mac80211/drivers: rewrite the rate control API
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
40 #include <linux/io.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
43
44 #include "b43.h"
45 #include "main.h"
46 #include "debugfs.h"
47 #include "phy_common.h"
48 #include "phy_g.h"
49 #include "phy_n.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         u32 ret;
379
380         if (routing == B43_SHM_SHARED) {
381                 B43_WARN_ON(offset & 0x0001);
382                 if (offset & 0x0003) {
383                         /* Unaligned access */
384                         b43_shm_control_word(dev, routing, offset >> 2);
385                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
386                         ret <<= 16;
387                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
389
390                         goto out;
391                 }
392                 offset >>= 2;
393         }
394         b43_shm_control_word(dev, routing, offset);
395         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
396 out:
397         return ret;
398 }
399
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
401 {
402         struct b43_wl *wl = dev->wl;
403         unsigned long flags;
404         u32 ret;
405
406         spin_lock_irqsave(&wl->shm_lock, flags);
407         ret = __b43_shm_read32(dev, routing, offset);
408         spin_unlock_irqrestore(&wl->shm_lock, flags);
409
410         return ret;
411 }
412
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
414 {
415         u16 ret;
416
417         if (routing == B43_SHM_SHARED) {
418                 B43_WARN_ON(offset & 0x0001);
419                 if (offset & 0x0003) {
420                         /* Unaligned access */
421                         b43_shm_control_word(dev, routing, offset >> 2);
422                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
423
424                         goto out;
425                 }
426                 offset >>= 2;
427         }
428         b43_shm_control_word(dev, routing, offset);
429         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
430 out:
431         return ret;
432 }
433
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
435 {
436         struct b43_wl *wl = dev->wl;
437         unsigned long flags;
438         u16 ret;
439
440         spin_lock_irqsave(&wl->shm_lock, flags);
441         ret = __b43_shm_read16(dev, routing, offset);
442         spin_unlock_irqrestore(&wl->shm_lock, flags);
443
444         return ret;
445 }
446
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
448 {
449         if (routing == B43_SHM_SHARED) {
450                 B43_WARN_ON(offset & 0x0001);
451                 if (offset & 0x0003) {
452                         /* Unaligned access */
453                         b43_shm_control_word(dev, routing, offset >> 2);
454                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455                                     (value >> 16) & 0xffff);
456                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
458                         return;
459                 }
460                 offset >>= 2;
461         }
462         b43_shm_control_word(dev, routing, offset);
463         b43_write32(dev, B43_MMIO_SHM_DATA, value);
464 }
465
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
467 {
468         struct b43_wl *wl = dev->wl;
469         unsigned long flags;
470
471         spin_lock_irqsave(&wl->shm_lock, flags);
472         __b43_shm_write32(dev, routing, offset, value);
473         spin_unlock_irqrestore(&wl->shm_lock, flags);
474 }
475
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
477 {
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
484                         return;
485                 }
486                 offset >>= 2;
487         }
488         b43_shm_control_word(dev, routing, offset);
489         b43_write16(dev, B43_MMIO_SHM_DATA, value);
490 }
491
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
493 {
494         struct b43_wl *wl = dev->wl;
495         unsigned long flags;
496
497         spin_lock_irqsave(&wl->shm_lock, flags);
498         __b43_shm_write16(dev, routing, offset, value);
499         spin_unlock_irqrestore(&wl->shm_lock, flags);
500 }
501
502 /* Read HostFlags */
503 u64 b43_hf_read(struct b43_wldev * dev)
504 {
505         u64 ret;
506
507         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
508         ret <<= 16;
509         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
510         ret <<= 16;
511         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
512
513         return ret;
514 }
515
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
518 {
519         u16 lo, mi, hi;
520
521         lo = (value & 0x00000000FFFFULL);
522         mi = (value & 0x0000FFFF0000ULL) >> 16;
523         hi = (value & 0xFFFF00000000ULL) >> 32;
524         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
527 }
528
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
530 {
531         /* We need to be careful. As we read the TSF from multiple
532          * registers, we should take care of register overflows.
533          * In theory, the whole tsf read process should be atomic.
534          * We try to be atomic here, by restaring the read process,
535          * if any of the high registers changed (overflew).
536          */
537         if (dev->dev->id.revision >= 3) {
538                 u32 low, high, high2;
539
540                 do {
541                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544                 } while (unlikely(high != high2));
545
546                 *tsf = high;
547                 *tsf <<= 32;
548                 *tsf |= low;
549         } else {
550                 u64 tmp;
551                 u16 v0, v1, v2, v3;
552                 u16 test1, test2, test3;
553
554                 do {
555                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
556                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
557                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
558                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
559
560                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
561                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
562                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
563                 } while (v3 != test3 || v2 != test2 || v1 != test1);
564
565                 *tsf = v3;
566                 *tsf <<= 48;
567                 tmp = v2;
568                 tmp <<= 32;
569                 *tsf |= tmp;
570                 tmp = v1;
571                 tmp <<= 16;
572                 *tsf |= tmp;
573                 *tsf |= v0;
574         }
575 }
576
577 static void b43_time_lock(struct b43_wldev *dev)
578 {
579         u32 macctl;
580
581         macctl = b43_read32(dev, B43_MMIO_MACCTL);
582         macctl |= B43_MACCTL_TBTTHOLD;
583         b43_write32(dev, B43_MMIO_MACCTL, macctl);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         u32 macctl;
591
592         macctl = b43_read32(dev, B43_MMIO_MACCTL);
593         macctl &= ~B43_MACCTL_TBTTHOLD;
594         b43_write32(dev, B43_MMIO_MACCTL, macctl);
595         /* Commit the write */
596         b43_read32(dev, B43_MMIO_MACCTL);
597 }
598
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
600 {
601         /* Be careful with the in-progress timer.
602          * First zero out the low register, so we have a full
603          * register-overflow duration to complete the operation.
604          */
605         if (dev->dev->id.revision >= 3) {
606                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
608
609                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
610                 mmiowb();
611                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
612                 mmiowb();
613                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
614         } else {
615                 u16 v0 = (tsf & 0x000000000000FFFFULL);
616                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
619
620                 b43_write16(dev, B43_MMIO_TSF_0, 0);
621                 mmiowb();
622                 b43_write16(dev, B43_MMIO_TSF_3, v3);
623                 mmiowb();
624                 b43_write16(dev, B43_MMIO_TSF_2, v2);
625                 mmiowb();
626                 b43_write16(dev, B43_MMIO_TSF_1, v1);
627                 mmiowb();
628                 b43_write16(dev, B43_MMIO_TSF_0, v0);
629         }
630 }
631
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
633 {
634         b43_time_lock(dev);
635         b43_tsf_write_locked(dev, tsf);
636         b43_time_unlock(dev);
637 }
638
639 static
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
641 {
642         static const u8 zero_addr[ETH_ALEN] = { 0 };
643         u16 data;
644
645         if (!mac)
646                 mac = zero_addr;
647
648         offset |= 0x0020;
649         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
650
651         data = mac[0];
652         data |= mac[1] << 8;
653         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
654         data = mac[2];
655         data |= mac[3] << 8;
656         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
657         data = mac[4];
658         data |= mac[5] << 8;
659         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
660 }
661
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
663 {
664         const u8 *mac;
665         const u8 *bssid;
666         u8 mac_bssid[ETH_ALEN * 2];
667         int i;
668         u32 tmp;
669
670         bssid = dev->wl->bssid;
671         mac = dev->wl->mac_addr;
672
673         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
674
675         memcpy(mac_bssid, mac, ETH_ALEN);
676         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
677
678         /* Write our MAC address and BSSID to template ram */
679         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680                 tmp = (u32) (mac_bssid[i + 0]);
681                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684                 b43_ram_write(dev, 0x20 + i, tmp);
685         }
686 }
687
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
689 {
690         b43_write_mac_bssid_templates(dev);
691         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
692 }
693
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
695 {
696         /* slot_time is in usec. */
697         if (dev->phy.type != B43_PHYTYPE_G)
698                 return;
699         b43_write16(dev, 0x684, 510 + slot_time);
700         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
701 }
702
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
704 {
705         b43_set_slot_time(dev, 9);
706         dev->short_slot = 1;
707 }
708
709 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
710 {
711         b43_set_slot_time(dev, 20);
712         dev->short_slot = 0;
713 }
714
715 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
716  * Returns the _previously_ enabled IRQ mask.
717  */
718 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
719 {
720         u32 old_mask;
721
722         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
723         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
724
725         return old_mask;
726 }
727
728 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
729  * Returns the _previously_ enabled IRQ mask.
730  */
731 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
732 {
733         u32 old_mask;
734
735         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
736         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
737
738         return old_mask;
739 }
740
741 /* Synchronize IRQ top- and bottom-half.
742  * IRQs must be masked before calling this.
743  * This must not be called with the irq_lock held.
744  */
745 static void b43_synchronize_irq(struct b43_wldev *dev)
746 {
747         synchronize_irq(dev->dev->irq);
748         tasklet_kill(&dev->isr_tasklet);
749 }
750
751 /* DummyTransmission function, as documented on
752  * http://bcm-specs.sipsolutions.net/DummyTransmission
753  */
754 void b43_dummy_transmission(struct b43_wldev *dev)
755 {
756         struct b43_wl *wl = dev->wl;
757         struct b43_phy *phy = &dev->phy;
758         unsigned int i, max_loop;
759         u16 value;
760         u32 buffer[5] = {
761                 0x00000000,
762                 0x00D40000,
763                 0x00000000,
764                 0x01000000,
765                 0x00000000,
766         };
767
768         switch (phy->type) {
769         case B43_PHYTYPE_A:
770                 max_loop = 0x1E;
771                 buffer[0] = 0x000201CC;
772                 break;
773         case B43_PHYTYPE_B:
774         case B43_PHYTYPE_G:
775                 max_loop = 0xFA;
776                 buffer[0] = 0x000B846E;
777                 break;
778         default:
779                 B43_WARN_ON(1);
780                 return;
781         }
782
783         spin_lock_irq(&wl->irq_lock);
784         write_lock(&wl->tx_lock);
785
786         for (i = 0; i < 5; i++)
787                 b43_ram_write(dev, i * 4, buffer[i]);
788
789         /* Commit writes */
790         b43_read32(dev, B43_MMIO_MACCTL);
791
792         b43_write16(dev, 0x0568, 0x0000);
793         b43_write16(dev, 0x07C0, 0x0000);
794         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
795         b43_write16(dev, 0x050C, value);
796         b43_write16(dev, 0x0508, 0x0000);
797         b43_write16(dev, 0x050A, 0x0000);
798         b43_write16(dev, 0x054C, 0x0000);
799         b43_write16(dev, 0x056A, 0x0014);
800         b43_write16(dev, 0x0568, 0x0826);
801         b43_write16(dev, 0x0500, 0x0000);
802         b43_write16(dev, 0x0502, 0x0030);
803
804         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
805                 b43_radio_write16(dev, 0x0051, 0x0017);
806         for (i = 0x00; i < max_loop; i++) {
807                 value = b43_read16(dev, 0x050E);
808                 if (value & 0x0080)
809                         break;
810                 udelay(10);
811         }
812         for (i = 0x00; i < 0x0A; i++) {
813                 value = b43_read16(dev, 0x050E);
814                 if (value & 0x0400)
815                         break;
816                 udelay(10);
817         }
818         for (i = 0x00; i < 0x19; i++) {
819                 value = b43_read16(dev, 0x0690);
820                 if (!(value & 0x0100))
821                         break;
822                 udelay(10);
823         }
824         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
825                 b43_radio_write16(dev, 0x0051, 0x0037);
826
827         write_unlock(&wl->tx_lock);
828         spin_unlock_irq(&wl->irq_lock);
829 }
830
831 static void key_write(struct b43_wldev *dev,
832                       u8 index, u8 algorithm, const u8 * key)
833 {
834         unsigned int i;
835         u32 offset;
836         u16 value;
837         u16 kidx;
838
839         /* Key index/algo block */
840         kidx = b43_kidx_to_fw(dev, index);
841         value = ((kidx << 4) | algorithm);
842         b43_shm_write16(dev, B43_SHM_SHARED,
843                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
844
845         /* Write the key to the Key Table Pointer offset */
846         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
848                 value = key[i];
849                 value |= (u16) (key[i + 1]) << 8;
850                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
851         }
852 }
853
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
855 {
856         u32 addrtmp[2] = { 0, 0, };
857         u8 per_sta_keys_start = 8;
858
859         if (b43_new_kidx_api(dev))
860                 per_sta_keys_start = 4;
861
862         B43_WARN_ON(index < per_sta_keys_start);
863         /* We have two default TX keys and possibly two default RX keys.
864          * Physical mac 0 is mapped to physical key 4 or 8, depending
865          * on the firmware version.
866          * So we must adjust the index here.
867          */
868         index -= per_sta_keys_start;
869
870         if (addr) {
871                 addrtmp[0] = addr[0];
872                 addrtmp[0] |= ((u32) (addr[1]) << 8);
873                 addrtmp[0] |= ((u32) (addr[2]) << 16);
874                 addrtmp[0] |= ((u32) (addr[3]) << 24);
875                 addrtmp[1] = addr[4];
876                 addrtmp[1] |= ((u32) (addr[5]) << 8);
877         }
878
879         if (dev->dev->id.revision >= 5) {
880                 /* Receive match transmitter address mechanism */
881                 b43_shm_write32(dev, B43_SHM_RCMTA,
882                                 (index * 2) + 0, addrtmp[0]);
883                 b43_shm_write16(dev, B43_SHM_RCMTA,
884                                 (index * 2) + 1, addrtmp[1]);
885         } else {
886                 /* RXE (Receive Engine) and
887                  * PSM (Programmable State Machine) mechanism
888                  */
889                 if (index < 8) {
890                         /* TODO write to RCM 16, 19, 22 and 25 */
891                 } else {
892                         b43_shm_write32(dev, B43_SHM_SHARED,
893                                         B43_SHM_SH_PSM + (index * 6) + 0,
894                                         addrtmp[0]);
895                         b43_shm_write16(dev, B43_SHM_SHARED,
896                                         B43_SHM_SH_PSM + (index * 6) + 4,
897                                         addrtmp[1]);
898                 }
899         }
900 }
901
902 static void do_key_write(struct b43_wldev *dev,
903                          u8 index, u8 algorithm,
904                          const u8 * key, size_t key_len, const u8 * mac_addr)
905 {
906         u8 buf[B43_SEC_KEYSIZE] = { 0, };
907         u8 per_sta_keys_start = 8;
908
909         if (b43_new_kidx_api(dev))
910                 per_sta_keys_start = 4;
911
912         B43_WARN_ON(index >= dev->max_nr_keys);
913         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
914
915         if (index >= per_sta_keys_start)
916                 keymac_write(dev, index, NULL); /* First zero out mac. */
917         if (key)
918                 memcpy(buf, key, key_len);
919         key_write(dev, index, algorithm, buf);
920         if (index >= per_sta_keys_start)
921                 keymac_write(dev, index, mac_addr);
922
923         dev->key[index].algorithm = algorithm;
924 }
925
926 static int b43_key_write(struct b43_wldev *dev,
927                          int index, u8 algorithm,
928                          const u8 * key, size_t key_len,
929                          const u8 * mac_addr,
930                          struct ieee80211_key_conf *keyconf)
931 {
932         int i;
933         int sta_keys_start;
934
935         if (key_len > B43_SEC_KEYSIZE)
936                 return -EINVAL;
937         for (i = 0; i < dev->max_nr_keys; i++) {
938                 /* Check that we don't already have this key. */
939                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
940         }
941         if (index < 0) {
942                 /* Either pairwise key or address is 00:00:00:00:00:00
943                  * for transmit-only keys. Search the index. */
944                 if (b43_new_kidx_api(dev))
945                         sta_keys_start = 4;
946                 else
947                         sta_keys_start = 8;
948                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
949                         if (!dev->key[i].keyconf) {
950                                 /* found empty */
951                                 index = i;
952                                 break;
953                         }
954                 }
955                 if (index < 0) {
956                         b43err(dev->wl, "Out of hardware key memory\n");
957                         return -ENOSPC;
958                 }
959         } else
960                 B43_WARN_ON(index > 3);
961
962         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
963         if ((index <= 3) && !b43_new_kidx_api(dev)) {
964                 /* Default RX key */
965                 B43_WARN_ON(mac_addr);
966                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
967         }
968         keyconf->hw_key_idx = index;
969         dev->key[index].keyconf = keyconf;
970
971         return 0;
972 }
973
974 static int b43_key_clear(struct b43_wldev *dev, int index)
975 {
976         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
977                 return -EINVAL;
978         do_key_write(dev, index, B43_SEC_ALGO_NONE,
979                      NULL, B43_SEC_KEYSIZE, NULL);
980         if ((index <= 3) && !b43_new_kidx_api(dev)) {
981                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
982                              NULL, B43_SEC_KEYSIZE, NULL);
983         }
984         dev->key[index].keyconf = NULL;
985
986         return 0;
987 }
988
989 static void b43_clear_keys(struct b43_wldev *dev)
990 {
991         int i;
992
993         for (i = 0; i < dev->max_nr_keys; i++)
994                 b43_key_clear(dev, i);
995 }
996
997 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
998 {
999         u32 macctl;
1000         u16 ucstat;
1001         bool hwps;
1002         bool awake;
1003         int i;
1004
1005         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1006                     (ps_flags & B43_PS_DISABLED));
1007         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1008
1009         if (ps_flags & B43_PS_ENABLED) {
1010                 hwps = 1;
1011         } else if (ps_flags & B43_PS_DISABLED) {
1012                 hwps = 0;
1013         } else {
1014                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1015                 //      and thus is not an AP and we are associated, set bit 25
1016         }
1017         if (ps_flags & B43_PS_AWAKE) {
1018                 awake = 1;
1019         } else if (ps_flags & B43_PS_ASLEEP) {
1020                 awake = 0;
1021         } else {
1022                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1023                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1024                 //      successful, set bit26
1025         }
1026
1027 /* FIXME: For now we force awake-on and hwps-off */
1028         hwps = 0;
1029         awake = 1;
1030
1031         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1032         if (hwps)
1033                 macctl |= B43_MACCTL_HWPS;
1034         else
1035                 macctl &= ~B43_MACCTL_HWPS;
1036         if (awake)
1037                 macctl |= B43_MACCTL_AWAKE;
1038         else
1039                 macctl &= ~B43_MACCTL_AWAKE;
1040         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1041         /* Commit write */
1042         b43_read32(dev, B43_MMIO_MACCTL);
1043         if (awake && dev->dev->id.revision >= 5) {
1044                 /* Wait for the microcode to wake up. */
1045                 for (i = 0; i < 100; i++) {
1046                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1047                                                 B43_SHM_SH_UCODESTAT);
1048                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1049                                 break;
1050                         udelay(10);
1051                 }
1052         }
1053 }
1054
1055 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1056 {
1057         u32 tmslow;
1058         u32 macctl;
1059
1060         flags |= B43_TMSLOW_PHYCLKEN;
1061         flags |= B43_TMSLOW_PHYRESET;
1062         ssb_device_enable(dev->dev, flags);
1063         msleep(2);              /* Wait for the PLL to turn on. */
1064
1065         /* Now take the PHY out of Reset again */
1066         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1067         tmslow |= SSB_TMSLOW_FGC;
1068         tmslow &= ~B43_TMSLOW_PHYRESET;
1069         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1070         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1071         msleep(1);
1072         tmslow &= ~SSB_TMSLOW_FGC;
1073         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1074         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1075         msleep(1);
1076
1077         /* Turn Analog ON, but only if we already know the PHY-type.
