Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   SDIO support
12   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
13
14   Some parts of the code in this file are derived from the ipw2200
15   driver  Copyright(c) 2003 - 2004 Intel Corporation.
16
17   This program is free software; you can redistribute it and/or modify
18   it under the terms of the GNU General Public License as published by
19   the Free Software Foundation; either version 2 of the License, or
20   (at your option) any later version.
21
22   This program is distributed in the hope that it will be useful,
23   but WITHOUT ANY WARRANTY; without even the implied warranty of
24   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25   GNU General Public License for more details.
26
27   You should have received a copy of the GNU General Public License
28   along with this program; see the file COPYING.  If not, write to
29   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
30   Boston, MA 02110-1301, USA.
31
32 */
33
34 #include <linux/delay.h>
35 #include <linux/init.h>
36 #include <linux/moduleparam.h>
37 #include <linux/if_arp.h>
38 #include <linux/etherdevice.h>
39 #include <linux/firmware.h>
40 #include <linux/wireless.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <asm/unaligned.h>
46
47 #include "b43.h"
48 #include "main.h"
49 #include "debugfs.h"
50 #include "phy_common.h"
51 #include "phy_g.h"
52 #include "phy_n.h"
53 #include "dma.h"
54 #include "pio.h"
55 #include "sysfs.h"
56 #include "xmit.h"
57 #include "lo.h"
58 #include "pcmcia.h"
59 #include "sdio.h"
60 #include <linux/mmc/sdio_func.h>
61
62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63 MODULE_AUTHOR("Martin Langer");
64 MODULE_AUTHOR("Stefano Brivio");
65 MODULE_AUTHOR("Michael Buesch");
66 MODULE_AUTHOR("Gábor Stefanik");
67 MODULE_LICENSE("GPL");
68
69 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
70
71
72 static int modparam_bad_frames_preempt;
73 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
74 MODULE_PARM_DESC(bad_frames_preempt,
75                  "enable(1) / disable(0) Bad Frames Preemption");
76
77 static char modparam_fwpostfix[16];
78 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
79 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
80
81 static int modparam_hwpctl;
82 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
83 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
84
85 static int modparam_nohwcrypt;
86 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
87 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
88
89 static int modparam_hwtkip;
90 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
91 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
92
93 static int modparam_qos = 1;
94 module_param_named(qos, modparam_qos, int, 0444);
95 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
96
97 static int modparam_btcoex = 1;
98 module_param_named(btcoex, modparam_btcoex, int, 0444);
99 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
100
101 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
102 module_param_named(verbose, b43_modparam_verbose, int, 0644);
103 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
104
105 static int modparam_pio;
106 module_param_named(pio, modparam_pio, int, 0444);
107 MODULE_PARM_DESC(pio, "enable(1) / disable(0) PIO mode");
108
109 static const struct ssb_device_id b43_ssb_tbl[] = {
110         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
111         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
112         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
113         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
114         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
115         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
116         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
117         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
118         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
119         SSB_DEVTABLE_END
120 };
121
122 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
123
124 /* Channel and ratetables are shared for all devices.
125  * They can't be const, because ieee80211 puts some precalculated
126  * data in there. This data is the same for all devices, so we don't
127  * get concurrency issues */
128 #define RATETAB_ENT(_rateid, _flags) \
129         {                                                               \
130                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
131                 .hw_value       = (_rateid),                            \
132                 .flags          = (_flags),                             \
133         }
134
135 /*
136  * NOTE: When changing this, sync with xmit.c's
137  *       b43_plcp_get_bitrate_idx_* functions!
138  */
139 static struct ieee80211_rate __b43_ratetable[] = {
140         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
141         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
142         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
143         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
144         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
145         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
146         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
147         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
148         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
149         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
150         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
151         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
152 };
153
154 #define b43_a_ratetable         (__b43_ratetable + 4)
155 #define b43_a_ratetable_size    8
156 #define b43_b_ratetable         (__b43_ratetable + 0)
157 #define b43_b_ratetable_size    4
158 #define b43_g_ratetable         (__b43_ratetable + 0)
159 #define b43_g_ratetable_size    12
160
161 #define CHAN4G(_channel, _freq, _flags) {                       \
162         .band                   = IEEE80211_BAND_2GHZ,          \
163         .center_freq            = (_freq),                      \
164         .hw_value               = (_channel),                   \
165         .flags                  = (_flags),                     \
166         .max_antenna_gain       = 0,                            \
167         .max_power              = 30,                           \
168 }
169 static struct ieee80211_channel b43_2ghz_chantable[] = {
170         CHAN4G(1, 2412, 0),
171         CHAN4G(2, 2417, 0),
172         CHAN4G(3, 2422, 0),
173         CHAN4G(4, 2427, 0),
174         CHAN4G(5, 2432, 0),
175         CHAN4G(6, 2437, 0),
176         CHAN4G(7, 2442, 0),
177         CHAN4G(8, 2447, 0),
178         CHAN4G(9, 2452, 0),
179         CHAN4G(10, 2457, 0),
180         CHAN4G(11, 2462, 0),
181         CHAN4G(12, 2467, 0),
182         CHAN4G(13, 2472, 0),
183         CHAN4G(14, 2484, 0),
184 };
185 #undef CHAN4G
186
187 #define CHAN5G(_channel, _flags) {                              \
188         .band                   = IEEE80211_BAND_5GHZ,          \
189         .center_freq            = 5000 + (5 * (_channel)),      \
190         .hw_value               = (_channel),                   \
191         .flags                  = (_flags),                     \
192         .max_antenna_gain       = 0,                            \
193         .max_power              = 30,                           \
194 }
195 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
196         CHAN5G(32, 0),          CHAN5G(34, 0),
197         CHAN5G(36, 0),          CHAN5G(38, 0),
198         CHAN5G(40, 0),          CHAN5G(42, 0),
199         CHAN5G(44, 0),          CHAN5G(46, 0),
200         CHAN5G(48, 0),          CHAN5G(50, 0),
201         CHAN5G(52, 0),          CHAN5G(54, 0),
202         CHAN5G(56, 0),          CHAN5G(58, 0),
203         CHAN5G(60, 0),          CHAN5G(62, 0),
204         CHAN5G(64, 0),          CHAN5G(66, 0),
205         CHAN5G(68, 0),          CHAN5G(70, 0),
206         CHAN5G(72, 0),          CHAN5G(74, 0),
207         CHAN5G(76, 0),          CHAN5G(78, 0),
208         CHAN5G(80, 0),          CHAN5G(82, 0),
209         CHAN5G(84, 0),          CHAN5G(86, 0),
210         CHAN5G(88, 0),          CHAN5G(90, 0),
211         CHAN5G(92, 0),          CHAN5G(94, 0),
212         CHAN5G(96, 0),          CHAN5G(98, 0),
213         CHAN5G(100, 0),         CHAN5G(102, 0),
214         CHAN5G(104, 0),         CHAN5G(106, 0),
215         CHAN5G(108, 0),         CHAN5G(110, 0),
216         CHAN5G(112, 0),         CHAN5G(114, 0),
217         CHAN5G(116, 0),         CHAN5G(118, 0),
218         CHAN5G(120, 0),         CHAN5G(122, 0),
219         CHAN5G(124, 0),         CHAN5G(126, 0),
220         CHAN5G(128, 0),         CHAN5G(130, 0),
221         CHAN5G(132, 0),         CHAN5G(134, 0),
222         CHAN5G(136, 0),         CHAN5G(138, 0),
223         CHAN5G(140, 0),         CHAN5G(142, 0),
224         CHAN5G(144, 0),         CHAN5G(145, 0),
225         CHAN5G(146, 0),         CHAN5G(147, 0),
226         CHAN5G(148, 0),         CHAN5G(149, 0),
227         CHAN5G(150, 0),         CHAN5G(151, 0),
228         CHAN5G(152, 0),         CHAN5G(153, 0),
229         CHAN5G(154, 0),         CHAN5G(155, 0),
230         CHAN5G(156, 0),         CHAN5G(157, 0),
231         CHAN5G(158, 0),         CHAN5G(159, 0),
232         CHAN5G(160, 0),         CHAN5G(161, 0),
233         CHAN5G(162, 0),         CHAN5G(163, 0),
234         CHAN5G(164, 0),         CHAN5G(165, 0),
235         CHAN5G(166, 0),         CHAN5G(168, 0),
236         CHAN5G(170, 0),         CHAN5G(172, 0),
237         CHAN5G(174, 0),         CHAN5G(176, 0),
238         CHAN5G(178, 0),         CHAN5G(180, 0),
239         CHAN5G(182, 0),         CHAN5G(184, 0),
240         CHAN5G(186, 0),         CHAN5G(188, 0),
241         CHAN5G(190, 0),         CHAN5G(192, 0),
242         CHAN5G(194, 0),         CHAN5G(196, 0),
243         CHAN5G(198, 0),         CHAN5G(200, 0),
244         CHAN5G(202, 0),         CHAN5G(204, 0),
245         CHAN5G(206, 0),         CHAN5G(208, 0),
246         CHAN5G(210, 0),         CHAN5G(212, 0),
247         CHAN5G(214, 0),         CHAN5G(216, 0),
248         CHAN5G(218, 0),         CHAN5G(220, 0),
249         CHAN5G(222, 0),         CHAN5G(224, 0),
250         CHAN5G(226, 0),         CHAN5G(228, 0),
251 };
252
253 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
254         CHAN5G(34, 0),          CHAN5G(36, 0),
255         CHAN5G(38, 0),          CHAN5G(40, 0),
256         CHAN5G(42, 0),          CHAN5G(44, 0),
257         CHAN5G(46, 0),          CHAN5G(48, 0),
258         CHAN5G(52, 0),          CHAN5G(56, 0),
259         CHAN5G(60, 0),          CHAN5G(64, 0),
260         CHAN5G(100, 0),         CHAN5G(104, 0),
261         CHAN5G(108, 0),         CHAN5G(112, 0),
262         CHAN5G(116, 0),         CHAN5G(120, 0),
263         CHAN5G(124, 0),         CHAN5G(128, 0),
264         CHAN5G(132, 0),         CHAN5G(136, 0),
265         CHAN5G(140, 0),         CHAN5G(149, 0),
266         CHAN5G(153, 0),         CHAN5G(157, 0),
267         CHAN5G(161, 0),         CHAN5G(165, 0),
268         CHAN5G(184, 0),         CHAN5G(188, 0),
269         CHAN5G(192, 0),         CHAN5G(196, 0),
270         CHAN5G(200, 0),         CHAN5G(204, 0),
271         CHAN5G(208, 0),         CHAN5G(212, 0),
272         CHAN5G(216, 0),
273 };
274 #undef CHAN5G
275
276 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
277         .band           = IEEE80211_BAND_5GHZ,
278         .channels       = b43_5ghz_nphy_chantable,
279         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
280         .bitrates       = b43_a_ratetable,
281         .n_bitrates     = b43_a_ratetable_size,
282 };
283
284 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
285         .band           = IEEE80211_BAND_5GHZ,
286         .channels       = b43_5ghz_aphy_chantable,
287         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
288         .bitrates       = b43_a_ratetable,
289         .n_bitrates     = b43_a_ratetable_size,
290 };
291
292 static struct ieee80211_supported_band b43_band_2GHz = {
293         .band           = IEEE80211_BAND_2GHZ,
294         .channels       = b43_2ghz_chantable,
295         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
296         .bitrates       = b43_g_ratetable,
297         .n_bitrates     = b43_g_ratetable_size,
298 };
299
300 static void b43_wireless_core_exit(struct b43_wldev *dev);
301 static int b43_wireless_core_init(struct b43_wldev *dev);
302 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
303 static int b43_wireless_core_start(struct b43_wldev *dev);
304
305 static int b43_ratelimit(struct b43_wl *wl)
306 {
307         if (!wl || !wl->current_dev)
308                 return 1;
309         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
310                 return 1;
311         /* We are up and running.
312          * Ratelimit the messages to avoid DoS over the net. */
313         return net_ratelimit();
314 }
315
316 void b43info(struct b43_wl *wl, const char *fmt, ...)
317 {
318         va_list args;
319
320         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
321                 return;
322         if (!b43_ratelimit(wl))
323                 return;
324         va_start(args, fmt);
325         printk(KERN_INFO "b43-%s: ",
326                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
327         vprintk(fmt, args);
328         va_end(args);
329 }
330
331 void b43err(struct b43_wl *wl, const char *fmt, ...)
332 {
333         va_list args;
334
335         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
336                 return;
337         if (!b43_ratelimit(wl))
338                 return;
339         va_start(args, fmt);
340         printk(KERN_ERR "b43-%s ERROR: ",
341                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
342         vprintk(fmt, args);
343         va_end(args);
344 }
345
346 void b43warn(struct b43_wl *wl, const char *fmt, ...)
347 {
348         va_list args;
349
350         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
351                 return;
352         if (!b43_ratelimit(wl))
353                 return;
354         va_start(args, fmt);
355         printk(KERN_WARNING "b43-%s warning: ",
356                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
357         vprintk(fmt, args);
358         va_end(args);
359 }
360
361 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
362 {
363         va_list args;
364
365         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
366                 return;
367         va_start(args, fmt);
368         printk(KERN_DEBUG "b43-%s debug: ",
369                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
370         vprintk(fmt, args);
371         va_end(args);
372 }
373
374 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
375 {
376         u32 macctl;
377
378         B43_WARN_ON(offset % 4 != 0);
379
380         macctl = b43_read32(dev, B43_MMIO_MACCTL);
381         if (macctl & B43_MACCTL_BE)
382                 val = swab32(val);
383
384         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
385         mmiowb();
386         b43_write32(dev, B43_MMIO_RAM_DATA, val);
387 }
388
389 static inline void b43_shm_control_word(struct b43_wldev *dev,
390                                         u16 routing, u16 offset)
391 {
392         u32 control;
393
394         /* "offset" is the WORD offset. */
395         control = routing;
396         control <<= 16;
397         control |= offset;
398         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
399 }
400
401 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
402 {
403         u32 ret;
404
405         if (routing == B43_SHM_SHARED) {
406                 B43_WARN_ON(offset & 0x0001);
407                 if (offset & 0x0003) {
408                         /* Unaligned access */
409                         b43_shm_control_word(dev, routing, offset >> 2);
410                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
411                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
412                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
413
414                         goto out;
415                 }
416                 offset >>= 2;
417         }
418         b43_shm_control_word(dev, routing, offset);
419         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
420 out:
421         return ret;
422 }
423
424 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
425 {
426         u16 ret;
427
428         if (routing == B43_SHM_SHARED) {
429                 B43_WARN_ON(offset & 0x0001);
430                 if (offset & 0x0003) {
431                         /* Unaligned access */
432                         b43_shm_control_word(dev, routing, offset >> 2);
433                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
434
435                         goto out;
436                 }
437                 offset >>= 2;
438         }
439         b43_shm_control_word(dev, routing, offset);
440         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
441 out:
442         return ret;
443 }
444
445 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
446 {
447         if (routing == B43_SHM_SHARED) {
448                 B43_WARN_ON(offset & 0x0001);
449                 if (offset & 0x0003) {
450                         /* Unaligned access */
451                         b43_shm_control_word(dev, routing, offset >> 2);
452                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
453                                     value & 0xFFFF);
454                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
455                         b43_write16(dev, B43_MMIO_SHM_DATA,
456                                     (value >> 16) & 0xFFFF);
457                         return;
458                 }
459                 offset >>= 2;
460         }
461         b43_shm_control_word(dev, routing, offset);
462         b43_write32(dev, B43_MMIO_SHM_DATA, value);
463 }
464
465 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
466 {
467         if (routing == B43_SHM_SHARED) {
468                 B43_WARN_ON(offset & 0x0001);
469                 if (offset & 0x0003) {
470                         /* Unaligned access */
471                         b43_shm_control_word(dev, routing, offset >> 2);
472                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
473                         return;
474                 }
475                 offset >>= 2;
476         }
477         b43_shm_control_word(dev, routing, offset);
478         b43_write16(dev, B43_MMIO_SHM_DATA, value);
479 }
480
481 /* Read HostFlags */
482 u64 b43_hf_read(struct b43_wldev *dev)
483 {
484         u64 ret;
485
486         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
487         ret <<= 16;
488         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
489         ret <<= 16;
490         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
491
492         return ret;
493 }
494
495 /* Write HostFlags */
496 void b43_hf_write(struct b43_wldev *dev, u64 value)
497 {
498         u16 lo, mi, hi;
499
500         lo = (value & 0x00000000FFFFULL);
501         mi = (value & 0x0000FFFF0000ULL) >> 16;
502         hi = (value & 0xFFFF00000000ULL) >> 32;
503         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
504         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
505         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
506 }
507
508 /* Read the firmware capabilities bitmask (Opensource firmware only) */
509 static u16 b43_fwcapa_read(struct b43_wldev *dev)
510 {
511         B43_WARN_ON(!dev->fw.opensource);
512         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
513 }
514
515 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
516 {
517         u32 low, high;
518
519         B43_WARN_ON(dev->dev->id.revision < 3);
520
521         /* The hardware guarantees us an atomic read, if we
522          * read the low register first. */
523         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
524         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
525
526         *tsf = high;
527         *tsf <<= 32;
528         *tsf |= low;
529 }
530
531 static void b43_time_lock(struct b43_wldev *dev)
532 {
533         u32 macctl;
534
535         macctl = b43_read32(dev, B43_MMIO_MACCTL);
536         macctl |= B43_MACCTL_TBTTHOLD;
537         b43_write32(dev, B43_MMIO_MACCTL, macctl);
538         /* Commit the write */
539         b43_read32(dev, B43_MMIO_MACCTL);
540 }
541
542 static void b43_time_unlock(struct b43_wldev *dev)
543 {
544         u32 macctl;
545
546         macctl = b43_read32(dev, B43_MMIO_MACCTL);
547         macctl &= ~B43_MACCTL_TBTTHOLD;
548         b43_write32(dev, B43_MMIO_MACCTL, macctl);
549         /* Commit the write */
550         b43_read32(dev, B43_MMIO_MACCTL);
551 }
552
553 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
554 {
555         u32 low, high;
556
557         B43_WARN_ON(dev->dev->id.revision < 3);
558
559         low = tsf;
560         high = (tsf >> 32);
561         /* The hardware guarantees us an atomic write, if we
562          * write the low register first. */
563         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
564         mmiowb();
565         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
566         mmiowb();
567 }
568
569 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
570 {
571         b43_time_lock(dev);
572         b43_tsf_write_locked(dev, tsf);
573         b43_time_unlock(dev);
574 }
575
576 static
577 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
578 {
579         static const u8 zero_addr[ETH_ALEN] = { 0 };
580         u16 data;
581
582         if (!mac)
583                 mac = zero_addr;
584
585         offset |= 0x0020;
586         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
587
588         data = mac[0];
589         data |= mac[1] << 8;
590         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
591         data = mac[2];
592         data |= mac[3] << 8;
593         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
594         data = mac[4];
595         data |= mac[5] << 8;
596         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
597 }
598
599 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
600 {
601         const u8 *mac;
602         const u8 *bssid;
603         u8 mac_bssid[ETH_ALEN * 2];
604         int i;
605         u32 tmp;
606
607         bssid = dev->wl->bssid;
608         mac = dev->wl->mac_addr;
609
610         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
611
612         memcpy(mac_bssid, mac, ETH_ALEN);
613         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
614
615         /* Write our MAC address and BSSID to template ram */
616         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
617                 tmp = (u32) (mac_bssid[i + 0]);
618                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
619                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
620                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
621                 b43_ram_write(dev, 0x20 + i, tmp);
622         }
623 }
624
625 static void b43_upload_card_macaddress(struct b43_wldev *dev)
626 {
627         b43_write_mac_bssid_templates(dev);
628         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
629 }
630
631 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
632 {
633         /* slot_time is in usec. */
634         if (dev->phy.type != B43_PHYTYPE_G)
635                 return;
636         b43_write16(dev, 0x684, 510 + slot_time);
637         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
638 }
639
640 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
641 {
642         b43_set_slot_time(dev, 9);
643 }
644
645 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
646 {
647         b43_set_slot_time(dev, 20);
648 }
649
650 /* DummyTransmission function, as documented on
651  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
652  */
653 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
654 {
655         struct b43_phy *phy = &dev->phy;
656         unsigned int i, max_loop;
657         u16 value;
658         u32 buffer[5] = {
659                 0x00000000,
660                 0x00D40000,
661                 0x00000000,
662                 0x01000000,
663                 0x00000000,
664         };
665
666         if (ofdm) {
667                 max_loop = 0x1E;
668                 buffer[0] = 0x000201CC;
669         } else {
670                 max_loop = 0xFA;
671                 buffer[0] = 0x000B846E;
672         }
673
674         for (i = 0; i < 5; i++)
675                 b43_ram_write(dev, i * 4, buffer[i]);
676
677         b43_write16(dev, 0x0568, 0x0000);
678         if (dev->dev->id.revision < 11)
679                 b43_write16(dev, 0x07C0, 0x0000);
680         else
681                 b43_write16(dev, 0x07C0, 0x0100);
682         value = (ofdm ? 0x41 : 0x40);
683         b43_write16(dev, 0x050C, value);
684         if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
685                 b43_write16(dev, 0x0514, 0x1A02);
686         b43_write16(dev, 0x0508, 0x0000);
687         b43_write16(dev, 0x050A, 0x0000);
688         b43_write16(dev, 0x054C, 0x0000);
689         b43_write16(dev, 0x056A, 0x0014);
690         b43_write16(dev, 0x0568, 0x0826);
691         b43_write16(dev, 0x0500, 0x0000);
692         if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
693                 //SPEC TODO
694         }
695
696         switch (phy->type) {
697         case B43_PHYTYPE_N:
698                 b43_write16(dev, 0x0502, 0x00D0);
699                 break;
700         case B43_PHYTYPE_LP:
701                 b43_write16(dev, 0x0502, 0x0050);
702                 break;
703         default:
704                 b43_write16(dev, 0x0502, 0x0030);
705         }
706
707         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
708                 b43_radio_write16(dev, 0x0051, 0x0017);
709         for (i = 0x00; i < max_loop; i++) {
710                 value = b43_read16(dev, 0x050E);
711                 if (value & 0x0080)
712                         break;
713                 udelay(10);
714         }
715         for (i = 0x00; i < 0x0A; i++) {
716                 value = b43_read16(dev, 0x050E);
717                 if (value & 0x0400)
718                         break;
719                 udelay(10);
720         }
721         for (i = 0x00; i < 0x19; i++) {
722                 value = b43_read16(dev, 0x0690);
723                 if (!(value & 0x0100))
724                         break;
725                 udelay(10);
726         }
727         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
728                 b43_radio_write16(dev, 0x0051, 0x0037);
729 }
730
731 static void key_write(struct b43_wldev *dev,
732                       u8 index, u8 algorithm, const u8 *key)
733 {
734         unsigned int i;
735         u32 offset;
736         u16 value;
737         u16 kidx;
738
739         /* Key index/algo block */
740         kidx = b43_kidx_to_fw(dev, index);
741         value = ((kidx << 4) | algorithm);
742         b43_shm_write16(dev, B43_SHM_SHARED,
743                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
744
745         /* Write the key to the Key Table Pointer offset */
746         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
747         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
748                 value = key[i];
749                 value |= (u16) (key[i + 1]) << 8;
750                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
751         }
752 }
753
754 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
755 {
756         u32 addrtmp[2] = { 0, 0, };
757         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
758
759         if (b43_new_kidx_api(dev))
760                 pairwise_keys_start = B43_NR_GROUP_KEYS;
761
762         B43_WARN_ON(index < pairwise_keys_start);
763         /* We have four default TX keys and possibly four default RX keys.
