carl9170: utilize fw seq counter for mgmt/non-QoS data frames
[linux-2.6.git] / drivers / net / wireless / ath / carl9170 / main.c
1 /*
2  * Atheros CARL9170 driver
3  *
4  * mac80211 interaction code
5  *
6  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; see the file COPYING.  If not, see
21  * http://www.gnu.org/licenses/.
22  *
23  * This file incorporates work covered by the following copyright and
24  * permission notice:
25  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
26  *
27  *    Permission to use, copy, modify, and/or distribute this software for any
28  *    purpose with or without fee is hereby granted, provided that the above
29  *    copyright notice and this permission notice appear in all copies.
30  *
31  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
32  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
33  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
34  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
35  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
36  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
37  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
38  */
39
40 #include <linux/init.h>
41 #include <linux/slab.h>
42 #include <linux/module.h>
43 #include <linux/etherdevice.h>
44 #include <linux/random.h>
45 #include <net/mac80211.h>
46 #include <net/cfg80211.h>
47 #include "hw.h"
48 #include "carl9170.h"
49 #include "cmd.h"
50
51 static int modparam_nohwcrypt;
52 module_param_named(nohwcrypt, modparam_nohwcrypt, bool, S_IRUGO);
53 MODULE_PARM_DESC(nohwcrypt, "Disable hardware crypto offload.");
54
55 int modparam_noht;
56 module_param_named(noht, modparam_noht, int, S_IRUGO);
57 MODULE_PARM_DESC(noht, "Disable MPDU aggregation.");
58
59 #define RATE(_bitrate, _hw_rate, _txpidx, _flags) {     \
60         .bitrate        = (_bitrate),                   \
61         .flags          = (_flags),                     \
62         .hw_value       = (_hw_rate) | (_txpidx) << 4,  \
63 }
64
65 struct ieee80211_rate __carl9170_ratetable[] = {
66         RATE(10, 0, 0, 0),
67         RATE(20, 1, 1, IEEE80211_RATE_SHORT_PREAMBLE),
68         RATE(55, 2, 2, IEEE80211_RATE_SHORT_PREAMBLE),
69         RATE(110, 3, 3, IEEE80211_RATE_SHORT_PREAMBLE),
70         RATE(60, 0xb, 0, 0),
71         RATE(90, 0xf, 0, 0),
72         RATE(120, 0xa, 0, 0),
73         RATE(180, 0xe, 0, 0),
74         RATE(240, 0x9, 0, 0),
75         RATE(360, 0xd, 1, 0),
76         RATE(480, 0x8, 2, 0),
77         RATE(540, 0xc, 3, 0),
78 };
79 #undef RATE
80
81 #define carl9170_g_ratetable    (__carl9170_ratetable + 0)
82 #define carl9170_g_ratetable_size       12
83 #define carl9170_a_ratetable    (__carl9170_ratetable + 4)
84 #define carl9170_a_ratetable_size       8
85
86 /*
87  * NB: The hw_value is used as an index into the carl9170_phy_freq_params
88  *     array in phy.c so that we don't have to do frequency lookups!
89  */
90 #define CHAN(_freq, _idx) {             \
91         .center_freq    = (_freq),      \
92         .hw_value       = (_idx),       \
93         .max_power      = 18, /* XXX */ \
94 }
95
96 static struct ieee80211_channel carl9170_2ghz_chantable[] = {
97         CHAN(2412,  0),
98         CHAN(2417,  1),
99         CHAN(2422,  2),
100         CHAN(2427,  3),
101         CHAN(2432,  4),
102         CHAN(2437,  5),
103         CHAN(2442,  6),
104         CHAN(2447,  7),
105         CHAN(2452,  8),
106         CHAN(2457,  9),
107         CHAN(2462, 10),
108         CHAN(2467, 11),
109         CHAN(2472, 12),
110         CHAN(2484, 13),
111 };
112
113 static struct ieee80211_channel carl9170_5ghz_chantable[] = {
114         CHAN(4920, 14),
115         CHAN(4940, 15),
116         CHAN(4960, 16),
117         CHAN(4980, 17),
118         CHAN(5040, 18),
119         CHAN(5060, 19),
120         CHAN(5080, 20),
121         CHAN(5180, 21),
122         CHAN(5200, 22),
123         CHAN(5220, 23),
124         CHAN(5240, 24),
125         CHAN(5260, 25),
126         CHAN(5280, 26),
127         CHAN(5300, 27),
128         CHAN(5320, 28),
129         CHAN(5500, 29),
130         CHAN(5520, 30),
131         CHAN(5540, 31),
132         CHAN(5560, 32),
133         CHAN(5580, 33),
134         CHAN(5600, 34),
135         CHAN(5620, 35),
136         CHAN(5640, 36),
137         CHAN(5660, 37),
138         CHAN(5680, 38),
139         CHAN(5700, 39),
140         CHAN(5745, 40),
141         CHAN(5765, 41),
142         CHAN(5785, 42),
143         CHAN(5805, 43),
144         CHAN(5825, 44),
145         CHAN(5170, 45),
146         CHAN(5190, 46),
147         CHAN(5210, 47),
148         CHAN(5230, 48),
149 };
150 #undef CHAN
151
152 #define CARL9170_HT_CAP                                                 \
153 {                                                                       \
154         .ht_supported   = true,                                         \
155         .cap            = IEEE80211_HT_CAP_MAX_AMSDU |                  \
156                           IEEE80211_HT_CAP_SUP_WIDTH_20_40 |            \
157                           IEEE80211_HT_CAP_SGI_40 |                     \
158                           IEEE80211_HT_CAP_DSSSCCK40 |                  \
159                           IEEE80211_HT_CAP_SM_PS,                       \
160         .ampdu_factor   = IEEE80211_HT_MAX_AMPDU_64K,                   \
161         .ampdu_density  = IEEE80211_HT_MPDU_DENSITY_8,                  \
162         .mcs            = {                                             \
163                 .rx_mask = { 0xff, 0xff, 0, 0, 0x1, 0, 0, 0, 0, 0, },   \
164                 .rx_highest = cpu_to_le16(300),                         \
165                 .tx_params = IEEE80211_HT_MCS_TX_DEFINED,               \
166         },                                                              \
167 }
168
169 static struct ieee80211_supported_band carl9170_band_2GHz = {
170         .channels       = carl9170_2ghz_chantable,
171         .n_channels     = ARRAY_SIZE(carl9170_2ghz_chantable),
172         .bitrates       = carl9170_g_ratetable,
173         .n_bitrates     = carl9170_g_ratetable_size,
174         .ht_cap         = CARL9170_HT_CAP,
175 };
176
177 static struct ieee80211_supported_band carl9170_band_5GHz = {
178         .channels       = carl9170_5ghz_chantable,
179         .n_channels     = ARRAY_SIZE(carl9170_5ghz_chantable),
180         .bitrates       = carl9170_a_ratetable,
181         .n_bitrates     = carl9170_a_ratetable_size,
182         .ht_cap         = CARL9170_HT_CAP,
183 };
184
185 static void carl9170_ampdu_gc(struct ar9170 *ar)
186 {
187         struct carl9170_sta_tid *tid_info;
188         LIST_HEAD(tid_gc);
189
190         rcu_read_lock();
191         list_for_each_entry_rcu(tid_info, &ar->tx_ampdu_list, list) {
192                 spin_lock_bh(&ar->tx_ampdu_list_lock);
193                 if (tid_info->state == CARL9170_TID_STATE_SHUTDOWN) {
194                         tid_info->state = CARL9170_TID_STATE_KILLED;
195                         list_del_rcu(&tid_info->list);
196                         ar->tx_ampdu_list_len--;
197                         list_add_tail(&tid_info->tmp_list, &tid_gc);
198                 }
199                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
200
201         }
202         rcu_assign_pointer(ar->tx_ampdu_iter, tid_info);
203         rcu_read_unlock();
204
205         synchronize_rcu();
206
207         while (!list_empty(&tid_gc)) {
208                 struct sk_buff *skb;
209                 tid_info = list_first_entry(&tid_gc, struct carl9170_sta_tid,
210                                             tmp_list);
211
212                 while ((skb = __skb_dequeue(&tid_info->queue)))
213                         carl9170_tx_status(ar, skb, false);
214
215                 list_del_init(&tid_info->tmp_list);
216                 kfree(tid_info);
217         }
218 }
219
220 static void carl9170_flush(struct ar9170 *ar, bool drop_queued)
221 {
222         if (drop_queued) {
223                 int i;
224
225                 /*
226                  * We can only drop frames which have not been uploaded
227                  * to the device yet.