1078          * This protects against very early setup where we don't know the
1079          * PHY-type, yet. wireless_core_reset will be called once again later,
1080          * when we know the PHY-type. */
1081         if (dev->phy.ops)
1082                 dev->phy.ops->switch_analog(dev, 1);
1083
1084         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1085         macctl &= ~B43_MACCTL_GMODE;
1086         if (flags & B43_TMSLOW_GMODE)
1087                 macctl |= B43_MACCTL_GMODE;
1088         macctl |= B43_MACCTL_IHR_ENABLED;
1089         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1090 }
1091
1092 static void handle_irq_transmit_status(struct b43_wldev *dev)
1093 {
1094         u32 v0, v1;
1095         u16 tmp;
1096         struct b43_txstatus stat;
1097
1098         while (1) {
1099                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1100                 if (!(v0 & 0x00000001))
1101                         break;
1102                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1103
1104                 stat.cookie = (v0 >> 16);
1105                 stat.seq = (v1 & 0x0000FFFF);
1106                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1107                 tmp = (v0 & 0x0000FFFF);
1108                 stat.frame_count = ((tmp & 0xF000) >> 12);
1109                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1110                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1111                 stat.pm_indicated = !!(tmp & 0x0080);
1112                 stat.intermediate = !!(tmp & 0x0040);
1113                 stat.for_ampdu = !!(tmp & 0x0020);
1114                 stat.acked = !!(tmp & 0x0002);
1115
1116                 b43_handle_txstatus(dev, &stat);
1117         }
1118 }
1119
1120 static void drain_txstatus_queue(struct b43_wldev *dev)
1121 {
1122         u32 dummy;
1123
1124         if (dev->dev->id.revision < 5)
1125                 return;
1126         /* Read all entries from the microcode TXstatus FIFO
1127          * and throw them away.
1128          */
1129         while (1) {
1130                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1131                 if (!(dummy & 0x00000001))
1132                         break;
1133                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1134         }
1135 }
1136
1137 static u32 b43_jssi_read(struct b43_wldev *dev)
1138 {
1139         u32 val = 0;
1140
1141         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1142         val <<= 16;
1143         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1144
1145         return val;
1146 }
1147
1148 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1149 {
1150         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1151         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1152 }
1153
1154 static void b43_generate_noise_sample(struct b43_wldev *dev)
1155 {
1156         b43_jssi_write(dev, 0x7F7F7F7F);
1157         b43_write32(dev, B43_MMIO_MACCMD,
1158                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1159 }
1160
1161 static void b43_calculate_link_quality(struct b43_wldev *dev)
1162 {
1163         /* Top half of Link Quality calculation. */
1164
1165         if (dev->phy.type != B43_PHYTYPE_G)
1166                 return;
1167         if (dev->noisecalc.calculation_running)
1168                 return;
1169         dev->noisecalc.calculation_running = 1;
1170         dev->noisecalc.nr_samples = 0;
1171
1172         b43_generate_noise_sample(dev);
1173 }
1174
1175 static void handle_irq_noise(struct b43_wldev *dev)
1176 {
1177         struct b43_phy_g *phy = dev->phy.g;
1178         u16 tmp;
1179         u8 noise[4];
1180         u8 i, j;
1181         s32 average;
1182
1183         /* Bottom half of Link Quality calculation. */
1184
1185         if (dev->phy.type != B43_PHYTYPE_G)
1186                 return;
1187
1188         /* Possible race condition: It might be possible that the user
1189          * changed to a different channel in the meantime since we
1190          * started the calculation. We ignore that fact, since it's
1191          * not really that much of a problem. The background noise is
1192          * an estimation only anyway. Slightly wrong results will get damped
1193          * by the averaging of the 8 sample rounds. Additionally the
1194          * value is shortlived. So it will be replaced by the next noise
1195          * calculation round soon. */
1196
1197         B43_WARN_ON(!dev->noisecalc.calculation_running);
1198         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1199         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1200             noise[2] == 0x7F || noise[3] == 0x7F)
1201                 goto generate_new;
1202
1203         /* Get the noise samples. */
1204         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1205         i = dev->noisecalc.nr_samples;
1206         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1207         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1208         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1209         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1210         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1211         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1212         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1213         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1214         dev->noisecalc.nr_samples++;
1215         if (dev->noisecalc.nr_samples == 8) {
1216                 /* Calculate the Link Quality by the noise samples. */
1217                 average = 0;
1218                 for (i = 0; i < 8; i++) {
1219                         for (j = 0; j < 4; j++)
1220                                 average += dev->noisecalc.samples[i][j];
1221                 }
1222                 average /= (8 * 4);
1223                 average *= 125;
1224                 average += 64;
1225                 average /= 128;
1226                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1227                 tmp = (tmp / 128) & 0x1F;
1228                 if (tmp >= 8)
1229                         average += 2;
1230                 else
1231                         average -= 25;
1232                 if (tmp == 8)
1233                         average -= 72;
1234                 else
1235                         average -= 48;
1236
1237                 dev->stats.link_noise = average;
1238                 dev->noisecalc.calculation_running = 0;
1239                 return;
1240         }
1241 generate_new:
1242         b43_generate_noise_sample(dev);
1243 }
1244
1245 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1246 {
1247         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1248                 ///TODO: PS TBTT
1249         } else {
1250                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1251                         b43_power_saving_ctl_bits(dev, 0);
1252         }
1253         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1254                 dev->dfq_valid = 1;
1255 }
1256
1257 static void handle_irq_atim_end(struct b43_wldev *dev)
1258 {
1259         if (dev->dfq_valid) {
1260                 b43_write32(dev, B43_MMIO_MACCMD,
1261                             b43_read32(dev, B43_MMIO_MACCMD)
1262                             | B43_MACCMD_DFQ_VALID);
1263                 dev->dfq_valid = 0;
1264         }
1265 }
1266
1267 static void handle_irq_pmq(struct b43_wldev *dev)
1268 {
1269         u32 tmp;
1270
1271         //TODO: AP mode.
1272
1273         while (1) {
1274                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1275                 if (!(tmp & 0x00000008))
1276                         break;
1277         }
1278         /* 16bit write is odd, but correct. */
1279         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1280 }
1281
1282 static void b43_write_template_common(struct b43_wldev *dev,
1283                                       const u8 * data, u16 size,
1284                                       u16 ram_offset,
1285                                       u16 shm_size_offset, u8 rate)
1286 {
1287         u32 i, tmp;
1288         struct b43_plcp_hdr4 plcp;
1289
1290         plcp.data = 0;
1291         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1292         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1293         ram_offset += sizeof(u32);
1294         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1295          * So leave the first two bytes of the next write blank.
1296          */
1297         tmp = (u32) (data[0]) << 16;
1298         tmp |= (u32) (data[1]) << 24;
1299         b43_ram_write(dev, ram_offset, tmp);
1300         ram_offset += sizeof(u32);
1301         for (i = 2; i < size; i += sizeof(u32)) {
1302                 tmp = (u32) (data[i + 0]);
1303                 if (i + 1 < size)
1304                         tmp |= (u32) (data[i + 1]) << 8;
1305                 if (i + 2 < size)
1306                         tmp |= (u32) (data[i + 2]) << 16;
1307                 if (i + 3 < size)
1308                         tmp |= (u32) (data[i + 3]) << 24;
1309                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1310         }
1311         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1312                         size + sizeof(struct b43_plcp_hdr6));
1313 }
1314
1315 /* Check if the use of the antenna that ieee80211 told us to
1316  * use is possible. This will fall back to DEFAULT.
1317  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1318 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1319                                   u8 antenna_nr)
1320 {
1321         u8 antenna_mask;
1322
1323         if (antenna_nr == 0) {
1324                 /* Zero means "use default antenna". That's always OK. */
1325                 return 0;
1326         }
1327
1328         /* Get the mask of available antennas. */
1329         if (dev->phy.gmode)
1330                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1331         else
1332                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1333
1334         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1335                 /* This antenna is not available. Fall back to default. */
1336                 return 0;
1337         }
1338
1339         return antenna_nr;
1340 }
1341
1342 /* Convert a b43 antenna number value to the PHY TX control value. */
1343 static u16 b43_antenna_to_phyctl(int antenna)
1344 {
1345         switch (antenna) {
1346         case B43_ANTENNA0:
1347                 return B43_TXH_PHY_ANT0;
1348         case B43_ANTENNA1:
1349                 return B43_TXH_PHY_ANT1;
1350         case B43_ANTENNA2:
1351                 return B43_TXH_PHY_ANT2;
1352         case B43_ANTENNA3:
1353                 return B43_TXH_PHY_ANT3;
1354         case B43_ANTENNA_AUTO:
1355                 return B43_TXH_PHY_ANT01AUTO;
1356         }
1357         B43_WARN_ON(1);
1358         return 0;
1359 }
1360
1361 static void b43_write_beacon_template(struct b43_wldev *dev,
1362                                       u16 ram_offset,
1363                                       u16 shm_size_offset)
1364 {
1365         unsigned int i, len, variable_len;
1366         const struct ieee80211_mgmt *bcn;
1367         const u8 *ie;
1368         bool tim_found = 0;
1369         unsigned int rate;
1370         u16 ctl;
1371         int antenna;
1372         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1373
1374         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1375         len = min((size_t) dev->wl->current_beacon->len,
1376                   0x200 - sizeof(struct b43_plcp_hdr6));
1377         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1378
1379         b43_write_template_common(dev, (const u8 *)bcn,
1380                                   len, ram_offset, shm_size_offset, rate);
1381
1382         /* Write the PHY TX control parameters. */
1383         antenna = B43_ANTENNA_DEFAULT;
1384         antenna = b43_antenna_to_phyctl(antenna);
1385         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1386         /* We can't send beacons with short preamble. Would get PHY errors. */
1387         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1388         ctl &= ~B43_TXH_PHY_ANT;
1389         ctl &= ~B43_TXH_PHY_ENC;
1390         ctl |= antenna;
1391         if (b43_is_cck_rate(rate))
1392                 ctl |= B43_TXH_PHY_ENC_CCK;
1393         else
1394                 ctl |= B43_TXH_PHY_ENC_OFDM;
1395         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1396
1397         /* Find the position of the TIM and the DTIM_period value
1398          * and write them to SHM. */
1399         ie = bcn->u.beacon.variable;
1400         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1401         for (i = 0; i < variable_len - 2; ) {
1402                 uint8_t ie_id, ie_len;
1403
1404                 ie_id = ie[i];
1405                 ie_len = ie[i + 1];
1406                 if (ie_id == 5) {
1407                         u16 tim_position;
1408                         u16 dtim_period;
1409                         /* This is the TIM Information Element */
1410
1411                         /* Check whether the ie_len is in the beacon data range. */
1412                         if (variable_len < ie_len + 2 + i)
1413                                 break;
1414                         /* A valid TIM is at least 4 bytes long. */
1415                         if (ie_len < 4)
1416                                 break;
1417                         tim_found = 1;
1418
1419                         tim_position = sizeof(struct b43_plcp_hdr6);
1420                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1421                         tim_position += i;
1422
1423                         dtim_period = ie[i + 3];
1424
1425                         b43_shm_write16(dev, B43_SHM_SHARED,
1426                                         B43_SHM_SH_TIMBPOS, tim_position);
1427                         b43_shm_write16(dev, B43_SHM_SHARED,
1428                                         B43_SHM_SH_DTIMPER, dtim_period);
1429                         break;
1430                 }
1431                 i += ie_len + 2;
1432         }
1433         if (!tim_found) {
1434                 /*
1435                  * If ucode wants to modify TIM do it behind the beacon, this
1436                  * will happen, for example, when doing mesh networking.
1437                  */
1438                 b43_shm_write16(dev, B43_SHM_SHARED,
1439                                 B43_SHM_SH_TIMBPOS,
1440                                 len + sizeof(struct b43_plcp_hdr6));
1441                 b43_shm_write16(dev, B43_SHM_SHARED,
1442                                 B43_SHM_SH_DTIMPER, 0);
1443         }
1444         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1445 }
1446
1447 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1448                                       u16 shm_offset, u16 size,
1449                                       struct ieee80211_rate *rate)
1450 {
1451         struct b43_plcp_hdr4 plcp;
1452         u32 tmp;
1453         __le16 dur;
1454
1455         plcp.data = 0;
1456         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1457         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1458                                                dev->wl->vif, size,
1459                                                rate);
1460         /* Write PLCP in two parts and timing for packet transfer */
1461         tmp = le32_to_cpu(plcp.data);
1462         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1463         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1464         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1465 }
1466
1467 /* Instead of using custom probe response template, this function
1468  * just patches custom beacon template by:
1469  * 1) Changing packet type
1470  * 2) Patching duration field
1471  * 3) Stripping TIM
1472  */
1473 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1474                                           u16 *dest_size,
1475                                           struct ieee80211_rate *rate)
1476 {
1477         const u8 *src_data;
1478         u8 *dest_data;
1479         u16 src_size, elem_size, src_pos, dest_pos;
1480         __le16 dur;
1481         struct ieee80211_hdr *hdr;
1482         size_t ie_start;
1483
1484         src_size = dev->wl->current_beacon->len;
1485         src_data = (const u8 *)dev->wl->current_beacon->data;
1486
1487         /* Get the start offset of the variable IEs in the packet. */
1488         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1489         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1490
1491         if (B43_WARN_ON(src_size < ie_start))
1492                 return NULL;
1493
1494         dest_data = kmalloc(src_size, GFP_ATOMIC);
1495         if (unlikely(!dest_data))
1496                 return NULL;
1497
1498         /* Copy the static data and all Information Elements, except the TIM. */
1499         memcpy(dest_data, src_data, ie_start);
1500         src_pos = ie_start;
1501         dest_pos = ie_start;
1502         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1503                 elem_size = src_data[src_pos + 1] + 2;
1504                 if (src_data[src_pos] == 5) {
1505                         /* This is the TIM. */
1506                         continue;
1507                 }
1508                 memcpy(dest_data + dest_pos, src_data + src_pos,
1509                        elem_size);
1510                 dest_pos += elem_size;
1511         }
1512         *dest_size = dest_pos;
1513         hdr = (struct ieee80211_hdr *)dest_data;
1514
1515         /* Set the frame control. */
1516         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1517                                          IEEE80211_STYPE_PROBE_RESP);
1518         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1519                                                dev->wl->vif, *dest_size,
1520                                                rate);
1521         hdr->duration_id = dur;
1522
1523         return dest_data;
1524 }
1525
1526 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1527                                           u16 ram_offset,
1528                                           u16 shm_size_offset,
1529                                           struct ieee80211_rate *rate)
1530 {
1531         const u8 *probe_resp_data;
1532         u16 size;
1533
1534         size = dev->wl->current_beacon->len;
1535         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1536         if (unlikely(!probe_resp_data))
1537                 return;
1538
1539         /* Looks like PLCP headers plus packet timings are stored for
1540          * all possible basic rates
1541          */
1542         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1543         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1544         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1545         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1546
1547         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1548         b43_write_template_common(dev, probe_resp_data,
1549                                   size, ram_offset, shm_size_offset,
1550                                   rate->hw_value);
1551         kfree(probe_resp_data);
1552 }
1553
1554 static void b43_upload_beacon0(struct b43_wldev *dev)
1555 {
1556         struct b43_wl *wl = dev->wl;
1557
1558         if (wl->beacon0_uploaded)
1559                 return;
1560         b43_write_beacon_template(dev, 0x68, 0x18);
1561         /* FIXME: Probe resp upload doesn't really belong here,
1562          *        but we don't use that feature anyway. */
1563         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1564                                       &__b43_ratetable[3]);
1565         wl->beacon0_uploaded = 1;
1566 }
1567
1568 static void b43_upload_beacon1(struct b43_wldev *dev)
1569 {
1570         struct b43_wl *wl = dev->wl;
1571
1572         if (wl->beacon1_uploaded)
1573                 return;
1574         b43_write_beacon_template(dev, 0x468, 0x1A);
1575         wl->beacon1_uploaded = 1;
1576 }
1577
1578 static void handle_irq_beacon(struct b43_wldev *dev)
1579 {
1580         struct b43_wl *wl = dev->wl;
1581         u32 cmd, beacon0_valid, beacon1_valid;
1582
1583         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1584             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1585                 return;
1586
1587         /* This is the bottom half of the asynchronous beacon update. */
1588
1589         /* Ignore interrupt in the future. */
1590         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1591
1592         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1593         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1594         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1595
1596         /* Schedule interrupt manually, if busy. */
1597         if (beacon0_valid && beacon1_valid) {
1598                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1599                 dev->irq_savedstate |= B43_IRQ_BEACON;
1600                 return;
1601         }
1602
1603         if (unlikely(wl->beacon_templates_virgin)) {
1604                 /* We never uploaded a beacon before.
