3622d76de1e1c9db46bd5d5c4f558a9b1d57d1d1
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
41 #include <linux/io.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
44
45 #include "b43.h"
46 #include "main.h"
47 #include "debugfs.h"
48 #include "phy.h"
49 #include "nphy.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         struct b43_wl *wl = dev->wl;
379         unsigned long flags;
380         u32 ret;
381
382         spin_lock_irqsave(&wl->shm_lock, flags);
383         if (routing == B43_SHM_SHARED) {
384                 B43_WARN_ON(offset & 0x0001);
385                 if (offset & 0x0003) {
386                         /* Unaligned access */
387                         b43_shm_control_word(dev, routing, offset >> 2);
388                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
389                         ret <<= 16;
390                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
391                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
392
393                         goto out;
394                 }
395                 offset >>= 2;
396         }
397         b43_shm_control_word(dev, routing, offset);
398         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
399 out:
400         spin_unlock_irqrestore(&wl->shm_lock, flags);
401
402         return ret;
403 }
404
405 u16 b43_shm_read16(struct b43_wldev * dev, u16 routing, u16 offset)
406 {
407         struct b43_wl *wl = dev->wl;
408         unsigned long flags;
409         u16 ret;
410
411         spin_lock_irqsave(&wl->shm_lock, flags);
412         if (routing == B43_SHM_SHARED) {
413                 B43_WARN_ON(offset & 0x0001);
414                 if (offset & 0x0003) {
415                         /* Unaligned access */
416                         b43_shm_control_word(dev, routing, offset >> 2);
417                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
418
419                         goto out;
420                 }
421                 offset >>= 2;
422         }
423         b43_shm_control_word(dev, routing, offset);
424         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
425 out:
426         spin_unlock_irqrestore(&wl->shm_lock, flags);
427
428         return ret;
429 }
430
431 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
432 {
433         struct b43_wl *wl = dev->wl;
434         unsigned long flags;
435
436         spin_lock_irqsave(&wl->shm_lock, flags);
437         if (routing == B43_SHM_SHARED) {
438                 B43_WARN_ON(offset & 0x0001);
439                 if (offset & 0x0003) {
440                         /* Unaligned access */
441                         b43_shm_control_word(dev, routing, offset >> 2);
442                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
443                                     (value >> 16) & 0xffff);
444                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
445                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
446                         goto out;
447                 }
448                 offset >>= 2;
449         }
450         b43_shm_control_word(dev, routing, offset);
451         b43_write32(dev, B43_MMIO_SHM_DATA, value);
452 out:
453         spin_unlock_irqrestore(&wl->shm_lock, flags);
454 }
455
456 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
457 {
458         struct b43_wl *wl = dev->wl;
459         unsigned long flags;
460
461         spin_lock_irqsave(&wl->shm_lock, flags);
462         if (routing == B43_SHM_SHARED) {
463                 B43_WARN_ON(offset & 0x0001);
464                 if (offset & 0x0003) {
465                         /* Unaligned access */
466                         b43_shm_control_word(dev, routing, offset >> 2);
467                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
468                         goto out;
469                 }
470                 offset >>= 2;
471         }
472         b43_shm_control_word(dev, routing, offset);
473         b43_write16(dev, B43_MMIO_SHM_DATA, value);
474 out:
475         spin_unlock_irqrestore(&wl->shm_lock, flags);
476 }
477
478 /* Read HostFlags */
479 u64 b43_hf_read(struct b43_wldev * dev)
480 {
481         u64 ret;
482
483         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
484         ret <<= 16;
485         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
486         ret <<= 16;
487         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
488
489         return ret;
490 }
491
492 /* Write HostFlags */
493 void b43_hf_write(struct b43_wldev *dev, u64 value)
494 {
495         u16 lo, mi, hi;
496
497         lo = (value & 0x00000000FFFFULL);
498         mi = (value & 0x0000FFFF0000ULL) >> 16;
499         hi = (value & 0xFFFF00000000ULL) >> 32;
500         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
501         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
502         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
503 }
504
505 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
506 {
507         /* We need to be careful. As we read the TSF from multiple
508          * registers, we should take care of register overflows.
509          * In theory, the whole tsf read process should be atomic.
510          * We try to be atomic here, by restaring the read process,
511          * if any of the high registers changed (overflew).
512          */
513         if (dev->dev->id.revision >= 3) {
514                 u32 low, high, high2;
515
516                 do {
517                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
518                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
519                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
520                 } while (unlikely(high != high2));
521
522                 *tsf = high;
523                 *tsf <<= 32;
524                 *tsf |= low;
525         } else {
526                 u64 tmp;
527                 u16 v0, v1, v2, v3;
528                 u16 test1, test2, test3;
529
530                 do {
531                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
532                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
533                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
534                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
535
536                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
537                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
538                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
539                 } while (v3 != test3 || v2 != test2 || v1 != test1);
540
541                 *tsf = v3;
542                 *tsf <<= 48;
543                 tmp = v2;
544                 tmp <<= 32;
545                 *tsf |= tmp;
546                 tmp = v1;
547                 tmp <<= 16;
548                 *tsf |= tmp;
549                 *tsf |= v0;
550         }
551 }
552
553 static void b43_time_lock(struct b43_wldev *dev)
554 {
555         u32 macctl;
556
557         macctl = b43_read32(dev, B43_MMIO_MACCTL);
558         macctl |= B43_MACCTL_TBTTHOLD;
559         b43_write32(dev, B43_MMIO_MACCTL, macctl);
560         /* Commit the write */
561         b43_read32(dev, B43_MMIO_MACCTL);
562 }
563
564 static void b43_time_unlock(struct b43_wldev *dev)
565 {
566         u32 macctl;
567
568         macctl = b43_read32(dev, B43_MMIO_MACCTL);
569         macctl &= ~B43_MACCTL_TBTTHOLD;
570         b43_write32(dev, B43_MMIO_MACCTL, macctl);
571         /* Commit the write */
572         b43_read32(dev, B43_MMIO_MACCTL);
573 }
574
575 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
576 {
577         /* Be careful with the in-progress timer.
578          * First zero out the low register, so we have a full
579          * register-overflow duration to complete the operation.
580          */
581         if (dev->dev->id.revision >= 3) {
582                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
583                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
584
585                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
586                 mmiowb();
587                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
588                 mmiowb();
589                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
590         } else {
591                 u16 v0 = (tsf & 0x000000000000FFFFULL);
592                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
593                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
594                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
595
596                 b43_write16(dev, B43_MMIO_TSF_0, 0);
597                 mmiowb();
598                 b43_write16(dev, B43_MMIO_TSF_3, v3);
599                 mmiowb();
600                 b43_write16(dev, B43_MMIO_TSF_2, v2);
601                 mmiowb();
602                 b43_write16(dev, B43_MMIO_TSF_1, v1);
603                 mmiowb();
604                 b43_write16(dev, B43_MMIO_TSF_0, v0);
605         }
606 }
607
608 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
609 {
610         b43_time_lock(dev);
611         b43_tsf_write_locked(dev, tsf);
612         b43_time_unlock(dev);
613 }
614
615 static
616 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
617 {
618         static const u8 zero_addr[ETH_ALEN] = { 0 };
619         u16 data;
620
621         if (!mac)
622                 mac = zero_addr;
623
624         offset |= 0x0020;
625         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
626
627         data = mac[0];
628         data |= mac[1] << 8;
629         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
630         data = mac[2];
631         data |= mac[3] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[4];
634         data |= mac[5] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636 }
637
638 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
639 {
640         const u8 *mac;
641         const u8 *bssid;
642         u8 mac_bssid[ETH_ALEN * 2];
643         int i;
644         u32 tmp;
645
646         bssid = dev->wl->bssid;
647         mac = dev->wl->mac_addr;
648
649         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
650
651         memcpy(mac_bssid, mac, ETH_ALEN);
652         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
653
654         /* Write our MAC address and BSSID to template ram */
655         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
656                 tmp = (u32) (mac_bssid[i + 0]);
657                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
658                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
659                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
660                 b43_ram_write(dev, 0x20 + i, tmp);
661         }
662 }
663
664 static void b43_upload_card_macaddress(struct b43_wldev *dev)
665 {
666         b43_write_mac_bssid_templates(dev);
667         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
668 }
669
670 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
671 {
672         /* slot_time is in usec. */
673         if (dev->phy.type != B43_PHYTYPE_G)
674                 return;
675         b43_write16(dev, 0x684, 510 + slot_time);
676         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
677 }
678
679 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
680 {
681         b43_set_slot_time(dev, 9);
682         dev->short_slot = 1;
683 }
684
685 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
686 {
687         b43_set_slot_time(dev, 20);
688         dev->short_slot = 0;
689 }
690
691 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
692  * Returns the _previously_ enabled IRQ mask.
693  */
694 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
695 {
696         u32 old_mask;
697
698         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
699         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
700
701         return old_mask;
702 }
703
704 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
705  * Returns the _previously_ enabled IRQ mask.
706  */
707 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
708 {
709         u32 old_mask;
710
711         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
712         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
713
714         return old_mask;
715 }
716
717 /* Synchronize IRQ top- and bottom-half.
718  * IRQs must be masked before calling this.
719  * This must not be called with the irq_lock held.
720  */
721 static void b43_synchronize_irq(struct b43_wldev *dev)
722 {
723         synchronize_irq(dev->dev->irq);
724         tasklet_kill(&dev->isr_tasklet);
725 }
726
727 /* DummyTransmission function, as documented on
728  * http://bcm-specs.sipsolutions.net/DummyTransmission
729  */
730 void b43_dummy_transmission(struct b43_wldev *dev)
731 {
732         struct b43_wl *wl = dev->wl;
733         struct b43_phy *phy = &dev->phy;
734         unsigned int i, max_loop;
735         u16 value;
736         u32 buffer[5] = {
737                 0x00000000,
738                 0x00D40000,
739                 0x00000000,
740                 0x01000000,
741                 0x00000000,
742         };
743
744         switch (phy->type) {
745         case B43_PHYTYPE_A:
746                 max_loop = 0x1E;
747                 buffer[0] = 0x000201CC;
748                 break;
749         case B43_PHYTYPE_B:
750         case B43_PHYTYPE_G:
751                 max_loop = 0xFA;
752                 buffer[0] = 0x000B846E;
753                 break;
754         default:
755                 B43_WARN_ON(1);
756                 return;
757         }
758
759         spin_lock_irq(&wl->irq_lock);
760         write_lock(&wl->tx_lock);
761
762         for (i = 0; i < 5; i++)
763                 b43_ram_write(dev, i * 4, buffer[i]);
764
765         /* Commit writes */
766         b43_read32(dev, B43_MMIO_MACCTL);
767
768         b43_write16(dev, 0x0568, 0x0000);
769         b43_write16(dev, 0x07C0, 0x0000);
770         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
771         b43_write16(dev, 0x050C, value);
772         b43_write16(dev, 0x0508, 0x0000);
773         b43_write16(dev, 0x050A, 0x0000);
774         b43_write16(dev, 0x054C, 0x0000);
775         b43_write16(dev, 0x056A, 0x0014);
776         b43_write16(dev, 0x0568, 0x0826);
777         b43_write16(dev, 0x0500, 0x0000);
778         b43_write16(dev, 0x0502, 0x0030);
779
780         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
781                 b43_radio_write16(dev, 0x0051, 0x0017);
782         for (i = 0x00; i < max_loop; i++) {
783                 value = b43_read16(dev, 0x050E);
784                 if (value & 0x0080)
785                         break;
786                 udelay(10);
787         }
788         for (i = 0x00; i < 0x0A; i++) {
789                 value = b43_read16(dev, 0x050E);
790                 if (value & 0x0400)
791                         break;
792                 udelay(10);
793         }
794         for (i = 0x00; i < 0x0A; i++) {
795                 value = b43_read16(dev, 0x0690);
796                 if (!(value & 0x0100))
797                         break;
798                 udelay(10);
799         }
800         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
801                 b43_radio_write16(dev, 0x0051, 0x0037);
802
803         write_unlock(&wl->tx_lock);
804         spin_unlock_irq(&wl->irq_lock);
805 }
806
807 static void key_write(struct b43_wldev *dev,
808                       u8 index, u8 algorithm, const u8 * key)
809 {
810         unsigned int i;
811         u32 offset;
812         u16 value;
813         u16 kidx;
814
815         /* Key index/algo block */
816         kidx = b43_kidx_to_fw(dev, index);
817         value = ((kidx << 4) | algorithm);
818         b43_shm_write16(dev, B43_SHM_SHARED,
819                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
820
821         /* Write the key to the Key Table Pointer offset */
822         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
823         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
824                 value = key[i];
825                 value |= (u16) (key[i + 1]) << 8;
826                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
827         }
828 }
829
830 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
831 {
832         u32 addrtmp[2] = { 0, 0, };
833         u8 per_sta_keys_start = 8;
834
835         if (b43_new_kidx_api(dev))
836                 per_sta_keys_start = 4;
837
838         B43_WARN_ON(index < per_sta_keys_start);
839         /* We have two default TX keys and possibly two default RX keys.
840          * Physical mac 0 is mapped to physical key 4 or 8, depending
841          * on the firmware version.
842          * So we must adjust the index here.
