING:
1423                  * Putting the QoS queue bits into an unexplored territory is
1424                  * certainly not elegant.
1425                  *
1426                  * In my defense: This idea provides a reasonable way to
1427                  * smuggle valuable information to the tx_status callback.
1428                  * Also, the idea behind this bit-abuse came straight from
1429                  * the original driver code.
1430                  */
1431
1432                 txc->phy_control |=
1433                         cpu_to_le32(queue << AR9170_TX_PHY_QOS_SHIFT);
1434                 arinfo->flags = AR9170_TX_FLAG_WAIT_FOR_ACK;
1435         } else {
1436                 arinfo->flags = AR9170_TX_FLAG_NO_ACK;
1437         }
1438
1439 out:
1440         return 0;
1441
1442 err_out:
1443         skb_pull(skb, sizeof(*txc));
1444         return -EINVAL;
1445 }
1446
1447 static void ar9170_tx_prepare_phy(struct ar9170 *ar, struct sk_buff *skb)
1448 {
1449         struct ar9170_tx_control *txc;
1450         struct ieee80211_tx_info *info;
1451         struct ieee80211_rate *rate = NULL;
1452         struct ieee80211_tx_rate *txrate;
1453         u32 power, chains;
1454
1455         txc = (void *) skb->data;
1456         info = IEEE80211_SKB_CB(skb);
1457         txrate = &info->control.rates[0];
1458
1459         if (txrate->flags & IEEE80211_TX_RC_GREEN_FIELD)
1460                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_GREENFIELD);
1461
1462         if (txrate->flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
1463                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_SHORT_PREAMBLE);
1464
1465         if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
1466                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ);
1467         /* this works because 40 MHz is 2 and dup is 3 */
1468         if (txrate->flags & IEEE80211_TX_RC_DUP_DATA)
1469                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ_DUP);
1470
1471         if (txrate->flags & IEEE80211_TX_RC_SHORT_GI)
1472                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_SHORT_GI);
1473
1474         if (txrate->flags & IEEE80211_TX_RC_MCS) {
1475                 u32 r = txrate->idx;
1476                 u8 *txpower;
1477
1478                 /* heavy clip control */
1479                 txc->phy_control |= cpu_to_le32((r & 0x7) << 7);
1480
1481                 r <<= AR9170_TX_PHY_MCS_SHIFT;
1482                 BUG_ON(r & ~AR9170_TX_PHY_MCS_MASK);
1483
1484                 txc->phy_control |= cpu_to_le32(r & AR9170_TX_PHY_MCS_MASK);
1485                 txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_MOD_HT);
1486
1487                 if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
1488                         if (info->band == IEEE80211_BAND_5GHZ)
1489                                 txpower = ar->power_5G_ht40;
1490                         else
1491                                 txpower = ar->power_2G_ht40;
1492                 } else {
1493                         if (info->band == IEEE80211_BAND_5GHZ)
1494                                 txpower = ar->power_5G_ht20;
1495                         else
1496                                 txpower = ar->power_2G_ht20;
1497                 }
1498
1499                 power = txpower[(txrate->idx) & 7];
1500         } else {
1501                 u8 *txpower;
1502                 u32 mod;
1503                 u32 phyrate;
1504                 u8 idx = txrate->idx;
1505
1506                 if (info->band != IEEE80211_BAND_2GHZ) {
1507                         idx += 4;
1508                         txpower = ar->power_5G_leg;
1509                         mod = AR9170_TX_PHY_MOD_OFDM;
1510                 } else {
1511                         if (idx < 4) {
1512                                 txpower = ar->power_2G_cck;
1513                                 mod = AR9170_TX_PHY_MOD_CCK;
1514                         } else {
1515                                 mod = AR9170_TX_PHY_MOD_OFDM;
1516                                 txpower = ar->power_2G_ofdm;
1517                         }
1518                 }
1519
1520                 rate = &__ar9170_ratetable[idx];
1521
1522                 phyrate = rate->hw_value & 0xF;
1523                 power = txpower[(rate->hw_value & 0x30) >> 4];
1524                 phyrate <<= AR9170_TX_PHY_MCS_SHIFT;
1525
1526                 txc->phy_control |= cpu_to_le32(mod);
1527                 txc->phy_control |= cpu_to_le32(phyrate);
1528         }
1529
1530         power <<= AR9170_TX_PHY_TX_PWR_SHIFT;
1531         power &= AR9170_TX_PHY_TX_PWR_MASK;
1532         txc->phy_control |= cpu_to_le32(power);
1533
1534         /* set TX chains */
1535         if (ar->eeprom.tx_mask == 1) {
1536                 chains = AR9170_TX_PHY_TXCHAIN_1;
1537         } else {
1538                 chains = AR9170_TX_PHY_TXCHAIN_2;
1539
1540                 /* >= 36M legacy OFDM - use only one chain */
1541                 if (rate && rate->bitrate >= 360)
1542                         chains = AR9170_TX_PHY_TXCHAIN_1;
1543         }
1544         txc->phy_control |= cpu_to_le32(chains << AR9170_TX_PHY_TXCHAIN_SHIFT);
1545 }
1546
1547 static bool ar9170_tx_ampdu(struct ar9170 *ar)
1548 {
1549         struct sk_buff_head agg;
1550         struct ar9170_sta_tid *tid_info = NULL, *tmp;
1551         struct sk_buff *skb, *first = NULL;
1552         unsigned long flags, f2;
1553         unsigned int i = 0;
1554         u16 seq, queue, tmpssn;
1555         bool run = false;
1556
1557         skb_queue_head_init(&agg);
1558
1559         spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
1560         if (list_empty(&ar->tx_ampdu_list)) {
1561 #ifdef AR9170_TXAGG_DEBUG
1562                 printk(KERN_DEBUG "%s: aggregation list is empty.\n",
1563                        wiphy_name(ar->hw->wiphy));
1564 #endif /* AR9170_TXAGG_DEBUG */
1565                 goto out_unlock;
1566         }
1567
1568         list_for_each_entry_safe(tid_info, tmp, &ar->tx_ampdu_list, list) {
1569                 if (tid_info->state != AR9170_TID_STATE_COMPLETE) {
1570 #ifdef AR9170_TXAGG_DEBUG
1571                         printk(KERN_DEBUG "%s: dangling aggregation entry!\n",
1572                                wiphy_name(ar->hw->wiphy));
1573 #endif /* AR9170_TXAGG_DEBUG */
1574                         continue;
1575                 }
1576
1577                 if (++i > 64) {
1578 #ifdef AR9170_TXAGG_DEBUG
1579                         printk(KERN_DEBUG "%s: enough frames aggregated.\n",
1580                                wiphy_name(ar->hw->wiphy));
1581 #endif /* AR9170_TXAGG_DEBUG */
1582                         break;
1583                 }
1584