228                  */
229
230                 for (i = 0; i < ar->hw->queues; i++) {
231                         struct sk_buff *skb;
232
233                         while ((skb = skb_dequeue(&ar->tx_pending[i]))) {
234                                 struct ieee80211_tx_info *info;
235
236                                 info = IEEE80211_SKB_CB(skb);
237                                 if (info->flags & IEEE80211_TX_CTL_AMPDU)
238                                         atomic_dec(&ar->tx_ampdu_upload);
239
240                                 carl9170_tx_status(ar, skb, false);
241                         }
242                 }
243         }
244
245         /* Wait for all other outstanding frames to timeout. */
246         if (atomic_read(&ar->tx_total_queued))
247                 WARN_ON(wait_for_completion_timeout(&ar->tx_flush, HZ) == 0);
248 }
249
250 static void carl9170_flush_ba(struct ar9170 *ar)
251 {
252         struct sk_buff_head free;
253         struct carl9170_sta_tid *tid_info;
254         struct sk_buff *skb;
255
256         __skb_queue_head_init(&free);
257
258         rcu_read_lock();
259         spin_lock_bh(&ar->tx_ampdu_list_lock);
260         list_for_each_entry_rcu(tid_info, &ar->tx_ampdu_list, list) {
261                 if (tid_info->state > CARL9170_TID_STATE_SUSPEND) {
262                         tid_info->state = CARL9170_TID_STATE_SUSPEND;
263
264                         spin_lock(&tid_info->lock);
265                         while ((skb = __skb_dequeue(&tid_info->queue)))
266                                 __skb_queue_tail(&free, skb);
267                         spin_unlock(&tid_info->lock);
268                 }
269         }
270         spin_unlock_bh(&ar->tx_ampdu_list_lock);
271         rcu_read_unlock();
272
273         while ((skb = __skb_dequeue(&free)))
274                 carl9170_tx_status(ar, skb, false);
275 }
276
277 static void carl9170_zap_queues(struct ar9170 *ar)
278 {
279         struct carl9170_vif_info *cvif;
280         unsigned int i;
281
282         carl9170_ampdu_gc(ar);
283
284         carl9170_flush_ba(ar);
285         carl9170_flush(ar, true);
286
287         for (i = 0; i < ar->hw->queues; i++) {
288                 spin_lock_bh(&ar->tx_status[i].lock);
289                 while (!skb_queue_empty(&ar->tx_status[i])) {
290                         struct sk_buff *skb;
291
292                         skb = skb_peek(&ar->tx_status[i]);
293                         carl9170_tx_get_skb(skb);
294                         spin_unlock_bh(&ar->tx_status[i].lock);
295                         carl9170_tx_drop(ar, skb);
296                         spin_lock_bh(&ar->tx_status[i].lock);
297                         carl9170_tx_put_skb(skb);
298                 }
299                 spin_unlock_bh(&ar->tx_status[i].lock);
300         }
301
302         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_SOFT < 1);
303         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_HARD < CARL9170_NUM_TX_LIMIT_SOFT);
304         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_HARD >= CARL9170_BAW_BITS);
305
306         /* reinitialize queues statistics */
307         memset(&ar->tx_stats, 0, sizeof(ar->tx_stats));
308         for (i = 0; i < ar->hw->queues; i++)
309                 ar->tx_stats[i].limit = CARL9170_NUM_TX_LIMIT_HARD;
310
311         for (i = 0; i < DIV_ROUND_UP(ar->fw.mem_blocks, BITS_PER_LONG); i++)
312                 ar->mem_bitmap[i] = 0;
313
314         rcu_read_lock();
315         list_for_each_entry_rcu(cvif, &ar->vif_list, list) {
316                 spin_lock_bh(&ar->beacon_lock);
317                 dev_kfree_skb_any(cvif->beacon);
318                 cvif->beacon = NULL;
319                 spin_unlock_bh(&ar->beacon_lock);
320         }
321         rcu_read_unlock();
322
323         atomic_set(&ar->tx_ampdu_upload, 0);
324         atomic_set(&ar->tx_ampdu_scheduler, 0);
325         atomic_set(&ar->tx_total_pending, 0);
326         atomic_set(&ar->tx_total_queued, 0);
327         atomic_set(&ar->mem_free_blocks, ar->fw.mem_blocks);
328 }
329
330 #define CARL9170_FILL_QUEUE(queue, ai_fs, cwmin, cwmax, _txop)          \
331 do {                                                                    \
332         queue.aifs = ai_fs;                                             \
333         queue.cw_min = cwmin;                                           \
334         queue.cw_max = cwmax;                                           \
335         queue.txop = _txop;                                             \
336 } while (0)
337
338 static int carl9170_op_start(struct ieee80211_hw *hw)
339 {
340         struct ar9170 *ar = hw->priv;
341         int err, i;
342
343         mutex_lock(&ar->mutex);
344
345         carl9170_zap_queues(ar);
346
347         /* reset QoS defaults */
348         CARL9170_FILL_QUEUE(ar->edcf[0], 3, 15, 1023,  0); /* BEST EFFORT */
349         CARL9170_FILL_QUEUE(ar->edcf[1], 2, 7,    15, 94); /* VIDEO */
350         CARL9170_FILL_QUEUE(ar->edcf[2], 2, 3,     7, 47); /* VOICE */
351         CARL9170_FILL_QUEUE(ar->edcf[3], 7, 15, 1023,  0); /* BACKGROUND */
352         CARL9170_FILL_QUEUE(ar->edcf[4], 2, 3,     7,  0); /* SPECIAL */
353
354         ar->current_factor = ar->current_density = -1;
355         /* "The first key is unique." */
356         ar->usedkeys = 1;
357         ar->filter_state = 0;
358         ar->ps.last_action = jiffies;
359         ar->ps.last_slept = jiffies;
360         ar->erp_mode = CARL9170_ERP_AUTO;
361         ar->rx_software_decryption = false;
362         ar->disable_offload = false;
363
364         for (i = 0; i < ar->hw->queues; i++) {
365                 ar->queue_stop_timeout[i] = jiffies;
366                 ar->max_queue_stop_timeout[i] = 0;
367         }
368
369         atomic_set(&ar->mem_allocs, 0);
370
371         err = carl9170_usb_open(ar);
372         if (err)
373                 goto out;
374
375         err = carl9170_init_mac(ar);
376         if (err)
377                 goto out;
378
379         err = carl9170_set_qos(ar);
380         if (err)
381                 goto out;
382
383         if (ar->fw.rx_filter) {
384                 err = carl9170_rx_filter(ar, CARL9170_RX_FILTER_OTHER_RA |
385                         CARL9170_RX_FILTER_CTL_OTHER | CARL9170_RX_FILTER_BAD);
386                 if (err)
387                         goto out;
388         }
389
390         err = carl9170_write_reg(ar, AR9170_MAC_REG_DMA_TRIGGER,
391                                  AR9170_DMA_TRIGGER_RXQ);
392         if (err)
393                 goto out;
394
395         /* Clear key-cache */
396         for (i = 0; i < AR9170_CAM_MAX_USER + 4; i++) {
397                 err = carl9170_upload_key(ar, i, NULL, AR9170_ENC_ALG_NONE,
398                                           0, NULL, 0);
399                 if (err)
400                         goto out;
401
402                 err = carl9170_upload_key(ar, i, NULL, AR9170_ENC_ALG_NONE,
403                                           1, NULL, 0);
404                 if (err)
405                         goto out;
406
407                 if (i < AR9170_CAM_MAX_USER) {
408                         err = carl9170_disable_key(ar, i);
409                         if (err)
410                                 goto out;
411                 }
412         }
413
414         carl9170_set_state_when(ar, CARL9170_IDLE, CARL9170_STARTED);
415
416         ieee80211_wake_queues(ar->hw);
417         err = 0;
418
419 out:
420         mutex_unlock(&ar->mutex);
421         return err;
422 }
423
424 static void carl9170_cancel_worker(struct ar9170 *ar)
425 {
426         cancel_delayed_work_sync(&ar->tx_janitor);
427 #ifdef CONFIG_CARL9170_LEDS
428         cancel_delayed_work_sync(&ar->led_work);
429 #endif /* CONFIG_CARL9170_LEDS */
430         cancel_work_sync(&ar->ps_work);
431         cancel_work_sync(&ar->ping_work);
432         cancel_work_sync(&ar->ampdu_work);
433 }
434
435 static void carl9170_op_stop(struct ieee80211_hw *hw)
436 {
437         struct ar9170 *ar = hw->priv;
438
439         carl9170_set_state_when(ar, CARL9170_STARTED, CARL9170_IDLE);
440
441         ieee80211_stop_queues(ar->hw);
442
443         mutex_lock(&ar->mutex);
444         if (IS_ACCEPTING_CMD(ar)) {
445                 rcu_assign_pointer(ar->beacon_iter, NULL);
446
447                 carl9170_led_set_state(ar, 0);
448
449                 /* stop DMA */
450                 carl9170_write_reg(ar, AR9170_MAC_REG_DMA_TRIGGER, 0);
451                 carl9170_usb_stop(ar);
452         }
453
454         carl9170_zap_queues(ar);
455         mutex_unlock(&ar->mutex);
456
457         carl9170_cancel_worker(ar);
458 }
459
460 static void carl9170_restart_work(struct work_struct *work)
461 {
462         struct ar9170 *ar = container_of(work, struct ar9170,
463                                          restart_work);
464         int err;
465
466         ar->usedkeys = 0;
467         ar->filter_state = 0;
468         carl9170_cancel_worker(ar);
469
470         mutex_lock(&ar->mutex);
471         err = carl9170_usb_restart(ar);
472         if (net_ratelimit()) {
473                 if (err) {
474                         dev_err(&ar->udev->dev, "Failed to restart device "
475                                 " (%d).\n", err);
476                  } else {
477                         dev_info(&ar->udev->dev, "device restarted "
478                                  "successfully.\n");
479                 }
480         }
481
482         carl9170_zap_queues(ar);
483         mutex_unlock(&ar->mutex);
484         if (!err) {
485                 ar->restart_counter++;
486                 atomic_set(&ar->pending_restarts, 0);
487
488                 ieee80211_restart_hw(ar->hw);
489         } else {
490                 /*
491                  * The reset was unsuccessful and the device seems to
492                  * be dead. But there's still one option: a low-level
493                  * usb subsystem reset...