843          */
844         index -= per_sta_keys_start;
845
846         if (addr) {
847                 addrtmp[0] = addr[0];
848                 addrtmp[0] |= ((u32) (addr[1]) << 8);
849                 addrtmp[0] |= ((u32) (addr[2]) << 16);
850                 addrtmp[0] |= ((u32) (addr[3]) << 24);
851                 addrtmp[1] = addr[4];
852                 addrtmp[1] |= ((u32) (addr[5]) << 8);
853         }
854
855         if (dev->dev->id.revision >= 5) {
856                 /* Receive match transmitter address mechanism */
857                 b43_shm_write32(dev, B43_SHM_RCMTA,
858                                 (index * 2) + 0, addrtmp[0]);
859                 b43_shm_write16(dev, B43_SHM_RCMTA,
860                                 (index * 2) + 1, addrtmp[1]);
861         } else {
862                 /* RXE (Receive Engine) and
863                  * PSM (Programmable State Machine) mechanism
864                  */
865                 if (index < 8) {
866                         /* TODO write to RCM 16, 19, 22 and 25 */
867                 } else {
868                         b43_shm_write32(dev, B43_SHM_SHARED,
869                                         B43_SHM_SH_PSM + (index * 6) + 0,
870                                         addrtmp[0]);
871                         b43_shm_write16(dev, B43_SHM_SHARED,
872                                         B43_SHM_SH_PSM + (index * 6) + 4,
873                                         addrtmp[1]);
874                 }
875         }
876 }
877
878 static void do_key_write(struct b43_wldev *dev,
879                          u8 index, u8 algorithm,
880                          const u8 * key, size_t key_len, const u8 * mac_addr)
881 {
882         u8 buf[B43_SEC_KEYSIZE] = { 0, };
883         u8 per_sta_keys_start = 8;
884
885         if (b43_new_kidx_api(dev))
886                 per_sta_keys_start = 4;
887
888         B43_WARN_ON(index >= dev->max_nr_keys);
889         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
890
891         if (index >= per_sta_keys_start)
892                 keymac_write(dev, index, NULL); /* First zero out mac. */
893         if (key)
894                 memcpy(buf, key, key_len);
895         key_write(dev, index, algorithm, buf);
896         if (index >= per_sta_keys_start)
897                 keymac_write(dev, index, mac_addr);
898
899         dev->key[index].algorithm = algorithm;
900 }
901
902 static int b43_key_write(struct b43_wldev *dev,
903                          int index, u8 algorithm,
904                          const u8 * key, size_t key_len,
905                          const u8 * mac_addr,
906                          struct ieee80211_key_conf *keyconf)
907 {
908         int i;
909         int sta_keys_start;
910
911         if (key_len > B43_SEC_KEYSIZE)
912                 return -EINVAL;
913         for (i = 0; i < dev->max_nr_keys; i++) {
914                 /* Check that we don't already have this key. */
915                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
916         }
917         if (index < 0) {
918                 /* Either pairwise key or address is 00:00:00:00:00:00
919                  * for transmit-only keys. Search the index. */
920                 if (b43_new_kidx_api(dev))
921                         sta_keys_start = 4;
922                 else
923                         sta_keys_start = 8;
924                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
925                         if (!dev->key[i].keyconf) {
926                                 /* found empty */
927                                 index = i;
928                                 break;
929                         }
930                 }
931                 if (index < 0) {
932                         b43err(dev->wl, "Out of hardware key memory\n");
933                         return -ENOSPC;
934                 }
935         } else
936                 B43_WARN_ON(index > 3);
937
938         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
939         if ((index <= 3) && !b43_new_kidx_api(dev)) {
940                 /* Default RX key */
941                 B43_WARN_ON(mac_addr);
942                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
943         }
944         keyconf->hw_key_idx = index;
945         dev->key[index].keyconf = keyconf;
946
947         return 0;
948 }
949
950 static int b43_key_clear(struct b43_wldev *dev, int index)
951 {
952         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
953                 return -EINVAL;
954         do_key_write(dev, index, B43_SEC_ALGO_NONE,
955                      NULL, B43_SEC_KEYSIZE, NULL);
956         if ((index <= 3) && !b43_new_kidx_api(dev)) {
957                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
958                              NULL, B43_SEC_KEYSIZE, NULL);
959         }
960         dev->key[index].keyconf = NULL;
961
962         return 0;
963 }
964
965 static void b43_clear_keys(struct b43_wldev *dev)
966 {
967         int i;
968
969         for (i = 0; i < dev->max_nr_keys; i++)
970                 b43_key_clear(dev, i);
971 }
972
973 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
974 {
975         u32 macctl;
976         u16 ucstat;
977         bool hwps;
978         bool awake;
979         int i;
980
981         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
982                     (ps_flags & B43_PS_DISABLED));
983         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
984
985         if (ps_flags & B43_PS_ENABLED) {
986                 hwps = 1;
987         } else if (ps_flags & B43_PS_DISABLED) {
988                 hwps = 0;
989         } else {
990                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
991                 //      and thus is not an AP and we are associated, set bit 25
992         }
993         if (ps_flags & B43_PS_AWAKE) {
994                 awake = 1;
995         } else if (ps_flags & B43_PS_ASLEEP) {
996                 awake = 0;
997         } else {
998                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
999                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1000                 //      successful, set bit26
1001         }
1002
1003 /* FIXME: For now we force awake-on and hwps-off */
1004         hwps = 0;
1005         awake = 1;
1006
1007         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1008         if (hwps)
1009                 macctl |= B43_MACCTL_HWPS;
1010         else
1011                 macctl &= ~B43_MACCTL_HWPS;
1012         if (awake)
1013                 macctl |= B43_MACCTL_AWAKE;
1014         else
1015                 macctl &= ~B43_MACCTL_AWAKE;
1016         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1017         /* Commit write */
1018         b43_read32(dev, B43_MMIO_MACCTL);
1019         if (awake && dev->dev->id.revision >= 5) {
1020                 /* Wait for the microcode to wake up. */
1021                 for (i = 0; i < 100; i++) {
1022                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1023                                                 B43_SHM_SH_UCODESTAT);
1024                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1025                                 break;
1026                         udelay(10);
1027                 }
1028         }
1029 }
1030
1031 /* Turn the Analog ON/OFF */
1032 static void b43_switch_analog(struct b43_wldev *dev, int on)
1033 {
1034         switch (dev->phy.type) {
1035         case B43_PHYTYPE_A:
1036         case B43_PHYTYPE_G:
1037                 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1038                 break;
1039         case B43_PHYTYPE_N:
1040                 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1041                               on ? 0 : 0x7FFF);
1042                 break;
1043         default:
1044                 B43_WARN_ON(1);
1045         }
1046 }
1047
1048 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1049 {
1050         u32 tmslow;
1051         u32 macctl;
1052
1053         flags |= B43_TMSLOW_PHYCLKEN;
1054         flags |= B43_TMSLOW_PHYRESET;
1055         ssb_device_enable(dev->dev, flags);
1056         msleep(2);              /* Wait for the PLL to turn on. */
1057
1058         /* Now take the PHY out of Reset again */
1059         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1060         tmslow |= SSB_TMSLOW_FGC;
1061         tmslow &= ~B43_TMSLOW_PHYRESET;
1062         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1063         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1064         msleep(1);
1065         tmslow &= ~SSB_TMSLOW_FGC;
1066         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1067         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1068         msleep(1);
1069
1070         /* Turn Analog ON */
1071         b43_switch_analog(dev, 1);
1072
1073         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1074         macctl &= ~B43_MACCTL_GMODE;
1075         if (flags & B43_TMSLOW_GMODE)
1076                 macctl |= B43_MACCTL_GMODE;
1077         macctl |= B43_MACCTL_IHR_ENABLED;
1078         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1079 }
1080
1081 static void handle_irq_transmit_status(struct b43_wldev *dev)
1082 {
1083         u32 v0, v1;
1084         u16 tmp;
1085         struct b43_txstatus stat;
1086
1087         while (1) {
1088                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1089                 if (!(v0 & 0x00000001))
1090                         break;
1091                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1092
1093                 stat.cookie = (v0 >> 16);
1094                 stat.seq = (v1 & 0x0000FFFF);
1095                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1096                 tmp = (v0 & 0x0000FFFF);
1097                 stat.frame_count = ((tmp & 0xF000) >> 12);
1098                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1099                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1100                 stat.pm_indicated = !!(tmp & 0x0080);
1101                 stat.intermediate = !!(tmp & 0x0040);
1102                 stat.for_ampdu = !!(tmp & 0x0020);
1103                 stat.acked = !!(tmp & 0x0002);
1104
1105                 b43_handle_txstatus(dev, &stat);
1106         }
1107 }
1108
1109 static void drain_txstatus_queue(struct b43_wldev *dev)
1110 {
1111         u32 dummy;
1112
1113         if (dev->dev->id.revision < 5)
1114                 return;
1115         /* Read all entries from the microcode TXstatus FIFO
1116          * and throw them away.
1117          */
1118         while (1) {
1119                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1120                 if (!(dummy & 0x00000001))
1121                         break;
1122                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1123         }
1124 }
1125
1126 static u32 b43_jssi_read(struct b43_wldev *dev)
1127 {
1128         u32 val = 0;
1129
1130         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1131         val <<= 16;
1132         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1133
1134         return val;
1135 }
1136
1137 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1138 {
1139         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1140         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1141 }
1142
1143 static void b43_generate_noise_sample(struct b43_wldev *dev)
1144 {
1145         b43_jssi_write(dev, 0x7F7F7F7F);
1146         b43_write32(dev, B43_MMIO_MACCMD,
1147                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1148         B43_WARN_ON(dev->noisecalc.channel_at_start != dev->phy.channel);
1149 }
1150
1151 static void b43_calculate_link_quality(struct b43_wldev *dev)
1152 {
1153         /* Top half of Link Quality calculation. */
1154
1155         if (dev->noisecalc.calculation_running)
1156                 return;
1157         dev->noisecalc.channel_at_start = dev->phy.channel;
1158         dev->noisecalc.calculation_running = 1;
1159         dev->noisecalc.nr_samples = 0;
1160
1161         b43_generate_noise_sample(dev);
1162 }
1163
1164 static void handle_irq_noise(struct b43_wldev *dev)
1165 {
1166         struct b43_phy *phy = &dev->phy;
1167         u16 tmp;
1168         u8 noise[4];
1169         u8 i, j;
1170         s32 average;
1171
1172         /* Bottom half of Link Quality calculation. */
1173
1174         B43_WARN_ON(!dev->noisecalc.calculation_running);
1175         if (dev->noisecalc.channel_at_start != phy->channel)
1176                 goto drop_calculation;
1177         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1178         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1179             noise[2] == 0x7F || noise[3] == 0x7F)
1180                 goto generate_new;
1181
1182         /* Get the noise samples. */
1183         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1184         i = dev->noisecalc.nr_samples;
1185         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1186         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1187         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1188         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1189         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1190         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1191         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1192         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1193         dev->noisecalc.nr_samples++;
1194         if (dev->noisecalc.nr_samples == 8) {
1195                 /* Calculate the Link Quality by the noise samples. */
1196                 average = 0;
1197                 for (i = 0; i < 8; i++) {
1198                         for (j = 0; j < 4; j++)
1199                                 average += dev->noisecalc.samples[i][j];
1200                 }
1201                 average /= (8 * 4);
1202                 average *= 125;
1203                 average += 64;
1204                 average /= 128;
1205                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1206                 tmp = (tmp / 128) & 0x1F;
1207                 if (tmp >= 8)
1208                         average += 2;
1209                 else
1210                         average -= 25;
1211                 if (tmp == 8)
1212                         average -= 72;
1213                 else
1214                         average -= 48;
1215
1216                 dev->stats.link_noise = average;
1217               drop_calculation:
1218                 dev->noisecalc.calculation_running = 0;
1219                 return;
1220         }
1221       generate_new:
1222         b43_generate_noise_sample(dev);
1223 }
1224
1225 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1226 {
1227         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1228                 ///TODO: PS TBTT
1229         } else {
1230                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1231                         b43_power_saving_ctl_bits(dev, 0);
1232         }
1233         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1234                 dev->dfq_valid = 1;
1235 }
1236
1237 static void handle_irq_atim_end(struct b43_wldev *dev)
1238 {
1239         if (dev->dfq_valid) {
1240                 b43_write32(dev, B43_MMIO_MACCMD,
1241                             b43_read32(dev, B43_MMIO_MACCMD)
1242                             | B43_MACCMD_DFQ_VALID);
1243                 dev->dfq_valid = 0;
1244         }
1245 }
1246
1247 static void handle_irq_pmq(struct b43_wldev *dev)
1248 {
1249         u32 tmp;
1250
1251         //TODO: AP mode.
1252
1253         while (1) {
1254                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1255                 if (!(tmp & 0x00000008))
1256                         break;
1257         }
1258         /* 16bit write is odd, but correct. */
1259         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1260 }
1261
1262 static void b43_write_template_common(struct b43_wldev *dev,
1263                                       const u8 * data, u16 size,
1264                                       u16 ram_offset,
1265                                       u16 shm_size_offset, u8 rate)
1266 {
1267         u32 i, tmp;
1268         struct b43_plcp_hdr4 plcp;
1269
1270         plcp.data = 0;
1271         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1272         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1273         ram_offset += sizeof(u32);
1274         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1275          * So leave the first two bytes of the next write blank.
1276          */
1277         tmp = (u32) (data[0]) << 16;
1278         tmp |= (u32) (data[1]) << 24;
1279         b43_ram_write(dev, ram_offset, tmp);
1280         ram_offset += sizeof(u32);
1281         for (i = 2; i < size; i += sizeof(u32)) {
1282                 tmp = (u32) (data[i + 0]);
1283                 if (i + 1 < size)
1284                         tmp |= (u32) (data[i + 1]) << 8;
1285                 if (i + 2 < size)
1286                         tmp |= (u32) (data[i + 2]) << 16;
1287                 if (i + 3 < size)
1288                         tmp |= (u32) (data[i + 3]) << 24;
1289                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1290         }
1291         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1292                         size + sizeof(struct b43_plcp_hdr6));
1293 }
1294
1295 /* Check if the use of the antenna that ieee80211 told us to
1296  * use is possible. This will fall back to DEFAULT.
1297  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1298 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1299                                   u8 antenna_nr)
1300 {
1301         u8 antenna_mask;
1302
1303         if (antenna_nr == 0) {
1304                 /* Zero means "use default antenna". That's always OK. */
1305                 return 0;
1306         }
1307
1308         /* Get the mask of available antennas. */
1309         if (dev->phy.gmode)
1310                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1311         else
1312                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1313
1314         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1315                 /* This antenna is not available. Fall back to default. */
1316                 return 0;
1317         }
1318
1319         return antenna_nr;
1320 }
1321
1322 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1323 {
1324         antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1325         switch (antenna) {
1326         case 0:         /* default/diversity */
1327                 return B43_ANTENNA_DEFAULT;
1328         case 1:         /* Antenna 0 */
1329                 return B43_ANTENNA0;
1330         case 2:         /* Antenna 1 */
1331                 return B43_ANTENNA1;
1332         case 3:         /* Antenna 2 */
1333                 return B43_ANTENNA2;
1334         case 4:         /* Antenna 3 */
1335                 return B43_ANTENNA3;
1336         default:
1337                 return B43_ANTENNA_DEFAULT;
1338         }
1339 }
1340
1341 /* Convert a b43 antenna number value to the PHY TX control value. */
1342 static u16 b43_antenna_to_phyctl(int antenna)
1343 {
1344         switch (antenna) {
1345         case B43_ANTENNA0:
1346                 return B43_TXH_PHY_ANT0;
1347         case B43_ANTENNA1:
1348                 return B43_TXH_PHY_ANT1;
1349         case B43_ANTENNA2:
1350                 return B43_TXH_PHY_ANT2;
1351         case B43_ANTENNA3:
1352                 return B43_TXH_PHY_ANT3;
1353         case B43_ANTENNA_AUTO:
1354                 return B43_TXH_PHY_ANT01AUTO;
1355         }
1356         B43_WARN_ON(1);
1357         return 0;
1358 }
1359
1360 static void b43_write_beacon_template(struct b43_wldev *dev,
1361                                       u16 ram_offset,
1362                                       u16 shm_size_offset)
1363 {
1364         unsigned int i, len, variable_len;
1365         const struct ieee80211_mgmt *bcn;
1366         const u8 *ie;
1367         bool tim_found = 0;
1368         unsigned int rate;
1369         u16 ctl;
1370         int antenna;
1371         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1372
1373         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1374         len = min((size_t) dev->wl->current_beacon->len,
1375                   0x200 - sizeof(struct b43_plcp_hdr6));
1376         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1377
1378         b43_write_template_common(dev, (const u8 *)bcn,
1379                                   len, ram_offset, shm_size_offset, rate);
1380
1381         /* Write the PHY TX control parameters. */
1382         antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1383         antenna = b43_antenna_to_phyctl(antenna);
1384         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1385         /* We can't send beacons with short preamble. Would get PHY errors. */
1386         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1387         ctl &= ~B43_TXH_PHY_ANT;
1388         ctl &= ~B43_TXH_PHY_ENC;
1389         ctl |= antenna;
1390         if (b43_is_cck_rate(rate))
1391                 ctl |= B43_TXH_PHY_ENC_CCK;
1392         else
1393                 ctl |= B43_TXH_PHY_ENC_OFDM;
1394         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1395
1396         /* Find the position of the TIM and the DTIM_period value
1397          * and write them to SHM. */
1398         ie = bcn->u.beacon.variable;
1399         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1400         for (i = 0; i < variable_len - 2; ) {
1401                 uint8_t ie_id, ie_len;
1402
1403                 ie_id = ie[i];
1404                 ie_len = ie[i + 1];
1405                 if (ie_id == 5) {
1406                         u16 tim_position;
1407                         u16 dtim_period;
1408                         /* This is the TIM Information Element */
1409
1410                         /* Check whether the ie_len is in the beacon data range. */
1411                         if (variable_len < ie_len + 2 + i)
1412                                 break;
1413                         /* A valid TIM is at least 4 bytes long. */
1414                         if (ie_len < 4)
1415                                 break;
1416                         tim_found = 1;
1417
1418                         tim_position = sizeof(struct b43_plcp_hdr6);
1419                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1420                         tim_position += i;
1421
1422                         dtim_period = ie[i + 3];
1423
1424                         b43_shm_write16(dev, B43_SHM_SHARED,
1425                                         B43_SHM_SH_TIMBPOS, tim_position);
1426                         b43_shm_write16(dev, B43_SHM_SHARED,
1427                                         B43_SHM_SH_DTIMPER, dtim_period);
1428                         break;
1429                 }
1430                 i += ie_len + 2;
1431         }
1432         if (!tim_found) {
1433                 b43warn(dev->wl, "Did not find a valid TIM IE in "
1434                         "the beacon template packet. AP or IBSS operation "
1435                         "may be broken.\n");
1436         } else
1437                 b43dbg(dev->wl, "Updated beacon template\n");
1438 }
1439
1440 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1441                                       u16 shm_offset, u16 size,
1442                                       struct ieee80211_rate *rate)
1443 {
1444         struct b43_plcp_hdr4 plcp;
1445         u32 tmp;
1446         __le16 dur;
1447
1448         plcp.data = 0;
1449         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1450         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1451                                                dev->wl->vif, size,
1452                                                rate);
1453         /* Write PLCP in two parts and timing for packet transfer */
1454         tmp = le32_to_cpu(plcp.data);
1455         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1456         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1457         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1458 }
1459
1460 /* Instead of using custom probe response template, this function
1461  * just patches custom beacon template by:
1462  * 1) Changing packet type
1463  * 2) Patching duration field
1464  * 3) Stripping TIM
1465  */
1466 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1467                                           u16 *dest_size,
1468                                           struct ieee80211_rate *rate)
1469 {
1470         const u8 *src_data;
1471         u8 *dest_data;
1472         u16 src_size, elem_size, src_pos, dest_pos;
1473         __le16 dur;
1474         struct ieee80211_hdr *hdr;
1475         size_t ie_start;
1476
1477         src_size = dev->wl->current_beacon->len;
1478         src_data = (const u8 *)dev->wl->current_beacon->data;
1479
1480         /* Get the start offset of the variable IEs in the packet. */
1481         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1482         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1483
1484         if (B43_WARN_ON(src_size < ie_start))
1485                 return NULL;
1486
1487         dest_data = kmalloc(src_size, GFP_ATOMIC);
1488         if (unlikely(!dest_data))
1489                 return NULL;
1490
1491         /* Copy the static data and all Information Elements, except the TIM. */
1492         memcpy(dest_data, src_data, ie_start);
1493         src_pos = ie_start;
1494         dest_pos = ie_start;
1495         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1496                 elem_size = src_data[src_pos + 1] + 2;
1497                 if (src_data[src_pos] == 5) {
1498                         /* This is the TIM. */
1499                         continue;
1500                 }
1501                 memcpy(dest_data + dest_pos, src_data + src_pos,
1502                        elem_size);
1503                 dest_pos += elem_size;
1504         }
1505         *dest_size = dest_pos;
1506         hdr = (struct ieee80211_hdr *)dest_data;
1507
1508         /* Set the frame control. */
1509         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1510                                          IEEE80211_STYPE_PROBE_RESP);
1511         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1512                                                dev->wl->vif, *dest_size,
1513                                                rate);
1514         hdr->duration_id = dur;
1515
1516         return dest_data;
1517 }
1518
1519 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1520                                           u16 ram_offset,
1521                                           u16 shm_size_offset,
1522                                           struct ieee80211_rate *rate)
1523 {
1524         const u8 *probe_resp_data;
1525         u16 size;
1526
1527         size = dev->wl->current_beacon->len;
1528         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1529         if (unlikely(!probe_resp_data))
1530                 return;
1531
1532         /* Looks like PLCP headers plus packet timings are stored for
1533          * all possible basic rates
1534          */
1535         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1536         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1537         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1538         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1539
1540         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1541         b43_write_template_common(dev, probe_resp_data,
1542                                   size, ram_offset, shm_size_offset,
1543                                   rate->hw_value);
1544         kfree(probe_resp_data);
1545 }
1546
1547 static void handle_irq_beacon(struct b43_wldev *dev)
1548 {
1549         struct b43_wl *wl = dev->wl;
1550         u32 cmd, beacon0_valid, beacon1_valid;
1551
1552         if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
1553                 return;
1554
1555         /* This is the bottom half of the asynchronous beacon update. */
1556
1557         /* Ignore interrupt in the future. */
1558         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1559
1560         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1561         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1562         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1563
1564         /* Schedule interrupt manually, if busy. */
1565         if (beacon0_valid && beacon1_valid) {
1566                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1567                 dev->irq_savedstate |= B43_IRQ_BEACON;
1568                 return;
1569         }
1570
1571         if (!beacon0_valid) {
1572                 if (!wl->beacon0_uploaded) {
1573                         b43_write_beacon_template(dev, 0x68, 0x18);
1574                         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1575                                                       &__b43_ratetable[3]);
1576                         wl->beacon0_uploaded = 1;
1577                 }
1578                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1579                 cmd |= B43_MACCMD_BEACON0_VALID;
1580                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1581         } else if (!beacon1_valid) {
1582                 if (!wl->beacon1_uploaded) {
1583                         b43_write_beacon_template(dev, 0x468, 0x1A);
1584                         wl->beacon1_uploaded = 1;
1585                 }
1586                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1587                 cmd |= B43_MACCMD_BEACON1_VALID;
1588                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1589         }
1590 }
1591
1592 static void b43_beacon_update_trigger_work(struct work_struct *work)
1593 {
1594         struct b43_wl *wl = container_of(work, struct b43_wl,
1595                                          beacon_update_trigger);
1596         struct b43_wldev *dev;
1597
1598         mutex_lock(&wl->mutex);
1599         dev = wl->current_dev;
1600         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1601                 spin_lock_irq(&wl->irq_lock);
1602                 /* update beacon right away or defer to irq */
1603                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1604                 handle_irq_beacon(dev);
1605                 /* The handler might have updated the IRQ mask. */
1606                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1607                             dev->irq_savedstate);
1608                 mmiowb();
1609                 spin_unlock_irq(&wl->irq_lock);
1610         }
1611         mutex_unlock(&wl->mutex);
1612 }
1613
1614 /* Asynchronously update the packet templates in template RAM.