1585                 queue = TID_TO_WME_AC(tid_info->tid);
1586
1587                 if (skb_queue_len(&ar->tx_pending[queue]) >=
1588                     AR9170_NUM_TX_AGG_MAX) {
1589 #ifdef AR9170_TXAGG_DEBUG
1590                         printk(KERN_DEBUG "%s: queue %d full.\n",
1591                                wiphy_name(ar->hw->wiphy), queue);
1592 #endif /* AR9170_TXAGG_DEBUG */
1593                         continue;
1594                 }
1595
1596                 list_del_init(&tid_info->list);
1597
1598                 spin_lock_irqsave(&tid_info->queue.lock, f2);
1599                 tmpssn = seq = tid_info->ssn;
1600                 first = skb_peek(&tid_info->queue);
1601
1602                 if (likely(first))
1603                         tmpssn = ar9170_get_seq(first);
1604
1605                 if (unlikely(tmpssn != seq)) {
1606 #ifdef AR9170_TXAGG_DEBUG
1607                         printk(KERN_DEBUG "%s: ssn mismatch [%d != %d]\n.",
1608                                wiphy_name(ar->hw->wiphy), seq, tmpssn);
1609 #endif /* AR9170_TXAGG_DEBUG */
1610                         tid_info->ssn = tmpssn;
1611                 }
1612
1613 #ifdef AR9170_TXAGG_DEBUG
1614                 printk(KERN_DEBUG "%s: generate A-MPDU for tid:%d ssn:%d with "
1615                        "%d queued frames.\n", wiphy_name(ar->hw->wiphy),
1616                        tid_info->tid, tid_info->ssn,
1617                        skb_queue_len(&tid_info->queue));
1618                 __ar9170_dump_txqueue(ar, &tid_info->queue);
1619 #endif /* AR9170_TXAGG_DEBUG */
1620
1621                 while ((skb = skb_peek(&tid_info->queue))) {
1622                         if (unlikely(ar9170_get_seq(skb) != seq))
1623                                 break;
1624
1625                         __skb_unlink(skb, &tid_info->queue);
1626                         tid_info->ssn = seq = GET_NEXT_SEQ(seq);
1627
1628                         if (unlikely(skb_get_queue_mapping(skb) != queue)) {
1629 #ifdef AR9170_TXAGG_DEBUG
1630                                 printk(KERN_DEBUG "%s: tid:%d(q:%d) queue:%d "
1631                                        "!match.\n", wiphy_name(ar->hw->wiphy),
1632                                        tid_info->tid,
1633                                        TID_TO_WME_AC(tid_info->tid),
1634                                        skb_get_queue_mapping(skb));
1635 #endif /* AR9170_TXAGG_DEBUG */
1636                                         dev_kfree_skb_any(skb);
1637                                         continue;
1638                         }
1639
1640                         if (unlikely(first == skb)) {
1641                                 ar9170_tx_prepare_phy(ar, skb);
1642                                 __skb_queue_tail(&agg, skb);
1643                                 first = skb;
1644                         } else {
1645                                 ar9170_tx_copy_phy(ar, skb, first);
1646                                 __skb_queue_tail(&agg, skb);
1647                         }
1648
1649                         if (unlikely(skb_queue_len(&agg) ==
1650                             AR9170_NUM_TX_AGG_MAX))
1651                                 break;
1652                 }
1653
1654                 if (skb_queue_empty(&tid_info->queue))
1655                         tid_info->active = false;
1656                 else
1657                         list_add_tail(&tid_info->list,
1658                                       &ar->tx_ampdu_list);
1659
1660                 spin_unlock_irqrestore(&tid_info->queue.lock, f2);
1661
1662                 if (unlikely(skb_queue_empty(&agg))) {
1663 #ifdef AR9170_TXAGG_DEBUG
1664                         printk(KERN_DEBUG "%s: queued empty list!\n",
1665                                wiphy_name(ar->hw->wiphy));
1666 #endif /* AR9170_TXAGG_DEBUG */
1667                         continue;
1668                 }
1669
1670                 /*
1671                  * tell the FW/HW that this is the last frame,
1672                  * that way it will wait for the immediate block ack.
1673                  */
1674                 if (likely(skb_peek_tail(&agg)))
1675                         ar9170_tx_indicate_immba(ar, skb_peek_tail(&agg));
1676
1677 #ifdef AR9170_TXAGG_DEBUG
1678                 printk(KERN_DEBUG "%s: generated A-MPDU looks like this:\n",
1679                        wiphy_name(ar->hw->wiphy));
1680                 __ar9170_dump_txqueue(ar, &agg);
1681 #endif /* AR9170_TXAGG_DEBUG */
1682
1683                 spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
1684
1685                 spin_lock_irqsave(&ar->tx_pending[queue].lock, flags);
1686                 skb_queue_splice_tail_init(&agg, &ar->tx_pending[queue]);
1687                 spin_unlock_irqrestore(&ar->tx_pending[queue].lock, flags);
1688                 run = true;
1689
1690                 spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
1691         }
1692
1693 out_unlock:
1694         spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
1695         __skb_queue_purge(&agg);
1696
1697         return run;
1698 }
1699
1700 static void ar9170_tx(struct ar9170 *ar)
1701 {
1702         struct sk_buff *skb;
1703         unsigned long flags;
1704         struct ieee80211_tx_info *info;
1705         struct ar9170_tx_info *arinfo;
1706         unsigned int i, frames, frames_failed, remaining_space;
1707         int err;
1708         bool schedule_garbagecollector = false;
1709
1710         BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
1711
1712         if (unlikely(!IS_STARTED(ar)))
1713                 return ;
1714
1715         remaining_space = AR9170_TX_MAX_PENDING;
1716
1717         for (i = 0; i < __AR9170_NUM_TXQ; i++) {
1718                 spin_lock_irqsave(&ar->tx_stats_lock, flags);
1719                 if (ar->tx_stats[i].len >= ar->tx_stats[i].limit) {
1720 #ifdef AR9170_QUEUE_DEBUG
1721                         printk(KERN_DEBUG "%s: queue %d full\n",
1722                                wiphy_name(ar->hw->wiphy), i);
1723
1724                         printk(KERN_DEBUG "%s: stuck frames: ===> \n",
1725                                wiphy_name(ar->hw->wiphy));
1726                         ar9170_dump_txqueue(ar, &ar->tx_pending[i]);
1727                         ar9170_dump_txqueue(ar, &ar->tx_status[i]);
1728 #endif /* AR9170_QUEUE_DEBUG */
1729
1730 #ifdef AR9170_QUEUE_STOP_DEBUG
1731                         printk(KERN_DEBUG "%s: stop queue %d\n",
1732                                wiphy_name(ar->hw->wiphy), i);
1733                         __ar9170_dump_txstats(ar);
1734 #endif /* AR9170_QUEUE_STOP_DEBUG */
1735                         ieee80211_stop_queue(ar->hw, i);
1736                         spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