1605                  * Upload both templates now, but only mark one valid. */
1606                 wl->beacon_templates_virgin = 0;
1607                 b43_upload_beacon0(dev);
1608                 b43_upload_beacon1(dev);
1609                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1610                 cmd |= B43_MACCMD_BEACON0_VALID;
1611                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1612         } else {
1613                 if (!beacon0_valid) {
1614                         b43_upload_beacon0(dev);
1615                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1616                         cmd |= B43_MACCMD_BEACON0_VALID;
1617                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1618                 } else if (!beacon1_valid) {
1619                         b43_upload_beacon1(dev);
1620                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1621                         cmd |= B43_MACCMD_BEACON1_VALID;
1622                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1623                 }
1624         }
1625 }
1626
1627 static void b43_beacon_update_trigger_work(struct work_struct *work)
1628 {
1629         struct b43_wl *wl = container_of(work, struct b43_wl,
1630                                          beacon_update_trigger);
1631         struct b43_wldev *dev;
1632
1633         mutex_lock(&wl->mutex);
1634         dev = wl->current_dev;
1635         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1636                 spin_lock_irq(&wl->irq_lock);
1637                 /* update beacon right away or defer to irq */
1638                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1639                 handle_irq_beacon(dev);
1640                 /* The handler might have updated the IRQ mask. */
1641                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1642                             dev->irq_savedstate);
1643                 mmiowb();
1644                 spin_unlock_irq(&wl->irq_lock);
1645         }
1646         mutex_unlock(&wl->mutex);
1647 }
1648
1649 /* Asynchronously update the packet templates in template RAM.
1650  * Locking: Requires wl->irq_lock to be locked. */
1651 static void b43_update_templates(struct b43_wl *wl)
1652 {
1653         struct sk_buff *beacon;
1654
1655         /* This is the top half of the ansynchronous beacon update.
1656          * The bottom half is the beacon IRQ.
1657          * Beacon update must be asynchronous to avoid sending an
1658          * invalid beacon. This can happen for example, if the firmware
1659          * transmits a beacon while we are updating it. */
1660
1661         /* We could modify the existing beacon and set the aid bit in
1662          * the TIM field, but that would probably require resizing and
1663          * moving of data within the beacon template.
1664          * Simply request a new beacon and let mac80211 do the hard work. */
1665         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1666         if (unlikely(!beacon))
1667                 return;
1668
1669         if (wl->current_beacon)
1670                 dev_kfree_skb_any(wl->current_beacon);
1671         wl->current_beacon = beacon;
1672         wl->beacon0_uploaded = 0;
1673         wl->beacon1_uploaded = 0;
1674         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1675 }
1676
1677 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1678 {
1679         u32 tmp;
1680         u16 i, len;
1681
1682         len = min((u16) ssid_len, (u16) 0x100);
1683         for (i = 0; i < len; i += sizeof(u32)) {
1684                 tmp = (u32) (ssid[i + 0]);
1685                 if (i + 1 < len)
1686                         tmp |= (u32) (ssid[i + 1]) << 8;
1687                 if (i + 2 < len)
1688                         tmp |= (u32) (ssid[i + 2]) << 16;
1689                 if (i + 3 < len)
1690                         tmp |= (u32) (ssid[i + 3]) << 24;
1691                 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1692         }
1693         b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1694 }
1695
1696 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1697 {
1698         b43_time_lock(dev);
1699         if (dev->dev->id.revision >= 3) {
1700                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1701                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1702         } else {
1703                 b43_write16(dev, 0x606, (beacon_int >> 6));
1704                 b43_write16(dev, 0x610, beacon_int);
1705         }
1706         b43_time_unlock(dev);
1707         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1708 }
1709
1710 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1711 {
1712         u16 reason;
1713
1714         /* Read the register that contains the reason code for the panic. */
1715         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1716         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1717
1718         switch (reason) {
1719         default:
1720                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1721                 /* fallthrough */
1722         case B43_FWPANIC_DIE:
1723                 /* Do not restart the controller or firmware.
1724                  * The device is nonfunctional from now on.
1725                  * Restarting would result in this panic to trigger again,
1726                  * so we avoid that recursion. */
1727                 break;
1728         case B43_FWPANIC_RESTART:
1729                 b43_controller_restart(dev, "Microcode panic");
1730                 break;
1731         }
1732 }
1733
1734 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1735 {
1736         unsigned int i, cnt;
1737         u16 reason, marker_id, marker_line;
1738         __le16 *buf;
1739
1740         /* The proprietary firmware doesn't have this IRQ. */
1741         if (!dev->fw.opensource)
1742                 return;
1743
1744         /* Read the register that contains the reason code for this IRQ. */
1745         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1746
1747         switch (reason) {
1748         case B43_DEBUGIRQ_PANIC:
1749                 b43_handle_firmware_panic(dev);
1750                 break;
1751         case B43_DEBUGIRQ_DUMP_SHM:
1752                 if (!B43_DEBUG)
1753                         break; /* Only with driver debugging enabled. */
1754                 buf = kmalloc(4096, GFP_ATOMIC);
1755                 if (!buf) {
1756                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1757                         goto out;
1758                 }
1759                 for (i = 0; i < 4096; i += 2) {
1760                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1761                         buf[i / 2] = cpu_to_le16(tmp);
1762                 }
1763                 b43info(dev->wl, "Shared memory dump:\n");
1764                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1765                                16, 2, buf, 4096, 1);
1766                 kfree(buf);
1767                 break;
1768         case B43_DEBUGIRQ_DUMP_REGS:
1769                 if (!B43_DEBUG)
1770                         break; /* Only with driver debugging enabled. */
1771                 b43info(dev->wl, "Microcode register dump:\n");
1772                 for (i = 0, cnt = 0; i < 64; i++) {
1773                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1774                         if (cnt == 0)
1775                                 printk(KERN_INFO);
1776                         printk("r%02u: 0x%04X  ", i, tmp);
1777                         cnt++;
1778                         if (cnt == 6) {
1779                                 printk("\n");
1780                                 cnt = 0;
1781                         }
1782                 }
1783                 printk("\n");
1784                 break;
1785         case B43_DEBUGIRQ_MARKER:
1786                 if (!B43_DEBUG)
1787                         break; /* Only with driver debugging enabled. */
1788                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1789                                            B43_MARKER_ID_REG);
1790                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1791                                              B43_MARKER_LINE_REG);
1792                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1793                         "at line number %u\n",
1794                         marker_id, marker_line);
1795                 break;
1796         default:
1797                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1798                        reason);
1799         }
1800 out:
1801         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1802         b43_shm_write16(dev, B43_SHM_SCRATCH,
1803                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1804 }
1805
1806 /* Interrupt handler bottom-half */
1807 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1808 {
1809         u32 reason;
1810         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1811         u32 merged_dma_reason = 0;
1812         int i;
1813         unsigned long flags;
1814
1815         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1816
1817         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1818
1819         reason = dev->irq_reason;
1820         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1821                 dma_reason[i] = dev->dma_reason[i];
1822                 merged_dma_reason |= dma_reason[i];
1823         }
1824
1825         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1826                 b43err(dev->wl, "MAC transmission error\n");
1827
1828         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1829                 b43err(dev->wl, "PHY transmission error\n");
1830                 rmb();
1831                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1832                         atomic_set(&dev->phy.txerr_cnt,
1833                                    B43_PHY_TX_BADNESS_LIMIT);
1834                         b43err(dev->wl, "Too many PHY TX errors, "
1835                                         "restarting the controller\n");
1836                         b43_controller_restart(dev, "PHY TX errors");
1837                 }
1838         }
1839
1840         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1841                                           B43_DMAIRQ_NONFATALMASK))) {
1842                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1843                         b43err(dev->wl, "Fatal DMA error: "
1844                                "0x%08X, 0x%08X, 0x%08X, "
1845                                "0x%08X, 0x%08X, 0x%08X\n",
1846                                dma_reason[0], dma_reason[1],
1847                                dma_reason[2], dma_reason[3],
1848                                dma_reason[4], dma_reason[5]);
1849                         b43_controller_restart(dev, "DMA error");
1850                         mmiowb();
1851                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1852                         return;
1853                 }
1854                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1855                         b43err(dev->wl, "DMA error: "
1856                                "0x%08X, 0x%08X, 0x%08X, "
1857                                "0x%08X, 0x%08X, 0x%08X\n",
1858                                dma_reason[0], dma_reason[1],
1859                                dma_reason[2], dma_reason[3],
1860                                dma_reason[4], dma_reason[5]);
1861                 }
1862         }
1863
1864         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1865                 handle_irq_ucode_debug(dev);
1866         if (reason & B43_IRQ_TBTT_INDI)
1867                 handle_irq_tbtt_indication(dev);
1868         if (reason & B43_IRQ_ATIM_END)
1869                 handle_irq_atim_end(dev);
1870         if (reason & B43_IRQ_BEACON)
1871                 handle_irq_beacon(dev);
1872         if (reason & B43_IRQ_PMQ)
1873                 handle_irq_pmq(dev);
1874         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1875                 ;/* TODO */
1876         if (reason & B43_IRQ_NOISESAMPLE_OK)
1877                 handle_irq_noise(dev);
1878
1879         /* Check the DMA reason registers for received data. */
1880         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1881                 if (b43_using_pio_transfers(dev))
1882                         b43_pio_rx(dev->pio.rx_queue);
1883                 else
1884                         b43_dma_rx(dev->dma.rx_ring);
1885         }
1886         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1887         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1888         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1889         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1890         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1891
1892         if (reason & B43_IRQ_TX_OK)
1893                 handle_irq_transmit_status(dev);
1894
1895         b43_interrupt_enable(dev, dev->irq_savedstate);
1896         mmiowb();
1897         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1898 }
1899
1900 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1901 {
1902         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1903
1904         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1905         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1906         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1907         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1908         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1909         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1910 }
1911
1912 /* Interrupt handler top-half */
1913 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1914 {
1915         irqreturn_t ret = IRQ_NONE;
1916         struct b43_wldev *dev = dev_id;
1917         u32 reason;
1918
1919         if (!dev)
1920                 return IRQ_NONE;
1921
1922         spin_lock(&dev->wl->irq_lock);
1923
1924         if (b43_status(dev) < B43_STAT_STARTED)
1925                 goto out;
1926         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1927         if (reason == 0xffffffff)       /* shared IRQ */
1928                 goto out;
1929         ret = IRQ_HANDLED;
1930         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1931         if (!reason)
1932                 goto out;
1933
1934         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1935             & 0x0001DC00;
1936         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1937             & 0x0000DC00;
1938         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1939             & 0x0000DC00;
1940         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1941             & 0x0001DC00;
1942         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1943             & 0x0000DC00;
1944         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1945             & 0x0000DC00;
1946
1947         b43_interrupt_ack(dev, reason);
1948         /* disable all IRQs. They are enabled again in the bottom half. */
1949         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1950         /* save the reason code and call our bottom half. */
1951         dev->irq_reason = reason;
1952         tasklet_schedule(&dev->isr_tasklet);
1953       out:
1954         mmiowb();
1955         spin_unlock(&dev->wl->irq_lock);
1956
1957         return ret;
1958 }
1959
1960 static void do_release_fw(struct b43_firmware_file *fw)
1961 {
1962         release_firmware(fw->data);
1963         fw->data = NULL;
1964         fw->filename = NULL;
1965 }
1966
1967 static void b43_release_firmware(struct b43_wldev *dev)
1968 {
1969         do_release_fw(&dev->fw.ucode);
1970         do_release_fw(&dev->fw.pcm);
1971         do_release_fw(&dev->fw.initvals);
1972         do_release_fw(&dev->fw.initvals_band);
1973 }
1974
1975 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1976 {
1977         const char *text;
1978
1979         text = "You must go to "
1980                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1981                "and download the latest firmware (version 4).\n";
1982         if (error)
1983                 b43err(wl, text);
1984         else
1985                 b43warn(wl, text);
1986 }
1987
1988 static int do_request_fw(struct b43_wldev *dev,
1989                          const char *name,
1990                          struct b43_firmware_file *fw,
1991                          bool silent)
1992 {
1993         char path[sizeof(modparam_fwpostfix) + 32];
1994         const struct firmware *blob;
1995         struct b43_fw_header *hdr;
1996         u32 size;
1997         int err;
1998
1999         if (!name) {
2000                 /* Don't fetch anything. Free possibly cached firmware. */
2001                 do_release_fw(fw);
2002                 return 0;
2003         }
2004         if (fw->filename) {
2005                 if (strcmp(fw->filename, name) == 0)
2006                         return 0; /* Already have this fw. */
2007                 /* Free the cached firmware first. */
2008                 do_release_fw(fw);
2009         }
2010
2011         snprintf(path, ARRAY_SIZE(path),
2012                  "b43%s/%s.fw",
2013                  modparam_fwpostfix, name);
2014         err = request_firmware(&blob, path, dev->dev->dev);
2015         if (err == -ENOENT) {
2016                 if (!silent) {
2017                         b43err(dev->wl, "Firmware file \"%s\" not found\n",
2018                                path);
2019                 }
2020                 return err;
2021         } else if (err) {
2022                 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2023                        path, err);
2024                 return err;
2025         }
2026         if (blob->size < sizeof(struct b43_fw_header))
2027                 goto err_format;
2028         hdr = (struct b43_fw_header *)(blob->data);
2029         switch (hdr->type) {
2030         case B43_FW_TYPE_UCODE:
2031         case B43_FW_TYPE_PCM:
2032                 size = be32_to_cpu(hdr->size);
2033                 if (size != blob->size - sizeof(struct b43_fw_header))
2034                         goto err_format;
2035                 /* fallthrough */
2036         case B43_FW_TYPE_IV:
2037                 if (hdr->ver != 1)
2038                         goto err_format;
2039                 break;
2040         default:
2041                 goto err_format;
2042         }
2043
2044         fw->data = blob;
2045         fw->filename = name;
2046
2047         return 0;
2048
2049 err_format:
2050         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2051         release_firmware(blob);
2052
2053         return -EPROTO;
2054 }
2055
2056 static int b43_request_firmware(struct b43_wldev *dev)
2057 {
2058         struct b43_firmware *fw = &dev->fw;
2059         const u8 rev = dev->dev->id.revision;
2060         const char *filename;
2061         u32 tmshigh;
2062         int err;
2063
2064         /* Get microcode */
2065         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2066         if ((rev >= 5) && (rev <= 10))
2067                 filename = "ucode5";
2068         else if ((rev >= 11) && (rev <= 12))
2069                 filename = "ucode11";
2070         else if (rev >= 13)
2071                 filename = "ucode13";
2072         else
2073                 goto err_no_ucode;
2074         err = do_request_fw(dev, filename, &fw->ucode, 0);
2075         if (err)
2076                 goto err_load;
2077
2078         /* Get PCM code */
2079         if ((rev >= 5) && (rev <= 10))
2080                 filename = "pcm5";
2081         else if (rev >= 11)
2082                 filename = NULL;
2083         else
2084                 goto err_no_pcm;
2085         fw->pcm_request_failed = 0;
2086         err = do_request_fw(dev, filename, &fw->pcm, 1);
2087         if (err == -ENOENT) {
2088                 /* We did not find a PCM file? Not fatal, but
2089                  * core rev <= 10 must do without hwcrypto then. */
2090                 fw->pcm_request_failed = 1;
2091         } else if (err)
2092                 goto err_load;
2093
2094         /* Get initvals */
2095         switch (dev->phy.type) {
2096         case B43_PHYTYPE_A:
2097                 if ((rev >= 5) && (rev <= 10)) {
2098                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2099                                 filename = "a0g1initvals5";
2100                         else
2101                                 filename = "a0g0initvals5";
2102                 } else
2103                         goto err_no_initvals;
2104                 break;
2105         case B43_PHYTYPE_G:
2106                 if ((rev >= 5) && (rev <= 10))
2107                         filename = "b0g0initvals5";
2108                 else if (rev >= 13)
2109                         filename = "b0g0initvals13";
2110                 else
2111                         goto err_no_initvals;
2112                 break;
2113         case B43_PHYTYPE_N:
2114                 if ((rev >= 11) && (rev <= 12))
2115                         filename = "n0initvals11";
2116                 else
2117                         goto err_no_initvals;
2118                 break;
2119         default:
2120                 goto err_no_initvals;
2121         }
2122         err = do_request_fw(dev, filename, &fw->initvals, 0);
2123         if (err)
2124                 goto err_load;
2125
2126         /* Get bandswitch initvals */
2127         switch (dev->phy.type) {
2128         case B43_PHYTYPE_A:
2129                 if ((rev >= 5) && (rev <= 10)) {
2130                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2131                                 filename = "a0g1bsinitvals5";
2132                         else
2133                                 filename = "a0g0bsinitvals5";
2134                 } else if (rev >= 11)
2135                         filename = NULL;
2136                 else
2137                         goto err_no_initvals;
2138                 break;
2139         case B43_PHYTYPE_G:
2140                 if ((rev >= 5) && (rev <= 10))
2141                         filename = "b0g0bsinitvals5";
2142                 else if (rev >= 11)
2143                         filename = NULL;
2144                 else
2145                         goto err_no_initvals;
2146                 break;
2147         case B43_PHYTYPE_N:
2148                 if ((rev >= 11) && (rev <= 12))
2149                         filename = "n0bsinitvals11";
2150                 else
2151                         goto err_no_initvals;
2152                 break;
2153         default:
2154                 goto err_no_initvals;
2155         }
2156         err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2157         if (err)
2158                 goto err_load;
2159
2160         return 0;
2161
2162 err_load:
2163         b43_print_fw_helptext(dev->wl, 1);
2164         goto error;
2165
2166 err_no_ucode:
2167         err = -ENODEV;
2168         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2169         goto error;
2170
2171 err_no_pcm:
2172         err = -ENODEV;
2173         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2174         goto error;
2175
2176 err_no_initvals:
2177         err = -ENODEV;
2178         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2179                "core rev %u\n", dev->phy.type, rev);
2180         goto error;
2181
2182 error:
2183         b43_release_firmware(dev);
2184         return err;
2185 }
2186
2187 static int b43_upload_microcode(struct b43_wldev *dev)
2188 {
2189         const size_t hdr_len = sizeof(struct b43_fw_header);
2190         const __be32 *data;
2191         unsigned int i, len;
2192         u16 fwrev, fwpatch, fwdate, fwtime;
2193         u32 tmp, macctl;
2194         int err = 0;
2195
2196         /* Jump the microcode PSM to offset 0 */
2197         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2198         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2199         macctl |= B43_MACCTL_PSM_JMP0;