1615  * Locking: Requires wl->irq_lock to be locked. */
1616 static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon)
1617 {
1618         /* This is the top half of the ansynchronous beacon update.
1619          * The bottom half is the beacon IRQ.
1620          * Beacon update must be asynchronous to avoid sending an
1621          * invalid beacon. This can happen for example, if the firmware
1622          * transmits a beacon while we are updating it. */
1623
1624         if (wl->current_beacon)
1625                 dev_kfree_skb_any(wl->current_beacon);
1626         wl->current_beacon = beacon;
1627         wl->beacon0_uploaded = 0;
1628         wl->beacon1_uploaded = 0;
1629         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1630 }
1631
1632 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1633 {
1634         u32 tmp;
1635         u16 i, len;
1636
1637         len = min((u16) ssid_len, (u16) 0x100);
1638         for (i = 0; i < len; i += sizeof(u32)) {
1639                 tmp = (u32) (ssid[i + 0]);
1640                 if (i + 1 < len)
1641                         tmp |= (u32) (ssid[i + 1]) << 8;
1642                 if (i + 2 < len)
1643                         tmp |= (u32) (ssid[i + 2]) << 16;
1644                 if (i + 3 < len)
1645                         tmp |= (u32) (ssid[i + 3]) << 24;
1646                 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1647         }
1648         b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1649 }
1650
1651 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1652 {
1653         b43_time_lock(dev);
1654         if (dev->dev->id.revision >= 3) {
1655                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1656                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1657         } else {
1658                 b43_write16(dev, 0x606, (beacon_int >> 6));
1659                 b43_write16(dev, 0x610, beacon_int);
1660         }
1661         b43_time_unlock(dev);
1662         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1663 }
1664
1665 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1666 {
1667         //TODO
1668 }
1669
1670 /* Interrupt handler bottom-half */
1671 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1672 {
1673         u32 reason;
1674         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1675         u32 merged_dma_reason = 0;
1676         int i;
1677         unsigned long flags;
1678
1679         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1680
1681         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1682
1683         reason = dev->irq_reason;
1684         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1685                 dma_reason[i] = dev->dma_reason[i];
1686                 merged_dma_reason |= dma_reason[i];
1687         }
1688
1689         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1690                 b43err(dev->wl, "MAC transmission error\n");
1691
1692         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1693                 b43err(dev->wl, "PHY transmission error\n");
1694                 rmb();
1695                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1696                         atomic_set(&dev->phy.txerr_cnt,
1697                                    B43_PHY_TX_BADNESS_LIMIT);
1698                         b43err(dev->wl, "Too many PHY TX errors, "
1699                                         "restarting the controller\n");
1700                         b43_controller_restart(dev, "PHY TX errors");
1701                 }
1702         }
1703
1704         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1705                                           B43_DMAIRQ_NONFATALMASK))) {
1706                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1707                         b43err(dev->wl, "Fatal DMA error: "
1708                                "0x%08X, 0x%08X, 0x%08X, "
1709                                "0x%08X, 0x%08X, 0x%08X\n",
1710                                dma_reason[0], dma_reason[1],
1711                                dma_reason[2], dma_reason[3],
1712                                dma_reason[4], dma_reason[5]);
1713                         b43_controller_restart(dev, "DMA error");
1714                         mmiowb();
1715                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1716                         return;
1717                 }
1718                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1719                         b43err(dev->wl, "DMA error: "
1720                                "0x%08X, 0x%08X, 0x%08X, "
1721                                "0x%08X, 0x%08X, 0x%08X\n",
1722                                dma_reason[0], dma_reason[1],
1723                                dma_reason[2], dma_reason[3],
1724                                dma_reason[4], dma_reason[5]);
1725                 }
1726         }
1727
1728         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1729                 handle_irq_ucode_debug(dev);
1730         if (reason & B43_IRQ_TBTT_INDI)
1731                 handle_irq_tbtt_indication(dev);
1732         if (reason & B43_IRQ_ATIM_END)
1733                 handle_irq_atim_end(dev);
1734         if (reason & B43_IRQ_BEACON)
1735                 handle_irq_beacon(dev);
1736         if (reason & B43_IRQ_PMQ)
1737                 handle_irq_pmq(dev);
1738         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1739                 ;/* TODO */
1740         if (reason & B43_IRQ_NOISESAMPLE_OK)
1741                 handle_irq_noise(dev);
1742
1743         /* Check the DMA reason registers for received data. */
1744         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1745                 if (b43_using_pio_transfers(dev))
1746                         b43_pio_rx(dev->pio.rx_queue);
1747                 else
1748                         b43_dma_rx(dev->dma.rx_ring);
1749         }
1750         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1751         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1752         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1753         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1754         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1755
1756         if (reason & B43_IRQ_TX_OK)
1757                 handle_irq_transmit_status(dev);
1758
1759         b43_interrupt_enable(dev, dev->irq_savedstate);
1760         mmiowb();
1761         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1762 }
1763
1764 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1765 {
1766         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1767
1768         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1769         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1770         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1771         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1772         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1773         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1774 }
1775
1776 /* Interrupt handler top-half */
1777 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1778 {
1779         irqreturn_t ret = IRQ_NONE;
1780         struct b43_wldev *dev = dev_id;
1781         u32 reason;
1782
1783         if (!dev)
1784                 return IRQ_NONE;
1785
1786         spin_lock(&dev->wl->irq_lock);
1787
1788         if (b43_status(dev) < B43_STAT_STARTED)
1789                 goto out;
1790         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1791         if (reason == 0xffffffff)       /* shared IRQ */
1792                 goto out;
1793         ret = IRQ_HANDLED;
1794         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1795         if (!reason)
1796                 goto out;
1797
1798         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1799             & 0x0001DC00;
1800         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1801             & 0x0000DC00;
1802         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1803             & 0x0000DC00;
1804         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1805             & 0x0001DC00;
1806         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1807             & 0x0000DC00;
1808         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1809             & 0x0000DC00;
1810
1811         b43_interrupt_ack(dev, reason);
1812         /* disable all IRQs. They are enabled again in the bottom half. */
1813         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1814         /* save the reason code and call our bottom half. */
1815         dev->irq_reason = reason;
1816         tasklet_schedule(&dev->isr_tasklet);
1817       out:
1818         mmiowb();
1819         spin_unlock(&dev->wl->irq_lock);
1820
1821         return ret;
1822 }
1823
1824 static void do_release_fw(struct b43_firmware_file *fw)
1825 {
1826         release_firmware(fw->data);
1827         fw->data = NULL;
1828         fw->filename = NULL;
1829 }
1830
1831 static void b43_release_firmware(struct b43_wldev *dev)
1832 {
1833         do_release_fw(&dev->fw.ucode);
1834         do_release_fw(&dev->fw.pcm);
1835         do_release_fw(&dev->fw.initvals);
1836         do_release_fw(&dev->fw.initvals_band);
1837 }
1838
1839 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1840 {
1841         const char *text;
1842
1843         text = "You must go to "
1844                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1845                "and download the latest firmware (version 4).\n";
1846         if (error)
1847                 b43err(wl, text);
1848         else
1849                 b43warn(wl, text);
1850 }
1851
1852 static int do_request_fw(struct b43_wldev *dev,
1853                          const char *name,
1854                          struct b43_firmware_file *fw)
1855 {
1856         char path[sizeof(modparam_fwpostfix) + 32];
1857         const struct firmware *blob;
1858         struct b43_fw_header *hdr;
1859         u32 size;
1860         int err;
1861
1862         if (!name) {
1863                 /* Don't fetch anything. Free possibly cached firmware. */
1864                 do_release_fw(fw);
1865                 return 0;
1866         }
1867         if (fw->filename) {
1868                 if (strcmp(fw->filename, name) == 0)
1869                         return 0; /* Already have this fw. */
1870                 /* Free the cached firmware first. */
1871                 do_release_fw(fw);
1872         }
1873
1874         snprintf(path, ARRAY_SIZE(path),
1875                  "b43%s/%s.fw",
1876                  modparam_fwpostfix, name);
1877         err = request_firmware(&blob, path, dev->dev->dev);
1878         if (err) {
1879                 b43err(dev->wl, "Firmware file \"%s\" not found "
1880                        "or load failed.\n", path);
1881                 return err;
1882         }
1883         if (blob->size < sizeof(struct b43_fw_header))
1884                 goto err_format;
1885         hdr = (struct b43_fw_header *)(blob->data);
1886         switch (hdr->type) {
1887         case B43_FW_TYPE_UCODE:
1888         case B43_FW_TYPE_PCM:
1889                 size = be32_to_cpu(hdr->size);
1890                 if (size != blob->size - sizeof(struct b43_fw_header))
1891                         goto err_format;
1892                 /* fallthrough */
1893         case B43_FW_TYPE_IV:
1894                 if (hdr->ver != 1)
1895                         goto err_format;
1896                 break;
1897         default:
1898                 goto err_format;
1899         }
1900
1901         fw->data = blob;
1902         fw->filename = name;
1903
1904         return 0;
1905
1906 err_format:
1907         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
1908         release_firmware(blob);
1909
1910         return -EPROTO;
1911 }
1912
1913 static int b43_request_firmware(struct b43_wldev *dev)
1914 {
1915         struct b43_firmware *fw = &dev->fw;
1916         const u8 rev = dev->dev->id.revision;
1917         const char *filename;
1918         u32 tmshigh;
1919         int err;
1920
1921         /* Get microcode */
1922         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
1923         if ((rev >= 5) && (rev <= 10))
1924                 filename = "ucode5";
1925         else if ((rev >= 11) && (rev <= 12))
1926                 filename = "ucode11";
1927         else if (rev >= 13)
1928                 filename = "ucode13";
1929         else
1930                 goto err_no_ucode;
1931         err = do_request_fw(dev, filename, &fw->ucode);
1932         if (err)
1933                 goto err_load;
1934
1935         /* Get PCM code */
1936         if ((rev >= 5) && (rev <= 10))
1937                 filename = "pcm5";
1938         else if (rev >= 11)
1939                 filename = NULL;
1940         else
1941                 goto err_no_pcm;
1942         err = do_request_fw(dev, filename, &fw->pcm);
1943         if (err)
1944                 goto err_load;
1945
1946         /* Get initvals */
1947         switch (dev->phy.type) {
1948         case B43_PHYTYPE_A:
1949                 if ((rev >= 5) && (rev <= 10)) {
1950                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1951                                 filename = "a0g1initvals5";
1952                         else
1953                                 filename = "a0g0initvals5";
1954                 } else
1955                         goto err_no_initvals;
1956                 break;
1957         case B43_PHYTYPE_G:
1958                 if ((rev >= 5) && (rev <= 10))
1959                         filename = "b0g0initvals5";
1960                 else if (rev >= 13)
1961                         filename = "lp0initvals13";
1962                 else
1963                         goto err_no_initvals;
1964                 break;
1965         case B43_PHYTYPE_N:
1966                 if ((rev >= 11) && (rev <= 12))
1967                         filename = "n0initvals11";
1968                 else
1969                         goto err_no_initvals;
1970                 break;
1971         default:
1972                 goto err_no_initvals;
1973         }
1974         err = do_request_fw(dev, filename, &fw->initvals);
1975         if (err)
1976                 goto err_load;
1977
1978         /* Get bandswitch initvals */
1979         switch (dev->phy.type) {
1980         case B43_PHYTYPE_A:
1981                 if ((rev >= 5) && (rev <= 10)) {
1982                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1983                                 filename = "a0g1bsinitvals5";
1984                         else
1985                                 filename = "a0g0bsinitvals5";
1986                 } else if (rev >= 11)
1987                         filename = NULL;
1988                 else
1989                         goto err_no_initvals;
1990                 break;
1991         case B43_PHYTYPE_G:
1992                 if ((rev >= 5) && (rev <= 10))
1993                         filename = "b0g0bsinitvals5";
1994                 else if (rev >= 11)
1995                         filename = NULL;
1996                 else
1997                         goto err_no_initvals;
1998                 break;
1999         case B43_PHYTYPE_N:
2000                 if ((rev >= 11) && (rev <= 12))
2001                         filename = "n0bsinitvals11";
2002                 else
2003                         goto err_no_initvals;
2004                 break;
2005         default:
2006                 goto err_no_initvals;
2007         }
2008         err = do_request_fw(dev, filename, &fw->initvals_band);
2009         if (err)
2010                 goto err_load;
2011
2012         return 0;
2013
2014 err_load:
2015         b43_print_fw_helptext(dev->wl, 1);
2016         goto error;
2017
2018 err_no_ucode:
2019         err = -ENODEV;
2020         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2021         goto error;
2022
2023 err_no_pcm:
2024         err = -ENODEV;
2025         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2026         goto error;
2027
2028 err_no_initvals:
2029         err = -ENODEV;
2030         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2031                "core rev %u\n", dev->phy.type, rev);
2032         goto error;
2033
2034 error:
2035         b43_release_firmware(dev);
2036         return err;
2037 }
2038
2039 static int b43_upload_microcode(struct b43_wldev *dev)
2040 {
2041         const size_t hdr_len = sizeof(struct b43_fw_header);
2042         const __be32 *data;
2043         unsigned int i, len;
2044         u16 fwrev, fwpatch, fwdate, fwtime;
2045         u32 tmp, macctl;
2046         int err = 0;
2047
2048         /* Jump the microcode PSM to offset 0 */
2049         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2050         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2051         macctl |= B43_MACCTL_PSM_JMP0;
2052         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2053         /* Zero out all microcode PSM registers and shared memory. */
2054         for (i = 0; i < 64; i++)
2055                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2056         for (i = 0; i < 4096; i += 2)
2057                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2058
2059         /* Upload Microcode. */
2060         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2061         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2062         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2063         for (i = 0; i < len; i++) {
2064                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2065                 udelay(10);
2066         }
2067
2068         if (dev->fw.pcm.data) {
2069                 /* Upload PCM data. */
2070                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2071                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2072                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2073                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2074                 /* No need for autoinc bit in SHM_HW */
2075                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2076                 for (i = 0; i < len; i++) {
2077                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2078                         udelay(10);
2079                 }
2080         }
2081
2082         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2083
2084         /* Start the microcode PSM */
2085         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2086         macctl &= ~B43_MACCTL_PSM_JMP0;
2087         macctl |= B43_MACCTL_PSM_RUN;
2088         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2089
2090         /* Wait for the microcode to load and respond */
2091         i = 0;
2092         while (1) {
2093                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2094                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2095                         break;
2096                 i++;
2097                 if (i >= 20) {
2098                         b43err(dev->wl, "Microcode not responding\n");
2099                         b43_print_fw_helptext(dev->wl, 1);
2100                         err = -ENODEV;
2101                         goto error;
2102                 }
2103                 msleep_interruptible(50);
2104                 if (signal_pending(current)) {
2105                         err = -EINTR;
2106                         goto error;
2107                 }
2108         }
2109         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2110
2111         /* Get and check the revisions. */
2112         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2113         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2114         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2115         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2116
2117         if (fwrev <= 0x128) {
2118                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2119                        "binary drivers older than version 4.x is unsupported. "
2120                        "You must upgrade your firmware files.\n");
2121                 b43_print_fw_helptext(dev->wl, 1);
2122                 err = -EOPNOTSUPP;
2123                 goto error;
2124         }
2125         b43info(dev->wl, "Loading firmware version %u.%u "
2126                 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2127                 fwrev, fwpatch,
2128                 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2129                 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2130
2131         dev->fw.rev = fwrev;
2132         dev->fw.patch = fwpatch;
2133
2134         if (b43_is_old_txhdr_format(dev)) {