1737                         continue;
1738                 }
1739
1740                 frames = min(ar->tx_stats[i].limit - ar->tx_stats[i].len,
1741                              skb_queue_len(&ar->tx_pending[i]));
1742
1743                 if (remaining_space < frames) {
1744 #ifdef AR9170_QUEUE_DEBUG
1745                         printk(KERN_DEBUG "%s: tx quota reached queue:%d, "
1746                                "remaining slots:%d, needed:%d\n",
1747                                wiphy_name(ar->hw->wiphy), i, remaining_space,
1748                                frames);
1749 #endif /* AR9170_QUEUE_DEBUG */
1750                         frames = remaining_space;
1751                 }
1752
1753                 ar->tx_stats[i].len += frames;
1754                 ar->tx_stats[i].count += frames;
1755                 spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
1756
1757                 if (!frames)
1758                         continue;
1759
1760                 frames_failed = 0;
1761                 while (frames) {
1762                         skb = skb_dequeue(&ar->tx_pending[i]);
1763                         if (unlikely(!skb)) {
1764                                 frames_failed += frames;
1765                                 frames = 0;
1766                                 break;
1767                         }
1768
1769                         info = IEEE80211_SKB_CB(skb);
1770                         arinfo = (void *) info->rate_driver_data;
1771
1772                         /* TODO: cancel stuck frames */
1773                         arinfo->timeout = jiffies +
1774                                           msecs_to_jiffies(AR9170_TX_TIMEOUT);
1775
1776                         if (arinfo->flags == AR9170_TX_FLAG_BLOCK_ACK)
1777                                 atomic_inc(&ar->tx_ampdu_pending);
1778
1779 #ifdef AR9170_QUEUE_DEBUG
1780                         printk(KERN_DEBUG "%s: send frame q:%d =>\n",
1781                                wiphy_name(ar->hw->wiphy), i);
1782                         ar9170_print_txheader(ar, skb);
1783 #endif /* AR9170_QUEUE_DEBUG */
1784
1785                         err = ar->tx(ar, skb);
1786                         if (unlikely(err)) {
1787                                 if (arinfo->flags == AR9170_TX_FLAG_BLOCK_ACK)
1788                                         atomic_dec(&ar->tx_ampdu_pending);
1789
1790                                 frames_failed++;
1791                                 dev_kfree_skb_any(skb);
1792                         } else {
1793                                 remaining_space--;
1794                                 schedule_garbagecollector = true;
1795                         }
1796
1797                         frames--;
1798                 }
1799
1800 #ifdef AR9170_QUEUE_DEBUG
1801                 printk(KERN_DEBUG "%s: ar9170_tx report for queue %d\n",
1802                        wiphy_name(ar->hw->wiphy), i);
1803
1804                 printk(KERN_DEBUG "%s: unprocessed pending frames left:\n",
1805                        wiphy_name(ar->hw->wiphy));
1806                 ar9170_dump_txqueue(ar, &ar->tx_pending[i]);
1807 #endif /* AR9170_QUEUE_DEBUG */
1808
1809                 if (unlikely(frames_failed)) {
1810 #ifdef AR9170_QUEUE_DEBUG
1811                         printk(KERN_DEBUG "%s: frames failed %d =>\n",
1812                                wiphy_name(ar->hw->wiphy), frames_failed);
1813 #endif /* AR9170_QUEUE_DEBUG */
1814
1815                         spin_lock_irqsave(&ar->tx_stats_lock, flags);
1816                         ar->tx_stats[i].len -= frames_failed;
1817                         ar->tx_stats[i].count -= frames_failed;
1818 #ifdef AR9170_QUEUE_STOP_DEBUG
1819                         printk(KERN_DEBUG "%s: wake queue %d\n",
1820                                wiphy_name(ar->hw->wiphy), i);
1821                         __ar9170_dump_txstats(ar);
1822 #endif /* AR9170_QUEUE_STOP_DEBUG */
1823                         ieee80211_wake_queue(ar->hw, i);
1824                         spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
1825                 }
1826         }
1827
1828         if (!schedule_garbagecollector)
1829                 return;
1830
1831         ieee80211_queue_delayed_work(ar->hw,
1832                                      &ar->tx_janitor,
1833                                      msecs_to_jiffies(AR9170_JANITOR_DELAY));
1834 }
1835
1836 static bool ar9170_tx_ampdu_queue(struct ar9170 *ar, struct sk_buff *skb)
1837 {
1838         struct ieee80211_tx_info *txinfo;
1839         struct ar9170_sta_info *sta_info;
1840         struct ar9170_sta_tid *agg;
1841         struct sk_buff *iter;
1842         unsigned long flags, f2;
1843         unsigned int max;
1844         u16 tid, seq, qseq;
1845         bool run = false, queue = false;
1846
1847         tid = ar9170_get_tid(skb);
1848         seq = ar9170_get_seq(skb);
1849         txinfo = IEEE80211_SKB_CB(skb);
1850         sta_info = (void *) txinfo->control.sta->drv_priv;
1851         agg = &sta_info->agg[tid];
1852         max = sta_info->ampdu_max_len;
1853
1854         spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
1855
1856         if (unlikely(agg->state != AR9170_TID_STATE_COMPLETE)) {
1857 #ifdef AR9170_TXAGG_DEBUG
1858                 printk(KERN_DEBUG "%s: BlockACK session not fully initialized "
1859                        "for ESS:%pM tid:%d state:%d.\n",
1860                        wiphy_name(ar->hw->wiphy), agg->addr, agg->tid,
1861                        agg->state);
1862 #endif /* AR9170_TXAGG_DEBUG */
1863                 goto err_unlock;
1864         }
1865
1866         if (!agg->active) {
1867                 agg->active = true;
1868                 agg->ssn = seq;
1869                 queue = true;
1870         }
1871
1872         /* check if seq is within the BA window */
1873         if (unlikely(!BAW_WITHIN(agg->ssn, max, seq))) {
1874 #ifdef AR9170_TXAGG_DEBUG
1875                 printk(KERN_DEBUG "%s: frame with tid:%d seq:%d does not "
1876                        "fit into BA window (%d - %d)\n",
1877                        wiphy_name(ar->hw->wiphy), tid, seq, agg->ssn,
1878                        (agg->ssn + max) & 0xfff);
1879 #endif /* AR9170_TXAGG_DEBUG */
1880                 goto err_unlock;
1881         }
1882
1883         spin_lock_irqsave(&agg->queue.lock, f2);
1884
1885         skb_queue_reverse_walk(&agg->queue, iter) {
1886                 qseq = ar9170_get_seq(iter);
1887
1888                 if (GET_NEXT_SEQ(qseq) == seq) {
1889                         __skb_queue_after(&agg->queue, iter, skb);
1890                         goto queued;
1891                 }
1892         }
1893
1894         __skb_queue_head(&agg->queue, skb);
