drivers/net: change moduleparam.h to module.h as required.
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
122         BCMA_CORETABLE_END
123 };
124 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
125 #endif
126
127 #ifdef CONFIG_B43_SSB
128 static const struct ssb_device_id b43_ssb_tbl[] = {
129         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
130         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
139         SSB_DEVTABLE_END
140 };
141 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
142 #endif
143
144 /* Channel and ratetables are shared for all devices.
145  * They can't be const, because ieee80211 puts some precalculated
146  * data in there. This data is the same for all devices, so we don't
147  * get concurrency issues */
148 #define RATETAB_ENT(_rateid, _flags) \
149         {                                                               \
150                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
151                 .hw_value       = (_rateid),                            \
152                 .flags          = (_flags),                             \
153         }
154
155 /*
156  * NOTE: When changing this, sync with xmit.c's
157  *       b43_plcp_get_bitrate_idx_* functions!
158  */
159 static struct ieee80211_rate __b43_ratetable[] = {
160         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
161         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
162         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
163         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
164         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
165         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
166         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
167         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
168         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
172 };
173
174 #define b43_a_ratetable         (__b43_ratetable + 4)
175 #define b43_a_ratetable_size    8
176 #define b43_b_ratetable         (__b43_ratetable + 0)
177 #define b43_b_ratetable_size    4
178 #define b43_g_ratetable         (__b43_ratetable + 0)
179 #define b43_g_ratetable_size    12
180
181 #define CHAN4G(_channel, _freq, _flags) {                       \
182         .band                   = IEEE80211_BAND_2GHZ,          \
183         .center_freq            = (_freq),                      \
184         .hw_value               = (_channel),                   \
185         .flags                  = (_flags),                     \
186         .max_antenna_gain       = 0,                            \
187         .max_power              = 30,                           \
188 }
189 static struct ieee80211_channel b43_2ghz_chantable[] = {
190         CHAN4G(1, 2412, 0),
191         CHAN4G(2, 2417, 0),
192         CHAN4G(3, 2422, 0),
193         CHAN4G(4, 2427, 0),
194         CHAN4G(5, 2432, 0),
195         CHAN4G(6, 2437, 0),
196         CHAN4G(7, 2442, 0),
197         CHAN4G(8, 2447, 0),
198         CHAN4G(9, 2452, 0),
199         CHAN4G(10, 2457, 0),
200         CHAN4G(11, 2462, 0),
201         CHAN4G(12, 2467, 0),
202         CHAN4G(13, 2472, 0),
203         CHAN4G(14, 2484, 0),
204 };
205 #undef CHAN4G
206
207 #define CHAN5G(_channel, _flags) {                              \
208         .band                   = IEEE80211_BAND_5GHZ,          \
209         .center_freq            = 5000 + (5 * (_channel)),      \
210         .hw_value               = (_channel),                   \
211         .flags                  = (_flags),                     \
212         .max_antenna_gain       = 0,                            \
213         .max_power              = 30,                           \
214 }
215 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
216         CHAN5G(32, 0),          CHAN5G(34, 0),
217         CHAN5G(36, 0),          CHAN5G(38, 0),
218         CHAN5G(40, 0),          CHAN5G(42, 0),
219         CHAN5G(44, 0),          CHAN5G(46, 0),
220         CHAN5G(48, 0),          CHAN5G(50, 0),
221         CHAN5G(52, 0),          CHAN5G(54, 0),
222         CHAN5G(56, 0),          CHAN5G(58, 0),
223         CHAN5G(60, 0),          CHAN5G(62, 0),
224         CHAN5G(64, 0),          CHAN5G(66, 0),
225         CHAN5G(68, 0),          CHAN5G(70, 0),
226         CHAN5G(72, 0),          CHAN5G(74, 0),
227         CHAN5G(76, 0),          CHAN5G(78, 0),
228         CHAN5G(80, 0),          CHAN5G(82, 0),
229         CHAN5G(84, 0),          CHAN5G(86, 0),
230         CHAN5G(88, 0),          CHAN5G(90, 0),
231         CHAN5G(92, 0),          CHAN5G(94, 0),
232         CHAN5G(96, 0),          CHAN5G(98, 0),
233         CHAN5G(100, 0),         CHAN5G(102, 0),
234         CHAN5G(104, 0),         CHAN5G(106, 0),
235         CHAN5G(108, 0),         CHAN5G(110, 0),
236         CHAN5G(112, 0),         CHAN5G(114, 0),
237         CHAN5G(116, 0),         CHAN5G(118, 0),
238         CHAN5G(120, 0),         CHAN5G(122, 0),
239         CHAN5G(124, 0),         CHAN5G(126, 0),
240         CHAN5G(128, 0),         CHAN5G(130, 0),
241         CHAN5G(132, 0),         CHAN5G(134, 0),
242         CHAN5G(136, 0),         CHAN5G(138, 0),
243         CHAN5G(140, 0),         CHAN5G(142, 0),
244         CHAN5G(144, 0),         CHAN5G(145, 0),
245         CHAN5G(146, 0),         CHAN5G(147, 0),
246         CHAN5G(148, 0),         CHAN5G(149, 0),
247         CHAN5G(150, 0),         CHAN5G(151, 0),
248         CHAN5G(152, 0),         CHAN5G(153, 0),
249         CHAN5G(154, 0),         CHAN5G(155, 0),
250         CHAN5G(156, 0),         CHAN5G(157, 0),
251         CHAN5G(158, 0),         CHAN5G(159, 0),
252         CHAN5G(160, 0),         CHAN5G(161, 0),
253         CHAN5G(162, 0),         CHAN5G(163, 0),
254         CHAN5G(164, 0),         CHAN5G(165, 0),
255         CHAN5G(166, 0),         CHAN5G(168, 0),
256         CHAN5G(170, 0),         CHAN5G(172, 0),
257         CHAN5G(174, 0),         CHAN5G(176, 0),
258         CHAN5G(178, 0),         CHAN5G(180, 0),
259         CHAN5G(182, 0),         CHAN5G(184, 0),
260         CHAN5G(186, 0),         CHAN5G(188, 0),
261         CHAN5G(190, 0),         CHAN5G(192, 0),
262         CHAN5G(194, 0),         CHAN5G(196, 0),
263         CHAN5G(198, 0),         CHAN5G(200, 0),
264         CHAN5G(202, 0),         CHAN5G(204, 0),
265         CHAN5G(206, 0),         CHAN5G(208, 0),
266         CHAN5G(210, 0),         CHAN5G(212, 0),
267         CHAN5G(214, 0),         CHAN5G(216, 0),
268         CHAN5G(218, 0),         CHAN5G(220, 0),
269         CHAN5G(222, 0),         CHAN5G(224, 0),
270         CHAN5G(226, 0),         CHAN5G(228, 0),
271 };
272
273 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
274         CHAN5G(34, 0),          CHAN5G(36, 0),
275         CHAN5G(38, 0),          CHAN5G(40, 0),
276         CHAN5G(42, 0),          CHAN5G(44, 0),
277         CHAN5G(46, 0),          CHAN5G(48, 0),
278         CHAN5G(52, 0),          CHAN5G(56, 0),
279         CHAN5G(60, 0),          CHAN5G(64, 0),
280         CHAN5G(100, 0),         CHAN5G(104, 0),
281         CHAN5G(108, 0),         CHAN5G(112, 0),
282         CHAN5G(116, 0),         CHAN5G(120, 0),
283         CHAN5G(124, 0),         CHAN5G(128, 0),
284         CHAN5G(132, 0),         CHAN5G(136, 0),
285         CHAN5G(140, 0),         CHAN5G(149, 0),
286         CHAN5G(153, 0),         CHAN5G(157, 0),
287         CHAN5G(161, 0),         CHAN5G(165, 0),
288         CHAN5G(184, 0),         CHAN5G(188, 0),
289         CHAN5G(192, 0),         CHAN5G(196, 0),
290         CHAN5G(200, 0),         CHAN5G(204, 0),
291         CHAN5G(208, 0),         CHAN5G(212, 0),
292         CHAN5G(216, 0),
293 };
294 #undef CHAN5G
295
296 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
297         .band           = IEEE80211_BAND_5GHZ,
298         .channels       = b43_5ghz_nphy_chantable,
299         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
300         .bitrates       = b43_a_ratetable,
301         .n_bitrates     = b43_a_ratetable_size,
302 };
303
304 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
305         .band           = IEEE80211_BAND_5GHZ,
306         .channels       = b43_5ghz_aphy_chantable,
307         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
308         .bitrates       = b43_a_ratetable,
309         .n_bitrates     = b43_a_ratetable_size,
310 };
311
312 static struct ieee80211_supported_band b43_band_2GHz = {
313         .band           = IEEE80211_BAND_2GHZ,
314         .channels       = b43_2ghz_chantable,
315         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
316         .bitrates       = b43_g_ratetable,
317         .n_bitrates     = b43_g_ratetable_size,
318 };
319
320 static void b43_wireless_core_exit(struct b43_wldev *dev);
321 static int b43_wireless_core_init(struct b43_wldev *dev);
322 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
323 static int b43_wireless_core_start(struct b43_wldev *dev);
324 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
325                                     struct ieee80211_vif *vif,
326                                     struct ieee80211_bss_conf *conf,
327                                     u32 changed);
328
329 static int b43_ratelimit(struct b43_wl *wl)
330 {
331         if (!wl || !wl->current_dev)
332                 return 1;
333         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
334                 return 1;
335         /* We are up and running.
336          * Ratelimit the messages to avoid DoS over the net. */
337         return net_ratelimit();
338 }
339
340 void b43info(struct b43_wl *wl, const char *fmt, ...)
341 {
342         struct va_format vaf;
343         va_list args;
344
345         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
346                 return;
347         if (!b43_ratelimit(wl))
348                 return;
349
350         va_start(args, fmt);
351
352         vaf.fmt = fmt;
353         vaf.va = &args;
354
355         printk(KERN_INFO "b43-%s: %pV",
356                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
357
358         va_end(args);
359 }
360
361 void b43err(struct b43_wl *wl, const char *fmt, ...)
362 {
363         struct va_format vaf;
364         va_list args;
365
366         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
367                 return;
368         if (!b43_ratelimit(wl))
369                 return;
370
371         va_start(args, fmt);
372
373         vaf.fmt = fmt;
374         vaf.va = &args;
375
376         printk(KERN_ERR "b43-%s ERROR: %pV",
377                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
378
379         va_end(args);
380 }
381
382 void b43warn(struct b43_wl *wl, const char *fmt, ...)
383 {
384         struct va_format vaf;
385         va_list args;
386
387         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
388                 return;
389         if (!b43_ratelimit(wl))
390                 return;
391
392         va_start(args, fmt);
393
394         vaf.fmt = fmt;
395         vaf.va = &args;
396
397         printk(KERN_WARNING "b43-%s warning: %pV",
398                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399
400         va_end(args);
401 }
402
403 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
404 {
405         struct va_format vaf;
406         va_list args;
407
408         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
409                 return;
410
411         va_start(args, fmt);
412
413         vaf.fmt = fmt;
414         vaf.va = &args;
415
416         printk(KERN_DEBUG "b43-%s debug: %pV",
417                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
418
419         va_end(args);
420 }
421
422 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
423 {
424         u32 macctl;
425
426         B43_WARN_ON(offset % 4 != 0);
427
428         macctl = b43_read32(dev, B43_MMIO_MACCTL);
429         if (macctl & B43_MACCTL_BE)
430                 val = swab32(val);
431
432         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
433         mmiowb();
434         b43_write32(dev, B43_MMIO_RAM_DATA, val);
435 }
436
437 static inline void b43_shm_control_word(struct b43_wldev *dev,
438                                         u16 routing, u16 offset)
439 {
440         u32 control;
441
442         /* "offset" is the WORD offset. */
443         control = routing;
444         control <<= 16;
445         control |= offset;
446         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
447 }
448
449 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
450 {
451         u32 ret;
452
453         if (routing == B43_SHM_SHARED) {
454                 B43_WARN_ON(offset & 0x0001);
455                 if (offset & 0x0003) {
456                         /* Unaligned access */
457                         b43_shm_control_word(dev, routing, offset >> 2);
458                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
459                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
460                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
461
462                         goto out;
463                 }
464                 offset >>= 2;
465         }
466         b43_shm_control_word(dev, routing, offset);
467         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
468 out:
469         return ret;
470 }
471
472 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
473 {
474         u16 ret;
475
476         if (routing == B43_SHM_SHARED) {
477                 B43_WARN_ON(offset & 0x0001);
478                 if (offset & 0x0003) {
479                         /* Unaligned access */
480                         b43_shm_control_word(dev, routing, offset >> 2);
481                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
482
483                         goto out;
484                 }
485                 offset >>= 2;
486         }
487         b43_shm_control_word(dev, routing, offset);
488         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
489 out:
490         return ret;
491 }
492
493 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
494 {
495         if (routing == B43_SHM_SHARED) {
496                 B43_WARN_ON(offset & 0x0001);
497                 if (offset & 0x0003) {
498                         /* Unaligned access */
499                         b43_shm_control_word(dev, routing, offset >> 2);
500                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
501                                     value & 0xFFFF);
502                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
503                         b43_write16(dev, B43_MMIO_SHM_DATA,
504                                     (value >> 16) & 0xFFFF);
505                         return;
506                 }
507                 offset >>= 2;
508         }
509         b43_shm_control_word(dev, routing, offset);
510         b43_write32(dev, B43_MMIO_SHM_DATA, value);
511 }
512
513 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
514 {
515         if (routing == B43_SHM_SHARED) {
516                 B43_WARN_ON(offset & 0x0001);
517                 if (offset & 0x0003) {
518                         /* Unaligned access */
519                         b43_shm_control_word(dev, routing, offset >> 2);
520                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
521                         return;
522                 }
523                 offset >>= 2;
524         }
525         b43_shm_control_word(dev, routing, offset);
526         b43_write16(dev, B43_MMIO_SHM_DATA, value);
527 }
528
529 /* Read HostFlags */
530 u64 b43_hf_read(struct b43_wldev *dev)
531 {
532         u64 ret;
533
534         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
535         ret <<= 16;
536         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
537         ret <<= 16;
538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
539
540         return ret;
541 }
542
543 /* Write HostFlags */
544 void b43_hf_write(struct b43_wldev *dev, u64 value)
545 {
546         u16 lo, mi, hi;
547
548         lo = (value & 0x00000000FFFFULL);
549         mi = (value & 0x0000FFFF0000ULL) >> 16;
550         hi = (value & 0xFFFF00000000ULL) >> 32;
551         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
552         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
554 }
555
556 /* Read the firmware capabilities bitmask (Opensource firmware only) */
557 static u16 b43_fwcapa_read(struct b43_wldev *dev)
558 {
559         B43_WARN_ON(!dev->fw.opensource);
560         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
561 }
562
563 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
564 {
565         u32 low, high;
566
567         B43_WARN_ON(dev->dev->core_rev < 3);
568
569         /* The hardware guarantees us an atomic read, if we
570          * read the low register first. */
571         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
572         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
573
574         *tsf = high;
575         *tsf <<= 32;
576         *tsf |= low;
577 }
578
579 static void b43_time_lock(struct b43_wldev *dev)
580 {
581         u32 macctl;
582
583         macctl = b43_read32(dev, B43_MMIO_MACCTL);
584         macctl |= B43_MACCTL_TBTTHOLD;
585         b43_write32(dev, B43_MMIO_MACCTL, macctl);
586         /* Commit the write */
587         b43_read32(dev, B43_MMIO_MACCTL);
588 }
589
590 static void b43_time_unlock(struct b43_wldev *dev)
591 {
592         u32 macctl;
593
594         macctl = b43_read32(dev, B43_MMIO_MACCTL);
595         macctl &= ~B43_MACCTL_TBTTHOLD;
596         b43_write32(dev, B43_MMIO_MACCTL, macctl);
597         /* Commit the write */
598         b43_read32(dev, B43_MMIO_MACCTL);
599 }
600
601 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
602 {
603         u32 low, high;
604
605         B43_WARN_ON(dev->dev->core_rev < 3);
606
607         low = tsf;
608         high = (tsf >> 32);
609         /* The hardware guarantees us an atomic write, if we
610          * write the low register first. */
611         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
612         mmiowb();
613         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
614         mmiowb();
615 }
616
617 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
618 {
619         b43_time_lock(dev);
620         b43_tsf_write_locked(dev, tsf);
621         b43_time_unlock(dev);
622 }
623
624 static
625 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
626 {
627         static const u8 zero_addr[ETH_ALEN] = { 0 };
628         u16 data;
629
630         if (!mac)
631                 mac = zero_addr;
632
633         offset |= 0x0020;
634         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
635
636         data = mac[0];
637         data |= mac[1] << 8;
638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639         data = mac[2];
640         data |= mac[3] << 8;
641         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
642         data = mac[4];
643         data |= mac[5] << 8;
644         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
645 }
646
647 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
648 {
649         const u8 *mac;
650         const u8 *bssid;
651         u8 mac_bssid[ETH_ALEN * 2];
652         int i;
653         u32 tmp;
654
655         bssid = dev->wl->bssid;
656         mac = dev->wl->mac_addr;
657
658         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
659
660         memcpy(mac_bssid, mac, ETH_ALEN);
661         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
662
663         /* Write our MAC address and BSSID to template ram */
664         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
665                 tmp = (u32) (mac_bssid[i + 0]);
666                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
667                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
668                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
669                 b43_ram_write(dev, 0x20 + i, tmp);
670         }
671 }
672
673 static void b43_upload_card_macaddress(struct b43_wldev *dev)
674 {
675         b43_write_mac_bssid_templates(dev);
676         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
677 }
678
679 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
680 {
681         /* slot_time is in usec. */
682         /* This test used to exit for all but a G PHY. */
683         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
684                 return;
685         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
686         /* Shared memory location 0x0010 is the slot time and should be
687          * set to slot_time; however, this register is initially 0 and changing
688          * the value adversely affects the transmit rate for BCM4311
689          * devices. Until this behavior is unterstood, delete this step
690          *
691          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
692          */
693 }
694
695 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
696 {
697         b43_set_slot_time(dev, 9);
698 }
699
700 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
701 {
702         b43_set_slot_time(dev, 20);
703 }
704
705 /* DummyTransmission function, as documented on
706  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
707  */
708 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
709 {
710         struct b43_phy *phy = &dev->phy;
711         unsigned int i, max_loop;
712         u16 value;
713         u32 buffer[5] = {
714                 0x00000000,
715                 0x00D40000,
716                 0x00000000,
717                 0x01000000,
718                 0x00000000,
719         };
720
721         if (ofdm) {
722                 max_loop = 0x1E;
723                 buffer[0] = 0x000201CC;
724         } else {
725                 max_loop = 0xFA;
726                 buffer[0] = 0x000B846E;
727         }
728
729         for (i = 0; i < 5; i++)
730                 b43_ram_write(dev, i * 4, buffer[i]);
731
732         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
733
734         if (dev->dev->core_rev < 11)
735                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
736         else
737                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
738
739         value = (ofdm ? 0x41 : 0x40);
740         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
741         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
742             phy->type == B43_PHYTYPE_LCN)
743                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
744
745         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
746         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
747
748         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
749         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
750         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
751         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
752
753         if (!pa_on && phy->type == B43_PHYTYPE_N)
754                 ; /*b43_nphy_pa_override(dev, false) */
755
756         switch (phy->type) {
757         case B43_PHYTYPE_N:
758         case B43_PHYTYPE_LCN:
759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
760                 break;
761         case B43_PHYTYPE_LP:
762                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
763                 break;
764         default:
765                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
766         }
767         b43_read16(dev, B43_MMIO_TXE0_AUX);
768
769         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
770                 b43_radio_write16(dev, 0x0051, 0x0017);
771         for (i = 0x00; i < max_loop; i++) {
772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773                 if (value & 0x0080)
774                         break;
775                 udelay(10);
776         }
777         for (i = 0x00; i < 0x0A; i++) {
778                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
779                 if (value & 0x0400)
780                         break;
781                 udelay(10);
782         }
783         for (i = 0x00; i < 0x19; i++) {
784                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
785                 if (!(value & 0x0100))
786                         break;
787                 udelay(10);
788         }
789         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
790                 b43_radio_write16(dev, 0x0051, 0x0037);
791 }
792
793 static void key_write(struct b43_wldev *dev,
794                       u8 index, u8 algorithm, const u8 *key)
795 {
796         unsigned int i;
797         u32 offset;
798         u16 value;
799         u16 kidx;
800
801         /* Key index/algo block */
802         kidx = b43_kidx_to_fw(dev, index);
803         value = ((kidx << 4) | algorithm);
804         b43_shm_write16(dev, B43_SHM_SHARED,
805                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
806
807         /* Write the key to the Key Table Pointer offset */
808         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
809         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
810                 value = key[i];
811                 value |= (u16) (key[i + 1]) << 8;
812                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
813         }
814 }
815
816 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
817 {
818         u32 addrtmp[2] = { 0, 0, };
819         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
820
821         if (b43_new_kidx_api(dev))
822                 pairwise_keys_start = B43_NR_GROUP_KEYS;
823
824         B43_WARN_ON(index < pairwise_keys_start);
825         /* We have four default TX keys and possibly four default RX keys.