764          * Physical mac 0 is mapped to physical key 4 or 8, depending
765          * on the firmware version.
766          * So we must adjust the index here.
767          */
768         index -= pairwise_keys_start;
769         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
770
771         if (addr) {
772                 addrtmp[0] = addr[0];
773                 addrtmp[0] |= ((u32) (addr[1]) << 8);
774                 addrtmp[0] |= ((u32) (addr[2]) << 16);
775                 addrtmp[0] |= ((u32) (addr[3]) << 24);
776                 addrtmp[1] = addr[4];
777                 addrtmp[1] |= ((u32) (addr[5]) << 8);
778         }
779
780         /* Receive match transmitter address (RCMTA) mechanism */
781         b43_shm_write32(dev, B43_SHM_RCMTA,
782                         (index * 2) + 0, addrtmp[0]);
783         b43_shm_write16(dev, B43_SHM_RCMTA,
784                         (index * 2) + 1, addrtmp[1]);
785 }
786
787 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
788  * When a packet is received, the iv32 is checked.
789  * - if it doesn't the packet is returned without modification (and software
790  *   decryption can be done). That's what happen when iv16 wrap.
791  * - if it does, the rc4 key is computed, and decryption is tried.
792  *   Either it will success and B43_RX_MAC_DEC is returned,
793  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
794  *   and the packet is not usable (it got modified by the ucode).
795  * So in order to never have B43_RX_MAC_DECERR, we should provide
796  * a iv32 and phase1key that match. Because we drop packets in case of
797  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
798  * packets will be lost without higher layer knowing (ie no resync possible
799  * until next wrap).
800  *
801  * NOTE : this should support 50 key like RCMTA because
802  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
803  */
804 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
805                 u16 *phase1key)
806 {
807         unsigned int i;
808         u32 offset;
809         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
810
811         if (!modparam_hwtkip)
812                 return;
813
814         if (b43_new_kidx_api(dev))
815                 pairwise_keys_start = B43_NR_GROUP_KEYS;
816
817         B43_WARN_ON(index < pairwise_keys_start);
818         /* We have four default TX keys and possibly four default RX keys.
819          * Physical mac 0 is mapped to physical key 4 or 8, depending
820          * on the firmware version.
821          * So we must adjust the index here.
822          */
823         index -= pairwise_keys_start;
824         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
825
826         if (b43_debug(dev, B43_DBG_KEYS)) {
827                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
828                                 index, iv32);
829         }
830         /* Write the key to the  RX tkip shared mem */
831         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
832         for (i = 0; i < 10; i += 2) {
833                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
834                                 phase1key ? phase1key[i / 2] : 0);
835         }
836         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
837         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
838 }
839
840 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
841                         struct ieee80211_key_conf *keyconf, const u8 *addr,
842                         u32 iv32, u16 *phase1key)
843 {
844         struct b43_wl *wl = hw_to_b43_wl(hw);
845         struct b43_wldev *dev;
846         int index = keyconf->hw_key_idx;
847
848         if (B43_WARN_ON(!modparam_hwtkip))
849                 return;
850
851         mutex_lock(&wl->mutex);
852
853         dev = wl->current_dev;
854         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
855                 goto out_unlock;
856
857         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
858
859         rx_tkip_phase1_write(dev, index, iv32, phase1key);
860         keymac_write(dev, index, addr);
861
862 out_unlock:
863         mutex_unlock(&wl->mutex);
864 }
865
866 static void do_key_write(struct b43_wldev *dev,
867                          u8 index, u8 algorithm,
868                          const u8 *key, size_t key_len, const u8 *mac_addr)
869 {
870         u8 buf[B43_SEC_KEYSIZE] = { 0, };
871         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
872
873         if (b43_new_kidx_api(dev))
874                 pairwise_keys_start = B43_NR_GROUP_KEYS;
875
876         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
877         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
878
879         if (index >= pairwise_keys_start)
880                 keymac_write(dev, index, NULL); /* First zero out mac. */
881         if (algorithm == B43_SEC_ALGO_TKIP) {
882                 /*
883                  * We should provide an initial iv32, phase1key pair.
884                  * We could start with iv32=0 and compute the corresponding
885                  * phase1key, but this means calling ieee80211_get_tkip_key
886                  * with a fake skb (or export other tkip function).
887                  * Because we are lazy we hope iv32 won't start with
888                  * 0xffffffff and let's b43_op_update_tkip_key provide a
889                  * correct pair.
890                  */
891                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
892         } else if (index >= pairwise_keys_start) /* clear it */
893                 rx_tkip_phase1_write(dev, index, 0, NULL);
894         if (key)
895                 memcpy(buf, key, key_len);
896         key_write(dev, index, algorithm, buf);
897         if (index >= pairwise_keys_start)
898                 keymac_write(dev, index, mac_addr);
899
900         dev->key[index].algorithm = algorithm;
901 }
902
903 static int b43_key_write(struct b43_wldev *dev,
904                          int index, u8 algorithm,
905                          const u8 *key, size_t key_len,
906                          const u8 *mac_addr,
907                          struct ieee80211_key_conf *keyconf)
908 {
909         int i;
910         int pairwise_keys_start;
911
912         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
913          *      - Temporal Encryption Key (128 bits)
914          *      - Temporal Authenticator Tx MIC Key (64 bits)
915          *      - Temporal Authenticator Rx MIC Key (64 bits)
916          *
917          *      Hardware only store TEK
918          */
919         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
920                 key_len = 16;
921         if (key_len > B43_SEC_KEYSIZE)
922                 return -EINVAL;
923         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
924                 /* Check that we don't already have this key. */
925                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
926         }
927         if (index < 0) {
928                 /* Pairwise key. Get an empty slot for the key. */
929                 if (b43_new_kidx_api(dev))
930                         pairwise_keys_start = B43_NR_GROUP_KEYS;
931                 else
932                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
933                 for (i = pairwise_keys_start;
934                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
935                      i++) {
936                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
937                         if (!dev->key[i].keyconf) {
938                                 /* found empty */
939                                 index = i;
940                                 break;
941                         }
942                 }
943                 if (index < 0) {
944                         b43warn(dev->wl, "Out of hardware key memory\n");
945                         return -ENOSPC;
946                 }
947         } else
948                 B43_WARN_ON(index > 3);
949
950         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
951         if ((index <= 3) && !b43_new_kidx_api(dev)) {
952                 /* Default RX key */
953                 B43_WARN_ON(mac_addr);
954                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
955         }
956         keyconf->hw_key_idx = index;
957         dev->key[index].keyconf = keyconf;
958
959         return 0;
960 }
961
962 static int b43_key_clear(struct b43_wldev *dev, int index)
963 {
964         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
965                 return -EINVAL;
966         do_key_write(dev, index, B43_SEC_ALGO_NONE,
967                      NULL, B43_SEC_KEYSIZE, NULL);
968         if ((index <= 3) && !b43_new_kidx_api(dev)) {
969                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
970                              NULL, B43_SEC_KEYSIZE, NULL);
971         }
972         dev->key[index].keyconf = NULL;
973
974         return 0;
975 }
976
977 static void b43_clear_keys(struct b43_wldev *dev)
978 {
979         int i, count;
980
981         if (b43_new_kidx_api(dev))
982                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
983         else
984                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
985         for (i = 0; i < count; i++)
986                 b43_key_clear(dev, i);
987 }
988
989 static void b43_dump_keymemory(struct b43_wldev *dev)
990 {
991         unsigned int i, index, count, offset, pairwise_keys_start;
992         u8 mac[ETH_ALEN];
993         u16 algo;
994         u32 rcmta0;
995         u16 rcmta1;
996         u64 hf;
997         struct b43_key *key;
998
999         if (!b43_debug(dev, B43_DBG_KEYS))
1000                 return;
1001
1002         hf = b43_hf_read(dev);
1003         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1004                !!(hf & B43_HF_USEDEFKEYS));
1005         if (b43_new_kidx_api(dev)) {
1006                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1007                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1008         } else {
1009                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1010                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1011         }
1012         for (index = 0; index < count; index++) {
1013                 key = &(dev->key[index]);
1014                 printk(KERN_DEBUG "Key slot %02u: %s",
1015                        index, (key->keyconf == NULL) ? " " : "*");
1016                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1017                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1018                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1019                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1020                 }
1021
1022                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1023                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1024                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1025
1026                 if (index >= pairwise_keys_start) {
1027                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1028                                 printk("   TKIP: ");
1029                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1030                                 for (i = 0; i < 14; i += 2) {
1031                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1032                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1033                                 }
1034                         }
1035                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1036                                                 ((index - pairwise_keys_start) * 2) + 0);
1037                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1038                                                 ((index - pairwise_keys_start) * 2) + 1);
1039                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1040                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1041                         printk("   MAC: %pM", mac);
1042                 } else
1043                         printk("   DEFAULT KEY");
1044                 printk("\n");
1045         }
1046 }
1047
1048 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1049 {
1050         u32 macctl;
1051         u16 ucstat;
1052         bool hwps;
1053         bool awake;
1054         int i;
1055
1056         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1057                     (ps_flags & B43_PS_DISABLED));
1058         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1059
1060         if (ps_flags & B43_PS_ENABLED) {
1061                 hwps = 1;
1062         } else if (ps_flags & B43_PS_DISABLED) {
1063                 hwps = 0;
1064         } else {
1065                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1066                 //      and thus is not an AP and we are associated, set bit 25
1067         }
1068         if (ps_flags & B43_PS_AWAKE) {
1069                 awake = 1;
1070         } else if (ps_flags & B43_PS_ASLEEP) {
1071                 awake = 0;
1072         } else {
1073                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1074                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1075                 //      successful, set bit26
1076         }
1077
1078 /* FIXME: For now we force awake-on and hwps-off */
1079         hwps = 0;
1080         awake = 1;
1081
1082         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1083         if (hwps)
1084                 macctl |= B43_MACCTL_HWPS;
1085         else
1086                 macctl &= ~B43_MACCTL_HWPS;
1087         if (awake)
1088                 macctl |= B43_MACCTL_AWAKE;
1089         else
1090                 macctl &= ~B43_MACCTL_AWAKE;
1091         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1092         /* Commit write */
1093         b43_read32(dev, B43_MMIO_MACCTL);
1094         if (awake && dev->dev->id.revision >= 5) {
1095                 /* Wait for the microcode to wake up. */
1096                 for (i = 0; i < 100; i++) {
1097                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1098                                                 B43_SHM_SH_UCODESTAT);
1099                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1100                                 break;
1101                         udelay(10);
1102                 }
1103         }
1104 }
1105
1106 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1107 {
1108         u32 tmslow;
1109         u32 macctl;
1110
1111         flags |= B43_TMSLOW_PHYCLKEN;
1112         flags |= B43_TMSLOW_PHYRESET;
1113         ssb_device_enable(dev->dev, flags);
1114         msleep(2);              /* Wait for the PLL to turn on. */
1115
1116         /* Now take the PHY out of Reset again */
1117         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1118         tmslow |= SSB_TMSLOW_FGC;
1119         tmslow &= ~B43_TMSLOW_PHYRESET;
1120         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1121         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1122         msleep(1);
1123         tmslow &= ~SSB_TMSLOW_FGC;
1124         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1125         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1126         msleep(1);
1127
1128         /* Turn Analog ON, but only if we already know the PHY-type.
1129          * This protects against very early setup where we don't know the
1130          * PHY-type, yet. wireless_core_reset will be called once again later,
1131          * when we know the PHY-type. */
1132         if (dev->phy.ops)
1133                 dev->phy.ops->switch_analog(dev, 1);
1134
1135         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1136         macctl &= ~B43_MACCTL_GMODE;
1137         if (flags & B43_TMSLOW_GMODE)
1138                 macctl |= B43_MACCTL_GMODE;
1139         macctl |= B43_MACCTL_IHR_ENABLED;
1140         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1141 }
1142
1143 static void handle_irq_transmit_status(struct b43_wldev *dev)
1144 {
1145         u32 v0, v1;
1146         u16 tmp;
1147         struct b43_txstatus stat;
1148
1149         while (1) {
1150                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1151                 if (!(v0 & 0x00000001))
1152                         break;
1153                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1154
1155                 stat.cookie = (v0 >> 16);
1156                 stat.seq = (v1 & 0x0000FFFF);
1157                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1158                 tmp = (v0 & 0x0000FFFF);
1159                 stat.frame_count = ((tmp & 0xF000) >> 12);
1160                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1161                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1162                 stat.pm_indicated = !!(tmp & 0x0080);
1163                 stat.intermediate = !!(tmp & 0x0040);
1164                 stat.for_ampdu = !!(tmp & 0x0020);
1165                 stat.acked = !!(tmp & 0x0002);
1166
1167                 b43_handle_txstatus(dev, &stat);
1168         }
1169 }
1170
1171 static void drain_txstatus_queue(struct b43_wldev *dev)
1172 {
1173         u32 dummy;
1174
1175         if (dev->dev->id.revision < 5)
1176                 return;
1177         /* Read all entries from the microcode TXstatus FIFO
1178          * and throw them away.
1179          */
1180         while (1) {
1181                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1182                 if (!(dummy & 0x00000001))
1183                         break;
1184                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1185         }
1186 }
1187
1188 static u32 b43_jssi_read(struct b43_wldev *dev)
1189 {
1190         u32 val = 0;
1191
1192         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1193         val <<= 16;
1194         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1195
1196         return val;
1197 }
1198
1199 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1200 {
1201         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1202         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1203 }
1204
1205 static void b43_generate_noise_sample(struct b43_wldev *dev)
1206 {
1207         b43_jssi_write(dev, 0x7F7F7F7F);
1208         b43_write32(dev, B43_MMIO_MACCMD,
1209                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1210 }
1211
1212 static void b43_calculate_link_quality(struct b43_wldev *dev)
1213 {
1214         /* Top half of Link Quality calculation. */
1215
1216         if (dev->phy.type != B43_PHYTYPE_G)
1217                 return;
1218         if (dev->noisecalc.calculation_running)
1219                 return;
1220         dev->noisecalc.calculation_running = 1;
1221         dev->noisecalc.nr_samples = 0;
1222
1223         b43_generate_noise_sample(dev);
1224 }
1225
1226 static void handle_irq_noise(struct b43_wldev *dev)
1227 {
1228         struct b43_phy_g *phy = dev->phy.g;
1229         u16 tmp;
1230         u8 noise[4];
1231         u8 i, j;
1232         s32 average;
1233
1234         /* Bottom half of Link Quality calculation. */
1235
1236         if (dev->phy.type != B43_PHYTYPE_G)
1237                 return;
1238
1239         /* Possible race condition: It might be possible that the user
1240          * changed to a different channel in the meantime since we
1241          * started the calculation. We ignore that fact, since it's
1242          * not really that much of a problem. The background noise is
1243          * an estimation only anyway. Slightly wrong results will get damped
1244          * by the averaging of the 8 sample rounds. Additionally the
1245          * value is shortlived. So it will be replaced by the next noise
1246          * calculation round soon. */
1247
1248         B43_WARN_ON(!dev->noisecalc.calculation_running);
1249         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1250         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1251             noise[2] == 0x7F || noise[3] == 0x7F)
1252                 goto generate_new;
1253
1254         /* Get the noise samples. */
1255         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1256         i = dev->noisecalc.nr_samples;
1257         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1258         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1259         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1260         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1261         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1262         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1263         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1264         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1265         dev->noisecalc.nr_samples++;
1266         if (dev->noisecalc.nr_samples == 8) {
1267                 /* Calculate the Link Quality by the noise samples. */
1268                 average = 0;
1269                 for (i = 0; i < 8; i++) {
1270                         for (j = 0; j < 4; j++)
1271                                 average += dev->noisecalc.samples[i][j];
1272                 }
1273                 average /= (8 * 4);
1274                 average *= 125;
1275                 average += 64;
1276                 average /= 128;
1277                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1278                 tmp = (tmp / 128) & 0x1F;
1279                 if (tmp >= 8)
1280                         average += 2;
1281                 else
1282                         average -= 25;
1283                 if (tmp == 8)
1284                         average -= 72;
1285                 else
1286                         average -= 48;
1287
1288                 dev->stats.link_noise = average;
1289                 dev->noisecalc.calculation_running = 0;
1290                 return;
1291         }
1292 generate_new:
1293         b43_generate_noise_sample(dev);
1294 }
1295
1296 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1297 {
1298         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1299                 ///TODO: PS TBTT
1300         } else {
1301                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1302                         b43_power_saving_ctl_bits(dev, 0);
1303         }
1304         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1305                 dev->dfq_valid = 1;
1306 }
1307
1308 static void handle_irq_atim_end(struct b43_wldev *dev)
1309 {
1310         if (dev->dfq_valid) {
1311                 b43_write32(dev, B43_MMIO_MACCMD,
1312                             b43_read32(dev, B43_MMIO_MACCMD)
1313                             | B43_MACCMD_DFQ_VALID);
1314                 dev->dfq_valid = 0;
1315         }
1316 }
1317
1318 static void handle_irq_pmq(struct b43_wldev *dev)
1319 {
1320         u32 tmp;
1321
1322         //TODO: AP mode.