2135                 b43warn(dev->wl, "You are using an old firmware image. "
2136                         "Support for old firmware will be removed in July 2008.\n");
2137                 b43_print_fw_helptext(dev->wl, 0);
2138         }
2139
2140         return 0;
2141
2142 error:
2143         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2144         macctl &= ~B43_MACCTL_PSM_RUN;
2145         macctl |= B43_MACCTL_PSM_JMP0;
2146         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2147
2148         return err;
2149 }
2150
2151 static int b43_write_initvals(struct b43_wldev *dev,
2152                               const struct b43_iv *ivals,
2153                               size_t count,
2154                               size_t array_size)
2155 {
2156         const struct b43_iv *iv;
2157         u16 offset;
2158         size_t i;
2159         bool bit32;
2160
2161         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2162         iv = ivals;
2163         for (i = 0; i < count; i++) {
2164                 if (array_size < sizeof(iv->offset_size))
2165                         goto err_format;
2166                 array_size -= sizeof(iv->offset_size);
2167                 offset = be16_to_cpu(iv->offset_size);
2168                 bit32 = !!(offset & B43_IV_32BIT);
2169                 offset &= B43_IV_OFFSET_MASK;
2170                 if (offset >= 0x1000)
2171                         goto err_format;
2172                 if (bit32) {
2173                         u32 value;
2174
2175                         if (array_size < sizeof(iv->data.d32))
2176                                 goto err_format;
2177                         array_size -= sizeof(iv->data.d32);
2178
2179                         value = get_unaligned_be32(&iv->data.d32);
2180                         b43_write32(dev, offset, value);
2181
2182                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2183                                                         sizeof(__be16) +
2184                                                         sizeof(__be32));
2185                 } else {
2186                         u16 value;
2187
2188                         if (array_size < sizeof(iv->data.d16))
2189                                 goto err_format;
2190                         array_size -= sizeof(iv->data.d16);
2191
2192                         value = be16_to_cpu(iv->data.d16);
2193                         b43_write16(dev, offset, value);
2194
2195                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2196                                                         sizeof(__be16) +
2197                                                         sizeof(__be16));
2198                 }
2199         }
2200         if (array_size)
2201                 goto err_format;
2202
2203         return 0;
2204
2205 err_format:
2206         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2207         b43_print_fw_helptext(dev->wl, 1);
2208
2209         return -EPROTO;
2210 }
2211
2212 static int b43_upload_initvals(struct b43_wldev *dev)
2213 {
2214         const size_t hdr_len = sizeof(struct b43_fw_header);
2215         const struct b43_fw_header *hdr;
2216         struct b43_firmware *fw = &dev->fw;
2217         const struct b43_iv *ivals;
2218         size_t count;
2219         int err;
2220
2221         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2222         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2223         count = be32_to_cpu(hdr->size);
2224         err = b43_write_initvals(dev, ivals, count,
2225                                  fw->initvals.data->size - hdr_len);
2226         if (err)
2227                 goto out;
2228         if (fw->initvals_band.data) {
2229                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2230                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2231                 count = be32_to_cpu(hdr->size);
2232                 err = b43_write_initvals(dev, ivals, count,
2233                                          fw->initvals_band.data->size - hdr_len);
2234                 if (err)
2235                         goto out;
2236         }
2237 out:
2238
2239         return err;
2240 }
2241
2242 /* Initialize the GPIOs
2243  * http://bcm-specs.sipsolutions.net/GPIO
2244  */
2245 static int b43_gpio_init(struct b43_wldev *dev)
2246 {
2247         struct ssb_bus *bus = dev->dev->bus;
2248         struct ssb_device *gpiodev, *pcidev = NULL;
2249         u32 mask, set;
2250
2251         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2252                     & ~B43_MACCTL_GPOUTSMSK);
2253
2254         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2255                     | 0x000F);
2256
2257         mask = 0x0000001F;
2258         set = 0x0000000F;
2259         if (dev->dev->bus->chip_id == 0x4301) {
2260                 mask |= 0x0060;
2261                 set |= 0x0060;
2262         }
2263         if (0 /* FIXME: conditional unknown */ ) {
2264                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2265                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2266                             | 0x0100);
2267                 mask |= 0x0180;
2268                 set |= 0x0180;
2269         }
2270         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2271                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2272                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2273                             | 0x0200);
2274                 mask |= 0x0200;
2275                 set |= 0x0200;
2276         }
2277         if (dev->dev->id.revision >= 2)
2278                 mask |= 0x0010; /* FIXME: This is redundant. */
2279
2280 #ifdef CONFIG_SSB_DRIVER_PCICORE
2281         pcidev = bus->pcicore.dev;
2282 #endif
2283         gpiodev = bus->chipco.dev ? : pcidev;
2284         if (!gpiodev)
2285                 return 0;
2286         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2287                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2288                      & mask) | set);
2289
2290         return 0;
2291 }
2292
2293 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2294 static void b43_gpio_cleanup(struct b43_wldev *dev)
2295 {
2296         struct ssb_bus *bus = dev->dev->bus;
2297         struct ssb_device *gpiodev, *pcidev = NULL;
2298
2299 #ifdef CONFIG_SSB_DRIVER_PCICORE
2300         pcidev = bus->pcicore.dev;
2301 #endif
2302         gpiodev = bus->chipco.dev ? : pcidev;
2303         if (!gpiodev)
2304                 return;
2305         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2306 }
2307
2308 /* http://bcm-specs.sipsolutions.net/EnableMac */
2309 void b43_mac_enable(struct b43_wldev *dev)
2310 {
2311         dev->mac_suspended--;
2312         B43_WARN_ON(dev->mac_suspended < 0);
2313         if (dev->mac_suspended == 0) {
2314                 b43_write32(dev, B43_MMIO_MACCTL,
2315                             b43_read32(dev, B43_MMIO_MACCTL)
2316                             | B43_MACCTL_ENABLED);
2317                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2318                             B43_IRQ_MAC_SUSPENDED);
2319                 /* Commit writes */
2320                 b43_read32(dev, B43_MMIO_MACCTL);
2321                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2322                 b43_power_saving_ctl_bits(dev, 0);
2323         }
2324 }
2325
2326 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2327 void b43_mac_suspend(struct b43_wldev *dev)
2328 {
2329         int i;
2330         u32 tmp;
2331
2332         might_sleep();
2333         B43_WARN_ON(dev->mac_suspended < 0);
2334
2335         if (dev->mac_suspended == 0) {
2336                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2337                 b43_write32(dev, B43_MMIO_MACCTL,
2338                             b43_read32(dev, B43_MMIO_MACCTL)
2339                             & ~B43_MACCTL_ENABLED);
2340                 /* force pci to flush the write */
2341                 b43_read32(dev, B43_MMIO_MACCTL);
2342                 for (i = 35; i; i--) {
2343                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2344                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2345                                 goto out;
2346                         udelay(10);
2347                 }
2348                 /* Hm, it seems this will take some time. Use msleep(). */
2349                 for (i = 40; i; i--) {
2350                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2351                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2352                                 goto out;
2353                         msleep(1);
2354                 }
2355                 b43err(dev->wl, "MAC suspend failed\n");
2356         }
2357 out:
2358         dev->mac_suspended++;
2359 }
2360
2361 static void b43_adjust_opmode(struct b43_wldev *dev)
2362 {
2363         struct b43_wl *wl = dev->wl;
2364         u32 ctl;
2365         u16 cfp_pretbtt;
2366
2367         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2368         /* Reset status to STA infrastructure mode. */
2369         ctl &= ~B43_MACCTL_AP;
2370         ctl &= ~B43_MACCTL_KEEP_CTL;
2371         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2372         ctl &= ~B43_MACCTL_KEEP_BAD;
2373         ctl &= ~B43_MACCTL_PROMISC;
2374         ctl &= ~B43_MACCTL_BEACPROMISC;
2375         ctl |= B43_MACCTL_INFRA;
2376
2377         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
2378                 ctl |= B43_MACCTL_AP;
2379         else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2380                 ctl &= ~B43_MACCTL_INFRA;
2381
2382         if (wl->filter_flags & FIF_CONTROL)
2383                 ctl |= B43_MACCTL_KEEP_CTL;
2384         if (wl->filter_flags & FIF_FCSFAIL)
2385                 ctl |= B43_MACCTL_KEEP_BAD;
2386         if (wl->filter_flags & FIF_PLCPFAIL)
2387                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2388         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2389                 ctl |= B43_MACCTL_PROMISC;
2390         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2391                 ctl |= B43_MACCTL_BEACPROMISC;
2392
2393         /* Workaround: On old hardware the HW-MAC-address-filter
2394          * doesn't work properly, so always run promisc in filter
2395          * it in software. */
2396         if (dev->dev->id.revision <= 4)
2397                 ctl |= B43_MACCTL_PROMISC;
2398
2399         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2400
2401         cfp_pretbtt = 2;
2402         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2403                 if (dev->dev->bus->chip_id == 0x4306 &&
2404                     dev->dev->bus->chip_rev == 3)
2405                         cfp_pretbtt = 100;
2406                 else
2407                         cfp_pretbtt = 50;
2408         }
2409         b43_write16(dev, 0x612, cfp_pretbtt);
2410 }
2411
2412 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2413 {
2414         u16 offset;
2415
2416         if (is_ofdm) {
2417                 offset = 0x480;
2418                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2419         } else {
2420                 offset = 0x4C0;
2421                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2422         }
2423         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2424                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2425 }
2426
2427 static void b43_rate_memory_init(struct b43_wldev *dev)
2428 {
2429         switch (dev->phy.type) {
2430         case B43_PHYTYPE_A:
2431         case B43_PHYTYPE_G:
2432         case B43_PHYTYPE_N:
2433                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2434                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2435                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2436                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2437                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2438                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2439                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2440                 if (dev->phy.type == B43_PHYTYPE_A)
2441                         break;
2442                 /* fallthrough */
2443         case B43_PHYTYPE_B:
2444                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2445                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2446                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2447                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2448                 break;
2449         default:
2450                 B43_WARN_ON(1);
2451         }
2452 }
2453
2454 /* Set the default values for the PHY TX Control Words. */
2455 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2456 {
2457         u16 ctl = 0;
2458
2459         ctl |= B43_TXH_PHY_ENC_CCK;
2460         ctl |= B43_TXH_PHY_ANT01AUTO;
2461         ctl |= B43_TXH_PHY_TXPWR;
2462
2463         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2464         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2465         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2466 }
2467
2468 /* Set the TX-Antenna for management frames sent by firmware. */
2469 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2470 {
2471         u16 ant;
2472         u16 tmp;
2473
2474         ant = b43_antenna_to_phyctl(antenna);
2475
2476         /* For ACK/CTS */
2477         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2478         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2479         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2480         /* For Probe Resposes */
2481         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2482         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2483         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2484 }
2485
2486 /* This is the opposite of b43_chip_init() */
2487 static void b43_chip_exit(struct b43_wldev *dev)
2488 {
2489         b43_radio_turn_off(dev, 1);
2490         b43_gpio_cleanup(dev);
2491         b43_lo_g_cleanup(dev);
2492         /* firmware is released later */
2493 }
2494
2495 /* Initialize the chip
2496  * http://bcm-specs.sipsolutions.net/ChipInit
2497  */
2498 static int b43_chip_init(struct b43_wldev *dev)
2499 {
2500         struct b43_phy *phy = &dev->phy;
2501         int err, tmp;
2502         u32 value32, macctl;
2503         u16 value16;
2504
2505         /* Initialize the MAC control */
2506         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2507         if (dev->phy.gmode)
2508                 macctl |= B43_MACCTL_GMODE;
2509         macctl |= B43_MACCTL_INFRA;
2510         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2511
2512         err = b43_request_firmware(dev);
2513         if (err)
2514                 goto out;
2515         err = b43_upload_microcode(dev);
2516         if (err)
2517                 goto out;       /* firmware is released later */
2518
2519         err = b43_gpio_init(dev);
2520         if (err)
2521                 goto out;       /* firmware is released later */
2522
2523         err = b43_upload_initvals(dev);
2524         if (err)
2525                 goto err_gpio_clean;
2526         b43_radio_turn_on(dev);
2527
2528         b43_write16(dev, 0x03E6, 0x0000);
2529         err = b43_phy_init(dev);
2530         if (err)
2531                 goto err_radio_off;
2532
2533         /* Select initial Interference Mitigation. */
2534         tmp = phy->interfmode;
2535         phy->interfmode = B43_INTERFMODE_NONE;
2536         b43_radio_set_interference_mitigation(dev, tmp);
2537
2538         b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2539         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2540
2541         if (phy->type == B43_PHYTYPE_B) {
2542                 value16 = b43_read16(dev, 0x005E);
2543                 value16 |= 0x0004;
2544                 b43_write16(dev, 0x005E, value16);
2545         }
2546         b43_write32(dev, 0x0100, 0x01000000);
2547         if (dev->dev->id.revision < 5)
2548                 b43_write32(dev, 0x010C, 0x01000000);
2549
2550         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2551                     & ~B43_MACCTL_INFRA);
2552         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2553                     | B43_MACCTL_INFRA);
2554
2555         /* Probe Response Timeout value */
2556         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2557         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2558
2559         /* Initially set the wireless operation mode. */
2560         b43_adjust_opmode(dev);
2561
2562         if (dev->dev->id.revision < 3) {
2563                 b43_write16(dev, 0x060E, 0x0000);
2564                 b43_write16(dev, 0x0610, 0x8000);
2565                 b43_write16(dev, 0x0604, 0x0000);
2566                 b43_write16(dev, 0x0606, 0x0200);
2567         } else {
2568                 b43_write32(dev, 0x0188, 0x80000000);
2569                 b43_write32(dev, 0x018C, 0x02000000);
2570         }
2571         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2572         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2573         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2574         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2575         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2576         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2577         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2578
2579         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2580         value32 |= 0x00100000;
2581         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2582
2583         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2584                     dev->dev->bus->chipco.fast_pwrup_delay);
2585
2586         err = 0;
2587         b43dbg(dev->wl, "Chip initialized\n");
2588 out:
2589         return err;
2590
2591 err_radio_off:
2592         b43_radio_turn_off(dev, 1);
2593 err_gpio_clean:
2594         b43_gpio_cleanup(dev);
2595         return err;
2596 }
2597
2598 static void b43_periodic_every60sec(struct b43_wldev *dev)
2599 {
2600         struct b43_phy *phy = &dev->phy;
2601
2602         if (phy->type != B43_PHYTYPE_G)
2603                 return;
2604         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2605                 b43_mac_suspend(dev);
2606                 b43_calc_nrssi_slope(dev);
2607                 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2608                         u8 old_chan = phy->channel;
2609
2610                         /* VCO Calibration */
2611                         if (old_chan >= 8)
2612                                 b43_radio_selectchannel(dev, 1, 0);
2613                         else
2614                                 b43_radio_selectchannel(dev, 13, 0);
2615                         b43_radio_selectchannel(dev, old_chan, 0);
2616                 }
2617                 b43_mac_enable(dev);
2618         }
2619 }
2620
2621 static void b43_periodic_every30sec(struct b43_wldev *dev)
2622 {
2623         /* Update device statistics. */
2624         b43_calculate_link_quality(dev);
2625 }
2626
2627 static void b43_periodic_every15sec(struct b43_wldev *dev)
2628 {
2629         struct b43_phy *phy = &dev->phy;
2630
2631         if (phy->type == B43_PHYTYPE_G) {
2632                 //TODO: update_aci_moving_average
2633                 if (phy->aci_enable && phy->aci_wlan_automatic) {
2634                         b43_mac_suspend(dev);
2635                         if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2636                                 if (0 /*TODO: bunch of conditions */ ) {
2637                                         b43_radio_set_interference_mitigation
2638                                             (dev, B43_INTERFMODE_MANUALWLAN);
2639                                 }
2640                         } else if (1 /*TODO*/) {
2641                                 /*
2642                                    if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2643                                    b43_radio_set_interference_mitigation(dev,
2644                                    B43_INTERFMODE_NONE);
2645                                    }
2646                                  */
2647                         }
2648                         b43_mac_enable(dev);
2649                 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2650                            phy->rev == 1) {
2651                         //TODO: implement rev1 workaround
2652                 }
2653         }
2654         b43_phy_xmitpower(dev); //FIXME: unless scanning?