826          * Physical mac 0 is mapped to physical key 4 or 8, depending
827          * on the firmware version.
828          * So we must adjust the index here.
829          */
830         index -= pairwise_keys_start;
831         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
832
833         if (addr) {
834                 addrtmp[0] = addr[0];
835                 addrtmp[0] |= ((u32) (addr[1]) << 8);
836                 addrtmp[0] |= ((u32) (addr[2]) << 16);
837                 addrtmp[0] |= ((u32) (addr[3]) << 24);
838                 addrtmp[1] = addr[4];
839                 addrtmp[1] |= ((u32) (addr[5]) << 8);
840         }
841
842         /* Receive match transmitter address (RCMTA) mechanism */
843         b43_shm_write32(dev, B43_SHM_RCMTA,
844                         (index * 2) + 0, addrtmp[0]);
845         b43_shm_write16(dev, B43_SHM_RCMTA,
846                         (index * 2) + 1, addrtmp[1]);
847 }
848
849 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
850  * When a packet is received, the iv32 is checked.
851  * - if it doesn't the packet is returned without modification (and software
852  *   decryption can be done). That's what happen when iv16 wrap.
853  * - if it does, the rc4 key is computed, and decryption is tried.
854  *   Either it will success and B43_RX_MAC_DEC is returned,
855  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
856  *   and the packet is not usable (it got modified by the ucode).
857  * So in order to never have B43_RX_MAC_DECERR, we should provide
858  * a iv32 and phase1key that match. Because we drop packets in case of
859  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
860  * packets will be lost without higher layer knowing (ie no resync possible
861  * until next wrap).
862  *
863  * NOTE : this should support 50 key like RCMTA because
864  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
865  */
866 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
867                 u16 *phase1key)
868 {
869         unsigned int i;
870         u32 offset;
871         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
872
873         if (!modparam_hwtkip)
874                 return;
875
876         if (b43_new_kidx_api(dev))
877                 pairwise_keys_start = B43_NR_GROUP_KEYS;
878
879         B43_WARN_ON(index < pairwise_keys_start);
880         /* We have four default TX keys and possibly four default RX keys.
881          * Physical mac 0 is mapped to physical key 4 or 8, depending
882          * on the firmware version.
883          * So we must adjust the index here.
884          */
885         index -= pairwise_keys_start;
886         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
887
888         if (b43_debug(dev, B43_DBG_KEYS)) {
889                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
890                                 index, iv32);
891         }
892         /* Write the key to the  RX tkip shared mem */
893         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
894         for (i = 0; i < 10; i += 2) {
895                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
896                                 phase1key ? phase1key[i / 2] : 0);
897         }
898         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
899         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
900 }
901
902 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
903                                    struct ieee80211_vif *vif,
904                                    struct ieee80211_key_conf *keyconf,
905                                    struct ieee80211_sta *sta,
906                                    u32 iv32, u16 *phase1key)
907 {
908         struct b43_wl *wl = hw_to_b43_wl(hw);
909         struct b43_wldev *dev;
910         int index = keyconf->hw_key_idx;
911
912         if (B43_WARN_ON(!modparam_hwtkip))
913                 return;
914
915         /* This is only called from the RX path through mac80211, where
916          * our mutex is already locked. */
917         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
918         dev = wl->current_dev;
919         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
920
921         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
922
923         rx_tkip_phase1_write(dev, index, iv32, phase1key);
924         /* only pairwise TKIP keys are supported right now */
925         if (WARN_ON(!sta))
926                 return;
927         keymac_write(dev, index, sta->addr);
928 }
929
930 static void do_key_write(struct b43_wldev *dev,
931                          u8 index, u8 algorithm,
932                          const u8 *key, size_t key_len, const u8 *mac_addr)
933 {
934         u8 buf[B43_SEC_KEYSIZE] = { 0, };
935         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
936
937         if (b43_new_kidx_api(dev))
938                 pairwise_keys_start = B43_NR_GROUP_KEYS;
939
940         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
941         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
942
943         if (index >= pairwise_keys_start)
944                 keymac_write(dev, index, NULL); /* First zero out mac. */
945         if (algorithm == B43_SEC_ALGO_TKIP) {
946                 /*
947                  * We should provide an initial iv32, phase1key pair.
948                  * We could start with iv32=0 and compute the corresponding
949                  * phase1key, but this means calling ieee80211_get_tkip_key
950                  * with a fake skb (or export other tkip function).
951                  * Because we are lazy we hope iv32 won't start with
952                  * 0xffffffff and let's b43_op_update_tkip_key provide a
953                  * correct pair.
954                  */
955                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
956         } else if (index >= pairwise_keys_start) /* clear it */
957                 rx_tkip_phase1_write(dev, index, 0, NULL);
958         if (key)
959                 memcpy(buf, key, key_len);
960         key_write(dev, index, algorithm, buf);
961         if (index >= pairwise_keys_start)
962                 keymac_write(dev, index, mac_addr);
963
964         dev->key[index].algorithm = algorithm;
965 }
966
967 static int b43_key_write(struct b43_wldev *dev,
968                          int index, u8 algorithm,
969                          const u8 *key, size_t key_len,
970                          const u8 *mac_addr,
971                          struct ieee80211_key_conf *keyconf)
972 {
973         int i;
974         int pairwise_keys_start;
975
976         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
977          *      - Temporal Encryption Key (128 bits)
978          *      - Temporal Authenticator Tx MIC Key (64 bits)
979          *      - Temporal Authenticator Rx MIC Key (64 bits)
980          *
981          *      Hardware only store TEK
982          */
983         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
984                 key_len = 16;
985         if (key_len > B43_SEC_KEYSIZE)
986                 return -EINVAL;
987         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
988                 /* Check that we don't already have this key. */
989                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
990         }
991         if (index < 0) {
992                 /* Pairwise key. Get an empty slot for the key. */
993                 if (b43_new_kidx_api(dev))
994                         pairwise_keys_start = B43_NR_GROUP_KEYS;
995                 else
996                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
997                 for (i = pairwise_keys_start;
998                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
999                      i++) {
1000                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1001                         if (!dev->key[i].keyconf) {
1002                                 /* found empty */
1003                                 index = i;
1004                                 break;
1005                         }
1006                 }
1007                 if (index < 0) {
1008                         b43warn(dev->wl, "Out of hardware key memory\n");
1009                         return -ENOSPC;
1010                 }
1011         } else
1012                 B43_WARN_ON(index > 3);
1013
1014         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1015         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1016                 /* Default RX key */
1017                 B43_WARN_ON(mac_addr);
1018                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1019         }
1020         keyconf->hw_key_idx = index;
1021         dev->key[index].keyconf = keyconf;
1022
1023         return 0;
1024 }
1025
1026 static int b43_key_clear(struct b43_wldev *dev, int index)
1027 {
1028         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1029                 return -EINVAL;
1030         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1031                      NULL, B43_SEC_KEYSIZE, NULL);
1032         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1033                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1034                              NULL, B43_SEC_KEYSIZE, NULL);
1035         }
1036         dev->key[index].keyconf = NULL;
1037
1038         return 0;
1039 }
1040
1041 static void b43_clear_keys(struct b43_wldev *dev)
1042 {
1043         int i, count;
1044
1045         if (b43_new_kidx_api(dev))
1046                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1047         else
1048                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1049         for (i = 0; i < count; i++)
1050                 b43_key_clear(dev, i);
1051 }
1052
1053 static void b43_dump_keymemory(struct b43_wldev *dev)
1054 {
1055         unsigned int i, index, count, offset, pairwise_keys_start;
1056         u8 mac[ETH_ALEN];
1057         u16 algo;
1058         u32 rcmta0;
1059         u16 rcmta1;
1060         u64 hf;
1061         struct b43_key *key;
1062
1063         if (!b43_debug(dev, B43_DBG_KEYS))
1064                 return;
1065
1066         hf = b43_hf_read(dev);
1067         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1068                !!(hf & B43_HF_USEDEFKEYS));
1069         if (b43_new_kidx_api(dev)) {
1070                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1071                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1072         } else {
1073                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1074                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1075         }
1076         for (index = 0; index < count; index++) {
1077                 key = &(dev->key[index]);
1078                 printk(KERN_DEBUG "Key slot %02u: %s",
1079                        index, (key->keyconf == NULL) ? " " : "*");
1080                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1081                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1082                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1083                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1084                 }
1085
1086                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1087                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1088                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1089
1090                 if (index >= pairwise_keys_start) {
1091                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1092                                 printk("   TKIP: ");
1093                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1094                                 for (i = 0; i < 14; i += 2) {
1095                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1096                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1097                                 }
1098                         }
1099                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1100                                                 ((index - pairwise_keys_start) * 2) + 0);
1101                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1102                                                 ((index - pairwise_keys_start) * 2) + 1);
1103                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1104                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1105                         printk("   MAC: %pM", mac);
1106                 } else
1107                         printk("   DEFAULT KEY");
1108                 printk("\n");
1109         }
1110 }
1111
1112 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1113 {
1114         u32 macctl;
1115         u16 ucstat;
1116         bool hwps;
1117         bool awake;
1118         int i;
1119
1120         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1121                     (ps_flags & B43_PS_DISABLED));
1122         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1123
1124         if (ps_flags & B43_PS_ENABLED) {
1125                 hwps = 1;
1126         } else if (ps_flags & B43_PS_DISABLED) {
1127                 hwps = 0;
1128         } else {
1129                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1130                 //      and thus is not an AP and we are associated, set bit 25
1131         }
1132         if (ps_flags & B43_PS_AWAKE) {
1133                 awake = 1;
1134         } else if (ps_flags & B43_PS_ASLEEP) {
1135                 awake = 0;
1136         } else {
1137                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1138                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1139                 //      successful, set bit26
1140         }
1141
1142 /* FIXME: For now we force awake-on and hwps-off */
1143         hwps = 0;
1144         awake = 1;
1145
1146         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1147         if (hwps)
1148                 macctl |= B43_MACCTL_HWPS;
1149         else
1150                 macctl &= ~B43_MACCTL_HWPS;
1151         if (awake)
1152                 macctl |= B43_MACCTL_AWAKE;
1153         else
1154                 macctl &= ~B43_MACCTL_AWAKE;
1155         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1156         /* Commit write */
1157         b43_read32(dev, B43_MMIO_MACCTL);
1158         if (awake && dev->dev->core_rev >= 5) {
1159                 /* Wait for the microcode to wake up. */
1160                 for (i = 0; i < 100; i++) {
1161                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1162                                                 B43_SHM_SH_UCODESTAT);
1163                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1164                                 break;
1165                         udelay(10);
1166                 }
1167         }
1168 }
1169
1170 #ifdef CONFIG_B43_BCMA
1171 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1172 {
1173         u32 flags;
1174
1175         /* Put PHY into reset */
1176         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1177         flags |= B43_BCMA_IOCTL_PHY_RESET;
1178         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1179         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1180         udelay(2);
1181
1182         /* Take PHY out of reset */
1183         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1184         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1185         flags |= BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188
1189         /* Do not force clock anymore */
1190         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1191         flags &= ~BCMA_IOCTL_FGC;
1192         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1193         udelay(1);
1194 }
1195
1196 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1197 {
1198         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1199         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1200         b43_bcma_phy_reset(dev);
1201         bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1202 }
1203 #endif
1204
1205 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1206 {
1207         struct ssb_device *sdev = dev->dev->sdev;
1208         u32 tmslow;
1209         u32 flags = 0;
1210
1211         if (gmode)
1212                 flags |= B43_TMSLOW_GMODE;
1213         flags |= B43_TMSLOW_PHYCLKEN;
1214         flags |= B43_TMSLOW_PHYRESET;
1215         if (dev->phy.type == B43_PHYTYPE_N)
1216                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1217         b43_device_enable(dev, flags);
1218         msleep(2);              /* Wait for the PLL to turn on. */
1219
1220         /* Now take the PHY out of Reset again */
1221         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1222         tmslow |= SSB_TMSLOW_FGC;
1223         tmslow &= ~B43_TMSLOW_PHYRESET;
1224         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1225         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1226         msleep(1);
1227         tmslow &= ~SSB_TMSLOW_FGC;
1228         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1229         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1230         msleep(1);
1231 }
1232
1233 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1234 {
1235         u32 macctl;
1236
1237         switch (dev->dev->bus_type) {
1238 #ifdef CONFIG_B43_BCMA
1239         case B43_BUS_BCMA:
1240                 b43_bcma_wireless_core_reset(dev, gmode);
1241                 break;
1242 #endif
1243 #ifdef CONFIG_B43_SSB
1244         case B43_BUS_SSB:
1245                 b43_ssb_wireless_core_reset(dev, gmode);
1246                 break;
1247 #endif
1248         }
1249
1250         /* Turn Analog ON, but only if we already know the PHY-type.
1251          * This protects against very early setup where we don't know the
1252          * PHY-type, yet. wireless_core_reset will be called once again later,
1253          * when we know the PHY-type. */
1254         if (dev->phy.ops)
1255                 dev->phy.ops->switch_analog(dev, 1);
1256
1257         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1258         macctl &= ~B43_MACCTL_GMODE;
1259         if (gmode)
1260                 macctl |= B43_MACCTL_GMODE;
1261         macctl |= B43_MACCTL_IHR_ENABLED;
1262         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1263 }
1264
1265 static void handle_irq_transmit_status(struct b43_wldev *dev)
1266 {
1267         u32 v0, v1;
1268         u16 tmp;
1269         struct b43_txstatus stat;
1270
1271         while (1) {
1272                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1273                 if (!(v0 & 0x00000001))
1274                         break;
1275                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1276
1277                 stat.cookie = (v0 >> 16);
1278                 stat.seq = (v1 & 0x0000FFFF);
1279                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1280                 tmp = (v0 & 0x0000FFFF);
1281                 stat.frame_count = ((tmp & 0xF000) >> 12);
1282                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1283                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1284                 stat.pm_indicated = !!(tmp & 0x0080);
1285                 stat.intermediate = !!(tmp & 0x0040);
1286                 stat.for_ampdu = !!(tmp & 0x0020);
1287                 stat.acked = !!(tmp & 0x0002);
1288
1289                 b43_handle_txstatus(dev, &stat);
1290         }
1291 }
1292
1293 static void drain_txstatus_queue(struct b43_wldev *dev)
1294 {
1295         u32 dummy;
1296
1297         if (dev->dev->core_rev < 5)
1298                 return;
1299         /* Read all entries from the microcode TXstatus FIFO
1300          * and throw them away.
1301          */
1302         while (1) {
1303                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1304                 if (!(dummy & 0x00000001))
1305                         break;
1306                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1307         }
1308 }
1309
1310 static u32 b43_jssi_read(struct b43_wldev *dev)
1311 {
1312         u32 val = 0;
1313
1314         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1315         val <<= 16;
1316         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1317
1318         return val;
1319 }
1320
1321 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1322 {
1323         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1324         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1325 }
1326
1327 static void b43_generate_noise_sample(struct b43_wldev *dev)
1328 {
1329         b43_jssi_write(dev, 0x7F7F7F7F);
1330         b43_write32(dev, B43_MMIO_MACCMD,
1331                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1332 }
1333
1334 static void b43_calculate_link_quality(struct b43_wldev *dev)
1335 {
1336         /* Top half of Link Quality calculation. */
1337
1338         if (dev->phy.type != B43_PHYTYPE_G)
1339                 return;
1340         if (dev->noisecalc.calculation_running)
1341                 return;
1342         dev->noisecalc.calculation_running = 1;
1343         dev->noisecalc.nr_samples = 0;
1344
1345         b43_generate_noise_sample(dev);
1346 }
1347
1348 static void handle_irq_noise(struct b43_wldev *dev)
1349 {
1350         struct b43_phy_g *phy = dev->phy.g;
1351         u16 tmp;
1352         u8 noise[4];
1353         u8 i, j;
1354         s32 average;
1355
1356         /* Bottom half of Link Quality calculation. */
1357
1358         if (dev->phy.type != B43_PHYTYPE_G)
1359                 return;
1360
1361         /* Possible race condition: It might be possible that the user
1362          * changed to a different channel in the meantime since we
1363          * started the calculation. We ignore that fact, since it's
1364          * not really that much of a problem. The background noise is
1365          * an estimation only anyway. Slightly wrong results will get damped
1366          * by the averaging of the 8 sample rounds. Additionally the
1367          * value is shortlived. So it will be replaced by the next noise
1368          * calculation round soon. */
1369
1370         B43_WARN_ON(!dev->noisecalc.calculation_running);
1371         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1372         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1373             noise[2] == 0x7F || noise[3] == 0x7F)
1374                 goto generate_new;
1375
1376         /* Get the noise samples. */
1377         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1378         i = dev->noisecalc.nr_samples;
1379         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1380         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1384         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1385         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1386         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1387         dev->noisecalc.nr_samples++;
1388         if (dev->noisecalc.nr_samples == 8) {
1389                 /* Calculate the Link Quality by the noise samples. */
1390                 average = 0;
1391                 for (i = 0; i < 8; i++) {
1392                         for (j = 0; j < 4; j++)
1393                                 average += dev->noisecalc.samples[i][j];
1394                 }
1395                 average /= (8 * 4);
1396                 average *= 125;
1397                 average += 64;
1398                 average /= 128;
1399                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1400                 tmp = (tmp / 128) & 0x1F;
1401                 if (tmp >= 8)
1402                         average += 2;
1403                 else
1404                         average -= 25;
1405                 if (tmp == 8)
1406                         average -= 72;
1407                 else
1408                         average -= 48;
1409
1410                 dev->stats.link_noise = average;
1411                 dev->noisecalc.calculation_running = 0;
1412                 return;
1413         }
1414 generate_new:
1415         b43_generate_noise_sample(dev);
1416 }
1417
1418 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1419 {
1420         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1421                 ///TODO: PS TBTT
1422         } else {
1423                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1424                         b43_power_saving_ctl_bits(dev, 0);
1425         }
1426         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1427                 dev->dfq_valid = 1;
1428 }
1429
1430 static void handle_irq_atim_end(struct b43_wldev *dev)
1431 {
1432         if (dev->dfq_valid) {
1433                 b43_write32(dev, B43_MMIO_MACCMD,
1434                             b43_read32(dev, B43_MMIO_MACCMD)
1435                             | B43_MACCMD_DFQ_VALID);
1436                 dev->dfq_valid = 0;
1437         }
1438 }
1439
1440 static void handle_irq_pmq(struct b43_wldev *dev)
1441 {
1442         u32 tmp;
1443
1444         //TODO: AP mode.
1445
1446         while (1) {
1447                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1448                 if (!(tmp & 0x00000008))
1449                         break;
1450         }
1451         /* 16bit write is odd, but correct. */
1452         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1453 }
1454
1455 static void b43_write_template_common(struct b43_wldev *dev,
1456                                       const u8 *data, u16 size,
1457                                       u16 ram_offset,
1458                                       u16 shm_size_offset, u8 rate)
1459 {
1460         u32 i, tmp;
1461         struct b43_plcp_hdr4 plcp;
1462
1463         plcp.data = 0;
1464         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1465         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1466         ram_offset += sizeof(u32);
1467         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1468          * So leave the first two bytes of the next write blank.
1469          */
1470         tmp = (u32) (data[0]) << 16;
1471         tmp |= (u32) (data[1]) << 24;
1472         b43_ram_write(dev, ram_offset, tmp);
1473         ram_offset += sizeof(u32);
1474         for (i = 2; i < size; i += sizeof(u32)) {
1475                 tmp = (u32) (data[i + 0]);
1476                 if (i + 1 < size)
1477                         tmp |= (u32) (data[i + 1]) << 8;
1478                 if (i + 2 < size)
1479                         tmp |= (u32) (data[i + 2]) << 16;
1480                 if (i + 3 < size)
1481                         tmp |= (u32) (data[i + 3]) << 24;
1482                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1483         }
1484         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1485                         size + sizeof(struct b43_plcp_hdr6));
1486 }
1487
1488 /* Check if the use of the antenna that ieee80211 told us to
1489  * use is possible. This will fall back to DEFAULT.