1323
1324         while (1) {
1325                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1326                 if (!(tmp & 0x00000008))
1327                         break;
1328         }
1329         /* 16bit write is odd, but correct. */
1330         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1331 }
1332
1333 static void b43_write_template_common(struct b43_wldev *dev,
1334                                       const u8 *data, u16 size,
1335                                       u16 ram_offset,
1336                                       u16 shm_size_offset, u8 rate)
1337 {
1338         u32 i, tmp;
1339         struct b43_plcp_hdr4 plcp;
1340
1341         plcp.data = 0;
1342         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1343         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1344         ram_offset += sizeof(u32);
1345         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1346          * So leave the first two bytes of the next write blank.
1347          */
1348         tmp = (u32) (data[0]) << 16;
1349         tmp |= (u32) (data[1]) << 24;
1350         b43_ram_write(dev, ram_offset, tmp);
1351         ram_offset += sizeof(u32);
1352         for (i = 2; i < size; i += sizeof(u32)) {
1353                 tmp = (u32) (data[i + 0]);
1354                 if (i + 1 < size)
1355                         tmp |= (u32) (data[i + 1]) << 8;
1356                 if (i + 2 < size)
1357                         tmp |= (u32) (data[i + 2]) << 16;
1358                 if (i + 3 < size)
1359                         tmp |= (u32) (data[i + 3]) << 24;
1360                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1361         }
1362         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1363                         size + sizeof(struct b43_plcp_hdr6));
1364 }
1365
1366 /* Check if the use of the antenna that ieee80211 told us to
1367  * use is possible. This will fall back to DEFAULT.
1368  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1369 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1370                                   u8 antenna_nr)
1371 {
1372         u8 antenna_mask;
1373
1374         if (antenna_nr == 0) {
1375                 /* Zero means "use default antenna". That's always OK. */
1376                 return 0;
1377         }
1378
1379         /* Get the mask of available antennas. */
1380         if (dev->phy.gmode)
1381                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1382         else
1383                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1384
1385         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1386                 /* This antenna is not available. Fall back to default. */
1387                 return 0;
1388         }
1389
1390         return antenna_nr;
1391 }
1392
1393 /* Convert a b43 antenna number value to the PHY TX control value. */
1394 static u16 b43_antenna_to_phyctl(int antenna)
1395 {
1396         switch (antenna) {
1397         case B43_ANTENNA0:
1398                 return B43_TXH_PHY_ANT0;
1399         case B43_ANTENNA1:
1400                 return B43_TXH_PHY_ANT1;
1401         case B43_ANTENNA2:
1402                 return B43_TXH_PHY_ANT2;
1403         case B43_ANTENNA3:
1404                 return B43_TXH_PHY_ANT3;
1405         case B43_ANTENNA_AUTO0:
1406         case B43_ANTENNA_AUTO1:
1407                 return B43_TXH_PHY_ANT01AUTO;
1408         }
1409         B43_WARN_ON(1);
1410         return 0;
1411 }
1412
1413 static void b43_write_beacon_template(struct b43_wldev *dev,
1414                                       u16 ram_offset,
1415                                       u16 shm_size_offset)
1416 {
1417         unsigned int i, len, variable_len;
1418         const struct ieee80211_mgmt *bcn;
1419         const u8 *ie;
1420         bool tim_found = 0;
1421         unsigned int rate;
1422         u16 ctl;
1423         int antenna;
1424         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1425
1426         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1427         len = min((size_t) dev->wl->current_beacon->len,
1428                   0x200 - sizeof(struct b43_plcp_hdr6));
1429         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1430
1431         b43_write_template_common(dev, (const u8 *)bcn,
1432                                   len, ram_offset, shm_size_offset, rate);
1433
1434         /* Write the PHY TX control parameters. */
1435         antenna = B43_ANTENNA_DEFAULT;
1436         antenna = b43_antenna_to_phyctl(antenna);
1437         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1438         /* We can't send beacons with short preamble. Would get PHY errors. */
1439         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1440         ctl &= ~B43_TXH_PHY_ANT;
1441         ctl &= ~B43_TXH_PHY_ENC;
1442         ctl |= antenna;
1443         if (b43_is_cck_rate(rate))
1444                 ctl |= B43_TXH_PHY_ENC_CCK;
1445         else
1446                 ctl |= B43_TXH_PHY_ENC_OFDM;
1447         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1448
1449         /* Find the position of the TIM and the DTIM_period value
1450          * and write them to SHM. */
1451         ie = bcn->u.beacon.variable;
1452         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1453         for (i = 0; i < variable_len - 2; ) {
1454                 uint8_t ie_id, ie_len;
1455
1456                 ie_id = ie[i];
1457                 ie_len = ie[i + 1];
1458                 if (ie_id == 5) {
1459                         u16 tim_position;
1460                         u16 dtim_period;
1461                         /* This is the TIM Information Element */
1462
1463                         /* Check whether the ie_len is in the beacon data range. */
1464                         if (variable_len < ie_len + 2 + i)
1465                                 break;
1466                         /* A valid TIM is at least 4 bytes long. */
1467                         if (ie_len < 4)
1468                                 break;
1469                         tim_found = 1;
1470
1471                         tim_position = sizeof(struct b43_plcp_hdr6);
1472                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1473                         tim_position += i;
1474
1475                         dtim_period = ie[i + 3];
1476
1477                         b43_shm_write16(dev, B43_SHM_SHARED,
1478                                         B43_SHM_SH_TIMBPOS, tim_position);
1479                         b43_shm_write16(dev, B43_SHM_SHARED,
1480                                         B43_SHM_SH_DTIMPER, dtim_period);
1481                         break;
1482                 }
1483                 i += ie_len + 2;
1484         }
1485         if (!tim_found) {
1486                 /*
1487                  * If ucode wants to modify TIM do it behind the beacon, this
1488                  * will happen, for example, when doing mesh networking.
1489                  */
1490                 b43_shm_write16(dev, B43_SHM_SHARED,
1491                                 B43_SHM_SH_TIMBPOS,
1492                                 len + sizeof(struct b43_plcp_hdr6));
1493                 b43_shm_write16(dev, B43_SHM_SHARED,
1494                                 B43_SHM_SH_DTIMPER, 0);
1495         }
1496         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1497 }
1498
1499 static void b43_upload_beacon0(struct b43_wldev *dev)
1500 {
1501         struct b43_wl *wl = dev->wl;
1502
1503         if (wl->beacon0_uploaded)
1504                 return;
1505         b43_write_beacon_template(dev, 0x68, 0x18);
1506         wl->beacon0_uploaded = 1;
1507 }
1508
1509 static void b43_upload_beacon1(struct b43_wldev *dev)
1510 {
1511         struct b43_wl *wl = dev->wl;
1512
1513         if (wl->beacon1_uploaded)
1514                 return;
1515         b43_write_beacon_template(dev, 0x468, 0x1A);
1516         wl->beacon1_uploaded = 1;
1517 }
1518
1519 static void handle_irq_beacon(struct b43_wldev *dev)
1520 {
1521         struct b43_wl *wl = dev->wl;
1522         u32 cmd, beacon0_valid, beacon1_valid;
1523
1524         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1525             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1526                 return;
1527
1528         /* This is the bottom half of the asynchronous beacon update. */
1529
1530         /* Ignore interrupt in the future. */
1531         dev->irq_mask &= ~B43_IRQ_BEACON;
1532
1533         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1534         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1535         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1536
1537         /* Schedule interrupt manually, if busy. */
1538         if (beacon0_valid && beacon1_valid) {
1539                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1540                 dev->irq_mask |= B43_IRQ_BEACON;
1541                 return;
1542         }
1543
1544         if (unlikely(wl->beacon_templates_virgin)) {
1545                 /* We never uploaded a beacon before.
1546                  * Upload both templates now, but only mark one valid. */
1547                 wl->beacon_templates_virgin = 0;
1548                 b43_upload_beacon0(dev);
1549                 b43_upload_beacon1(dev);
1550                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1551                 cmd |= B43_MACCMD_BEACON0_VALID;
1552                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1553         } else {
1554                 if (!beacon0_valid) {
1555                         b43_upload_beacon0(dev);
1556                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1557                         cmd |= B43_MACCMD_BEACON0_VALID;
1558                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1559                 } else if (!beacon1_valid) {
1560                         b43_upload_beacon1(dev);
1561                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1562                         cmd |= B43_MACCMD_BEACON1_VALID;
1563                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1564                 }
1565         }
1566 }
1567
1568 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1569 {
1570         u32 old_irq_mask = dev->irq_mask;
1571
1572         /* update beacon right away or defer to irq */
1573         handle_irq_beacon(dev);
1574         if (old_irq_mask != dev->irq_mask) {
1575                 /* The handler updated the IRQ mask. */
1576                 B43_WARN_ON(!dev->irq_mask);
1577                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1578                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1579                 } else {
1580                         /* Device interrupts are currently disabled. That means
1581                          * we just ran the hardirq handler and scheduled the
1582                          * IRQ thread. The thread will write the IRQ mask when
1583                          * it finished, so there's nothing to do here. Writing
1584                          * the mask _here_ would incorrectly re-enable IRQs. */
1585                 }
1586         }
1587 }
1588
1589 static void b43_beacon_update_trigger_work(struct work_struct *work)
1590 {
1591         struct b43_wl *wl = container_of(work, struct b43_wl,
1592                                          beacon_update_trigger);
1593         struct b43_wldev *dev;
1594
1595         mutex_lock(&wl->mutex);
1596         dev = wl->current_dev;
1597         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1598                 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
1599                         /* wl->mutex is enough. */
1600                         b43_do_beacon_update_trigger_work(dev);
1601                         mmiowb();
1602                 } else {
1603                         spin_lock_irq(&wl->hardirq_lock);
1604                         b43_do_beacon_update_trigger_work(dev);
1605                         mmiowb();
1606                         spin_unlock_irq(&wl->hardirq_lock);
1607                 }
1608         }
1609         mutex_unlock(&wl->mutex);
1610 }
1611
1612 /* Asynchronously update the packet templates in template RAM.
1613  * Locking: Requires wl->mutex to be locked. */
1614 static void b43_update_templates(struct b43_wl *wl)
1615 {
1616         struct sk_buff *beacon;
1617
1618         /* This is the top half of the ansynchronous beacon update.
1619          * The bottom half is the beacon IRQ.
1620          * Beacon update must be asynchronous to avoid sending an
1621          * invalid beacon. This can happen for example, if the firmware
1622          * transmits a beacon while we are updating it. */
1623
1624         /* We could modify the existing beacon and set the aid bit in
1625          * the TIM field, but that would probably require resizing and
1626          * moving of data within the beacon template.
1627          * Simply request a new beacon and let mac80211 do the hard work. */
1628         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1629         if (unlikely(!beacon))
1630                 return;
1631
1632         if (wl->current_beacon)
1633                 dev_kfree_skb_any(wl->current_beacon);
1634         wl->current_beacon = beacon;
1635         wl->beacon0_uploaded = 0;
1636         wl->beacon1_uploaded = 0;
1637         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1638 }
1639
1640 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1641 {
1642         b43_time_lock(dev);
1643         if (dev->dev->id.revision >= 3) {
1644                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1645                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1646         } else {
1647                 b43_write16(dev, 0x606, (beacon_int >> 6));
1648                 b43_write16(dev, 0x610, beacon_int);
1649         }
1650         b43_time_unlock(dev);
1651         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1652 }
1653
1654 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1655 {
1656         u16 reason;
1657
1658         /* Read the register that contains the reason code for the panic. */
1659         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1660         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1661
1662         switch (reason) {
1663         default:
1664                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1665                 /* fallthrough */
1666         case B43_FWPANIC_DIE:
1667                 /* Do not restart the controller or firmware.
1668                  * The device is nonfunctional from now on.
1669                  * Restarting would result in this panic to trigger again,
1670                  * so we avoid that recursion. */
1671                 break;
1672         case B43_FWPANIC_RESTART:
1673                 b43_controller_restart(dev, "Microcode panic");
1674                 break;
1675         }
1676 }
1677
1678 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1679 {
1680         unsigned int i, cnt;
1681         u16 reason, marker_id, marker_line;
1682         __le16 *buf;
1683
1684         /* The proprietary firmware doesn't have this IRQ. */
1685         if (!dev->fw.opensource)
1686                 return;
1687
1688         /* Read the register that contains the reason code for this IRQ. */
1689         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1690
1691         switch (reason) {
1692         case B43_DEBUGIRQ_PANIC:
1693                 b43_handle_firmware_panic(dev);
1694                 break;
1695         case B43_DEBUGIRQ_DUMP_SHM:
1696                 if (!B43_DEBUG)
1697                         break; /* Only with driver debugging enabled. */
1698                 buf = kmalloc(4096, GFP_ATOMIC);
1699                 if (!buf) {
1700                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1701                         goto out;
1702                 }
1703                 for (i = 0; i < 4096; i += 2) {
1704                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1705                         buf[i / 2] = cpu_to_le16(tmp);
1706                 }
1707                 b43info(dev->wl, "Shared memory dump:\n");
1708                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1709                                16, 2, buf, 4096, 1);
1710                 kfree(buf);
1711                 break;
1712         case B43_DEBUGIRQ_DUMP_REGS:
1713                 if (!B43_DEBUG)
1714                         break; /* Only with driver debugging enabled. */
1715                 b43info(dev->wl, "Microcode register dump:\n");
1716                 for (i = 0, cnt = 0; i < 64; i++) {
1717                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1718                         if (cnt == 0)
1719                                 printk(KERN_INFO);
1720                         printk("r%02u: 0x%04X  ", i, tmp);
1721                         cnt++;
1722                         if (cnt == 6) {
1723                                 printk("\n");
1724                                 cnt = 0;
1725                         }
1726                 }
1727                 printk("\n");
1728                 break;
1729         case B43_DEBUGIRQ_MARKER:
1730                 if (!B43_DEBUG)
1731                         break; /* Only with driver debugging enabled. */
1732                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1733                                            B43_MARKER_ID_REG);
1734                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1735                                              B43_MARKER_LINE_REG);
1736                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1737                         "at line number %u\n",
1738                         marker_id, marker_line);
1739                 break;
1740         default:
1741                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1742                        reason);
1743         }
1744 out:
1745         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1746         b43_shm_write16(dev, B43_SHM_SCRATCH,
1747                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1748 }
1749
1750 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1751 {
1752         u32 reason;
1753         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1754         u32 merged_dma_reason = 0;
1755         int i;
1756
1757         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1758                 return;
1759
1760         reason = dev->irq_reason;
1761         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1762                 dma_reason[i] = dev->dma_reason[i];
1763                 merged_dma_reason |= dma_reason[i];
1764         }
1765
1766         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1767                 b43err(dev->wl, "MAC transmission error\n");
1768
1769         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1770                 b43err(dev->wl, "PHY transmission error\n");
1771                 rmb();
1772                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1773                         atomic_set(&dev->phy.txerr_cnt,
1774                                    B43_PHY_TX_BADNESS_LIMIT);
1775                         b43err(dev->wl, "Too many PHY TX errors, "
1776                                         "restarting the controller\n");
1777                         b43_controller_restart(dev, "PHY TX errors");
1778                 }
1779         }
1780
1781         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1782                                           B43_DMAIRQ_NONFATALMASK))) {
1783                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1784                         b43err(dev->wl, "Fatal DMA error: "
1785                                "0x%08X, 0x%08X, 0x%08X, "
1786                                "0x%08X, 0x%08X, 0x%08X\n",
1787                                dma_reason[0], dma_reason[1],
1788                                dma_reason[2], dma_reason[3],
1789                                dma_reason[4], dma_reason[5]);
1790                         b43err(dev->wl, "This device does not support DMA "
1791                                "on your system. Please use PIO instead.\n");
1792                         b43err(dev->wl, "Unload the b43 module and reload "
1793                                "with 'pio=1'\n");
1794                         return;
1795                 }
1796                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1797                         b43err(dev->wl, "DMA error: "
1798                                "0x%08X, 0x%08X, 0x%08X, "
1799                                "0x%08X, 0x%08X, 0x%08X\n",
1800                                dma_reason[0], dma_reason[1],
1801                                dma_reason[2], dma_reason[3],
1802                                dma_reason[4], dma_reason[5]);
1803                 }
1804         }
1805
1806         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1807                 handle_irq_ucode_debug(dev);
1808         if (reason & B43_IRQ_TBTT_INDI)
1809                 handle_irq_tbtt_indication(dev);
1810         if (reason & B43_IRQ_ATIM_END)
1811                 handle_irq_atim_end(dev);
1812         if (reason & B43_IRQ_BEACON)
1813                 handle_irq_beacon(dev);
1814         if (reason & B43_IRQ_PMQ)
1815                 handle_irq_pmq(dev);
1816         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1817                 ;/* TODO */
1818         if (reason & B43_IRQ_NOISESAMPLE_OK)
1819                 handle_irq_noise(dev);
1820
1821         /* Check the DMA reason registers for received data. */
1822         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1823                 if (b43_using_pio_transfers(dev))
1824                         b43_pio_rx(dev->pio.rx_queue);
1825                 else
1826                         b43_dma_rx(dev->dma.rx_ring);
1827         }
1828         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1829         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1830         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1831         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1832         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1833
1834         if (reason & B43_IRQ_TX_OK)
1835                 handle_irq_transmit_status(dev);
1836
1837         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1838         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1839
1840 #if B43_DEBUG
1841         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1842                 dev->irq_count++;
1843                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1844                         if (reason & (1 << i))
1845                                 dev->irq_bit_count[i]++;
1846                 }
1847         }
1848 #endif
1849 }
1850
1851 /* Interrupt thread handler. Handles device interrupts in thread context. */
1852 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1853 {
1854         struct b43_wldev *dev = dev_id;
1855
1856         mutex_lock(&dev->wl->mutex);
1857         b43_do_interrupt_thread(dev);
1858         mmiowb();
1859         mutex_unlock(&dev->wl->mutex);
1860
1861         return IRQ_HANDLED;
1862 }
1863
1864 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1865 {
1866         u32 reason;
1867
1868         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1869          * On SDIO, this runs under wl->mutex. */
1870
1871         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1872         if (reason == 0xffffffff)       /* shared IRQ */
1873                 return IRQ_NONE;
1874         reason &= dev->irq_mask;
1875         if (!reason)
1876                 return IRQ_HANDLED;
1877
1878         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1879             & 0x0001DC00;
1880         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1881             & 0x0000DC00;
1882         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1883             & 0x0000DC00;
1884         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1885             & 0x0001DC00;
1886         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1887             & 0x0000DC00;
1888 /* Unused ring
1889         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1890             & 0x0000DC00;
1891 */
1892
1893         /* ACK the interrupt. */
1894         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1895         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1896         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1897         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1898         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1899         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1900 /* Unused ring
1901         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1902 */
1903
1904         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1905         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1906         /* Save the reason bitmasks for the IRQ thread handler. */
1907         dev->irq_reason = reason;
1908
1909         return IRQ_WAKE_THREAD;
1910 }
1911
1912 /* Interrupt handler top-half. This runs with interrupts disabled. */
1913 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1914 {
1915         struct b43_wldev *dev = dev_id;
1916         irqreturn_t ret;
1917
1918         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1919                 return IRQ_NONE;
1920
1921         spin_lock(&dev->wl->hardirq_lock);
1922         ret = b43_do_interrupt(dev);
1923         mmiowb();
1924         spin_unlock(&dev->wl->hardirq_lock);
1925
1926         return ret;
1927 }
1928
1929 /* SDIO interrupt handler. This runs in process context. */
1930 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
1931 {
1932         struct b43_wl *wl = dev->wl;
1933         irqreturn_t ret;
1934
1935         mutex_lock(&wl->mutex);
1936
1937         ret = b43_do_interrupt(dev);
1938         if (ret == IRQ_WAKE_THREAD)
1939                 b43_do_interrupt_thread(dev);
1940
1941         mutex_unlock(&wl->mutex);
1942 }
1943
1944 void b43_do_release_fw(struct b43_firmware_file *fw)
1945 {
1946         release_firmware(fw->data);
1947         fw->data = NULL;
1948         fw->filename = NULL;
1949 }
1950
1951 static void b43_release_firmware(struct b43_wldev *dev)
1952 {
1953         b43_do_release_fw(&dev->fw.ucode);
1954         b43_do_release_fw(&dev->fw.pcm);
1955         b43_do_release_fw(&dev->fw.initvals);
1956         b43_do_release_fw(&dev->fw.initvals_band);
1957 }
1958
1959 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1960 {
1961         const char text[] =
1962                 "You must go to " \
1963                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1964                 "and download the correct firmware for this driver version. " \
1965                 "Please carefully read all instructions on this website.\n";
1966
1967         if (error)
1968                 b43err(wl, text);
1969         else
1970                 b43warn(wl, text);
1971 }
1972
1973 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1974                       const char *name,
1975                       struct b43_firmware_file *fw)
1976 {
1977         const struct firmware *blob;
1978         struct b43_fw_header *hdr;
1979         u32 size;
1980         int err;
1981
1982         if (!name) {
1983                 /* Don't fetch anything. Free possibly cached firmware. */
1984                 /* FIXME: We should probably keep it anyway, to save some headache
1985                  * on suspend/resume with multiband devices. */
1986                 b43_do_release_fw(fw);
1987                 return 0;
1988         }
1989         if (fw->filename) {
1990                 if ((fw->type == ctx->req_type) &&
1991                     (strcmp(fw->filename, name) == 0))
1992                         return 0; /* Already have this fw. */
1993                 /* Free the cached firmware first. */
1994                 /* FIXME: We should probably do this later after we successfully
1995                  * got the new fw. This could reduce headache with multiband devices.