494                  */
495
496                 carl9170_usb_reset(ar);
497         }
498 }
499
500 void carl9170_restart(struct ar9170 *ar, const enum carl9170_restart_reasons r)
501 {
502         carl9170_set_state_when(ar, CARL9170_STARTED, CARL9170_IDLE);
503
504         /*
505          * Sometimes, an error can trigger several different reset events.
506          * By ignoring these *surplus* reset events, the device won't be
507          * killed again, right after it has recovered.
508          */
509         if (atomic_inc_return(&ar->pending_restarts) > 1) {
510                 dev_dbg(&ar->udev->dev, "ignoring restart (%d)\n", r);
511                 return;
512         }
513
514         ieee80211_stop_queues(ar->hw);
515
516         dev_err(&ar->udev->dev, "restart device (%d)\n", r);
517
518         if (!WARN_ON(r == CARL9170_RR_NO_REASON) ||
519             !WARN_ON(r >= __CARL9170_RR_LAST))
520                 ar->last_reason = r;
521
522         if (!ar->registered)
523                 return;
524
525         if (IS_ACCEPTING_CMD(ar) && !ar->needs_full_reset)
526                 ieee80211_queue_work(ar->hw, &ar->restart_work);
527         else
528                 carl9170_usb_reset(ar);
529
530         /*
531          * At this point, the device instance might have vanished/disabled.
532          * So, don't put any code which access the ar9170 struct
533          * without proper protection.
534          */
535 }
536
537 static void carl9170_ping_work(struct work_struct *work)
538 {
539         struct ar9170 *ar = container_of(work, struct ar9170, ping_work);
540         int err;
541
542         if (!IS_STARTED(ar))
543                 return;
544
545         mutex_lock(&ar->mutex);
546         err = carl9170_echo_test(ar, 0xdeadbeef);
547         if (err)
548                 carl9170_restart(ar, CARL9170_RR_UNRESPONSIVE_DEVICE);
549         mutex_unlock(&ar->mutex);
550 }
551
552 static int carl9170_init_interface(struct ar9170 *ar,
553                                    struct ieee80211_vif *vif)
554 {
555         struct ath_common *common = &ar->common;
556         int err;
557
558         if (!vif) {
559                 WARN_ON_ONCE(IS_STARTED(ar));
560                 return 0;
561         }
562
563         memcpy(common->macaddr, vif->addr, ETH_ALEN);
564
565         if (modparam_nohwcrypt ||
566             ((vif->type != NL80211_IFTYPE_STATION) &&
567              (vif->type != NL80211_IFTYPE_AP))) {
568                 ar->rx_software_decryption = true;
569                 ar->disable_offload = true;
570         }
571
572         err = carl9170_set_operating_mode(ar);
573         return err;
574 }
575
576 static int carl9170_op_add_interface(struct ieee80211_hw *hw,
577                                      struct ieee80211_vif *vif)
578 {
579         struct carl9170_vif_info *vif_priv = (void *) vif->drv_priv;
580         struct ieee80211_vif *main_vif;
581         struct ar9170 *ar = hw->priv;
582         int vif_id = -1, err = 0;
583
584         mutex_lock(&ar->mutex);
585         rcu_read_lock();
586         if (vif_priv->active) {
587                 /*
588                  * Skip the interface structure initialization,
589                  * if the vif survived the _restart call.
590                  */
591                 vif_id = vif_priv->id;
592                 vif_priv->enable_beacon = false;
593
594                 spin_lock_bh(&ar->beacon_lock);
595                 dev_kfree_skb_any(vif_priv->beacon);
596                 vif_priv->beacon = NULL;
597                 spin_unlock_bh(&ar->beacon_lock);
598
599                 goto init;
600         }
601
602         main_vif = carl9170_get_main_vif(ar);
603
604         if (main_vif) {
605                 switch (main_vif->type) {
606                 case NL80211_IFTYPE_STATION:
607                         if (vif->type == NL80211_IFTYPE_STATION)
608                                 break;
609
610                         err = -EBUSY;
611                         rcu_read_unlock();
612
613                         goto unlock;
614
615                 case NL80211_IFTYPE_AP:
616                         if ((vif->type == NL80211_IFTYPE_STATION) ||
617                             (vif->type == NL80211_IFTYPE_WDS) ||
618                             (vif->type == NL80211_IFTYPE_AP))
619                                 break;
620
621                         err = -EBUSY;
622                         rcu_read_unlock();
623                         goto unlock;
624
625                 default:
626                         rcu_read_unlock();
627                         goto unlock;
628                 }
629         }
630
631         vif_id = bitmap_find_free_region(&ar->vif_bitmap, ar->fw.vif_num, 0);
632
633         if (vif_id < 0) {
634                 rcu_read_unlock();
635
636                 err = -ENOSPC;
637                 goto unlock;
638         }
639
640         BUG_ON(ar->vif_priv[vif_id].id != vif_id);
641
642         vif_priv->active = true;
643         vif_priv->id = vif_id;
644         vif_priv->enable_beacon = false;
645         ar->vifs++;
646         list_add_tail_rcu(&vif_priv->list, &ar->vif_list);
647         rcu_assign_pointer(ar->vif_priv[vif_id].vif, vif);
648
649 init:
650         if (carl9170_get_main_vif(ar) == vif) {
651                 rcu_assign_pointer(ar->beacon_iter, vif_priv);
652                 rcu_read_unlock();
653
654                 err = carl9170_init_interface(ar, vif);
655                 if (err)
656                         goto unlock;
657         } else {
658                 rcu_read_unlock();
659                 err = carl9170_mod_virtual_mac(ar, vif_id, vif->addr);
660
661                 if (err)
662                         goto unlock;
663         }
664
665         if (ar->fw.tx_seq_table) {
666                 err = carl9170_write_reg(ar, ar->fw.tx_seq_table + vif_id * 4,
667                                          0);
668                 if (err)
669                         goto unlock;
670         }
671
672 unlock:
673         if (err && (vif_id >= 0)) {
674                 vif_priv->active = false;
675                 bitmap_release_region(&ar->vif_bitmap, vif_id, 0);
676                 ar->vifs--;
677                 rcu_assign_pointer(ar->vif_priv[vif_id].vif, NULL);
678                 list_del_rcu(&vif_priv->list);
679                 mutex_unlock(&ar->mutex);
680                 synchronize_rcu();
681         } else {
682                 if (ar->vifs > 1)
683                         ar->ps.off_override |= PS_OFF_VIF;
684
685                 mutex_unlock(&ar->mutex);
686         }
687
688         return err;
689 }
690
691 static void carl9170_op_remove_interface(struct ieee80211_hw *hw,
692                                          struct ieee80211_vif *vif)
693 {
694         struct carl9170_vif_info *vif_priv = (void *) vif->drv_priv;
695         struct ieee80211_vif *main_vif;
696         struct ar9170 *ar = hw->priv;
697         unsigned int id;
698
699         mutex_lock(&ar->mutex);
700
701         if (WARN_ON_ONCE(!vif_priv->active))
702                 goto unlock;
703
704         ar->vifs--;
705
706         rcu_read_lock();
707         main_vif = carl9170_get_main_vif(ar);
708
709         id = vif_priv->id;
710
711         vif_priv->active = false;
712         WARN_ON(vif_priv->enable_beacon);
713         vif_priv->enable_beacon = false;
714         list_del_rcu(&vif_priv->list);
715         rcu_assign_pointer(ar->vif_priv[id].vif, NULL);
716
717         if (vif == main_vif) {
718                 rcu_read_unlock();
719
720                 if (ar->vifs) {
721                         WARN_ON(carl9170_init_interface(ar,
722                                         carl9170_get_main_vif(ar)));
723                 } else {
724                         carl9170_set_operating_mode(ar);
725                 }
726         } else {
727                 rcu_read_unlock();
728
729                 WARN_ON(carl9170_mod_virtual_mac(ar, id, NULL));
730         }
731
732         carl9170_update_beacon(ar, false);