1490  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1491 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1492                                   u8 antenna_nr)
1493 {
1494         u8 antenna_mask;
1495
1496         if (antenna_nr == 0) {
1497                 /* Zero means "use default antenna". That's always OK. */
1498                 return 0;
1499         }
1500
1501         /* Get the mask of available antennas. */
1502         if (dev->phy.gmode)
1503                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1504         else
1505                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1506
1507         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1508                 /* This antenna is not available. Fall back to default. */
1509                 return 0;
1510         }
1511
1512         return antenna_nr;
1513 }
1514
1515 /* Convert a b43 antenna number value to the PHY TX control value. */
1516 static u16 b43_antenna_to_phyctl(int antenna)
1517 {
1518         switch (antenna) {
1519         case B43_ANTENNA0:
1520                 return B43_TXH_PHY_ANT0;
1521         case B43_ANTENNA1:
1522                 return B43_TXH_PHY_ANT1;
1523         case B43_ANTENNA2:
1524                 return B43_TXH_PHY_ANT2;
1525         case B43_ANTENNA3:
1526                 return B43_TXH_PHY_ANT3;
1527         case B43_ANTENNA_AUTO0:
1528         case B43_ANTENNA_AUTO1:
1529                 return B43_TXH_PHY_ANT01AUTO;
1530         }
1531         B43_WARN_ON(1);
1532         return 0;
1533 }
1534
1535 static void b43_write_beacon_template(struct b43_wldev *dev,
1536                                       u16 ram_offset,
1537                                       u16 shm_size_offset)
1538 {
1539         unsigned int i, len, variable_len;
1540         const struct ieee80211_mgmt *bcn;
1541         const u8 *ie;
1542         bool tim_found = 0;
1543         unsigned int rate;
1544         u16 ctl;
1545         int antenna;
1546         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1547
1548         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1549         len = min((size_t) dev->wl->current_beacon->len,
1550                   0x200 - sizeof(struct b43_plcp_hdr6));
1551         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1552
1553         b43_write_template_common(dev, (const u8 *)bcn,
1554                                   len, ram_offset, shm_size_offset, rate);
1555
1556         /* Write the PHY TX control parameters. */
1557         antenna = B43_ANTENNA_DEFAULT;
1558         antenna = b43_antenna_to_phyctl(antenna);
1559         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1560         /* We can't send beacons with short preamble. Would get PHY errors. */
1561         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1562         ctl &= ~B43_TXH_PHY_ANT;
1563         ctl &= ~B43_TXH_PHY_ENC;
1564         ctl |= antenna;
1565         if (b43_is_cck_rate(rate))
1566                 ctl |= B43_TXH_PHY_ENC_CCK;
1567         else
1568                 ctl |= B43_TXH_PHY_ENC_OFDM;
1569         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1570
1571         /* Find the position of the TIM and the DTIM_period value
1572          * and write them to SHM. */
1573         ie = bcn->u.beacon.variable;
1574         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1575         for (i = 0; i < variable_len - 2; ) {
1576                 uint8_t ie_id, ie_len;
1577
1578                 ie_id = ie[i];
1579                 ie_len = ie[i + 1];
1580                 if (ie_id == 5) {
1581                         u16 tim_position;
1582                         u16 dtim_period;
1583                         /* This is the TIM Information Element */
1584
1585                         /* Check whether the ie_len is in the beacon data range. */
1586                         if (variable_len < ie_len + 2 + i)
1587                                 break;
1588                         /* A valid TIM is at least 4 bytes long. */
1589                         if (ie_len < 4)
1590                                 break;
1591                         tim_found = 1;
1592
1593                         tim_position = sizeof(struct b43_plcp_hdr6);
1594                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1595                         tim_position += i;
1596
1597                         dtim_period = ie[i + 3];
1598
1599                         b43_shm_write16(dev, B43_SHM_SHARED,
1600                                         B43_SHM_SH_TIMBPOS, tim_position);
1601                         b43_shm_write16(dev, B43_SHM_SHARED,
1602                                         B43_SHM_SH_DTIMPER, dtim_period);
1603                         break;
1604                 }
1605                 i += ie_len + 2;
1606         }
1607         if (!tim_found) {
1608                 /*
1609                  * If ucode wants to modify TIM do it behind the beacon, this
1610                  * will happen, for example, when doing mesh networking.
1611                  */
1612                 b43_shm_write16(dev, B43_SHM_SHARED,
1613                                 B43_SHM_SH_TIMBPOS,
1614                                 len + sizeof(struct b43_plcp_hdr6));
1615                 b43_shm_write16(dev, B43_SHM_SHARED,
1616                                 B43_SHM_SH_DTIMPER, 0);
1617         }
1618         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1619 }
1620
1621 static void b43_upload_beacon0(struct b43_wldev *dev)
1622 {
1623         struct b43_wl *wl = dev->wl;
1624
1625         if (wl->beacon0_uploaded)
1626                 return;
1627         b43_write_beacon_template(dev, 0x68, 0x18);
1628         wl->beacon0_uploaded = 1;
1629 }
1630
1631 static void b43_upload_beacon1(struct b43_wldev *dev)
1632 {
1633         struct b43_wl *wl = dev->wl;
1634
1635         if (wl->beacon1_uploaded)
1636                 return;
1637         b43_write_beacon_template(dev, 0x468, 0x1A);
1638         wl->beacon1_uploaded = 1;
1639 }
1640
1641 static void handle_irq_beacon(struct b43_wldev *dev)
1642 {
1643         struct b43_wl *wl = dev->wl;
1644         u32 cmd, beacon0_valid, beacon1_valid;
1645
1646         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1647             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1648             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1649                 return;
1650
1651         /* This is the bottom half of the asynchronous beacon update. */
1652
1653         /* Ignore interrupt in the future. */
1654         dev->irq_mask &= ~B43_IRQ_BEACON;
1655
1656         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1657         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1658         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1659
1660         /* Schedule interrupt manually, if busy. */
1661         if (beacon0_valid && beacon1_valid) {
1662                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1663                 dev->irq_mask |= B43_IRQ_BEACON;
1664                 return;
1665         }
1666
1667         if (unlikely(wl->beacon_templates_virgin)) {
1668                 /* We never uploaded a beacon before.
1669                  * Upload both templates now, but only mark one valid. */
1670                 wl->beacon_templates_virgin = 0;
1671                 b43_upload_beacon0(dev);
1672                 b43_upload_beacon1(dev);
1673                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1674                 cmd |= B43_MACCMD_BEACON0_VALID;
1675                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1676         } else {
1677                 if (!beacon0_valid) {
1678                         b43_upload_beacon0(dev);
1679                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1680                         cmd |= B43_MACCMD_BEACON0_VALID;
1681                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1682                 } else if (!beacon1_valid) {
1683                         b43_upload_beacon1(dev);
1684                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1685                         cmd |= B43_MACCMD_BEACON1_VALID;
1686                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1687                 }
1688         }
1689 }
1690
1691 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1692 {
1693         u32 old_irq_mask = dev->irq_mask;
1694
1695         /* update beacon right away or defer to irq */
1696         handle_irq_beacon(dev);
1697         if (old_irq_mask != dev->irq_mask) {
1698                 /* The handler updated the IRQ mask. */
1699                 B43_WARN_ON(!dev->irq_mask);
1700                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1701                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1702                 } else {
1703                         /* Device interrupts are currently disabled. That means
1704                          * we just ran the hardirq handler and scheduled the
1705                          * IRQ thread. The thread will write the IRQ mask when
1706                          * it finished, so there's nothing to do here. Writing
1707                          * the mask _here_ would incorrectly re-enable IRQs. */
1708                 }
1709         }
1710 }
1711
1712 static void b43_beacon_update_trigger_work(struct work_struct *work)
1713 {
1714         struct b43_wl *wl = container_of(work, struct b43_wl,
1715                                          beacon_update_trigger);
1716         struct b43_wldev *dev;
1717
1718         mutex_lock(&wl->mutex);
1719         dev = wl->current_dev;
1720         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1721                 if (b43_bus_host_is_sdio(dev->dev)) {
1722                         /* wl->mutex is enough. */
1723                         b43_do_beacon_update_trigger_work(dev);
1724                         mmiowb();
1725                 } else {
1726                         spin_lock_irq(&wl->hardirq_lock);
1727                         b43_do_beacon_update_trigger_work(dev);
1728                         mmiowb();
1729                         spin_unlock_irq(&wl->hardirq_lock);
1730                 }
1731         }
1732         mutex_unlock(&wl->mutex);
1733 }
1734
1735 /* Asynchronously update the packet templates in template RAM.
1736  * Locking: Requires wl->mutex to be locked. */
1737 static void b43_update_templates(struct b43_wl *wl)
1738 {
1739         struct sk_buff *beacon;
1740
1741         /* This is the top half of the ansynchronous beacon update.
1742          * The bottom half is the beacon IRQ.
1743          * Beacon update must be asynchronous to avoid sending an
1744          * invalid beacon. This can happen for example, if the firmware
1745          * transmits a beacon while we are updating it. */
1746
1747         /* We could modify the existing beacon and set the aid bit in
1748          * the TIM field, but that would probably require resizing and
1749          * moving of data within the beacon template.
1750          * Simply request a new beacon and let mac80211 do the hard work. */
1751         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1752         if (unlikely(!beacon))
1753                 return;
1754
1755         if (wl->current_beacon)
1756                 dev_kfree_skb_any(wl->current_beacon);
1757         wl->current_beacon = beacon;
1758         wl->beacon0_uploaded = 0;
1759         wl->beacon1_uploaded = 0;
1760         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1761 }
1762
1763 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1764 {
1765         b43_time_lock(dev);
1766         if (dev->dev->core_rev >= 3) {
1767                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1768                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1769         } else {
1770                 b43_write16(dev, 0x606, (beacon_int >> 6));
1771                 b43_write16(dev, 0x610, beacon_int);
1772         }
1773         b43_time_unlock(dev);
1774         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1775 }
1776
1777 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1778 {
1779         u16 reason;
1780
1781         /* Read the register that contains the reason code for the panic. */
1782         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1783         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1784
1785         switch (reason) {
1786         default:
1787                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1788                 /* fallthrough */
1789         case B43_FWPANIC_DIE:
1790                 /* Do not restart the controller or firmware.
1791                  * The device is nonfunctional from now on.
1792                  * Restarting would result in this panic to trigger again,
1793                  * so we avoid that recursion. */
1794                 break;
1795         case B43_FWPANIC_RESTART:
1796                 b43_controller_restart(dev, "Microcode panic");
1797                 break;
1798         }
1799 }
1800
1801 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1802 {
1803         unsigned int i, cnt;
1804         u16 reason, marker_id, marker_line;
1805         __le16 *buf;
1806
1807         /* The proprietary firmware doesn't have this IRQ. */
1808         if (!dev->fw.opensource)
1809                 return;
1810
1811         /* Read the register that contains the reason code for this IRQ. */
1812         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1813
1814         switch (reason) {
1815         case B43_DEBUGIRQ_PANIC:
1816                 b43_handle_firmware_panic(dev);
1817                 break;
1818         case B43_DEBUGIRQ_DUMP_SHM:
1819                 if (!B43_DEBUG)
1820                         break; /* Only with driver debugging enabled. */
1821                 buf = kmalloc(4096, GFP_ATOMIC);
1822                 if (!buf) {
1823                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1824                         goto out;
1825                 }
1826                 for (i = 0; i < 4096; i += 2) {
1827                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1828                         buf[i / 2] = cpu_to_le16(tmp);
1829                 }
1830                 b43info(dev->wl, "Shared memory dump:\n");
1831                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1832                                16, 2, buf, 4096, 1);
1833                 kfree(buf);
1834                 break;
1835         case B43_DEBUGIRQ_DUMP_REGS:
1836                 if (!B43_DEBUG)
1837                         break; /* Only with driver debugging enabled. */
1838                 b43info(dev->wl, "Microcode register dump:\n");
1839                 for (i = 0, cnt = 0; i < 64; i++) {
1840                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1841                         if (cnt == 0)
1842                                 printk(KERN_INFO);
1843                         printk("r%02u: 0x%04X  ", i, tmp);
1844                         cnt++;
1845                         if (cnt == 6) {
1846                                 printk("\n");
1847                                 cnt = 0;
1848                         }
1849                 }
1850                 printk("\n");
1851                 break;
1852         case B43_DEBUGIRQ_MARKER:
1853                 if (!B43_DEBUG)
1854                         break; /* Only with driver debugging enabled. */
1855                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1856                                            B43_MARKER_ID_REG);
1857                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1858                                              B43_MARKER_LINE_REG);
1859                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1860                         "at line number %u\n",
1861                         marker_id, marker_line);
1862                 break;
1863         default:
1864                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1865                        reason);
1866         }
1867 out:
1868         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1869         b43_shm_write16(dev, B43_SHM_SCRATCH,
1870                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1871 }
1872
1873 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1874 {
1875         u32 reason;
1876         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1877         u32 merged_dma_reason = 0;
1878         int i;
1879
1880         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1881                 return;
1882
1883         reason = dev->irq_reason;
1884         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1885                 dma_reason[i] = dev->dma_reason[i];
1886                 merged_dma_reason |= dma_reason[i];
1887         }
1888
1889         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1890                 b43err(dev->wl, "MAC transmission error\n");
1891
1892         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1893                 b43err(dev->wl, "PHY transmission error\n");
1894                 rmb();
1895                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1896                         atomic_set(&dev->phy.txerr_cnt,
1897                                    B43_PHY_TX_BADNESS_LIMIT);
1898                         b43err(dev->wl, "Too many PHY TX errors, "
1899                                         "restarting the controller\n");
1900                         b43_controller_restart(dev, "PHY TX errors");
1901                 }
1902         }
1903
1904         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1905                                           B43_DMAIRQ_NONFATALMASK))) {
1906                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1907                         b43err(dev->wl, "Fatal DMA error: "
1908                                "0x%08X, 0x%08X, 0x%08X, "
1909                                "0x%08X, 0x%08X, 0x%08X\n",
1910                                dma_reason[0], dma_reason[1],
1911                                dma_reason[2], dma_reason[3],
1912                                dma_reason[4], dma_reason[5]);
1913                         b43err(dev->wl, "This device does not support DMA "
1914                                "on your system. It will now be switched to PIO.\n");
1915                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1916                         dev->use_pio = 1;
1917                         b43_controller_restart(dev, "DMA error");
1918                         return;
1919                 }
1920                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1921                         b43err(dev->wl, "DMA error: "
1922                                "0x%08X, 0x%08X, 0x%08X, "
1923                                "0x%08X, 0x%08X, 0x%08X\n",
1924                                dma_reason[0], dma_reason[1],
1925                                dma_reason[2], dma_reason[3],
1926                                dma_reason[4], dma_reason[5]);
1927                 }
1928         }
1929
1930         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1931                 handle_irq_ucode_debug(dev);
1932         if (reason & B43_IRQ_TBTT_INDI)
1933                 handle_irq_tbtt_indication(dev);
1934         if (reason & B43_IRQ_ATIM_END)
1935                 handle_irq_atim_end(dev);
1936         if (reason & B43_IRQ_BEACON)
1937                 handle_irq_beacon(dev);
1938         if (reason & B43_IRQ_PMQ)
1939                 handle_irq_pmq(dev);
1940         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1941                 ;/* TODO */
1942         if (reason & B43_IRQ_NOISESAMPLE_OK)
1943                 handle_irq_noise(dev);
1944
1945         /* Check the DMA reason registers for received data. */
1946         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1947                 if (b43_using_pio_transfers(dev))
1948                         b43_pio_rx(dev->pio.rx_queue);
1949                 else
1950                         b43_dma_rx(dev->dma.rx_ring);
1951         }
1952         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1953         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1954         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1955         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1956         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1957
1958         if (reason & B43_IRQ_TX_OK)
1959                 handle_irq_transmit_status(dev);
1960
1961         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1962         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1963
1964 #if B43_DEBUG
1965         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1966                 dev->irq_count++;
1967                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1968                         if (reason & (1 << i))
1969                                 dev->irq_bit_count[i]++;
1970                 }
1971         }
1972 #endif
1973 }
1974
1975 /* Interrupt thread handler. Handles device interrupts in thread context. */
1976 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1977 {
1978         struct b43_wldev *dev = dev_id;
1979
1980         mutex_lock(&dev->wl->mutex);
1981         b43_do_interrupt_thread(dev);
1982         mmiowb();
1983         mutex_unlock(&dev->wl->mutex);
1984
1985         return IRQ_HANDLED;
1986 }
1987
1988 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1989 {
1990         u32 reason;
1991
1992         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1993          * On SDIO, this runs under wl->mutex. */
1994
1995         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1996         if (reason == 0xffffffff)       /* shared IRQ */
1997                 return IRQ_NONE;
1998         reason &= dev->irq_mask;
1999         if (!reason)
2000                 return IRQ_NONE;
2001
2002         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2003             & 0x0001DC00;
2004         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2005             & 0x0000DC00;
2006         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2007             & 0x0000DC00;
2008         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2009             & 0x0001DC00;
2010         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2011             & 0x0000DC00;
2012 /* Unused ring
2013         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2014             & 0x0000DC00;
2015 */
2016
2017         /* ACK the interrupt. */
2018         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2019         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2020         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2021         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2022         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2023         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2024 /* Unused ring
2025         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2026 */
2027
2028         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2029         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2030         /* Save the reason bitmasks for the IRQ thread handler. */
2031         dev->irq_reason = reason;
2032
2033         return IRQ_WAKE_THREAD;
2034 }
2035
2036 /* Interrupt handler top-half. This runs with interrupts disabled. */
2037 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2038 {
2039         struct b43_wldev *dev = dev_id;
2040         irqreturn_t ret;
2041
2042         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2043                 return IRQ_NONE;
2044
2045         spin_lock(&dev->wl->hardirq_lock);
2046         ret = b43_do_interrupt(dev);
2047         mmiowb();
2048         spin_unlock(&dev->wl->hardirq_lock);
2049
2050         return ret;
2051 }
2052
2053 /* SDIO interrupt handler. This runs in process context. */
2054 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2055 {
2056         struct b43_wl *wl = dev->wl;
2057         irqreturn_t ret;
2058
2059         mutex_lock(&wl->mutex);
2060
2061         ret = b43_do_interrupt(dev);
2062         if (ret == IRQ_WAKE_THREAD)
2063                 b43_do_interrupt_thread(dev);
2064
2065         mutex_unlock(&wl->mutex);
2066 }
2067
2068 void b43_do_release_fw(struct b43_firmware_file *fw)
2069 {
2070         release_firmware(fw->data);
2071         fw->data = NULL;
2072         fw->filename = NULL;
2073 }
2074
2075 static void b43_release_firmware(struct b43_wldev *dev)
2076 {
2077         b43_do_release_fw(&dev->fw.ucode);
2078         b43_do_release_fw(&dev->fw.pcm);
2079         b43_do_release_fw(&dev->fw.initvals);
2080         b43_do_release_fw(&dev->fw.initvals_band);
2081 }
2082
2083 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2084 {
2085         const char text[] =
2086                 "You must go to " \
2087                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2088                 "and download the correct firmware for this driver version. " \
2089                 "Please carefully read all instructions on this website.\n";
2090
2091         if (error)
2092                 b43err(wl, text);
2093         else
2094                 b43warn(wl, text);
2095 }
2096
2097 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2098                       const char *name,
2099                       struct b43_firmware_file *fw)
2100 {
2101         const struct firmware *blob;
2102         struct b43_fw_header *hdr;
2103         u32 size;
2104         int err;
2105
2106         if (!name) {
2107                 /* Don't fetch anything. Free possibly cached firmware. */
2108                 /* FIXME: We should probably keep it anyway, to save some headache
2109                  * on suspend/resume with multiband devices. */
2110                 b43_do_release_fw(fw);
2111                 return 0;
2112         }
2113         if (fw->filename) {
2114                 if ((fw->type == ctx->req_type) &&
2115                     (strcmp(fw->filename, name) == 0))
2116                         return 0; /* Already have this fw. */
2117                 /* Free the cached firmware first. */
2118                 /* FIXME: We should probably do this later after we successfully
2119                  * got the new fw. This could reduce headache with multiband devices.