2655         b43_lo_g_maintanance_work(dev);
2656         //TODO for APHY (temperature?)
2657
2658         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2659         wmb();
2660 }
2661
2662 static void do_periodic_work(struct b43_wldev *dev)
2663 {
2664         unsigned int state;
2665
2666         state = dev->periodic_state;
2667         if (state % 4 == 0)
2668                 b43_periodic_every60sec(dev);
2669         if (state % 2 == 0)
2670                 b43_periodic_every30sec(dev);
2671         b43_periodic_every15sec(dev);
2672 }
2673
2674 /* Periodic work locking policy:
2675  *      The whole periodic work handler is protected by
2676  *      wl->mutex. If another lock is needed somewhere in the
2677  *      pwork callchain, it's aquired in-place, where it's needed.
2678  */
2679 static void b43_periodic_work_handler(struct work_struct *work)
2680 {
2681         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2682                                              periodic_work.work);
2683         struct b43_wl *wl = dev->wl;
2684         unsigned long delay;
2685
2686         mutex_lock(&wl->mutex);
2687
2688         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2689                 goto out;
2690         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2691                 goto out_requeue;
2692
2693         do_periodic_work(dev);
2694
2695         dev->periodic_state++;
2696 out_requeue:
2697         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2698                 delay = msecs_to_jiffies(50);
2699         else
2700                 delay = round_jiffies_relative(HZ * 15);
2701         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2702 out:
2703         mutex_unlock(&wl->mutex);
2704 }
2705
2706 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2707 {
2708         struct delayed_work *work = &dev->periodic_work;
2709
2710         dev->periodic_state = 0;
2711         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2712         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2713 }
2714
2715 /* Check if communication with the device works correctly. */
2716 static int b43_validate_chipaccess(struct b43_wldev *dev)
2717 {
2718         u32 v, backup;
2719
2720         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2721
2722         /* Check for read/write and endianness problems. */
2723         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2724         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2725                 goto error;
2726         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2727         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2728                 goto error;
2729
2730         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2731
2732         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2733                 /* The 32bit register shadows the two 16bit registers
2734                  * with update sideeffects. Validate this. */
2735                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2736                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2737                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2738                         goto error;
2739                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2740                         goto error;
2741         }
2742         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2743
2744         v = b43_read32(dev, B43_MMIO_MACCTL);
2745         v |= B43_MACCTL_GMODE;
2746         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2747                 goto error;
2748
2749         return 0;
2750 error:
2751         b43err(dev->wl, "Failed to validate the chipaccess\n");
2752         return -ENODEV;
2753 }
2754
2755 static void b43_security_init(struct b43_wldev *dev)
2756 {
2757         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2758         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2759         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2760         /* KTP is a word address, but we address SHM bytewise.
2761          * So multiply by two.
2762          */
2763         dev->ktp *= 2;
2764         if (dev->dev->id.revision >= 5) {
2765                 /* Number of RCMTA address slots */
2766                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2767         }
2768         b43_clear_keys(dev);
2769 }
2770
2771 static int b43_rng_read(struct hwrng *rng, u32 * data)
2772 {
2773         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2774         unsigned long flags;
2775
2776         /* Don't take wl->mutex here, as it could deadlock with
2777          * hwrng internal locking. It's not needed to take
2778          * wl->mutex here, anyway. */
2779
2780         spin_lock_irqsave(&wl->irq_lock, flags);
2781         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2782         spin_unlock_irqrestore(&wl->irq_lock, flags);
2783
2784         return (sizeof(u16));
2785 }
2786
2787 static void b43_rng_exit(struct b43_wl *wl)
2788 {
2789         if (wl->rng_initialized)
2790                 hwrng_unregister(&wl->rng);
2791 }
2792
2793 static int b43_rng_init(struct b43_wl *wl)
2794 {
2795         int err;
2796
2797         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2798                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2799         wl->rng.name = wl->rng_name;
2800         wl->rng.data_read = b43_rng_read;
2801         wl->rng.priv = (unsigned long)wl;
2802         wl->rng_initialized = 1;
2803         err = hwrng_register(&wl->rng);
2804         if (err) {
2805                 wl->rng_initialized = 0;
2806                 b43err(wl, "Failed to register the random "
2807                        "number generator (%d)\n", err);
2808         }
2809
2810         return err;
2811 }
2812
2813 static int b43_op_tx(struct ieee80211_hw *hw,
2814                      struct sk_buff *skb)
2815 {
2816         struct b43_wl *wl = hw_to_b43_wl(hw);
2817         struct b43_wldev *dev = wl->current_dev;
2818         unsigned long flags;
2819         int err;
2820
2821         if (unlikely(skb->len < 2 + 2 + 6)) {
2822                 /* Too short, this can't be a valid frame. */
2823                 dev_kfree_skb_any(skb);
2824                 return NETDEV_TX_OK;
2825         }
2826         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2827         if (unlikely(!dev))
2828                 return NETDEV_TX_BUSY;
2829
2830         /* Transmissions on seperate queues can run concurrently. */
2831         read_lock_irqsave(&wl->tx_lock, flags);
2832
2833         err = -ENODEV;
2834         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2835                 if (b43_using_pio_transfers(dev))
2836                         err = b43_pio_tx(dev, skb);
2837                 else
2838                         err = b43_dma_tx(dev, skb);
2839         }
2840
2841         read_unlock_irqrestore(&wl->tx_lock, flags);
2842
2843         if (unlikely(err))
2844                 return NETDEV_TX_BUSY;
2845         return NETDEV_TX_OK;
2846 }
2847
2848 /* Locking: wl->irq_lock */
2849 static void b43_qos_params_upload(struct b43_wldev *dev,
2850                                   const struct ieee80211_tx_queue_params *p,
2851                                   u16 shm_offset)
2852 {
2853         u16 params[B43_NR_QOSPARAMS];
2854         int cw_min, cw_max, aifs, bslots, tmp;
2855         unsigned int i;
2856
2857         const u16 aCWmin = 0x0001;
2858         const u16 aCWmax = 0x03FF;
2859
2860         /* Calculate the default values for the parameters, if needed. */
2861         switch (shm_offset) {
2862         case B43_QOS_VOICE:
2863                 aifs = (p->aifs == -1) ? 2 : p->aifs;
2864                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
2865                 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
2866                 break;
2867         case B43_QOS_VIDEO:
2868                 aifs = (p->aifs == -1) ? 2 : p->aifs;
2869                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
2870                 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
2871                 break;
2872         case B43_QOS_BESTEFFORT:
2873                 aifs = (p->aifs == -1) ? 3 : p->aifs;
2874                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2875                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2876                 break;
2877         case B43_QOS_BACKGROUND:
2878                 aifs = (p->aifs == -1) ? 7 : p->aifs;
2879                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2880                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2881                 break;
2882         default:
2883                 B43_WARN_ON(1);
2884                 return;
2885         }
2886         if (cw_min <= 0)
2887                 cw_min = aCWmin;
2888         if (cw_max <= 0)
2889                 cw_max = aCWmin;
2890         bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
2891
2892         memset(&params, 0, sizeof(params));
2893
2894         params[B43_QOSPARAM_TXOP] = p->txop * 32;
2895         params[B43_QOSPARAM_CWMIN] = cw_min;
2896         params[B43_QOSPARAM_CWMAX] = cw_max;
2897         params[B43_QOSPARAM_CWCUR] = cw_min;
2898         params[B43_QOSPARAM_AIFS] = aifs;
2899         params[B43_QOSPARAM_BSLOTS] = bslots;
2900         params[B43_QOSPARAM_REGGAP] = bslots + aifs;
2901
2902         for (i = 0; i < ARRAY_SIZE(params); i++) {
2903                 if (i == B43_QOSPARAM_STATUS) {
2904                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
2905                                              shm_offset + (i * 2));
2906                         /* Mark the parameters as updated. */
2907                         tmp |= 0x100;
2908                         b43_shm_write16(dev, B43_SHM_SHARED,
2909                                         shm_offset + (i * 2),
2910                                         tmp);
2911                 } else {
2912                         b43_shm_write16(dev, B43_SHM_SHARED,
2913                                         shm_offset + (i * 2),
2914                                         params[i]);
2915                 }
2916         }
2917 }
2918
2919 /* Update the QOS parameters in hardware. */
2920 static void b43_qos_update(struct b43_wldev *dev)
2921 {
2922         struct b43_wl *wl = dev->wl;
2923         struct b43_qos_params *params;
2924         unsigned long flags;
2925         unsigned int i;
2926
2927         /* Mapping of mac80211 queues to b43 SHM offsets. */
2928         static const u16 qos_shm_offsets[] = {
2929                 [0] = B43_QOS_VOICE,
2930                 [1] = B43_QOS_VIDEO,
2931                 [2] = B43_QOS_BESTEFFORT,
2932                 [3] = B43_QOS_BACKGROUND,
2933         };
2934         BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
2935
2936         b43_mac_suspend(dev);
2937         spin_lock_irqsave(&wl->irq_lock, flags);
2938
2939         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
2940                 params = &(wl->qos_params[i]);
2941                 if (params->need_hw_update) {
2942                         b43_qos_params_upload(dev, &(params->p),
2943                                               qos_shm_offsets[i]);
2944                         params->need_hw_update = 0;
2945                 }
2946         }
2947
2948         spin_unlock_irqrestore(&wl->irq_lock, flags);
2949         b43_mac_enable(dev);
2950 }
2951
2952 static void b43_qos_clear(struct b43_wl *wl)
2953 {
2954         struct b43_qos_params *params;
2955         unsigned int i;
2956
2957         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
2958                 params = &(wl->qos_params[i]);
2959
2960                 memset(&(params->p), 0, sizeof(params->p));
2961                 params->p.aifs = -1;
2962                 params->need_hw_update = 1;
2963         }
2964 }
2965
2966 /* Initialize the core's QOS capabilities */
2967 static void b43_qos_init(struct b43_wldev *dev)
2968 {
2969         struct b43_wl *wl = dev->wl;
2970         unsigned int i;
2971
2972         /* Upload the current QOS parameters. */
2973         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
2974                 wl->qos_params[i].need_hw_update = 1;
2975         b43_qos_update(dev);
2976
2977         /* Enable QOS support. */
2978         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
2979         b43_write16(dev, B43_MMIO_IFSCTL,
2980                     b43_read16(dev, B43_MMIO_IFSCTL)
2981                     | B43_MMIO_IFSCTL_USE_EDCF);
2982 }
2983
2984 static void b43_qos_update_work(struct work_struct *work)
2985 {
2986         struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
2987         struct b43_wldev *dev;
2988
2989         mutex_lock(&wl->mutex);
2990         dev = wl->current_dev;
2991         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
2992                 b43_qos_update(dev);
2993         mutex_unlock(&wl->mutex);
2994 }
2995
2996 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
2997                           const struct ieee80211_tx_queue_params *params)
2998 {
2999         struct b43_wl *wl = hw_to_b43_wl(hw);
3000         unsigned long flags;
3001         unsigned int queue = (unsigned int)_queue;
3002         struct b43_qos_params *p;
3003
3004         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3005                 /* Queue not available or don't support setting
3006                  * params on this queue. Return success to not
3007                  * confuse mac80211. */
3008                 return 0;
3009         }
3010
3011         spin_lock_irqsave(&wl->irq_lock, flags);
3012         p = &(wl->qos_params[queue]);
3013         memcpy(&(p->p), params, sizeof(p->p));
3014         p->need_hw_update = 1;
3015         spin_unlock_irqrestore(&wl->irq_lock, flags);
3016
3017         queue_work(hw->workqueue, &wl->qos_update_work);
3018
3019         return 0;
3020 }
3021
3022 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3023                                struct ieee80211_tx_queue_stats *stats)
3024 {
3025         struct b43_wl *wl = hw_to_b43_wl(hw);
3026         struct b43_wldev *dev = wl->current_dev;
3027         unsigned long flags;
3028         int err = -ENODEV;
3029
3030         if (!dev)
3031                 goto out;
3032         spin_lock_irqsave(&wl->irq_lock, flags);
3033         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3034                 if (b43_using_pio_transfers(dev))
3035                         b43_pio_get_tx_stats(dev, stats);
3036                 else
3037                         b43_dma_get_tx_stats(dev, stats);
3038                 err = 0;
3039         }
3040         spin_unlock_irqrestore(&wl->irq_lock, flags);
3041 out:
3042         return err;
3043 }
3044
3045 static int b43_op_get_stats(struct ieee80211_hw *hw,
3046                             struct ieee80211_low_level_stats *stats)
3047 {
3048         struct b43_wl *wl = hw_to_b43_wl(hw);
3049         unsigned long flags;
3050
3051         spin_lock_irqsave(&wl->irq_lock, flags);
3052         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3053         spin_unlock_irqrestore(&wl->irq_lock, flags);
3054
3055         return 0;
3056 }
3057
3058 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3059 {
3060         struct ssb_device *sdev = dev->dev;
3061         u32 tmslow;
3062
3063         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3064         tmslow &= ~B43_TMSLOW_GMODE;
3065         tmslow |= B43_TMSLOW_PHYRESET;
3066         tmslow |= SSB_TMSLOW_FGC;
3067         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3068         msleep(1);
3069
3070         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3071         tmslow &= ~SSB_TMSLOW_FGC;
3072         tmslow |= B43_TMSLOW_PHYRESET;
3073         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3074         msleep(1);
3075 }
3076
3077 static const char * band_to_string(enum ieee80211_band band)
3078 {
3079         switch (band) {
3080         case IEEE80211_BAND_5GHZ:
3081                 return "5";
3082         case IEEE80211_BAND_2GHZ:
3083                 return "2.4";
3084         default:
3085                 break;
3086         }
3087         B43_WARN_ON(1);
3088         return "";
3089 }
3090
3091 /* Expects wl->mutex locked */
3092 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3093 {
3094         struct b43_wldev *up_dev = NULL;
3095         struct b43_wldev *down_dev;
3096         struct b43_wldev *d;
3097         int err;
3098         bool gmode;
3099         int prev_status;
3100
3101         /* Find a device and PHY which supports the band. */
3102         list_for_each_entry(d, &wl->devlist, list) {
3103                 switch (chan->band) {
3104                 case IEEE80211_BAND_5GHZ:
3105                         if (d->phy.supports_5ghz) {
3106                                 up_dev = d;
3107                                 gmode = 0;
3108                         }
3109                         break;
3110                 case IEEE80211_BAND_2GHZ:
3111                         if (d->phy.supports_2ghz) {
3112                                 up_dev = d;
3113                                 gmode = 1;
3114                         }
3115                         break;
3116                 default:
3117                         B43_WARN_ON(1);
3118                         return -EINVAL;
3119                 }
3120                 if (up_dev)
3121                         break;
3122         }
3123         if (!up_dev) {
3124                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3125                        band_to_string(chan->band));
3126                 return -ENODEV;
3127         }
3128         if ((up_dev == wl->current_dev) &&
3129             (!!wl->current_dev->phy.gmode == !!gmode)) {
3130                 /* This device is already running. */
3131                 return 0;
3132         }
3133         b43dbg(wl, "Switching to %s-GHz band\n",
3134                band_to_string(chan->band));
3135         down_dev = wl->current_dev;
3136
3137         prev_status = b43_status(down_dev);
3138         /* Shutdown the currently running core. */
3139         if (prev_status >= B43_STAT_STARTED)
3140                 b43_wireless_core_stop(down_dev);
3141         if (prev_status >= B43_STAT_INITIALIZED)
3142                 b43_wireless_core_exit(down_dev);
3143
3144         if (down_dev != up_dev) {
3145                 /* We switch to a different core, so we put PHY into
3146                  * RESET on the old core. */
3147                 b43_put_phy_into_reset(down_dev);
3148         }
3149
3150         /* Now start the new core. */
3151         up_dev->phy.gmode = gmode;
3152         if (prev_status >= B43_STAT_INITIALIZED) {
3153                 err = b43_wireless_core_init(up_dev);
3154                 if (err) {
3155                         b43err(wl, "Fatal: Could not initialize device for "
3156                                "selected %s-GHz band\n",
3157                                band_to_string(chan->band));
3158                         goto init_failure;
3159                 }
3160         }
3161         if (prev_status >= B43_STAT_STARTED) {
3162                 err = b43_wireless_core_start(up_dev);
3163                 if (err) {
3164                         b43err(wl, "Fatal: Coult not start device for "
3165                                "selected %s-GHz band\n",
3166                                band_to_string(chan->band));
3167                         b43_wireless_core_exit(up_dev);
3168                         goto init_failure;
3169                 }
3170         }
3171         B43_WARN_ON(b43_status(up_dev) != prev_status);
3172
3173         wl->current_dev = up_dev;
3174
3175         return 0;
3176 init_failure:
3177         /* Whoops, failed to init the new core. No core is operating now. */
3178         wl->current_dev = NULL;
3179         return err;
3180 }
3181
3182 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3183 {
3184         struct b43_wl *wl = hw_to_b43_wl(hw);
3185         struct b43_wldev *dev;
3186         struct b43_phy *phy;
3187         unsigned long flags;
3188         int antenna;
3189         int err = 0;
3190         u32 savedirqs;
3191
3192         mutex_lock(&wl->mutex);
3193
3194         /* Switch the band (if necessary). This might change the active core. */
3195         err = b43_switch_band(wl, conf->channel);
3196         if (err)
3197                 goto out_unlock_mutex;
3198         dev = wl->current_dev;
3199         phy = &dev->phy;
3200
3201         /* Disable IRQs while reconfiguring the device.