1895
1896 queued:
1897         spin_unlock_irqrestore(&agg->queue.lock, f2);
1898
1899 #ifdef AR9170_TXAGG_DEBUG
1900         printk(KERN_DEBUG "%s: new aggregate %p queued.\n",
1901                wiphy_name(ar->hw->wiphy), skb);
1902         __ar9170_dump_txqueue(ar, &agg->queue);
1903 #endif /* AR9170_TXAGG_DEBUG */
1904
1905         if (skb_queue_len(&agg->queue) >= AR9170_NUM_TX_AGG_MAX)
1906                 run = true;
1907
1908         if (queue)
1909                 list_add_tail(&agg->list, &ar->tx_ampdu_list);
1910
1911         spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
1912         return run;
1913
1914 err_unlock:
1915         spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
1916         dev_kfree_skb_irq(skb);
1917         return false;
1918 }
1919
1920 int ar9170_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
1921 {
1922         struct ar9170 *ar = hw->priv;
1923         struct ieee80211_tx_info *info;
1924
1925         if (unlikely(!IS_STARTED(ar)))
1926                 goto err_free;
1927
1928         if (unlikely(ar9170_tx_prepare(ar, skb)))
1929                 goto err_free;
1930
1931         info = IEEE80211_SKB_CB(skb);
1932         if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1933                 bool run = ar9170_tx_ampdu_queue(ar, skb);
1934
1935                 if (run || !atomic_read(&ar->tx_ampdu_pending))
1936                         ar9170_tx_ampdu(ar);
1937         } else {
1938                 unsigned int queue = skb_get_queue_mapping(skb);
1939
1940                 ar9170_tx_prepare_phy(ar, skb);
1941                 skb_queue_tail(&ar->tx_pending[queue], skb);
1942         }
1943
1944         ar9170_tx(ar);
1945         return NETDEV_TX_OK;
1946
1947 err_free:
1948         dev_kfree_skb_any(skb);
1949         return NETDEV_TX_OK;
1950 }
1951
1952 static int ar9170_op_add_interface(struct ieee80211_hw *hw,
1953                                    struct ieee80211_if_init_conf *conf)
1954 {
1955         struct ar9170 *ar = hw->priv;
1956         struct ath_common *common = &ar->common;
1957         int err = 0;
1958
1959         mutex_lock(&ar->mutex);
1960
1961         if (ar->vif) {
1962                 err = -EBUSY;
1963                 goto unlock;
1964         }
1965
1966         ar->vif = conf->vif;
1967         memcpy(common->macaddr, conf->mac_addr, ETH_ALEN);
1968
1969         if (modparam_nohwcrypt || (ar->vif->type != NL80211_IFTYPE_STATION)) {
1970                 ar->rx_software_decryption = true;
1971                 ar->disable_offload = true;
1972         }
1973
1974         ar->cur_filter = 0;
1975         err = ar9170_update_frame_filter(ar, AR9170_MAC_REG_FTF_DEFAULTS);
1976         if (err)
1977                 goto unlock;
1978
1979         err = ar9170_set_operating_mode(ar);
1980
1981 unlock:
1982         mutex_unlock(&ar->mutex);
1983         return err;
1984 }
1985
1986 static void ar9170_op_remove_interface(struct ieee80211_hw *hw,
1987                                        struct ieee80211_if_init_conf *conf)
1988 {
1989         struct ar9170 *ar = hw->priv;
1990
1991         mutex_lock(&ar->mutex);
1992         ar->vif = NULL;
1993         ar9170_update_frame_filter(ar, 0);
1994         ar9170_set_beacon_timers(ar);
1995         dev_kfree_skb(ar->beacon);
1996         ar->beacon = NULL;
1997         ar->sniffer_enabled = false;
1998         ar->rx_software_decryption = false;
1999         ar9170_set_operating_mode(ar);
2000         mutex_unlock(&ar->mutex);
2001 }
2002
2003 static int ar9170_op_config(struct ieee80211_hw *hw, u32 changed)
2004 {
2005         struct ar9170 *ar = hw->priv;
2006         int err = 0;
2007
2008         mutex_lock(&ar->mutex);
2009
2010         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
2011                 /* TODO */
2012                 err = 0;
2013         }
2014
2015         if (changed & IEEE80211_CONF_CHANGE_PS) {
2016                 /* TODO */
2017                 err = 0;
2018         }
2019
2020         if (changed & IEEE80211_CONF_CHANGE_POWER) {
2021                 /* TODO */
2022                 err = 0;
2023         }
2024
2025         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS) {
2026                 /*
2027                  * is it long_frame_max_tx_count or short_frame_max_tx_count?
2028                  */
2029
2030                 err = ar9170_set_hwretry_limit(ar,
2031                         ar->hw->conf.long_frame_max_tx_count);
2032                 if (err)
2033                         goto out;
2034         }
2035
2036         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
2037
2038                 /* adjust slot time for 5 GHz */
2039                 err = ar9170_set_slot_time(ar);
2040                 if (err)
2041                         goto out;
2042
2043                 err = ar9170_set_dyn_sifs_ack(ar);
2044                 if (err)
2045                         goto out;
2046
2047                 err = ar9170_set_channel(ar, hw->conf.channel,
2048                                 AR9170_RFI_NONE,
2049                                 nl80211_to_ar9170(hw->conf.channel_type));
2050                 if (err)
2051                         goto out;
2052         }
2053
2054 out:
2055         mutex_unlock(&ar->mutex);
2056         return err;
2057 }
2058
2059 static u64 ar9170_op_prepare_multicast(struct ieee80211_hw *hw, int mc_count,
2060                                        struct dev_addr_list *mclist)
2061 {
2062         u64 mchash;
2063         int i;
2064
2065         /* always get broadcast frames */
2066         mchash = 1ULL << (0xff >> 2);
2067
2068         for (i = 0; i < mc_count; i++) {
2069                 if (WARN_ON(!mclist))
2070                         break;
2071                 mchash |= 1ULL << (mclist->dmi_addr[5] >> 2);
2072                 mclist = mclist->next;
2073         }
2074
2075         return mchash;
2076 }
2077
2078 static void ar9170_op_configure_filter(struct ieee80211_hw *hw,
2079                                        unsigned int changed_flags,
2080                                        unsigned int *new_flags,
2081                                        u64 multicast)
2082 {
2083         struct ar9170 *ar = hw->priv;
2084
2085         if (unlikely(!IS_ACCEPTING_CMD(ar)))
2086                 return ;
2087
2088         mutex_lock(&ar->mutex);
2089
2090         /* mask supported flags */
2091         *new_flags &= FIF_ALLMULTI | FIF_CONTROL | FIF_BCN_PRBRESP_PROMISC |
2092                       FIF_PROMISC_IN_BSS | FIF_FCSFAIL | FIF_PLCPFAIL;
2093         ar->filter_state = *new_flags;
2094         /*
2095          * We can support more by setting the sniffer bit and
2096          * then checking the error flags, later.