2120                  * We could also redesign this to cache the firmware for all possible
2121                  * bands all the time. */
2122                 b43_do_release_fw(fw);
2123         }
2124
2125         switch (ctx->req_type) {
2126         case B43_FWTYPE_PROPRIETARY:
2127                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2128                          "b43%s/%s.fw",
2129                          modparam_fwpostfix, name);
2130                 break;
2131         case B43_FWTYPE_OPENSOURCE:
2132                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2133                          "b43-open%s/%s.fw",
2134                          modparam_fwpostfix, name);
2135                 break;
2136         default:
2137                 B43_WARN_ON(1);
2138                 return -ENOSYS;
2139         }
2140         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2141         if (err == -ENOENT) {
2142                 snprintf(ctx->errors[ctx->req_type],
2143                          sizeof(ctx->errors[ctx->req_type]),
2144                          "Firmware file \"%s\" not found\n", ctx->fwname);
2145                 return err;
2146         } else if (err) {
2147                 snprintf(ctx->errors[ctx->req_type],
2148                          sizeof(ctx->errors[ctx->req_type]),
2149                          "Firmware file \"%s\" request failed (err=%d)\n",
2150                          ctx->fwname, err);
2151                 return err;
2152         }
2153         if (blob->size < sizeof(struct b43_fw_header))
2154                 goto err_format;
2155         hdr = (struct b43_fw_header *)(blob->data);
2156         switch (hdr->type) {
2157         case B43_FW_TYPE_UCODE:
2158         case B43_FW_TYPE_PCM:
2159                 size = be32_to_cpu(hdr->size);
2160                 if (size != blob->size - sizeof(struct b43_fw_header))
2161                         goto err_format;
2162                 /* fallthrough */
2163         case B43_FW_TYPE_IV:
2164                 if (hdr->ver != 1)
2165                         goto err_format;
2166                 break;
2167         default:
2168                 goto err_format;
2169         }
2170
2171         fw->data = blob;
2172         fw->filename = name;
2173         fw->type = ctx->req_type;
2174
2175         return 0;
2176
2177 err_format:
2178         snprintf(ctx->errors[ctx->req_type],
2179                  sizeof(ctx->errors[ctx->req_type]),
2180                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2181         release_firmware(blob);
2182
2183         return -EPROTO;
2184 }
2185
2186 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2187 {
2188         struct b43_wldev *dev = ctx->dev;
2189         struct b43_firmware *fw = &ctx->dev->fw;
2190         const u8 rev = ctx->dev->dev->core_rev;
2191         const char *filename;
2192         u32 tmshigh;
2193         int err;
2194
2195         /* Files for HT and LCN were found by trying one by one */
2196
2197         /* Get microcode */
2198         if ((rev >= 5) && (rev <= 10)) {
2199                 filename = "ucode5";
2200         } else if ((rev >= 11) && (rev <= 12)) {
2201                 filename = "ucode11";
2202         } else if (rev == 13) {
2203                 filename = "ucode13";
2204         } else if (rev == 14) {
2205                 filename = "ucode14";
2206         } else if (rev == 15) {
2207                 filename = "ucode15";
2208         } else {
2209                 switch (dev->phy.type) {
2210                 case B43_PHYTYPE_N:
2211                         if (rev >= 16)
2212                                 filename = "ucode16_mimo";
2213                         else
2214                                 goto err_no_ucode;
2215                         break;
2216                 case B43_PHYTYPE_HT:
2217                         if (rev == 29)
2218                                 filename = "ucode29_mimo";
2219                         else
2220                                 goto err_no_ucode;
2221                         break;
2222                 case B43_PHYTYPE_LCN:
2223                         if (rev == 24)
2224                                 filename = "ucode24_mimo";
2225                         else
2226                                 goto err_no_ucode;
2227                         break;
2228                 default:
2229                         goto err_no_ucode;
2230                 }
2231         }
2232         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2233         if (err)
2234                 goto err_load;
2235
2236         /* Get PCM code */
2237         if ((rev >= 5) && (rev <= 10))
2238                 filename = "pcm5";
2239         else if (rev >= 11)
2240                 filename = NULL;
2241         else
2242                 goto err_no_pcm;
2243         fw->pcm_request_failed = 0;
2244         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2245         if (err == -ENOENT) {
2246                 /* We did not find a PCM file? Not fatal, but
2247                  * core rev <= 10 must do without hwcrypto then. */
2248                 fw->pcm_request_failed = 1;
2249         } else if (err)
2250                 goto err_load;
2251
2252         /* Get initvals */
2253         switch (dev->phy.type) {
2254         case B43_PHYTYPE_A:
2255                 if ((rev >= 5) && (rev <= 10)) {
2256                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2257                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2258                                 filename = "a0g1initvals5";
2259                         else
2260                                 filename = "a0g0initvals5";
2261                 } else
2262                         goto err_no_initvals;
2263                 break;
2264         case B43_PHYTYPE_G:
2265                 if ((rev >= 5) && (rev <= 10))
2266                         filename = "b0g0initvals5";
2267                 else if (rev >= 13)
2268                         filename = "b0g0initvals13";
2269                 else
2270                         goto err_no_initvals;
2271                 break;
2272         case B43_PHYTYPE_N:
2273                 if (rev >= 16)
2274                         filename = "n0initvals16";
2275                 else if ((rev >= 11) && (rev <= 12))
2276                         filename = "n0initvals11";
2277                 else
2278                         goto err_no_initvals;
2279                 break;
2280         case B43_PHYTYPE_LP:
2281                 if (rev == 13)
2282                         filename = "lp0initvals13";
2283                 else if (rev == 14)
2284                         filename = "lp0initvals14";
2285                 else if (rev >= 15)
2286                         filename = "lp0initvals15";
2287                 else
2288                         goto err_no_initvals;
2289                 break;
2290         case B43_PHYTYPE_HT:
2291                 if (rev == 29)
2292                         filename = "ht0initvals29";
2293                 else
2294                         goto err_no_initvals;
2295                 break;
2296         case B43_PHYTYPE_LCN:
2297                 if (rev == 24)
2298                         filename = "lcn0initvals24";
2299                 else
2300                         goto err_no_initvals;
2301                 break;
2302         default:
2303                 goto err_no_initvals;
2304         }
2305         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2306         if (err)
2307                 goto err_load;
2308
2309         /* Get bandswitch initvals */
2310         switch (dev->phy.type) {
2311         case B43_PHYTYPE_A:
2312                 if ((rev >= 5) && (rev <= 10)) {
2313                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2314                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2315                                 filename = "a0g1bsinitvals5";
2316                         else
2317                                 filename = "a0g0bsinitvals5";
2318                 } else if (rev >= 11)
2319                         filename = NULL;
2320                 else
2321                         goto err_no_initvals;
2322                 break;
2323         case B43_PHYTYPE_G:
2324                 if ((rev >= 5) && (rev <= 10))
2325                         filename = "b0g0bsinitvals5";
2326                 else if (rev >= 11)
2327                         filename = NULL;
2328                 else
2329                         goto err_no_initvals;
2330                 break;
2331         case B43_PHYTYPE_N:
2332                 if (rev >= 16)
2333                         filename = "n0bsinitvals16";
2334                 else if ((rev >= 11) && (rev <= 12))
2335                         filename = "n0bsinitvals11";
2336                 else
2337                         goto err_no_initvals;
2338                 break;
2339         case B43_PHYTYPE_LP:
2340                 if (rev == 13)
2341                         filename = "lp0bsinitvals13";
2342                 else if (rev == 14)
2343                         filename = "lp0bsinitvals14";
2344                 else if (rev >= 15)
2345                         filename = "lp0bsinitvals15";
2346                 else
2347                         goto err_no_initvals;
2348                 break;
2349         case B43_PHYTYPE_HT:
2350                 if (rev == 29)
2351                         filename = "ht0bsinitvals29";
2352                 else
2353                         goto err_no_initvals;
2354                 break;
2355         case B43_PHYTYPE_LCN:
2356                 if (rev == 24)
2357                         filename = "lcn0bsinitvals24";
2358                 else
2359                         goto err_no_initvals;
2360                 break;
2361         default:
2362                 goto err_no_initvals;
2363         }
2364         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2365         if (err)
2366                 goto err_load;
2367
2368         return 0;
2369
2370 err_no_ucode:
2371         err = ctx->fatal_failure = -EOPNOTSUPP;
2372         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2373                "is required for your device (wl-core rev %u)\n", rev);
2374         goto error;
2375
2376 err_no_pcm:
2377         err = ctx->fatal_failure = -EOPNOTSUPP;
2378         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2379                "is required for your device (wl-core rev %u)\n", rev);
2380         goto error;
2381
2382 err_no_initvals:
2383         err = ctx->fatal_failure = -EOPNOTSUPP;
2384         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2385                "is required for your device (wl-core rev %u)\n", rev);
2386         goto error;
2387
2388 err_load:
2389         /* We failed to load this firmware image. The error message
2390          * already is in ctx->errors. Return and let our caller decide
2391          * what to do. */
2392         goto error;
2393
2394 error:
2395         b43_release_firmware(dev);
2396         return err;
2397 }
2398
2399 static int b43_request_firmware(struct b43_wldev *dev)
2400 {
2401         struct b43_request_fw_context *ctx;
2402         unsigned int i;
2403         int err;
2404         const char *errmsg;
2405
2406         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2407         if (!ctx)
2408                 return -ENOMEM;
2409         ctx->dev = dev;
2410
2411         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2412         err = b43_try_request_fw(ctx);
2413         if (!err)
2414                 goto out; /* Successfully loaded it. */
2415         err = ctx->fatal_failure;
2416         if (err)
2417                 goto out;
2418
2419         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2420         err = b43_try_request_fw(ctx);
2421         if (!err)
2422                 goto out; /* Successfully loaded it. */
2423         err = ctx->fatal_failure;
2424         if (err)
2425                 goto out;
2426
2427         /* Could not find a usable firmware. Print the errors. */
2428         for (i = 0; i < B43_NR_FWTYPES; i++) {
2429                 errmsg = ctx->errors[i];
2430                 if (strlen(errmsg))
2431                         b43err(dev->wl, errmsg);
2432         }
2433         b43_print_fw_helptext(dev->wl, 1);
2434         err = -ENOENT;
2435
2436 out:
2437         kfree(ctx);
2438         return err;
2439 }
2440
2441 static int b43_upload_microcode(struct b43_wldev *dev)
2442 {
2443         struct wiphy *wiphy = dev->wl->hw->wiphy;
2444         const size_t hdr_len = sizeof(struct b43_fw_header);
2445         const __be32 *data;
2446         unsigned int i, len;
2447         u16 fwrev, fwpatch, fwdate, fwtime;
2448         u32 tmp, macctl;
2449         int err = 0;
2450
2451         /* Jump the microcode PSM to offset 0 */
2452         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2453         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2454         macctl |= B43_MACCTL_PSM_JMP0;
2455         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2456         /* Zero out all microcode PSM registers and shared memory. */
2457         for (i = 0; i < 64; i++)
2458                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2459         for (i = 0; i < 4096; i += 2)
2460                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2461
2462         /* Upload Microcode. */
2463         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2464         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2465         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2466         for (i = 0; i < len; i++) {
2467                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2468                 udelay(10);
2469         }
2470
2471         if (dev->fw.pcm.data) {
2472                 /* Upload PCM data. */
2473                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2474                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2475                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2476                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2477                 /* No need for autoinc bit in SHM_HW */
2478                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2479                 for (i = 0; i < len; i++) {
2480                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2481                         udelay(10);
2482                 }
2483         }
2484
2485         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2486
2487         /* Start the microcode PSM */
2488         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2489         macctl &= ~B43_MACCTL_PSM_JMP0;
2490         macctl |= B43_MACCTL_PSM_RUN;
2491         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2492
2493         /* Wait for the microcode to load and respond */
2494         i = 0;
2495         while (1) {
2496                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2497                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2498                         break;
2499                 i++;
2500                 if (i >= 20) {
2501                         b43err(dev->wl, "Microcode not responding\n");
2502                         b43_print_fw_helptext(dev->wl, 1);
2503                         err = -ENODEV;
2504                         goto error;
2505                 }
2506                 msleep(50);
2507         }
2508         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2509
2510         /* Get and check the revisions. */
2511         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2512         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2513         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2514         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2515
2516         if (fwrev <= 0x128) {
2517                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2518                        "binary drivers older than version 4.x is unsupported. "
2519                        "You must upgrade your firmware files.\n");
2520                 b43_print_fw_helptext(dev->wl, 1);
2521                 err = -EOPNOTSUPP;
2522                 goto error;
2523         }
2524         dev->fw.rev = fwrev;
2525         dev->fw.patch = fwpatch;
2526         if (dev->fw.rev >= 598)
2527                 dev->fw.hdr_format = B43_FW_HDR_598;
2528         else if (dev->fw.rev >= 410)
2529                 dev->fw.hdr_format = B43_FW_HDR_410;
2530         else
2531                 dev->fw.hdr_format = B43_FW_HDR_351;
2532         dev->fw.opensource = (fwdate == 0xFFFF);
2533
2534         /* Default to use-all-queues. */
2535         dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2536         dev->qos_enabled = !!modparam_qos;
2537         /* Default to firmware/hardware crypto acceleration. */
2538         dev->hwcrypto_enabled = 1;
2539
2540         if (dev->fw.opensource) {
2541                 u16 fwcapa;
2542
2543                 /* Patchlevel info is encoded in the "time" field. */
2544                 dev->fw.patch = fwtime;
2545                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2546                         dev->fw.rev, dev->fw.patch);
2547
2548                 fwcapa = b43_fwcapa_read(dev);
2549                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2550                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2551                         /* Disable hardware crypto and fall back to software crypto. */
2552                         dev->hwcrypto_enabled = 0;
2553                 }
2554                 if (!(fwcapa & B43_FWCAPA_QOS)) {
2555                         b43info(dev->wl, "QoS not supported by firmware\n");
2556                         /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2557                          * ieee80211_unregister to make sure the networking core can
2558                          * properly free possible resources. */
2559                         dev->wl->hw->queues = 1;
2560                         dev->qos_enabled = 0;
2561                 }
2562         } else {
2563                 b43info(dev->wl, "Loading firmware version %u.%u "
2564                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2565                         fwrev, fwpatch,
2566                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2567                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2568                 if (dev->fw.pcm_request_failed) {
2569                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2570                                 "Hardware accelerated cryptography is disabled.\n");
2571                         b43_print_fw_helptext(dev->wl, 0);
2572                 }
2573         }
2574
2575         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2576                         dev->fw.rev, dev->fw.patch);
2577         wiphy->hw_version = dev->dev->core_id;
2578
2579         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2580                 /* We're over the deadline, but we keep support for old fw
2581                  * until it turns out to be in major conflict with something new. */
2582                 b43warn(dev->wl, "You are using an old firmware image. "
2583                         "Support for old firmware will be removed soon "
2584                         "(official deadline was July 2008).\n");
2585                 b43_print_fw_helptext(dev->wl, 0);
2586         }
2587
2588         return 0;
2589
2590 error:
2591         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2592         macctl &= ~B43_MACCTL_PSM_RUN;
2593         macctl |= B43_MACCTL_PSM_JMP0;
2594         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2595
2596         return err;
2597 }
2598
2599 static int b43_write_initvals(struct b43_wldev *dev,
2600                               const struct b43_iv *ivals,
2601                               size_t count,
2602                               size_t array_size)
2603 {
2604         const struct b43_iv *iv;
2605         u16 offset;
2606         size_t i;
2607         bool bit32;
2608
2609         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2610         iv = ivals;
2611         for (i = 0; i < count; i++) {
2612                 if (array_size < sizeof(iv->offset_size))
2613                         goto err_format;
2614                 array_size -= sizeof(iv->offset_size);
2615                 offset = be16_to_cpu(iv->offset_size);
2616                 bit32 = !!(offset & B43_IV_32BIT);
2617                 offset &= B43_IV_OFFSET_MASK;
2618                 if (offset >= 0x1000)
2619                         goto err_format;
2620                 if (bit32) {
2621                         u32 value;
2622
2623                         if (array_size < sizeof(iv->data.d32))
2624                                 goto err_format;
2625                         array_size -= sizeof(iv->data.d32);
2626
2627                         value = get_unaligned_be32(&iv->data.d32);
2628                         b43_write32(dev, offset, value);
2629
2630                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2631                                                         sizeof(__be16) +
2632                                                         sizeof(__be32));
2633                 } else {
2634                         u16 value;
2635
2636                         if (array_size < sizeof(iv->data.d16))
2637                                 goto err_format;
2638                         array_size -= sizeof(iv->data.d16);
2639
2640                         value = be16_to_cpu(iv->data.d16);
2641                         b43_write16(dev, offset, value);
2642
2643                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2644                                                         sizeof(__be16) +
2645                                                         sizeof(__be16));
2646                 }
2647         }
2648         if (array_size)
2649                 goto err_format;
2650
2651         return 0;
2652
2653 err_format:
2654         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2655         b43_print_fw_helptext(dev->wl, 1);
2656
2657         return -EPROTO;
2658 }
2659
2660 static int b43_upload_initvals(struct b43_wldev *dev)
2661 {
2662         const size_t hdr_len = sizeof(struct b43_fw_header);
2663         const struct b43_fw_header *hdr;
2664         struct b43_firmware *fw = &dev->fw;
2665         const struct b43_iv *ivals;
2666         size_t count;
2667         int err;
2668
2669         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2670         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2671         count = be32_to_cpu(hdr->size);
2672         err = b43_write_initvals(dev, ivals, count,
2673                                  fw->initvals.data->size - hdr_len);
2674         if (err)
2675                 goto out;
2676         if (fw->initvals_band.data) {
2677                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2678                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2679                 count = be32_to_cpu(hdr->size);
2680                 err = b43_write_initvals(dev, ivals, count,
2681                                          fw->initvals_band.data->size - hdr_len);
2682                 if (err)
2683                         goto out;
2684         }
2685 out:
2686
2687         return err;
2688 }
2689
2690 /* Initialize the GPIOs
2691  * http://bcm-specs.sipsolutions.net/GPIO
2692  */
2693 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2694 {
2695         struct ssb_bus *bus = dev->dev->sdev->bus;
2696
2697 #ifdef CONFIG_SSB_DRIVER_PCICORE
2698         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2699 #else
2700         return bus->chipco.dev;
2701 #endif
2702 }
2703
2704 static int b43_gpio_init(struct b43_wldev *dev)
2705 {
2706         struct ssb_device *gpiodev;
2707         u32 mask, set;
2708
2709         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2710                     & ~B43_MACCTL_GPOUTSMSK);
2711
2712         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2713                     | 0x000F);
2714
2715         mask = 0x0000001F;
2716         set = 0x0000000F;
2717         if (dev->dev->chip_id == 0x4301) {
2718                 mask |= 0x0060;
2719                 set |= 0x0060;
2720         }
2721         if (0 /* FIXME: conditional unknown */ ) {
2722                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2723                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2724                             | 0x0100);
2725                 mask |= 0x0180;
2726                 set |= 0x0180;
2727         }
2728         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2729                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2730                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2731                             | 0x0200);
2732                 mask |= 0x0200;
2733                 set |= 0x0200;
2734         }
2735         if (dev->dev->core_rev >= 2)
2736                 mask |= 0x0010; /* FIXME: This is redundant. */
2737
2738         switch (dev->dev->bus_type) {
2739 #ifdef CONFIG_B43_BCMA
2740         case B43_BUS_BCMA:
2741                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2742                                 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2743                                         BCMA_CC_GPIOCTL) & mask) | set);
2744                 break;
2745 #endif
2746 #ifdef CONFIG_B43_SSB
2747         case B43_BUS_SSB:
2748                 gpiodev = b43_ssb_gpio_dev(dev);
2749                 if (gpiodev)
2750                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2751                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2752                                     & mask) | set);
2753                 break;
2754 #endif
2755         }
2756
2757         return 0;
2758 }
2759
2760 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2761 static void b43_gpio_cleanup(struct b43_wldev *dev)
2762 {
2763         struct ssb_device *gpiodev;
2764
2765         switch (dev->dev->bus_type) {
2766 #ifdef CONFIG_B43_BCMA
2767         case B43_BUS_BCMA:
2768                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2769                                 0);
2770                 break;
2771 #endif
2772 #ifdef CONFIG_B43_SSB
2773         case B43_BUS_SSB:
2774                 gpiodev = b43_ssb_gpio_dev(dev);
2775                 if (gpiodev)
2776                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2777                 break;
2778 #endif
2779         }
2780 }
2781
2782 /* http://bcm-specs.sipsolutions.net/EnableMac */
2783 void b43_mac_enable(struct b43_wldev *dev)
2784 {
2785         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2786                 u16 fwstate;
2787
2788                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2789                                          B43_SHM_SH_UCODESTAT);
2790                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2791                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2792                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2793                                "should be suspended, but current state is %u\n",
2794                                fwstate);
2795                 }
2796         }
2797
2798         dev->mac_suspended--;
2799         B43_WARN_ON(dev->mac_suspended < 0);
2800         if (dev->mac_suspended == 0) {
2801                 b43_write32(dev, B43_MMIO_MACCTL,
2802                             b43_read32(dev, B43_MMIO_MACCTL)
2803                             | B43_MACCTL_ENABLED);
2804                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2805                             B43_IRQ_MAC_SUSPENDED);
2806                 /* Commit writes */
2807                 b43_read32(dev, B43_MMIO_MACCTL);
2808                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2809                 b43_power_saving_ctl_bits(dev, 0);
2810         }
2811 }
2812
2813 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2814 void b43_mac_suspend(struct b43_wldev *dev)
2815 {
2816         int i;
2817         u32 tmp;
2818
2819         might_sleep();
2820         B43_WARN_ON(dev->mac_suspended < 0);
2821
2822         if (dev->mac_suspended == 0) {
2823                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2824                 b43_write32(dev, B43_MMIO_MACCTL,
2825                             b43_read32(dev, B43_MMIO_MACCTL)
2826                             & ~B43_MACCTL_ENABLED);
2827                 /* force pci to flush the write */
2828                 b43_read32(dev, B43_MMIO_MACCTL);
2829                 for (i = 35; i; i--) {
2830                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2831                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2832                                 goto out;
2833                         udelay(10);
2834                 }
2835                 /* Hm, it seems this will take some time. Use msleep(). */
2836                 for (i = 40; i; i--) {
2837                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2838                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2839                                 goto out;
2840                         msleep(1);
2841                 }
2842                 b43err(dev->wl, "MAC suspend failed\n");
2843         }
2844 out:
2845         dev->mac_suspended++;
2846 }
2847
2848 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2849 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2850 {
2851         u32 tmp;
2852
2853         switch (dev->dev->bus_type) {
2854 #ifdef CONFIG_B43_BCMA
2855         case B43_BUS_BCMA:
2856                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2857                 if (on)
2858                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2859                 else
2860                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2861                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2862                 break;
2863 #endif
2864 #ifdef CONFIG_B43_SSB
2865         case B43_BUS_SSB:
2866                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2867                 if (on)
2868                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2869                 else
2870                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2871                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2872                 break;
2873 #endif
2874         }
2875 }
2876
2877 static void b43_adjust_opmode(struct b43_wldev *dev)
2878 {
2879         struct b43_wl *wl = dev->wl;
2880         u32 ctl;
2881         u16 cfp_pretbtt;
2882
2883         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2884         /* Reset status to STA infrastructure mode. */
2885         ctl &= ~B43_MACCTL_AP;
2886         ctl &= ~B43_MACCTL_KEEP_CTL;
2887         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2888         ctl &= ~B43_MACCTL_KEEP_BAD;
2889         ctl &= ~B43_MACCTL_PROMISC;
2890         ctl &= ~B43_MACCTL_BEACPROMISC;
2891         ctl |= B43_MACCTL_INFRA;
2892
2893         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2894             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2895                 ctl |= B43_MACCTL_AP;
2896         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2897                 ctl &= ~B43_MACCTL_INFRA;
2898
2899         if (wl->filter_flags & FIF_CONTROL)
2900                 ctl |= B43_MACCTL_KEEP_CTL;
2901         if (wl->filter_flags & FIF_FCSFAIL)
2902                 ctl |= B43_MACCTL_KEEP_BAD;
2903         if (wl->filter_flags & FIF_PLCPFAIL)
2904                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2905         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2906                 ctl |= B43_MACCTL_PROMISC;
2907         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2908                 ctl |= B43_MACCTL_BEACPROMISC;
2909
2910         /* Workaround: On old hardware the HW-MAC-address-filter
2911          * doesn't work properly, so always run promisc in filter
2912          * it in software. */
2913         if (dev->dev->core_rev <= 4)
2914                 ctl |= B43_MACCTL_PROMISC;
2915
2916         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2917
2918         cfp_pretbtt = 2;
2919         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2920                 if (dev->dev->chip_id == 0x4306 &&
2921                     dev->dev->chip_rev == 3)
2922                         cfp_pretbtt = 100;
2923                 else
2924                         cfp_pretbtt = 50;
2925         }
2926         b43_write16(dev, 0x612, cfp_pretbtt);
2927
2928         /* FIXME: We don't currently implement the PMQ mechanism,
2929          *        so always disable it. If we want to implement PMQ,
2930          *        we need to enable it here (clear DISCPMQ) in AP mode.