733         carl9170_flush_cab(ar, id);
734
735         spin_lock_bh(&ar->beacon_lock);
736         dev_kfree_skb_any(vif_priv->beacon);
737         vif_priv->beacon = NULL;
738         spin_unlock_bh(&ar->beacon_lock);
739
740         bitmap_release_region(&ar->vif_bitmap, id, 0);
741
742         carl9170_set_beacon_timers(ar);
743
744         if (ar->vifs == 1)
745                 ar->ps.off_override &= ~PS_OFF_VIF;
746
747 unlock:
748         mutex_unlock(&ar->mutex);
749
750         synchronize_rcu();
751 }
752
753 void carl9170_ps_check(struct ar9170 *ar)
754 {
755         ieee80211_queue_work(ar->hw, &ar->ps_work);
756 }
757
758 /* caller must hold ar->mutex */
759 static int carl9170_ps_update(struct ar9170 *ar)
760 {
761         bool ps = false;
762         int err = 0;
763
764         if (!ar->ps.off_override)
765                 ps = (ar->hw->conf.flags & IEEE80211_CONF_PS);
766
767         if (ps != ar->ps.state) {
768                 err = carl9170_powersave(ar, ps);
769                 if (err)
770                         return err;
771
772                 if (ar->ps.state && !ps) {
773                         ar->ps.sleep_ms = jiffies_to_msecs(jiffies -
774                                 ar->ps.last_action);
775                 }
776
777                 if (ps)
778                         ar->ps.last_slept = jiffies;
779
780                 ar->ps.last_action = jiffies;
781                 ar->ps.state = ps;
782         }
783
784         return 0;
785 }
786
787 static void carl9170_ps_work(struct work_struct *work)
788 {
789         struct ar9170 *ar = container_of(work, struct ar9170,
790                                          ps_work);
791         mutex_lock(&ar->mutex);
792         if (IS_STARTED(ar))
793                 WARN_ON_ONCE(carl9170_ps_update(ar) != 0);
794         mutex_unlock(&ar->mutex);
795 }
796
797
798 static int carl9170_op_config(struct ieee80211_hw *hw, u32 changed)
799 {
800         struct ar9170 *ar = hw->priv;
801         int err = 0;
802
803         mutex_lock(&ar->mutex);
804         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
805                 /* TODO */
806                 err = 0;
807         }
808
809         if (changed & IEEE80211_CONF_CHANGE_PS) {
810                 err = carl9170_ps_update(ar);
811                 if (err)
812                         goto out;
813         }
814
815         if (changed & IEEE80211_CONF_CHANGE_POWER) {
816                 /* TODO */
817                 err = 0;
818         }
819
820         if (changed & IEEE80211_CONF_CHANGE_SMPS) {
821                 /* TODO */
822                 err = 0;
823         }
824
825         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
826                 /* adjust slot time for 5 GHz */
827                 err = carl9170_set_slot_time(ar);
828                 if (err)
829                         goto out;
830
831                 err = carl9170_set_channel(ar, hw->conf.channel,
832                         hw->conf.channel_type, CARL9170_RFI_NONE);
833                 if (err)
834                         goto out;
835
836                 err = carl9170_set_dyn_sifs_ack(ar);
837                 if (err)
838                         goto out;
839
840                 err = carl9170_set_rts_cts_rate(ar);
841                 if (err)
842                         goto out;
843         }
844
845 out:
846         mutex_unlock(&ar->mutex);
847         return err;
848 }
849
850 static u64 carl9170_op_prepare_multicast(struct ieee80211_hw *hw,
851                                          struct netdev_hw_addr_list *mc_list)
852 {
853         struct netdev_hw_addr *ha;
854         u64 mchash;
855
856         /* always get broadcast frames */
857         mchash = 1ULL << (0xff >> 2);
858
859         netdev_hw_addr_list_for_each(ha, mc_list)
860                 mchash |= 1ULL << (ha->addr[5] >> 2);
861
862         return mchash;
863 }
864
865 static void carl9170_op_configure_filter(struct ieee80211_hw *hw,
866                                          unsigned int changed_flags,
867                                          unsigned int *new_flags,
868                                          u64 multicast)
869 {
870         struct ar9170 *ar = hw->priv;
871
872         /* mask supported flags */
873         *new_flags &= FIF_ALLMULTI | ar->rx_filter_caps;
874
875         if (!IS_ACCEPTING_CMD(ar))
876                 return;
877
878         mutex_lock(&ar->mutex);
879
880         ar->filter_state = *new_flags;
881         /*
882          * We can support more by setting the sniffer bit and
883          * then checking the error flags, later.
884          */
885
886         if (changed_flags & FIF_ALLMULTI && *new_flags & FIF_ALLMULTI)
887                 multicast = ~0ULL;
888
889         if (multicast != ar->cur_mc_hash)
890                 WARN_ON(carl9170_update_multicast(ar, multicast));
891
892         if (changed_flags & (FIF_OTHER_BSS | FIF_PROMISC_IN_BSS)) {
893                 ar->sniffer_enabled = !!(*new_flags &
894                         (FIF_OTHER_BSS | FIF_PROMISC_IN_BSS));
895
896                 WARN_ON(carl9170_set_operating_mode(ar));
897         }
898
899         if (ar->fw.rx_filter && changed_flags & ar->rx_filter_caps) {
900                 u32 rx_filter = 0;
901
902                 if (!(*new_flags & (FIF_FCSFAIL | FIF_PLCPFAIL)))
903                         rx_filter |= CARL9170_RX_FILTER_BAD;
904
905                 if (!(*new_flags & FIF_CONTROL))
906                         rx_filter |= CARL9170_RX_FILTER_CTL_OTHER;
907
908                 if (!(*new_flags & FIF_PSPOLL))
909                         rx_filter |= CARL9170_RX_FILTER_CTL_PSPOLL;
910
911                 if (!(*new_flags & (FIF_OTHER_BSS | FIF_PROMISC_IN_BSS))) {
912                         rx_filter |= CARL9170_RX_FILTER_OTHER_RA;
913                         rx_filter |= CARL9170_RX_FILTER_DECRY_FAIL;
914                 }
915
916                 WARN_ON(carl9170_rx_filter(ar, rx_filter));
917         }
918
919         mutex_unlock(&ar->mutex);
920 }
921
922
923 static void carl9170_op_bss_info_changed(struct ieee80211_hw *hw,
924                                          struct ieee80211_vif *vif,
925                                          struct ieee80211_bss_conf *bss_conf,
926                                          u32 changed)
927 {
928         struct ar9170 *ar = hw->priv;
929         struct ath_common *common = &ar->common;
930         int err = 0;
931         struct carl9170_vif_info *vif_priv;
932         struct ieee80211_vif *main_vif;
933
934         mutex_lock(&ar->mutex);
935         vif_priv = (void *) vif->drv_priv;
936         main_vif = carl9170_get_main_vif(ar);
937         if (WARN_ON(!main_vif))
938                 goto out;
939
940         if (changed & BSS_CHANGED_BEACON_ENABLED) {
941                 struct carl9170_vif_info *iter;
942                 int i = 0;
943
944                 vif_priv->enable_beacon = bss_conf->enable_beacon;
945                 rcu_read_lock();
946                 list_for_each_entry_rcu(iter, &ar->vif_list, list) {
947                         if (iter->active && iter->enable_beacon)
948                                 i++;
949
950                 }
951                 rcu_read_unlock();
952
953                 ar->beacon_enabled = i;
954         }
955
956         if (changed & BSS_CHANGED_BEACON) {
957                 err = carl9170_update_beacon(ar, false);
958                 if (err)
959                         goto out;
960         }
961
962         if (changed & (BSS_CHANGED_BEACON_ENABLED | BSS_CHANGED_BEACON |
963                        BSS_CHANGED_BEACON_INT)) {
964
965                 if (main_vif != vif) {
966                         bss_conf->beacon_int = main_vif->bss_conf.beacon_int;
967                         bss_conf->dtim_period = main_vif->bss_conf.dtim_period;
968                 }
969
970                 /*
971                  * Therefore a hard limit for the broadcast traffic should
972                  * prevent false alarms.