2200         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2201         /* Zero out all microcode PSM registers and shared memory. */
2202         for (i = 0; i < 64; i++)
2203                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2204         for (i = 0; i < 4096; i += 2)
2205                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2206
2207         /* Upload Microcode. */
2208         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2209         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2210         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2211         for (i = 0; i < len; i++) {
2212                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2213                 udelay(10);
2214         }
2215
2216         if (dev->fw.pcm.data) {
2217                 /* Upload PCM data. */
2218                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2219                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2220                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2221                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2222                 /* No need for autoinc bit in SHM_HW */
2223                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2224                 for (i = 0; i < len; i++) {
2225                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2226                         udelay(10);
2227                 }
2228         }
2229
2230         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2231
2232         /* Start the microcode PSM */
2233         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2234         macctl &= ~B43_MACCTL_PSM_JMP0;
2235         macctl |= B43_MACCTL_PSM_RUN;
2236         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2237
2238         /* Wait for the microcode to load and respond */
2239         i = 0;
2240         while (1) {
2241                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2242                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2243                         break;
2244                 i++;
2245                 if (i >= 20) {
2246                         b43err(dev->wl, "Microcode not responding\n");
2247                         b43_print_fw_helptext(dev->wl, 1);
2248                         err = -ENODEV;
2249                         goto error;
2250                 }
2251                 msleep_interruptible(50);
2252                 if (signal_pending(current)) {
2253                         err = -EINTR;
2254                         goto error;
2255                 }
2256         }
2257         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2258
2259         /* Get and check the revisions. */
2260         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2261         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2262         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2263         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2264
2265         if (fwrev <= 0x128) {
2266                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2267                        "binary drivers older than version 4.x is unsupported. "
2268                        "You must upgrade your firmware files.\n");
2269                 b43_print_fw_helptext(dev->wl, 1);
2270                 err = -EOPNOTSUPP;
2271                 goto error;
2272         }
2273         dev->fw.rev = fwrev;
2274         dev->fw.patch = fwpatch;
2275         dev->fw.opensource = (fwdate == 0xFFFF);
2276
2277         if (dev->fw.opensource) {
2278                 /* Patchlevel info is encoded in the "time" field. */
2279                 dev->fw.patch = fwtime;
2280                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2281                         dev->fw.rev, dev->fw.patch,
2282                         dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2283         } else {
2284                 b43info(dev->wl, "Loading firmware version %u.%u "
2285                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2286                         fwrev, fwpatch,
2287                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2288                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2289                 if (dev->fw.pcm_request_failed) {
2290                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2291                                 "Hardware accelerated cryptography is disabled.\n");
2292                         b43_print_fw_helptext(dev->wl, 0);
2293                 }
2294         }
2295
2296         if (b43_is_old_txhdr_format(dev)) {
2297                 b43warn(dev->wl, "You are using an old firmware image. "
2298                         "Support for old firmware will be removed in July 2008.\n");
2299                 b43_print_fw_helptext(dev->wl, 0);
2300         }
2301
2302         return 0;
2303
2304 error:
2305         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2306         macctl &= ~B43_MACCTL_PSM_RUN;
2307         macctl |= B43_MACCTL_PSM_JMP0;
2308         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2309
2310         return err;
2311 }
2312
2313 static int b43_write_initvals(struct b43_wldev *dev,
2314                               const struct b43_iv *ivals,
2315                               size_t count,
2316                               size_t array_size)
2317 {
2318         const struct b43_iv *iv;
2319         u16 offset;
2320         size_t i;
2321         bool bit32;
2322
2323         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2324         iv = ivals;
2325         for (i = 0; i < count; i++) {
2326                 if (array_size < sizeof(iv->offset_size))
2327                         goto err_format;
2328                 array_size -= sizeof(iv->offset_size);
2329                 offset = be16_to_cpu(iv->offset_size);
2330                 bit32 = !!(offset & B43_IV_32BIT);
2331                 offset &= B43_IV_OFFSET_MASK;
2332                 if (offset >= 0x1000)
2333                         goto err_format;
2334                 if (bit32) {
2335                         u32 value;
2336
2337                         if (array_size < sizeof(iv->data.d32))
2338                                 goto err_format;
2339                         array_size -= sizeof(iv->data.d32);
2340
2341                         value = get_unaligned_be32(&iv->data.d32);
2342                         b43_write32(dev, offset, value);
2343
2344                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2345                                                         sizeof(__be16) +
2346                                                         sizeof(__be32));
2347                 } else {
2348                         u16 value;
2349
2350                         if (array_size < sizeof(iv->data.d16))
2351                                 goto err_format;
2352                         array_size -= sizeof(iv->data.d16);
2353
2354                         value = be16_to_cpu(iv->data.d16);
2355                         b43_write16(dev, offset, value);
2356
2357                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2358                                                         sizeof(__be16) +
2359                                                         sizeof(__be16));
2360                 }
2361         }
2362         if (array_size)
2363                 goto err_format;
2364
2365         return 0;
2366
2367 err_format:
2368         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2369         b43_print_fw_helptext(dev->wl, 1);
2370
2371         return -EPROTO;
2372 }
2373
2374 static int b43_upload_initvals(struct b43_wldev *dev)
2375 {
2376         const size_t hdr_len = sizeof(struct b43_fw_header);
2377         const struct b43_fw_header *hdr;
2378         struct b43_firmware *fw = &dev->fw;
2379         const struct b43_iv *ivals;
2380         size_t count;
2381         int err;
2382
2383         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2384         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2385         count = be32_to_cpu(hdr->size);
2386         err = b43_write_initvals(dev, ivals, count,
2387                                  fw->initvals.data->size - hdr_len);
2388         if (err)
2389                 goto out;
2390         if (fw->initvals_band.data) {
2391                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2392                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2393                 count = be32_to_cpu(hdr->size);
2394                 err = b43_write_initvals(dev, ivals, count,
2395                                          fw->initvals_band.data->size - hdr_len);
2396                 if (err)
2397                         goto out;
2398         }
2399 out:
2400
2401         return err;
2402 }
2403
2404 /* Initialize the GPIOs
2405  * http://bcm-specs.sipsolutions.net/GPIO
2406  */
2407 static int b43_gpio_init(struct b43_wldev *dev)
2408 {
2409         struct ssb_bus *bus = dev->dev->bus;
2410         struct ssb_device *gpiodev, *pcidev = NULL;
2411         u32 mask, set;
2412
2413         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2414                     & ~B43_MACCTL_GPOUTSMSK);
2415
2416         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2417                     | 0x000F);
2418
2419         mask = 0x0000001F;
2420         set = 0x0000000F;
2421         if (dev->dev->bus->chip_id == 0x4301) {
2422                 mask |= 0x0060;
2423                 set |= 0x0060;
2424         }
2425         if (0 /* FIXME: conditional unknown */ ) {
2426                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2427                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2428                             | 0x0100);
2429                 mask |= 0x0180;
2430                 set |= 0x0180;
2431         }
2432         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2433                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2434                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2435                             | 0x0200);
2436                 mask |= 0x0200;
2437                 set |= 0x0200;
2438         }
2439         if (dev->dev->id.revision >= 2)
2440                 mask |= 0x0010; /* FIXME: This is redundant. */
2441
2442 #ifdef CONFIG_SSB_DRIVER_PCICORE
2443         pcidev = bus->pcicore.dev;
2444 #endif
2445         gpiodev = bus->chipco.dev ? : pcidev;
2446         if (!gpiodev)
2447                 return 0;
2448         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2449                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2450                      & mask) | set);
2451
2452         return 0;
2453 }
2454
2455 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2456 static void b43_gpio_cleanup(struct b43_wldev *dev)
2457 {
2458         struct ssb_bus *bus = dev->dev->bus;
2459         struct ssb_device *gpiodev, *pcidev = NULL;
2460
2461 #ifdef CONFIG_SSB_DRIVER_PCICORE
2462         pcidev = bus->pcicore.dev;
2463 #endif
2464         gpiodev = bus->chipco.dev ? : pcidev;
2465         if (!gpiodev)
2466                 return;
2467         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2468 }
2469
2470 /* http://bcm-specs.sipsolutions.net/EnableMac */
2471 void b43_mac_enable(struct b43_wldev *dev)
2472 {
2473         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2474                 u16 fwstate;
2475
2476                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2477                                          B43_SHM_SH_UCODESTAT);
2478                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2479                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2480                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2481                                "should be suspended, but current state is %u\n",
2482                                fwstate);
2483                 }
2484         }
2485
2486         dev->mac_suspended--;
2487         B43_WARN_ON(dev->mac_suspended < 0);
2488         if (dev->mac_suspended == 0) {
2489                 b43_write32(dev, B43_MMIO_MACCTL,
2490                             b43_read32(dev, B43_MMIO_MACCTL)
2491                             | B43_MACCTL_ENABLED);
2492                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2493                             B43_IRQ_MAC_SUSPENDED);
2494                 /* Commit writes */
2495                 b43_read32(dev, B43_MMIO_MACCTL);
2496                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2497                 b43_power_saving_ctl_bits(dev, 0);
2498         }
2499 }
2500
2501 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2502 void b43_mac_suspend(struct b43_wldev *dev)
2503 {
2504         int i;
2505         u32 tmp;
2506
2507         might_sleep();
2508         B43_WARN_ON(dev->mac_suspended < 0);
2509
2510         if (dev->mac_suspended == 0) {
2511                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2512                 b43_write32(dev, B43_MMIO_MACCTL,
2513                             b43_read32(dev, B43_MMIO_MACCTL)
2514                             & ~B43_MACCTL_ENABLED);
2515                 /* force pci to flush the write */
2516                 b43_read32(dev, B43_MMIO_MACCTL);
2517                 for (i = 35; i; i--) {
2518                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2519                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2520                                 goto out;
2521                         udelay(10);
2522                 }
2523                 /* Hm, it seems this will take some time. Use msleep(). */
2524                 for (i = 40; i; i--) {
2525                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2526                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2527                                 goto out;
2528                         msleep(1);
2529                 }
2530                 b43err(dev->wl, "MAC suspend failed\n");
2531         }
2532 out:
2533         dev->mac_suspended++;
2534 }
2535
2536 static void b43_adjust_opmode(struct b43_wldev *dev)
2537 {
2538         struct b43_wl *wl = dev->wl;
2539         u32 ctl;
2540         u16 cfp_pretbtt;
2541
2542         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2543         /* Reset status to STA infrastructure mode. */
2544         ctl &= ~B43_MACCTL_AP;
2545         ctl &= ~B43_MACCTL_KEEP_CTL;
2546         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2547         ctl &= ~B43_MACCTL_KEEP_BAD;
2548         ctl &= ~B43_MACCTL_PROMISC;
2549         ctl &= ~B43_MACCTL_BEACPROMISC;
2550         ctl |= B43_MACCTL_INFRA;
2551
2552         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2553             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2554                 ctl |= B43_MACCTL_AP;
2555         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2556                 ctl &= ~B43_MACCTL_INFRA;
2557
2558         if (wl->filter_flags & FIF_CONTROL)
2559                 ctl |= B43_MACCTL_KEEP_CTL;
2560         if (wl->filter_flags & FIF_FCSFAIL)
2561                 ctl |= B43_MACCTL_KEEP_BAD;
2562         if (wl->filter_flags & FIF_PLCPFAIL)
2563                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2564         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2565                 ctl |= B43_MACCTL_PROMISC;
2566         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2567                 ctl |= B43_MACCTL_BEACPROMISC;
2568
2569         /* Workaround: On old hardware the HW-MAC-address-filter
2570          * doesn't work properly, so always run promisc in filter
2571          * it in software. */
2572         if (dev->dev->id.revision <= 4)
2573                 ctl |= B43_MACCTL_PROMISC;
2574
2575         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2576
2577         cfp_pretbtt = 2;
2578         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2579                 if (dev->dev->bus->chip_id == 0x4306 &&
2580                     dev->dev->bus->chip_rev == 3)
2581                         cfp_pretbtt = 100;
2582                 else
2583                         cfp_pretbtt = 50;
2584         }
2585         b43_write16(dev, 0x612, cfp_pretbtt);
2586 }
2587
2588 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2589 {
2590         u16 offset;
2591
2592         if (is_ofdm) {
2593                 offset = 0x480;
2594                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2595         } else {
2596                 offset = 0x4C0;
2597                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2598         }
2599         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2600                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2601 }
2602
2603 static void b43_rate_memory_init(struct b43_wldev *dev)
2604 {
2605         switch (dev->phy.type) {
2606         case B43_PHYTYPE_A:
2607         case B43_PHYTYPE_G:
2608         case B43_PHYTYPE_N:
2609                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2610                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2611                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2612                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2613                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2614                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2615                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2616                 if (dev->phy.type == B43_PHYTYPE_A)
2617                         break;
2618                 /* fallthrough */
2619         case B43_PHYTYPE_B:
2620                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2621                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2622                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2623                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2624                 break;
2625         default:
2626                 B43_WARN_ON(1);
2627         }
2628 }
2629
2630 /* Set the default values for the PHY TX Control Words. */
2631 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2632 {
2633         u16 ctl = 0;
2634
2635         ctl |= B43_TXH_PHY_ENC_CCK;
2636         ctl |= B43_TXH_PHY_ANT01AUTO;
2637         ctl |= B43_TXH_PHY_TXPWR;
2638
2639         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2640         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2641         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2642 }
2643
2644 /* Set the TX-Antenna for management frames sent by firmware. */
2645 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2646 {
2647         u16 ant;
2648         u16 tmp;
2649
2650         ant = b43_antenna_to_phyctl(antenna);
2651
2652         /* For ACK/CTS */
2653         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2654         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2655         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2656         /* For Probe Resposes */
2657         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2658         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2659         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2660 }
2661
2662 /* This is the opposite of b43_chip_init() */
2663 static void b43_chip_exit(struct b43_wldev *dev)
2664 {
2665         b43_phy_exit(dev);
2666         b43_gpio_cleanup(dev);
2667         /* firmware is released later */
2668 }
2669
2670 /* Initialize the chip
2671  * http://bcm-specs.sipsolutions.net/ChipInit
2672  */
2673 static int b43_chip_init(struct b43_wldev *dev)
2674 {
2675         struct b43_phy *phy = &dev->phy;
2676         int err;
2677         u32 value32, macctl;
2678         u16 value16;
2679
2680         /* Initialize the MAC control */
2681         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2682         if (dev->phy.gmode)
2683                 macctl |= B43_MACCTL_GMODE;
2684         macctl |= B43_MACCTL_INFRA;
2685         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2686
2687         err = b43_request_firmware(dev);
2688         if (err)
2689                 goto out;
2690         err = b43_upload_microcode(dev);
2691         if (err)
2692                 goto out;       /* firmware is released later */
2693
2694         err = b43_gpio_init(dev);
2695         if (err)
2696                 goto out;       /* firmware is released later */
2697
2698         err = b43_upload_initvals(dev);
2699         if (err)
2700                 goto err_gpio_clean;
2701
2702         /* Turn the Analog on and initialize the PHY. */
2703         phy->ops->switch_analog(dev, 1);
2704         err = b43_phy_init(dev);
2705         if (err)
2706                 goto err_gpio_clean;
2707
2708         /* Disable Interference Mitigation. */
2709         if (phy->ops->interf_mitigation)
2710                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2711
2712         /* Select the antennae */
2713         if (phy->ops->set_rx_antenna)
2714                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2715         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2716
2717         if (phy->type == B43_PHYTYPE_B) {
2718                 value16 = b43_read16(dev, 0x005E);
2719                 value16 |= 0x0004;
2720                 b43_write16(dev, 0x005E, value16);
2721         }
2722         b43_write32(dev, 0x0100, 0x01000000);
2723         if (dev->dev->id.revision < 5)
2724                 b43_write32(dev, 0x010C, 0x01000000);
2725
2726         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2727                     & ~B43_MACCTL_INFRA);
2728         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2729                     | B43_MACCTL_INFRA);
2730
2731         /* Probe Response Timeout value */
2732         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2733         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2734
2735         /* Initially set the wireless operation mode. */
2736         b43_adjust_opmode(dev);
2737
2738         if (dev->dev->id.revision < 3) {
2739                 b43_write16(dev, 0x060E, 0x0000);
2740                 b43_write16(dev, 0x0610, 0x8000);
2741                 b43_write16(dev, 0x0604, 0x0000);
2742                 b43_write16(dev, 0x0606, 0x0200);
2743         } else {
2744                 b43_write32(dev, 0x0188, 0x80000000);
2745                 b43_write32(dev, 0x018C, 0x02000000);
2746         }
2747         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2748         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2749         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2750         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2751         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2752         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2753         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2754
2755         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2756         value32 |= 0x00100000;
2757         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2758
2759         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2760                     dev->dev->bus->chipco.fast_pwrup_delay);
2761
2762         err = 0;
2763         b43dbg(dev->wl, "Chip initialized\n");
2764 out:
2765         return err;
2766
2767 err_gpio_clean:
2768         b43_gpio_cleanup(dev);
2769         return err;
2770 }
2771
2772 static void b43_periodic_every60sec(struct b43_wldev *dev)
2773 {
2774         const struct b43_phy_operations *ops = dev->phy.ops;
2775
2776         if (ops->pwork_60sec)
2777                 ops->pwork_60sec(dev);
2778
2779         /* Force check the TX power emission now. */
2780         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2781 }
2782
2783 static void b43_periodic_every30sec(struct b43_wldev *dev)
2784 {
2785         /* Update device statistics. */
2786         b43_calculate_link_quality(dev);
2787 }
2788
2789 static void b43_periodic_every15sec(struct b43_wldev *dev)
2790 {
2791         struct b43_phy *phy = &dev->phy;
2792         u16 wdr;
2793
2794         if (dev->fw.opensource) {
2795                 /* Check if the firmware is still alive.