2931          */
2932         if (0  /* ctl & B43_MACCTL_AP */) {
2933                 b43_write32(dev, B43_MMIO_MACCTL,
2934                             b43_read32(dev, B43_MMIO_MACCTL)
2935                             & ~B43_MACCTL_DISCPMQ);
2936         } else {
2937                 b43_write32(dev, B43_MMIO_MACCTL,
2938                             b43_read32(dev, B43_MMIO_MACCTL)
2939                             | B43_MACCTL_DISCPMQ);
2940         }
2941 }
2942
2943 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2944 {
2945         u16 offset;
2946
2947         if (is_ofdm) {
2948                 offset = 0x480;
2949                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2950         } else {
2951                 offset = 0x4C0;
2952                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2953         }
2954         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2955                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2956 }
2957
2958 static void b43_rate_memory_init(struct b43_wldev *dev)
2959 {
2960         switch (dev->phy.type) {
2961         case B43_PHYTYPE_A:
2962         case B43_PHYTYPE_G:
2963         case B43_PHYTYPE_N:
2964         case B43_PHYTYPE_LP:
2965         case B43_PHYTYPE_HT:
2966         case B43_PHYTYPE_LCN:
2967                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2968                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2969                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2970                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2971                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2972                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2973                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2974                 if (dev->phy.type == B43_PHYTYPE_A)
2975                         break;
2976                 /* fallthrough */
2977         case B43_PHYTYPE_B:
2978                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2979                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2980                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2981                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2982                 break;
2983         default:
2984                 B43_WARN_ON(1);
2985         }
2986 }
2987
2988 /* Set the default values for the PHY TX Control Words. */
2989 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2990 {
2991         u16 ctl = 0;
2992
2993         ctl |= B43_TXH_PHY_ENC_CCK;
2994         ctl |= B43_TXH_PHY_ANT01AUTO;
2995         ctl |= B43_TXH_PHY_TXPWR;
2996
2997         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2998         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2999         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3000 }
3001
3002 /* Set the TX-Antenna for management frames sent by firmware. */
3003 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3004 {
3005         u16 ant;
3006         u16 tmp;
3007
3008         ant = b43_antenna_to_phyctl(antenna);
3009
3010         /* For ACK/CTS */
3011         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3012         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3013         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3014         /* For Probe Resposes */
3015         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3016         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3017         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3018 }
3019
3020 /* This is the opposite of b43_chip_init() */
3021 static void b43_chip_exit(struct b43_wldev *dev)
3022 {
3023         b43_phy_exit(dev);
3024         b43_gpio_cleanup(dev);
3025         /* firmware is released later */
3026 }
3027
3028 /* Initialize the chip
3029  * http://bcm-specs.sipsolutions.net/ChipInit
3030  */
3031 static int b43_chip_init(struct b43_wldev *dev)
3032 {
3033         struct b43_phy *phy = &dev->phy;
3034         int err;
3035         u32 macctl;
3036         u16 value16;
3037
3038         /* Initialize the MAC control */
3039         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3040         if (dev->phy.gmode)
3041                 macctl |= B43_MACCTL_GMODE;
3042         macctl |= B43_MACCTL_INFRA;
3043         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3044
3045         err = b43_request_firmware(dev);
3046         if (err)
3047                 goto out;
3048         err = b43_upload_microcode(dev);
3049         if (err)
3050                 goto out;       /* firmware is released later */
3051
3052         err = b43_gpio_init(dev);
3053         if (err)
3054                 goto out;       /* firmware is released later */
3055
3056         err = b43_upload_initvals(dev);
3057         if (err)
3058                 goto err_gpio_clean;
3059
3060         /* Turn the Analog on and initialize the PHY. */
3061         phy->ops->switch_analog(dev, 1);
3062         err = b43_phy_init(dev);
3063         if (err)
3064                 goto err_gpio_clean;
3065
3066         /* Disable Interference Mitigation. */
3067         if (phy->ops->interf_mitigation)
3068                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3069
3070         /* Select the antennae */
3071         if (phy->ops->set_rx_antenna)
3072                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3073         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3074
3075         if (phy->type == B43_PHYTYPE_B) {
3076                 value16 = b43_read16(dev, 0x005E);
3077                 value16 |= 0x0004;
3078                 b43_write16(dev, 0x005E, value16);
3079         }
3080         b43_write32(dev, 0x0100, 0x01000000);
3081         if (dev->dev->core_rev < 5)
3082                 b43_write32(dev, 0x010C, 0x01000000);
3083
3084         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
3085                     & ~B43_MACCTL_INFRA);
3086         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
3087                     | B43_MACCTL_INFRA);
3088
3089         /* Probe Response Timeout value */
3090         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3091         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3092
3093         /* Initially set the wireless operation mode. */
3094         b43_adjust_opmode(dev);
3095
3096         if (dev->dev->core_rev < 3) {
3097                 b43_write16(dev, 0x060E, 0x0000);
3098                 b43_write16(dev, 0x0610, 0x8000);
3099                 b43_write16(dev, 0x0604, 0x0000);
3100                 b43_write16(dev, 0x0606, 0x0200);
3101         } else {
3102                 b43_write32(dev, 0x0188, 0x80000000);
3103                 b43_write32(dev, 0x018C, 0x02000000);
3104         }
3105         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3106         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3107         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3108         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3109         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3110         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3111         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3112
3113         b43_mac_phy_clock_set(dev, true);
3114
3115         switch (dev->dev->bus_type) {
3116 #ifdef CONFIG_B43_BCMA
3117         case B43_BUS_BCMA:
3118                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3119                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3120                 break;
3121 #endif
3122 #ifdef CONFIG_B43_SSB
3123         case B43_BUS_SSB:
3124                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3125                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3126                 break;
3127 #endif
3128         }
3129
3130         err = 0;
3131         b43dbg(dev->wl, "Chip initialized\n");
3132 out:
3133         return err;
3134
3135 err_gpio_clean:
3136         b43_gpio_cleanup(dev);
3137         return err;
3138 }
3139
3140 static void b43_periodic_every60sec(struct b43_wldev *dev)
3141 {
3142         const struct b43_phy_operations *ops = dev->phy.ops;
3143
3144         if (ops->pwork_60sec)
3145                 ops->pwork_60sec(dev);
3146
3147         /* Force check the TX power emission now. */
3148         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3149 }
3150
3151 static void b43_periodic_every30sec(struct b43_wldev *dev)
3152 {
3153         /* Update device statistics. */
3154         b43_calculate_link_quality(dev);
3155 }
3156
3157 static void b43_periodic_every15sec(struct b43_wldev *dev)
3158 {
3159         struct b43_phy *phy = &dev->phy;
3160         u16 wdr;
3161
3162         if (dev->fw.opensource) {
3163                 /* Check if the firmware is still alive.
3164                  * It will reset the watchdog counter to 0 in its idle loop. */
3165                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3166                 if (unlikely(wdr)) {
3167                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3168                         b43_controller_restart(dev, "Firmware watchdog");
3169                         return;
3170                 } else {
3171                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3172                                         B43_WATCHDOG_REG, 1);
3173                 }
3174         }
3175
3176         if (phy->ops->pwork_15sec)
3177                 phy->ops->pwork_15sec(dev);
3178
3179         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3180         wmb();
3181
3182 #if B43_DEBUG
3183         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3184                 unsigned int i;
3185
3186                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3187                        dev->irq_count / 15,
3188                        dev->tx_count / 15,
3189                        dev->rx_count / 15);
3190                 dev->irq_count = 0;
3191                 dev->tx_count = 0;
3192                 dev->rx_count = 0;
3193                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3194                         if (dev->irq_bit_count[i]) {
3195                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3196                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3197                                 dev->irq_bit_count[i] = 0;
3198                         }
3199                 }
3200         }
3201 #endif
3202 }
3203
3204 static void do_periodic_work(struct b43_wldev *dev)
3205 {
3206         unsigned int state;
3207
3208         state = dev->periodic_state;
3209         if (state % 4 == 0)
3210                 b43_periodic_every60sec(dev);
3211         if (state % 2 == 0)
3212                 b43_periodic_every30sec(dev);
3213         b43_periodic_every15sec(dev);
3214 }
3215
3216 /* Periodic work locking policy:
3217  *      The whole periodic work handler is protected by
3218  *      wl->mutex. If another lock is needed somewhere in the
3219  *      pwork callchain, it's acquired in-place, where it's needed.
3220  */
3221 static void b43_periodic_work_handler(struct work_struct *work)
3222 {
3223         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3224                                              periodic_work.work);
3225         struct b43_wl *wl = dev->wl;
3226         unsigned long delay;
3227
3228         mutex_lock(&wl->mutex);
3229
3230         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3231                 goto out;
3232         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3233                 goto out_requeue;
3234
3235         do_periodic_work(dev);
3236
3237         dev->periodic_state++;
3238 out_requeue:
3239         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3240                 delay = msecs_to_jiffies(50);
3241         else
3242                 delay = round_jiffies_relative(HZ * 15);
3243         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3244 out:
3245         mutex_unlock(&wl->mutex);
3246 }
3247
3248 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3249 {
3250         struct delayed_work *work = &dev->periodic_work;
3251
3252         dev->periodic_state = 0;
3253         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3254         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3255 }
3256
3257 /* Check if communication with the device works correctly. */
3258 static int b43_validate_chipaccess(struct b43_wldev *dev)
3259 {
3260         u32 v, backup0, backup4;
3261
3262         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3263         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3264
3265         /* Check for read/write and endianness problems. */
3266         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3267         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3268                 goto error;
3269         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3270         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3271                 goto error;
3272
3273         /* Check if unaligned 32bit SHM_SHARED access works properly.
3274          * However, don't bail out on failure, because it's noncritical. */
3275         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3276         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3277         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3278         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3279         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3280                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3281         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3282         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3283             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3284             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3285             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3286                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3287
3288         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3289         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3290
3291         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3292                 /* The 32bit register shadows the two 16bit registers
3293                  * with update sideeffects. Validate this. */
3294                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3295                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3296                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3297                         goto error;
3298                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3299                         goto error;
3300         }
3301         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3302
3303         v = b43_read32(dev, B43_MMIO_MACCTL);
3304         v |= B43_MACCTL_GMODE;
3305         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3306                 goto error;
3307
3308         return 0;
3309 error:
3310         b43err(dev->wl, "Failed to validate the chipaccess\n");
3311         return -ENODEV;
3312 }
3313
3314 static void b43_security_init(struct b43_wldev *dev)
3315 {
3316         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3317         /* KTP is a word address, but we address SHM bytewise.
3318          * So multiply by two.
3319          */
3320         dev->ktp *= 2;
3321         /* Number of RCMTA address slots */
3322         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3323         /* Clear the key memory. */
3324         b43_clear_keys(dev);
3325 }
3326
3327 #ifdef CONFIG_B43_HWRNG
3328 static int b43_rng_read(struct hwrng *rng, u32 *data)
3329 {
3330         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3331         struct b43_wldev *dev;
3332         int count = -ENODEV;
3333
3334         mutex_lock(&wl->mutex);
3335         dev = wl->current_dev;
3336         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3337                 *data = b43_read16(dev, B43_MMIO_RNG);
3338                 count = sizeof(u16);
3339         }
3340         mutex_unlock(&wl->mutex);
3341
3342         return count;
3343 }
3344 #endif /* CONFIG_B43_HWRNG */
3345
3346 static void b43_rng_exit(struct b43_wl *wl)
3347 {
3348 #ifdef CONFIG_B43_HWRNG
3349         if (wl->rng_initialized)
3350                 hwrng_unregister(&wl->rng);
3351 #endif /* CONFIG_B43_HWRNG */
3352 }
3353
3354 static int b43_rng_init(struct b43_wl *wl)
3355 {
3356         int err = 0;
3357
3358 #ifdef CONFIG_B43_HWRNG
3359         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3360                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3361         wl->rng.name = wl->rng_name;
3362         wl->rng.data_read = b43_rng_read;
3363         wl->rng.priv = (unsigned long)wl;
3364         wl->rng_initialized = 1;
3365         err = hwrng_register(&wl->rng);
3366         if (err) {
3367                 wl->rng_initialized = 0;
3368                 b43err(wl, "Failed to register the random "
3369                        "number generator (%d)\n", err);
3370         }
3371 #endif /* CONFIG_B43_HWRNG */
3372
3373         return err;
3374 }
3375
3376 static void b43_tx_work(struct work_struct *work)
3377 {
3378         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3379         struct b43_wldev *dev;
3380         struct sk_buff *skb;
3381         int err = 0;
3382
3383         mutex_lock(&wl->mutex);
3384         dev = wl->current_dev;
3385         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3386                 mutex_unlock(&wl->mutex);
3387                 return;
3388         }
3389
3390         while (skb_queue_len(&wl->tx_queue)) {
3391                 skb = skb_dequeue(&wl->tx_queue);
3392
3393                 if (b43_using_pio_transfers(dev))
3394                         err = b43_pio_tx(dev, skb);
3395                 else
3396                         err = b43_dma_tx(dev, skb);
3397                 if (unlikely(err))
3398                         dev_kfree_skb(skb); /* Drop it */
3399         }
3400
3401 #if B43_DEBUG
3402         dev->tx_count++;
3403 #endif
3404         mutex_unlock(&wl->mutex);
3405 }
3406
3407 static void b43_op_tx(struct ieee80211_hw *hw,
3408                      struct sk_buff *skb)
3409 {
3410         struct b43_wl *wl = hw_to_b43_wl(hw);
3411
3412         if (unlikely(skb->len < 2 + 2 + 6)) {
3413                 /* Too short, this can't be a valid frame. */
3414                 dev_kfree_skb_any(skb);
3415                 return;
3416         }
3417         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3418
3419         skb_queue_tail(&wl->tx_queue, skb);
3420         ieee80211_queue_work(wl->hw, &wl->tx_work);
3421 }
3422
3423 static void b43_qos_params_upload(struct b43_wldev *dev,
3424                                   const struct ieee80211_tx_queue_params *p,
3425                                   u16 shm_offset)
3426 {
3427         u16 params[B43_NR_QOSPARAMS];
3428         int bslots, tmp;
3429         unsigned int i;
3430
3431         if (!dev->qos_enabled)
3432                 return;
3433
3434         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3435
3436         memset(&params, 0, sizeof(params));
3437
3438         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3439         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3440         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3441         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3442         params[B43_QOSPARAM_AIFS] = p->aifs;
3443         params[B43_QOSPARAM_BSLOTS] = bslots;
3444         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3445
3446         for (i = 0; i < ARRAY_SIZE(params); i++) {
3447                 if (i == B43_QOSPARAM_STATUS) {
3448                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3449                                              shm_offset + (i * 2));
3450                         /* Mark the parameters as updated. */
3451                         tmp |= 0x100;
3452                         b43_shm_write16(dev, B43_SHM_SHARED,
3453                                         shm_offset + (i * 2),
3454                                         tmp);
3455                 } else {
3456                         b43_shm_write16(dev, B43_SHM_SHARED,
3457                                         shm_offset + (i * 2),
3458                                         params[i]);
3459                 }
3460         }
3461 }
3462
3463 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3464 static const u16 b43_qos_shm_offsets[] = {
3465         /* [mac80211-queue-nr] = SHM_OFFSET, */
3466         [0] = B43_QOS_VOICE,
3467         [1] = B43_QOS_VIDEO,
3468         [2] = B43_QOS_BESTEFFORT,
3469         [3] = B43_QOS_BACKGROUND,
3470 };
3471
3472 /* Update all QOS parameters in hardware. */