2097          */
2098
2099         if (changed_flags & FIF_ALLMULTI && *new_flags & FIF_ALLMULTI)
2100                 multicast = ~0ULL;
2101
2102         if (multicast != ar->cur_mc_hash)
2103                 ar9170_update_multicast(ar, multicast);
2104
2105         if (changed_flags & FIF_CONTROL) {
2106                 u32 filter = AR9170_MAC_REG_FTF_PSPOLL |
2107                              AR9170_MAC_REG_FTF_RTS |
2108                              AR9170_MAC_REG_FTF_CTS |
2109                              AR9170_MAC_REG_FTF_ACK |
2110                              AR9170_MAC_REG_FTF_CFE |
2111                              AR9170_MAC_REG_FTF_CFE_ACK;
2112
2113                 if (*new_flags & FIF_CONTROL)
2114                         filter |= ar->cur_filter;
2115                 else
2116                         filter &= (~ar->cur_filter);
2117
2118                 ar9170_update_frame_filter(ar, filter);
2119         }
2120
2121         if (changed_flags & FIF_PROMISC_IN_BSS) {
2122                 ar->sniffer_enabled = ((*new_flags) & FIF_PROMISC_IN_BSS) != 0;
2123                 ar9170_set_operating_mode(ar);
2124         }
2125
2126         mutex_unlock(&ar->mutex);
2127 }
2128
2129
2130 static void ar9170_op_bss_info_changed(struct ieee80211_hw *hw,
2131                                        struct ieee80211_vif *vif,
2132                                        struct ieee80211_bss_conf *bss_conf,
2133                                        u32 changed)
2134 {
2135         struct ar9170 *ar = hw->priv;
2136         struct ath_common *common = &ar->common;
2137         int err = 0;
2138
2139         mutex_lock(&ar->mutex);
2140
2141         if (changed & BSS_CHANGED_BSSID) {
2142                 memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN);
2143                 err = ar9170_set_operating_mode(ar);
2144                 if (err)
2145                         goto out;
2146         }
2147
2148         if (changed & BSS_CHANGED_BEACON_ENABLED)
2149                 ar->enable_beacon = bss_conf->enable_beacon;
2150
2151         if (changed & BSS_CHANGED_BEACON) {
2152                 err = ar9170_update_beacon(ar);
2153                 if (err)
2154                         goto out;
2155         }
2156
2157         if (changed & (BSS_CHANGED_BEACON_ENABLED | BSS_CHANGED_BEACON |
2158                        BSS_CHANGED_BEACON_INT)) {
2159                 err = ar9170_set_beacon_timers(ar);
2160                 if (err)
2161                         goto out;
2162         }
2163
2164         if (changed & BSS_CHANGED_ASSOC) {
2165 #ifndef CONFIG_AR9170_LEDS
2166                 /* enable assoc LED. */
2167                 err = ar9170_set_leds_state(ar, bss_conf->assoc ? 2 : 0);
2168 #endif /* CONFIG_AR9170_LEDS */
2169         }
2170
2171         if (changed & BSS_CHANGED_HT) {
2172                 /* TODO */
2173                 err = 0;
2174         }
2175
2176         if (changed & BSS_CHANGED_ERP_SLOT) {
2177                 err = ar9170_set_slot_time(ar);
2178                 if (err)
2179                         goto out;
2180         }
2181
2182         if (changed & BSS_CHANGED_BASIC_RATES) {
2183                 err = ar9170_set_basic_rates(ar);
2184                 if (err)
2185                         goto out;
2186         }
2187
2188 out:
2189         mutex_unlock(&ar->mutex);
2190 }
2191
2192 static u64 ar9170_op_get_tsf(struct ieee80211_hw *hw)
2193 {
2194         struct ar9170 *ar = hw->priv;
2195         int err;
2196         u64 tsf;
2197 #define NR 3
2198         static const u32 addr[NR] = { AR9170_MAC_REG_TSF_H,
2199                                     AR9170_MAC_REG_TSF_L,
2200                                     AR9170_MAC_REG_TSF_H };
2201         u32 val[NR];
2202         int loops = 0;
2203
2204         mutex_lock(&ar->mutex);
2205
2206         while (loops++ < 10) {
2207                 err = ar9170_read_mreg(ar, NR, addr, val);
2208                 if (err || val[0] == val[2])
2209                         break;
2210         }
2211
2212         mutex_unlock(&ar->mutex);
2213
2214         if (WARN_ON(err))
2215                 return 0;
2216         tsf = val[0];
2217         tsf = (tsf << 32) | val[1];
2218         return tsf;
2219 #undef NR
2220 }
2221
2222 static int ar9170_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
2223                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
2224                           struct ieee80211_key_conf *key)
2225 {
2226         struct ar9170 *ar = hw->priv;
2227         int err = 0, i;
2228         u8 ktype;
2229
2230         if ((!ar->vif) || (ar->disable_offload))
2231                 return -EOPNOTSUPP;
2232
2233         switch (key->alg) {
2234         case ALG_WEP:
2235                 if (key->keylen == WLAN_KEY_LEN_WEP40)
2236                         ktype = AR9170_ENC_ALG_WEP64;
2237                 else
2238                         ktype = AR9170_ENC_ALG_WEP128;
2239                 break;
2240         case ALG_TKIP:
2241                 ktype = AR9170_ENC_ALG_TKIP;
2242                 break;
2243         case ALG_CCMP:
2244                 ktype = AR9170_ENC_ALG_AESCCMP;
2245                 break;
2246         default:
2247                 return -EOPNOTSUPP;
2248         }
2249
2250         mutex_lock(&ar->mutex);
2251         if (cmd == SET_KEY) {
2252                 if (unlikely(!IS_STARTED(ar))) {
2253                         err = -EOPNOTSUPP;
2254                         goto out;
2255                 }
2256
2257                 /* group keys need all-zeroes address */
2258                 if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
2259                         sta = NULL;
2260
2261                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
2262                         for (i = 0; i < 64; i++)
2263                                 if (!(ar->usedkeys & BIT(i)))
2264                                         break;
2265                         if (i == 64) {
2266                                 ar->rx_software_decryption = true;
2267                                 ar9170_set_operating_mode(ar);
2268                                 err = -ENOSPC;
2269                                 goto out;
2270                         }
2271                 } else {
2272                         i = 64 + key->keyidx;
2273                 }
2274
2275                 key->hw_key_idx = i;
2276
2277                 err = ar9170_upload_key(ar, i, sta ? sta->addr : NULL, ktype, 0,
2278                                         key->key, min_t(u8, 16, key->keylen));
2279                 if (err)
2280                         goto out;
2281
2282                 if (key->alg == ALG_TKIP) {
2283                         err = ar9170_upload_key(ar, i, sta ? sta->addr : NULL,
2284                                                 ktype, 1, key->key + 16, 16);
2285                         if (err)
2286                                 goto out;
2287
2288                         /*
2289                          * hardware is not capable generating the MMIC
2290                          * for fragmented frames!