1996                  * We could also redesign this to cache the firmware for all possible
1997                  * bands all the time. */
1998                 b43_do_release_fw(fw);
1999         }
2000
2001         switch (ctx->req_type) {
2002         case B43_FWTYPE_PROPRIETARY:
2003                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2004                          "b43%s/%s.fw",
2005                          modparam_fwpostfix, name);
2006                 break;
2007         case B43_FWTYPE_OPENSOURCE:
2008                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2009                          "b43-open%s/%s.fw",
2010                          modparam_fwpostfix, name);
2011                 break;
2012         default:
2013                 B43_WARN_ON(1);
2014                 return -ENOSYS;
2015         }
2016         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2017         if (err == -ENOENT) {
2018                 snprintf(ctx->errors[ctx->req_type],
2019                          sizeof(ctx->errors[ctx->req_type]),
2020                          "Firmware file \"%s\" not found\n", ctx->fwname);
2021                 return err;
2022         } else if (err) {
2023                 snprintf(ctx->errors[ctx->req_type],
2024                          sizeof(ctx->errors[ctx->req_type]),
2025                          "Firmware file \"%s\" request failed (err=%d)\n",
2026                          ctx->fwname, err);
2027                 return err;
2028         }
2029         if (blob->size < sizeof(struct b43_fw_header))
2030                 goto err_format;
2031         hdr = (struct b43_fw_header *)(blob->data);
2032         switch (hdr->type) {
2033         case B43_FW_TYPE_UCODE:
2034         case B43_FW_TYPE_PCM:
2035                 size = be32_to_cpu(hdr->size);
2036                 if (size != blob->size - sizeof(struct b43_fw_header))
2037                         goto err_format;
2038                 /* fallthrough */
2039         case B43_FW_TYPE_IV:
2040                 if (hdr->ver != 1)
2041                         goto err_format;
2042                 break;
2043         default:
2044                 goto err_format;
2045         }
2046
2047         fw->data = blob;
2048         fw->filename = name;
2049         fw->type = ctx->req_type;
2050
2051         return 0;
2052
2053 err_format:
2054         snprintf(ctx->errors[ctx->req_type],
2055                  sizeof(ctx->errors[ctx->req_type]),
2056                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2057         release_firmware(blob);
2058
2059         return -EPROTO;
2060 }
2061
2062 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2063 {
2064         struct b43_wldev *dev = ctx->dev;
2065         struct b43_firmware *fw = &ctx->dev->fw;
2066         const u8 rev = ctx->dev->dev->id.revision;
2067         const char *filename;
2068         u32 tmshigh;
2069         int err;
2070
2071         /* Get microcode */
2072         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2073         if ((rev >= 5) && (rev <= 10))
2074                 filename = "ucode5";
2075         else if ((rev >= 11) && (rev <= 12))
2076                 filename = "ucode11";
2077         else if (rev == 13)
2078                 filename = "ucode13";
2079         else if (rev == 14)
2080                 filename = "ucode14";
2081         else if (rev >= 15)
2082                 filename = "ucode15";
2083         else
2084                 goto err_no_ucode;
2085         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2086         if (err)
2087                 goto err_load;
2088
2089         /* Get PCM code */
2090         if ((rev >= 5) && (rev <= 10))
2091                 filename = "pcm5";
2092         else if (rev >= 11)
2093                 filename = NULL;
2094         else
2095                 goto err_no_pcm;
2096         fw->pcm_request_failed = 0;
2097         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2098         if (err == -ENOENT) {
2099                 /* We did not find a PCM file? Not fatal, but
2100                  * core rev <= 10 must do without hwcrypto then. */
2101                 fw->pcm_request_failed = 1;
2102         } else if (err)
2103                 goto err_load;
2104
2105         /* Get initvals */
2106         switch (dev->phy.type) {
2107         case B43_PHYTYPE_A:
2108                 if ((rev >= 5) && (rev <= 10)) {
2109                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2110                                 filename = "a0g1initvals5";
2111                         else
2112                                 filename = "a0g0initvals5";
2113                 } else
2114                         goto err_no_initvals;
2115                 break;
2116         case B43_PHYTYPE_G:
2117                 if ((rev >= 5) && (rev <= 10))
2118                         filename = "b0g0initvals5";
2119                 else if (rev >= 13)
2120                         filename = "b0g0initvals13";
2121                 else
2122                         goto err_no_initvals;
2123                 break;
2124         case B43_PHYTYPE_N:
2125                 if ((rev >= 11) && (rev <= 12))
2126                         filename = "n0initvals11";
2127                 else
2128                         goto err_no_initvals;
2129                 break;
2130         case B43_PHYTYPE_LP:
2131                 if (rev == 13)
2132                         filename = "lp0initvals13";
2133                 else if (rev == 14)
2134                         filename = "lp0initvals14";
2135                 else if (rev >= 15)
2136                         filename = "lp0initvals15";
2137                 else
2138                         goto err_no_initvals;
2139                 break;
2140         default:
2141                 goto err_no_initvals;
2142         }
2143         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2144         if (err)
2145                 goto err_load;
2146
2147         /* Get bandswitch initvals */
2148         switch (dev->phy.type) {
2149         case B43_PHYTYPE_A:
2150                 if ((rev >= 5) && (rev <= 10)) {
2151                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2152                                 filename = "a0g1bsinitvals5";
2153                         else
2154                                 filename = "a0g0bsinitvals5";
2155                 } else if (rev >= 11)
2156                         filename = NULL;
2157                 else
2158                         goto err_no_initvals;
2159                 break;
2160         case B43_PHYTYPE_G:
2161                 if ((rev >= 5) && (rev <= 10))
2162                         filename = "b0g0bsinitvals5";
2163                 else if (rev >= 11)
2164                         filename = NULL;
2165                 else
2166                         goto err_no_initvals;
2167                 break;
2168         case B43_PHYTYPE_N:
2169                 if ((rev >= 11) && (rev <= 12))
2170                         filename = "n0bsinitvals11";
2171                 else
2172                         goto err_no_initvals;
2173                 break;
2174         case B43_PHYTYPE_LP:
2175                 if (rev == 13)
2176                         filename = "lp0bsinitvals13";
2177                 else if (rev == 14)
2178                         filename = "lp0bsinitvals14";
2179                 else if (rev >= 15)
2180                         filename = "lp0bsinitvals15";
2181                 else
2182                         goto err_no_initvals;
2183                 break;
2184         default:
2185                 goto err_no_initvals;
2186         }
2187         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2188         if (err)
2189                 goto err_load;
2190
2191         return 0;
2192
2193 err_no_ucode:
2194         err = ctx->fatal_failure = -EOPNOTSUPP;
2195         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2196                "is required for your device (wl-core rev %u)\n", rev);
2197         goto error;
2198
2199 err_no_pcm:
2200         err = ctx->fatal_failure = -EOPNOTSUPP;
2201         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2202                "is required for your device (wl-core rev %u)\n", rev);
2203         goto error;
2204
2205 err_no_initvals:
2206         err = ctx->fatal_failure = -EOPNOTSUPP;
2207         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2208                "is required for your device (wl-core rev %u)\n", rev);
2209         goto error;
2210
2211 err_load:
2212         /* We failed to load this firmware image. The error message
2213          * already is in ctx->errors. Return and let our caller decide
2214          * what to do. */
2215         goto error;
2216
2217 error:
2218         b43_release_firmware(dev);
2219         return err;
2220 }
2221
2222 static int b43_request_firmware(struct b43_wldev *dev)
2223 {
2224         struct b43_request_fw_context *ctx;
2225         unsigned int i;
2226         int err;
2227         const char *errmsg;
2228
2229         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2230         if (!ctx)
2231                 return -ENOMEM;
2232         ctx->dev = dev;
2233
2234         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2235         err = b43_try_request_fw(ctx);
2236         if (!err)
2237                 goto out; /* Successfully loaded it. */
2238         err = ctx->fatal_failure;
2239         if (err)
2240                 goto out;
2241
2242         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2243         err = b43_try_request_fw(ctx);
2244         if (!err)
2245                 goto out; /* Successfully loaded it. */
2246         err = ctx->fatal_failure;
2247         if (err)
2248                 goto out;
2249
2250         /* Could not find a usable firmware. Print the errors. */
2251         for (i = 0; i < B43_NR_FWTYPES; i++) {
2252                 errmsg = ctx->errors[i];
2253                 if (strlen(errmsg))
2254                         b43err(dev->wl, errmsg);
2255         }
2256         b43_print_fw_helptext(dev->wl, 1);
2257         err = -ENOENT;
2258
2259 out:
2260         kfree(ctx);
2261         return err;
2262 }
2263
2264 static int b43_upload_microcode(struct b43_wldev *dev)
2265 {
2266         const size_t hdr_len = sizeof(struct b43_fw_header);
2267         const __be32 *data;
2268         unsigned int i, len;
2269         u16 fwrev, fwpatch, fwdate, fwtime;
2270         u32 tmp, macctl;
2271         int err = 0;
2272
2273         /* Jump the microcode PSM to offset 0 */
2274         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2275         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2276         macctl |= B43_MACCTL_PSM_JMP0;
2277         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2278         /* Zero out all microcode PSM registers and shared memory. */
2279         for (i = 0; i < 64; i++)
2280                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2281         for (i = 0; i < 4096; i += 2)
2282                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2283
2284         /* Upload Microcode. */
2285         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2286         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2287         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2288         for (i = 0; i < len; i++) {
2289                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2290                 udelay(10);
2291         }
2292
2293         if (dev->fw.pcm.data) {
2294                 /* Upload PCM data. */
2295                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2296                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2297                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2298                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2299                 /* No need for autoinc bit in SHM_HW */
2300                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2301                 for (i = 0; i < len; i++) {
2302                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2303                         udelay(10);
2304                 }
2305         }
2306
2307         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2308
2309         /* Start the microcode PSM */
2310         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2311         macctl &= ~B43_MACCTL_PSM_JMP0;
2312         macctl |= B43_MACCTL_PSM_RUN;
2313         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2314
2315         /* Wait for the microcode to load and respond */
2316         i = 0;
2317         while (1) {
2318                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2319                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2320                         break;
2321                 i++;
2322                 if (i >= 20) {
2323                         b43err(dev->wl, "Microcode not responding\n");
2324                         b43_print_fw_helptext(dev->wl, 1);
2325                         err = -ENODEV;
2326                         goto error;
2327                 }
2328                 msleep(50);
2329         }
2330         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2331
2332         /* Get and check the revisions. */
2333         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2334         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2335         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2336         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2337
2338         if (fwrev <= 0x128) {
2339                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2340                        "binary drivers older than version 4.x is unsupported. "
2341                        "You must upgrade your firmware files.\n");
2342                 b43_print_fw_helptext(dev->wl, 1);
2343                 err = -EOPNOTSUPP;
2344                 goto error;
2345         }
2346         dev->fw.rev = fwrev;
2347         dev->fw.patch = fwpatch;
2348         dev->fw.opensource = (fwdate == 0xFFFF);
2349
2350         /* Default to use-all-queues. */
2351         dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2352         dev->qos_enabled = !!modparam_qos;
2353         /* Default to firmware/hardware crypto acceleration. */
2354         dev->hwcrypto_enabled = 1;
2355
2356         if (dev->fw.opensource) {
2357                 u16 fwcapa;
2358
2359                 /* Patchlevel info is encoded in the "time" field. */
2360                 dev->fw.patch = fwtime;
2361                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2362                         dev->fw.rev, dev->fw.patch);
2363
2364                 fwcapa = b43_fwcapa_read(dev);
2365                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2366                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2367                         /* Disable hardware crypto and fall back to software crypto. */
2368                         dev->hwcrypto_enabled = 0;
2369                 }
2370                 if (!(fwcapa & B43_FWCAPA_QOS)) {
2371                         b43info(dev->wl, "QoS not supported by firmware\n");
2372                         /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2373                          * ieee80211_unregister to make sure the networking core can
2374                          * properly free possible resources. */
2375                         dev->wl->hw->queues = 1;
2376                         dev->qos_enabled = 0;
2377                 }
2378         } else {
2379                 b43info(dev->wl, "Loading firmware version %u.%u "
2380                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2381                         fwrev, fwpatch,
2382                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2383                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2384                 if (dev->fw.pcm_request_failed) {
2385                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2386                                 "Hardware accelerated cryptography is disabled.\n");
2387                         b43_print_fw_helptext(dev->wl, 0);
2388                 }
2389         }
2390
2391         if (b43_is_old_txhdr_format(dev)) {
2392                 /* We're over the deadline, but we keep support for old fw
2393                  * until it turns out to be in major conflict with something new. */
2394                 b43warn(dev->wl, "You are using an old firmware image. "
2395                         "Support for old firmware will be removed soon "
2396                         "(official deadline was July 2008).\n");
2397                 b43_print_fw_helptext(dev->wl, 0);
2398         }
2399
2400         return 0;
2401
2402 error:
2403         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2404         macctl &= ~B43_MACCTL_PSM_RUN;
2405         macctl |= B43_MACCTL_PSM_JMP0;
2406         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2407
2408         return err;
2409 }
2410
2411 static int b43_write_initvals(struct b43_wldev *dev,
2412                               const struct b43_iv *ivals,
2413                               size_t count,
2414                               size_t array_size)
2415 {
2416         const struct b43_iv *iv;
2417         u16 offset;
2418         size_t i;
2419         bool bit32;
2420
2421         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2422         iv = ivals;
2423         for (i = 0; i < count; i++) {
2424                 if (array_size < sizeof(iv->offset_size))
2425                         goto err_format;
2426                 array_size -= sizeof(iv->offset_size);
2427                 offset = be16_to_cpu(iv->offset_size);
2428                 bit32 = !!(offset & B43_IV_32BIT);
2429                 offset &= B43_IV_OFFSET_MASK;
2430                 if (offset >= 0x1000)
2431                         goto err_format;
2432                 if (bit32) {
2433                         u32 value;
2434
2435                         if (array_size < sizeof(iv->data.d32))
2436                                 goto err_format;
2437                         array_size -= sizeof(iv->data.d32);
2438
2439                         value = get_unaligned_be32(&iv->data.d32);
2440                         b43_write32(dev, offset, value);
2441
2442                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2443                                                         sizeof(__be16) +
2444                                                         sizeof(__be32));
2445                 } else {
2446                         u16 value;
2447
2448                         if (array_size < sizeof(iv->data.d16))
2449                                 goto err_format;
2450                         array_size -= sizeof(iv->data.d16);
2451
2452                         value = be16_to_cpu(iv->data.d16);
2453                         b43_write16(dev, offset, value);
2454
2455                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2456                                                         sizeof(__be16) +
2457                                                         sizeof(__be16));
2458                 }
2459         }
2460         if (array_size)
2461                 goto err_format;
2462
2463         return 0;
2464
2465 err_format:
2466         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2467         b43_print_fw_helptext(dev->wl, 1);
2468
2469         return -EPROTO;
2470 }
2471
2472 static int b43_upload_initvals(struct b43_wldev *dev)
2473 {
2474         const size_t hdr_len = sizeof(struct b43_fw_header);
2475         const struct b43_fw_header *hdr;
2476         struct b43_firmware *fw = &dev->fw;
2477         const struct b43_iv *ivals;
2478         size_t count;
2479         int err;
2480
2481         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2482         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2483         count = be32_to_cpu(hdr->size);
2484         err = b43_write_initvals(dev, ivals, count,
2485                                  fw->initvals.data->size - hdr_len);
2486         if (err)
2487                 goto out;
2488         if (fw->initvals_band.data) {
2489                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2490                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2491                 count = be32_to_cpu(hdr->size);
2492                 err = b43_write_initvals(dev, ivals, count,
2493                                          fw->initvals_band.data->size - hdr_len);
2494                 if (err)
2495                         goto out;
2496         }
2497 out:
2498
2499         return err;
2500 }
2501
2502 /* Initialize the GPIOs
2503  * http://bcm-specs.sipsolutions.net/GPIO
2504  */
2505 static int b43_gpio_init(struct b43_wldev *dev)
2506 {
2507         struct ssb_bus *bus = dev->dev->bus;
2508         struct ssb_device *gpiodev, *pcidev = NULL;
2509         u32 mask, set;
2510
2511         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2512                     & ~B43_MACCTL_GPOUTSMSK);
2513
2514         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2515                     | 0x000F);
2516
2517         mask = 0x0000001F;
2518         set = 0x0000000F;
2519         if (dev->dev->bus->chip_id == 0x4301) {
2520                 mask |= 0x0060;
2521                 set |= 0x0060;
2522         }
2523         if (0 /* FIXME: conditional unknown */ ) {
2524                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2525                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2526                             | 0x0100);
2527                 mask |= 0x0180;
2528                 set |= 0x0180;
2529         }
2530         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2531                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2532                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2533                             | 0x0200);
2534                 mask |= 0x0200;
2535                 set |= 0x0200;
2536         }
2537         if (dev->dev->id.revision >= 2)
2538                 mask |= 0x0010; /* FIXME: This is redundant. */
2539
2540 #ifdef CONFIG_SSB_DRIVER_PCICORE
2541         pcidev = bus->pcicore.dev;
2542 #endif
2543         gpiodev = bus->chipco.dev ? : pcidev;
2544         if (!gpiodev)
2545                 return 0;
2546         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2547                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2548                      & mask) | set);
2549
2550         return 0;
2551 }
2552
2553 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2554 static void b43_gpio_cleanup(struct b43_wldev *dev)
2555 {
2556         struct ssb_bus *bus = dev->dev->bus;
2557         struct ssb_device *gpiodev, *pcidev = NULL;
2558
2559 #ifdef CONFIG_SSB_DRIVER_PCICORE
2560         pcidev = bus->pcicore.dev;
2561 #endif
2562         gpiodev = bus->chipco.dev ? : pcidev;
2563         if (!gpiodev)
2564                 return;
2565         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2566 }
2567
2568 /* http://bcm-specs.sipsolutions.net/EnableMac */
2569 void b43_mac_enable(struct b43_wldev *dev)
2570 {
2571         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2572                 u16 fwstate;
2573
2574                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2575                                          B43_SHM_SH_UCODESTAT);
2576                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2577                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2578                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2579                                "should be suspended, but current state is %u\n",
2580                                fwstate);
2581                 }
2582         }
2583
2584         dev->mac_suspended--;
2585         B43_WARN_ON(dev->mac_suspended < 0);
2586         if (dev->mac_suspended == 0) {
2587                 b43_write32(dev, B43_MMIO_MACCTL,
2588                             b43_read32(dev, B43_MMIO_MACCTL)
2589                             | B43_MACCTL_ENABLED);
2590                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2591                             B43_IRQ_MAC_SUSPENDED);
2592                 /* Commit writes */
2593                 b43_read32(dev, B43_MMIO_MACCTL);
2594                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2595                 b43_power_saving_ctl_bits(dev, 0);
2596         }
2597 }
2598
2599 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2600 void b43_mac_suspend(struct b43_wldev *dev)
2601 {
2602         int i;
2603         u32 tmp;
2604
2605         might_sleep();
2606         B43_WARN_ON(dev->mac_suspended < 0);
2607
2608         if (dev->mac_suspended == 0) {
2609                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2610                 b43_write32(dev, B43_MMIO_MACCTL,
2611                             b43_read32(dev, B43_MMIO_MACCTL)
2612                             & ~B43_MACCTL_ENABLED);
2613                 /* force pci to flush the write */
2614                 b43_read32(dev, B43_MMIO_MACCTL);
2615                 for (i = 35; i; i--) {
2616                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2617                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2618                                 goto out;
2619                         udelay(10);
2620                 }
2621                 /* Hm, it seems this will take some time. Use msleep(). */
2622                 for (i = 40; i; i--) {
2623                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2624                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2625                                 goto out;
2626                         msleep(1);
2627                 }
2628                 b43err(dev->wl, "MAC suspend failed\n");
2629         }
2630 out:
2631         dev->mac_suspended++;
2632 }
2633
2634 static void b43_adjust_opmode(struct b43_wldev *dev)
2635 {
2636         struct b43_wl *wl = dev->wl;
2637         u32 ctl;
2638         u16 cfp_pretbtt;
2639
2640         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2641         /* Reset status to STA infrastructure mode. */
2642         ctl &= ~B43_MACCTL_AP;
2643         ctl &= ~B43_MACCTL_KEEP_CTL;
2644         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2645         ctl &= ~B43_MACCTL_KEEP_BAD;
2646         ctl &= ~B43_MACCTL_PROMISC;
2647         ctl &= ~B43_MACCTL_BEACPROMISC;
2648         ctl |= B43_MACCTL_INFRA;
2649
2650         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2651             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2652                 ctl |= B43_MACCTL_AP;
2653         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2654                 ctl &= ~B43_MACCTL_INFRA;
2655
2656         if (wl->filter_flags & FIF_CONTROL)
2657                 ctl |= B43_MACCTL_KEEP_CTL;
2658         if (wl->filter_flags & FIF_FCSFAIL)
2659                 ctl |= B43_MACCTL_KEEP_BAD;
2660         if (wl->filter_flags & FIF_PLCPFAIL)
2661                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2662         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2663                 ctl |= B43_MACCTL_PROMISC;
2664         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2665                 ctl |= B43_MACCTL_BEACPROMISC;
2666
2667         /* Workaround: On old hardware the HW-MAC-address-filter
2668          * doesn't work properly, so always run promisc in filter
2669          * it in software. */
2670         if (dev->dev->id.revision <= 4)
2671                 ctl |= B43_MACCTL_PROMISC;
2672
2673         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2674
2675         cfp_pretbtt = 2;
2676         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2677                 if (dev->dev->bus->chip_id == 0x4306 &&
2678                     dev->dev->bus->chip_rev == 3)
2679                         cfp_pretbtt = 100;
2680                 else
2681                         cfp_pretbtt = 50;
2682         }
2683         b43_write16(dev, 0x612, cfp_pretbtt);
2684
2685         /* FIXME: We don't currently implement the PMQ mechanism,
2686          *        so always disable it. If we want to implement PMQ,
2687          *        we need to enable it here (clear DISCPMQ) in AP mode.