973                  */
974                 if (vif->type != NL80211_IFTYPE_STATION &&
975                     (bss_conf->beacon_int * bss_conf->dtim_period >=
976                      (CARL9170_QUEUE_STUCK_TIMEOUT / 2))) {
977                         err = -EINVAL;
978                         goto out;
979                 }
980
981                 err = carl9170_set_beacon_timers(ar);
982                 if (err)
983                         goto out;
984         }
985
986         if (changed & BSS_CHANGED_HT) {
987                 /* TODO */
988                 err = 0;
989                 if (err)
990                         goto out;
991         }
992
993         if (main_vif != vif)
994                 goto out;
995
996         /*
997          * The following settings can only be changed by the
998          * master interface.
999          */
1000
1001         if (changed & BSS_CHANGED_BSSID) {
1002                 memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN);
1003                 err = carl9170_set_operating_mode(ar);
1004                 if (err)
1005                         goto out;
1006         }
1007
1008         if (changed & BSS_CHANGED_ASSOC) {
1009                 ar->common.curaid = bss_conf->aid;
1010                 err = carl9170_set_beacon_timers(ar);
1011                 if (err)
1012                         goto out;
1013         }
1014
1015         if (changed & BSS_CHANGED_ERP_SLOT) {
1016                 err = carl9170_set_slot_time(ar);
1017                 if (err)
1018                         goto out;
1019         }
1020
1021         if (changed & BSS_CHANGED_BASIC_RATES) {
1022                 err = carl9170_set_mac_rates(ar);
1023                 if (err)
1024                         goto out;
1025         }
1026
1027 out:
1028         WARN_ON_ONCE(err && IS_STARTED(ar));
1029         mutex_unlock(&ar->mutex);
1030 }
1031
1032 static u64 carl9170_op_get_tsf(struct ieee80211_hw *hw)
1033 {
1034         struct ar9170 *ar = hw->priv;
1035         struct carl9170_tsf_rsp tsf;
1036         int err;
1037
1038         mutex_lock(&ar->mutex);
1039         err = carl9170_exec_cmd(ar, CARL9170_CMD_READ_TSF,
1040                                 0, NULL, sizeof(tsf), &tsf);
1041         mutex_unlock(&ar->mutex);
1042         if (WARN_ON(err))
1043                 return 0;
1044
1045         return le64_to_cpu(tsf.tsf_64);
1046 }
1047
1048 static int carl9170_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
1049                                struct ieee80211_vif *vif,
1050                                struct ieee80211_sta *sta,
1051                                struct ieee80211_key_conf *key)
1052 {
1053         struct ar9170 *ar = hw->priv;
1054         int err = 0, i;
1055         u8 ktype;
1056
1057         if (ar->disable_offload || !vif)
1058                 return -EOPNOTSUPP;
1059
1060         /*
1061          * We have to fall back to software encryption, whenever
1062          * the user choose to participates in an IBSS or is connected
1063          * to more than one network.
1064          *
1065          * This is very unfortunate, because some machines cannot handle
1066          * the high througput speed in 802.11n networks.
1067          */
1068
1069         if (!is_main_vif(ar, vif))
1070                 goto err_softw;
1071
1072         /*
1073          * While the hardware supports *catch-all* key, for offloading
1074          * group-key en-/de-cryption. The way of how the hardware
1075          * decides which keyId maps to which key, remains a mystery...
1076          */
1077         if ((vif->type != NL80211_IFTYPE_STATION &&
1078              vif->type != NL80211_IFTYPE_ADHOC) &&
1079             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1080                 return -EOPNOTSUPP;
1081
1082         switch (key->cipher) {
1083         case WLAN_CIPHER_SUITE_WEP40:
1084                 ktype = AR9170_ENC_ALG_WEP64;
1085                 break;
1086         case WLAN_CIPHER_SUITE_WEP104:
1087                 ktype = AR9170_ENC_ALG_WEP128;
1088                 break;
1089         case WLAN_CIPHER_SUITE_TKIP:
1090                 ktype = AR9170_ENC_ALG_TKIP;
1091                 break;
1092         case WLAN_CIPHER_SUITE_CCMP:
1093                 ktype = AR9170_ENC_ALG_AESCCMP;
1094                 break;
1095         default:
1096                 return -EOPNOTSUPP;
1097         }
1098
1099         mutex_lock(&ar->mutex);
1100         if (cmd == SET_KEY) {
1101                 if (!IS_STARTED(ar)) {
1102                         err = -EOPNOTSUPP;
1103                         goto out;
1104                 }
1105
1106                 if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
1107                         sta = NULL;
1108
1109                         i = 64 + key->keyidx;
1110                 } else {
1111                         for (i = 0; i < 64; i++)
1112                                 if (!(ar->usedkeys & BIT(i)))
1113                                         break;
1114                         if (i == 64)
1115                                 goto err_softw;
1116                 }
1117
1118                 key->hw_key_idx = i;
1119
1120                 err = carl9170_upload_key(ar, i, sta ? sta->addr : NULL,
1121                                           ktype, 0, key->key,
1122                                           min_t(u8, 16, key->keylen));
1123                 if (err)
1124                         goto out;
1125
1126                 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
1127                         err = carl9170_upload_key(ar, i, sta ? sta->addr :
1128                                                   NULL, ktype, 1,
1129                                                   key->key + 16, 16);
1130                         if (err)
1131                                 goto out;
1132
1133                         /*
1134                          * hardware is not capable generating MMIC
1135                          * of fragmented frames!
1136                          */
1137                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
1138                 }
1139
1140                 if (i < 64)
1141                         ar->usedkeys |= BIT(i);
1142
1143                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
1144         } else {
1145                 if (!IS_STARTED(ar)) {
1146                         /* The device is gone... together with the key ;-) */
1147                         err = 0;
1148                         goto out;
1149                 }
1150
1151                 if (key->hw_key_idx < 64) {
1152                         ar->usedkeys &= ~BIT(key->hw_key_idx);
1153                 } else {
1154                         err = carl9170_upload_key(ar, key->hw_key_idx, NULL,
1155                                                   AR9170_ENC_ALG_NONE, 0,
1156                                                   NULL, 0);
1157                         if (err)
1158                                 goto out;
1159
1160                         if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
1161                                 err = carl9170_upload_key(ar, key->hw_key_idx,
1162                                                           NULL,
1163                                                           AR9170_ENC_ALG_NONE,
1164                                                           1, NULL, 0);
1165                                 if (err)
1166                                         goto out;
1167                         }
1168
1169                 }
1170
1171                 err = carl9170_disable_key(ar, key->hw_key_idx);
1172                 if (err)
1173                         goto out;
1174         }
1175
1176 out:
1177         mutex_unlock(&ar->mutex);
1178         return err;
1179
1180 err_softw:
1181         if (!ar->rx_software_decryption) {
1182                 ar->rx_software_decryption = true;
1183                 carl9170_set_operating_mode(ar);
1184         }
1185         mutex_unlock(&ar->mutex);
1186         return -ENOSPC;
1187 }
1188
1189 static int carl9170_op_sta_add(struct ieee80211_hw *hw,
1190                                struct ieee80211_vif *vif,
1191                                struct ieee80211_sta *sta)
1192 {
1193         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1194         unsigned int i;
1195
1196         if (sta->ht_cap.ht_supported) {
1197                 if (sta->ht_cap.ampdu_density > 6) {
1198                         /*
1199                          * HW does support 16us AMPDU density.
1200                          * No HT-Xmit for station.