3202          * This makes it possible to drop the spinlock throughout
3203          * the reconfiguration process. */
3204         spin_lock_irqsave(&wl->irq_lock, flags);
3205         if (b43_status(dev) < B43_STAT_STARTED) {
3206                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3207                 goto out_unlock_mutex;
3208         }
3209         savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3210         spin_unlock_irqrestore(&wl->irq_lock, flags);
3211         b43_synchronize_irq(dev);
3212
3213         /* Switch to the requested channel.
3214          * The firmware takes care of races with the TX handler. */
3215         if (conf->channel->hw_value != phy->channel)
3216                 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3217
3218         /* Enable/Disable ShortSlot timing. */
3219         if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3220             dev->short_slot) {
3221                 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3222                 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3223                         b43_short_slot_timing_enable(dev);
3224                 else
3225                         b43_short_slot_timing_disable(dev);
3226         }
3227
3228         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3229
3230         /* Adjust the desired TX power level. */
3231         if (conf->power_level != 0) {
3232                 if (conf->power_level != phy->power_level) {
3233                         phy->power_level = conf->power_level;
3234                         b43_phy_xmitpower(dev);
3235                 }
3236         }
3237
3238         /* Antennas for RX and management frame TX. */
3239         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3240         b43_mgmtframe_txantenna(dev, antenna);
3241         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3242         b43_set_rx_antenna(dev, antenna);
3243
3244         /* Update templates for AP mode. */
3245         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
3246                 b43_set_beacon_int(dev, conf->beacon_int);
3247
3248         if (!!conf->radio_enabled != phy->radio_on) {
3249                 if (conf->radio_enabled) {
3250                         b43_radio_turn_on(dev);
3251                         b43info(dev->wl, "Radio turned on by software\n");
3252                         if (!dev->radio_hw_enable) {
3253                                 b43info(dev->wl, "The hardware RF-kill button "
3254                                         "still turns the radio physically off. "
3255                                         "Press the button to turn it on.\n");
3256                         }
3257                 } else {
3258                         b43_radio_turn_off(dev, 0);
3259                         b43info(dev->wl, "Radio turned off by software\n");
3260                 }
3261         }
3262
3263         spin_lock_irqsave(&wl->irq_lock, flags);
3264         b43_interrupt_enable(dev, savedirqs);
3265         mmiowb();
3266         spin_unlock_irqrestore(&wl->irq_lock, flags);
3267       out_unlock_mutex:
3268         mutex_unlock(&wl->mutex);
3269
3270         return err;
3271 }
3272
3273 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3274                            const u8 *local_addr, const u8 *addr,
3275                            struct ieee80211_key_conf *key)
3276 {
3277         struct b43_wl *wl = hw_to_b43_wl(hw);
3278         struct b43_wldev *dev;
3279         unsigned long flags;
3280         u8 algorithm;
3281         u8 index;
3282         int err;
3283         DECLARE_MAC_BUF(mac);
3284
3285         if (modparam_nohwcrypt)
3286                 return -ENOSPC; /* User disabled HW-crypto */
3287
3288         mutex_lock(&wl->mutex);
3289         spin_lock_irqsave(&wl->irq_lock, flags);
3290
3291         dev = wl->current_dev;
3292         err = -ENODEV;
3293         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3294                 goto out_unlock;
3295
3296         err = -EINVAL;
3297         switch (key->alg) {
3298         case ALG_WEP:
3299                 if (key->keylen == 5)
3300                         algorithm = B43_SEC_ALGO_WEP40;
3301                 else
3302                         algorithm = B43_SEC_ALGO_WEP104;
3303                 break;
3304         case ALG_TKIP:
3305                 algorithm = B43_SEC_ALGO_TKIP;
3306                 break;
3307         case ALG_CCMP:
3308                 algorithm = B43_SEC_ALGO_AES;
3309                 break;
3310         default:
3311                 B43_WARN_ON(1);
3312                 goto out_unlock;
3313         }
3314         index = (u8) (key->keyidx);
3315         if (index > 3)
3316                 goto out_unlock;
3317
3318         switch (cmd) {
3319         case SET_KEY:
3320                 if (algorithm == B43_SEC_ALGO_TKIP) {
3321                         /* FIXME: No TKIP hardware encryption for now. */
3322                         err = -EOPNOTSUPP;
3323                         goto out_unlock;
3324                 }
3325
3326                 if (is_broadcast_ether_addr(addr)) {
3327                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3328                         err = b43_key_write(dev, index, algorithm,
3329                                             key->key, key->keylen, NULL, key);
3330                 } else {
3331                         /*
3332                          * either pairwise key or address is 00:00:00:00:00:00
3333                          * for transmit-only keys
3334                          */
3335                         err = b43_key_write(dev, -1, algorithm,
3336                                             key->key, key->keylen, addr, key);
3337                 }
3338                 if (err)
3339                         goto out_unlock;
3340
3341                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3342                     algorithm == B43_SEC_ALGO_WEP104) {
3343                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3344                 } else {
3345                         b43_hf_write(dev,
3346                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3347                 }
3348                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3349                 break;
3350         case DISABLE_KEY: {
3351                 err = b43_key_clear(dev, key->hw_key_idx);
3352                 if (err)
3353                         goto out_unlock;
3354                 break;
3355         }
3356         default:
3357                 B43_WARN_ON(1);
3358         }
3359 out_unlock:
3360         spin_unlock_irqrestore(&wl->irq_lock, flags);
3361         mutex_unlock(&wl->mutex);
3362         if (!err) {
3363                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3364                        "mac: %s\n",
3365                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3366                        print_mac(mac, addr));
3367         }
3368         return err;
3369 }
3370
3371 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3372                                     unsigned int changed, unsigned int *fflags,
3373                                     int mc_count, struct dev_addr_list *mc_list)
3374 {
3375         struct b43_wl *wl = hw_to_b43_wl(hw);
3376         struct b43_wldev *dev = wl->current_dev;
3377         unsigned long flags;
3378
3379         if (!dev) {
3380                 *fflags = 0;
3381                 return;
3382         }
3383
3384         spin_lock_irqsave(&wl->irq_lock, flags);
3385         *fflags &= FIF_PROMISC_IN_BSS |
3386                   FIF_ALLMULTI |
3387                   FIF_FCSFAIL |
3388                   FIF_PLCPFAIL |
3389                   FIF_CONTROL |
3390                   FIF_OTHER_BSS |
3391                   FIF_BCN_PRBRESP_PROMISC;
3392
3393         changed &= FIF_PROMISC_IN_BSS |
3394                    FIF_ALLMULTI |
3395                    FIF_FCSFAIL |
3396                    FIF_PLCPFAIL |
3397                    FIF_CONTROL |
3398                    FIF_OTHER_BSS |
3399                    FIF_BCN_PRBRESP_PROMISC;
3400
3401         wl->filter_flags = *fflags;
3402
3403         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3404                 b43_adjust_opmode(dev);
3405         spin_unlock_irqrestore(&wl->irq_lock, flags);
3406 }
3407
3408 static int b43_op_config_interface(struct ieee80211_hw *hw,
3409                                    struct ieee80211_vif *vif,
3410                                    struct ieee80211_if_conf *conf)
3411 {
3412         struct b43_wl *wl = hw_to_b43_wl(hw);
3413         struct b43_wldev *dev = wl->current_dev;
3414         unsigned long flags;
3415
3416         if (!dev)
3417                 return -ENODEV;
3418         mutex_lock(&wl->mutex);
3419         spin_lock_irqsave(&wl->irq_lock, flags);
3420         B43_WARN_ON(wl->vif != vif);
3421         if (conf->bssid)
3422                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3423         else
3424                 memset(wl->bssid, 0, ETH_ALEN);
3425         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3426                 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP)) {
3427                         B43_WARN_ON(conf->type != IEEE80211_IF_TYPE_AP);
3428                         b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3429                         if (conf->beacon)
3430                                 b43_update_templates(wl, conf->beacon);
3431                 }
3432                 b43_write_mac_bssid_templates(dev);
3433         }
3434         spin_unlock_irqrestore(&wl->irq_lock, flags);
3435         mutex_unlock(&wl->mutex);
3436
3437         return 0;
3438 }
3439
3440 /* Locking: wl->mutex */
3441 static void b43_wireless_core_stop(struct b43_wldev *dev)
3442 {
3443         struct b43_wl *wl = dev->wl;
3444         unsigned long flags;
3445
3446         if (b43_status(dev) < B43_STAT_STARTED)
3447                 return;
3448
3449         /* Disable and sync interrupts. We must do this before than
3450          * setting the status to INITIALIZED, as the interrupt handler
3451          * won't care about IRQs then. */
3452         spin_lock_irqsave(&wl->irq_lock, flags);
3453         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3454         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3455         spin_unlock_irqrestore(&wl->irq_lock, flags);
3456         b43_synchronize_irq(dev);
3457
3458         write_lock_irqsave(&wl->tx_lock, flags);
3459         b43_set_status(dev, B43_STAT_INITIALIZED);
3460         write_unlock_irqrestore(&wl->tx_lock, flags);
3461
3462         b43_pio_stop(dev);
3463         mutex_unlock(&wl->mutex);
3464         /* Must unlock as it would otherwise deadlock. No races here.
3465          * Cancel the possibly running self-rearming periodic work. */
3466         cancel_delayed_work_sync(&dev->periodic_work);
3467         mutex_lock(&wl->mutex);
3468
3469         b43_mac_suspend(dev);
3470         free_irq(dev->dev->irq, dev);
3471         b43dbg(wl, "Wireless interface stopped\n");
3472 }
3473
3474 /* Locking: wl->mutex */
3475 static int b43_wireless_core_start(struct b43_wldev *dev)
3476 {
3477         int err;
3478
3479         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3480
3481         drain_txstatus_queue(dev);
3482         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3483                           IRQF_SHARED, KBUILD_MODNAME, dev);
3484         if (err) {
3485                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3486                 goto out;
3487         }
3488
3489         /* We are ready to run. */
3490         b43_set_status(dev, B43_STAT_STARTED);
3491
3492         /* Start data flow (TX/RX). */
3493         b43_mac_enable(dev);
3494         b43_interrupt_enable(dev, dev->irq_savedstate);
3495
3496         /* Start maintainance work */
3497         b43_periodic_tasks_setup(dev);
3498
3499         b43dbg(dev->wl, "Wireless interface started\n");
3500       out:
3501         return err;
3502 }
3503
3504 /* Get PHY and RADIO versioning numbers */
3505 static int b43_phy_versioning(struct b43_wldev *dev)
3506 {
3507         struct b43_phy *phy = &dev->phy;
3508         u32 tmp;
3509         u8 analog_type;
3510         u8 phy_type;
3511         u8 phy_rev;
3512         u16 radio_manuf;
3513         u16 radio_ver;
3514         u16 radio_rev;
3515         int unsupported = 0;
3516
3517         /* Get PHY versioning */
3518         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3519         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3520         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3521         phy_rev = (tmp & B43_PHYVER_VERSION);
3522         switch (phy_type) {
3523         case B43_PHYTYPE_A:
3524                 if (phy_rev >= 4)
3525                         unsupported = 1;
3526                 break;
3527         case B43_PHYTYPE_B:
3528                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3529                     && phy_rev != 7)
3530                         unsupported = 1;
3531                 break;
3532         case B43_PHYTYPE_G:
3533                 if (phy_rev > 9)
3534                         unsupported = 1;
3535                 break;
3536 #ifdef CONFIG_B43_NPHY
3537         case B43_PHYTYPE_N:
3538                 if (phy_rev > 1)
3539                         unsupported = 1;
3540                 break;
3541 #endif
3542         default:
3543                 unsupported = 1;
3544         };
3545         if (unsupported) {
3546                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3547                        "(Analog %u, Type %u, Revision %u)\n",
3548                        analog_type, phy_type, phy_rev);
3549                 return -EOPNOTSUPP;
3550         }
3551         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3552                analog_type, phy_type, phy_rev);
3553
3554         /* Get RADIO versioning */
3555         if (dev->dev->bus->chip_id == 0x4317) {
3556                 if (dev->dev->bus->chip_rev == 0)
3557                         tmp = 0x3205017F;
3558                 else if (dev->dev->bus->chip_rev == 1)
3559                         tmp = 0x4205017F;
3560                 else
3561                         tmp = 0x5205017F;
3562         } else {
3563                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3564                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3565                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3566                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3567         }
3568         radio_manuf = (tmp & 0x00000FFF);
3569         radio_ver = (tmp & 0x0FFFF000) >> 12;
3570         radio_rev = (tmp & 0xF0000000) >> 28;
3571         if (radio_manuf != 0x17F /* Broadcom */)
3572                 unsupported = 1;
3573         switch (phy_type) {
3574         case B43_PHYTYPE_A:
3575                 if (radio_ver != 0x2060)
3576                         unsupported = 1;
3577                 if (radio_rev != 1)
3578                         unsupported = 1;
3579                 if (radio_manuf != 0x17F)
3580                         unsupported = 1;
3581                 break;
3582         case B43_PHYTYPE_B:
3583                 if ((radio_ver & 0xFFF0) != 0x2050)
3584                         unsupported = 1;
3585                 break;
3586         case B43_PHYTYPE_G:
3587                 if (radio_ver != 0x2050)
3588                         unsupported = 1;
3589                 break;
3590         case B43_PHYTYPE_N:
3591                 if (radio_ver != 0x2055)
3592                         unsupported = 1;
3593                 break;
3594         default:
3595                 B43_WARN_ON(1);
3596         }
3597         if (unsupported) {
3598                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3599                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3600                        radio_manuf, radio_ver, radio_rev);
3601                 return -EOPNOTSUPP;
3602         }
3603         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3604                radio_manuf, radio_ver, radio_rev);
3605
3606         phy->radio_manuf = radio_manuf;
3607         phy->radio_ver = radio_ver;
3608         phy->radio_rev = radio_rev;
3609
3610         phy->analog = analog_type;
3611         phy->type = phy_type;
3612         phy->rev = phy_rev;
3613
3614         return 0;
3615 }
3616
3617 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3618                                       struct b43_phy *phy)
3619 {
3620         struct b43_txpower_lo_control *lo;
3621         int i;
3622
3623         memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3624         memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3625
3626         phy->aci_enable = 0;
3627         phy->aci_wlan_automatic = 0;
3628         phy->aci_hw_rssi = 0;
3629
3630         phy->radio_off_context.valid = 0;
3631
3632         lo = phy->lo_control;
3633         if (lo) {
3634                 memset(lo, 0, sizeof(*(phy->lo_control)));
3635                 lo->tx_bias = 0xFF;
3636                 INIT_LIST_HEAD(&lo->calib_list);
3637         }
3638         phy->max_lb_gain = 0;
3639         phy->trsw_rx_gain = 0;
3640         phy->txpwr_offset = 0;
3641
3642         /* NRSSI */
3643         phy->nrssislope = 0;
3644         for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3645                 phy->nrssi[i] = -1000;
3646         for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3647                 phy->nrssi_lt[i] = i;
3648
3649         phy->lofcal = 0xFFFF;
3650         phy->initval = 0xFFFF;
3651
3652         phy->interfmode = B43_INTERFMODE_NONE;
3653         phy->channel = 0xFF;
3654
3655         phy->hardware_power_control = !!modparam_hwpctl;
3656
3657         /* PHY TX errors counter. */
3658         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3659
3660         /* OFDM-table address caching. */
3661         phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3662 }
3663
3664 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3665 {
3666         dev->dfq_valid = 0;
3667
3668         /* Assume the radio is enabled. If it's not enabled, the state will
3669          * immediately get fixed on the first periodic work run. */
3670         dev->radio_hw_enable = 1;
3671
3672         /* Stats */