2796                  * It will reset the watchdog counter to 0 in its idle loop. */
2797                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2798                 if (unlikely(wdr)) {
2799                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2800                         b43_controller_restart(dev, "Firmware watchdog");
2801                         return;
2802                 } else {
2803                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2804                                         B43_WATCHDOG_REG, 1);
2805                 }
2806         }
2807
2808         if (phy->ops->pwork_15sec)
2809                 phy->ops->pwork_15sec(dev);
2810
2811         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2812         wmb();
2813 }
2814
2815 static void do_periodic_work(struct b43_wldev *dev)
2816 {
2817         unsigned int state;
2818
2819         state = dev->periodic_state;
2820         if (state % 4 == 0)
2821                 b43_periodic_every60sec(dev);
2822         if (state % 2 == 0)
2823                 b43_periodic_every30sec(dev);
2824         b43_periodic_every15sec(dev);
2825 }
2826
2827 /* Periodic work locking policy:
2828  *      The whole periodic work handler is protected by
2829  *      wl->mutex. If another lock is needed somewhere in the
2830  *      pwork callchain, it's aquired in-place, where it's needed.
2831  */
2832 static void b43_periodic_work_handler(struct work_struct *work)
2833 {
2834         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2835                                              periodic_work.work);
2836         struct b43_wl *wl = dev->wl;
2837         unsigned long delay;
2838
2839         mutex_lock(&wl->mutex);
2840
2841         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2842                 goto out;
2843         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2844                 goto out_requeue;
2845
2846         do_periodic_work(dev);
2847
2848         dev->periodic_state++;
2849 out_requeue:
2850         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2851                 delay = msecs_to_jiffies(50);
2852         else
2853                 delay = round_jiffies_relative(HZ * 15);
2854         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2855 out:
2856         mutex_unlock(&wl->mutex);
2857 }
2858
2859 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2860 {
2861         struct delayed_work *work = &dev->periodic_work;
2862
2863         dev->periodic_state = 0;
2864         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2865         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2866 }
2867
2868 /* Check if communication with the device works correctly. */
2869 static int b43_validate_chipaccess(struct b43_wldev *dev)
2870 {
2871         u32 v, backup;
2872
2873         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2874
2875         /* Check for read/write and endianness problems. */
2876         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2877         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2878                 goto error;
2879         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2880         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2881                 goto error;
2882
2883         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2884
2885         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2886                 /* The 32bit register shadows the two 16bit registers
2887                  * with update sideeffects. Validate this. */
2888                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2889                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2890                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2891                         goto error;
2892                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2893                         goto error;
2894         }
2895         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2896
2897         v = b43_read32(dev, B43_MMIO_MACCTL);
2898         v |= B43_MACCTL_GMODE;
2899         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2900                 goto error;
2901
2902         return 0;
2903 error:
2904         b43err(dev->wl, "Failed to validate the chipaccess\n");
2905         return -ENODEV;
2906 }
2907
2908 static void b43_security_init(struct b43_wldev *dev)
2909 {
2910         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2911         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2912         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2913         /* KTP is a word address, but we address SHM bytewise.
2914          * So multiply by two.
2915          */
2916         dev->ktp *= 2;
2917         if (dev->dev->id.revision >= 5) {
2918                 /* Number of RCMTA address slots */
2919                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2920         }
2921         b43_clear_keys(dev);
2922 }
2923
2924 static int b43_rng_read(struct hwrng *rng, u32 * data)
2925 {
2926         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2927         unsigned long flags;
2928
2929         /* Don't take wl->mutex here, as it could deadlock with
2930          * hwrng internal locking. It's not needed to take
2931          * wl->mutex here, anyway. */
2932
2933         spin_lock_irqsave(&wl->irq_lock, flags);
2934         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2935         spin_unlock_irqrestore(&wl->irq_lock, flags);
2936
2937         return (sizeof(u16));
2938 }
2939
2940 static void b43_rng_exit(struct b43_wl *wl)
2941 {
2942         if (wl->rng_initialized)
2943                 hwrng_unregister(&wl->rng);
2944 }
2945
2946 static int b43_rng_init(struct b43_wl *wl)
2947 {
2948         int err;
2949
2950         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2951                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2952         wl->rng.name = wl->rng_name;
2953         wl->rng.data_read = b43_rng_read;
2954         wl->rng.priv = (unsigned long)wl;
2955         wl->rng_initialized = 1;
2956         err = hwrng_register(&wl->rng);
2957         if (err) {
2958                 wl->rng_initialized = 0;
2959                 b43err(wl, "Failed to register the random "
2960                        "number generator (%d)\n", err);
2961         }
2962
2963         return err;
2964 }
2965
2966 static int b43_op_tx(struct ieee80211_hw *hw,
2967                      struct sk_buff *skb)
2968 {
2969         struct b43_wl *wl = hw_to_b43_wl(hw);
2970         struct b43_wldev *dev = wl->current_dev;
2971         unsigned long flags;
2972         int err;
2973
2974         if (unlikely(skb->len < 2 + 2 + 6)) {
2975                 /* Too short, this can't be a valid frame. */
2976                 goto drop_packet;
2977         }
2978         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2979         if (unlikely(!dev))
2980                 goto drop_packet;
2981
2982         /* Transmissions on seperate queues can run concurrently. */
2983         read_lock_irqsave(&wl->tx_lock, flags);
2984
2985         err = -ENODEV;
2986         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2987                 if (b43_using_pio_transfers(dev))
2988                         err = b43_pio_tx(dev, skb);
2989                 else
2990                         err = b43_dma_tx(dev, skb);
2991         }
2992
2993         read_unlock_irqrestore(&wl->tx_lock, flags);
2994
2995         if (unlikely(err))
2996                 goto drop_packet;
2997         return NETDEV_TX_OK;
2998
2999 drop_packet:
3000         /* We can not transmit this packet. Drop it. */
3001         dev_kfree_skb_any(skb);
3002         return NETDEV_TX_OK;
3003 }
3004
3005 /* Locking: wl->irq_lock */
3006 static void b43_qos_params_upload(struct b43_wldev *dev,
3007                                   const struct ieee80211_tx_queue_params *p,
3008                                   u16 shm_offset)
3009 {
3010         u16 params[B43_NR_QOSPARAMS];
3011         int bslots, tmp;
3012         unsigned int i;
3013
3014         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3015
3016         memset(&params, 0, sizeof(params));
3017
3018         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3019         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3020         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3021         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3022         params[B43_QOSPARAM_AIFS] = p->aifs;
3023         params[B43_QOSPARAM_BSLOTS] = bslots;
3024         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3025
3026         for (i = 0; i < ARRAY_SIZE(params); i++) {
3027                 if (i == B43_QOSPARAM_STATUS) {
3028                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3029                                              shm_offset + (i * 2));
3030                         /* Mark the parameters as updated. */
3031                         tmp |= 0x100;
3032                         b43_shm_write16(dev, B43_SHM_SHARED,
3033                                         shm_offset + (i * 2),
3034                                         tmp);
3035                 } else {
3036                         b43_shm_write16(dev, B43_SHM_SHARED,
3037                                         shm_offset + (i * 2),
3038                                         params[i]);
3039                 }
3040         }
3041 }
3042
3043 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3044 static const u16 b43_qos_shm_offsets[] = {
3045         /* [mac80211-queue-nr] = SHM_OFFSET, */
3046         [0] = B43_QOS_VOICE,
3047         [1] = B43_QOS_VIDEO,
3048         [2] = B43_QOS_BESTEFFORT,
3049         [3] = B43_QOS_BACKGROUND,
3050 };
3051
3052 /* Update all QOS parameters in hardware. */
3053 static void b43_qos_upload_all(struct b43_wldev *dev)
3054 {
3055         struct b43_wl *wl = dev->wl;
3056         struct b43_qos_params *params;
3057         unsigned int i;
3058
3059         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3060                      ARRAY_SIZE(wl->qos_params));
3061
3062         b43_mac_suspend(dev);
3063         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3064                 params = &(wl->qos_params[i]);
3065                 b43_qos_params_upload(dev, &(params->p),
3066                                       b43_qos_shm_offsets[i]);
3067         }
3068         b43_mac_enable(dev);
3069 }
3070
3071 static void b43_qos_clear(struct b43_wl *wl)
3072 {
3073         struct b43_qos_params *params;
3074         unsigned int i;
3075
3076         /* Initialize QoS parameters to sane defaults. */
3077
3078         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3079                      ARRAY_SIZE(wl->qos_params));
3080
3081         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3082                 params = &(wl->qos_params[i]);
3083
3084                 switch (b43_qos_shm_offsets[i]) {
3085                 case B43_QOS_VOICE:
3086                         params->p.txop = 0;
3087                         params->p.aifs = 2;
3088                         params->p.cw_min = 0x0001;
3089                         params->p.cw_max = 0x0001;
3090                         break;
3091                 case B43_QOS_VIDEO:
3092                         params->p.txop = 0;
3093                         params->p.aifs = 2;
3094                         params->p.cw_min = 0x0001;
3095                         params->p.cw_max = 0x0001;
3096                         break;
3097                 case B43_QOS_BESTEFFORT:
3098                         params->p.txop = 0;
3099                         params->p.aifs = 3;
3100                         params->p.cw_min = 0x0001;
3101                         params->p.cw_max = 0x03FF;
3102                         break;
3103                 case B43_QOS_BACKGROUND:
3104                         params->p.txop = 0;
3105                         params->p.aifs = 7;
3106                         params->p.cw_min = 0x0001;
3107                         params->p.cw_max = 0x03FF;
3108                         break;
3109                 default:
3110                         B43_WARN_ON(1);
3111                 }
3112         }
3113 }
3114
3115 /* Initialize the core's QOS capabilities */
3116 static void b43_qos_init(struct b43_wldev *dev)
3117 {
3118         /* Upload the current QOS parameters. */
3119         b43_qos_upload_all(dev);
3120
3121         /* Enable QOS support. */
3122         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3123         b43_write16(dev, B43_MMIO_IFSCTL,
3124                     b43_read16(dev, B43_MMIO_IFSCTL)
3125                     | B43_MMIO_IFSCTL_USE_EDCF);
3126 }
3127
3128 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3129                           const struct ieee80211_tx_queue_params *params)
3130 {
3131         struct b43_wl *wl = hw_to_b43_wl(hw);
3132         struct b43_wldev *dev;
3133         unsigned int queue = (unsigned int)_queue;
3134         int err = -ENODEV;
3135
3136         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3137                 /* Queue not available or don't support setting
3138                  * params on this queue. Return success to not
3139                  * confuse mac80211. */
3140                 return 0;
3141         }
3142         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3143                      ARRAY_SIZE(wl->qos_params));
3144
3145         mutex_lock(&wl->mutex);
3146         dev = wl->current_dev;
3147         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3148                 goto out_unlock;
3149
3150         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3151         b43_mac_suspend(dev);
3152         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3153                               b43_qos_shm_offsets[queue]);
3154         b43_mac_enable(dev);
3155         err = 0;
3156
3157 out_unlock:
3158         mutex_unlock(&wl->mutex);
3159
3160         return err;
3161 }
3162
3163 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3164                                struct ieee80211_tx_queue_stats *stats)
3165 {
3166         struct b43_wl *wl = hw_to_b43_wl(hw);
3167         struct b43_wldev *dev = wl->current_dev;
3168         unsigned long flags;
3169         int err = -ENODEV;
3170
3171         if (!dev)
3172                 goto out;
3173         spin_lock_irqsave(&wl->irq_lock, flags);
3174         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3175                 if (b43_using_pio_transfers(dev))
3176                         b43_pio_get_tx_stats(dev, stats);
3177                 else
3178                         b43_dma_get_tx_stats(dev, stats);
3179                 err = 0;
3180         }
3181         spin_unlock_irqrestore(&wl->irq_lock, flags);
3182 out:
3183         return err;
3184 }
3185
3186 static int b43_op_get_stats(struct ieee80211_hw *hw,
3187                             struct ieee80211_low_level_stats *stats)
3188 {
3189         struct b43_wl *wl = hw_to_b43_wl(hw);
3190         unsigned long flags;
3191
3192         spin_lock_irqsave(&wl->irq_lock, flags);
3193         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3194         spin_unlock_irqrestore(&wl->irq_lock, flags);
3195
3196         return 0;
3197 }
3198
3199 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3200 {
3201         struct ssb_device *sdev = dev->dev;
3202         u32 tmslow;
3203
3204         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3205         tmslow &= ~B43_TMSLOW_GMODE;
3206         tmslow |= B43_TMSLOW_PHYRESET;
3207         tmslow |= SSB_TMSLOW_FGC;
3208         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3209         msleep(1);
3210
3211         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3212         tmslow &= ~SSB_TMSLOW_FGC;
3213         tmslow |= B43_TMSLOW_PHYRESET;
3214         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3215         msleep(1);
3216 }
3217
3218 static const char * band_to_string(enum ieee80211_band band)
3219 {
3220         switch (band) {
3221         case IEEE80211_BAND_5GHZ:
3222                 return "5";
3223         case IEEE80211_BAND_2GHZ:
3224                 return "2.4";
3225         default:
3226                 break;
3227         }
3228         B43_WARN_ON(1);
3229         return "";
3230 }
3231
3232 /* Expects wl->mutex locked */
3233 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3234 {
3235         struct b43_wldev *up_dev = NULL;
3236         struct b43_wldev *down_dev;
3237         struct b43_wldev *d;
3238         int err;
3239         bool gmode;
3240         int prev_status;
3241
3242         /* Find a device and PHY which supports the band. */
3243         list_for_each_entry(d, &wl->devlist, list) {
3244                 switch (chan->band) {
3245                 case IEEE80211_BAND_5GHZ:
3246                         if (d->phy.supports_5ghz) {
3247                                 up_dev = d;
3248                                 gmode = 0;
3249                         }
3250                         break;
3251                 case IEEE80211_BAND_2GHZ:
3252                         if (d->phy.supports_2ghz) {
3253                                 up_dev = d;
3254                                 gmode = 1;
3255                         }
3256                         break;
3257                 default:
3258                         B43_WARN_ON(1);
3259                         return -EINVAL;
3260                 }
3261                 if (up_dev)
3262                         break;
3263         }
3264         if (!up_dev) {
3265                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3266                        band_to_string(chan->band));
3267                 return -ENODEV;
3268         }
3269         if ((up_dev == wl->current_dev) &&
3270             (!!wl->current_dev->phy.gmode == !!gmode)) {
3271                 /* This device is already running. */
3272                 return 0;
3273         }
3274         b43dbg(wl, "Switching to %s-GHz band\n",
3275                band_to_string(chan->band));
3276         down_dev = wl->current_dev;
3277
3278         prev_status = b43_status(down_dev);
3279         /* Shutdown the currently running core. */
3280         if (prev_status >= B43_STAT_STARTED)
3281                 b43_wireless_core_stop(down_dev);
3282         if (prev_status >= B43_STAT_INITIALIZED)
3283                 b43_wireless_core_exit(down_dev);
3284
3285         if (down_dev != up_dev) {
3286                 /* We switch to a different core, so we put PHY into
3287                  * RESET on the old core. */
3288                 b43_put_phy_into_reset(down_dev);
3289         }
3290
3291         /* Now start the new core. */
3292         up_dev->phy.gmode = gmode;
3293         if (prev_status >= B43_STAT_INITIALIZED) {
3294                 err = b43_wireless_core_init(up_dev);
3295                 if (err) {
3296                         b43err(wl, "Fatal: Could not initialize device for "
3297                                "selected %s-GHz band\n",
3298                                band_to_string(chan->band));
3299                         goto init_failure;
3300                 }
3301         }
3302         if (prev_status >= B43_STAT_STARTED) {
3303                 err = b43_wireless_core_start(up_dev);
3304                 if (err) {
3305                         b43err(wl, "Fatal: Coult not start device for "
3306                                "selected %s-GHz band\n",
3307                                band_to_string(chan->band));
3308                         b43_wireless_core_exit(up_dev);
3309                         goto init_failure;
3310                 }
3311         }
3312         B43_WARN_ON(b43_status(up_dev) != prev_status);
3313
3314         wl->current_dev = up_dev;
3315
3316         return 0;
3317 init_failure:
3318         /* Whoops, failed to init the new core. No core is operating now. */
3319         wl->current_dev = NULL;
3320         return err;
3321 }
3322
3323 /* Write the short and long frame retry limit values. */
3324 static void b43_set_retry_limits(struct b43_wldev *dev,
3325                                  unsigned int short_retry,
3326                                  unsigned int long_retry)
3327 {
3328         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3329          * the chip-internal counter. */
3330         short_retry = min(short_retry, (unsigned int)0xF);
3331         long_retry = min(long_retry, (unsigned int)0xF);
3332
3333         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3334                         short_retry);
3335         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3336                         long_retry);
3337 }
3338
3339 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3340 {
3341         struct b43_wl *wl = hw_to_b43_wl(hw);
3342         struct b43_wldev *dev;
3343         struct b43_phy *phy;
3344         struct ieee80211_conf *conf = &hw->conf;
3345         unsigned long flags;
3346         int antenna;
3347         int err = 0;
3348         u32 savedirqs;
3349
3350         mutex_lock(&wl->mutex);
3351
3352         /* Switch the band (if necessary). This might change the active core. */
3353         err = b43_switch_band(wl, conf->channel);
3354         if (err)
3355                 goto out_unlock_mutex;
3356         dev = wl->current_dev;
3357         phy = &dev->phy;
3358
3359         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3360                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3361                                           conf->long_frame_max_tx_count);
3362         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3363         if (!changed)
3364                 goto out_unlock_mutex;
3365
3366         /* Disable IRQs while reconfiguring the device.