1201                          */
1202
1203                         return 0;
1204                 }
1205
1206                 for (i = 0; i < CARL9170_NUM_TID; i++)
1207                         rcu_assign_pointer(sta_info->agg[i], NULL);
1208
1209                 sta_info->ampdu_max_len = 1 << (3 + sta->ht_cap.ampdu_factor);
1210                 sta_info->ht_sta = true;
1211         }
1212
1213         return 0;
1214 }
1215
1216 static int carl9170_op_sta_remove(struct ieee80211_hw *hw,
1217                                 struct ieee80211_vif *vif,
1218                                 struct ieee80211_sta *sta)
1219 {
1220         struct ar9170 *ar = hw->priv;
1221         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1222         unsigned int i;
1223         bool cleanup = false;
1224
1225         if (sta->ht_cap.ht_supported) {
1226
1227                 sta_info->ht_sta = false;
1228
1229                 rcu_read_lock();
1230                 for (i = 0; i < CARL9170_NUM_TID; i++) {
1231                         struct carl9170_sta_tid *tid_info;
1232
1233                         tid_info = rcu_dereference(sta_info->agg[i]);
1234                         rcu_assign_pointer(sta_info->agg[i], NULL);
1235
1236                         if (!tid_info)
1237                                 continue;
1238
1239                         spin_lock_bh(&ar->tx_ampdu_list_lock);
1240                         if (tid_info->state > CARL9170_TID_STATE_SHUTDOWN)
1241                                 tid_info->state = CARL9170_TID_STATE_SHUTDOWN;
1242                         spin_unlock_bh(&ar->tx_ampdu_list_lock);
1243                         cleanup = true;
1244                 }
1245                 rcu_read_unlock();
1246
1247                 if (cleanup)
1248                         carl9170_ampdu_gc(ar);
1249         }
1250
1251         return 0;
1252 }
1253
1254 static int carl9170_op_conf_tx(struct ieee80211_hw *hw, u16 queue,
1255                                const struct ieee80211_tx_queue_params *param)
1256 {
1257         struct ar9170 *ar = hw->priv;
1258         int ret;
1259
1260         mutex_lock(&ar->mutex);
1261         if (queue < ar->hw->queues) {
1262                 memcpy(&ar->edcf[ar9170_qmap[queue]], param, sizeof(*param));
1263                 ret = carl9170_set_qos(ar);
1264         } else {
1265                 ret = -EINVAL;
1266         }
1267
1268         mutex_unlock(&ar->mutex);
1269         return ret;
1270 }
1271
1272 static void carl9170_ampdu_work(struct work_struct *work)
1273 {
1274         struct ar9170 *ar = container_of(work, struct ar9170,
1275                                          ampdu_work);
1276
1277         if (!IS_STARTED(ar))
1278                 return;
1279
1280         mutex_lock(&ar->mutex);
1281         carl9170_ampdu_gc(ar);
1282         mutex_unlock(&ar->mutex);
1283 }
1284
1285 static int carl9170_op_ampdu_action(struct ieee80211_hw *hw,
1286                                     struct ieee80211_vif *vif,
1287                                     enum ieee80211_ampdu_mlme_action action,
1288                                     struct ieee80211_sta *sta,
1289                                     u16 tid, u16 *ssn, u8 buf_size)
1290 {
1291         struct ar9170 *ar = hw->priv;
1292         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1293         struct carl9170_sta_tid *tid_info;
1294
1295         if (modparam_noht)
1296                 return -EOPNOTSUPP;
1297
1298         switch (action) {
1299         case IEEE80211_AMPDU_TX_START:
1300                 if (!sta_info->ht_sta)
1301                         return -EOPNOTSUPP;
1302
1303                 rcu_read_lock();
1304                 if (rcu_dereference(sta_info->agg[tid])) {
1305                         rcu_read_unlock();
1306                         return -EBUSY;
1307                 }
1308
1309                 tid_info = kzalloc(sizeof(struct carl9170_sta_tid),
1310                                    GFP_ATOMIC);
1311                 if (!tid_info) {
1312                         rcu_read_unlock();
1313                         return -ENOMEM;
1314                 }
1315
1316                 tid_info->hsn = tid_info->bsn = tid_info->snx = (*ssn);
1317                 tid_info->state = CARL9170_TID_STATE_PROGRESS;
1318                 tid_info->tid = tid;
1319                 tid_info->max = sta_info->ampdu_max_len;
1320
1321                 INIT_LIST_HEAD(&tid_info->list);
1322                 INIT_LIST_HEAD(&tid_info->tmp_list);
1323                 skb_queue_head_init(&tid_info->queue);
1324                 spin_lock_init(&tid_info->lock);
1325
1326                 spin_lock_bh(&ar->tx_ampdu_list_lock);
1327                 ar->tx_ampdu_list_len++;
1328                 list_add_tail_rcu(&tid_info->list, &ar->tx_ampdu_list);
1329                 rcu_assign_pointer(sta_info->agg[tid], tid_info);
1330                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
1331                 rcu_read_unlock();
1332
1333                 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1334                 break;
1335
1336         case IEEE80211_AMPDU_TX_STOP:
1337                 rcu_read_lock();
1338                 tid_info = rcu_dereference(sta_info->agg[tid]);
1339                 if (tid_info) {
1340                         spin_lock_bh(&ar->tx_ampdu_list_lock);
1341                         if (tid_info->state > CARL9170_TID_STATE_SHUTDOWN)
1342                                 tid_info->state = CARL9170_TID_STATE_SHUTDOWN;
1343                         spin_unlock_bh(&ar->tx_ampdu_list_lock);
1344                 }
1345
1346                 rcu_assign_pointer(sta_info->agg[tid], NULL);
1347                 rcu_read_unlock();
1348
1349                 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1350                 ieee80211_queue_work(ar->hw, &ar->ampdu_work);
1351                 break;
1352
1353         case IEEE80211_AMPDU_TX_OPERATIONAL:
1354                 rcu_read_lock();
1355                 tid_info = rcu_dereference(sta_info->agg[tid]);
1356
1357                 sta_info->stats[tid].clear = true;
1358
1359                 if (tid_info) {
1360                         bitmap_zero(tid_info->bitmap, CARL9170_BAW_SIZE);
1361                         tid_info->state = CARL9170_TID_STATE_IDLE;
1362                 }
1363                 rcu_read_unlock();
1364
1365                 if (WARN_ON_ONCE(!tid_info))
1366                         return -EFAULT;
1367
1368                 break;
1369
1370         case IEEE80211_AMPDU_RX_START:
1371         case IEEE80211_AMPDU_RX_STOP:
1372                 /* Handled by hardware */
1373                 break;
1374
1375         default:
1376                 return -EOPNOTSUPP;
1377         }
1378
1379         return 0;
1380 }
1381
1382 #ifdef CONFIG_CARL9170_WPC
1383 static int carl9170_register_wps_button(struct ar9170 *ar)
1384 {
1385         struct input_dev *input;
1386         int err;
1387
1388         if (!(ar->features & CARL9170_WPS_BUTTON))
1389                 return 0;
1390
1391         input = input_allocate_device();
1392         if (!input)
1393                 return -ENOMEM;
1394
1395         snprintf(ar->wps.name, sizeof(ar->wps.name), "%s WPS Button",
1396                  wiphy_name(ar->hw->wiphy));
1397
1398         snprintf(ar->wps.phys, sizeof(ar->wps.phys),
1399                  "ieee80211/%s/input0", wiphy_name(ar->hw->wiphy));
1400
1401         input->name = ar->wps.name;
1402         input->phys = ar->wps.phys;
1403         input->id.bustype = BUS_USB;
1404         input->dev.parent = &ar->hw->wiphy->dev;
1405
1406         input_set_capability(input, EV_KEY, KEY_WPS_BUTTON);
1407
1408         err = input_register_device(input);
1409         if (err) {
1410                 input_free_device(input);
1411                 return err;
1412         }
1413
1414         ar->wps.pbc = input;
1415         return 0;
1416 }
1417 #endif /* CONFIG_CARL9170_WPC */
1418
1419 static int carl9170_op_get_survey(struct ieee80211_hw *hw, int idx,
1420                                 struct survey_info *survey)
1421 {
1422         struct ar9170 *ar = hw->priv;
1423         int err;
1424
1425         if (idx != 0)
1426                 return -ENOENT;
1427
1428         mutex_lock(&ar->mutex);
1429         err = carl9170_get_noisefloor(ar);
1430         mutex_unlock(&ar->mutex);
1431         if (err)
1432                 return err;
1433
1434         survey->channel = ar->channel;
1435         survey->filled = SURVEY_INFO_NOISE_DBM;
1436         survey->noise = ar->noise[0];
1437         return 0;
1438 }
1439
1440 static void carl9170_op_flush(struct ieee80211_hw *hw, bool drop)
1441 {
1442         struct ar9170 *ar = hw->priv;
1443         unsigned int vid;
1444
1445         mutex_lock(&ar->mutex);
1446         for_each_set_bit(vid, &ar->vif_bitmap, ar->fw.vif_num)
1447                 carl9170_flush_cab(ar, vid);
1448
1449         carl9170_flush(ar, drop);
1450         mutex_unlock(&ar->mutex);
1451 }
1452
1453 static int carl9170_op_get_stats(struct ieee80211_hw *hw,
1454                                  struct ieee80211_low_level_stats *stats)
1455 {
1456         struct ar9170 *ar = hw->priv;
1457
1458         memset(stats, 0, sizeof(*stats));
1459         stats->dot11ACKFailureCount = ar->tx_ack_failures;
1460         stats->dot11FCSErrorCount = ar->tx_fcs_errors;
1461         return 0;
1462 }
1463
1464 static void carl9170_op_sta_notify(struct ieee80211_hw *hw,
1465                                    struct ieee80211_vif *vif,
1466                                    enum sta_notify_cmd cmd,
1467                                    struct ieee80211_sta *sta)
1468 {
1469         struct ar9170 *ar = hw->priv;
1470         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1471         struct sk_buff *skb, *tmp;
1472         struct sk_buff_head free;
1473         int i;
1474
1475         switch (cmd) {
1476         case STA_NOTIFY_SLEEP:
1477                 /*
1478                  * Since the peer is no longer listening, we have to return
1479                  * as many SKBs as possible back to the mac80211 stack.