2291                          */
2292                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
2293                 }
2294
2295                 if (i < 64)
2296                         ar->usedkeys |= BIT(i);
2297
2298                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
2299         } else {
2300                 if (unlikely(!IS_STARTED(ar))) {
2301                         /* The device is gone... together with the key ;-) */
2302                         err = 0;
2303                         goto out;
2304                 }
2305
2306                 err = ar9170_disable_key(ar, key->hw_key_idx);
2307                 if (err)
2308                         goto out;
2309
2310                 if (key->hw_key_idx < 64) {
2311                         ar->usedkeys &= ~BIT(key->hw_key_idx);
2312                 } else {
2313                         err = ar9170_upload_key(ar, key->hw_key_idx, NULL,
2314                                                 AR9170_ENC_ALG_NONE, 0,
2315                                                 NULL, 0);
2316                         if (err)
2317                                 goto out;
2318
2319                         if (key->alg == ALG_TKIP) {
2320                                 err = ar9170_upload_key(ar, key->hw_key_idx,
2321                                                         NULL,
2322                                                         AR9170_ENC_ALG_NONE, 1,
2323                                                         NULL, 0);
2324                                 if (err)
2325                                         goto out;
2326                         }
2327
2328                 }
2329         }
2330
2331         ar9170_regwrite_begin(ar);
2332         ar9170_regwrite(AR9170_MAC_REG_ROLL_CALL_TBL_L, ar->usedkeys);
2333         ar9170_regwrite(AR9170_MAC_REG_ROLL_CALL_TBL_H, ar->usedkeys >> 32);
2334         ar9170_regwrite_finish();
2335         err = ar9170_regwrite_result();
2336
2337 out:
2338         mutex_unlock(&ar->mutex);
2339
2340         return err;
2341 }
2342
2343 static void ar9170_sta_notify(struct ieee80211_hw *hw,
2344                               struct ieee80211_vif *vif,
2345                               enum sta_notify_cmd cmd,
2346                               struct ieee80211_sta *sta)
2347 {
2348         struct ar9170 *ar = hw->priv;
2349         struct ar9170_sta_info *sta_info = (void *) sta->drv_priv;
2350         unsigned int i;
2351
2352         switch (cmd) {
2353         case STA_NOTIFY_ADD:
2354                 memset(sta_info, 0, sizeof(*sta_info));
2355
2356                 if (!sta->ht_cap.ht_supported)
2357                         break;
2358
2359                 if (sta->ht_cap.ampdu_density > ar->global_ampdu_density)
2360                         ar->global_ampdu_density = sta->ht_cap.ampdu_density;
2361
2362                 if (sta->ht_cap.ampdu_factor < ar->global_ampdu_factor)
2363                         ar->global_ampdu_factor = sta->ht_cap.ampdu_factor;
2364
2365                 for (i = 0; i < AR9170_NUM_TID; i++) {
2366                         sta_info->agg[i].state = AR9170_TID_STATE_SHUTDOWN;
2367                         sta_info->agg[i].active = false;
2368                         sta_info->agg[i].ssn = 0;
2369                         sta_info->agg[i].retry = 0;
2370                         sta_info->agg[i].tid = i;
2371                         INIT_LIST_HEAD(&sta_info->agg[i].list);
2372                         skb_queue_head_init(&sta_info->agg[i].queue);
2373                 }
2374
2375                 sta_info->ampdu_max_len = 1 << (3 + sta->ht_cap.ampdu_factor);
2376                 break;
2377
2378         case STA_NOTIFY_REMOVE:
2379                 if (!sta->ht_cap.ht_supported)
2380                         break;
2381
2382                 for (i = 0; i < AR9170_NUM_TID; i++) {
2383                         sta_info->agg[i].state = AR9170_TID_STATE_INVALID;
2384                         skb_queue_purge(&sta_info->agg[i].queue);
2385                 }
2386
2387                 break;
2388
2389         default:
2390                 break;
2391         }
2392 }
2393
2394 static int ar9170_get_stats(struct ieee80211_hw *hw,
2395                             struct ieee80211_low_level_stats *stats)
2396 {
2397         struct ar9170 *ar = hw->priv;
2398         u32 val;
2399         int err;
2400
2401         mutex_lock(&ar->mutex);
2402         err = ar9170_read_reg(ar, AR9170_MAC_REG_TX_RETRY, &val);
2403         ar->stats.dot11ACKFailureCount += val;
2404
2405         memcpy(stats, &ar->stats, sizeof(*stats));
2406         mutex_unlock(&ar->mutex);
2407
2408         return 0;
2409 }
2410
2411 static int ar9170_get_tx_stats(struct ieee80211_hw *hw,
2412                                struct ieee80211_tx_queue_stats *tx_stats)
2413 {
2414         struct ar9170 *ar = hw->priv;
2415
2416         spin_lock_bh(&ar->tx_stats_lock);
2417         memcpy(tx_stats, ar->tx_stats, sizeof(tx_stats[0]) * hw->queues);
2418         spin_unlock_bh(&ar->tx_stats_lock);
2419