3367          * This makes it possible to drop the spinlock throughout
3368          * the reconfiguration process. */
3369         spin_lock_irqsave(&wl->irq_lock, flags);
3370         if (b43_status(dev) < B43_STAT_STARTED) {
3371                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3372                 goto out_unlock_mutex;
3373         }
3374         savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3375         spin_unlock_irqrestore(&wl->irq_lock, flags);
3376         b43_synchronize_irq(dev);
3377
3378         /* Switch to the requested channel.
3379          * The firmware takes care of races with the TX handler. */
3380         if (conf->channel->hw_value != phy->channel)
3381                 b43_switch_channel(dev, conf->channel->hw_value);
3382
3383         /* Enable/Disable ShortSlot timing. */
3384         if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3385             dev->short_slot) {
3386                 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3387                 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3388                         b43_short_slot_timing_enable(dev);
3389                 else
3390                         b43_short_slot_timing_disable(dev);
3391         }
3392
3393         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3394
3395         /* Adjust the desired TX power level. */
3396         if (conf->power_level != 0) {
3397                 spin_lock_irqsave(&wl->irq_lock, flags);
3398                 if (conf->power_level != phy->desired_txpower) {
3399                         phy->desired_txpower = conf->power_level;
3400                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3401                                                    B43_TXPWR_IGNORE_TSSI);
3402                 }
3403                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3404         }
3405
3406         /* Antennas for RX and management frame TX. */
3407         antenna = B43_ANTENNA_DEFAULT;
3408         b43_mgmtframe_txantenna(dev, antenna);
3409         antenna = B43_ANTENNA_DEFAULT;
3410         if (phy->ops->set_rx_antenna)
3411                 phy->ops->set_rx_antenna(dev, antenna);
3412
3413         /* Update templates for AP/mesh mode. */
3414         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3415             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3416                 b43_set_beacon_int(dev, conf->beacon_int);
3417
3418         if (!!conf->radio_enabled != phy->radio_on) {
3419                 if (conf->radio_enabled) {
3420                         b43_software_rfkill(dev, RFKILL_STATE_UNBLOCKED);
3421                         b43info(dev->wl, "Radio turned on by software\n");
3422                         if (!dev->radio_hw_enable) {
3423                                 b43info(dev->wl, "The hardware RF-kill button "
3424                                         "still turns the radio physically off. "
3425                                         "Press the button to turn it on.\n");
3426                         }
3427                 } else {
3428                         b43_software_rfkill(dev, RFKILL_STATE_SOFT_BLOCKED);
3429                         b43info(dev->wl, "Radio turned off by software\n");
3430                 }
3431         }
3432
3433         spin_lock_irqsave(&wl->irq_lock, flags);
3434         b43_interrupt_enable(dev, savedirqs);
3435         mmiowb();
3436         spin_unlock_irqrestore(&wl->irq_lock, flags);
3437       out_unlock_mutex:
3438         mutex_unlock(&wl->mutex);
3439
3440         return err;
3441 }
3442
3443 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3444                            const u8 *local_addr, const u8 *addr,
3445                            struct ieee80211_key_conf *key)
3446 {
3447         struct b43_wl *wl = hw_to_b43_wl(hw);
3448         struct b43_wldev *dev;
3449         unsigned long flags;
3450         u8 algorithm;
3451         u8 index;
3452         int err;
3453
3454         if (modparam_nohwcrypt)
3455                 return -ENOSPC; /* User disabled HW-crypto */
3456
3457         mutex_lock(&wl->mutex);
3458         spin_lock_irqsave(&wl->irq_lock, flags);
3459
3460         dev = wl->current_dev;
3461         err = -ENODEV;
3462         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3463                 goto out_unlock;
3464
3465         if (dev->fw.pcm_request_failed) {
3466                 /* We don't have firmware for the crypto engine.
3467                  * Must use software-crypto. */
3468                 err = -EOPNOTSUPP;
3469                 goto out_unlock;
3470         }
3471
3472         err = -EINVAL;
3473         switch (key->alg) {
3474         case ALG_WEP:
3475                 if (key->keylen == 5)
3476                         algorithm = B43_SEC_ALGO_WEP40;
3477                 else
3478                         algorithm = B43_SEC_ALGO_WEP104;
3479                 break;
3480         case ALG_TKIP:
3481                 algorithm = B43_SEC_ALGO_TKIP;
3482                 break;
3483         case ALG_CCMP:
3484                 algorithm = B43_SEC_ALGO_AES;
3485                 break;
3486         default:
3487                 B43_WARN_ON(1);
3488                 goto out_unlock;
3489         }
3490         index = (u8) (key->keyidx);
3491         if (index > 3)
3492                 goto out_unlock;
3493
3494         switch (cmd) {
3495         case SET_KEY:
3496                 if (algorithm == B43_SEC_ALGO_TKIP) {
3497                         /* FIXME: No TKIP hardware encryption for now. */
3498                         err = -EOPNOTSUPP;
3499                         goto out_unlock;
3500                 }
3501
3502                 if (is_broadcast_ether_addr(addr)) {
3503                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3504                         err = b43_key_write(dev, index, algorithm,
3505                                             key->key, key->keylen, NULL, key);
3506                 } else {
3507                         /*
3508                          * either pairwise key or address is 00:00:00:00:00:00
3509                          * for transmit-only keys
3510                          */
3511                         err = b43_key_write(dev, -1, algorithm,
3512                                             key->key, key->keylen, addr, key);
3513                 }
3514                 if (err)
3515                         goto out_unlock;
3516
3517                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3518                     algorithm == B43_SEC_ALGO_WEP104) {
3519                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3520                 } else {
3521                         b43_hf_write(dev,
3522                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3523                 }
3524                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3525                 break;
3526         case DISABLE_KEY: {
3527                 err = b43_key_clear(dev, key->hw_key_idx);
3528                 if (err)
3529                         goto out_unlock;
3530                 break;
3531         }
3532         default:
3533                 B43_WARN_ON(1);
3534         }
3535 out_unlock:
3536         spin_unlock_irqrestore(&wl->irq_lock, flags);
3537         mutex_unlock(&wl->mutex);
3538         if (!err) {
3539                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3540                        "mac: %pM\n",
3541                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3542                        addr);
3543         }
3544         return err;
3545 }
3546
3547 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3548                                     unsigned int changed, unsigned int *fflags,
3549                                     int mc_count, struct dev_addr_list *mc_list)
3550 {
3551         struct b43_wl *wl = hw_to_b43_wl(hw);
3552         struct b43_wldev *dev = wl->current_dev;
3553         unsigned long flags;
3554
3555         if (!dev) {
3556                 *fflags = 0;
3557                 return;
3558         }
3559
3560         spin_lock_irqsave(&wl->irq_lock, flags);
3561         *fflags &= FIF_PROMISC_IN_BSS |
3562                   FIF_ALLMULTI |
3563                   FIF_FCSFAIL |
3564                   FIF_PLCPFAIL |
3565                   FIF_CONTROL |
3566                   FIF_OTHER_BSS |
3567                   FIF_BCN_PRBRESP_PROMISC;
3568
3569         changed &= FIF_PROMISC_IN_BSS |
3570                    FIF_ALLMULTI |
3571                    FIF_FCSFAIL |
3572                    FIF_PLCPFAIL |
3573                    FIF_CONTROL |
3574                    FIF_OTHER_BSS |
3575                    FIF_BCN_PRBRESP_PROMISC;
3576
3577         wl->filter_flags = *fflags;
3578
3579         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3580                 b43_adjust_opmode(dev);
3581         spin_unlock_irqrestore(&wl->irq_lock, flags);
3582 }
3583
3584 static int b43_op_config_interface(struct ieee80211_hw *hw,
3585                                    struct ieee80211_vif *vif,
3586                                    struct ieee80211_if_conf *conf)
3587 {
3588         struct b43_wl *wl = hw_to_b43_wl(hw);
3589         struct b43_wldev *dev = wl->current_dev;
3590         unsigned long flags;
3591
3592         if (!dev)
3593                 return -ENODEV;
3594         mutex_lock(&wl->mutex);
3595         spin_lock_irqsave(&wl->irq_lock, flags);
3596         B43_WARN_ON(wl->vif != vif);
3597         if (conf->bssid)
3598                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3599         else
3600                 memset(wl->bssid, 0, ETH_ALEN);
3601         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3602                 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3603                     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT)) {
3604                         B43_WARN_ON(vif->type != wl->if_type);
3605                         if (conf->changed & IEEE80211_IFCC_SSID)
3606                                 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3607                         if (conf->changed & IEEE80211_IFCC_BEACON)
3608                                 b43_update_templates(wl);
3609                 } else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) {
3610                         if (conf->changed & IEEE80211_IFCC_BEACON)
3611                                 b43_update_templates(wl);
3612                 }
3613                 b43_write_mac_bssid_templates(dev);
3614         }
3615         spin_unlock_irqrestore(&wl->irq_lock, flags);
3616         mutex_unlock(&wl->mutex);
3617
3618         return 0;
3619 }
3620
3621 /* Locking: wl->mutex */
3622 static void b43_wireless_core_stop(struct b43_wldev *dev)
3623 {
3624         struct b43_wl *wl = dev->wl;
3625         unsigned long flags;
3626
3627         if (b43_status(dev) < B43_STAT_STARTED)
3628                 return;
3629
3630         /* Disable and sync interrupts. We must do this before than
3631          * setting the status to INITIALIZED, as the interrupt handler
3632          * won't care about IRQs then. */
3633         spin_lock_irqsave(&wl->irq_lock, flags);
3634         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3635         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3636         spin_unlock_irqrestore(&wl->irq_lock, flags);
3637         b43_synchronize_irq(dev);
3638
3639         write_lock_irqsave(&wl->tx_lock, flags);
3640         b43_set_status(dev, B43_STAT_INITIALIZED);
3641         write_unlock_irqrestore(&wl->tx_lock, flags);
3642
3643         b43_pio_stop(dev);
3644         mutex_unlock(&wl->mutex);
3645         /* Must unlock as it would otherwise deadlock. No races here.