1480                  * It will deal with the retry procedure, once the peer
1481                  * has become available again.
1482                  *
1483                  * NB: Ideally, the driver should return the all frames in
1484                  * the correct, ascending order. However, I think that this
1485                  * functionality should be implemented in the stack and not
1486                  * here...
1487                  */
1488
1489                 __skb_queue_head_init(&free);
1490
1491                 if (sta->ht_cap.ht_supported) {
1492                         rcu_read_lock();
1493                         for (i = 0; i < CARL9170_NUM_TID; i++) {
1494                                 struct carl9170_sta_tid *tid_info;
1495
1496                                 tid_info = rcu_dereference(sta_info->agg[i]);
1497
1498                                 if (!tid_info)
1499                                         continue;
1500
1501                                 spin_lock_bh(&ar->tx_ampdu_list_lock);
1502                                 if (tid_info->state >
1503                                     CARL9170_TID_STATE_SUSPEND)
1504                                         tid_info->state =
1505                                                 CARL9170_TID_STATE_SUSPEND;
1506                                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
1507
1508                                 spin_lock_bh(&tid_info->lock);
1509                                 while ((skb = __skb_dequeue(&tid_info->queue)))
1510                                         __skb_queue_tail(&free, skb);
1511                                 spin_unlock_bh(&tid_info->lock);
1512                         }
1513                         rcu_read_unlock();
1514                 }
1515
1516                 for (i = 0; i < ar->hw->queues; i++) {
1517                         spin_lock_bh(&ar->tx_pending[i].lock);
1518                         skb_queue_walk_safe(&ar->tx_pending[i], skb, tmp) {
1519                                 struct _carl9170_tx_superframe *super;
1520                                 struct ieee80211_hdr *hdr;
1521                                 struct ieee80211_tx_info *info;
1522
1523                                 super = (void *) skb->data;
1524                                 hdr = (void *) super->frame_data;
1525
1526                                 if (compare_ether_addr(hdr->addr1, sta->addr))
1527                                         continue;
1528
1529                                 __skb_unlink(skb, &ar->tx_pending[i]);
1530
1531                                 info = IEEE80211_SKB_CB(skb);
1532                                 if (info->flags & IEEE80211_TX_CTL_AMPDU)
1533                                         atomic_dec(&ar->tx_ampdu_upload);
1534
1535                                 carl9170_tx_status(ar, skb, false);
1536                         }
1537                         spin_unlock_bh(&ar->tx_pending[i].lock);
1538                 }
1539
1540                 while ((skb = __skb_dequeue(&free)))
1541                         carl9170_tx_status(ar, skb, false);
1542
1543                 break;
1544
1545         case STA_NOTIFY_AWAKE:
1546                 if (!sta->ht_cap.ht_supported)
1547                         return;
1548
1549                 rcu_read_lock();
1550                 for (i = 0; i < CARL9170_NUM_TID; i++) {
1551                         struct carl9170_sta_tid *tid_info;
1552
1553                         tid_info = rcu_dereference(sta_info->agg[i]);
1554
1555                         if (!tid_info)
1556                                 continue;
1557
1558                         if ((tid_info->state == CARL9170_TID_STATE_SUSPEND))
1559                                 tid_info->state = CARL9170_TID_STATE_IDLE;
1560                 }
1561                 rcu_read_unlock();
1562                 break;
1563         }
1564 }
1565
1566 static const struct ieee80211_ops carl9170_ops = {
1567         .start                  = carl9170_op_start,
1568         .stop                   = carl9170_op_stop,
1569         .tx                     = carl9170_op_tx,
1570         .flush                  = carl9170_op_flush,
1571         .add_interface          = carl9170_op_add_interface,
1572         .remove_interface       = carl9170_op_remove_interface,
1573         .config                 = carl9170_op_config,
1574         .prepare_multicast      = carl9170_op_prepare_multicast,
1575         .configure_filter       = carl9170_op_configure_filter,
1576         .conf_tx                = carl9170_op_conf_tx,
1577         .bss_info_changed       = carl9170_op_bss_info_changed,
1578         .get_tsf                = carl9170_op_get_tsf,
1579         .set_key                = carl9170_op_set_key,
1580         .sta_add                = carl9170_op_sta_add,
1581         .sta_remove             = carl9170_op_sta_remove,
1582         .sta_notify             = carl9170_op_sta_notify,
1583         .get_survey             = carl9170_op_get_survey,
1584         .get_stats              = carl9170_op_get_stats,
1585         .ampdu_action           = carl9170_op_ampdu_action,
1586 };
1587
1588 void *carl9170_alloc(size_t priv_size)
1589 {
1590         struct ieee80211_hw *hw;
1591         struct ar9170 *ar;
1592         struct sk_buff *skb;
1593         int i;
1594
1595         /*
1596          * this buffer is used for rx stream reconstruction.
1597          * Under heavy load this device (or the transport layer?)
1598          * tends to split the streams into separate rx descriptors.
1599          */
1600
1601         skb = __dev_alloc_skb(AR9170_RX_STREAM_MAX_SIZE, GFP_KERNEL);
1602         if (!skb)
1603                 goto err_nomem;
1604
1605         hw = ieee80211_alloc_hw(priv_size, &carl9170_ops);
1606         if (!hw)
1607                 goto err_nomem;
1608
1609         ar = hw->priv;
1610         ar->hw = hw;
1611         ar->rx_failover = skb;
1612
1613         memset(&ar->rx_plcp, 0, sizeof(struct ar9170_rx_head));
1614         ar->rx_has_plcp = false;
1615
1616         /*
1617          * Here's a hidden pitfall!
1618          *
1619          * All 4 AC queues work perfectly well under _legacy_ operation.
1620          * However as soon as aggregation is enabled, the traffic flow
1621          * gets very bumpy. Therefore we have to _switch_ to a
1622          * software AC with a single HW queue.
1623          */
1624         hw->queues = __AR9170_NUM_TXQ;
1625
1626         mutex_init(&ar->mutex);
1627         spin_lock_init(&ar->beacon_lock);
1628         spin_lock_init(&ar->cmd_lock);
1629         spin_lock_init(&ar->tx_stats_lock);
1630         spin_lock_init(&ar->tx_ampdu_list_lock);
1631         spin_lock_init(&ar->mem_lock);
1632         spin_lock_init(&ar->state_lock);
1633         atomic_set(&ar->pending_restarts, 0);
1634         ar->vifs = 0;
1635         for (i = 0; i < ar->hw->queues; i++) {
1636                 skb_queue_head_init(&ar->tx_status[i]);
1637                 skb_queue_head_init(&ar->tx_pending[i]);
1638         }
1639         INIT_WORK(&ar->ps_work, carl9170_ps_work);
1640         INIT_WORK(&ar->ping_work, carl9170_ping_work);
1641         INIT_WORK(&ar->restart_work, carl9170_restart_work);
1642         INIT_WORK(&ar->ampdu_work, carl9170_ampdu_work);
1643         INIT_DELAYED_WORK(&ar->tx_janitor, carl9170_tx_janitor);
1644         INIT_LIST_HEAD(&ar->tx_ampdu_list);
1645         rcu_assign_pointer(ar->tx_ampdu_iter,
1646                            (struct carl9170_sta_tid *) &ar->tx_ampdu_list);
1647
1648         bitmap_zero(&ar->vif_bitmap, ar->fw.vif_num);
1649         INIT_LIST_HEAD(&ar->vif_list);
1650         init_completion(&ar->tx_flush);
1651
1652         /*
1653          * Note:
1654          * IBSS/ADHOC and AP mode are only enabled, if the firmware
1655          * supports these modes. The code which will add the
1656          * additional interface_modes is in fw.c.
1657          */
1658         hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
1659                                      BIT(NL80211_IFTYPE_P2P_CLIENT);
1660
1661         hw->flags |= IEEE80211_HW_RX_INCLUDES_FCS |
1662                      IEEE80211_HW_REPORTS_TX_ACK_STATUS |
1663                      IEEE80211_HW_SUPPORTS_PS |
1664                      IEEE80211_HW_PS_NULLFUNC_STACK |
1665                      IEEE80211_HW_SIGNAL_DBM;
1666
1667         if (!modparam_noht) {
1668                 /*
1669                  * see the comment above, why we allow the user
1670                  * to disable HT by a module parameter.