2688          */
2689         if (0  /* ctl & B43_MACCTL_AP */) {
2690                 b43_write32(dev, B43_MMIO_MACCTL,
2691                             b43_read32(dev, B43_MMIO_MACCTL)
2692                             & ~B43_MACCTL_DISCPMQ);
2693         } else {
2694                 b43_write32(dev, B43_MMIO_MACCTL,
2695                             b43_read32(dev, B43_MMIO_MACCTL)
2696                             | B43_MACCTL_DISCPMQ);
2697         }
2698 }
2699
2700 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2701 {
2702         u16 offset;
2703
2704         if (is_ofdm) {
2705                 offset = 0x480;
2706                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2707         } else {
2708                 offset = 0x4C0;
2709                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2710         }
2711         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2712                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2713 }
2714
2715 static void b43_rate_memory_init(struct b43_wldev *dev)
2716 {
2717         switch (dev->phy.type) {
2718         case B43_PHYTYPE_A:
2719         case B43_PHYTYPE_G:
2720         case B43_PHYTYPE_N:
2721         case B43_PHYTYPE_LP:
2722                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2723                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2724                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2725                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2726                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2727                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2728                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2729                 if (dev->phy.type == B43_PHYTYPE_A)
2730                         break;
2731                 /* fallthrough */
2732         case B43_PHYTYPE_B:
2733                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2734                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2735                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2736                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2737                 break;
2738         default:
2739                 B43_WARN_ON(1);
2740         }
2741 }
2742
2743 /* Set the default values for the PHY TX Control Words. */
2744 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2745 {
2746         u16 ctl = 0;
2747
2748         ctl |= B43_TXH_PHY_ENC_CCK;
2749         ctl |= B43_TXH_PHY_ANT01AUTO;
2750         ctl |= B43_TXH_PHY_TXPWR;
2751
2752         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2753         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2754         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2755 }
2756
2757 /* Set the TX-Antenna for management frames sent by firmware. */
2758 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2759 {
2760         u16 ant;
2761         u16 tmp;
2762
2763         ant = b43_antenna_to_phyctl(antenna);
2764
2765         /* For ACK/CTS */
2766         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2767         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2768         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2769         /* For Probe Resposes */
2770         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2771         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2772         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2773 }
2774
2775 /* This is the opposite of b43_chip_init() */
2776 static void b43_chip_exit(struct b43_wldev *dev)
2777 {
2778         b43_phy_exit(dev);
2779         b43_gpio_cleanup(dev);
2780         /* firmware is released later */
2781 }
2782
2783 /* Initialize the chip
2784  * http://bcm-specs.sipsolutions.net/ChipInit
2785  */
2786 static int b43_chip_init(struct b43_wldev *dev)
2787 {
2788         struct b43_phy *phy = &dev->phy;
2789         int err;
2790         u32 value32, macctl;
2791         u16 value16;
2792
2793         /* Initialize the MAC control */
2794         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2795         if (dev->phy.gmode)
2796                 macctl |= B43_MACCTL_GMODE;
2797         macctl |= B43_MACCTL_INFRA;
2798         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2799
2800         err = b43_request_firmware(dev);
2801         if (err)
2802                 goto out;
2803         err = b43_upload_microcode(dev);
2804         if (err)
2805                 goto out;       /* firmware is released later */
2806
2807         err = b43_gpio_init(dev);
2808         if (err)
2809                 goto out;       /* firmware is released later */
2810
2811         err = b43_upload_initvals(dev);
2812         if (err)
2813                 goto err_gpio_clean;
2814
2815         /* Turn the Analog on and initialize the PHY. */
2816         phy->ops->switch_analog(dev, 1);
2817         err = b43_phy_init(dev);
2818         if (err)
2819                 goto err_gpio_clean;
2820
2821         /* Disable Interference Mitigation. */
2822         if (phy->ops->interf_mitigation)
2823                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2824
2825         /* Select the antennae */
2826         if (phy->ops->set_rx_antenna)
2827                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2828         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2829
2830         if (phy->type == B43_PHYTYPE_B) {
2831                 value16 = b43_read16(dev, 0x005E);
2832                 value16 |= 0x0004;
2833                 b43_write16(dev, 0x005E, value16);
2834         }
2835         b43_write32(dev, 0x0100, 0x01000000);
2836         if (dev->dev->id.revision < 5)
2837                 b43_write32(dev, 0x010C, 0x01000000);
2838
2839         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2840                     & ~B43_MACCTL_INFRA);
2841         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2842                     | B43_MACCTL_INFRA);
2843
2844         /* Probe Response Timeout value */
2845         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2846         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2847
2848         /* Initially set the wireless operation mode. */
2849         b43_adjust_opmode(dev);
2850
2851         if (dev->dev->id.revision < 3) {
2852                 b43_write16(dev, 0x060E, 0x0000);
2853                 b43_write16(dev, 0x0610, 0x8000);
2854                 b43_write16(dev, 0x0604, 0x0000);
2855                 b43_write16(dev, 0x0606, 0x0200);
2856         } else {
2857                 b43_write32(dev, 0x0188, 0x80000000);
2858                 b43_write32(dev, 0x018C, 0x02000000);
2859         }
2860         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2861         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2862         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2863         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2864         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2865         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2866         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2867
2868         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2869         value32 |= 0x00100000;
2870         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2871
2872         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2873                     dev->dev->bus->chipco.fast_pwrup_delay);
2874
2875         err = 0;
2876         b43dbg(dev->wl, "Chip initialized\n");
2877 out:
2878         return err;
2879
2880 err_gpio_clean:
2881         b43_gpio_cleanup(dev);
2882         return err;
2883 }
2884
2885 static void b43_periodic_every60sec(struct b43_wldev *dev)
2886 {
2887         const struct b43_phy_operations *ops = dev->phy.ops;
2888
2889         if (ops->pwork_60sec)
2890                 ops->pwork_60sec(dev);
2891
2892         /* Force check the TX power emission now. */
2893         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2894 }
2895
2896 static void b43_periodic_every30sec(struct b43_wldev *dev)
2897 {
2898         /* Update device statistics. */
2899         b43_calculate_link_quality(dev);
2900 }
2901
2902 static void b43_periodic_every15sec(struct b43_wldev *dev)
2903 {
2904         struct b43_phy *phy = &dev->phy;
2905         u16 wdr;
2906
2907         if (dev->fw.opensource) {
2908                 /* Check if the firmware is still alive.
2909                  * It will reset the watchdog counter to 0 in its idle loop. */
2910                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2911                 if (unlikely(wdr)) {
2912                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2913                         b43_controller_restart(dev, "Firmware watchdog");
2914                         return;
2915                 } else {
2916                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2917                                         B43_WATCHDOG_REG, 1);
2918                 }
2919         }
2920
2921         if (phy->ops->pwork_15sec)
2922                 phy->ops->pwork_15sec(dev);
2923
2924         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2925         wmb();
2926
2927 #if B43_DEBUG
2928         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2929                 unsigned int i;
2930
2931                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
2932                        dev->irq_count / 15,
2933                        dev->tx_count / 15,
2934                        dev->rx_count / 15);
2935                 dev->irq_count = 0;
2936                 dev->tx_count = 0;
2937                 dev->rx_count = 0;
2938                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2939                         if (dev->irq_bit_count[i]) {
2940                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
2941                                        dev->irq_bit_count[i] / 15, i, (1 << i));
2942                                 dev->irq_bit_count[i] = 0;
2943                         }
2944                 }
2945         }
2946 #endif
2947 }
2948
2949 static void do_periodic_work(struct b43_wldev *dev)
2950 {
2951         unsigned int state;
2952
2953         state = dev->periodic_state;
2954         if (state % 4 == 0)
2955                 b43_periodic_every60sec(dev);
2956         if (state % 2 == 0)
2957                 b43_periodic_every30sec(dev);
2958         b43_periodic_every15sec(dev);
2959 }
2960
2961 /* Periodic work locking policy:
2962  *      The whole periodic work handler is protected by
2963  *      wl->mutex. If another lock is needed somewhere in the
2964  *      pwork callchain, it's acquired in-place, where it's needed.
2965  */
2966 static void b43_periodic_work_handler(struct work_struct *work)
2967 {
2968         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2969                                              periodic_work.work);
2970         struct b43_wl *wl = dev->wl;
2971         unsigned long delay;
2972
2973         mutex_lock(&wl->mutex);
2974
2975         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2976                 goto out;
2977         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2978                 goto out_requeue;
2979
2980         do_periodic_work(dev);
2981
2982         dev->periodic_state++;
2983 out_requeue:
2984         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2985                 delay = msecs_to_jiffies(50);
2986         else
2987                 delay = round_jiffies_relative(HZ * 15);
2988         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2989 out:
2990         mutex_unlock(&wl->mutex);
2991 }
2992
2993 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2994 {
2995         struct delayed_work *work = &dev->periodic_work;
2996
2997         dev->periodic_state = 0;
2998         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2999         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3000 }
3001
3002 /* Check if communication with the device works correctly. */
3003 static int b43_validate_chipaccess(struct b43_wldev *dev)
3004 {
3005         u32 v, backup0, backup4;
3006
3007         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3008         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3009
3010         /* Check for read/write and endianness problems. */
3011         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3012         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3013                 goto error;
3014         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3015         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3016                 goto error;
3017
3018         /* Check if unaligned 32bit SHM_SHARED access works properly.
3019          * However, don't bail out on failure, because it's noncritical. */
3020         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3021         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3022         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3023         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3024         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3025                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3026         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3027         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3028             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3029             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3030             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3031                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3032
3033         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3034         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3035
3036         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
3037                 /* The 32bit register shadows the two 16bit registers
3038                  * with update sideeffects. Validate this. */
3039                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3040                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3041                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3042                         goto error;
3043                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3044                         goto error;
3045         }
3046         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3047
3048         v = b43_read32(dev, B43_MMIO_MACCTL);
3049         v |= B43_MACCTL_GMODE;
3050         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3051                 goto error;
3052
3053         return 0;
3054 error:
3055         b43err(dev->wl, "Failed to validate the chipaccess\n");
3056         return -ENODEV;
3057 }
3058
3059 static void b43_security_init(struct b43_wldev *dev)
3060 {
3061         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3062         /* KTP is a word address, but we address SHM bytewise.
3063          * So multiply by two.