3646          * Cancel the possibly running self-rearming periodic work. */
3647         cancel_delayed_work_sync(&dev->periodic_work);
3648         mutex_lock(&wl->mutex);
3649
3650         b43_mac_suspend(dev);
3651         free_irq(dev->dev->irq, dev);
3652         b43dbg(wl, "Wireless interface stopped\n");
3653 }
3654
3655 /* Locking: wl->mutex */
3656 static int b43_wireless_core_start(struct b43_wldev *dev)
3657 {
3658         int err;
3659
3660         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3661
3662         drain_txstatus_queue(dev);
3663         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3664                           IRQF_SHARED, KBUILD_MODNAME, dev);
3665         if (err) {
3666                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3667                 goto out;
3668         }
3669
3670         /* We are ready to run. */
3671         b43_set_status(dev, B43_STAT_STARTED);
3672
3673         /* Start data flow (TX/RX). */
3674         b43_mac_enable(dev);
3675         b43_interrupt_enable(dev, dev->irq_savedstate);
3676
3677         /* Start maintainance work */
3678         b43_periodic_tasks_setup(dev);
3679
3680         b43dbg(dev->wl, "Wireless interface started\n");
3681       out:
3682         return err;
3683 }
3684
3685 /* Get PHY and RADIO versioning numbers */
3686 static int b43_phy_versioning(struct b43_wldev *dev)
3687 {
3688         struct b43_phy *phy = &dev->phy;
3689         u32 tmp;
3690         u8 analog_type;
3691         u8 phy_type;
3692         u8 phy_rev;
3693         u16 radio_manuf;
3694         u16 radio_ver;
3695         u16 radio_rev;
3696         int unsupported = 0;
3697
3698         /* Get PHY versioning */
3699         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3700         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3701         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3702         phy_rev = (tmp & B43_PHYVER_VERSION);
3703         switch (phy_type) {
3704         case B43_PHYTYPE_A:
3705                 if (phy_rev >= 4)
3706                         unsupported = 1;
3707                 break;
3708         case B43_PHYTYPE_B:
3709                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3710                     && phy_rev != 7)
3711                         unsupported = 1;
3712                 break;
3713         case B43_PHYTYPE_G:
3714                 if (phy_rev > 9)
3715                         unsupported = 1;
3716                 break;
3717 #ifdef CONFIG_B43_NPHY
3718         case B43_PHYTYPE_N:
3719                 if (phy_rev > 1)
3720                         unsupported = 1;
3721                 break;
3722 #endif
3723         default:
3724                 unsupported = 1;
3725         };
3726         if (unsupported) {
3727                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3728                        "(Analog %u, Type %u, Revision %u)\n",
3729                        analog_type, phy_type, phy_rev);
3730                 return -EOPNOTSUPP;
3731         }
3732         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3733                analog_type, phy_type, phy_rev);
3734
3735         /* Get RADIO versioning */
3736         if (dev->dev->bus->chip_id == 0x4317) {
3737                 if (dev->dev->bus->chip_rev == 0)
3738                         tmp = 0x3205017F;
3739                 else if (dev->dev->bus->chip_rev == 1)
3740                         tmp = 0x4205017F;
3741                 else
3742                         tmp = 0x5205017F;
3743         } else {
3744                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3745                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3746                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3747                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3748         }
3749         radio_manuf = (tmp & 0x00000FFF);
3750         radio_ver = (tmp & 0x0FFFF000) >> 12;
3751         radio_rev = (tmp & 0xF0000000) >> 28;
3752         if (radio_manuf != 0x17F /* Broadcom */)
3753                 unsupported = 1;
3754         switch (phy_type) {
3755         case B43_PHYTYPE_A:
3756                 if (radio_ver != 0x2060)
3757                         unsupported = 1;
3758                 if (radio_rev != 1)
3759                         unsupported = 1;
3760                 if (radio_manuf != 0x17F)
3761                         unsupported = 1;
3762                 break;
3763         case B43_PHYTYPE_B:
3764                 if ((radio_ver & 0xFFF0) != 0x2050)
3765                         unsupported = 1;
3766                 break;
3767         case B43_PHYTYPE_G:
3768                 if (radio_ver != 0x2050)
3769                         unsupported = 1;
3770                 break;
3771         case B43_PHYTYPE_N:
3772                 if (radio_ver != 0x2055)
3773                         unsupported = 1;
3774                 break;
3775         default:
3776                 B43_WARN_ON(1);
3777         }
3778         if (unsupported) {
3779                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3780                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3781                        radio_manuf, radio_ver, radio_rev);
3782                 return -EOPNOTSUPP;
3783         }
3784         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3785                radio_manuf, radio_ver, radio_rev);
3786
3787         phy->radio_manuf = radio_manuf;
3788         phy->radio_ver = radio_ver;
3789         phy->radio_rev = radio_rev;
3790
3791         phy->analog = analog_type;
3792         phy->type = phy_type;
3793         phy->rev = phy_rev;
3794
3795         return 0;
3796 }
3797
3798 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3799                                       struct b43_phy *phy)
3800 {
3801         phy->hardware_power_control = !!modparam_hwpctl;
3802         phy->next_txpwr_check_time = jiffies;
3803         /* PHY TX errors counter. */
3804         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3805 }
3806
3807 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3808 {
3809         dev->dfq_valid = 0;
3810
3811         /* Assume the radio is enabled. If it's not enabled, the state will
3812          * immediately get fixed on the first periodic work run. */
3813         dev->radio_hw_enable = 1;
3814
3815         /* Stats */
3816         memset(&dev->stats, 0, sizeof(dev->stats));
3817
3818         setup_struct_phy_for_init(dev, &dev->phy);
3819
3820         /* IRQ related flags */
3821         dev->irq_reason = 0;
3822         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3823         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3824
3825         dev->mac_suspended = 1;
3826
3827         /* Noise calculation context */
3828         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3829 }
3830
3831 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3832 {
3833         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3834         u64 hf;
3835
3836         if (!modparam_btcoex)
3837                 return;
3838         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3839                 return;
3840         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3841                 return;
3842
3843         hf = b43_hf_read(dev);
3844         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3845                 hf |= B43_HF_BTCOEXALT;
3846         else
3847                 hf |= B43_HF_BTCOEX;
3848         b43_hf_write(dev, hf);
3849 }
3850
3851 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3852 {
3853         if (!modparam_btcoex)
3854                 return;
3855         //TODO
3856 }
3857
3858 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3859 {
3860 #ifdef CONFIG_SSB_DRIVER_PCICORE
3861         struct ssb_bus *bus = dev->dev->bus;
3862         u32 tmp;
3863
3864         if (bus->pcicore.dev &&
3865             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3866             bus->pcicore.dev->id.revision <= 5) {
3867                 /* IMCFGLO timeouts workaround. */
3868                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3869                 tmp &= ~SSB_IMCFGLO_REQTO;
3870                 tmp &= ~SSB_IMCFGLO_SERTO;
3871                 switch (bus->bustype) {
3872                 case SSB_BUSTYPE_PCI:
3873                 case SSB_BUSTYPE_PCMCIA:
3874                         tmp |= 0x32;
3875                         break;
3876                 case SSB_BUSTYPE_SSB:
3877                         tmp |= 0x53;
3878                         break;
3879                 }
3880                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3881         }
3882 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3883 }
3884
3885 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3886 {
3887         u16 pu_delay;
3888
3889         /* The time value is in microseconds. */
3890         if (dev->phy.type == B43_PHYTYPE_A)
3891                 pu_delay = 3700;
3892         else
3893                 pu_delay = 1050;
3894         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3895                 pu_delay = 500;
3896         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3897                 pu_delay = max(pu_delay, (u16)2400);
3898
3899         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3900 }
3901
3902 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3903 static void b43_set_pretbtt(struct b43_wldev *dev)
3904 {
3905         u16 pretbtt;
3906
3907         /* The time value is in microseconds. */
3908         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3909                 pretbtt = 2;
3910         } else {
3911                 if (dev->phy.type == B43_PHYTYPE_A)
3912                         pretbtt = 120;
3913                 else
3914                         pretbtt = 250;
3915         }
3916         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3917         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3918 }
3919
3920 /* Shutdown a wireless core */
3921 /* Locking: wl->mutex */
3922 static void b43_wireless_core_exit(struct b43_wldev *dev)
3923 {
3924         u32 macctl;
3925
3926         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3927         if (b43_status(dev) != B43_STAT_INITIALIZED)
3928                 return;
3929         b43_set_status(dev, B43_STAT_UNINIT);
3930
3931         /* Stop the microcode PSM. */
3932         macctl = b43_read32(dev, B43_MMIO_MACCTL);
3933         macctl &= ~B43_MACCTL_PSM_RUN;
3934         macctl |= B43_MACCTL_PSM_JMP0;
3935         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3936
3937         if (!dev->suspend_in_progress) {
3938                 b43_leds_exit(dev);
3939                 b43_rng_exit(dev->wl);
3940         }
3941         b43_dma_free(dev);
3942         b43_pio_free(dev);
3943         b43_chip_exit(dev);
3944         dev->phy.ops->switch_analog(dev, 0);
3945         if (dev->wl->current_beacon) {
3946                 dev_kfree_skb_any(dev->wl->current_beacon);
3947                 dev->wl->current_beacon = NULL;
3948         }
3949
3950         ssb_device_disable(dev->dev, 0);
3951         ssb_bus_may_powerdown(dev->dev->bus);
3952 }
3953
3954 /* Initialize a wireless core */
3955 static int b43_wireless_core_init(struct b43_wldev *dev)
3956 {
3957         struct b43_wl *wl = dev->wl;
3958         struct ssb_bus *bus = dev->dev->bus;
3959         struct ssb_sprom *sprom = &bus->sprom;
3960         struct b43_phy *phy = &dev->phy;
3961         int err;
3962         u64 hf;
3963         u32 tmp;
3964
3965         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3966
3967         err = ssb_bus_powerup(bus, 0);
3968         if (err)
3969                 goto out;
3970         if (!ssb_device_is_enabled(dev->dev)) {
3971                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3972                 b43_wireless_core_reset(dev, tmp);
3973         }
3974
3975         /* Reset all data structures. */
3976         setup_struct_wldev_for_init(dev);
3977         phy->ops->prepare_structs(dev);
3978
3979         /* Enable IRQ routing to this device. */
3980         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3981
3982         b43_imcfglo_timeouts_workaround(dev);
3983         b43_bluetooth_coext_disable(dev);
3984         if (phy->ops->prepare_hardware) {
3985                 err = phy->ops->prepare_hardware(dev);
3986                 if (err)
3987                         goto err_busdown;
3988         }
3989         err = b43_chip_init(dev);
3990         if (err)
3991                 goto err_busdown;
3992         b43_shm_write16(dev, B43_SHM_SHARED,
3993                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
3994         hf = b43_hf_read(dev);
3995         if (phy->type == B43_PHYTYPE_G) {
3996                 hf |= B43_HF_SYMW;
3997                 if (phy->rev == 1)
3998                         hf |= B43_HF_GDCW;
3999                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4000                         hf |= B43_HF_OFDMPABOOST;
4001         } else if (phy->type == B43_PHYTYPE_B) {
4002                 hf |= B43_HF_SYMW;
4003                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4004                         hf &= ~B43_HF_GDCW;
4005         }
4006         b43_hf_write(dev, hf);
4007
4008         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4009                              B43_DEFAULT_LONG_RETRY_LIMIT);
4010         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4011         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4012
4013         /* Disable sending probe responses from firmware.
4014          * Setting the MaxTime to one usec will always trigger
4015          * a timeout, so we never send any probe resp.
4016          * A timeout of zero is infinite. */
4017         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4018
4019         b43_rate_memory_init(dev);
4020         b43_set_phytxctl_defaults(dev);
4021
4022         /* Minimum Contention Window */
4023         if (phy->type == B43_PHYTYPE_B) {
4024                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4025         } else {
4026                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4027         }
4028         /* Maximum Contention Window */
4029         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4030
4031         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4032                 dev->__using_pio_transfers = 1;
4033                 err = b43_pio_init(dev);
4034         } else {
4035                 dev->__using_pio_transfers = 0;
4036                 err = b43_dma_init(dev);
4037         }
4038         if (err)
4039                 goto err_chip_exit;
4040         b43_qos_init(dev);
4041         b43_set_synth_pu_delay(dev, 1);
4042         b43_bluetooth_coext_enable(dev);
4043
4044         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
4045         b43_upload_card_macaddress(dev);
4046         b43_security_init(dev);
4047         if (!dev->suspend_in_progress)
4048                 b43_rng_init(wl);
4049
4050         b43_set_status(dev, B43_STAT_INITIALIZED);
4051
4052         if (!dev->suspend_in_progress)
4053                 b43_leds_init(dev);
4054 out:
4055         return err;
4056
4057 err_chip_exit:
4058         b43_chip_exit(dev);
4059 err_busdown:
4060         ssb_bus_may_powerdown(bus);
4061         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4062         return err;
4063 }
4064
4065 static int b43_op_add_interface(struct ieee80211_hw *hw,
4066                                 struct ieee80211_if_init_conf *conf)
4067 {
4068         struct b43_wl *wl = hw_to_b43_wl(hw);
4069         struct b43_wldev *dev;
4070         unsigned long flags;
4071         int err = -EOPNOTSUPP;
4072
4073         /* TODO: allow WDS/AP devices to coexist */
4074
4075         if (conf->type != NL80211_IFTYPE_AP &&
4076             conf->type != NL80211_IFTYPE_MESH_POINT &&
4077             conf->type != NL80211_IFTYPE_STATION &&
4078             conf->type != NL80211_IFTYPE_WDS &&
4079             conf->type != NL80211_IFTYPE_ADHOC)
4080                 return -EOPNOTSUPP;
4081
4082         mutex_lock(&wl->mutex);
4083         if (wl->operating)
4084                 goto out_mutex_unlock;
4085
4086         b43dbg(wl, "Adding Interface type %d\n", conf->type);
4087
4088         dev = wl->current_dev;
4089         wl->operating = 1;
4090         wl->vif = conf->vif;
4091         wl->if_type = conf->type;
4092         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4093
4094         spin_lock_irqsave(&wl->irq_lock, flags);
4095         b43_adjust_opmode(dev);
4096         b43_set_pretbtt(dev);
4097         b43_set_synth_pu_delay(dev, 0);
4098         b43_upload_card_macaddress(dev);
4099         spin_unlock_irqrestore(&wl->irq_lock, flags);
4100
4101         err = 0;
4102  out_mutex_unlock:
4103         mutex_unlock(&wl->mutex);
4104
4105         return err;
4106 }
4107
4108 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4109                                     struct ieee80211_if_init_conf *conf)
4110 {
4111         struct b43_wl *wl = hw_to_b43_wl(hw);
4112         struct b43_wldev *dev = wl->current_dev;
4113         unsigned long flags;
4114
4115         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4116
4117         mutex_lock(&wl->mutex);
4118
4119         B43_WARN_ON(!wl->operating);
4120         B43_WARN_ON(wl->vif != conf->vif);
4121         wl->vif = NULL;
4122
4123         wl->operating = 0;
4124
4125         spin_lock_irqsave(&wl->irq_lock, flags);
4126         b43_adjust_opmode(dev);
4127         memset(wl->mac_addr, 0, ETH_ALEN);
4128         b43_upload_card_macaddress(dev);
4129         spin_unlock_irqrestore(&wl->irq_lock, flags);
4130
4131         mutex_unlock(&wl->mutex);
4132 }
4133
4134 static int b43_op_start(struct ieee80211_hw *hw)
4135 {
4136         struct b43_wl *wl = hw_to_b43_wl(hw);
4137         struct b43_wldev *dev = wl->current_dev;
4138         int did_init = 0;
4139         int err = 0;
4140         bool do_rfkill_exit = 0;
4141
4142         /* Kill all old instance specific information to make sure
4143          * the card won't use it in the short timeframe between start
4144          * and mac80211 reconfiguring it. */
4145         memset(wl->bssid, 0, ETH_ALEN);
4146         memset(wl->mac_addr, 0, ETH_ALEN);
4147         wl->filter_flags = 0;
4148         wl->radiotap_enabled = 0;
4149         b43_qos_clear(wl);
4150         wl->beacon0_uploaded = 0;
4151         wl->beacon1_uploaded = 0;
4152         wl->beacon_templates_virgin = 1;
4153
4154         /* First register RFkill.
4155          * LEDs that are registered later depend on it. */
4156         b43_rfkill_init(dev);
4157
4158         mutex_lock(&wl->mutex);
4159
4160         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4161                 err = b43_wireless_core_init(dev);
4162                 if (err) {
4163                         do_rfkill_exit = 1;
4164                         goto out_mutex_unlock;
4165                 }
4166                 did_init = 1;
4167         }
4168
4169         if (b43_status(dev) < B43_STAT_STARTED) {
4170                 err = b43_wireless_core_start(dev);
4171                 if (err) {
4172                         if (did_init)
4173                                 b43_wireless_core_exit(dev);
4174                         do_rfkill_exit = 1;
4175                         goto out_mutex_unlock;
4176                 }
4177         }
4178
4179  out_mutex_unlock:
4180         mutex_unlock(&wl->mutex);
4181
4182         if (do_rfkill_exit)
4183                 b43_rfkill_exit(dev);
4184
4185         return err;
4186 }
4187
4188 static void b43_op_stop(struct ieee80211_hw *hw)
4189 {
4190         struct b43_wl *wl = hw_to_b43_wl(hw);
4191         struct b43_wldev *dev = wl->current_dev;
4192
4193         b43_rfkill_exit(dev);
4194         cancel_work_sync(&(wl->beacon_update_trigger));
4195
4196         mutex_lock(&wl->mutex);
4197         if (b43_status(dev) >= B43_STAT_STARTED)
4198                 b43_wireless_core_stop(dev);
4199         b43_wireless_core_exit(dev);
4200         mutex_unlock(&wl->mutex);
4201
4202         cancel_work_sync(&(wl->txpower_adjust_work));
4203 }
4204
4205 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4206                                  struct ieee80211_sta *sta, bool set)
4207 {
4208         struct b43_wl *wl = hw_to_b43_wl(hw);
4209         unsigned long flags;
4210
4211         spin_lock_irqsave(&wl->irq_lock, flags);
4212         b43_update_templates(wl);
4213         spin_unlock_irqrestore(&wl->irq_lock, flags);
4214
4215         return 0;
4216 }
4217
4218 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4219                               struct ieee80211_vif *vif,
4220                               enum sta_notify_cmd notify_cmd,
4221                               struct ieee80211_sta *sta)
4222 {
4223         struct b43_wl *wl = hw_to_b43_wl(hw);
4224
4225         B43_WARN_ON(!vif || wl->vif != vif);
4226 }
4227
4228 static const struct ieee80211_ops b43_hw_ops = {
4229         .tx                     = b43_op_tx,
4230         .conf_tx                = b43_op_conf_tx,
4231         .add_interface          = b43_op_add_interface,
4232         .remove_interface       = b43_op_remove_interface,
4233         .config                 = b43_op_config,
4234         .config_interface       = b43_op_config_interface,
4235         .configure_filter       = b43_op_configure_filter,
4236         .set_key                = b43_op_set_key,
4237         .get_stats              = b43_op_get_stats,
4238         .get_tx_stats           = b43_op_get_tx_stats,
4239         .start                  = b43_op_start,
4240         .stop                   = b43_op_stop,
4241         .set_tim                = b43_op_beacon_set_tim,
4242         .sta_notify             = b43_op_sta_notify,
4243 };
4244
4245 /* Hard-reset the chip. Do not call this directly.