3473 static void b43_qos_upload_all(struct b43_wldev *dev)
3474 {
3475         struct b43_wl *wl = dev->wl;
3476         struct b43_qos_params *params;
3477         unsigned int i;
3478
3479         if (!dev->qos_enabled)
3480                 return;
3481
3482         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3483                      ARRAY_SIZE(wl->qos_params));
3484
3485         b43_mac_suspend(dev);
3486         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3487                 params = &(wl->qos_params[i]);
3488                 b43_qos_params_upload(dev, &(params->p),
3489                                       b43_qos_shm_offsets[i]);
3490         }
3491         b43_mac_enable(dev);
3492 }
3493
3494 static void b43_qos_clear(struct b43_wl *wl)
3495 {
3496         struct b43_qos_params *params;
3497         unsigned int i;
3498
3499         /* Initialize QoS parameters to sane defaults. */
3500
3501         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3502                      ARRAY_SIZE(wl->qos_params));
3503
3504         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3505                 params = &(wl->qos_params[i]);
3506
3507                 switch (b43_qos_shm_offsets[i]) {
3508                 case B43_QOS_VOICE:
3509                         params->p.txop = 0;
3510                         params->p.aifs = 2;
3511                         params->p.cw_min = 0x0001;
3512                         params->p.cw_max = 0x0001;
3513                         break;
3514                 case B43_QOS_VIDEO:
3515                         params->p.txop = 0;
3516                         params->p.aifs = 2;
3517                         params->p.cw_min = 0x0001;
3518                         params->p.cw_max = 0x0001;
3519                         break;
3520                 case B43_QOS_BESTEFFORT:
3521                         params->p.txop = 0;
3522                         params->p.aifs = 3;
3523                         params->p.cw_min = 0x0001;
3524                         params->p.cw_max = 0x03FF;
3525                         break;
3526                 case B43_QOS_BACKGROUND:
3527                         params->p.txop = 0;
3528                         params->p.aifs = 7;
3529                         params->p.cw_min = 0x0001;
3530                         params->p.cw_max = 0x03FF;
3531                         break;
3532                 default:
3533                         B43_WARN_ON(1);
3534                 }
3535         }
3536 }
3537
3538 /* Initialize the core's QOS capabilities */
3539 static void b43_qos_init(struct b43_wldev *dev)
3540 {
3541         if (!dev->qos_enabled) {
3542                 /* Disable QOS support. */
3543                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3544                 b43_write16(dev, B43_MMIO_IFSCTL,
3545                             b43_read16(dev, B43_MMIO_IFSCTL)
3546                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3547                 b43dbg(dev->wl, "QoS disabled\n");
3548                 return;
3549         }
3550
3551         /* Upload the current QOS parameters. */
3552         b43_qos_upload_all(dev);
3553
3554         /* Enable QOS support. */
3555         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3556         b43_write16(dev, B43_MMIO_IFSCTL,
3557                     b43_read16(dev, B43_MMIO_IFSCTL)
3558                     | B43_MMIO_IFSCTL_USE_EDCF);
3559         b43dbg(dev->wl, "QoS enabled\n");
3560 }
3561
3562 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3563                           struct ieee80211_vif *vif, u16 _queue,
3564                           const struct ieee80211_tx_queue_params *params)
3565 {
3566         struct b43_wl *wl = hw_to_b43_wl(hw);
3567         struct b43_wldev *dev;
3568         unsigned int queue = (unsigned int)_queue;
3569         int err = -ENODEV;
3570
3571         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3572                 /* Queue not available or don't support setting
3573                  * params on this queue. Return success to not
3574                  * confuse mac80211. */
3575                 return 0;
3576         }
3577         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3578                      ARRAY_SIZE(wl->qos_params));
3579
3580         mutex_lock(&wl->mutex);
3581         dev = wl->current_dev;
3582         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3583                 goto out_unlock;
3584
3585         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3586         b43_mac_suspend(dev);
3587         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3588                               b43_qos_shm_offsets[queue]);
3589         b43_mac_enable(dev);
3590         err = 0;
3591
3592 out_unlock:
3593         mutex_unlock(&wl->mutex);
3594
3595         return err;
3596 }
3597
3598 static int b43_op_get_stats(struct ieee80211_hw *hw,
3599                             struct ieee80211_low_level_stats *stats)
3600 {
3601         struct b43_wl *wl = hw_to_b43_wl(hw);
3602
3603         mutex_lock(&wl->mutex);
3604         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3605         mutex_unlock(&wl->mutex);
3606
3607         return 0;
3608 }
3609
3610 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3611 {
3612         struct b43_wl *wl = hw_to_b43_wl(hw);
3613         struct b43_wldev *dev;
3614         u64 tsf;
3615
3616         mutex_lock(&wl->mutex);
3617         dev = wl->current_dev;
3618
3619         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3620                 b43_tsf_read(dev, &tsf);
3621         else
3622                 tsf = 0;
3623
3624         mutex_unlock(&wl->mutex);
3625
3626         return tsf;
3627 }
3628
3629 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3630                            struct ieee80211_vif *vif, u64 tsf)
3631 {
3632         struct b43_wl *wl = hw_to_b43_wl(hw);
3633         struct b43_wldev *dev;
3634
3635         mutex_lock(&wl->mutex);
3636         dev = wl->current_dev;
3637
3638         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3639                 b43_tsf_write(dev, tsf);
3640
3641         mutex_unlock(&wl->mutex);
3642 }
3643
3644 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3645 {
3646         u32 tmp;
3647
3648         switch (dev->dev->bus_type) {
3649 #ifdef CONFIG_B43_BCMA
3650         case B43_BUS_BCMA:
3651                 b43err(dev->wl,
3652                        "Putting PHY into reset not supported on BCMA\n");
3653                 break;
3654 #endif
3655 #ifdef CONFIG_B43_SSB
3656         case B43_BUS_SSB:
3657                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3658                 tmp &= ~B43_TMSLOW_GMODE;
3659                 tmp |= B43_TMSLOW_PHYRESET;
3660                 tmp |= SSB_TMSLOW_FGC;
3661                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3662                 msleep(1);
3663
3664                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3665                 tmp &= ~SSB_TMSLOW_FGC;
3666                 tmp |= B43_TMSLOW_PHYRESET;
3667                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3668                 msleep(1);
3669
3670                 break;
3671 #endif
3672         }
3673 }
3674
3675 static const char *band_to_string(enum ieee80211_band band)
3676 {
3677         switch (band) {
3678         case IEEE80211_BAND_5GHZ:
3679                 return "5";
3680         case IEEE80211_BAND_2GHZ:
3681                 return "2.4";
3682         default:
3683                 break;
3684         }
3685         B43_WARN_ON(1);
3686         return "";
3687 }
3688
3689 /* Expects wl->mutex locked */
3690 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3691 {
3692         struct b43_wldev *up_dev = NULL;
3693         struct b43_wldev *down_dev;
3694         struct b43_wldev *d;
3695         int err;
3696         bool uninitialized_var(gmode);
3697         int prev_status;
3698
3699         /* Find a device and PHY which supports the band. */
3700         list_for_each_entry(d, &wl->devlist, list) {
3701                 switch (chan->band) {
3702                 case IEEE80211_BAND_5GHZ:
3703                         if (d->phy.supports_5ghz) {
3704                                 up_dev = d;
3705                                 gmode = 0;
3706                         }
3707                         break;
3708                 case IEEE80211_BAND_2GHZ:
3709                         if (d->phy.supports_2ghz) {
3710                                 up_dev = d;
3711                                 gmode = 1;
3712                         }
3713                         break;
3714                 default:
3715                         B43_WARN_ON(1);
3716                         return -EINVAL;
3717                 }
3718                 if (up_dev)
3719                         break;
3720         }
3721         if (!up_dev) {
3722                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3723                        band_to_string(chan->band));
3724                 return -ENODEV;
3725         }
3726         if ((up_dev == wl->current_dev) &&
3727             (!!wl->current_dev->phy.gmode == !!gmode)) {
3728                 /* This device is already running. */
3729                 return 0;
3730         }
3731         b43dbg(wl, "Switching to %s-GHz band\n",
3732                band_to_string(chan->band));
3733         down_dev = wl->current_dev;
3734
3735         prev_status = b43_status(down_dev);
3736         /* Shutdown the currently running core. */
3737         if (prev_status >= B43_STAT_STARTED)
3738                 down_dev = b43_wireless_core_stop(down_dev);
3739         if (prev_status >= B43_STAT_INITIALIZED)
3740                 b43_wireless_core_exit(down_dev);
3741
3742         if (down_dev != up_dev) {
3743                 /* We switch to a different core, so we put PHY into
3744                  * RESET on the old core. */
3745                 b43_put_phy_into_reset(down_dev);
3746         }
3747
3748         /* Now start the new core. */
3749         up_dev->phy.gmode = gmode;
3750         if (prev_status >= B43_STAT_INITIALIZED) {
3751                 err = b43_wireless_core_init(up_dev);
3752                 if (err) {
3753                         b43err(wl, "Fatal: Could not initialize device for "
3754                                "selected %s-GHz band\n",
3755                                band_to_string(chan->band));
3756                         goto init_failure;
3757                 }
3758         }
3759         if (prev_status >= B43_STAT_STARTED) {
3760                 err = b43_wireless_core_start(up_dev);
3761                 if (err) {
3762                         b43err(wl, "Fatal: Coult not start device for "
3763                                "selected %s-GHz band\n",
3764                                band_to_string(chan->band));
3765                         b43_wireless_core_exit(up_dev);
3766                         goto init_failure;
3767                 }
3768         }
3769         B43_WARN_ON(b43_status(up_dev) != prev_status);
3770
3771         wl->current_dev = up_dev;
3772
3773         return 0;
3774 init_failure:
3775         /* Whoops, failed to init the new core. No core is operating now. */
3776         wl->current_dev = NULL;
3777         return err;
3778 }
3779
3780 /* Write the short and long frame retry limit values. */
3781 static void b43_set_retry_limits(struct b43_wldev *dev,
3782                                  unsigned int short_retry,
3783                                  unsigned int long_retry)
3784 {
3785         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3786          * the chip-internal counter. */
3787         short_retry = min(short_retry, (unsigned int)0xF);
3788         long_retry = min(long_retry, (unsigned int)0xF);
3789
3790         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3791                         short_retry);
3792         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3793                         long_retry);
3794 }
3795
3796 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3797 {
3798         struct b43_wl *wl = hw_to_b43_wl(hw);
3799         struct b43_wldev *dev;
3800         struct b43_phy *phy;
3801         struct ieee80211_conf *conf = &hw->conf;
3802         int antenna;
3803         int err = 0;
3804         bool reload_bss = false;
3805
3806         mutex_lock(&wl->mutex);
3807
3808         dev = wl->current_dev;
3809
3810         /* Switch the band (if necessary). This might change the active core. */
3811         err = b43_switch_band(wl, conf->channel);
3812         if (err)
3813                 goto out_unlock_mutex;
3814
3815         /* Need to reload all settings if the core changed */
3816         if (dev != wl->current_dev) {
3817                 dev = wl->current_dev;
3818                 changed = ~0;
3819                 reload_bss = true;
3820         }
3821
3822         phy = &dev->phy;
3823
3824         if (conf_is_ht(conf))
3825                 phy->is_40mhz =
3826                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3827         else
3828                 phy->is_40mhz = false;
3829
3830         b43_mac_suspend(dev);
3831
3832         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3833                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3834                                           conf->long_frame_max_tx_count);
3835         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3836         if (!changed)
3837                 goto out_mac_enable;
3838
3839         /* Switch to the requested channel.
3840          * The firmware takes care of races with the TX handler. */
3841         if (conf->channel->hw_value != phy->channel)
3842                 b43_switch_channel(dev, conf->channel->hw_value);
3843
3844         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3845
3846         /* Adjust the desired TX power level. */
3847         if (conf->power_level != 0) {
3848                 if (conf->power_level != phy->desired_txpower) {
3849                         phy->desired_txpower = conf->power_level;
3850                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3851                                                    B43_TXPWR_IGNORE_TSSI);
3852                 }
3853         }
3854
3855         /* Antennas for RX and management frame TX. */
3856         antenna = B43_ANTENNA_DEFAULT;
3857         b43_mgmtframe_txantenna(dev, antenna);
3858         antenna = B43_ANTENNA_DEFAULT;
3859         if (phy->ops->set_rx_antenna)
3860                 phy->ops->set_rx_antenna(dev, antenna);
3861
3862         if (wl->radio_enabled != phy->radio_on) {
3863                 if (wl->radio_enabled) {
3864                         b43_software_rfkill(dev, false);
3865                         b43info(dev->wl, "Radio turned on by software\n");
3866                         if (!dev->radio_hw_enable) {
3867                                 b43info(dev->wl, "The hardware RF-kill button "
3868                                         "still turns the radio physically off. "
3869                                         "Press the button to turn it on.\n");
3870                         }
3871                 } else {
3872                         b43_software_rfkill(dev, true);
3873                         b43info(dev->wl, "Radio turned off by software\n");
3874                 }
3875         }
3876
3877 out_mac_enable:
3878         b43_mac_enable(dev);
3879 out_unlock_mutex:
3880         mutex_unlock(&wl->mutex);
3881
3882         if (wl->vif && reload_bss)
3883                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3884
3885         return err;
3886 }
3887
3888 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3889 {
3890         struct ieee80211_supported_band *sband =
3891                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3892         struct ieee80211_rate *rate;
3893         int i;
3894         u16 basic, direct, offset, basic_offset, rateptr;
3895
3896         for (i = 0; i < sband->n_bitrates; i++) {
3897                 rate = &sband->bitrates[i];
3898
3899                 if (b43_is_cck_rate(rate->hw_value)) {
3900                         direct = B43_SHM_SH_CCKDIRECT;
3901                         basic = B43_SHM_SH_CCKBASIC;
3902                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3903                         offset &= 0xF;
3904                 } else {
3905                         direct = B43_SHM_SH_OFDMDIRECT;
3906                         basic = B43_SHM_SH_OFDMBASIC;
3907                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3908                         offset &= 0xF;
3909                 }
3910
3911                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3912
3913                 if (b43_is_cck_rate(rate->hw_value)) {
3914                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3915                         basic_offset &= 0xF;
3916                 } else {
3917                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3918                         basic_offset &= 0xF;
3919                 }
3920
3921                 /*
3922                  * Get the pointer that we need to point to
3923                  * from the direct map
3924                  */
3925                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3926                                          direct + 2 * basic_offset);
3927                 /* and write it to the basic map */
3928                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3929                                 rateptr);
3930         }
3931 }
3932
3933 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3934                                     struct ieee80211_vif *vif,
3935                                     struct ieee80211_bss_conf *conf,
3936                                     u32 changed)
3937 {
3938         struct b43_wl *wl = hw_to_b43_wl(hw);
3939         struct b43_wldev *dev;
3940
3941         mutex_lock(&wl->mutex);
3942
3943         dev = wl->current_dev;
3944         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3945                 goto out_unlock_mutex;
3946
3947         B43_WARN_ON(wl->vif != vif);
3948
3949         if (changed & BSS_CHANGED_BSSID) {
3950                 if (conf->bssid)
3951                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3952                 else
3953                         memset(wl->bssid, 0, ETH_ALEN);
3954         }
3955
3956         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3957                 if (changed & BSS_CHANGED_BEACON &&
3958                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3959                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3960                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3961                         b43_update_templates(wl);
3962
3963                 if (changed & BSS_CHANGED_BSSID)
3964                         b43_write_mac_bssid_templates(dev);
3965         }
3966
3967         b43_mac_suspend(dev);
3968
3969         /* Update templates for AP/mesh mode. */
3970         if (changed & BSS_CHANGED_BEACON_INT &&
3971             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3972              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3973              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3974             conf->beacon_int)
3975                 b43_set_beacon_int(dev, conf->beacon_int);
3976
3977         if (changed & BSS_CHANGED_BASIC_RATES)
3978                 b43_update_basic_rates(dev, conf->basic_rates);
3979
3980         if (changed & BSS_CHANGED_ERP_SLOT) {
3981                 if (conf->use_short_slot)
3982                         b43_short_slot_timing_enable(dev);
3983                 else
3984                         b43_short_slot_timing_disable(dev);
3985         }
3986
3987         b43_mac_enable(dev);
3988 out_unlock_mutex:
3989         mutex_unlock(&wl->mutex);
3990 }
3991
3992 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3993                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3994                           struct ieee80211_key_conf *key)
3995 {
3996         struct b43_wl *wl = hw_to_b43_wl(hw);
3997         struct b43_wldev *dev;
3998         u8 algorithm;
3999         u8 index;
4000         int err;
4001         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4002
4003         if (modparam_nohwcrypt)
4004                 return -ENOSPC; /* User disabled HW-crypto */
4005
4006         mutex_lock(&wl->mutex);
4007
4008         dev = wl->current_dev;
4009         err = -ENODEV;
4010         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4011                 goto out_unlock;
4012
4013         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4014                 /* We don't have firmware for the crypto engine.