3064          */
3065         dev->ktp *= 2;
3066         /* Number of RCMTA address slots */
3067         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3068         /* Clear the key memory. */
3069         b43_clear_keys(dev);
3070 }
3071
3072 #ifdef CONFIG_B43_HWRNG
3073 static int b43_rng_read(struct hwrng *rng, u32 *data)
3074 {
3075         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3076         struct b43_wldev *dev;
3077         int count = -ENODEV;
3078
3079         mutex_lock(&wl->mutex);
3080         dev = wl->current_dev;
3081         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3082                 *data = b43_read16(dev, B43_MMIO_RNG);
3083                 count = sizeof(u16);
3084         }
3085         mutex_unlock(&wl->mutex);
3086
3087         return count;
3088 }
3089 #endif /* CONFIG_B43_HWRNG */
3090
3091 static void b43_rng_exit(struct b43_wl *wl)
3092 {
3093 #ifdef CONFIG_B43_HWRNG
3094         if (wl->rng_initialized)
3095                 hwrng_unregister(&wl->rng);
3096 #endif /* CONFIG_B43_HWRNG */
3097 }
3098
3099 static int b43_rng_init(struct b43_wl *wl)
3100 {
3101         int err = 0;
3102
3103 #ifdef CONFIG_B43_HWRNG
3104         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3105                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3106         wl->rng.name = wl->rng_name;
3107         wl->rng.data_read = b43_rng_read;
3108         wl->rng.priv = (unsigned long)wl;
3109         wl->rng_initialized = 1;
3110         err = hwrng_register(&wl->rng);
3111         if (err) {
3112                 wl->rng_initialized = 0;
3113                 b43err(wl, "Failed to register the random "
3114                        "number generator (%d)\n", err);
3115         }
3116 #endif /* CONFIG_B43_HWRNG */
3117
3118         return err;
3119 }
3120
3121 static void b43_tx_work(struct work_struct *work)
3122 {
3123         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3124         struct b43_wldev *dev;
3125         struct sk_buff *skb;
3126         int err = 0;
3127
3128         mutex_lock(&wl->mutex);
3129         dev = wl->current_dev;
3130         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3131                 mutex_unlock(&wl->mutex);
3132                 return;
3133         }
3134
3135         while (skb_queue_len(&wl->tx_queue)) {
3136                 skb = skb_dequeue(&wl->tx_queue);
3137
3138                 if (b43_using_pio_transfers(dev))
3139                         err = b43_pio_tx(dev, skb);
3140                 else
3141                         err = b43_dma_tx(dev, skb);
3142                 if (unlikely(err))
3143                         dev_kfree_skb(skb); /* Drop it */
3144         }
3145
3146 #if B43_DEBUG
3147         dev->tx_count++;
3148 #endif
3149         mutex_unlock(&wl->mutex);
3150 }
3151
3152 static int b43_op_tx(struct ieee80211_hw *hw,
3153                      struct sk_buff *skb)
3154 {
3155         struct b43_wl *wl = hw_to_b43_wl(hw);
3156
3157         if (unlikely(skb->len < 2 + 2 + 6)) {
3158                 /* Too short, this can't be a valid frame. */
3159                 dev_kfree_skb_any(skb);
3160                 return NETDEV_TX_OK;
3161         }
3162         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3163
3164         skb_queue_tail(&wl->tx_queue, skb);
3165         ieee80211_queue_work(wl->hw, &wl->tx_work);
3166
3167         return NETDEV_TX_OK;
3168 }
3169
3170 static void b43_qos_params_upload(struct b43_wldev *dev,
3171                                   const struct ieee80211_tx_queue_params *p,
3172                                   u16 shm_offset)
3173 {
3174         u16 params[B43_NR_QOSPARAMS];
3175         int bslots, tmp;
3176         unsigned int i;
3177
3178         if (!dev->qos_enabled)
3179                 return;
3180
3181         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3182
3183         memset(&params, 0, sizeof(params));
3184
3185         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3186         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3187         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3188         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3189         params[B43_QOSPARAM_AIFS] = p->aifs;
3190         params[B43_QOSPARAM_BSLOTS] = bslots;
3191         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3192
3193         for (i = 0; i < ARRAY_SIZE(params); i++) {
3194                 if (i == B43_QOSPARAM_STATUS) {
3195                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3196                                              shm_offset + (i * 2));
3197                         /* Mark the parameters as updated. */
3198                         tmp |= 0x100;
3199                         b43_shm_write16(dev, B43_SHM_SHARED,
3200                                         shm_offset + (i * 2),
3201                                         tmp);
3202                 } else {
3203                         b43_shm_write16(dev, B43_SHM_SHARED,
3204                                         shm_offset + (i * 2),
3205                                         params[i]);
3206                 }
3207         }
3208 }
3209
3210 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3211 static const u16 b43_qos_shm_offsets[] = {
3212         /* [mac80211-queue-nr] = SHM_OFFSET, */
3213         [0] = B43_QOS_VOICE,
3214         [1] = B43_QOS_VIDEO,
3215         [2] = B43_QOS_BESTEFFORT,
3216         [3] = B43_QOS_BACKGROUND,
3217 };
3218
3219 /* Update all QOS parameters in hardware. */
3220 static void b43_qos_upload_all(struct b43_wldev *dev)
3221 {
3222         struct b43_wl *wl = dev->wl;
3223         struct b43_qos_params *params;
3224         unsigned int i;
3225
3226         if (!dev->qos_enabled)
3227                 return;
3228
3229         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3230                      ARRAY_SIZE(wl->qos_params));
3231
3232         b43_mac_suspend(dev);
3233         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3234                 params = &(wl->qos_params[i]);
3235                 b43_qos_params_upload(dev, &(params->p),
3236                                       b43_qos_shm_offsets[i]);
3237         }
3238         b43_mac_enable(dev);
3239 }
3240
3241 static void b43_qos_clear(struct b43_wl *wl)
3242 {
3243         struct b43_qos_params *params;
3244         unsigned int i;
3245
3246         /* Initialize QoS parameters to sane defaults. */
3247
3248         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3249                      ARRAY_SIZE(wl->qos_params));
3250
3251         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3252                 params = &(wl->qos_params[i]);
3253
3254                 switch (b43_qos_shm_offsets[i]) {
3255                 case B43_QOS_VOICE:
3256                         params->p.txop = 0;
3257                         params->p.aifs = 2;
3258                         params->p.cw_min = 0x0001;
3259                         params->p.cw_max = 0x0001;
3260                         break;
3261                 case B43_QOS_VIDEO:
3262                         params->p.txop = 0;
3263                         params->p.aifs = 2;
3264                         params->p.cw_min = 0x0001;
3265                         params->p.cw_max = 0x0001;
3266                         break;
3267                 case B43_QOS_BESTEFFORT:
3268                         params->p.txop = 0;
3269                         params->p.aifs = 3;
3270                         params->p.cw_min = 0x0001;
3271                         params->p.cw_max = 0x03FF;
3272                         break;
3273                 case B43_QOS_BACKGROUND:
3274                         params->p.txop = 0;
3275                         params->p.aifs = 7;
3276                         params->p.cw_min = 0x0001;
3277                         params->p.cw_max = 0x03FF;
3278                         break;
3279                 default:
3280                         B43_WARN_ON(1);
3281                 }
3282         }
3283 }
3284
3285 /* Initialize the core's QOS capabilities */
3286 static void b43_qos_init(struct b43_wldev *dev)
3287 {
3288         if (!dev->qos_enabled) {
3289                 /* Disable QOS support. */
3290                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3291                 b43_write16(dev, B43_MMIO_IFSCTL,
3292                             b43_read16(dev, B43_MMIO_IFSCTL)
3293                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3294                 b43dbg(dev->wl, "QoS disabled\n");
3295                 return;
3296         }
3297
3298         /* Upload the current QOS parameters. */
3299         b43_qos_upload_all(dev);
3300
3301         /* Enable QOS support. */
3302         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3303         b43_write16(dev, B43_MMIO_IFSCTL,
3304                     b43_read16(dev, B43_MMIO_IFSCTL)
3305                     | B43_MMIO_IFSCTL_USE_EDCF);
3306         b43dbg(dev->wl, "QoS enabled\n");
3307 }
3308
3309 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3310                           const struct ieee80211_tx_queue_params *params)
3311 {
3312         struct b43_wl *wl = hw_to_b43_wl(hw);
3313         struct b43_wldev *dev;
3314         unsigned int queue = (unsigned int)_queue;
3315         int err = -ENODEV;
3316
3317         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3318                 /* Queue not available or don't support setting
3319                  * params on this queue. Return success to not
3320                  * confuse mac80211. */
3321                 return 0;
3322         }
3323         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3324                      ARRAY_SIZE(wl->qos_params));
3325
3326         mutex_lock(&wl->mutex);
3327         dev = wl->current_dev;
3328         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3329                 goto out_unlock;
3330
3331         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3332         b43_mac_suspend(dev);
3333         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3334                               b43_qos_shm_offsets[queue]);
3335         b43_mac_enable(dev);
3336         err = 0;
3337
3338 out_unlock:
3339         mutex_unlock(&wl->mutex);
3340
3341         return err;
3342 }
3343
3344 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3345                                struct ieee80211_tx_queue_stats *stats)
3346 {
3347         struct b43_wl *wl = hw_to_b43_wl(hw);
3348         struct b43_wldev *dev;
3349         int err = -ENODEV;
3350
3351         mutex_lock(&wl->mutex);
3352         dev = wl->current_dev;
3353         if (dev && b43_status(dev) >= B43_STAT_STARTED) {
3354                 if (b43_using_pio_transfers(dev))
3355                         b43_pio_get_tx_stats(dev, stats);
3356                 else
3357                         b43_dma_get_tx_stats(dev, stats);
3358                 err = 0;
3359         }
3360         mutex_unlock(&wl->mutex);
3361
3362         return err;
3363 }
3364
3365 static int b43_op_get_stats(struct ieee80211_hw *hw,
3366                             struct ieee80211_low_level_stats *stats)
3367 {
3368         struct b43_wl *wl = hw_to_b43_wl(hw);
3369
3370         mutex_lock(&wl->mutex);
3371         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3372         mutex_unlock(&wl->mutex);
3373
3374         return 0;
3375 }
3376
3377 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3378 {
3379         struct b43_wl *wl = hw_to_b43_wl(hw);
3380         struct b43_wldev *dev;
3381         u64 tsf;
3382
3383         mutex_lock(&wl->mutex);
3384         dev = wl->current_dev;
3385
3386         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3387                 b43_tsf_read(dev, &tsf);
3388         else
3389                 tsf = 0;
3390
3391         mutex_unlock(&wl->mutex);
3392
3393         return tsf;
3394 }
3395
3396 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3397 {
3398         struct b43_wl *wl = hw_to_b43_wl(hw);
3399         struct b43_wldev *dev;
3400
3401         mutex_lock(&wl->mutex);
3402         dev = wl->current_dev;
3403
3404         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3405                 b43_tsf_write(dev, tsf);
3406
3407         mutex_unlock(&wl->mutex);
3408 }
3409
3410 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3411 {
3412         struct ssb_device *sdev = dev->dev;
3413         u32 tmslow;
3414
3415         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3416         tmslow &= ~B43_TMSLOW_GMODE;
3417         tmslow |= B43_TMSLOW_PHYRESET;
3418         tmslow |= SSB_TMSLOW_FGC;
3419         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3420         msleep(1);
3421
3422         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3423         tmslow &= ~SSB_TMSLOW_FGC;
3424         tmslow |= B43_TMSLOW_PHYRESET;
3425         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3426         msleep(1);
3427 }
3428
3429 static const char *band_to_string(enum ieee80211_band band)
3430 {
3431         switch (band) {
3432         case IEEE80211_BAND_5GHZ:
3433                 return "5";
3434         case IEEE80211_BAND_2GHZ:
3435                 return "2.4";
3436         default:
3437                 break;
3438         }
3439         B43_WARN_ON(1);
3440         return "";
3441 }
3442
3443 /* Expects wl->mutex locked */
3444 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3445 {
3446         struct b43_wldev *up_dev = NULL;
3447         struct b43_wldev *down_dev;
3448         struct b43_wldev *d;
3449         int err;
3450         bool uninitialized_var(gmode);
3451         int prev_status;
3452
3453         /* Find a device and PHY which supports the band. */
3454         list_for_each_entry(d, &wl->devlist, list) {
3455                 switch (chan->band) {
3456                 case IEEE80211_BAND_5GHZ:
3457                         if (d->phy.supports_5ghz) {
3458                                 up_dev = d;
3459                                 gmode = 0;
3460                         }
3461                         break;
3462                 case IEEE80211_BAND_2GHZ:
3463                         if (d->phy.supports_2ghz) {
3464                                 up_dev = d;
3465                                 gmode = 1;
3466                         }
3467                         break;
3468                 default:
3469                         B43_WARN_ON(1);
3470                         return -EINVAL;
3471                 }
3472                 if (up_dev)
3473                         break;
3474         }
3475         if (!up_dev) {
3476                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3477                        band_to_string(chan->band));
3478                 return -ENODEV;
3479         }
3480         if ((up_dev == wl->current_dev) &&
3481             (!!wl->current_dev->phy.gmode == !!gmode)) {
3482                 /* This device is already running. */
3483                 return 0;
3484         }
3485         b43dbg(wl, "Switching to %s-GHz band\n",
3486                band_to_string(chan->band));
3487         down_dev = wl->current_dev;
3488
3489         prev_status = b43_status(down_dev);
3490         /* Shutdown the currently running core. */
3491         if (prev_status >= B43_STAT_STARTED)
3492                 down_dev = b43_wireless_core_stop(down_dev);
3493         if (prev_status >= B43_STAT_INITIALIZED)
3494                 b43_wireless_core_exit(down_dev);
3495
3496         if (down_dev != up_dev) {
3497                 /* We switch to a different core, so we put PHY into
3498                  * RESET on the old core. */
3499                 b43_put_phy_into_reset(down_dev);
3500         }
3501
3502         /* Now start the new core. */
3503         up_dev->phy.gmode = gmode;
3504         if (prev_status >= B43_STAT_INITIALIZED) {
3505                 err = b43_wireless_core_init(up_dev);
3506                 if (err) {
3507                         b43err(wl, "Fatal: Could not initialize device for "
3508                                "selected %s-GHz band\n",
3509                                band_to_string(chan->band));
3510                         goto init_failure;
3511                 }
3512         }
3513         if (prev_status >= B43_STAT_STARTED) {
3514                 err = b43_wireless_core_start(up_dev);
3515                 if (err) {
3516                         b43err(wl, "Fatal: Coult not start device for "
3517                                "selected %s-GHz band\n",
3518                                band_to_string(chan->band));
3519                         b43_wireless_core_exit(up_dev);
3520                         goto init_failure;
3521                 }
3522         }
3523         B43_WARN_ON(b43_status(up_dev) != prev_status);
3524
3525         wl->current_dev = up_dev;
3526
3527         return 0;
3528 init_failure:
3529         /* Whoops, failed to init the new core. No core is operating now. */
3530         wl->current_dev = NULL;
3531         return err;
3532 }
3533
3534 /* Write the short and long frame retry limit values. */
3535 static void b43_set_retry_limits(struct b43_wldev *dev,
3536                                  unsigned int short_retry,
3537                                  unsigned int long_retry)
3538 {
3539         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3540          * the chip-internal counter. */
3541         short_retry = min(short_retry, (unsigned int)0xF);
3542         long_retry = min(long_retry, (unsigned int)0xF);
3543
3544         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3545                         short_retry);
3546         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3547                         long_retry);
3548 }
3549
3550 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3551 {
3552         struct b43_wl *wl = hw_to_b43_wl(hw);
3553         struct b43_wldev *dev;
3554         struct b43_phy *phy;
3555         struct ieee80211_conf *conf = &hw->conf;
3556         int antenna;
3557         int err = 0;
3558
3559         mutex_lock(&wl->mutex);
3560
3561         /* Switch the band (if necessary). This might change the active core. */
3562         err = b43_switch_band(wl, conf->channel);
3563         if (err)
3564                 goto out_unlock_mutex;
3565         dev = wl->current_dev;
3566         phy = &dev->phy;
3567
3568         b43_mac_suspend(dev);
3569
3570         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3571                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3572                                           conf->long_frame_max_tx_count);
3573         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3574         if (!changed)
3575                 goto out_mac_enable;
3576
3577         /* Switch to the requested channel.
3578          * The firmware takes care of races with the TX handler. */
3579         if (conf->channel->hw_value != phy->channel)
3580                 b43_switch_channel(dev, conf->channel->hw_value);
3581
3582         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3583
3584         /* Adjust the desired TX power level. */
3585         if (conf->power_level != 0) {
3586                 if (conf->power_level != phy->desired_txpower) {
3587                         phy->desired_txpower = conf->power_level;
3588                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3589                                                    B43_TXPWR_IGNORE_TSSI);
3590                 }
3591         }
3592
3593         /* Antennas for RX and management frame TX. */
3594         antenna = B43_ANTENNA_DEFAULT;
3595         b43_mgmtframe_txantenna(dev, antenna);
3596         antenna = B43_ANTENNA_DEFAULT;
3597         if (phy->ops->set_rx_antenna)
3598                 phy->ops->set_rx_antenna(dev, antenna);
3599
3600         if (wl->radio_enabled != phy->radio_on) {
3601                 if (wl->radio_enabled) {
3602                         b43_software_rfkill(dev, false);
3603                         b43info(dev->wl, "Radio turned on by software\n");
3604                         if (!dev->radio_hw_enable) {
3605                                 b43info(dev->wl, "The hardware RF-kill button "
3606                                         "still turns the radio physically off. "
3607                                         "Press the button to turn it on.\n");
3608                         }
3609                 } else {
3610                         b43_software_rfkill(dev, true);
3611                         b43info(dev->wl, "Radio turned off by software\n");
3612                 }
3613         }
3614
3615 out_mac_enable:
3616         b43_mac_enable(dev);
3617 out_unlock_mutex:
3618         mutex_unlock(&wl->mutex);
3619
3620         return err;
3621 }
3622
3623 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3624 {
3625         struct ieee80211_supported_band *sband =
3626                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3627         struct ieee80211_rate *rate;
3628         int i;
3629         u16 basic, direct, offset, basic_offset, rateptr;
3630
3631         for (i = 0; i < sband->n_bitrates; i++) {
3632                 rate = &sband->bitrates[i];
3633
3634                 if (b43_is_cck_rate(rate->hw_value)) {
3635                         direct = B43_SHM_SH_CCKDIRECT;
3636                         basic = B43_SHM_SH_CCKBASIC;
3637                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3638                         offset &= 0xF;
3639                 } else {
3640                         direct = B43_SHM_SH_OFDMDIRECT;
3641                         basic = B43_SHM_SH_OFDMBASIC;
3642                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3643                         offset &= 0xF;
3644                 }
3645
3646                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3647
3648                 if (b43_is_cck_rate(rate->hw_value)) {
3649                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3650                         basic_offset &= 0xF;
3651                 } else {
3652                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3653                         basic_offset &= 0xF;
3654                 }
3655
3656                 /*
3657                  * Get the pointer that we need to point to
3658                  * from the direct map
3659                  */
3660                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3661                                          direct + 2 * basic_offset);
3662                 /* and write it to the basic map */
3663                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3664                                 rateptr);
3665         }
3666 }
3667
3668 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3669                                     struct ieee80211_vif *vif,
3670                                     struct ieee80211_bss_conf *conf,
3671                                     u32 changed)
3672 {
3673         struct b43_wl *wl = hw_to_b43_wl(hw);
3674         struct b43_wldev *dev;
3675
3676         mutex_lock(&wl->mutex);
3677
3678         dev = wl->current_dev;
3679         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3680                 goto out_unlock_mutex;
3681
3682         B43_WARN_ON(wl->vif != vif);
3683
3684         if (changed & BSS_CHANGED_BSSID) {
3685                 if (conf->bssid)
3686                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3687                 else
3688                         memset(wl->bssid, 0, ETH_ALEN);
3689         }
3690
3691         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3692                 if (changed & BSS_CHANGED_BEACON &&
3693                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3694                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3695                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3696                         b43_update_templates(wl);
3697
3698                 if (changed & BSS_CHANGED_BSSID)
3699                         b43_write_mac_bssid_templates(dev);
3700         }
3701
3702         b43_mac_suspend(dev);
3703
3704         /* Update templates for AP/mesh mode. */
3705         if (changed & BSS_CHANGED_BEACON_INT &&
3706             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3707              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3708              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3709                 b43_set_beacon_int(dev, conf->beacon_int);
3710
3711         if (changed & BSS_CHANGED_BASIC_RATES)
3712                 b43_update_basic_rates(dev, conf->basic_rates);
3713
3714         if (changed & BSS_CHANGED_ERP_SLOT) {
3715                 if (conf->use_short_slot)
3716                         b43_short_slot_timing_enable(dev);
3717                 else
3718                         b43_short_slot_timing_disable(dev);
3719         }
3720
3721         b43_mac_enable(dev);
3722 out_unlock_mutex:
3723         mutex_unlock(&wl->mutex);
3724 }
3725
3726 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3727                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3728                           struct ieee80211_key_conf *key)
3729 {
3730         struct b43_wl *wl = hw_to_b43_wl(hw);
3731         struct b43_wldev *dev;
3732         u8 algorithm;
3733         u8 index;
3734         int err;
3735         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3736
3737         if (modparam_nohwcrypt)
3738                 return -ENOSPC; /* User disabled HW-crypto */
3739
3740         mutex_lock(&wl->mutex);
3741
3742         dev = wl->current_dev;
3743         err = -ENODEV;
3744         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3745                 goto out_unlock;
3746
3747         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3748                 /* We don't have firmware for the crypto engine.