4246  * Use b43_controller_restart()
4247  */
4248 static void b43_chip_reset(struct work_struct *work)
4249 {
4250         struct b43_wldev *dev =
4251             container_of(work, struct b43_wldev, restart_work);
4252         struct b43_wl *wl = dev->wl;
4253         int err = 0;
4254         int prev_status;
4255
4256         mutex_lock(&wl->mutex);
4257
4258         prev_status = b43_status(dev);
4259         /* Bring the device down... */
4260         if (prev_status >= B43_STAT_STARTED)
4261                 b43_wireless_core_stop(dev);
4262         if (prev_status >= B43_STAT_INITIALIZED)
4263                 b43_wireless_core_exit(dev);
4264
4265         /* ...and up again. */
4266         if (prev_status >= B43_STAT_INITIALIZED) {
4267                 err = b43_wireless_core_init(dev);
4268                 if (err)
4269                         goto out;
4270         }
4271         if (prev_status >= B43_STAT_STARTED) {
4272                 err = b43_wireless_core_start(dev);
4273                 if (err) {
4274                         b43_wireless_core_exit(dev);
4275                         goto out;
4276                 }
4277         }
4278 out:
4279         if (err)
4280                 wl->current_dev = NULL; /* Failed to init the dev. */
4281         mutex_unlock(&wl->mutex);
4282         if (err)
4283                 b43err(wl, "Controller restart FAILED\n");
4284         else
4285                 b43info(wl, "Controller restarted\n");
4286 }
4287
4288 static int b43_setup_bands(struct b43_wldev *dev,
4289                            bool have_2ghz_phy, bool have_5ghz_phy)
4290 {
4291         struct ieee80211_hw *hw = dev->wl->hw;
4292
4293         if (have_2ghz_phy)
4294                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4295         if (dev->phy.type == B43_PHYTYPE_N) {
4296                 if (have_5ghz_phy)
4297                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4298         } else {
4299                 if (have_5ghz_phy)
4300                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4301         }
4302
4303         dev->phy.supports_2ghz = have_2ghz_phy;
4304         dev->phy.supports_5ghz = have_5ghz_phy;
4305
4306         return 0;
4307 }
4308
4309 static void b43_wireless_core_detach(struct b43_wldev *dev)
4310 {
4311         /* We release firmware that late to not be required to re-request
4312          * is all the time when we reinit the core. */
4313         b43_release_firmware(dev);
4314         b43_phy_free(dev);
4315 }
4316
4317 static int b43_wireless_core_attach(struct b43_wldev *dev)
4318 {
4319         struct b43_wl *wl = dev->wl;
4320         struct ssb_bus *bus = dev->dev->bus;
4321         struct pci_dev *pdev = bus->host_pci;
4322         int err;
4323         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4324         u32 tmp;
4325
4326         /* Do NOT do any device initialization here.
4327          * Do it in wireless_core_init() instead.
4328          * This function is for gathering basic information about the HW, only.
4329          * Also some structs may be set up here. But most likely you want to have
4330          * that in core_init(), too.
4331          */
4332
4333         err = ssb_bus_powerup(bus, 0);
4334         if (err) {
4335                 b43err(wl, "Bus powerup failed\n");
4336                 goto out;
4337         }
4338         /* Get the PHY type. */
4339         if (dev->dev->id.revision >= 5) {
4340                 u32 tmshigh;
4341
4342                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4343                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4344                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4345         } else
4346                 B43_WARN_ON(1);
4347
4348         dev->phy.gmode = have_2ghz_phy;
4349         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4350         b43_wireless_core_reset(dev, tmp);
4351
4352         err = b43_phy_versioning(dev);
4353         if (err)
4354                 goto err_powerdown;
4355         /* Check if this device supports multiband. */
4356         if (!pdev ||
4357             (pdev->device != 0x4312 &&
4358              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4359                 /* No multiband support. */
4360                 have_2ghz_phy = 0;
4361                 have_5ghz_phy = 0;
4362                 switch (dev->phy.type) {
4363                 case B43_PHYTYPE_A:
4364                         have_5ghz_phy = 1;
4365                         break;
4366                 case B43_PHYTYPE_G:
4367                 case B43_PHYTYPE_N:
4368                         have_2ghz_phy = 1;
4369                         break;
4370                 default:
4371                         B43_WARN_ON(1);
4372                 }
4373         }
4374         if (dev->phy.type == B43_PHYTYPE_A) {
4375                 /* FIXME */
4376                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4377                 err = -EOPNOTSUPP;
4378                 goto err_powerdown;
4379         }
4380         if (1 /* disable A-PHY */) {
4381                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4382                 if (dev->phy.type != B43_PHYTYPE_N) {
4383                         have_2ghz_phy = 1;
4384                         have_5ghz_phy = 0;
4385                 }
4386         }
4387
4388         err = b43_phy_allocate(dev);
4389         if (err)
4390                 goto err_powerdown;
4391
4392         dev->phy.gmode = have_2ghz_phy;
4393         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4394         b43_wireless_core_reset(dev, tmp);
4395
4396         err = b43_validate_chipaccess(dev);
4397         if (err)
4398                 goto err_phy_free;
4399         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4400         if (err)
4401                 goto err_phy_free;
4402
4403         /* Now set some default "current_dev" */
4404         if (!wl->current_dev)
4405                 wl->current_dev = dev;
4406         INIT_WORK(&dev->restart_work, b43_chip_reset);
4407
4408         dev->phy.ops->switch_analog(dev, 0);
4409         ssb_device_disable(dev->dev, 0);
4410         ssb_bus_may_powerdown(bus);
4411
4412 out:
4413         return err;
4414
4415 err_phy_free:
4416         b43_phy_free(dev);
4417 err_powerdown:
4418         ssb_bus_may_powerdown(bus);
4419         return err;
4420 }
4421
4422 static void b43_one_core_detach(struct ssb_device *dev)
4423 {
4424         struct b43_wldev *wldev;
4425         struct b43_wl *wl;
4426
4427         /* Do not cancel ieee80211-workqueue based work here.
4428          * See comment in b43_remove(). */
4429
4430         wldev = ssb_get_drvdata(dev);
4431         wl = wldev->wl;
4432         b43_debugfs_remove_device(wldev);
4433         b43_wireless_core_detach(wldev);
4434         list_del(&wldev->list);
4435         wl->nr_devs--;
4436         ssb_set_drvdata(dev, NULL);
4437         kfree(wldev);
4438 }
4439
4440 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4441 {
4442         struct b43_wldev *wldev;
4443         struct pci_dev *pdev;
4444         int err = -ENOMEM;
4445
4446         if (!list_empty(&wl->devlist)) {
4447                 /* We are not the first core on this chip. */
4448                 pdev = dev->bus->host_pci;
4449                 /* Only special chips support more than one wireless
4450                  * core, although some of the other chips have more than
4451                  * one wireless core as well. Check for this and
4452                  * bail out early.
4453                  */
4454                 if (!pdev ||
4455                     ((pdev->device != 0x4321) &&
4456                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4457                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4458                         return -ENODEV;
4459                 }
4460         }
4461
4462         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4463         if (!wldev)
4464                 goto out;
4465
4466         wldev->dev = dev;
4467         wldev->wl = wl;
4468         b43_set_status(wldev, B43_STAT_UNINIT);
4469         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4470         tasklet_init(&wldev->isr_tasklet,
4471                      (void (*)(unsigned long))b43_interrupt_tasklet,
4472                      (unsigned long)wldev);
4473         INIT_LIST_HEAD(&wldev->list);
4474
4475         err = b43_wireless_core_attach(wldev);
4476         if (err)
4477                 goto err_kfree_wldev;
4478
4479         list_add(&wldev->list, &wl->devlist);
4480         wl->nr_devs++;
4481         ssb_set_drvdata(dev, wldev);
4482         b43_debugfs_add_device(wldev);
4483
4484       out:
4485         return err;
4486
4487       err_kfree_wldev:
4488         kfree(wldev);
4489         return err;
4490 }
4491
4492 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4493         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4494         (pdev->device == _device) &&                                    \
4495         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4496         (pdev->subsystem_device == _subdevice)                          )
4497
4498 static void b43_sprom_fixup(struct ssb_bus *bus)
4499 {
4500         struct pci_dev *pdev;
4501
4502         /* boardflags workarounds */
4503         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4504             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4505                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4506         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4507             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4508                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4509         if (bus->bustype == SSB_BUSTYPE_PCI) {
4510                 pdev = bus->host_pci;
4511                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4512                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
4513                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
4514                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4515                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4516                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4517                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4518                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4519         }
4520 }
4521
4522 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4523 {
4524         struct ieee80211_hw *hw = wl->hw;
4525
4526         ssb_set_devtypedata(dev, NULL);
4527         ieee80211_free_hw(hw);
4528 }
4529
4530 static int b43_wireless_init(struct ssb_device *dev)
4531 {
4532         struct ssb_sprom *sprom = &dev->bus->sprom;
4533         struct ieee80211_hw *hw;
4534         struct b43_wl *wl;
4535         int err = -ENOMEM;
4536
4537         b43_sprom_fixup(dev->bus);
4538
4539         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4540         if (!hw) {
4541                 b43err(NULL, "Could not allocate ieee80211 device\n");
4542                 goto out;
4543         }
4544
4545         /* fill hw info */
4546         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4547                     IEEE80211_HW_SIGNAL_DBM |
4548                     IEEE80211_HW_NOISE_DBM;
4549
4550         hw->wiphy->interface_modes =
4551                 BIT(NL80211_IFTYPE_AP) |
4552                 BIT(NL80211_IFTYPE_MESH_POINT) |
4553                 BIT(NL80211_IFTYPE_STATION) |
4554                 BIT(NL80211_IFTYPE_WDS) |
4555                 BIT(NL80211_IFTYPE_ADHOC);
4556
4557         hw->queues = b43_modparam_qos ? 4 : 1;
4558         hw->max_rates = 2;
4559         SET_IEEE80211_DEV(hw, dev->dev);
4560         if (is_valid_ether_addr(sprom->et1mac))
4561                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4562         else
4563                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4564
4565         /* Get and initialize struct b43_wl */
4566         wl = hw_to_b43_wl(hw);
4567         memset(wl, 0, sizeof(*wl));
4568         wl->hw = hw;
4569         spin_lock_init(&wl->irq_lock);
4570         rwlock_init(&wl->tx_lock);
4571         spin_lock_init(&wl->leds_lock);
4572         spin_lock_init(&wl->shm_lock);
4573         mutex_init(&wl->mutex);
4574         INIT_LIST_HEAD(&wl->devlist);
4575         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4576         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4577
4578         ssb_set_devtypedata(dev, wl);
4579         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4580         err = 0;
4581       out:
4582         return err;
4583 }
4584
4585 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4586 {
4587         struct b43_wl *wl;
4588         int err;
4589         int first = 0;
4590
4591         wl = ssb_get_devtypedata(dev);
4592         if (!wl) {
4593                 /* Probing the first core. Must setup common struct b43_wl */
4594                 first = 1;
4595                 err = b43_wireless_init(dev);
4596                 if (err)
4597                         goto out;
4598                 wl = ssb_get_devtypedata(dev);
4599                 B43_WARN_ON(!wl);
4600         }
4601         err = b43_one_core_attach(dev, wl);
4602         if (err)
4603                 goto err_wireless_exit;
4604
4605         if (first) {
4606                 err = ieee80211_register_hw(wl->hw);
4607                 if (err)
4608                         goto err_one_core_detach;
4609         }
4610
4611       out:
4612         return err;
4613
4614       err_one_core_detach:
4615         b43_one_core_detach(dev);
4616       err_wireless_exit:
4617         if (first)
4618                 b43_wireless_exit(dev, wl);
4619         return err;
4620 }
4621
4622 static void b43_remove(struct ssb_device *dev)
4623 {
4624         struct b43_wl *wl = ssb_get_devtypedata(dev);
4625         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4626
4627         /* We must cancel any work here before unregistering from ieee80211,
4628          * as the ieee80211 unreg will destroy the workqueue. */
4629         cancel_work_sync(&wldev->restart_work);
4630
4631         B43_WARN_ON(!wl);
4632         if (wl->current_dev == wldev)
4633                 ieee80211_unregister_hw(wl->hw);
4634
4635         b43_one_core_detach(dev);
4636
4637         if (list_empty(&wl->devlist)) {
4638                 /* Last core on the chip unregistered.
4639                  * We can destroy common struct b43_wl.
4640                  */
4641                 b43_wireless_exit(dev, wl);
4642         }
4643 }
4644
4645 /* Perform a hardware reset. This can be called from any context. */
4646 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4647 {
4648         /* Must avoid requeueing, if we are in shutdown. */
4649         if (b43_status(dev) < B43_STAT_INITIALIZED)
4650                 return;
4651         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4652         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4653 }
4654
4655 #ifdef CONFIG_PM
4656
4657 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4658 {
4659         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4660         struct b43_wl *wl = wldev->wl;
4661
4662         b43dbg(wl, "Suspending...\n");
4663
4664         mutex_lock(&wl->mutex);
4665         wldev->suspend_in_progress = true;
4666         wldev->suspend_init_status = b43_status(wldev);
4667         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4668                 b43_wireless_core_stop(wldev);
4669         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4670                 b43_wireless_core_exit(wldev);
4671         mutex_unlock(&wl->mutex);
4672
4673         b43dbg(wl, "Device suspended.\n");
4674
4675         return 0;
4676 }
4677
4678 static int b43_resume(struct ssb_device *dev)
4679 {
4680         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4681         struct b43_wl *wl = wldev->wl;
4682         int err = 0;
4683
4684         b43dbg(wl, "Resuming...\n");
4685
4686         mutex_lock(&wl->mutex);
4687         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4688                 err = b43_wireless_core_init(wldev);
4689                 if (err) {
4690                         b43err(wl, "Resume failed at core init\n");
4691                         goto out;
4692                 }
4693         }
4694         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4695                 err = b43_wireless_core_start(wldev);
4696                 if (err) {
4697                         b43_leds_exit(wldev);
4698                         b43_rng_exit(wldev->wl);
4699                         b43_wireless_core_exit(wldev);
4700                         b43err(wl, "Resume failed at core start\n");
4701                         goto out;
4702                 }
4703         }
4704         b43dbg(wl, "Device resumed.\n");
4705  out:
4706         wldev->suspend_in_progress = false;
4707         mutex_unlock(&wl->mutex);
4708         return err;
4709 }
4710
4711 #else /* CONFIG_PM */
4712 # define b43_suspend    NULL
4713 # define b43_resume     NULL
4714 #endif /* CONFIG_PM */
4715
4716 static struct ssb_driver b43_ssb_driver = {
4717         .name           = KBUILD_MODNAME,
4718         .id_table       = b43_ssb_tbl,
4719         .probe          = b43_probe,
4720         .remove         = b43_remove,
4721         .suspend        = b43_suspend,
4722         .resume         = b43_resume,
4723 };
4724
4725 static void b43_print_driverinfo(void)
4726 {
4727         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4728                    *feat_leds = "", *feat_rfkill = "";
4729
4730 #ifdef CONFIG_B43_PCI_AUTOSELECT
4731         feat_pci = "P";
4732 #endif
4733 #ifdef CONFIG_B43_PCMCIA
4734         feat_pcmcia = "M";
4735 #endif
4736 #ifdef CONFIG_B43_NPHY
4737         feat_nphy = "N";
4738 #endif
4739 #ifdef CONFIG_B43_LEDS
4740         feat_leds = "L";
4741 #endif
4742 #ifdef CONFIG_B43_RFKILL
4743         feat_rfkill = "R";
4744 #endif
4745         printk(KERN_INFO "Broadcom 43xx driver loaded "
4746                "[ Features: %s%s%s%s%s, Firmware-ID: "
4747                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4748                feat_pci, feat_pcmcia, feat_nphy,
4749                feat_leds, feat_rfkill);
4750 }
4751
4752 static int __init b43_init(void)
4753 {
4754         int err;
4755
4756         b43_debugfs_init();
4757         err = b43_pcmcia_init();
4758         if (err)
4759                 goto err_dfs_exit;
4760         err = ssb_driver_register(&b43_ssb_driver);
4761         if (err)
4762                 goto err_pcmcia_exit;
4763         b43_print_driverinfo();
4764
4765         return err;
4766
4767 err_pcmcia_exit:
4768         b43_pcmcia_exit();
4769 err_dfs_exit:
4770         b43_debugfs_exit();
4771         return err;
4772 }
4773
4774 static void __exit b43_exit(void)
4775 {
4776         ssb_driver_unregister(&b43_ssb_driver);
4777         b43_pcmcia_exit();
4778         b43_debugfs_exit();
4779 }
4780
4781 module_init(b43_init)
4782 module_exit(b43_exit)