4015                  * Must use software-crypto. */
4016                 err = -EOPNOTSUPP;
4017                 goto out_unlock;
4018         }
4019
4020         err = -EINVAL;
4021         switch (key->cipher) {
4022         case WLAN_CIPHER_SUITE_WEP40:
4023                 algorithm = B43_SEC_ALGO_WEP40;
4024                 break;
4025         case WLAN_CIPHER_SUITE_WEP104:
4026                 algorithm = B43_SEC_ALGO_WEP104;
4027                 break;
4028         case WLAN_CIPHER_SUITE_TKIP:
4029                 algorithm = B43_SEC_ALGO_TKIP;
4030                 break;
4031         case WLAN_CIPHER_SUITE_CCMP:
4032                 algorithm = B43_SEC_ALGO_AES;
4033                 break;
4034         default:
4035                 B43_WARN_ON(1);
4036                 goto out_unlock;
4037         }
4038         index = (u8) (key->keyidx);
4039         if (index > 3)
4040                 goto out_unlock;
4041
4042         switch (cmd) {
4043         case SET_KEY:
4044                 if (algorithm == B43_SEC_ALGO_TKIP &&
4045                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4046                     !modparam_hwtkip)) {
4047                         /* We support only pairwise key */
4048                         err = -EOPNOTSUPP;
4049                         goto out_unlock;
4050                 }
4051
4052                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4053                         if (WARN_ON(!sta)) {
4054                                 err = -EOPNOTSUPP;
4055                                 goto out_unlock;
4056                         }
4057                         /* Pairwise key with an assigned MAC address. */
4058                         err = b43_key_write(dev, -1, algorithm,
4059                                             key->key, key->keylen,
4060                                             sta->addr, key);
4061                 } else {
4062                         /* Group key */
4063                         err = b43_key_write(dev, index, algorithm,
4064                                             key->key, key->keylen, NULL, key);
4065                 }
4066                 if (err)
4067                         goto out_unlock;
4068
4069                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4070                     algorithm == B43_SEC_ALGO_WEP104) {
4071                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4072                 } else {
4073                         b43_hf_write(dev,
4074                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4075                 }
4076                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4077                 if (algorithm == B43_SEC_ALGO_TKIP)
4078                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4079                 break;
4080         case DISABLE_KEY: {
4081                 err = b43_key_clear(dev, key->hw_key_idx);
4082                 if (err)
4083                         goto out_unlock;
4084                 break;
4085         }
4086         default:
4087                 B43_WARN_ON(1);
4088         }
4089
4090 out_unlock:
4091         if (!err) {
4092                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4093                        "mac: %pM\n",
4094                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4095                        sta ? sta->addr : bcast_addr);
4096                 b43_dump_keymemory(dev);
4097         }
4098         mutex_unlock(&wl->mutex);
4099
4100         return err;
4101 }
4102
4103 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4104                                     unsigned int changed, unsigned int *fflags,
4105                                     u64 multicast)
4106 {
4107         struct b43_wl *wl = hw_to_b43_wl(hw);
4108         struct b43_wldev *dev;
4109
4110         mutex_lock(&wl->mutex);
4111         dev = wl->current_dev;
4112         if (!dev) {
4113                 *fflags = 0;
4114                 goto out_unlock;
4115         }
4116
4117         *fflags &= FIF_PROMISC_IN_BSS |
4118                   FIF_ALLMULTI |
4119                   FIF_FCSFAIL |
4120                   FIF_PLCPFAIL |
4121                   FIF_CONTROL |
4122                   FIF_OTHER_BSS |
4123                   FIF_BCN_PRBRESP_PROMISC;
4124
4125         changed &= FIF_PROMISC_IN_BSS |
4126                    FIF_ALLMULTI |
4127                    FIF_FCSFAIL |
4128                    FIF_PLCPFAIL |
4129                    FIF_CONTROL |
4130                    FIF_OTHER_BSS |
4131                    FIF_BCN_PRBRESP_PROMISC;
4132
4133         wl->filter_flags = *fflags;
4134
4135         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4136                 b43_adjust_opmode(dev);
4137
4138 out_unlock:
4139         mutex_unlock(&wl->mutex);
4140 }
4141
4142 /* Locking: wl->mutex
4143  * Returns the current dev. This might be different from the passed in dev,
4144  * because the core might be gone away while we unlocked the mutex. */
4145 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4146 {
4147         struct b43_wl *wl;
4148         struct b43_wldev *orig_dev;
4149         u32 mask;
4150
4151         if (!dev)
4152                 return NULL;
4153         wl = dev->wl;
4154 redo:
4155         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4156                 return dev;
4157
4158         /* Cancel work. Unlock to avoid deadlocks. */
4159         mutex_unlock(&wl->mutex);
4160         cancel_delayed_work_sync(&dev->periodic_work);
4161         cancel_work_sync(&wl->tx_work);
4162         mutex_lock(&wl->mutex);
4163         dev = wl->current_dev;
4164         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4165                 /* Whoops, aliens ate up the device while we were unlocked. */
4166                 return dev;
4167         }
4168
4169         /* Disable interrupts on the device. */
4170         b43_set_status(dev, B43_STAT_INITIALIZED);
4171         if (b43_bus_host_is_sdio(dev->dev)) {
4172                 /* wl->mutex is locked. That is enough. */
4173                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4174                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4175         } else {
4176                 spin_lock_irq(&wl->hardirq_lock);
4177                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4178                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4179                 spin_unlock_irq(&wl->hardirq_lock);
4180         }
4181         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4182         orig_dev = dev;
4183         mutex_unlock(&wl->mutex);
4184         if (b43_bus_host_is_sdio(dev->dev)) {
4185                 b43_sdio_free_irq(dev);
4186         } else {
4187                 synchronize_irq(dev->dev->irq);
4188                 free_irq(dev->dev->irq, dev);
4189         }
4190         mutex_lock(&wl->mutex);
4191         dev = wl->current_dev;
4192         if (!dev)
4193                 return dev;
4194         if (dev != orig_dev) {
4195                 if (b43_status(dev) >= B43_STAT_STARTED)
4196                         goto redo;
4197                 return dev;
4198         }
4199         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4200         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4201
4202         /* Drain the TX queue */
4203         while (skb_queue_len(&wl->tx_queue))
4204                 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
4205
4206         b43_mac_suspend(dev);
4207         b43_leds_exit(dev);
4208         b43dbg(wl, "Wireless interface stopped\n");
4209
4210         return dev;
4211 }
4212
4213 /* Locking: wl->mutex */
4214 static int b43_wireless_core_start(struct b43_wldev *dev)
4215 {
4216         int err;
4217
4218         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4219
4220         drain_txstatus_queue(dev);
4221         if (b43_bus_host_is_sdio(dev->dev)) {
4222                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4223                 if (err) {
4224                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4225                         goto out;
4226                 }
4227         } else {
4228                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4229                                            b43_interrupt_thread_handler,
4230                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4231                 if (err) {
4232                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4233                                dev->dev->irq);
4234                         goto out;
4235                 }
4236         }
4237
4238         /* We are ready to run. */
4239         ieee80211_wake_queues(dev->wl->hw);
4240         b43_set_status(dev, B43_STAT_STARTED);
4241
4242         /* Start data flow (TX/RX). */
4243         b43_mac_enable(dev);
4244         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4245
4246         /* Start maintenance work */
4247         b43_periodic_tasks_setup(dev);
4248
4249         b43_leds_init(dev);
4250
4251         b43dbg(dev->wl, "Wireless interface started\n");
4252 out:
4253         return err;
4254 }
4255
4256 /* Get PHY and RADIO versioning numbers */
4257 static int b43_phy_versioning(struct b43_wldev *dev)
4258 {
4259         struct b43_phy *phy = &dev->phy;
4260         u32 tmp;
4261         u8 analog_type;
4262         u8 phy_type;
4263         u8 phy_rev;
4264         u16 radio_manuf;
4265         u16 radio_ver;
4266         u16 radio_rev;
4267         int unsupported = 0;
4268
4269         /* Get PHY versioning */
4270         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4271         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4272         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4273         phy_rev = (tmp & B43_PHYVER_VERSION);
4274         switch (phy_type) {
4275         case B43_PHYTYPE_A:
4276                 if (phy_rev >= 4)
4277                         unsupported = 1;
4278                 break;
4279         case B43_PHYTYPE_B:
4280                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4281                     && phy_rev != 7)
4282                         unsupported = 1;
4283                 break;
4284         case B43_PHYTYPE_G:
4285                 if (phy_rev > 9)
4286                         unsupported = 1;
4287                 break;
4288 #ifdef CONFIG_B43_PHY_N
4289         case B43_PHYTYPE_N:
4290                 if (phy_rev > 9)
4291                         unsupported = 1;
4292                 break;
4293 #endif
4294 #ifdef CONFIG_B43_PHY_LP
4295         case B43_PHYTYPE_LP:
4296                 if (phy_rev > 2)
4297                         unsupported = 1;
4298                 break;
4299 #endif
4300 #ifdef CONFIG_B43_PHY_HT
4301         case B43_PHYTYPE_HT:
4302                 if (phy_rev > 1)
4303                         unsupported = 1;
4304                 break;
4305 #endif
4306 #ifdef CONFIG_B43_PHY_LCN
4307         case B43_PHYTYPE_LCN:
4308                 if (phy_rev > 1)
4309                         unsupported = 1;
4310                 break;
4311 #endif
4312         default:
4313                 unsupported = 1;
4314         }
4315         if (unsupported) {
4316                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4317                        "(Analog %u, Type %u, Revision %u)\n",
4318                        analog_type, phy_type, phy_rev);
4319                 return -EOPNOTSUPP;
4320         }
4321         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4322                analog_type, phy_type, phy_rev);
4323
4324         /* Get RADIO versioning */
4325         if (dev->dev->core_rev >= 24) {
4326                 u16 radio24[3];
4327
4328                 for (tmp = 0; tmp < 3; tmp++) {
4329                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4330                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4331                 }
4332
4333                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4334                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4335
4336                 radio_manuf = 0x17F;
4337                 radio_ver = (radio24[2] << 8) | radio24[1];
4338                 radio_rev = (radio24[0] & 0xF);
4339         } else {
4340                 if (dev->dev->chip_id == 0x4317) {
4341                         if (dev->dev->chip_rev == 0)
4342                                 tmp = 0x3205017F;
4343                         else if (dev->dev->chip_rev == 1)
4344                                 tmp = 0x4205017F;
4345                         else
4346                                 tmp = 0x5205017F;
4347                 } else {
4348                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4349                                     B43_RADIOCTL_ID);
4350                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4351                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4352                                     B43_RADIOCTL_ID);
4353                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4354                                 << 16;
4355                 }
4356                 radio_manuf = (tmp & 0x00000FFF);
4357                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4358                 radio_rev = (tmp & 0xF0000000) >> 28;
4359         }
4360
4361         if (radio_manuf != 0x17F /* Broadcom */)
4362                 unsupported = 1;
4363         switch (phy_type) {
4364         case B43_PHYTYPE_A:
4365                 if (radio_ver != 0x2060)
4366                         unsupported = 1;
4367                 if (radio_rev != 1)
4368                         unsupported = 1;
4369                 if (radio_manuf != 0x17F)
4370                         unsupported = 1;
4371                 break;
4372         case B43_PHYTYPE_B:
4373                 if ((radio_ver & 0xFFF0) != 0x2050)
4374                         unsupported = 1;
4375                 break;
4376         case B43_PHYTYPE_G:
4377                 if (radio_ver != 0x2050)
4378                         unsupported = 1;
4379                 break;
4380         case B43_PHYTYPE_N:
4381                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4382                         unsupported = 1;
4383                 break;
4384         case B43_PHYTYPE_LP:
4385                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4386                         unsupported = 1;
4387                 break;
4388         case B43_PHYTYPE_HT:
4389                 if (radio_ver != 0x2059)
4390                         unsupported = 1;
4391                 break;
4392         case B43_PHYTYPE_LCN:
4393                 if (radio_ver != 0x2064)
4394                         unsupported = 1;
4395                 break;
4396         default:
4397                 B43_WARN_ON(1);
4398         }
4399         if (unsupported) {
4400                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4401                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4402                        radio_manuf, radio_ver, radio_rev);
4403                 return -EOPNOTSUPP;
4404         }
4405         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4406                radio_manuf, radio_ver, radio_rev);
4407
4408         phy->radio_manuf = radio_manuf;
4409         phy->radio_ver = radio_ver;
4410         phy->radio_rev = radio_rev;
4411
4412         phy->analog = analog_type;
4413         phy->type = phy_type;
4414         phy->rev = phy_rev;
4415
4416         return 0;
4417 }
4418
4419 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4420                                       struct b43_phy *phy)
4421 {
4422         phy->hardware_power_control = !!modparam_hwpctl;
4423         phy->next_txpwr_check_time = jiffies;
4424         /* PHY TX errors counter. */
4425         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4426
4427 #if B43_DEBUG
4428         phy->phy_locked = 0;
4429         phy->radio_locked = 0;
4430 #endif
4431 }
4432
4433 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4434 {
4435         dev->dfq_valid = 0;
4436
4437         /* Assume the radio is enabled. If it's not enabled, the state will
4438          * immediately get fixed on the first periodic work run. */
4439         dev->radio_hw_enable = 1;
4440
4441         /* Stats */
4442         memset(&dev->stats, 0, sizeof(dev->stats));
4443
4444         setup_struct_phy_for_init(dev, &dev->phy);
4445
4446         /* IRQ related flags */
4447         dev->irq_reason = 0;
4448         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4449         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4450         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4451                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4452
4453         dev->mac_suspended = 1;
4454
4455         /* Noise calculation context */
4456         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4457 }
4458
4459 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4460 {
4461         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4462         u64 hf;
4463
4464         if (!modparam_btcoex)
4465                 return;
4466         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4467                 return;
4468         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4469                 return;
4470
4471         hf = b43_hf_read(dev);
4472         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4473                 hf |= B43_HF_BTCOEXALT;
4474         else
4475                 hf |= B43_HF_BTCOEX;
4476         b43_hf_write(dev, hf);
4477 }
4478
4479 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4480 {
4481         if (!modparam_btcoex)
4482                 return;
4483         //TODO
4484 }
4485
4486 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4487 {
4488         struct ssb_bus *bus;
4489         u32 tmp;
4490
4491         if (dev->dev->bus_type != B43_BUS_SSB)
4492                 return;
4493
4494         bus = dev->dev->sdev->bus;
4495
4496         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4497             (bus->chip_id == 0x4312)) {
4498                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4499                 tmp &= ~SSB_IMCFGLO_REQTO;
4500                 tmp &= ~SSB_IMCFGLO_SERTO;
4501                 tmp |= 0x3;
4502                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4503                 ssb_commit_settings(bus);
4504         }
4505 }
4506
4507 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4508 {
4509         u16 pu_delay;
4510
4511         /* The time value is in microseconds. */
4512         if (dev->phy.type == B43_PHYTYPE_A)
4513                 pu_delay = 3700;
4514         else
4515                 pu_delay = 1050;
4516         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4517                 pu_delay = 500;
4518         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4519                 pu_delay = max(pu_delay, (u16)2400);
4520
4521         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4522 }
4523
4524 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4525 static void b43_set_pretbtt(struct b43_wldev *dev)
4526 {
4527         u16 pretbtt;
4528
4529         /* The time value is in microseconds. */
4530         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4531                 pretbtt = 2;
4532         } else {
4533                 if (dev->phy.type == B43_PHYTYPE_A)
4534                         pretbtt = 120;
4535                 else
4536                         pretbtt = 250;
4537         }
4538         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4539         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4540 }
4541
4542 /* Shutdown a wireless core */
4543 /* Locking: wl->mutex */
4544 static void b43_wireless_core_exit(struct b43_wldev *dev)
4545 {
4546         u32 macctl;
4547
4548         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4549         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4550                 return;
4551
4552         /* Unregister HW RNG driver */
4553         b43_rng_exit(dev->wl);
4554
4555         b43_set_status(dev, B43_STAT_UNINIT);
4556
4557         /* Stop the microcode PSM. */
4558         macctl = b43_read32(dev, B43_MMIO_MACCTL);
4559         macctl &= ~B43_MACCTL_PSM_RUN;
4560         macctl |= B43_MACCTL_PSM_JMP0;
4561         b43_write32(dev, B43_MMIO_MACCTL, macctl);
4562
4563         b43_dma_free(dev);
4564         b43_pio_free(dev);
4565         b43_chip_exit(dev);
4566         dev->phy.ops->switch_analog(dev, 0);
4567         if (dev->wl->current_beacon) {
4568                 dev_kfree_skb_any(dev->wl->current_beacon);
4569                 dev->wl->current_beacon = NULL;
4570         }
4571
4572         b43_device_disable(dev, 0);
4573         b43_bus_may_powerdown(dev);
4574 }
4575
4576 /* Initialize a wireless core */
4577 static int b43_wireless_core_init(struct b43_wldev *dev)
4578 {
4579         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4580         struct b43_phy *phy = &dev->phy;
4581         int err;
4582         u64 hf;
4583
4584         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4585
4586         err = b43_bus_powerup(dev, 0);
4587         if (err)
4588                 goto out;
4589         if (!b43_device_is_enabled(dev))
4590                 b43_wireless_core_reset(dev, phy->gmode);
4591
4592         /* Reset all data structures. */
4593         setup_struct_wldev_for_init(dev);
4594         phy->ops->prepare_structs(dev);
4595
4596         /* Enable IRQ routing to this device. */
4597         switch (dev->dev->bus_type) {
4598 #ifdef CONFIG_B43_BCMA
4599         case B43_BUS_BCMA:
4600                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci,
4601                                       dev->dev->bdev, true);
4602                 break;
4603 #endif
4604 #ifdef CONFIG_B43_SSB
4605         case B43_BUS_SSB:
4606                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4607                                                dev->dev->sdev);
4608                 break;
4609 #endif
4610         }
4611
4612         b43_imcfglo_timeouts_workaround(dev);
4613         b43_bluetooth_coext_disable(dev);
4614         if (phy->ops->prepare_hardware) {
4615                 err = phy->ops->prepare_hardware(dev);
4616                 if (err)
4617                         goto err_busdown;
4618         }
4619         err = b43_chip_init(dev);
4620         if (err)
4621                 goto err_busdown;
4622         b43_shm_write16(dev, B43_SHM_SHARED,
4623                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4624         hf = b43_hf_read(dev);
4625         if (phy->type == B43_PHYTYPE_G) {
4626                 hf |= B43_HF_SYMW;
4627                 if (phy->rev == 1)
4628                         hf |= B43_HF_GDCW;
4629                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4630                         hf |= B43_HF_OFDMPABOOST;
4631         }
4632         if (phy->radio_ver == 0x2050) {
4633                 if (phy->radio_rev == 6)
4634                         hf |= B43_HF_4318TSSI;
4635                 if (phy->radio_rev < 6)
4636                         hf |= B43_HF_VCORECALC;
4637         }
4638         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4639                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4640 #ifdef CONFIG_SSB_DRIVER_PCICORE
4641         if (dev->dev->bus_type == B43_BUS_SSB &&
4642             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4643             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4644                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4645 #endif
4646         hf &= ~B43_HF_SKCFPUP;
4647         b43_hf_write(dev, hf);
4648
4649         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4650                              B43_DEFAULT_LONG_RETRY_LIMIT);
4651         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4652         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4653
4654         /* Disable sending probe responses from firmware.
4655          * Setting the MaxTime to one usec will always trigger
4656          * a timeout, so we never send any probe resp.
4657          * A timeout of zero is infinite. */
4658         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4659
4660         b43_rate_memory_init(dev);
4661         b43_set_phytxctl_defaults(dev);
4662
4663         /* Minimum Contention Window */
4664         if (phy->type == B43_PHYTYPE_B)
4665                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4666         else
4667                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4668         /* Maximum Contention Window */
4669         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4670
4671         if (b43_bus_host_is_pcmcia(dev->dev) ||
4672             b43_bus_host_is_sdio(dev->dev)) {
4673                 dev->__using_pio_transfers = 1;
4674                 err = b43_pio_init(dev);
4675         } else if (dev->use_pio) {
4676                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4677                         "This should not be needed and will result in lower "
4678                         "performance.\n");
4679                 dev->__using_pio_transfers = 1;
4680                 err = b43_pio_init(dev);
4681         } else {
4682                 dev->__using_pio_transfers = 0;
4683                 err = b43_dma_init(dev);
4684         }
4685         if (err)
4686                 goto err_chip_exit;
4687         b43_qos_init(dev);
4688         b43_set_synth_pu_delay(dev, 1);
4689         b43_bluetooth_coext_enable(dev);
4690
4691         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4692         b43_upload_card_macaddress(dev);
4693         b43_security_init(dev);
4694
4695         ieee80211_wake_queues(dev->wl->hw);
4696
4697         b43_set_status(dev, B43_STAT_INITIALIZED);
4698
4699         /* Register HW RNG driver */
4700         b43_rng_init(dev->wl);
4701
4702 out:
4703         return err;
4704
4705 err_chip_exit:
4706         b43_chip_exit(dev);
4707 err_busdown:
4708         b43_bus_may_powerdown(dev);
4709         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4710         return err;
4711 }
4712
4713 static int b43_op_add_interface(struct ieee80211_hw *hw,
4714                                 struct ieee80211_vif *vif)
4715 {
4716         struct b43_wl *wl = hw_to_b43_wl(hw);
4717         struct b43_wldev *dev;
4718         int err = -EOPNOTSUPP;
4719
4720         /* TODO: allow WDS/AP devices to coexist */
4721
4722         if (vif->type != NL80211_IFTYPE_AP &&
4723             vif->type != NL80211_IFTYPE_MESH_POINT &&
4724             vif->type != NL80211_IFTYPE_STATION &&
4725             vif->type != NL80211_IFTYPE_WDS &&
4726             vif->type != NL80211_IFTYPE_ADHOC)
4727                 return -EOPNOTSUPP;
4728
4729         mutex_lock(&wl->mutex);
4730         if (wl->operating)
4731                 goto out_mutex_unlock;
4732
4733         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4734
4735         dev = wl->current_dev;
4736         wl->operating = 1;
4737         wl->vif = vif;
4738         wl->if_type = vif->type;
4739         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4740
4741         b43_adjust_opmode(dev);
4742         b43_set_pretbtt(dev);
4743         b43_set_synth_pu_delay(dev, 0);
4744         b43_upload_card_macaddress(dev);
4745
4746         err = 0;
4747  out_mutex_unlock:
4748         mutex_unlock(&wl->mutex);
4749
4750         if (err == 0)
4751                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4752
4753         return err;
4754 }
4755
4756 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4757                                     struct ieee80211_vif *vif)
4758 {
4759         struct b43_wl *wl = hw_to_b43_wl(hw);
4760         struct b43_wldev *dev = wl->current_dev;
4761
4762         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4763
4764         mutex_lock(&wl->mutex);
4765
4766         B43_WARN_ON(!wl->operating);
4767         B43_WARN_ON(wl->vif != vif);
4768         wl->vif = NULL;
4769
4770         wl->operating = 0;
4771
4772         b43_adjust_opmode(dev);
4773         memset(wl->mac_addr, 0, ETH_ALEN);
4774         b43_upload_card_macaddress(dev);
4775
4776         mutex_unlock(&wl->mutex);
4777 }
4778
4779 static int b43_op_start(struct ieee80211_hw *hw)
4780 {
4781         struct b43_wl *wl = hw_to_b43_wl(hw);
4782         struct b43_wldev *dev = wl->current_dev;
4783         int did_init = 0;
4784         int err = 0;
4785
4786         /* Kill all old instance specific information to make sure
4787          * the card won't use it in the short timeframe between start
4788          * and mac80211 reconfiguring it. */
4789         memset(wl->bssid, 0, ETH_ALEN);
4790         memset(wl->mac_addr, 0, ETH_ALEN);
4791         wl->filter_flags = 0;
4792         wl->radiotap_enabled = 0;
4793         b43_qos_clear(wl);
4794         wl->beacon0_uploaded = 0;
4795         wl->beacon1_uploaded = 0;
4796         wl->beacon_templates_virgin = 1;
4797         wl->radio_enabled = 1;
4798
4799         mutex_lock(&wl->mutex);
4800
4801         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4802                 err = b43_wireless_core_init(dev);
4803                 if (err)
4804                         goto out_mutex_unlock;
4805                 did_init = 1;
4806         }
4807
4808         if (b43_status(dev) < B43_STAT_STARTED) {
4809                 err = b43_wireless_core_start(dev);
4810                 if (err) {
4811                         if (did_init)
4812                                 b43_wireless_core_exit(dev);
4813                         goto out_mutex_unlock;
4814                 }
4815         }
4816
4817         /* XXX: only do if device doesn't support rfkill irq */
4818         wiphy_rfkill_start_polling(hw->wiphy);
4819
4820  out_mutex_unlock:
4821         mutex_unlock(&wl->mutex);
4822
4823         /* reload configuration */
4824         b43_op_config(hw, ~0);
4825
4826         return err;
4827 }
4828
4829 static void b43_op_stop(struct ieee80211_hw *hw)
4830 {
4831         struct b43_wl *wl = hw_to_b43_wl(hw);
4832         struct b43_wldev *dev = wl->current_dev;
4833
4834         cancel_work_sync(&(wl->beacon_update_trigger));
4835
4836         mutex_lock(&wl->mutex);
4837         if (b43_status(dev) >= B43_STAT_STARTED) {
4838                 dev = b43_wireless_core_stop(dev);
4839                 if (!dev)
4840                         goto out_unlock;
4841         }
4842         b43_wireless_core_exit(dev);
4843         wl->radio_enabled = 0;
4844
4845 out_unlock:
4846         mutex_unlock(&wl->mutex);
4847
4848         cancel_work_sync(&(wl->txpower_adjust_work));
4849 }
4850
4851 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4852                                  struct ieee80211_sta *sta, bool set)
4853 {
4854         struct b43_wl *wl = hw_to_b43_wl(hw);
4855
4856         /* FIXME: add locking */
4857         b43_update_templates(wl);
4858
4859         return 0;
4860 }
4861
4862 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4863                               struct ieee80211_vif *vif,
4864                               enum sta_notify_cmd notify_cmd,
4865                               struct ieee80211_sta *sta)
4866 {
4867         struct b43_wl *wl = hw_to_b43_wl(hw);
4868
4869         B43_WARN_ON(!vif || wl->vif != vif);
4870 }
4871
4872 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4873 {
4874         struct b43_wl *wl = hw_to_b43_wl(hw);
4875         struct b43_wldev *dev;
4876
4877         mutex_lock(&wl->mutex);
4878         dev = wl->current_dev;
4879         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4880                 /* Disable CFP update during scan on other channels. */
4881                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4882         }
4883         mutex_unlock(&wl->mutex);
4884 }
4885
4886 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4887 {
4888         struct b43_wl *wl = hw_to_b43_wl(hw);
4889         struct b43_wldev *dev;
4890
4891         mutex_lock(&wl->mutex);
4892         dev = wl->current_dev;
4893         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4894                 /* Re-enable CFP update. */
4895                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4896         }
4897         mutex_unlock(&wl->mutex);
4898 }
4899
4900 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4901                              struct survey_info *survey)
4902 {
4903         struct b43_wl *wl = hw_to_b43_wl(hw);
4904         struct b43_wldev *dev = wl->current_dev;
4905         struct ieee80211_conf *conf = &hw->conf;
4906
4907         if (idx != 0)
4908                 return -ENOENT;
4909
4910         survey->channel = conf->channel;
4911         survey->filled = SURVEY_INFO_NOISE_DBM;
4912         survey->noise = dev->stats.link_noise;
4913
4914         return 0;
4915 }
4916
4917 static const struct ieee80211_ops b43_hw_ops = {
4918         .tx                     = b43_op_tx,
4919         .conf_tx                = b43_op_conf_tx,
4920         .add_interface          = b43_op_add_interface,
4921         .remove_interface       = b43_op_remove_interface,
4922         .config                 = b43_op_config,
4923         .bss_info_changed       = b43_op_bss_info_changed,
4924         .configure_filter       = b43_op_configure_filter,
4925         .set_key                = b43_op_set_key,
4926         .update_tkip_key        = b43_op_update_tkip_key,
4927         .get_stats              = b43_op_get_stats,
4928         .get_tsf                = b43_op_get_tsf,
4929         .set_tsf                = b43_op_set_tsf,
4930         .start                  = b43_op_start,
4931         .stop                   = b43_op_stop,
4932         .set_tim                = b43_op_beacon_set_tim,
4933         .sta_notify             = b43_op_sta_notify,
4934         .sw_scan_start          = b43_op_sw_scan_start_notifier,
4935         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
4936         .get_survey             = b43_op_get_survey,
4937         .rfkill_poll            = b43_rfkill_poll,
4938 };
4939
4940 /* Hard-reset the chip. Do not call this directly.