2420         return 0;
2421 }
2422
2423 static int ar9170_conf_tx(struct ieee80211_hw *hw, u16 queue,
2424                           const struct ieee80211_tx_queue_params *param)
2425 {
2426         struct ar9170 *ar = hw->priv;
2427         int ret;
2428
2429         mutex_lock(&ar->mutex);
2430         if (queue < __AR9170_NUM_TXQ) {
2431                 memcpy(&ar->edcf[ar9170_qos_hwmap[queue]],
2432                        param, sizeof(*param));
2433
2434                 ret = ar9170_set_qos(ar);
2435         } else {
2436                 ret = -EINVAL;
2437         }
2438
2439         mutex_unlock(&ar->mutex);
2440         return ret;
2441 }
2442
2443 static int ar9170_ampdu_action(struct ieee80211_hw *hw,
2444                                struct ieee80211_vif *vif,
2445                                enum ieee80211_ampdu_mlme_action action,
2446                                struct ieee80211_sta *sta, u16 tid, u16 *ssn)
2447 {
2448         struct ar9170 *ar = hw->priv;
2449         struct ar9170_sta_info *sta_info = (void *) sta->drv_priv;
2450         struct ar9170_sta_tid *tid_info = &sta_info->agg[tid];
2451         unsigned long flags;
2452
2453         if (!modparam_ht)
2454                 return -EOPNOTSUPP;
2455
2456         switch (action) {
2457         case IEEE80211_AMPDU_TX_START:
2458                 spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
2459                 if (tid_info->state != AR9170_TID_STATE_SHUTDOWN ||
2460                     !list_empty(&tid_info->list)) {
2461                         spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
2462 #ifdef AR9170_TXAGG_DEBUG
2463                         printk(KERN_INFO "%s: A-MPDU [ESS:[%pM] tid:[%d]] "
2464                                "is in a very bad state!\n",
2465                                wiphy_name(hw->wiphy), sta->addr, tid);
2466 #endif /* AR9170_TXAGG_DEBUG */
2467                         return -EBUSY;
2468                 }
2469
2470                 *ssn = tid_info->ssn;
2471                 tid_info->state = AR9170_TID_STATE_PROGRESS;
2472                 tid_info->active = false;
2473                 spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
2474                 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
2475                 break;
2476
2477         case IEEE80211_AMPDU_TX_STOP:
2478                 spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
2479                 tid_info->state = AR9170_TID_STATE_SHUTDOWN;
2480                 list_del_init(&tid_info->list);
2481                 tid_info->active = false;
2482                 skb_queue_purge(&tid_info->queue);
2483                 spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
2484                 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
2485                 break;
2486
2487         case IEEE80211_AMPDU_TX_OPERATIONAL:
2488 #ifdef AR9170_TXAGG_DEBUG
2489                 printk(KERN_INFO "%s: A-MPDU for %pM [tid:%d] Operational.\n",
2490                        wiphy_name(hw->wiphy), sta->addr, tid);
2491 #endif /* AR9170_TXAGG_DEBUG */
2492                 spin_lock_irqsave(&ar->tx_ampdu_list_lock, flags);
2493                 sta_info->agg[tid].state = AR9170_TID_STATE_COMPLETE;
2494                 spin_unlock_irqrestore(&ar->tx_ampdu_list_lock, flags);
2495                 break;
2496
2497         case IEEE80211_AMPDU_RX_START:
2498         case IEEE80211_AMPDU_RX_STOP:
2499                 /* Handled by firmware */
2500                 break;
2501
2502         default:
2503                 return -EOPNOTSUPP;
2504         }
2505
2506         return 0;
2507 }
2508
2509 static const struct ieee80211_ops ar9170_ops = {
2510         .start                  = ar9170_op_start,
2511         .stop                   = ar9170_op_stop,
2512         .tx                     = ar9170_op_tx,
2513         .add_interface          = ar9170_op_add_interface,
2514         .remove_interface       = ar9170_op_remove_interface,
2515         .config                 = ar9170_op_config,
2516         .prepare_multicast      = ar9170_op_prepare_multicast,
2517         .configure_filter       = ar9170_op_configure_filter,
2518         .conf_tx                = ar9170_conf_tx,
2519         .bss_info_changed       = ar9170_op_bss_info_changed,
2520         .get_tsf                = ar9170_op_get_tsf,
2521         .set_key                = ar9170_set_key,
2522         .sta_notify             = ar9170_sta_notify,
2523         .get_stats              = ar9170_get_stats,
2524         .get_tx_stats           = ar9170_get_tx_stats,
2525         .ampdu_action           = ar9170_ampdu_action,
2526 };
2527
2528 void *ar9170_alloc(size_t priv_size)
2529 {
2530         struct ieee80211_hw *hw;
2531         struct ar9170 *ar;
2532         struct sk_buff *skb;
2533         int i;
2534
2535         /*
2536          * this buffer is used for rx stream reconstruction.
2537          * Under heavy load this device (or the transport layer?)
2538          * tends to split the streams into seperate rx descriptors.