3673         memset(&dev->stats, 0, sizeof(dev->stats));
3674
3675         setup_struct_phy_for_init(dev, &dev->phy);
3676
3677         /* IRQ related flags */
3678         dev->irq_reason = 0;
3679         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3680         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3681
3682         dev->mac_suspended = 1;
3683
3684         /* Noise calculation context */
3685         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3686 }
3687
3688 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3689 {
3690         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3691         u64 hf;
3692
3693         if (!modparam_btcoex)
3694                 return;
3695         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3696                 return;
3697         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3698                 return;
3699
3700         hf = b43_hf_read(dev);
3701         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3702                 hf |= B43_HF_BTCOEXALT;
3703         else
3704                 hf |= B43_HF_BTCOEX;
3705         b43_hf_write(dev, hf);
3706 }
3707
3708 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3709 {
3710         if (!modparam_btcoex)
3711                 return;
3712         //TODO
3713 }
3714
3715 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3716 {
3717 #ifdef CONFIG_SSB_DRIVER_PCICORE
3718         struct ssb_bus *bus = dev->dev->bus;
3719         u32 tmp;
3720
3721         if (bus->pcicore.dev &&
3722             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3723             bus->pcicore.dev->id.revision <= 5) {
3724                 /* IMCFGLO timeouts workaround. */
3725                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3726                 tmp &= ~SSB_IMCFGLO_REQTO;
3727                 tmp &= ~SSB_IMCFGLO_SERTO;
3728                 switch (bus->bustype) {
3729                 case SSB_BUSTYPE_PCI:
3730                 case SSB_BUSTYPE_PCMCIA:
3731                         tmp |= 0x32;
3732                         break;
3733                 case SSB_BUSTYPE_SSB:
3734                         tmp |= 0x53;
3735                         break;
3736                 }
3737                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3738         }
3739 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3740 }
3741
3742 /* Write the short and long frame retry limit values. */
3743 static void b43_set_retry_limits(struct b43_wldev *dev,
3744                                  unsigned int short_retry,
3745                                  unsigned int long_retry)
3746 {
3747         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3748          * the chip-internal counter. */
3749         short_retry = min(short_retry, (unsigned int)0xF);
3750         long_retry = min(long_retry, (unsigned int)0xF);
3751
3752         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3753                         short_retry);
3754         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3755                         long_retry);
3756 }
3757
3758 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3759 {
3760         u16 pu_delay;
3761
3762         /* The time value is in microseconds. */
3763         if (dev->phy.type == B43_PHYTYPE_A)
3764                 pu_delay = 3700;
3765         else
3766                 pu_delay = 1050;
3767         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3768                 pu_delay = 500;
3769         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3770                 pu_delay = max(pu_delay, (u16)2400);
3771
3772         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3773 }
3774
3775 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3776 static void b43_set_pretbtt(struct b43_wldev *dev)
3777 {
3778         u16 pretbtt;
3779
3780         /* The time value is in microseconds. */
3781         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3782                 pretbtt = 2;
3783         } else {
3784                 if (dev->phy.type == B43_PHYTYPE_A)
3785                         pretbtt = 120;
3786                 else
3787                         pretbtt = 250;
3788         }
3789         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3790         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3791 }
3792
3793 /* Shutdown a wireless core */
3794 /* Locking: wl->mutex */
3795 static void b43_wireless_core_exit(struct b43_wldev *dev)
3796 {
3797         struct b43_phy *phy = &dev->phy;
3798         u32 macctl;
3799
3800         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3801         if (b43_status(dev) != B43_STAT_INITIALIZED)
3802                 return;
3803         b43_set_status(dev, B43_STAT_UNINIT);
3804
3805         /* Stop the microcode PSM. */
3806         macctl = b43_read32(dev, B43_MMIO_MACCTL);
3807         macctl &= ~B43_MACCTL_PSM_RUN;
3808         macctl |= B43_MACCTL_PSM_JMP0;
3809         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3810
3811         if (!dev->suspend_in_progress) {
3812                 b43_leds_exit(dev);
3813                 b43_rng_exit(dev->wl);
3814         }
3815         b43_dma_free(dev);
3816         b43_pio_free(dev);
3817         b43_chip_exit(dev);
3818         b43_radio_turn_off(dev, 1);
3819         b43_switch_analog(dev, 0);
3820         if (phy->dyn_tssi_tbl)
3821                 kfree(phy->tssi2dbm);
3822         kfree(phy->lo_control);
3823         phy->lo_control = NULL;
3824         if (dev->wl->current_beacon) {
3825                 dev_kfree_skb_any(dev->wl->current_beacon);
3826                 dev->wl->current_beacon = NULL;
3827         }
3828
3829         ssb_device_disable(dev->dev, 0);
3830         ssb_bus_may_powerdown(dev->dev->bus);
3831 }
3832
3833 /* Initialize a wireless core */
3834 static int b43_wireless_core_init(struct b43_wldev *dev)
3835 {
3836         struct b43_wl *wl = dev->wl;
3837         struct ssb_bus *bus = dev->dev->bus;
3838         struct ssb_sprom *sprom = &bus->sprom;
3839         struct b43_phy *phy = &dev->phy;
3840         int err;
3841         u64 hf;
3842         u32 tmp;
3843
3844         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3845
3846         err = ssb_bus_powerup(bus, 0);
3847         if (err)
3848                 goto out;
3849         if (!ssb_device_is_enabled(dev->dev)) {
3850                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3851                 b43_wireless_core_reset(dev, tmp);
3852         }
3853
3854         if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
3855                 phy->lo_control =
3856                     kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
3857                 if (!phy->lo_control) {
3858                         err = -ENOMEM;
3859                         goto err_busdown;
3860                 }
3861         }
3862         setup_struct_wldev_for_init(dev);
3863
3864         err = b43_phy_init_tssi2dbm_table(dev);
3865         if (err)
3866                 goto err_kfree_lo_control;
3867
3868         /* Enable IRQ routing to this device. */
3869         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3870
3871         b43_imcfglo_timeouts_workaround(dev);
3872         b43_bluetooth_coext_disable(dev);
3873         b43_phy_early_init(dev);
3874         err = b43_chip_init(dev);
3875         if (err)
3876                 goto err_kfree_tssitbl;
3877         b43_shm_write16(dev, B43_SHM_SHARED,
3878                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
3879         hf = b43_hf_read(dev);
3880         if (phy->type == B43_PHYTYPE_G) {
3881                 hf |= B43_HF_SYMW;
3882                 if (phy->rev == 1)
3883                         hf |= B43_HF_GDCW;
3884                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
3885                         hf |= B43_HF_OFDMPABOOST;
3886         } else if (phy->type == B43_PHYTYPE_B) {
3887                 hf |= B43_HF_SYMW;
3888                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
3889                         hf &= ~B43_HF_GDCW;
3890         }
3891         b43_hf_write(dev, hf);
3892
3893         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
3894                              B43_DEFAULT_LONG_RETRY_LIMIT);
3895         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
3896         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
3897
3898         /* Disable sending probe responses from firmware.
3899          * Setting the MaxTime to one usec will always trigger
3900          * a timeout, so we never send any probe resp.
3901          * A timeout of zero is infinite. */
3902         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
3903
3904         b43_rate_memory_init(dev);
3905         b43_set_phytxctl_defaults(dev);
3906
3907         /* Minimum Contention Window */
3908         if (phy->type == B43_PHYTYPE_B) {
3909                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
3910         } else {
3911                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
3912         }
3913         /* Maximum Contention Window */
3914         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
3915
3916         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
3917                 dev->__using_pio_transfers = 1;
3918                 err = b43_pio_init(dev);
3919         } else {
3920                 dev->__using_pio_transfers = 0;
3921                 err = b43_dma_init(dev);
3922         }
3923         if (err)
3924                 goto err_chip_exit;
3925         b43_qos_init(dev);
3926         b43_set_synth_pu_delay(dev, 1);
3927         b43_bluetooth_coext_enable(dev);
3928
3929         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
3930         b43_upload_card_macaddress(dev);
3931         b43_security_init(dev);
3932         if (!dev->suspend_in_progress)
3933                 b43_rng_init(wl);
3934
3935         b43_set_status(dev, B43_STAT_INITIALIZED);
3936
3937         if (!dev->suspend_in_progress)
3938                 b43_leds_init(dev);
3939 out:
3940         return err;
3941
3942       err_chip_exit:
3943         b43_chip_exit(dev);
3944       err_kfree_tssitbl:
3945         if (phy->dyn_tssi_tbl)
3946                 kfree(phy->tssi2dbm);
3947       err_kfree_lo_control:
3948         kfree(phy->lo_control);
3949         phy->lo_control = NULL;
3950       err_busdown:
3951         ssb_bus_may_powerdown(bus);
3952         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3953         return err;
3954 }
3955
3956 static int b43_op_add_interface(struct ieee80211_hw *hw,
3957                                 struct ieee80211_if_init_conf *conf)
3958 {
3959         struct b43_wl *wl = hw_to_b43_wl(hw);
3960         struct b43_wldev *dev;
3961         unsigned long flags;
3962         int err = -EOPNOTSUPP;
3963
3964         /* TODO: allow WDS/AP devices to coexist */
3965
3966         if (conf->type != IEEE80211_IF_TYPE_AP &&
3967             conf->type != IEEE80211_IF_TYPE_STA &&
3968             conf->type != IEEE80211_IF_TYPE_WDS &&
3969             conf->type != IEEE80211_IF_TYPE_IBSS)
3970                 return -EOPNOTSUPP;
3971
3972         mutex_lock(&wl->mutex);
3973         if (wl->operating)
3974                 goto out_mutex_unlock;
3975
3976         b43dbg(wl, "Adding Interface type %d\n", conf->type);
3977
3978         dev = wl->current_dev;
3979         wl->operating = 1;
3980         wl->vif = conf->vif;
3981         wl->if_type = conf->type;
3982         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
3983
3984         spin_lock_irqsave(&wl->irq_lock, flags);
3985         b43_adjust_opmode(dev);
3986         b43_set_pretbtt(dev);
3987         b43_set_synth_pu_delay(dev, 0);
3988         b43_upload_card_macaddress(dev);
3989         spin_unlock_irqrestore(&wl->irq_lock, flags);
3990
3991         err = 0;
3992  out_mutex_unlock:
3993         mutex_unlock(&wl->mutex);
3994
3995         return err;
3996 }
3997
3998 static void b43_op_remove_interface(struct ieee80211_hw *hw,
3999                                     struct ieee80211_if_init_conf *conf)
4000 {
4001         struct b43_wl *wl = hw_to_b43_wl(hw);
4002         struct b43_wldev *dev = wl->current_dev;
4003         unsigned long flags;
4004
4005         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4006
4007         mutex_lock(&wl->mutex);
4008
4009         B43_WARN_ON(!wl->operating);
4010         B43_WARN_ON(wl->vif != conf->vif);
4011         wl->vif = NULL;
4012
4013         wl->operating = 0;
4014
4015         spin_lock_irqsave(&wl->irq_lock, flags);
4016         b43_adjust_opmode(dev);
4017         memset(wl->mac_addr, 0, ETH_ALEN);
4018         b43_upload_card_macaddress(dev);
4019         spin_unlock_irqrestore(&wl->irq_lock, flags);
4020
4021         mutex_unlock(&wl->mutex);
4022 }
4023
4024 static int b43_op_start(struct ieee80211_hw *hw)
4025 {
4026         struct b43_wl *wl = hw_to_b43_wl(hw);
4027         struct b43_wldev *dev = wl->current_dev;
4028         int did_init = 0;
4029         int err = 0;
4030         bool do_rfkill_exit = 0;
4031
4032         /* Kill all old instance specific information to make sure
4033          * the card won't use it in the short timeframe between start
4034          * and mac80211 reconfiguring it. */
4035         memset(wl->bssid, 0, ETH_ALEN);
4036         memset(wl->mac_addr, 0, ETH_ALEN);
4037         wl->filter_flags = 0;
4038         wl->radiotap_enabled = 0;
4039         b43_qos_clear(wl);
4040
4041         /* First register RFkill.
4042          * LEDs that are registered later depend on it. */
4043         b43_rfkill_init(dev);
4044
4045         mutex_lock(&wl->mutex);
4046
4047         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4048                 err = b43_wireless_core_init(dev);
4049                 if (err) {
4050                         do_rfkill_exit = 1;
4051                         goto out_mutex_unlock;
4052                 }
4053                 did_init = 1;
4054         }
4055
4056         if (b43_status(dev) < B43_STAT_STARTED) {
4057                 err = b43_wireless_core_start(dev);
4058                 if (err) {
4059                         if (did_init)
4060                                 b43_wireless_core_exit(dev);
4061                         do_rfkill_exit = 1;
4062                         goto out_mutex_unlock;
4063                 }
4064         }
4065
4066  out_mutex_unlock:
4067         mutex_unlock(&wl->mutex);
4068
4069         if (do_rfkill_exit)
4070                 b43_rfkill_exit(dev);
4071
4072         return err;
4073 }
4074
4075 static void b43_op_stop(struct ieee80211_hw *hw)
4076 {
4077         struct b43_wl *wl = hw_to_b43_wl(hw);
4078         struct b43_wldev *dev = wl->current_dev;
4079
4080         b43_rfkill_exit(dev);
4081         cancel_work_sync(&(wl->qos_update_work));
4082         cancel_work_sync(&(wl->beacon_update_trigger));
4083
4084         mutex_lock(&wl->mutex);
4085         if (b43_status(dev) >= B43_STAT_STARTED)
4086                 b43_wireless_core_stop(dev);
4087         b43_wireless_core_exit(dev);
4088         mutex_unlock(&wl->mutex);
4089 }
4090
4091 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4092                                   u32 short_retry_limit, u32 long_retry_limit)
4093 {
4094         struct b43_wl *wl = hw_to_b43_wl(hw);
4095         struct b43_wldev *dev;
4096         int err = 0;
4097
4098         mutex_lock(&wl->mutex);
4099         dev = wl->current_dev;
4100         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4101                 err = -ENODEV;
4102                 goto out_unlock;
4103         }
4104         b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4105 out_unlock:
4106         mutex_unlock(&wl->mutex);
4107
4108         return err;
4109 }
4110
4111 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4112 {
4113         struct b43_wl *wl = hw_to_b43_wl(hw);
4114         struct sk_buff *beacon;
4115         unsigned long flags;
4116
4117         /* We could modify the existing beacon and set the aid bit in
4118          * the TIM field, but that would probably require resizing and
4119          * moving of data within the beacon template.
4120          * Simply request a new beacon and let mac80211 do the hard work. */
4121         beacon = ieee80211_beacon_get(hw, wl->vif);
4122         if (unlikely(!beacon))
4123                 return -ENOMEM;
4124         spin_lock_irqsave(&wl->irq_lock, flags);
4125         b43_update_templates(wl, beacon);
4126         spin_unlock_irqrestore(&wl->irq_lock, flags);
4127
4128         return 0;
4129 }
4130
4131 static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
4132                                      struct sk_buff *beacon)
4133 {
4134         struct b43_wl *wl = hw_to_b43_wl(hw);
4135         unsigned long flags;
4136
4137         spin_lock_irqsave(&wl->irq_lock, flags);
4138         b43_update_templates(wl, beacon);
4139         spin_unlock_irqrestore(&wl->irq_lock, flags);
4140
4141         return 0;
4142 }
4143
4144 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4145                               struct ieee80211_vif *vif,
4146                               enum sta_notify_cmd notify_cmd,
4147                               const u8 *addr)
4148 {
4149         struct b43_wl *wl = hw_to_b43_wl(hw);
4150
4151         B43_WARN_ON(!vif || wl->vif != vif);
4152 }
4153
4154 static const struct ieee80211_ops b43_hw_ops = {
4155         .tx                     = b43_op_tx,
4156         .conf_tx                = b43_op_conf_tx,
4157         .add_interface          = b43_op_add_interface,
4158         .remove_interface       = b43_op_remove_interface,
4159         .config                 = b43_op_config,
4160         .config_interface       = b43_op_config_interface,
4161         .configure_filter       = b43_op_configure_filter,
4162         .set_key                = b43_op_set_key,
4163         .get_stats              = b43_op_get_stats,
4164         .get_tx_stats           = b43_op_get_tx_stats,
4165         .start                  = b43_op_start,
4166         .stop                   = b43_op_stop,
4167         .set_retry_limit        = b43_op_set_retry_limit,
4168         .set_tim                = b43_op_beacon_set_tim,
4169         .beacon_update          = b43_op_ibss_beacon_update,
4170         .sta_notify             = b43_op_sta_notify,
4171 };
4172
4173 /* Hard-reset the chip. Do not call this directly.