3749                  * Must use software-crypto. */
3750                 err = -EOPNOTSUPP;
3751                 goto out_unlock;
3752         }
3753
3754         err = -EINVAL;
3755         switch (key->alg) {
3756         case ALG_WEP:
3757                 if (key->keylen == WLAN_KEY_LEN_WEP40)
3758                         algorithm = B43_SEC_ALGO_WEP40;
3759                 else
3760                         algorithm = B43_SEC_ALGO_WEP104;
3761                 break;
3762         case ALG_TKIP:
3763                 algorithm = B43_SEC_ALGO_TKIP;
3764                 break;
3765         case ALG_CCMP:
3766                 algorithm = B43_SEC_ALGO_AES;
3767                 break;
3768         default:
3769                 B43_WARN_ON(1);
3770                 goto out_unlock;
3771         }
3772         index = (u8) (key->keyidx);
3773         if (index > 3)
3774                 goto out_unlock;
3775
3776         switch (cmd) {
3777         case SET_KEY:
3778                 if (algorithm == B43_SEC_ALGO_TKIP &&
3779                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
3780                     !modparam_hwtkip)) {
3781                         /* We support only pairwise key */
3782                         err = -EOPNOTSUPP;
3783                         goto out_unlock;
3784                 }
3785
3786                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3787                         if (WARN_ON(!sta)) {
3788                                 err = -EOPNOTSUPP;
3789                                 goto out_unlock;
3790                         }
3791                         /* Pairwise key with an assigned MAC address. */
3792                         err = b43_key_write(dev, -1, algorithm,
3793                                             key->key, key->keylen,
3794                                             sta->addr, key);
3795                 } else {
3796                         /* Group key */
3797                         err = b43_key_write(dev, index, algorithm,
3798                                             key->key, key->keylen, NULL, key);
3799                 }
3800                 if (err)
3801                         goto out_unlock;
3802
3803                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3804                     algorithm == B43_SEC_ALGO_WEP104) {
3805                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3806                 } else {
3807                         b43_hf_write(dev,
3808                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3809                 }
3810                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3811                 if (algorithm == B43_SEC_ALGO_TKIP)
3812                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3813                 break;
3814         case DISABLE_KEY: {
3815                 err = b43_key_clear(dev, key->hw_key_idx);
3816                 if (err)
3817                         goto out_unlock;
3818                 break;
3819         }
3820         default:
3821                 B43_WARN_ON(1);
3822         }
3823
3824 out_unlock:
3825         if (!err) {
3826                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3827                        "mac: %pM\n",
3828                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3829                        sta ? sta->addr : bcast_addr);
3830                 b43_dump_keymemory(dev);
3831         }
3832         mutex_unlock(&wl->mutex);
3833
3834         return err;
3835 }
3836
3837 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3838                                     unsigned int changed, unsigned int *fflags,
3839                                     u64 multicast)
3840 {
3841         struct b43_wl *wl = hw_to_b43_wl(hw);
3842         struct b43_wldev *dev;
3843
3844         mutex_lock(&wl->mutex);
3845         dev = wl->current_dev;
3846         if (!dev) {
3847                 *fflags = 0;
3848                 goto out_unlock;
3849         }
3850
3851         *fflags &= FIF_PROMISC_IN_BSS |
3852                   FIF_ALLMULTI |
3853                   FIF_FCSFAIL |
3854                   FIF_PLCPFAIL |
3855                   FIF_CONTROL |
3856                   FIF_OTHER_BSS |
3857                   FIF_BCN_PRBRESP_PROMISC;
3858
3859         changed &= FIF_PROMISC_IN_BSS |
3860                    FIF_ALLMULTI |
3861                    FIF_FCSFAIL |
3862                    FIF_PLCPFAIL |
3863                    FIF_CONTROL |
3864                    FIF_OTHER_BSS |
3865                    FIF_BCN_PRBRESP_PROMISC;
3866
3867         wl->filter_flags = *fflags;
3868
3869         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3870                 b43_adjust_opmode(dev);
3871
3872 out_unlock:
3873         mutex_unlock(&wl->mutex);
3874 }
3875
3876 /* Locking: wl->mutex
3877  * Returns the current dev. This might be different from the passed in dev,
3878  * because the core might be gone away while we unlocked the mutex. */
3879 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
3880 {
3881         struct b43_wl *wl = dev->wl;
3882         struct b43_wldev *orig_dev;
3883         u32 mask;
3884
3885 redo:
3886         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3887                 return dev;
3888
3889         /* Cancel work. Unlock to avoid deadlocks. */
3890         mutex_unlock(&wl->mutex);
3891         cancel_delayed_work_sync(&dev->periodic_work);
3892         cancel_work_sync(&wl->tx_work);
3893         mutex_lock(&wl->mutex);
3894         dev = wl->current_dev;
3895         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
3896                 /* Whoops, aliens ate up the device while we were unlocked. */
3897                 return dev;
3898         }
3899
3900         /* Disable interrupts on the device. */
3901         b43_set_status(dev, B43_STAT_INITIALIZED);
3902         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3903                 /* wl->mutex is locked. That is enough. */
3904                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3905                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3906         } else {
3907                 spin_lock_irq(&wl->hardirq_lock);
3908                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3909                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3910                 spin_unlock_irq(&wl->hardirq_lock);
3911         }
3912         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
3913         orig_dev = dev;
3914         mutex_unlock(&wl->mutex);
3915         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3916                 b43_sdio_free_irq(dev);
3917         } else {
3918                 synchronize_irq(dev->dev->irq);
3919                 free_irq(dev->dev->irq, dev);
3920         }
3921         mutex_lock(&wl->mutex);
3922         dev = wl->current_dev;
3923         if (!dev)
3924                 return dev;
3925         if (dev != orig_dev) {
3926                 if (b43_status(dev) >= B43_STAT_STARTED)
3927                         goto redo;
3928                 return dev;
3929         }
3930         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
3931         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
3932
3933         /* Drain the TX queue */
3934         while (skb_queue_len(&wl->tx_queue))
3935                 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
3936
3937         b43_mac_suspend(dev);
3938         b43_leds_exit(dev);
3939         b43dbg(wl, "Wireless interface stopped\n");
3940
3941         return dev;
3942 }
3943
3944 /* Locking: wl->mutex */
3945 static int b43_wireless_core_start(struct b43_wldev *dev)
3946 {
3947         int err;
3948
3949         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3950
3951         drain_txstatus_queue(dev);
3952         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3953                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
3954                 if (err) {
3955                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
3956                         goto out;
3957                 }
3958         } else {
3959                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
3960                                            b43_interrupt_thread_handler,
3961                                            IRQF_SHARED, KBUILD_MODNAME, dev);
3962                 if (err) {
3963                         b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3964                         goto out;
3965                 }
3966         }
3967
3968         /* We are ready to run. */
3969         b43_set_status(dev, B43_STAT_STARTED);
3970
3971         /* Start data flow (TX/RX). */
3972         b43_mac_enable(dev);
3973         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3974
3975         /* Start maintainance work */
3976         b43_periodic_tasks_setup(dev);
3977
3978         b43_leds_init(dev);
3979
3980         b43dbg(dev->wl, "Wireless interface started\n");
3981 out:
3982         return err;
3983 }
3984
3985 /* Get PHY and RADIO versioning numbers */
3986 static int b43_phy_versioning(struct b43_wldev *dev)
3987 {
3988         struct b43_phy *phy = &dev->phy;
3989         u32 tmp;
3990         u8 analog_type;
3991         u8 phy_type;
3992         u8 phy_rev;
3993         u16 radio_manuf;
3994         u16 radio_ver;
3995         u16 radio_rev;
3996         int unsupported = 0;
3997
3998         /* Get PHY versioning */
3999         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4000         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4001         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4002         phy_rev = (tmp & B43_PHYVER_VERSION);
4003         switch (phy_type) {
4004         case B43_PHYTYPE_A:
4005                 if (phy_rev >= 4)
4006                         unsupported = 1;
4007                 break;
4008         case B43_PHYTYPE_B:
4009                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4010                     && phy_rev != 7)
4011                         unsupported = 1;
4012                 break;
4013         case B43_PHYTYPE_G:
4014                 if (phy_rev > 9)
4015                         unsupported = 1;
4016                 break;
4017 #ifdef CONFIG_B43_NPHY
4018         case B43_PHYTYPE_N:
4019                 if (phy_rev > 4)
4020                         unsupported = 1;
4021                 break;
4022 #endif
4023 #ifdef CONFIG_B43_PHY_LP
4024         case B43_PHYTYPE_LP:
4025                 if (phy_rev > 2)
4026                         unsupported = 1;
4027                 break;
4028 #endif
4029         default:
4030                 unsupported = 1;
4031         };
4032         if (unsupported) {
4033                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4034                        "(Analog %u, Type %u, Revision %u)\n",
4035                        analog_type, phy_type, phy_rev);
4036                 return -EOPNOTSUPP;
4037         }
4038         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4039                analog_type, phy_type, phy_rev);
4040
4041         /* Get RADIO versioning */
4042         if (dev->dev->bus->chip_id == 0x4317) {
4043                 if (dev->dev->bus->chip_rev == 0)
4044                         tmp = 0x3205017F;
4045                 else if (dev->dev->bus->chip_rev == 1)
4046                         tmp = 0x4205017F;
4047                 else
4048                         tmp = 0x5205017F;
4049         } else {
4050                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4051                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4052                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4053                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4054         }
4055         radio_manuf = (tmp & 0x00000FFF);
4056         radio_ver = (tmp & 0x0FFFF000) >> 12;
4057         radio_rev = (tmp & 0xF0000000) >> 28;
4058         if (radio_manuf != 0x17F /* Broadcom */)
4059                 unsupported = 1;
4060         switch (phy_type) {
4061         case B43_PHYTYPE_A:
4062                 if (radio_ver != 0x2060)
4063                         unsupported = 1;
4064                 if (radio_rev != 1)
4065                         unsupported = 1;
4066                 if (radio_manuf != 0x17F)
4067                         unsupported = 1;
4068                 break;
4069         case B43_PHYTYPE_B:
4070                 if ((radio_ver & 0xFFF0) != 0x2050)
4071                         unsupported = 1;
4072                 break;
4073         case B43_PHYTYPE_G:
4074                 if (radio_ver != 0x2050)
4075                         unsupported = 1;
4076                 break;
4077         case B43_PHYTYPE_N:
4078                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4079                         unsupported = 1;
4080                 break;
4081         case B43_PHYTYPE_LP:
4082                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4083                         unsupported = 1;
4084                 break;
4085         default:
4086                 B43_WARN_ON(1);
4087         }
4088         if (unsupported) {
4089                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4090                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4091                        radio_manuf, radio_ver, radio_rev);
4092                 return -EOPNOTSUPP;
4093         }
4094         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4095                radio_manuf, radio_ver, radio_rev);
4096
4097         phy->radio_manuf = radio_manuf;
4098         phy->radio_ver = radio_ver;
4099         phy->radio_rev = radio_rev;
4100
4101         phy->analog = analog_type;
4102         phy->type = phy_type;
4103         phy->rev = phy_rev;
4104
4105         return 0;
4106 }
4107
4108 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4109                                       struct b43_phy *phy)
4110 {
4111         phy->hardware_power_control = !!modparam_hwpctl;
4112         phy->next_txpwr_check_time = jiffies;
4113         /* PHY TX errors counter. */
4114         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4115
4116 #if B43_DEBUG
4117         phy->phy_locked = 0;
4118         phy->radio_locked = 0;
4119 #endif
4120 }
4121
4122 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4123 {
4124         dev->dfq_valid = 0;
4125
4126         /* Assume the radio is enabled. If it's not enabled, the state will
4127          * immediately get fixed on the first periodic work run. */
4128         dev->radio_hw_enable = 1;
4129
4130         /* Stats */
4131         memset(&dev->stats, 0, sizeof(dev->stats));
4132
4133         setup_struct_phy_for_init(dev, &dev->phy);
4134
4135         /* IRQ related flags */
4136         dev->irq_reason = 0;
4137         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4138         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4139         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4140                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4141
4142         dev->mac_suspended = 1;
4143
4144         /* Noise calculation context */
4145         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4146 }
4147
4148 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4149 {
4150         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
4151         u64 hf;
4152
4153         if (!modparam_btcoex)
4154                 return;
4155         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4156                 return;
4157         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4158                 return;
4159
4160         hf = b43_hf_read(dev);
4161         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4162                 hf |= B43_HF_BTCOEXALT;
4163         else
4164                 hf |= B43_HF_BTCOEX;
4165         b43_hf_write(dev, hf);
4166 }
4167
4168 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4169 {
4170         if (!modparam_btcoex)
4171                 return;
4172         //TODO
4173 }
4174
4175 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4176 {
4177 #ifdef CONFIG_SSB_DRIVER_PCICORE
4178         struct ssb_bus *bus = dev->dev->bus;
4179         u32 tmp;
4180
4181         if (bus->pcicore.dev &&
4182             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
4183             bus->pcicore.dev->id.revision <= 5) {
4184                 /* IMCFGLO timeouts workaround. */
4185                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
4186                 switch (bus->bustype) {
4187                 case SSB_BUSTYPE_PCI:
4188                 case SSB_BUSTYPE_PCMCIA:
4189                         tmp &= ~SSB_IMCFGLO_REQTO;
4190                         tmp &= ~SSB_IMCFGLO_SERTO;
4191                         tmp |= 0x32;
4192                         break;
4193                 case SSB_BUSTYPE_SSB:
4194                         tmp &= ~SSB_IMCFGLO_REQTO;
4195                         tmp &= ~SSB_IMCFGLO_SERTO;
4196                         tmp |= 0x53;
4197                         break;
4198                 default:
4199                         break;
4200                 }
4201                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
4202         }
4203 #endif /* CONFIG_SSB_DRIVER_PCICORE */
4204 }
4205
4206 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4207 {
4208         u16 pu_delay;
4209
4210         /* The time value is in microseconds. */
4211         if (dev->phy.type == B43_PHYTYPE_A)
4212                 pu_delay = 3700;
4213         else
4214                 pu_delay = 1050;
4215         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4216                 pu_delay = 500;
4217         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4218                 pu_delay = max(pu_delay, (u16)2400);
4219
4220         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4221 }
4222
4223 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4224 static void b43_set_pretbtt(struct b43_wldev *dev)
4225 {
4226         u16 pretbtt;
4227
4228         /* The time value is in microseconds. */
4229         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4230                 pretbtt = 2;
4231         } else {
4232                 if (dev->phy.type == B43_PHYTYPE_A)
4233                         pretbtt = 120;
4234                 else
4235                         pretbtt = 250;
4236         }
4237         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4238         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4239 }
4240
4241 /* Shutdown a wireless core */
4242 /* Locking: wl->mutex */
4243 static void b43_wireless_core_exit(struct b43_wldev *dev)
4244 {
4245         u32 macctl;
4246
4247         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4248         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4249                 return;
4250         b43_set_status(dev, B43_STAT_UNINIT);
4251
4252         /* Stop the microcode PSM. */
4253         macctl = b43_read32(dev, B43_MMIO_MACCTL);
4254         macctl &= ~B43_MACCTL_PSM_RUN;
4255         macctl |= B43_MACCTL_PSM_JMP0;
4256         b43_write32(dev, B43_MMIO_MACCTL, macctl);
4257
4258         b43_dma_free(dev);
4259         b43_pio_free(dev);
4260         b43_chip_exit(dev);
4261         dev->phy.ops->switch_analog(dev, 0);
4262         if (dev->wl->current_beacon) {
4263                 dev_kfree_skb_any(dev->wl->current_beacon);
4264                 dev->wl->current_beacon = NULL;
4265         }
4266
4267         ssb_device_disable(dev->dev, 0);
4268         ssb_bus_may_powerdown(dev->dev->bus);
4269 }
4270
4271 /* Initialize a wireless core */
4272 static int b43_wireless_core_init(struct b43_wldev *dev)
4273 {
4274         struct ssb_bus *bus = dev->dev->bus;
4275         struct ssb_sprom *sprom = &bus->sprom;
4276         struct b43_phy *phy = &dev->phy;
4277         int err;
4278         u64 hf;
4279         u32 tmp;
4280
4281         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4282
4283         err = ssb_bus_powerup(bus, 0);
4284         if (err)
4285                 goto out;
4286         if (!ssb_device_is_enabled(dev->dev)) {
4287                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4288                 b43_wireless_core_reset(dev, tmp);
4289         }
4290
4291         /* Reset all data structures. */
4292         setup_struct_wldev_for_init(dev);
4293         phy->ops->prepare_structs(dev);
4294
4295         /* Enable IRQ routing to this device. */
4296         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4297
4298         b43_imcfglo_timeouts_workaround(dev);
4299         b43_bluetooth_coext_disable(dev);
4300         if (phy->ops->prepare_hardware) {
4301                 err = phy->ops->prepare_hardware(dev);
4302                 if (err)
4303                         goto err_busdown;
4304         }
4305         err = b43_chip_init(dev);
4306         if (err)
4307                 goto err_busdown;
4308         b43_shm_write16(dev, B43_SHM_SHARED,
4309                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4310         hf = b43_hf_read(dev);
4311         if (phy->type == B43_PHYTYPE_G) {
4312                 hf |= B43_HF_SYMW;
4313                 if (phy->rev == 1)
4314                         hf |= B43_HF_GDCW;
4315                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4316                         hf |= B43_HF_OFDMPABOOST;
4317         }
4318         if (phy->radio_ver == 0x2050) {
4319                 if (phy->radio_rev == 6)
4320                         hf |= B43_HF_4318TSSI;
4321                 if (phy->radio_rev < 6)
4322                         hf |= B43_HF_VCORECALC;
4323         }
4324         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4325                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4326 #ifdef CONFIG_SSB_DRIVER_PCICORE
4327         if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4328             (bus->pcicore.dev->id.revision <= 10))
4329                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4330 #endif
4331         hf &= ~B43_HF_SKCFPUP;
4332         b43_hf_write(dev, hf);
4333
4334         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4335                              B43_DEFAULT_LONG_RETRY_LIMIT);
4336         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4337         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4338
4339         /* Disable sending probe responses from firmware.
4340          * Setting the MaxTime to one usec will always trigger
4341          * a timeout, so we never send any probe resp.
4342          * A timeout of zero is infinite. */
4343         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4344
4345         b43_rate_memory_init(dev);
4346         b43_set_phytxctl_defaults(dev);
4347
4348         /* Minimum Contention Window */
4349         if (phy->type == B43_PHYTYPE_B) {
4350                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4351         } else {
4352                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4353         }
4354         /* Maximum Contention Window */
4355         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4356
4357         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) ||
4358             (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) ||
4359             modparam_pio) {
4360                 dev->__using_pio_transfers = 1;
4361                 err = b43_pio_init(dev);
4362         } else {
4363                 dev->__using_pio_transfers = 0;
4364                 err = b43_dma_init(dev);
4365         }
4366         if (err)
4367                 goto err_chip_exit;
4368         b43_qos_init(dev);
4369         b43_set_synth_pu_delay(dev, 1);
4370         b43_bluetooth_coext_enable(dev);
4371
4372         ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4373         b43_upload_card_macaddress(dev);
4374         b43_security_init(dev);
4375
4376         ieee80211_wake_queues(dev->wl->hw);
4377
4378         ieee80211_wake_queues(dev->wl->hw);
4379
4380         b43_set_status(dev, B43_STAT_INITIALIZED);
4381
4382 out:
4383         return err;
4384
4385 err_chip_exit:
4386         b43_chip_exit(dev);
4387 err_busdown:
4388         ssb_bus_may_powerdown(bus);
4389         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4390         return err;
4391 }
4392
4393 static int b43_op_add_interface(struct ieee80211_hw *hw,
4394                                 struct ieee80211_vif *vif)
4395 {
4396         struct b43_wl *wl = hw_to_b43_wl(hw);
4397         struct b43_wldev *dev;
4398         int err = -EOPNOTSUPP;
4399
4400         /* TODO: allow WDS/AP devices to coexist */
4401
4402         if (vif->type != NL80211_IFTYPE_AP &&
4403             vif->type != NL80211_IFTYPE_MESH_POINT &&
4404             vif->type != NL80211_IFTYPE_STATION &&
4405             vif->type != NL80211_IFTYPE_WDS &&
4406             vif->type != NL80211_IFTYPE_ADHOC)
4407                 return -EOPNOTSUPP;
4408
4409         mutex_lock(&wl->mutex);
4410         if (wl->operating)
4411                 goto out_mutex_unlock;
4412
4413         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4414
4415         dev = wl->current_dev;
4416         wl->operating = 1;
4417         wl->vif = vif;
4418         wl->if_type = vif->type;
4419         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4420
4421         b43_adjust_opmode(dev);
4422         b43_set_pretbtt(dev);
4423         b43_set_synth_pu_delay(dev, 0);
4424         b43_upload_card_macaddress(dev);
4425
4426         err = 0;
4427  out_mutex_unlock:
4428         mutex_unlock(&wl->mutex);
4429
4430         return err;
4431 }
4432
4433 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4434                                     struct ieee80211_vif *vif)
4435 {
4436         struct b43_wl *wl = hw_to_b43_wl(hw);
4437         struct b43_wldev *dev = wl->current_dev;
4438
4439         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4440
4441         mutex_lock(&wl->mutex);
4442
4443         B43_WARN_ON(!wl->operating);
4444         B43_WARN_ON(wl->vif != vif);
4445         wl->vif = NULL;
4446
4447         wl->operating = 0;
4448
4449         b43_adjust_opmode(dev);
4450         memset(wl->mac_addr, 0, ETH_ALEN);
4451         b43_upload_card_macaddress(dev);
4452
4453         mutex_unlock(&wl->mutex);
4454 }
4455
4456 static int b43_op_start(struct ieee80211_hw *hw)
4457 {
4458         struct b43_wl *wl = hw_to_b43_wl(hw);
4459         struct b43_wldev *dev = wl->current_dev;
4460         int did_init = 0;
4461         int err = 0;
4462
4463         /* Kill all old instance specific information to make sure
4464          * the card won't use it in the short timeframe between start
4465          * and mac80211 reconfiguring it. */
4466         memset(wl->bssid, 0, ETH_ALEN);
4467         memset(wl->mac_addr, 0, ETH_ALEN);
4468         wl->filter_flags = 0;
4469         wl->radiotap_enabled = 0;
4470         b43_qos_clear(wl);
4471         wl->beacon0_uploaded = 0;
4472         wl->beacon1_uploaded = 0;
4473         wl->beacon_templates_virgin = 1;
4474         wl->radio_enabled = 1;
4475
4476         mutex_lock(&wl->mutex);
4477
4478         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4479                 err = b43_wireless_core_init(dev);
4480                 if (err)
4481                         goto out_mutex_unlock;
4482                 did_init = 1;
4483         }
4484
4485         if (b43_status(dev) < B43_STAT_STARTED) {
4486                 err = b43_wireless_core_start(dev);
4487                 if (err) {
4488                         if (did_init)
4489                                 b43_wireless_core_exit(dev);
4490                         goto out_mutex_unlock;
4491                 }
4492         }
4493
4494         /* XXX: only do if device doesn't support rfkill irq */
4495         wiphy_rfkill_start_polling(hw->wiphy);
4496
4497  out_mutex_unlock:
4498         mutex_unlock(&wl->mutex);
4499
4500         return err;
4501 }
4502
4503 static void b43_op_stop(struct ieee80211_hw *hw)
4504 {
4505         struct b43_wl *wl = hw_to_b43_wl(hw);
4506         struct b43_wldev *dev = wl->current_dev;
4507
4508         cancel_work_sync(&(wl->beacon_update_trigger));
4509
4510         mutex_lock(&wl->mutex);
4511         if (b43_status(dev) >= B43_STAT_STARTED) {
4512                 dev = b43_wireless_core_stop(dev);
4513                 if (!dev)
4514                         goto out_unlock;
4515         }
4516         b43_wireless_core_exit(dev);
4517         wl->radio_enabled = 0;
4518
4519 out_unlock:
4520         mutex_unlock(&wl->mutex);
4521
4522         cancel_work_sync(&(wl->txpower_adjust_work));
4523 }
4524
4525 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4526                                  struct ieee80211_sta *sta, bool set)
4527 {
4528         struct b43_wl *wl = hw_to_b43_wl(hw);
4529
4530         /* FIXME: add locking */
4531         b43_update_templates(wl);
4532
4533         return 0;
4534 }
4535
4536 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4537                               struct ieee80211_vif *vif,
4538                               enum sta_notify_cmd notify_cmd,
4539                               struct ieee80211_sta *sta)
4540 {
4541         struct b43_wl *wl = hw_to_b43_wl(hw);
4542
4543         B43_WARN_ON(!vif || wl->vif != vif);
4544 }
4545
4546 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4547 {
4548         struct b43_wl *wl = hw_to_b43_wl(hw);
4549         struct b43_wldev *dev;
4550
4551         mutex_lock(&wl->mutex);
4552         dev = wl->current_dev;
4553         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4554                 /* Disable CFP update during scan on other channels. */
4555                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4556         }
4557         mutex_unlock(&wl->mutex);
4558 }
4559
4560 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4561 {
4562         struct b43_wl *wl = hw_to_b43_wl(hw);
4563         struct b43_wldev *dev;
4564
4565         mutex_lock(&wl->mutex);
4566         dev = wl->current_dev;
4567         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4568                 /* Re-enable CFP update. */
4569                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4570         }
4571         mutex_unlock(&wl->mutex);
4572 }
4573
4574 static const struct ieee80211_ops b43_hw_ops = {
4575         .tx                     = b43_op_tx,
4576         .conf_tx                = b43_op_conf_tx,
4577         .add_interface          = b43_op_add_interface,
4578         .remove_interface       = b43_op_remove_interface,
4579         .config                 = b43_op_config,
4580         .bss_info_changed       = b43_op_bss_info_changed,
4581         .configure_filter       = b43_op_configure_filter,
4582         .set_key                = b43_op_set_key,
4583         .update_tkip_key        = b43_op_update_tkip_key,
4584         .get_stats              = b43_op_get_stats,
4585         .get_tx_stats           = b43_op_get_tx_stats,
4586         .get_tsf                = b43_op_get_tsf,
4587         .set_tsf                = b43_op_set_tsf,
4588         .start                  = b43_op_start,
4589         .stop                   = b43_op_stop,
4590         .set_tim                = b43_op_beacon_set_tim,
4591         .sta_notify             = b43_op_sta_notify,
4592         .sw_scan_start          = b43_op_sw_scan_start_notifier,
4593         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
4594         .rfkill_poll            = b43_rfkill_poll,
4595 };
4596
4597 /* Hard-reset the chip. Do not call this directly.