2539          */
2540
2541         skb = __dev_alloc_skb(AR9170_MAX_RX_BUFFER_SIZE, GFP_KERNEL);
2542         if (!skb)
2543                 goto err_nomem;
2544
2545         hw = ieee80211_alloc_hw(priv_size, &ar9170_ops);
2546         if (!hw)
2547                 goto err_nomem;
2548
2549         ar = hw->priv;
2550         ar->hw = hw;
2551         ar->rx_failover = skb;
2552
2553         mutex_init(&ar->mutex);
2554         spin_lock_init(&ar->cmdlock);
2555         spin_lock_init(&ar->tx_stats_lock);
2556         spin_lock_init(&ar->tx_ampdu_list_lock);
2557         skb_queue_head_init(&ar->tx_status_ampdu);
2558         for (i = 0; i < __AR9170_NUM_TXQ; i++) {
2559                 skb_queue_head_init(&ar->tx_status[i]);
2560                 skb_queue_head_init(&ar->tx_pending[i]);
2561         }
2562         ar9170_rx_reset_rx_mpdu(ar);
2563         INIT_WORK(&ar->beacon_work, ar9170_new_beacon);
2564         INIT_DELAYED_WORK(&ar->tx_janitor, ar9170_tx_janitor);
2565         INIT_LIST_HEAD(&ar->tx_ampdu_list);
2566
2567         /* all hw supports 2.4 GHz, so set channel to 1 by default */
2568         ar->channel = &ar9170_2ghz_chantable[0];
2569
2570         /* first part of wiphy init */
2571         ar->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
2572                                          BIT(NL80211_IFTYPE_WDS) |
2573                                          BIT(NL80211_IFTYPE_ADHOC);
2574         ar->hw->flags |= IEEE80211_HW_RX_INCLUDES_FCS |
2575                          IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING |
2576                          IEEE80211_HW_SIGNAL_DBM |
2577                          IEEE80211_HW_NOISE_DBM;
2578
2579         if (modparam_ht) {
2580                 ar->hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
2581         } else {
2582                 ar9170_band_2GHz.ht_cap.ht_supported = false;
2583                 ar9170_band_5GHz.ht_cap.ht_supported = false;
2584         }
2585
2586         ar->hw->queues = __AR9170_NUM_TXQ;
2587         ar->hw->extra_tx_headroom = 8;
2588         ar->hw->sta_data_size = sizeof(struct ar9170_sta_info);
2589
2590         ar->hw->max_rates = 1;
2591         ar->hw->max_rate_tries = 3;
2592
2593         for (i = 0; i < ARRAY_SIZE(ar->noise); i++)
2594                 ar->noise[i] = -95; /* ATH_DEFAULT_NOISE_FLOOR */
2595
2596         return ar;
2597
2598 err_nomem:
2599         kfree_skb(skb);
2600         return ERR_PTR(-ENOMEM);
2601 }
2602
2603 static int ar9170_read_eeprom(struct ar9170 *ar)
2604 {
2605 #define RW      8       /* number of words to read at once */
2606 #define RB      (sizeof(u32) * RW)
2607         struct ath_regulatory *regulatory = &ar->common.regulatory;
2608         u8 *eeprom = (void *)&ar->eeprom;
2609         u8 *addr = ar->eeprom.mac_address;
2610         __le32 offsets[RW];
2611         unsigned int rx_streams, tx_streams, tx_params = 0;
2612         int i, j, err, bands = 0;
2613
2614         BUILD_BUG_ON(sizeof(ar->eeprom) & 3);
2615
2616         BUILD_BUG_ON(RB > AR9170_MAX_CMD_LEN - 4);
2617 #ifndef __CHECKER__
2618         /* don't want to handle trailing remains */
2619         BUILD_BUG_ON(sizeof(ar->eeprom) % RB);
2620 #endif
2621
2622         for (i = 0; i < sizeof(ar->eeprom)/RB; i++) {
2623                 for (j = 0; j < RW; j++)
2624                         offsets[j] = cpu_to_le32(AR9170_EEPROM_START +
2625                                                  RB * i + 4 * j);
2626
2627                 err = ar->exec_cmd(ar, AR9170_CMD_RREG,
2628                                    RB, (u8 *) &offsets,
2629                                    RB, eeprom + RB * i);
2630                 if (err)
2631                         return err;
2632         }
2633
2634 #undef RW
2635 #undef RB
2636
2637         if (ar->eeprom.length == cpu_to_le16(0xFFFF))
2638                 return -ENODATA;
2639
2640         if (ar->eeprom.operating_flags & AR9170_OPFLAG_2GHZ) {
2641                 ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &ar9170_band_2GHz;
2642                 bands++;
2643         }
2644         if (ar->eeprom.operating_flags & AR9170_OPFLAG_5GHZ) {
2645                 ar->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &ar9170_band_5GHz;
2646                 bands++;
2647         }
2648
2649         rx_streams = hweight8(ar->eeprom.rx_mask);
2650         tx_streams = hweight8(ar->eeprom.tx_mask);
2651
2652         if (rx_streams != tx_streams)
2653                 tx_params = IEEE80211_HT_MCS_TX_RX_DIFF;
2654
2655         if (tx_streams >= 1 && tx_streams <= IEEE80211_HT_MCS_TX_MAX_STREAMS)
2656                 tx_params = (tx_streams - 1) <<
2657                             IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
2658
2659         ar9170_band_2GHz.ht_cap.mcs.tx_params |= tx_params;
2660         ar9170_band_5GHz.ht_cap.mcs.tx_params |= tx_params;
2661
2662         /*
2663          * I measured this, a bandswitch takes roughly
2664          * 135 ms and a frequency switch about 80.
2665          *
2666          * FIXME: measure these values again once EEPROM settings
2667          *        are used, that will influence them!
2668          */
2669         if (bands == 2)
2670                 ar->hw->channel_change_time = 135 * 1000;
2671         else
2672                 ar->hw->channel_change_time = 80 * 1000;
2673
2674         regulatory->current_rd = le16_to_cpu(ar->eeprom.reg_domain[0]);
2675         regulatory->current_rd_ext = le16_to_cpu(ar->eeprom.reg_domain[1]);
2676
2677         /* second part of wiphy init */
2678         SET_IEEE80211_PERM_ADDR(ar->hw, addr);
2679
2680         return bands ? 0 : -EINVAL;
2681 }
2682
2683 static int ar9170_reg_notifier(struct wiphy *wiphy,
2684                         struct regulatory_request *request)
2685 {
2686         struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
2687         struct ar9170 *ar = hw->priv;
2688
2689         return ath_reg_notifier_apply(wiphy, request, &ar->common.regulatory);
2690 }
2691
2692 int ar9170_register(struct ar9170 *ar, struct device *pdev)
2693 {
2694         struct ath_regulatory *regulatory = &ar->common.regulatory;
2695         int err;
2696
2697         /* try to read EEPROM, init MAC addr */
2698         err = ar9170_read_eeprom(ar);
2699         if (err)
2700                 goto err_out;
2701
2702         err = ath_regd_init(regulatory, ar->hw->wiphy,
2703                             ar9170_reg_notifier);
2704         if (err)
2705                 goto err_out;
2706
2707         err = ieee80211_register_hw(ar->hw);
2708         if (err)
2709                 goto err_out;
2710
2711         if (!ath_is_world_regd(regulatory))
2712                 regulatory_hint(ar->hw->wiphy, regulatory->alpha2);
2713
2714         err = ar9170_init_leds(ar);
2715         if (err)
2716                 goto err_unreg;
2717
2718 #ifdef CONFIG_AR9170_LEDS
2719         err = ar9170_register_leds(ar);
2720         if (err)
2721                 goto err_unreg;
2722 #endif /* CONFIG_AR9170_LEDS */
2723
2724         dev_info(pdev, "Atheros AR9170 is registered as '%s'\n",
2725                  wiphy_name(ar->hw->wiphy));
2726
2727         return err;
2728
2729 err_unreg:
2730         ieee80211_unregister_hw(ar->hw);
2731
2732 err_out:
2733         return err;
2734 }
2735
2736 void ar9170_unregister(struct ar9170 *ar)
2737 {
2738 #ifdef CONFIG_AR9170_LEDS
2739         ar9170_unregister_leds(ar);
2740 #endif /* CONFIG_AR9170_LEDS */
2741
2742         kfree_skb(ar->rx_failover);
2743         ieee80211_unregister_hw(ar->hw);
2744         mutex_destroy(&ar->mutex);
2745 }