4174  * Use b43_controller_restart()
4175  */
4176 static void b43_chip_reset(struct work_struct *work)
4177 {
4178         struct b43_wldev *dev =
4179             container_of(work, struct b43_wldev, restart_work);
4180         struct b43_wl *wl = dev->wl;
4181         int err = 0;
4182         int prev_status;
4183
4184         mutex_lock(&wl->mutex);
4185
4186         prev_status = b43_status(dev);
4187         /* Bring the device down... */
4188         if (prev_status >= B43_STAT_STARTED)
4189                 b43_wireless_core_stop(dev);
4190         if (prev_status >= B43_STAT_INITIALIZED)
4191                 b43_wireless_core_exit(dev);
4192
4193         /* ...and up again. */
4194         if (prev_status >= B43_STAT_INITIALIZED) {
4195                 err = b43_wireless_core_init(dev);
4196                 if (err)
4197                         goto out;
4198         }
4199         if (prev_status >= B43_STAT_STARTED) {
4200                 err = b43_wireless_core_start(dev);
4201                 if (err) {
4202                         b43_wireless_core_exit(dev);
4203                         goto out;
4204                 }
4205         }
4206       out:
4207         mutex_unlock(&wl->mutex);
4208         if (err)
4209                 b43err(wl, "Controller restart FAILED\n");
4210         else
4211                 b43info(wl, "Controller restarted\n");
4212 }
4213
4214 static int b43_setup_bands(struct b43_wldev *dev,
4215                            bool have_2ghz_phy, bool have_5ghz_phy)
4216 {
4217         struct ieee80211_hw *hw = dev->wl->hw;
4218
4219         if (have_2ghz_phy)
4220                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4221         if (dev->phy.type == B43_PHYTYPE_N) {
4222                 if (have_5ghz_phy)
4223                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4224         } else {
4225                 if (have_5ghz_phy)
4226                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4227         }
4228
4229         dev->phy.supports_2ghz = have_2ghz_phy;
4230         dev->phy.supports_5ghz = have_5ghz_phy;
4231
4232         return 0;
4233 }
4234
4235 static void b43_wireless_core_detach(struct b43_wldev *dev)
4236 {
4237         /* We release firmware that late to not be required to re-request
4238          * is all the time when we reinit the core. */
4239         b43_release_firmware(dev);
4240 }
4241
4242 static int b43_wireless_core_attach(struct b43_wldev *dev)
4243 {
4244         struct b43_wl *wl = dev->wl;
4245         struct ssb_bus *bus = dev->dev->bus;
4246         struct pci_dev *pdev = bus->host_pci;
4247         int err;
4248         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4249         u32 tmp;
4250
4251         /* Do NOT do any device initialization here.
4252          * Do it in wireless_core_init() instead.
4253          * This function is for gathering basic information about the HW, only.
4254          * Also some structs may be set up here. But most likely you want to have
4255          * that in core_init(), too.
4256          */
4257
4258         err = ssb_bus_powerup(bus, 0);
4259         if (err) {
4260                 b43err(wl, "Bus powerup failed\n");
4261                 goto out;
4262         }
4263         /* Get the PHY type. */
4264         if (dev->dev->id.revision >= 5) {
4265                 u32 tmshigh;
4266
4267                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4268                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4269                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4270         } else
4271                 B43_WARN_ON(1);
4272
4273         dev->phy.gmode = have_2ghz_phy;
4274         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4275         b43_wireless_core_reset(dev, tmp);
4276
4277         err = b43_phy_versioning(dev);
4278         if (err)
4279                 goto err_powerdown;
4280         /* Check if this device supports multiband. */
4281         if (!pdev ||
4282             (pdev->device != 0x4312 &&
4283              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4284                 /* No multiband support. */
4285                 have_2ghz_phy = 0;
4286                 have_5ghz_phy = 0;
4287                 switch (dev->phy.type) {
4288                 case B43_PHYTYPE_A:
4289                         have_5ghz_phy = 1;
4290                         break;
4291                 case B43_PHYTYPE_G:
4292                 case B43_PHYTYPE_N:
4293                         have_2ghz_phy = 1;
4294                         break;
4295                 default:
4296                         B43_WARN_ON(1);
4297                 }
4298         }
4299         if (dev->phy.type == B43_PHYTYPE_A) {
4300                 /* FIXME */
4301                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4302                 err = -EOPNOTSUPP;
4303                 goto err_powerdown;
4304         }
4305         if (1 /* disable A-PHY */) {
4306                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4307                 if (dev->phy.type != B43_PHYTYPE_N) {
4308                         have_2ghz_phy = 1;
4309                         have_5ghz_phy = 0;
4310                 }
4311         }
4312
4313         dev->phy.gmode = have_2ghz_phy;
4314         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4315         b43_wireless_core_reset(dev, tmp);
4316
4317         err = b43_validate_chipaccess(dev);
4318         if (err)
4319                 goto err_powerdown;
4320         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4321         if (err)
4322                 goto err_powerdown;
4323
4324         /* Now set some default "current_dev" */
4325         if (!wl->current_dev)
4326                 wl->current_dev = dev;
4327         INIT_WORK(&dev->restart_work, b43_chip_reset);
4328
4329         b43_radio_turn_off(dev, 1);
4330         b43_switch_analog(dev, 0);
4331         ssb_device_disable(dev->dev, 0);
4332         ssb_bus_may_powerdown(bus);
4333
4334 out:
4335         return err;
4336
4337 err_powerdown:
4338         ssb_bus_may_powerdown(bus);
4339         return err;
4340 }
4341
4342 static void b43_one_core_detach(struct ssb_device *dev)
4343 {
4344         struct b43_wldev *wldev;
4345         struct b43_wl *wl;
4346
4347         wldev = ssb_get_drvdata(dev);
4348         wl = wldev->wl;
4349         cancel_work_sync(&wldev->restart_work);
4350         b43_debugfs_remove_device(wldev);
4351         b43_wireless_core_detach(wldev);
4352         list_del(&wldev->list);
4353         wl->nr_devs--;
4354         ssb_set_drvdata(dev, NULL);
4355         kfree(wldev);
4356 }
4357
4358 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4359 {
4360         struct b43_wldev *wldev;
4361         struct pci_dev *pdev;
4362         int err = -ENOMEM;
4363
4364         if (!list_empty(&wl->devlist)) {
4365                 /* We are not the first core on this chip. */
4366                 pdev = dev->bus->host_pci;
4367                 /* Only special chips support more than one wireless
4368                  * core, although some of the other chips have more than
4369                  * one wireless core as well. Check for this and
4370                  * bail out early.
4371                  */
4372                 if (!pdev ||
4373                     ((pdev->device != 0x4321) &&
4374                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4375                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4376                         return -ENODEV;
4377                 }
4378         }
4379
4380         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4381         if (!wldev)
4382                 goto out;
4383
4384         wldev->dev = dev;
4385         wldev->wl = wl;
4386         b43_set_status(wldev, B43_STAT_UNINIT);
4387         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4388         tasklet_init(&wldev->isr_tasklet,
4389                      (void (*)(unsigned long))b43_interrupt_tasklet,
4390                      (unsigned long)wldev);
4391         INIT_LIST_HEAD(&wldev->list);
4392
4393         err = b43_wireless_core_attach(wldev);
4394         if (err)
4395                 goto err_kfree_wldev;
4396
4397         list_add(&wldev->list, &wl->devlist);
4398         wl->nr_devs++;
4399         ssb_set_drvdata(dev, wldev);
4400         b43_debugfs_add_device(wldev);
4401
4402       out:
4403         return err;
4404
4405       err_kfree_wldev:
4406         kfree(wldev);
4407         return err;
4408 }
4409
4410 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4411         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4412         (pdev->device == _device) &&                                    \
4413         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4414         (pdev->subsystem_device == _subdevice)                          )
4415
4416 static void b43_sprom_fixup(struct ssb_bus *bus)
4417 {
4418         struct pci_dev *pdev;
4419
4420         /* boardflags workarounds */
4421         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4422             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4423                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4424         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4425             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4426                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4427         if (bus->bustype == SSB_BUSTYPE_PCI) {
4428                 pdev = bus->host_pci;
4429                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4430                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4431                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4432                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4433         }
4434 }
4435
4436 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4437 {
4438         struct ieee80211_hw *hw = wl->hw;
4439
4440         ssb_set_devtypedata(dev, NULL);
4441         ieee80211_free_hw(hw);
4442 }
4443
4444 static int b43_wireless_init(struct ssb_device *dev)
4445 {
4446         struct ssb_sprom *sprom = &dev->bus->sprom;
4447         struct ieee80211_hw *hw;
4448         struct b43_wl *wl;
4449         int err = -ENOMEM;
4450
4451         b43_sprom_fixup(dev->bus);
4452
4453         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4454         if (!hw) {
4455                 b43err(NULL, "Could not allocate ieee80211 device\n");
4456                 goto out;
4457         }
4458
4459         /* fill hw info */
4460         hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4461                     IEEE80211_HW_RX_INCLUDES_FCS |
4462                     IEEE80211_HW_SIGNAL_DBM |
4463                     IEEE80211_HW_NOISE_DBM;
4464
4465         hw->queues = b43_modparam_qos ? 4 : 1;
4466         SET_IEEE80211_DEV(hw, dev->dev);
4467         if (is_valid_ether_addr(sprom->et1mac))
4468                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4469         else
4470                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4471
4472         /* Get and initialize struct b43_wl */
4473         wl = hw_to_b43_wl(hw);
4474         memset(wl, 0, sizeof(*wl));
4475         wl->hw = hw;
4476         spin_lock_init(&wl->irq_lock);
4477         rwlock_init(&wl->tx_lock);
4478         spin_lock_init(&wl->leds_lock);
4479         spin_lock_init(&wl->shm_lock);
4480         mutex_init(&wl->mutex);
4481         INIT_LIST_HEAD(&wl->devlist);
4482         INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4483         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4484
4485         ssb_set_devtypedata(dev, wl);
4486         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4487         err = 0;
4488       out:
4489         return err;
4490 }
4491
4492 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4493 {
4494         struct b43_wl *wl;
4495         int err;
4496         int first = 0;
4497
4498         wl = ssb_get_devtypedata(dev);
4499         if (!wl) {
4500                 /* Probing the first core. Must setup common struct b43_wl */
4501                 first = 1;
4502                 err = b43_wireless_init(dev);
4503                 if (err)
4504                         goto out;
4505                 wl = ssb_get_devtypedata(dev);
4506                 B43_WARN_ON(!wl);
4507         }
4508         err = b43_one_core_attach(dev, wl);
4509         if (err)
4510                 goto err_wireless_exit;
4511
4512         if (first) {
4513                 err = ieee80211_register_hw(wl->hw);
4514                 if (err)
4515                         goto err_one_core_detach;
4516         }
4517
4518       out:
4519         return err;
4520
4521       err_one_core_detach:
4522         b43_one_core_detach(dev);
4523       err_wireless_exit:
4524         if (first)
4525                 b43_wireless_exit(dev, wl);
4526         return err;
4527 }
4528
4529 static void b43_remove(struct ssb_device *dev)
4530 {
4531         struct b43_wl *wl = ssb_get_devtypedata(dev);
4532         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4533
4534         B43_WARN_ON(!wl);
4535         if (wl->current_dev == wldev)
4536                 ieee80211_unregister_hw(wl->hw);
4537
4538         b43_one_core_detach(dev);
4539
4540         if (list_empty(&wl->devlist)) {
4541                 /* Last core on the chip unregistered.
4542                  * We can destroy common struct b43_wl.
4543                  */
4544                 b43_wireless_exit(dev, wl);
4545         }
4546 }
4547
4548 /* Perform a hardware reset. This can be called from any context. */
4549 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4550 {
4551         /* Must avoid requeueing, if we are in shutdown. */
4552         if (b43_status(dev) < B43_STAT_INITIALIZED)
4553                 return;
4554         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4555         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4556 }
4557
4558 #ifdef CONFIG_PM
4559
4560 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4561 {
4562         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4563         struct b43_wl *wl = wldev->wl;
4564
4565         b43dbg(wl, "Suspending...\n");
4566
4567         mutex_lock(&wl->mutex);
4568         wldev->suspend_in_progress = true;
4569         wldev->suspend_init_status = b43_status(wldev);
4570         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4571                 b43_wireless_core_stop(wldev);
4572         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4573                 b43_wireless_core_exit(wldev);
4574         mutex_unlock(&wl->mutex);
4575
4576         b43dbg(wl, "Device suspended.\n");
4577
4578         return 0;
4579 }
4580
4581 static int b43_resume(struct ssb_device *dev)
4582 {
4583         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4584         struct b43_wl *wl = wldev->wl;
4585         int err = 0;
4586
4587         b43dbg(wl, "Resuming...\n");
4588
4589         mutex_lock(&wl->mutex);
4590         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4591                 err = b43_wireless_core_init(wldev);
4592                 if (err) {
4593                         b43err(wl, "Resume failed at core init\n");
4594                         goto out;
4595                 }
4596         }
4597         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4598                 err = b43_wireless_core_start(wldev);
4599                 if (err) {
4600                         b43_leds_exit(wldev);
4601                         b43_rng_exit(wldev->wl);
4602                         b43_wireless_core_exit(wldev);
4603                         b43err(wl, "Resume failed at core start\n");
4604                         goto out;
4605                 }
4606         }
4607         b43dbg(wl, "Device resumed.\n");
4608  out:
4609         wldev->suspend_in_progress = false;
4610         mutex_unlock(&wl->mutex);
4611         return err;
4612 }
4613
4614 #else /* CONFIG_PM */
4615 # define b43_suspend    NULL
4616 # define b43_resume     NULL
4617 #endif /* CONFIG_PM */
4618
4619 static struct ssb_driver b43_ssb_driver = {
4620         .name           = KBUILD_MODNAME,
4621         .id_table       = b43_ssb_tbl,
4622         .probe          = b43_probe,
4623         .remove         = b43_remove,
4624         .suspend        = b43_suspend,
4625         .resume         = b43_resume,
4626 };
4627
4628 static void b43_print_driverinfo(void)
4629 {
4630         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4631                    *feat_leds = "", *feat_rfkill = "";
4632
4633 #ifdef CONFIG_B43_PCI_AUTOSELECT
4634         feat_pci = "P";
4635 #endif
4636 #ifdef CONFIG_B43_PCMCIA
4637         feat_pcmcia = "M";
4638 #endif
4639 #ifdef CONFIG_B43_NPHY
4640         feat_nphy = "N";
4641 #endif
4642 #ifdef CONFIG_B43_LEDS
4643         feat_leds = "L";
4644 #endif
4645 #ifdef CONFIG_B43_RFKILL
4646         feat_rfkill = "R";
4647 #endif
4648         printk(KERN_INFO "Broadcom 43xx driver loaded "
4649                "[ Features: %s%s%s%s%s, Firmware-ID: "
4650                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4651                feat_pci, feat_pcmcia, feat_nphy,
4652                feat_leds, feat_rfkill);
4653 }
4654
4655 static int __init b43_init(void)
4656 {
4657         int err;
4658
4659         b43_debugfs_init();
4660         err = b43_pcmcia_init();
4661         if (err)
4662                 goto err_dfs_exit;
4663         err = ssb_driver_register(&b43_ssb_driver);
4664         if (err)
4665                 goto err_pcmcia_exit;
4666         b43_print_driverinfo();
4667
4668         return err;
4669
4670 err_pcmcia_exit:
4671         b43_pcmcia_exit();
4672 err_dfs_exit:
4673         b43_debugfs_exit();
4674         return err;
4675 }
4676
4677 static void __exit b43_exit(void)
4678 {
4679         ssb_driver_unregister(&b43_ssb_driver);
4680         b43_pcmcia_exit();
4681         b43_debugfs_exit();
4682 }
4683
4684 module_init(b43_init)
4685 module_exit(b43_exit)