4598  * Use b43_controller_restart()
4599  */
4600 static void b43_chip_reset(struct work_struct *work)
4601 {
4602         struct b43_wldev *dev =
4603             container_of(work, struct b43_wldev, restart_work);
4604         struct b43_wl *wl = dev->wl;
4605         int err = 0;
4606         int prev_status;
4607
4608         mutex_lock(&wl->mutex);
4609
4610         prev_status = b43_status(dev);
4611         /* Bring the device down... */
4612         if (prev_status >= B43_STAT_STARTED) {
4613                 dev = b43_wireless_core_stop(dev);
4614                 if (!dev) {
4615                         err = -ENODEV;
4616                         goto out;
4617                 }
4618         }
4619         if (prev_status >= B43_STAT_INITIALIZED)
4620                 b43_wireless_core_exit(dev);
4621
4622         /* ...and up again. */
4623         if (prev_status >= B43_STAT_INITIALIZED) {
4624                 err = b43_wireless_core_init(dev);
4625                 if (err)
4626                         goto out;
4627         }
4628         if (prev_status >= B43_STAT_STARTED) {
4629                 err = b43_wireless_core_start(dev);
4630                 if (err) {
4631                         b43_wireless_core_exit(dev);
4632                         goto out;
4633                 }
4634         }
4635 out:
4636         if (err)
4637                 wl->current_dev = NULL; /* Failed to init the dev. */
4638         mutex_unlock(&wl->mutex);
4639         if (err)
4640                 b43err(wl, "Controller restart FAILED\n");
4641         else
4642                 b43info(wl, "Controller restarted\n");
4643 }
4644
4645 static int b43_setup_bands(struct b43_wldev *dev,
4646                            bool have_2ghz_phy, bool have_5ghz_phy)
4647 {
4648         struct ieee80211_hw *hw = dev->wl->hw;
4649
4650         if (have_2ghz_phy)
4651                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4652         if (dev->phy.type == B43_PHYTYPE_N) {
4653                 if (have_5ghz_phy)
4654                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4655         } else {
4656                 if (have_5ghz_phy)
4657                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4658         }
4659
4660         dev->phy.supports_2ghz = have_2ghz_phy;
4661         dev->phy.supports_5ghz = have_5ghz_phy;
4662
4663         return 0;
4664 }
4665
4666 static void b43_wireless_core_detach(struct b43_wldev *dev)
4667 {
4668         /* We release firmware that late to not be required to re-request
4669          * is all the time when we reinit the core. */
4670         b43_release_firmware(dev);
4671         b43_phy_free(dev);
4672 }
4673
4674 static int b43_wireless_core_attach(struct b43_wldev *dev)
4675 {
4676         struct b43_wl *wl = dev->wl;
4677         struct ssb_bus *bus = dev->dev->bus;
4678         struct pci_dev *pdev = (bus->bustype == SSB_BUSTYPE_PCI) ? bus->host_pci : NULL;
4679         int err;
4680         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4681         u32 tmp;
4682
4683         /* Do NOT do any device initialization here.
4684          * Do it in wireless_core_init() instead.
4685          * This function is for gathering basic information about the HW, only.
4686          * Also some structs may be set up here. But most likely you want to have
4687          * that in core_init(), too.
4688          */
4689
4690         err = ssb_bus_powerup(bus, 0);
4691         if (err) {
4692                 b43err(wl, "Bus powerup failed\n");
4693                 goto out;
4694         }
4695         /* Get the PHY type. */
4696         if (dev->dev->id.revision >= 5) {
4697                 u32 tmshigh;
4698
4699                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4700                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4701                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4702         } else
4703                 B43_WARN_ON(1);
4704
4705         dev->phy.gmode = have_2ghz_phy;
4706         dev->phy.radio_on = 1;
4707         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4708         b43_wireless_core_reset(dev, tmp);
4709
4710         err = b43_phy_versioning(dev);
4711         if (err)
4712                 goto err_powerdown;
4713         /* Check if this device supports multiband. */
4714         if (!pdev ||
4715             (pdev->device != 0x4312 &&
4716              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4717                 /* No multiband support. */
4718                 have_2ghz_phy = 0;
4719                 have_5ghz_phy = 0;
4720                 switch (dev->phy.type) {
4721                 case B43_PHYTYPE_A:
4722                         have_5ghz_phy = 1;
4723                         break;
4724                 case B43_PHYTYPE_LP: //FIXME not always!
4725 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
4726                         have_5ghz_phy = 1;
4727 #endif
4728                 case B43_PHYTYPE_G:
4729                 case B43_PHYTYPE_N:
4730                         have_2ghz_phy = 1;
4731                         break;
4732                 default:
4733                         B43_WARN_ON(1);
4734                 }
4735         }
4736         if (dev->phy.type == B43_PHYTYPE_A) {
4737                 /* FIXME */
4738                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4739                 err = -EOPNOTSUPP;
4740                 goto err_powerdown;
4741         }
4742         if (1 /* disable A-PHY */) {
4743                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4744                 if (dev->phy.type != B43_PHYTYPE_N &&
4745                     dev->phy.type != B43_PHYTYPE_LP) {
4746                         have_2ghz_phy = 1;
4747                         have_5ghz_phy = 0;
4748                 }
4749         }
4750
4751         err = b43_phy_allocate(dev);
4752         if (err)
4753                 goto err_powerdown;
4754
4755         dev->phy.gmode = have_2ghz_phy;
4756         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4757         b43_wireless_core_reset(dev, tmp);
4758
4759         err = b43_validate_chipaccess(dev);
4760         if (err)
4761                 goto err_phy_free;
4762         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4763         if (err)
4764                 goto err_phy_free;
4765
4766         /* Now set some default "current_dev" */
4767         if (!wl->current_dev)
4768                 wl->current_dev = dev;
4769         INIT_WORK(&dev->restart_work, b43_chip_reset);
4770
4771         dev->phy.ops->switch_analog(dev, 0);
4772         ssb_device_disable(dev->dev, 0);
4773         ssb_bus_may_powerdown(bus);
4774
4775 out:
4776         return err;
4777
4778 err_phy_free:
4779         b43_phy_free(dev);
4780 err_powerdown:
4781         ssb_bus_may_powerdown(bus);
4782         return err;
4783 }
4784
4785 static void b43_one_core_detach(struct ssb_device *dev)
4786 {
4787         struct b43_wldev *wldev;
4788         struct b43_wl *wl;
4789
4790         /* Do not cancel ieee80211-workqueue based work here.
4791          * See comment in b43_remove(). */
4792
4793         wldev = ssb_get_drvdata(dev);
4794         wl = wldev->wl;
4795         b43_debugfs_remove_device(wldev);
4796         b43_wireless_core_detach(wldev);
4797         list_del(&wldev->list);
4798         wl->nr_devs--;
4799         ssb_set_drvdata(dev, NULL);
4800         kfree(wldev);
4801 }
4802
4803 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4804 {
4805         struct b43_wldev *wldev;
4806         struct pci_dev *pdev;
4807         int err = -ENOMEM;
4808
4809         if (!list_empty(&wl->devlist)) {
4810                 /* We are not the first core on this chip. */
4811                 pdev = (dev->bus->bustype == SSB_BUSTYPE_PCI) ? dev->bus->host_pci : NULL;
4812                 /* Only special chips support more than one wireless
4813                  * core, although some of the other chips have more than
4814                  * one wireless core as well. Check for this and
4815                  * bail out early.
4816                  */
4817                 if (!pdev ||
4818                     ((pdev->device != 0x4321) &&
4819                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4820                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4821                         return -ENODEV;
4822                 }
4823         }
4824
4825         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4826         if (!wldev)
4827                 goto out;
4828
4829         wldev->dev = dev;
4830         wldev->wl = wl;
4831         b43_set_status(wldev, B43_STAT_UNINIT);
4832         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4833         INIT_LIST_HEAD(&wldev->list);
4834
4835         err = b43_wireless_core_attach(wldev);
4836         if (err)
4837                 goto err_kfree_wldev;
4838
4839         list_add(&wldev->list, &wl->devlist);
4840         wl->nr_devs++;
4841         ssb_set_drvdata(dev, wldev);
4842         b43_debugfs_add_device(wldev);
4843
4844       out:
4845         return err;
4846
4847       err_kfree_wldev:
4848         kfree(wldev);
4849         return err;
4850 }
4851
4852 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4853         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4854         (pdev->device == _device) &&                                    \
4855         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4856         (pdev->subsystem_device == _subdevice)                          )
4857
4858 static void b43_sprom_fixup(struct ssb_bus *bus)
4859 {
4860         struct pci_dev *pdev;
4861
4862         /* boardflags workarounds */
4863         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4864             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4865                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4866         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4867             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4868                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4869         if (bus->bustype == SSB_BUSTYPE_PCI) {
4870                 pdev = bus->host_pci;
4871                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4872                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
4873                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
4874                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4875                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4876                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4877                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4878                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4879         }
4880 }
4881
4882 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4883 {
4884         struct ieee80211_hw *hw = wl->hw;
4885
4886         ssb_set_devtypedata(dev, NULL);
4887         ieee80211_free_hw(hw);
4888 }
4889
4890 static int b43_wireless_init(struct ssb_device *dev)
4891 {
4892         struct ssb_sprom *sprom = &dev->bus->sprom;
4893         struct ieee80211_hw *hw;
4894         struct b43_wl *wl;
4895         int err = -ENOMEM;
4896
4897         b43_sprom_fixup(dev->bus);
4898
4899         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4900         if (!hw) {
4901                 b43err(NULL, "Could not allocate ieee80211 device\n");
4902                 goto out;
4903         }
4904         wl = hw_to_b43_wl(hw);
4905
4906         /* fill hw info */
4907         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4908                     IEEE80211_HW_SIGNAL_DBM |
4909                     IEEE80211_HW_NOISE_DBM;
4910
4911         hw->wiphy->interface_modes =
4912                 BIT(NL80211_IFTYPE_AP) |
4913                 BIT(NL80211_IFTYPE_MESH_POINT) |
4914                 BIT(NL80211_IFTYPE_STATION) |
4915                 BIT(NL80211_IFTYPE_WDS) |
4916                 BIT(NL80211_IFTYPE_ADHOC);
4917
4918         hw->queues = modparam_qos ? 4 : 1;
4919         wl->mac80211_initially_registered_queues = hw->queues;
4920         hw->max_rates = 2;
4921         SET_IEEE80211_DEV(hw, dev->dev);
4922         if (is_valid_ether_addr(sprom->et1mac))
4923                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4924         else
4925                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4926
4927         /* Initialize struct b43_wl */
4928         wl->hw = hw;
4929         mutex_init(&wl->mutex);
4930         spin_lock_init(&wl->hardirq_lock);
4931         INIT_LIST_HEAD(&wl->devlist);
4932         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4933         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4934         INIT_WORK(&wl->tx_work, b43_tx_work);
4935         skb_queue_head_init(&wl->tx_queue);
4936
4937         ssb_set_devtypedata(dev, wl);
4938         b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4939                 dev->bus->chip_id, dev->id.revision);
4940         err = 0;
4941 out:
4942         return err;
4943 }
4944
4945 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4946 {
4947         struct b43_wl *wl;
4948         int err;
4949         int first = 0;
4950
4951         wl = ssb_get_devtypedata(dev);
4952         if (!wl) {
4953                 /* Probing the first core. Must setup common struct b43_wl */
4954                 first = 1;
4955                 err = b43_wireless_init(dev);
4956                 if (err)
4957                         goto out;
4958                 wl = ssb_get_devtypedata(dev);
4959                 B43_WARN_ON(!wl);
4960         }
4961         err = b43_one_core_attach(dev, wl);
4962         if (err)
4963                 goto err_wireless_exit;
4964
4965         if (first) {
4966                 err = ieee80211_register_hw(wl->hw);
4967                 if (err)
4968                         goto err_one_core_detach;
4969                 b43_leds_register(wl->current_dev);
4970                 b43_rng_init(wl);
4971         }
4972
4973       out:
4974         return err;
4975
4976       err_one_core_detach:
4977         b43_one_core_detach(dev);
4978       err_wireless_exit:
4979         if (first)
4980                 b43_wireless_exit(dev, wl);
4981         return err;
4982 }
4983
4984 static void b43_remove(struct ssb_device *dev)
4985 {
4986         struct b43_wl *wl = ssb_get_devtypedata(dev);
4987         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4988
4989         /* We must cancel any work here before unregistering from ieee80211,
4990          * as the ieee80211 unreg will destroy the workqueue. */
4991         cancel_work_sync(&wldev->restart_work);
4992
4993         B43_WARN_ON(!wl);
4994         if (wl->current_dev == wldev) {
4995                 /* Restore the queues count before unregistering, because firmware detect
4996                  * might have modified it. Restoring is important, so the networking
4997                  * stack can properly free resources. */
4998                 wl->hw->queues = wl->mac80211_initially_registered_queues;
4999                 b43_leds_stop(wldev);
5000                 ieee80211_unregister_hw(wl->hw);
5001         }
5002
5003         b43_one_core_detach(dev);
5004
5005         if (list_empty(&wl->devlist)) {
5006                 b43_rng_exit(wl);
5007                 b43_leds_unregister(wl);
5008                 /* Last core on the chip unregistered.
5009                  * We can destroy common struct b43_wl.
5010                  */
5011                 b43_wireless_exit(dev, wl);
5012         }
5013 }
5014
5015 /* Perform a hardware reset. This can be called from any context. */
5016 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5017 {
5018         /* Must avoid requeueing, if we are in shutdown. */
5019         if (b43_status(dev) < B43_STAT_INITIALIZED)
5020                 return;
5021         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5022         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5023 }
5024
5025 static struct ssb_driver b43_ssb_driver = {
5026         .name           = KBUILD_MODNAME,
5027         .id_table       = b43_ssb_tbl,
5028         .probe          = b43_probe,
5029         .remove         = b43_remove,
5030 };
5031
5032 static void b43_print_driverinfo(void)
5033 {
5034         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5035                    *feat_leds = "", *feat_sdio = "";
5036
5037 #ifdef CONFIG_B43_PCI_AUTOSELECT
5038         feat_pci = "P";
5039 #endif
5040 #ifdef CONFIG_B43_PCMCIA
5041         feat_pcmcia = "M";
5042 #endif
5043 #ifdef CONFIG_B43_NPHY
5044         feat_nphy = "N";
5045 #endif
5046 #ifdef CONFIG_B43_LEDS
5047         feat_leds = "L";
5048 #endif
5049 #ifdef CONFIG_B43_SDIO
5050         feat_sdio = "S";
5051 #endif
5052         printk(KERN_INFO "Broadcom 43xx driver loaded "
5053                "[ Features: %s%s%s%s%s, Firmware-ID: "
5054                B43_SUPPORTED_FIRMWARE_ID " ]\n",
5055                feat_pci, feat_pcmcia, feat_nphy,
5056                feat_leds, feat_sdio);
5057 }
5058
5059 static int __init b43_init(void)
5060 {
5061         int err;
5062
5063         b43_debugfs_init();
5064         err = b43_pcmcia_init();
5065         if (err)
5066                 goto err_dfs_exit;
5067         err = b43_sdio_init();
5068         if (err)
5069                 goto err_pcmcia_exit;
5070         err = ssb_driver_register(&b43_ssb_driver);
5071         if (err)
5072                 goto err_sdio_exit;
5073         b43_print_driverinfo();
5074
5075         return err;
5076
5077 err_sdio_exit:
5078         b43_sdio_exit();
5079 err_pcmcia_exit:
5080         b43_pcmcia_exit();
5081 err_dfs_exit:
5082         b43_debugfs_exit();
5083         return err;
5084 }
5085
5086 static void __exit b43_exit(void)
5087 {
5088         ssb_driver_unregister(&b43_ssb_driver);
5089         b43_sdio_exit();
5090         b43_pcmcia_exit();
5091         b43_debugfs_exit();
5092 }
5093
5094 module_init(b43_init)
5095 module_exit(b43_exit)