4941  * Use b43_controller_restart()
4942  */
4943 static void b43_chip_reset(struct work_struct *work)
4944 {
4945         struct b43_wldev *dev =
4946             container_of(work, struct b43_wldev, restart_work);
4947         struct b43_wl *wl = dev->wl;
4948         int err = 0;
4949         int prev_status;
4950
4951         mutex_lock(&wl->mutex);
4952
4953         prev_status = b43_status(dev);
4954         /* Bring the device down... */
4955         if (prev_status >= B43_STAT_STARTED) {
4956                 dev = b43_wireless_core_stop(dev);
4957                 if (!dev) {
4958                         err = -ENODEV;
4959                         goto out;
4960                 }
4961         }
4962         if (prev_status >= B43_STAT_INITIALIZED)
4963                 b43_wireless_core_exit(dev);
4964
4965         /* ...and up again. */
4966         if (prev_status >= B43_STAT_INITIALIZED) {
4967                 err = b43_wireless_core_init(dev);
4968                 if (err)
4969                         goto out;
4970         }
4971         if (prev_status >= B43_STAT_STARTED) {
4972                 err = b43_wireless_core_start(dev);
4973                 if (err) {
4974                         b43_wireless_core_exit(dev);
4975                         goto out;
4976                 }
4977         }
4978 out:
4979         if (err)
4980                 wl->current_dev = NULL; /* Failed to init the dev. */
4981         mutex_unlock(&wl->mutex);
4982
4983         if (err) {
4984                 b43err(wl, "Controller restart FAILED\n");
4985                 return;
4986         }
4987
4988         /* reload configuration */
4989         b43_op_config(wl->hw, ~0);
4990         if (wl->vif)
4991                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
4992
4993         b43info(wl, "Controller restarted\n");
4994 }
4995
4996 static int b43_setup_bands(struct b43_wldev *dev,
4997                            bool have_2ghz_phy, bool have_5ghz_phy)
4998 {
4999         struct ieee80211_hw *hw = dev->wl->hw;
5000
5001         if (have_2ghz_phy)
5002                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5003         if (dev->phy.type == B43_PHYTYPE_N) {
5004                 if (have_5ghz_phy)
5005                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5006         } else {
5007                 if (have_5ghz_phy)
5008                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5009         }
5010
5011         dev->phy.supports_2ghz = have_2ghz_phy;
5012         dev->phy.supports_5ghz = have_5ghz_phy;
5013
5014         return 0;
5015 }
5016
5017 static void b43_wireless_core_detach(struct b43_wldev *dev)
5018 {
5019         /* We release firmware that late to not be required to re-request
5020          * is all the time when we reinit the core. */
5021         b43_release_firmware(dev);
5022         b43_phy_free(dev);
5023 }
5024
5025 static int b43_wireless_core_attach(struct b43_wldev *dev)
5026 {
5027         struct b43_wl *wl = dev->wl;
5028         struct pci_dev *pdev = NULL;
5029         int err;
5030         u32 tmp;
5031         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
5032
5033         /* Do NOT do any device initialization here.
5034          * Do it in wireless_core_init() instead.
5035          * This function is for gathering basic information about the HW, only.
5036          * Also some structs may be set up here. But most likely you want to have
5037          * that in core_init(), too.
5038          */
5039
5040 #ifdef CONFIG_B43_SSB
5041         if (dev->dev->bus_type == B43_BUS_SSB &&
5042             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5043                 pdev = dev->dev->sdev->bus->host_pci;
5044 #endif
5045
5046         err = b43_bus_powerup(dev, 0);
5047         if (err) {
5048                 b43err(wl, "Bus powerup failed\n");
5049                 goto out;
5050         }
5051
5052         /* Get the PHY type. */
5053         switch (dev->dev->bus_type) {
5054 #ifdef CONFIG_B43_BCMA
5055         case B43_BUS_BCMA:
5056                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5057                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5058                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5059                 break;
5060 #endif
5061 #ifdef CONFIG_B43_SSB
5062         case B43_BUS_SSB:
5063                 if (dev->dev->core_rev >= 5) {
5064                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5065                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5066                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5067                 } else
5068                         B43_WARN_ON(1);
5069                 break;
5070 #endif
5071         }
5072
5073         dev->phy.gmode = have_2ghz_phy;
5074         dev->phy.radio_on = 1;
5075         b43_wireless_core_reset(dev, dev->phy.gmode);
5076
5077         err = b43_phy_versioning(dev);
5078         if (err)
5079                 goto err_powerdown;
5080         /* Check if this device supports multiband. */
5081         if (!pdev ||
5082             (pdev->device != 0x4312 &&
5083              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5084                 /* No multiband support. */
5085                 have_2ghz_phy = 0;
5086                 have_5ghz_phy = 0;
5087                 switch (dev->phy.type) {
5088                 case B43_PHYTYPE_A:
5089                         have_5ghz_phy = 1;
5090                         break;
5091                 case B43_PHYTYPE_LP: //FIXME not always!
5092 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5093                         have_5ghz_phy = 1;
5094 #endif
5095                 case B43_PHYTYPE_G:
5096                 case B43_PHYTYPE_N:
5097                 case B43_PHYTYPE_HT:
5098                 case B43_PHYTYPE_LCN:
5099                         have_2ghz_phy = 1;
5100                         break;
5101                 default:
5102                         B43_WARN_ON(1);
5103                 }
5104         }
5105         if (dev->phy.type == B43_PHYTYPE_A) {
5106                 /* FIXME */
5107                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5108                 err = -EOPNOTSUPP;
5109                 goto err_powerdown;
5110         }
5111         if (1 /* disable A-PHY */) {
5112                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5113                 if (dev->phy.type != B43_PHYTYPE_N &&
5114                     dev->phy.type != B43_PHYTYPE_LP) {
5115                         have_2ghz_phy = 1;
5116                         have_5ghz_phy = 0;
5117                 }
5118         }
5119
5120         err = b43_phy_allocate(dev);
5121         if (err)
5122                 goto err_powerdown;
5123
5124         dev->phy.gmode = have_2ghz_phy;
5125         b43_wireless_core_reset(dev, dev->phy.gmode);
5126
5127         err = b43_validate_chipaccess(dev);
5128         if (err)
5129                 goto err_phy_free;
5130         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5131         if (err)
5132                 goto err_phy_free;
5133
5134         /* Now set some default "current_dev" */
5135         if (!wl->current_dev)
5136                 wl->current_dev = dev;
5137         INIT_WORK(&dev->restart_work, b43_chip_reset);
5138
5139         dev->phy.ops->switch_analog(dev, 0);
5140         b43_device_disable(dev, 0);
5141         b43_bus_may_powerdown(dev);
5142
5143 out:
5144         return err;
5145
5146 err_phy_free:
5147         b43_phy_free(dev);
5148 err_powerdown:
5149         b43_bus_may_powerdown(dev);
5150         return err;
5151 }
5152
5153 static void b43_one_core_detach(struct b43_bus_dev *dev)
5154 {
5155         struct b43_wldev *wldev;
5156         struct b43_wl *wl;
5157
5158         /* Do not cancel ieee80211-workqueue based work here.
5159          * See comment in b43_remove(). */
5160
5161         wldev = b43_bus_get_wldev(dev);
5162         wl = wldev->wl;
5163         b43_debugfs_remove_device(wldev);
5164         b43_wireless_core_detach(wldev);
5165         list_del(&wldev->list);
5166         wl->nr_devs--;
5167         b43_bus_set_wldev(dev, NULL);
5168         kfree(wldev);
5169 }
5170
5171 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5172 {
5173         struct b43_wldev *wldev;
5174         int err = -ENOMEM;
5175
5176         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5177         if (!wldev)
5178                 goto out;
5179
5180         wldev->use_pio = b43_modparam_pio;
5181         wldev->dev = dev;
5182         wldev->wl = wl;
5183         b43_set_status(wldev, B43_STAT_UNINIT);
5184         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5185         INIT_LIST_HEAD(&wldev->list);
5186
5187         err = b43_wireless_core_attach(wldev);
5188         if (err)
5189                 goto err_kfree_wldev;
5190
5191         list_add(&wldev->list, &wl->devlist);
5192         wl->nr_devs++;
5193         b43_bus_set_wldev(dev, wldev);
5194         b43_debugfs_add_device(wldev);
5195
5196       out:
5197         return err;
5198
5199       err_kfree_wldev:
5200         kfree(wldev);
5201         return err;
5202 }
5203
5204 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5205         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5206         (pdev->device == _device) &&                                    \
5207         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5208         (pdev->subsystem_device == _subdevice)                          )
5209
5210 static void b43_sprom_fixup(struct ssb_bus *bus)
5211 {
5212         struct pci_dev *pdev;
5213
5214         /* boardflags workarounds */
5215         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5216             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
5217                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5218         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5219             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
5220                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5221         if (bus->bustype == SSB_BUSTYPE_PCI) {
5222                 pdev = bus->host_pci;
5223                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5224                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5225                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5226                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5227                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5228                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5229                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5230                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5231         }
5232 }
5233
5234 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5235 {
5236         struct ieee80211_hw *hw = wl->hw;
5237
5238         ssb_set_devtypedata(dev->sdev, NULL);
5239         ieee80211_free_hw(hw);
5240 }
5241
5242 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5243 {
5244         struct ssb_sprom *sprom = dev->bus_sprom;
5245         struct ieee80211_hw *hw;
5246         struct b43_wl *wl;
5247         char chip_name[6];
5248
5249         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5250         if (!hw) {
5251                 b43err(NULL, "Could not allocate ieee80211 device\n");
5252                 return ERR_PTR(-ENOMEM);
5253         }
5254         wl = hw_to_b43_wl(hw);
5255
5256         /* fill hw info */
5257         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5258                     IEEE80211_HW_SIGNAL_DBM;
5259
5260         hw->wiphy->interface_modes =
5261                 BIT(NL80211_IFTYPE_AP) |
5262                 BIT(NL80211_IFTYPE_MESH_POINT) |
5263                 BIT(NL80211_IFTYPE_STATION) |
5264                 BIT(NL80211_IFTYPE_WDS) |
5265                 BIT(NL80211_IFTYPE_ADHOC);
5266
5267         hw->queues = modparam_qos ? 4 : 1;
5268         wl->mac80211_initially_registered_queues = hw->queues;
5269         hw->max_rates = 2;
5270         SET_IEEE80211_DEV(hw, dev->dev);
5271         if (is_valid_ether_addr(sprom->et1mac))
5272                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5273         else
5274                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5275
5276         /* Initialize struct b43_wl */
5277         wl->hw = hw;
5278         mutex_init(&wl->mutex);
5279         spin_lock_init(&wl->hardirq_lock);
5280         INIT_LIST_HEAD(&wl->devlist);
5281         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5282         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5283         INIT_WORK(&wl->tx_work, b43_tx_work);
5284         skb_queue_head_init(&wl->tx_queue);
5285
5286         snprintf(chip_name, ARRAY_SIZE(chip_name),
5287                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5288         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5289                 dev->core_rev);
5290         return wl;
5291 }
5292
5293 #ifdef CONFIG_B43_BCMA
5294 static int b43_bcma_probe(struct bcma_device *core)
5295 {
5296         struct b43_bus_dev *dev;
5297         struct b43_wl *wl;
5298         int err;
5299
5300         dev = b43_bus_dev_bcma_init(core);
5301         if (!dev)
5302                 return -ENODEV;
5303
5304         wl = b43_wireless_init(dev);
5305         if (IS_ERR(wl)) {
5306                 err = PTR_ERR(wl);
5307                 goto bcma_out;
5308         }
5309
5310         err = b43_one_core_attach(dev, wl);
5311         if (err)
5312                 goto bcma_err_wireless_exit;
5313
5314         err = ieee80211_register_hw(wl->hw);
5315         if (err)
5316                 goto bcma_err_one_core_detach;
5317         b43_leds_register(wl->current_dev);
5318
5319 bcma_out:
5320         return err;
5321
5322 bcma_err_one_core_detach:
5323         b43_one_core_detach(dev);
5324 bcma_err_wireless_exit:
5325         ieee80211_free_hw(wl->hw);
5326         return err;
5327 }
5328
5329 static void b43_bcma_remove(struct bcma_device *core)
5330 {
5331         struct b43_wldev *wldev = bcma_get_drvdata(core);
5332         struct b43_wl *wl = wldev->wl;
5333
5334         /* We must cancel any work here before unregistering from ieee80211,
5335          * as the ieee80211 unreg will destroy the workqueue. */
5336         cancel_work_sync(&wldev->restart_work);
5337
5338         /* Restore the queues count before unregistering, because firmware detect
5339          * might have modified it. Restoring is important, so the networking
5340          * stack can properly free resources. */
5341         wl->hw->queues = wl->mac80211_initially_registered_queues;
5342         b43_leds_stop(wldev);
5343         ieee80211_unregister_hw(wl->hw);
5344
5345         b43_one_core_detach(wldev->dev);
5346
5347         b43_leds_unregister(wl);
5348
5349         ieee80211_free_hw(wl->hw);
5350 }
5351
5352 static struct bcma_driver b43_bcma_driver = {
5353         .name           = KBUILD_MODNAME,
5354         .id_table       = b43_bcma_tbl,
5355         .probe          = b43_bcma_probe,
5356         .remove         = b43_bcma_remove,
5357 };
5358 #endif
5359
5360 #ifdef CONFIG_B43_SSB
5361 static
5362 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5363 {
5364         struct b43_bus_dev *dev;
5365         struct b43_wl *wl;
5366         int err;
5367         int first = 0;
5368
5369         dev = b43_bus_dev_ssb_init(sdev);
5370         if (!dev)
5371                 return -ENOMEM;
5372
5373         wl = ssb_get_devtypedata(sdev);
5374         if (!wl) {
5375                 /* Probing the first core. Must setup common struct b43_wl */
5376                 first = 1;
5377                 b43_sprom_fixup(sdev->bus);
5378                 wl = b43_wireless_init(dev);
5379                 if (IS_ERR(wl)) {
5380                         err = PTR_ERR(wl);
5381                         goto out;
5382                 }
5383                 ssb_set_devtypedata(sdev, wl);
5384                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5385         }
5386         err = b43_one_core_attach(dev, wl);
5387         if (err)
5388                 goto err_wireless_exit;
5389
5390         if (first) {
5391                 err = ieee80211_register_hw(wl->hw);
5392                 if (err)
5393                         goto err_one_core_detach;
5394                 b43_leds_register(wl->current_dev);
5395         }
5396
5397       out:
5398         return err;
5399
5400       err_one_core_detach:
5401         b43_one_core_detach(dev);
5402       err_wireless_exit:
5403         if (first)
5404                 b43_wireless_exit(dev, wl);
5405         return err;
5406 }
5407
5408 static void b43_ssb_remove(struct ssb_device *sdev)
5409 {
5410         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5411         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5412         struct b43_bus_dev *dev = wldev->dev;
5413
5414         /* We must cancel any work here before unregistering from ieee80211,
5415          * as the ieee80211 unreg will destroy the workqueue. */
5416         cancel_work_sync(&wldev->restart_work);
5417
5418         B43_WARN_ON(!wl);
5419         if (wl->current_dev == wldev) {
5420                 /* Restore the queues count before unregistering, because firmware detect
5421                  * might have modified it. Restoring is important, so the networking
5422                  * stack can properly free resources. */
5423                 wl->hw->queues = wl->mac80211_initially_registered_queues;
5424                 b43_leds_stop(wldev);
5425                 ieee80211_unregister_hw(wl->hw);
5426         }
5427
5428         b43_one_core_detach(dev);
5429
5430         if (list_empty(&wl->devlist)) {
5431                 b43_leds_unregister(wl);
5432                 /* Last core on the chip unregistered.
5433                  * We can destroy common struct b43_wl.
5434                  */
5435                 b43_wireless_exit(dev, wl);
5436         }
5437 }
5438
5439 static struct ssb_driver b43_ssb_driver = {
5440         .name           = KBUILD_MODNAME,
5441         .id_table       = b43_ssb_tbl,
5442         .probe          = b43_ssb_probe,
5443         .remove         = b43_ssb_remove,
5444 };
5445 #endif /* CONFIG_B43_SSB */
5446
5447 /* Perform a hardware reset. This can be called from any context. */
5448 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5449 {
5450         /* Must avoid requeueing, if we are in shutdown. */
5451         if (b43_status(dev) < B43_STAT_INITIALIZED)
5452                 return;
5453         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5454         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5455 }
5456
5457 static void b43_print_driverinfo(void)
5458 {
5459         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5460                    *feat_leds = "", *feat_sdio = "";
5461
5462 #ifdef CONFIG_B43_PCI_AUTOSELECT
5463         feat_pci = "P";
5464 #endif
5465 #ifdef CONFIG_B43_PCMCIA
5466         feat_pcmcia = "M";
5467 #endif
5468 #ifdef CONFIG_B43_PHY_N
5469         feat_nphy = "N";
5470 #endif
5471 #ifdef CONFIG_B43_LEDS
5472         feat_leds = "L";
5473 #endif
5474 #ifdef CONFIG_B43_SDIO
5475         feat_sdio = "S";
5476 #endif
5477         printk(KERN_INFO "Broadcom 43xx driver loaded "
5478                "[ Features: %s%s%s%s%s ]\n",
5479                feat_pci, feat_pcmcia, feat_nphy,
5480                feat_leds, feat_sdio);
5481 }
5482
5483 static int __init b43_init(void)
5484 {
5485         int err;
5486
5487         b43_debugfs_init();
5488         err = b43_pcmcia_init();
5489         if (err)
5490                 goto err_dfs_exit;
5491         err = b43_sdio_init();
5492         if (err)
5493                 goto err_pcmcia_exit;
5494 #ifdef CONFIG_B43_BCMA
5495         err = bcma_driver_register(&b43_bcma_driver);
5496         if (err)
5497                 goto err_sdio_exit;
5498 #endif
5499 #ifdef CONFIG_B43_SSB
5500         err = ssb_driver_register(&b43_ssb_driver);
5501         if (err)
5502                 goto err_bcma_driver_exit;
5503 #endif
5504         b43_print_driverinfo();
5505
5506         return err;
5507
5508 #ifdef CONFIG_B43_SSB
5509 err_bcma_driver_exit:
5510 #endif
5511 #ifdef CONFIG_B43_BCMA
5512         bcma_driver_unregister(&b43_bcma_driver);
5513 err_sdio_exit:
5514 #endif
5515         b43_sdio_exit();
5516 err_pcmcia_exit:
5517         b43_pcmcia_exit();
5518 err_dfs_exit:
5519         b43_debugfs_exit();
5520         return err;
5521 }
5522
5523 static void __exit b43_exit(void)
5524 {
5525 #ifdef CONFIG_B43_SSB
5526         ssb_driver_unregister(&b43_ssb_driver);
5527 #endif
5528 #ifdef CONFIG_B43_BCMA
5529         bcma_driver_unregister(&b43_bcma_driver);
5530 #endif
5531         b43_sdio_exit();
5532         b43_pcmcia_exit();
5533         b43_debugfs_exit();
5534 }
5535
5536 module_init(b43_init)
5537 module_exit(b43_exit)