1671                  */
1672                 hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
1673         }
1674
1675         hw->extra_tx_headroom = sizeof(struct _carl9170_tx_superframe);
1676         hw->sta_data_size = sizeof(struct carl9170_sta_info);
1677         hw->vif_data_size = sizeof(struct carl9170_vif_info);
1678
1679         hw->max_rates = CARL9170_TX_MAX_RATES;
1680         hw->max_rate_tries = CARL9170_TX_USER_RATE_TRIES;
1681
1682         for (i = 0; i < ARRAY_SIZE(ar->noise); i++)
1683                 ar->noise[i] = -95; /* ATH_DEFAULT_NOISE_FLOOR */
1684
1685         hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
1686         return ar;
1687
1688 err_nomem:
1689         kfree_skb(skb);
1690         return ERR_PTR(-ENOMEM);
1691 }
1692
1693 static int carl9170_read_eeprom(struct ar9170 *ar)
1694 {
1695 #define RW      8       /* number of words to read at once */
1696 #define RB      (sizeof(u32) * RW)
1697         u8 *eeprom = (void *)&ar->eeprom;
1698         __le32 offsets[RW];
1699         int i, j, err;
1700
1701         BUILD_BUG_ON(sizeof(ar->eeprom) & 3);
1702
1703         BUILD_BUG_ON(RB > CARL9170_MAX_CMD_LEN - 4);
1704 #ifndef __CHECKER__
1705         /* don't want to handle trailing remains */
1706         BUILD_BUG_ON(sizeof(ar->eeprom) % RB);
1707 #endif
1708
1709         for (i = 0; i < sizeof(ar->eeprom)/RB; i++) {
1710                 for (j = 0; j < RW; j++)
1711                         offsets[j] = cpu_to_le32(AR9170_EEPROM_START +
1712                                                  RB * i + 4 * j);
1713
1714                 err = carl9170_exec_cmd(ar, CARL9170_CMD_RREG,
1715                                         RB, (u8 *) &offsets,
1716                                         RB, eeprom + RB * i);
1717                 if (err)
1718                         return err;
1719         }
1720
1721 #undef RW
1722 #undef RB
1723         return 0;
1724 }
1725
1726 static int carl9170_parse_eeprom(struct ar9170 *ar)
1727 {
1728         struct ath_regulatory *regulatory = &ar->common.regulatory;
1729         unsigned int rx_streams, tx_streams, tx_params = 0;
1730         int bands = 0;
1731
1732         if (ar->eeprom.length == cpu_to_le16(0xffff))
1733                 return -ENODATA;
1734
1735         rx_streams = hweight8(ar->eeprom.rx_mask);
1736         tx_streams = hweight8(ar->eeprom.tx_mask);
1737
1738         if (rx_streams != tx_streams) {
1739                 tx_params = IEEE80211_HT_MCS_TX_RX_DIFF;
1740
1741                 WARN_ON(!(tx_streams >= 1 && tx_streams <=
1742                         IEEE80211_HT_MCS_TX_MAX_STREAMS));
1743
1744                 tx_params = (tx_streams - 1) <<
1745                             IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
1746
1747                 carl9170_band_2GHz.ht_cap.mcs.tx_params |= tx_params;
1748                 carl9170_band_5GHz.ht_cap.mcs.tx_params |= tx_params;
1749         }
1750
1751         if (ar->eeprom.operating_flags & AR9170_OPFLAG_2GHZ) {
1752                 ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] =
1753                         &carl9170_band_2GHz;
1754                 bands++;
1755         }
1756         if (ar->eeprom.operating_flags & AR9170_OPFLAG_5GHZ) {
1757                 ar->hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
1758                         &carl9170_band_5GHz;
1759                 bands++;
1760         }
1761
1762         /*
1763          * I measured this, a bandswitch takes roughly
1764          * 135 ms and a frequency switch about 80.
1765          *
1766          * FIXME: measure these values again once EEPROM settings
1767          *        are used, that will influence them!
1768          */
1769         if (bands == 2)
1770                 ar->hw->channel_change_time = 135 * 1000;
1771         else
1772                 ar->hw->channel_change_time = 80 * 1000;
1773
1774         regulatory->current_rd = le16_to_cpu(ar->eeprom.reg_domain[0]);
1775         regulatory->current_rd_ext = le16_to_cpu(ar->eeprom.reg_domain[1]);
1776
1777         /* second part of wiphy init */
1778         SET_IEEE80211_PERM_ADDR(ar->hw, ar->eeprom.mac_address);
1779
1780         return bands ? 0 : -EINVAL;
1781 }
1782
1783 static int carl9170_reg_notifier(struct wiphy *wiphy,
1784                                  struct regulatory_request *request)
1785 {
1786         struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
1787         struct ar9170 *ar = hw->priv;
1788
1789         return ath_reg_notifier_apply(wiphy, request, &ar->common.regulatory);
1790 }
1791
1792 int carl9170_register(struct ar9170 *ar)
1793 {
1794         struct ath_regulatory *regulatory = &ar->common.regulatory;
1795         int err = 0, i;
1796
1797         if (WARN_ON(ar->mem_bitmap))
1798                 return -EINVAL;
1799
1800         ar->mem_bitmap = kzalloc(roundup(ar->fw.mem_blocks, BITS_PER_LONG) *
1801                                  sizeof(unsigned long), GFP_KERNEL);
1802
1803         if (!ar->mem_bitmap)
1804                 return -ENOMEM;
1805
1806         /* try to read EEPROM, init MAC addr */
1807         err = carl9170_read_eeprom(ar);
1808         if (err)
1809                 return err;
1810
1811         err = carl9170_fw_fix_eeprom(ar);
1812         if (err)
1813                 return err;
1814
1815         err = carl9170_parse_eeprom(ar);
1816         if (err)
1817                 return err;
1818
1819         err = ath_regd_init(regulatory, ar->hw->wiphy,
1820                             carl9170_reg_notifier);
1821         if (err)
1822                 return err;
1823
1824         if (modparam_noht) {
1825                 carl9170_band_2GHz.ht_cap.ht_supported = false;
1826                 carl9170_band_5GHz.ht_cap.ht_supported = false;
1827         }
1828
1829         for (i = 0; i < ar->fw.vif_num; i++) {
1830                 ar->vif_priv[i].id = i;
1831                 ar->vif_priv[i].vif = NULL;
1832         }
1833
1834         err = ieee80211_register_hw(ar->hw);
1835         if (err)
1836                 return err;
1837
1838         /* mac80211 interface is now registered */
1839         ar->registered = true;
1840
1841         if (!ath_is_world_regd(regulatory))
1842                 regulatory_hint(ar->hw->wiphy, regulatory->alpha2);
1843
1844 #ifdef CONFIG_CARL9170_DEBUGFS
1845         carl9170_debugfs_register(ar);
1846 #endif /* CONFIG_CARL9170_DEBUGFS */
1847
1848         err = carl9170_led_init(ar);
1849         if (err)
1850                 goto err_unreg;
1851
1852 #ifdef CONFIG_CARL9170_LEDS
1853         err = carl9170_led_register(ar);
1854         if (err)
1855                 goto err_unreg;
1856 #endif /* CONFIG_CARL9170_LEDS */
1857
1858 #ifdef CONFIG_CARL9170_WPC
1859         err = carl9170_register_wps_button(ar);
1860         if (err)
1861                 goto err_unreg;
1862 #endif /* CONFIG_CARL9170_WPC */
1863
1864         dev_info(&ar->udev->dev, "Atheros AR9170 is registered as '%s'\n",
1865                  wiphy_name(ar->hw->wiphy));
1866
1867         return 0;
1868
1869 err_unreg:
1870         carl9170_unregister(ar);
1871         return err;
1872 }
1873
1874 void carl9170_unregister(struct ar9170 *ar)
1875 {
1876         if (!ar->registered)
1877                 return;
1878
1879         ar->registered = false;
1880
1881 #ifdef CONFIG_CARL9170_LEDS
1882         carl9170_led_unregister(ar);
1883 #endif /* CONFIG_CARL9170_LEDS */
1884
1885 #ifdef CONFIG_CARL9170_DEBUGFS
1886         carl9170_debugfs_unregister(ar);
1887 #endif /* CONFIG_CARL9170_DEBUGFS */
1888
1889 #ifdef CONFIG_CARL9170_WPC
1890         if (ar->wps.pbc) {
1891                 input_unregister_device(ar->wps.pbc);
1892                 ar->wps.pbc = NULL;
1893         }
1894 #endif /* CONFIG_CARL9170_WPC */
1895
1896         carl9170_cancel_worker(ar);
1897         cancel_work_sync(&ar->restart_work);
1898
1899         ieee80211_unregister_hw(ar->hw);
1900 }
1901
1902 void carl9170_free(struct ar9170 *ar)
1903 {
1904         WARN_ON(ar->registered);
1905         WARN_ON(IS_INITIALIZED(ar));
1906
1907         kfree_skb(ar->rx_failover);
1908         ar->rx_failover = NULL;
1909
1910         kfree(ar->mem_bitmap);
1911         ar->mem_bitmap = NULL;
1912
1913         mutex_destroy(&ar->mutex);
1914
1915         ieee80211_free_hw(ar->hw);
1916 }